adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

2936 Commits

Author SHA1 Message Date
Valentin Lobstein fc35a116bb Update modules/exploits/multi/http/wp_royal_elementor_addons_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-11-28 08:15:27 +01:00
Balgogan e1b3c56de8 Add reference 2023-11-23 19:27:11 +01:00
Balgogan 65ea1188e2 Add suggested changes 2023-11-23 18:22:36 +01:00
Balgogan 31daaf58fe Add wp_royal_elementor_addons_rce 2023-11-23 05:15:28 +01:00
Jack Heysel 397b9971a3 Clean up started 2023-11-22 21:06:55 -05:00
Jack Heysel c0be4c2f72 working end to end unix confluence 7.18 2023-11-22 19:49:38 -05:00
Jack Heysel e6e2106140 Auth bypass, auth, shell upload, working 2023-11-21 22:14:27 -05:00
Gaurav Jain 6056081de5 Change status message upon completion of exploit 2023-11-10 05:28:10 +05:30
Gaurav Jain 8301e6c766 Use Rex::RandomIdentifier::Generator to generate payload variables names 2023-11-10 05:25:59 +05:30
Gaurav Jain b9c65d5b75 Delete log entries on target 2023-11-06 02:00:25 +05:30
Gaurav Jain ba196b4264 Handle serving of payloads for different targets 2023-11-06 01:57:44 +05:30
Gaurav Jain 9bd819e2d7 Add java in-memory target for manageengine servicedesk exploit 2023-10-30 20:12:37 +05:30
Zach Goldman d960aa522c Land #18348, Splunk account take over (CVE-2023-32707) leading to RCE 2023-10-26 11:34:02 -04:00
Heyder Andrade e5e58bc0be Update modules/exploits/multi/http/splunk_privilege_escalation_cve_2023_32707.rb 
Co-authored-by: Zach Goldman <106169455+zgoldman-r7@users.noreply.github.com>
 2023-10-26 14:03:06 +02:00
Heyder Andrade c0af43c10b Update modules/exploits/multi/http/splunk_privilege_escalation_cve_2023_32707.rb 
Co-authored-by: Zach Goldman <106169455+zgoldman-r7@users.noreply.github.com>
 2023-10-25 11:02:30 +02:00
Heyder Andrade 5e19c8fd88 Update splunk_privilege_escalation_cve_2023_32707.rb 2023-10-24 14:44:27 +02:00
Christophe De La Fuente da9d04d32d Land #18461, CVE-2023-22515 - Atlassian Confluence unauthenticated RCE 2023-10-19 10:22:57 +02:00
sfewer-r7 5e84f57ab3 set :random to true during generate_jar so we can randomize teh metasploit class path 2023-10-18 09:53:46 +01:00
sfewer-r7 fcffd36af0 no need to test for true, jsut return the value as we are waiting for done to be set to true 2023-10-18 09:37:04 +01:00
sfewer-r7 9fdbccb74f catch a JSON ParserError exception and fail_with() if needed. Also detect if the JSON data doesnt have the expected value and fail_with() if needed 2023-10-18 09:36:02 +01:00
sfewer-r7 34107e4f3b favod over for string concatenation. 2023-10-17 11:36:07 +01:00
sfewer-r7 0fc35bf6d3 randomize the plugins version number 2023-10-17 10:01:02 +01:00
sfewer-r7 415bd49b15 use next semantics to return from a yielded block early (note we cannot use return for this) 2023-10-17 09:43:00 +01:00
sfewer-r7 54f334479a fix another typo 2023-10-17 09:30:52 +01:00
sfewer-r7 9e6e9538e1 typo 2023-10-17 09:29:38 +01:00
sfewer-r7 d2438bad4e add a note to explain we need to concat a trailing forward slash 2023-10-17 09:28:04 +01:00
sfewer-r7 4acdaf3087 typos 2023-10-17 09:22:09 +01:00
sfewer-r7 d17f065f12 remove 'localhost' in favor of some random chars 2023-10-17 09:21:28 +01:00
sfewer-r7 3242a7009b clarify timeout is in seconds 2023-10-17 09:11:05 +01:00
sfewer-r7 b97cb9f63d remove whitespace 2023-10-17 09:10:28 +01:00
sfewer-r7 1c027ac05c add an RCE exploit for CVE-2023-22515 2023-10-16 20:50:18 +01:00
Spencer McIntyre 86b7ec4518 Address comments from the review 2023-10-12 09:50:19 -04:00
Spencer McIntyre 4f734379d3 Add module docs and print some messages 2023-10-12 09:27:26 -04:00
Spencer McIntyre 0799f9d860 Add a check method and populate module metadata 2023-10-12 09:27:26 -04:00
Spencer McIntyre 7a226ba285 Randomize components in the MAR file 2023-10-12 09:27:26 -04:00
Spencer McIntyre 5a6dc7f9a6 Initial commit of CVE-2023-43654 2023-10-12 09:27:26 -04:00
Spencer McIntyre e7ab983279 Minor code changes 
Changes include:
  * Remove the PAYLOAD key which didn't do anything
  * Add the missing payload size constraint
  * Use #retry_until_truthy
 2023-09-28 13:19:26 -04:00
sfewer-r7 89940e8b08 use the correct naming convention for normal options. 2023-09-28 16:36:18 +01:00
sfewer-r7 9a6e2dab71 improve the check routine to explicitly look for either a header value or a cookie value that TeamCity is known to set 2023-09-28 16:28:16 +01:00
sfewer-r7 96568bf6d3 typo in comment 2023-09-28 16:05:46 +01:00
sfewer-r7 ad7ff705c7 add in a Linux target 2023-09-28 14:57:02 +01:00
sfewer-r7 fbd5e60cfc add in coverage for CVE-2023-42793. Currently only a Windows target. 2023-09-28 12:31:59 +01:00
eu b1de44d892 Fix code styling 2023-09-22 16:51:49 +02:00
eu 4044835a64 Improve the cleanup method 
- The cleanup methos is deleting the job and removing the app directory
- Added a change dir command as an AutoRunScript just to avoid the error when trying to access the current directory in the session
 2023-09-22 15:45:40 +02:00
eu 47d8e4de04 Remove ReturnOutput option 
TODO: distinguish commands that return output and commands that don't
 2023-09-22 11:52:14 +02:00
eu ffb34b05ef Adherence to code review 2023-09-15 16:55:05 +02:00
Heyder Andrade 766766be78 Apply suggestions from code review 
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com>
 2023-09-14 16:13:10 +02:00
eu 54a7b55eb4 Fix code style 2023-09-14 15:05:41 +02:00
eu 401c775336 Rename module 2023-09-13 17:19:42 +02:00
Christophe De La Fuente a33f03d100 Land #18302, Sonicwall rce CVE-2023-34124 2023-09-08 11:48:07 +02:00