adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

18316 Commits

Author SHA1 Message Date
sfewer-r7 c70092a2c7 bugfix a copy pasta whereby a path seperator was not being added as expected 2024-01-29 17:52:37 +00:00
sfewer-r7 08a19959fe add an RCE exploit module for CVE-2024-0204 in Fortra GoAnywhere MFT 2024-01-29 17:17:45 +00:00
Spencer McIntyre b5de25a2b6 Fingerprint the target as Mirth Connect first 2024-01-29 12:11:38 -05:00
Dean Welch 9a2ec90c16 Add alert to show user the new session options available in Metasploit 6.4 2024-01-29 17:06:21 +00:00
Spencer McIntyre 8a793dd1b0 Use the correct exploit and use sh instead of bash 2024-01-29 09:03:25 -05:00
ErikWynter 14181572c1 add PRIVESC_SAVE_DELAY option for opennms authenticated RCE 2024-01-27 01:13:04 +02:00
Spencer McIntyre 9e41825e51 Finish up the exploit 
Tested on Linux (versions 4.1.1, 4.3.0, and 4.4.0) and Windows (version
4.4.0).
 2024-01-26 17:20:54 -05:00
ErikWynter acc15c23fe Add code review changes to opennms auth rce 2024-01-27 00:10:45 +02:00
Spencer McIntyre 530d58de49 Initial commit of NextGen Connect RCEs 2024-01-26 14:50:33 -05:00
Jack Heysel fe84c0dff7 Land #18734, Add exploit for CVE-2023-22527 
This adds an exploit for CVE-2023-22527 which is an
unauthenticated RCE in Atlassian Confluence. The
vulnerability is due to an SSTI flaw that allows an
OGNL expression to be evaluated.
 2024-01-25 14:15:10 -05:00
Spencer McIntyre 96241b3a6e Keep version detection consistent 2024-01-25 13:50:34 -05:00
Spencer McIntyre 49532613e5 Implement some feedback from the review 2024-01-25 09:20:17 -05:00
Spencer McIntyre deabf9b1d8 Add module docs 2024-01-24 12:49:27 -05:00
Jack Heysel 4c525dad66 Land #18648, Add enhancement to Asan check method 
Before this PR when running asan_suid_executable_priv_esc
if the user did not set the SUID_EXECUTABLE option the
module would fail with an undescriptive error message.
This PR removes the default value of an empty string from
SUID_EXECUTABLE so now if it's not set the user is informed.
 2024-01-23 15:22:33 -05:00
Jack Heysel c278ef9b73 Land #18648, Add Module for GL.iNet products 
This PR adds an exploit module for a number of
different GL.iNet network products. The module combines
an auth by-pass CVE-2023-50919 with an RCE CVE-2023-50445.
 2024-01-23 14:57:29 -05:00
Jack Heysel 08f6da7b33 Removed default empty string for SUID_EXECUTABLE 2024-01-23 14:21:58 -05:00
jheysel-r7 13d2968fad Capitalize remaining references to Meterpreter 2024-01-23 13:11:03 -05:00
Jack Heysel 904e34434e Land #18626, SaltStack Minion Deployer 
This PR adds an exploit module which allows for
a user who has compromised a host acting as a
SaltStack Master to deploy payloads to the Minions
attached to that Master.
 2024-01-23 11:58:38 -05:00
adfoster-r7 8c5628826f Land #18735, update iis_webdav_scstoragepathfromurl module metadata 2024-01-23 15:56:01 +00:00
bwatters 583d39b038 Land #18720, Mark unix encoders as compatible with linux 
Merge branch 'land-18720' into upstream-master
 2024-01-23 09:45:42 -06:00
h00die-gr3y 8d7907edee Update based on @jheysel-r7 comments 2024-01-23 10:10:21 +00:00
Simon Janusz 7411dc1b1b Land #17634, Add additional reliability and stability notes to modules 2024-01-23 09:42:15 +00:00
Jack Heysel 953382731e Land #18645, improve glibc tunables exploit 
This PR adds a way to get the Build ID from ld.so by
using the perf command. Before this the module depended
on file and readelf being installed to get the Build ID.
 2024-01-22 22:00:28 -05:00
aleksa 67e402e1be Added Notes 2024-01-22 19:12:21 -05:00
adfoster-r7 094d6ee36b Add additional reliability and stability notes to modules 2024-01-22 23:29:57 +00:00
aleksa e9e5a44522 Updated with side effects 2024-01-22 18:03:28 -05:00
aleksa 8e3fbcae26 notes added to storage path exploit. 2024-01-22 17:55:26 -05:00
Spencer McIntyre b8a0e33ce3 Initial exploit for CVE-2023-22527 2024-01-22 17:06:29 -05:00
bwatters 46a0052286 Land #18568, added exploit for CVE-2023-32781 - PRTG authenticated RCE 
Merge branch 'land-18568' into upstream-master
 2024-01-22 11:35:38 -06:00
Kevin Joensen dfa54d02b9 Update modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2024-01-22 10:10:14 +01:00
h00die-gr3y 919c846064 Final small updates (removed UDP and corrected typo in release date 2024-01-20 11:27:10 +00:00
Spencer McIntyre 06dcc82ced Land #18630, Add CVE-2023-50917: MajorDoMo RCE 
Add CVE-2023-50917: MajorDoMo Command Injection Module
 2024-01-19 17:10:40 -05:00
bwatters fadb0f45dd Land #18708, Ivanti Connect Secure RCE exploit module (CVE-2023-46805 and CVE-2024-21887) 
Merge branch 'land-18708' into upstream-master
 2024-01-19 15:47:43 -06:00
Spencer McIntyre b31abcc9b2 Mark unix encoders as compatible with linux 
Fixes #18572
 2024-01-19 13:40:43 -05:00
ekalinichev-r7 847a72c417 Land #18638, add exploit for CVE-2022-42889 Apache Commons Text RCE 2024-01-19 13:02:53 +01:00
Gaurav Jain fd3ca96988 Update splunk cve-2023-32707 to use splunk library 2024-01-19 01:56:15 +05:30
sfewer-r7 de6ed9e1d6 use get_json_document instead of JSON.parse 2024-01-18 15:35:43 +00:00
sfewer-r7 4ff399844f By replacing the trailing ';' with a '#' we comment out the remaining portion of the command string (Thank you @jvoisin). We must also include a space character for this to work as expected, doing so also removes the need to bootstrap the Linux payloads with a separate file. 2024-01-18 10:04:38 +00:00
Stephen Fewer c74fd86961 Update modules/exploits/linux/http/ivanti_connect_secure_rce_cve_2023_46805.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-01-18 09:18:46 +00:00
Stephen Fewer 3bb1d2bc02 Update modules/exploits/linux/http/ivanti_connect_secure_rce_cve_2023_46805.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-01-18 09:18:35 +00:00
Christophe De La Fuente b8aa55c322 Land #18633, WordPress Backup Migration Plugin PHP Filter Chain RCE (CVE-2023-6553) 2024-01-17 18:42:52 +01:00
Christophe De La Fuente a8d46b3e7a Land #18627, Ansible: post gather module, payload deployer, and file reader 2024-01-17 15:26:25 +01:00
sfewer-r7 70ef0dcb0d improve the check logic to fall through when the json doesnt have the key we expect it to have 2024-01-17 10:02:59 +00:00
sfewer-r7 518c1e5d3c mention Pull Connect as well as the CVEs in the description 2024-01-17 10:02:11 +00:00
sfewer-r7 ad7e348eaa remove a copy pasta link 2024-01-17 09:16:18 +00:00
h00die d7cf9155a6 ofbiz working for 18.12.09 2024-01-16 20:06:11 -05:00
Jack Heysel 607a2789d0 Revert "Changed payload double quote to single" 
This reverts commit f1586f08c3.
 2024-01-16 14:49:22 -05:00
adfoster-r7 1ba704b1cb Land #18398, Update deprecated report_auth_info in various modules 2024-01-16 19:30:56 +00:00
sfewer-r7 f9419c4839 seperate commands into an array instead of one bog long string 2024-01-16 17:19:13 +00:00
sfewer-r7 ea1dafa353 this is a slightly nicer way to write this 2024-01-16 17:08:09 +00:00