adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

4544 Commits

Author SHA1 Message Date
bwatters 8a1f5de8f1 Fix msftidy issue and update file delete 2024-02-15 10:00:44 -06:00
bwatters 20563b64b2 add check method 2024-02-15 09:05:54 -06:00
bwatters 843c64d2f6 Code cleaned up 2024-02-14 19:08:11 -06:00
bwatters 67cd9b425b Working, but ugly 2024-02-14 15:42:50 -06:00
Dean Welch fa5c4c0193 lowercase session types 2024-02-14 15:45:34 +00:00
Dean Welch 587a8690a1 Use individual session mixins 2024-02-14 15:37:11 +00:00
bwatters cc0fc56874 Draft nonworking start 2024-02-12 17:44:24 -06:00
sjanusz-r7 30fc29e0f5 Use PostgreSQL session type for modules 2024-02-09 15:38:06 +00:00
Gaurav Jain 184ed3a162 Add suggested changes 2024-02-09 02:22:20 +05:30
adfoster-r7 8b71afdd53 Land #18759, Updates MySQL modules to now support the new MySQL session type 2024-02-08 12:39:51 +00:00
Gaurav Jain 4dc21bae45 Merge branch 'rapid7:master' into manageengine 2024-02-08 15:11:15 +05:30
Gaurav Jain 25804edbf4 Add java targets for manageengine cve-2022-47966 modules 2024-02-08 01:55:52 +05:30
cgranleese-r7 e80f0ef8cd Removes session logic from mixins and uses client instead of datastore for rhost and rport 2024-02-06 14:11:16 +00:00
Jack Heysel 85974d16c2 Land #18769, Add Cacti RCE via SQLi Module 
This exploit module leverages a SQLi (CVE-2023-49085) and
a LFI (CVE-2023-49084) vulnerability in Cacti versions prior
to 1.2.26 to achieve RCE
 2024-02-02 11:46:10 -05:00
cgranleese-r7 577304cf7c Updates more modules 2024-02-02 14:59:56 +00:00
Christophe De La Fuente b91648f065 Fix typos 2024-02-02 11:45:51 +01:00
Christophe De La Fuente 1ff1302df7 Use exceptions instead of returning a boolean in do_login 2024-02-02 11:39:13 +01:00
Jack Heysel be2d2d61ca Land #18762, Add exploit module for CVE-2024-0204 
This pull request adds an exploit module for CVE-2024-0204
in Fortra GoAnywhere MFT. GoAnywhere MFT versions 6.x from
6.0.1, and 7.x before 7.4.1 are vulnerable.
 2024-02-01 22:36:32 -05:00
sfewer-r7 b259c5d6a7 store the credentials we create in the DB 2024-02-01 19:48:01 +00:00
sfewer-r7 612feac5f1 add in vendor advisory URL 2024-02-01 19:47:23 +00:00
Christophe De La Fuente 81eba7a6e7 Use FileDropper mixin and fix typo 2024-02-01 17:23:05 +01:00
Christophe De La Fuente 5054b3bfd0 Add methods to get the version and the CSRF token 2024-02-01 12:31:01 +01:00
Stephen Fewer a867793870 Update modules/exploits/multi/http/fortra_goanywhere_mft_rce_cve_2024_0204.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-02-01 09:05:02 +00:00
Stephen Fewer 546de49bec Update modules/exploits/multi/http/fortra_goanywhere_mft_rce_cve_2024_0204.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-02-01 09:04:49 +00:00
Stephen Fewer 6e4294c013 Update modules/exploits/multi/http/fortra_goanywhere_mft_rce_cve_2024_0204.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-02-01 09:04:26 +00:00
Christophe De La Fuente f10619d870 Add module and documentation 2024-01-30 12:52:02 +01:00
Spencer McIntyre 577898d91b Check the response when exploiting 2024-01-29 14:38:49 -05:00
sfewer-r7 c70092a2c7 bugfix a copy pasta whereby a path seperator was not being added as expected 2024-01-29 17:52:37 +00:00
sfewer-r7 08a19959fe add an RCE exploit module for CVE-2024-0204 in Fortra GoAnywhere MFT 2024-01-29 17:17:45 +00:00
Spencer McIntyre b5de25a2b6 Fingerprint the target as Mirth Connect first 2024-01-29 12:11:38 -05:00
Spencer McIntyre 8a793dd1b0 Use the correct exploit and use sh instead of bash 2024-01-29 09:03:25 -05:00
Spencer McIntyre 9e41825e51 Finish up the exploit 
Tested on Linux (versions 4.1.1, 4.3.0, and 4.4.0) and Windows (version
4.4.0).
 2024-01-26 17:20:54 -05:00
Spencer McIntyre 530d58de49 Initial commit of NextGen Connect RCEs 2024-01-26 14:50:33 -05:00
Jack Heysel fe84c0dff7 Land #18734, Add exploit for CVE-2023-22527 
This adds an exploit for CVE-2023-22527 which is an
unauthenticated RCE in Atlassian Confluence. The
vulnerability is due to an SSTI flaw that allows an
OGNL expression to be evaluated.
 2024-01-25 14:15:10 -05:00
Spencer McIntyre 96241b3a6e Keep version detection consistent 2024-01-25 13:50:34 -05:00
Spencer McIntyre 49532613e5 Implement some feedback from the review 2024-01-25 09:20:17 -05:00
Spencer McIntyre deabf9b1d8 Add module docs 2024-01-24 12:49:27 -05:00
bwatters 583d39b038 Land #18720, Mark unix encoders as compatible with linux 
Merge branch 'land-18720' into upstream-master
 2024-01-23 09:45:42 -06:00
adfoster-r7 094d6ee36b Add additional reliability and stability notes to modules 2024-01-22 23:29:57 +00:00
Spencer McIntyre b8a0e33ce3 Initial exploit for CVE-2023-22527 2024-01-22 17:06:29 -05:00
Spencer McIntyre b31abcc9b2 Mark unix encoders as compatible with linux 
Fixes #18572
 2024-01-19 13:40:43 -05:00
ekalinichev-r7 847a72c417 Land #18638, add exploit for CVE-2022-42889 Apache Commons Text RCE 2024-01-19 13:02:53 +01:00
Gaurav Jain fd3ca96988 Update splunk cve-2023-32707 to use splunk library 2024-01-19 01:56:15 +05:30
Christophe De La Fuente b8aa55c322 Land #18633, WordPress Backup Migration Plugin PHP Filter Chain RCE (CVE-2023-6553) 2024-01-17 18:42:52 +01:00
Jack Heysel 607a2789d0 Revert "Changed payload double quote to single" 
This reverts commit f1586f08c3.
 2024-01-16 14:49:22 -05:00
Jack Heysel f1586f08c3 Changed payload double quote to single 2024-01-15 12:09:41 -05:00
Jack Heysel 5e25a99700 Responded to comments 2024-01-12 13:08:32 -05:00
Jack Heysel 6d8666e35b Fixed spacing and removed unused method 2024-01-11 13:13:57 -05:00
Jack Heysel cdc66dd91f Last minute fix 2024-01-11 12:56:01 -05:00
Jack Heysel e44b57249d Merge branch 'wp-backup-migration-php-filter' of github.com:jheysel-r7/metasploit-framework into wp-backup-migration-php-filter 2024-01-11 12:30:42 -05:00