adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

1489 Commits

Author SHA1 Message Date
errorxyz 97513d473f Update manageengine_endpoint_central and servicedesk_plus default payloads 2024-02-23 00:00:18 +05:30
Gaurav Jain 184ed3a162 Add suggested changes 2024-02-09 02:22:20 +05:30
Gaurav Jain 4dc21bae45 Merge branch 'rapid7:master' into manageengine 2024-02-08 15:11:15 +05:30
Gaurav Jain 25804edbf4 Add java targets for manageengine cve-2022-47966 modules 2024-02-08 01:55:52 +05:30
adfoster-r7 094d6ee36b Add additional reliability and stability notes to modules 2024-01-22 23:29:57 +00:00
Kevin Joensen dfa54d02b9 Update modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2024-01-22 10:10:14 +01:00
Kevin Joensen 3b8f684d08 Fixed check module function 2023-12-29 16:18:50 +01:00
Kevin Joensen 2f023f7315 Update modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2023-12-29 14:50:47 +01:00
Kevin Joensen 5de0e4e234 Update modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2023-12-13 14:30:00 +01:00
Kevin Joensen 52a23e3afb Update modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2023-12-13 14:29:49 +01:00
Kevin Joensen 83dccfafaf added retry_until_truthy and sensor deletion upon payload running 2023-12-07 15:16:42 +01:00
Kevin Joensen 2718c078d2 removed WfsDelay 2023-12-01 10:15:55 +01:00
Kevin Joensen d26db0b1dd changed datastore['TARGETURI'] to target_uri.path 2023-12-01 10:15:13 +01:00
Kevin Joensen 26e7807154 updated URI to TARGETURI 2023-12-01 10:09:06 +01:00
Kevin Joensen 9105966b20 Fixed debug string 2023-12-01 10:07:28 +01:00
Kevin Joensen 7dbd938e3b fixed linting with rubocop and msftidy.rb 2023-11-27 18:44:10 +01:00
Kevin Joensen 3ffeef36f6 Update modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2023-11-27 11:48:50 +01:00
Kevin Joensen ebc18db0ac Update modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2023-11-27 11:48:12 +01:00
Kevin Joensen 4906ea228d updated fields to have random values 2023-11-27 09:39:18 +01:00
Kevin Joensen 27b2cdf5b1 Update modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb 
Remove obsolete slash in normalize_uri parameters

Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2023-11-25 13:09:15 +01:00
Kevin Joensen 32380d8a26 Update modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb 
Remove obsolete slash in normalize_uri parameters

Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2023-11-25 13:09:03 +01:00
Kevin Joensen a04943063e Update modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb 
Removes quotes from normalize_uri parameters.

Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2023-11-25 13:07:08 +01:00
Kevin Joensen 8c007c0ef7 added exploit for CVE-2023-32781 - PRTG authenticated RCE 2023-11-23 19:28:02 +01:00
Jemmy Wang f83f183fe2 Apply Code Suggestions from review 2023-11-03 00:04:20 +08:00
Jemmy Wang a7e8be4860 Fix code styling to pass msftidy 2023-11-02 10:35:49 +08:00
Jemmy Wang 9f9f18c73f Apply suggestions from code review 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-11-02 10:10:26 +08:00
Jemmy Wang 00ccebe8ce Upadte documentation for AjaxPro Deserializaion RCE 2023-10-31 13:31:10 +08:00
Jemmy Wang 62f3dafd91 Apply CheckCode message suggestions from code review 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-10-31 10:45:58 +08:00
Jemmy Wang cd3556dd71 Add Exploit for AjaxPro Deserialization RCE (CVE2021-23758) 2023-10-28 00:48:52 +08:00
sfewer-r7 8431d11654 leverage Rex::MIME::Message instead of creating the multipart data manualy 2023-10-04 09:39:25 +01:00
sfewer-r7 ccd8c71ec6 change the payload space to 5000. This allows all the payloads I tested to work but also allows all the 3 gadget chains I tested to work. ClaimsPrincipal and TypeConfuseDelegate will fail if the space is too large. 2023-10-04 09:38:42 +01:00
sfewer-r7 1be8e0245b remove the powershell target as the powershell command adapter will handle this for us (thanks Spencer). Increate the space to handle the larger powershell command lines. I tested with cmd/windows/powershell/x64/meterpreter/reverse_tcp and the powershell command length was 4404. 2023-10-03 17:48:37 +01:00
sfewer-r7 2eacb75feb Add a reference to the AssetNote blog. Better describe what teh TARGET_URI option is for and why it defaults to /AHT/ 2023-10-03 11:17:21 +01:00
sfewer-r7 1695a12c9c Explicitly state both the release name (e.g. 2022.0.2) and the version number (e.g. 8.8.2) in a more consistent way. 2023-10-02 17:40:11 +01:00
sfewer-r7 53ed4a632b add in exploit module for CVE-2023-40044 - WS_FTP unauthenticated RCE via .NET deserialization. 2023-10-02 11:42:19 +01:00
Ege Balcı e286c96dee Update modules/exploits/windows/http/lg_simple_editor_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-09-07 17:00:17 +00:00
Ege Balcı 3509193ae8 Update modules/exploits/windows/http/lg_simple_editor_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-09-07 17:00:10 +00:00
Ege Balcı 20a22f1baf Fix check, randomize JSP name, ditch backup 2023-09-01 03:46:58 +02:00
Ege Balcı 757e942ac9 Update modules/exploits/windows/http/lg_simple_editor_rce.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2023-09-01 01:16:32 +00:00
Ege Balcı 32f9357f7a Update side effects 2023-08-29 18:08:11 +02:00
Ege Balcı 1d9c7fde77 Add LG Simple Editor Unauthenticated RCE (CVE-2023-40498) Exploit 2023-08-29 17:58:43 +02:00
Ege Balcı 329920eeb2 Add Netgear NMS RCE (CVE-2023-38096/8) exploit 2023-08-02 18:03:57 +02:00
ismaildawoodjee e61342afac Proper error handling for closing TCP socket and used Rex exceptions 2023-07-09 07:25:09 -04:00
ismaildawoodjee 1706812099 Implemented requested changes 
* Small fixes in Description - removed backticks
* Implemented Windows Command target
* Removed PowerShell Stager, in Targets and in exploit method
* Implemented Rex::Socket::Tcp in place of TCPSocket

* Updated TARGET section in documentation
* Added TARGET 0 - Windows Command scenario
* Removed PowerShell Stager scenario
* Replaced 'Using configured payload' lines to use Windows Command payload
  for the 2nd, 3rd, and 4th scenarios. Did not rerun the scenarios, however
 2023-07-07 04:14:20 -04:00
Ismail Dawoodjee f959dee046 Change module name 
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com>
 2023-07-06 18:50:44 +03:00
ismaildawoodjee 591fee1850 Fix msftidy complaining about https:// URL scheme in Line 2 2023-07-06 11:01:54 -04:00
ismaildawoodjee ad0d3e79a9 SmarterMail RCE module and documentation 2023-07-06 08:00:28 -04:00
adfoster-r7 085943bd78 Add Ruby 3.3.0-preview1 to test suite 2023-06-29 22:53:17 +01:00
Spencer McIntyre dfd450561e Tweak some messages and cleanup markdown table 2023-06-22 14:23:25 -04:00
bwatters a05bde217c Ensure any users we create are deleted 2023-06-22 12:18:07 -05:00