adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

2936 Commits

Author SHA1 Message Date
Gaurav Jain 184ed3a162 Add suggested changes 2024-02-09 02:22:20 +05:30
Gaurav Jain 4dc21bae45 Merge branch 'rapid7:master' into manageengine 2024-02-08 15:11:15 +05:30
Gaurav Jain 25804edbf4 Add java targets for manageengine cve-2022-47966 modules 2024-02-08 01:55:52 +05:30
Jack Heysel 85974d16c2 Land #18769, Add Cacti RCE via SQLi Module 
This exploit module leverages a SQLi (CVE-2023-49085) and
a LFI (CVE-2023-49084) vulnerability in Cacti versions prior
to 1.2.26 to achieve RCE
 2024-02-02 11:46:10 -05:00
Christophe De La Fuente b91648f065 Fix typos 2024-02-02 11:45:51 +01:00
Christophe De La Fuente 1ff1302df7 Use exceptions instead of returning a boolean in do_login 2024-02-02 11:39:13 +01:00
Jack Heysel be2d2d61ca Land #18762, Add exploit module for CVE-2024-0204 
This pull request adds an exploit module for CVE-2024-0204
in Fortra GoAnywhere MFT. GoAnywhere MFT versions 6.x from
6.0.1, and 7.x before 7.4.1 are vulnerable.
 2024-02-01 22:36:32 -05:00
sfewer-r7 b259c5d6a7 store the credentials we create in the DB 2024-02-01 19:48:01 +00:00
sfewer-r7 612feac5f1 add in vendor advisory URL 2024-02-01 19:47:23 +00:00
Christophe De La Fuente 81eba7a6e7 Use FileDropper mixin and fix typo 2024-02-01 17:23:05 +01:00
Christophe De La Fuente 5054b3bfd0 Add methods to get the version and the CSRF token 2024-02-01 12:31:01 +01:00
Stephen Fewer a867793870 Update modules/exploits/multi/http/fortra_goanywhere_mft_rce_cve_2024_0204.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-02-01 09:05:02 +00:00
Stephen Fewer 546de49bec Update modules/exploits/multi/http/fortra_goanywhere_mft_rce_cve_2024_0204.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-02-01 09:04:49 +00:00
Stephen Fewer 6e4294c013 Update modules/exploits/multi/http/fortra_goanywhere_mft_rce_cve_2024_0204.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-02-01 09:04:26 +00:00
Christophe De La Fuente f10619d870 Add module and documentation 2024-01-30 12:52:02 +01:00
Spencer McIntyre 577898d91b Check the response when exploiting 2024-01-29 14:38:49 -05:00
sfewer-r7 c70092a2c7 bugfix a copy pasta whereby a path seperator was not being added as expected 2024-01-29 17:52:37 +00:00
sfewer-r7 08a19959fe add an RCE exploit module for CVE-2024-0204 in Fortra GoAnywhere MFT 2024-01-29 17:17:45 +00:00
Spencer McIntyre b5de25a2b6 Fingerprint the target as Mirth Connect first 2024-01-29 12:11:38 -05:00
Spencer McIntyre 8a793dd1b0 Use the correct exploit and use sh instead of bash 2024-01-29 09:03:25 -05:00
Spencer McIntyre 9e41825e51 Finish up the exploit 
Tested on Linux (versions 4.1.1, 4.3.0, and 4.4.0) and Windows (version
4.4.0).
 2024-01-26 17:20:54 -05:00
Spencer McIntyre 530d58de49 Initial commit of NextGen Connect RCEs 2024-01-26 14:50:33 -05:00
Jack Heysel fe84c0dff7 Land #18734, Add exploit for CVE-2023-22527 
This adds an exploit for CVE-2023-22527 which is an
unauthenticated RCE in Atlassian Confluence. The
vulnerability is due to an SSTI flaw that allows an
OGNL expression to be evaluated.
 2024-01-25 14:15:10 -05:00
Spencer McIntyre 96241b3a6e Keep version detection consistent 2024-01-25 13:50:34 -05:00
Spencer McIntyre 49532613e5 Implement some feedback from the review 2024-01-25 09:20:17 -05:00
Spencer McIntyre deabf9b1d8 Add module docs 2024-01-24 12:49:27 -05:00
adfoster-r7 094d6ee36b Add additional reliability and stability notes to modules 2024-01-22 23:29:57 +00:00
Spencer McIntyre b8a0e33ce3 Initial exploit for CVE-2023-22527 2024-01-22 17:06:29 -05:00
ekalinichev-r7 847a72c417 Land #18638, add exploit for CVE-2022-42889 Apache Commons Text RCE 2024-01-19 13:02:53 +01:00
Gaurav Jain fd3ca96988 Update splunk cve-2023-32707 to use splunk library 2024-01-19 01:56:15 +05:30
Christophe De La Fuente b8aa55c322 Land #18633, WordPress Backup Migration Plugin PHP Filter Chain RCE (CVE-2023-6553) 2024-01-17 18:42:52 +01:00
Jack Heysel 607a2789d0 Revert "Changed payload double quote to single" 
This reverts commit f1586f08c3.
 2024-01-16 14:49:22 -05:00
Jack Heysel f1586f08c3 Changed payload double quote to single 2024-01-15 12:09:41 -05:00
Jack Heysel 5e25a99700 Responded to comments 2024-01-12 13:08:32 -05:00
Jack Heysel 6d8666e35b Fixed spacing and removed unused method 2024-01-11 13:13:57 -05:00
Jack Heysel cdc66dd91f Last minute fix 2024-01-11 12:56:01 -05:00
Jack Heysel e44b57249d Merge branch 'wp-backup-migration-php-filter' of github.com:jheysel-r7/metasploit-framework into wp-backup-migration-php-filter 2024-01-11 12:30:42 -05:00
Jack Heysel 5c7061cc0c Remove OS dependant payload 2024-01-11 12:30:04 -05:00
jheysel-r7 43f4705e60 Apply suggestions from code review 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-01-09 12:37:59 -05:00
Gaurav Jain 98667edf76 Add suggested changes 2024-01-05 22:31:51 +05:30
bwatters cdfa421d15 Land #18515, Add java target for ManageEngine ServiceDesk Plus CVE-2022-47966 
Merge branch 'land-18515' into upstream-master
 2024-01-04 17:25:08 -06:00
Gaurav Jain d0beea91bd Add exploit for CVE-2022-42889 2023-12-25 00:43:50 +05:30
Jack Heysel eeb74cd5e1 Updated metadata 2023-12-20 16:49:45 -05:00
Jack Heysel e3062d45e0 Module working docs updated 2023-12-20 16:41:52 -05:00
Jack Heysel c895364675 Initial commit, files created 2023-12-18 19:26:14 -05:00
Christophe De La Fuente 45d2c7f4e0 Land #18566, CVE-2023-22518: Confluence Auth Bypass Restore From Backup RCE 2023-12-18 18:51:36 +01:00
Jack Heysel c1459df10f Check method improvement 2023-12-14 12:42:23 -05:00
jheysel-r7 a14b28e941 Update modules/exploits/multi/http/atlassian_confluence_unauth_backup.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2023-12-14 11:55:48 -05:00
Jack Heysel 862194d63f Documentation and rubocop changes 2023-12-11 19:01:35 -05:00
Jack Heysel 61414fab27 Refactored module to use mixin 2023-12-11 18:24:37 -05:00