adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

4544 Commits

Author SHA1 Message Date
Jack Heysel 5c7061cc0c Remove OS dependant payload 2024-01-11 12:30:04 -05:00
jheysel-r7 43f4705e60 Apply suggestions from code review 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-01-09 12:37:59 -05:00
Gaurav Jain 98667edf76 Add suggested changes 2024-01-05 22:31:51 +05:30
bwatters cdfa421d15 Land #18515, Add java target for ManageEngine ServiceDesk Plus CVE-2022-47966 
Merge branch 'land-18515' into upstream-master
 2024-01-04 17:25:08 -06:00
Gaurav Jain d0beea91bd Add exploit for CVE-2022-42889 2023-12-25 00:43:50 +05:30
Jack Heysel eeb74cd5e1 Updated metadata 2023-12-20 16:49:45 -05:00
Jack Heysel e3062d45e0 Module working docs updated 2023-12-20 16:41:52 -05:00
Jack Heysel c895364675 Initial commit, files created 2023-12-18 19:26:14 -05:00
Christophe De La Fuente 45d2c7f4e0 Land #18566, CVE-2023-22518: Confluence Auth Bypass Restore From Backup RCE 2023-12-18 18:51:36 +01:00
Jack Heysel c1459df10f Check method improvement 2023-12-14 12:42:23 -05:00
jheysel-r7 a14b28e941 Update modules/exploits/multi/http/atlassian_confluence_unauth_backup.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2023-12-14 11:55:48 -05:00
Jack Heysel 862194d63f Documentation and rubocop changes 2023-12-11 19:01:35 -05:00
Jack Heysel 61414fab27 Refactored module to use mixin 2023-12-11 18:24:37 -05:00
Valentin Lobstein fc35a116bb Update modules/exploits/multi/http/wp_royal_elementor_addons_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-11-28 08:15:27 +01:00
Balgogan e1b3c56de8 Add reference 2023-11-23 19:27:11 +01:00
Balgogan 65ea1188e2 Add suggested changes 2023-11-23 18:22:36 +01:00
Balgogan 31daaf58fe Add wp_royal_elementor_addons_rce 2023-11-23 05:15:28 +01:00
Jack Heysel 397b9971a3 Clean up started 2023-11-22 21:06:55 -05:00
Jack Heysel c0be4c2f72 working end to end unix confluence 7.18 2023-11-22 19:49:38 -05:00
Jack Heysel e6e2106140 Auth bypass, auth, shell upload, working 2023-11-21 22:14:27 -05:00
Gaurav Jain 6056081de5 Change status message upon completion of exploit 2023-11-10 05:28:10 +05:30
Gaurav Jain 8301e6c766 Use Rex::RandomIdentifier::Generator to generate payload variables names 2023-11-10 05:25:59 +05:30
sfewer-r7 ea21036995 reduce nesting in the check routine 2023-11-06 09:42:59 +00:00
sfewer-r7 4272678938 reduce the indentation in on_request_uri 2023-11-06 09:36:20 +00:00
sfewer-r7 fa8c40072c ensure the payload doesnt contain a CDATA closing tag, if found then fail before we attempt exploitation 2023-11-06 09:36:20 +00:00
Gaurav Jain b9c65d5b75 Delete log entries on target 2023-11-06 02:00:25 +05:30
Gaurav Jain ba196b4264 Handle serving of payloads for different targets 2023-11-06 01:57:44 +05:30
sfewer-r7 24810183ca add in a unix target as ActiveMQ can run on OSX 2023-11-02 10:25:45 +00:00
sfewer-r7 94b5211525 set exploit Stance to Agressive 2023-11-02 09:32:36 +00:00
sfewer-r7 df040b30aa typos and improve comments 2023-11-01 17:59:00 +00:00
sfewer-r7 a408181def Add initial work on exploit module for CVE-2023-46604 2023-11-01 17:34:30 +00:00
Gaurav Jain 9bd819e2d7 Add java in-memory target for manageengine servicedesk exploit 2023-10-30 20:12:37 +05:30
adfoster-r7 3b4302d902 Land #18441, Add at rest encryption to Meterpreter payloads 2023-10-27 12:18:19 +01:00
Zach Goldman d960aa522c Land #18348, Splunk account take over (CVE-2023-32707) leading to RCE 2023-10-26 11:34:02 -04:00
Heyder Andrade e5e58bc0be Update modules/exploits/multi/http/splunk_privilege_escalation_cve_2023_32707.rb 
Co-authored-by: Zach Goldman <106169455+zgoldman-r7@users.noreply.github.com>
 2023-10-26 14:03:06 +02:00
Heyder Andrade c0af43c10b Update modules/exploits/multi/http/splunk_privilege_escalation_cve_2023_32707.rb 
Co-authored-by: Zach Goldman <106169455+zgoldman-r7@users.noreply.github.com>
 2023-10-25 11:02:30 +02:00
Heyder Andrade 5e19c8fd88 Update splunk_privilege_escalation_cve_2023_32707.rb 2023-10-24 14:44:27 +02:00
Christophe De La Fuente da9d04d32d Land #18461, CVE-2023-22515 - Atlassian Confluence unauthenticated RCE 2023-10-19 10:22:57 +02:00
sfewer-r7 5e84f57ab3 set :random to true during generate_jar so we can randomize teh metasploit class path 2023-10-18 09:53:46 +01:00
sfewer-r7 fcffd36af0 no need to test for true, jsut return the value as we are waiting for done to be set to true 2023-10-18 09:37:04 +01:00
sfewer-r7 9fdbccb74f catch a JSON ParserError exception and fail_with() if needed. Also detect if the JSON data doesnt have the expected value and fail_with() if needed 2023-10-18 09:36:02 +01:00
sfewer-r7 34107e4f3b favod over for string concatenation. 2023-10-17 11:36:07 +01:00
sfewer-r7 0fc35bf6d3 randomize the plugins version number 2023-10-17 10:01:02 +01:00
sfewer-r7 415bd49b15 use next semantics to return from a yielded block early (note we cannot use return for this) 2023-10-17 09:43:00 +01:00
sfewer-r7 54f334479a fix another typo 2023-10-17 09:30:52 +01:00
sfewer-r7 9e6e9538e1 typo 2023-10-17 09:29:38 +01:00
sfewer-r7 d2438bad4e add a note to explain we need to concat a trailing forward slash 2023-10-17 09:28:04 +01:00
sfewer-r7 4acdaf3087 typos 2023-10-17 09:22:09 +01:00
sfewer-r7 d17f065f12 remove 'localhost' in favor of some random chars 2023-10-17 09:21:28 +01:00
sfewer-r7 3242a7009b clarify timeout is in seconds 2023-10-17 09:11:05 +01:00