adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

18316 Commits

Author SHA1 Message Date
cgranleese-r7 f794268020 Land #18578, Docker cgroup escape (CVE-2022-0492) 2023-12-06 16:07:08 +00:00
Christophe De La Fuente 10d4b9233b Land #18463, D-Link Router UPnP unauthenticed LAN RCE via a crafted M-SEARCH packet 2023-12-05 10:58:15 +01:00
Christophe De La Fuente 7cd1b75497 Update deprecation date and message 2023-12-05 10:51:12 +01:00
Dean Welch 152056b001 DRY up post mixin/optional session 2023-12-04 17:55:15 +00:00
Dean Welch cd8cc75cf3 Add smb session type 2023-12-04 17:55:11 +00:00
h00die f1fc6b7cdd review comments, adding new payloads 2023-12-01 16:06:48 -05:00
Balgogan ab9576f83d Add changes 2023-12-01 10:55:04 +01:00
Kevin Joensen 2718c078d2 removed WfsDelay 2023-12-01 10:15:55 +01:00
Kevin Joensen d26db0b1dd changed datastore['TARGETURI'] to target_uri.path 2023-12-01 10:15:13 +01:00
Kevin Joensen 26e7807154 updated URI to TARGETURI 2023-12-01 10:09:06 +01:00
Kevin Joensen 9105966b20 Fixed debug string 2023-12-01 10:07:28 +01:00
bwatters 56da86fe6b Land #18579, Use the new style of Windows version detection for CVE-2022-3699 
Merge branch 'land-18579' into upstream-master
 2023-11-29 14:28:35 -06:00
h00die b171b5e77c working cve-2022-0492 2023-11-28 15:16:18 -05:00
Spencer McIntyre 7307c9810b Use the new style of Windows version detection 
This will become more important once the Windows Meterpreter returns a
more accurate string for the sysinfo OS field.
 2023-11-28 14:35:26 -05:00
h00die 4ae62a431b not-working docker escape 2023-11-28 13:44:08 -05:00
Balgogan 47e7453930 Enhance Splunk RCE module description for clarity and detail 2023-11-28 17:59:16 +01:00
Balgogan 4967d3e95d Remove spaces 2023-11-28 17:48:07 +01:00
Balgogan f2f34f64c8 Add suggested changes 2023-11-28 17:45:13 +01:00
Balgogan b2fa201a7d Implement check 2023-11-28 16:45:44 +01:00
Balgogan a1f31d909a Add splunk_xslt_authenticated_rce 2023-11-28 15:51:39 +01:00
Balgogan 0146527e55 Add splunk_xslt_authenticated_rce 2023-11-28 15:40:05 +01:00
Valentin Lobstein fc35a116bb Update modules/exploits/multi/http/wp_royal_elementor_addons_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-11-28 08:15:27 +01:00
Valentin Lobstein 1438a88eb5 Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2023-11-28 08:10:56 +01:00
h00die-gr3y 67933c3819 Deprecated module exploit/linux/upnp/dlink_dir859_exec_ssdpcgi 2023-11-27 19:35:34 +00:00
Kevin Joensen 7dbd938e3b fixed linting with rubocop and msftidy.rb 2023-11-27 18:44:10 +01:00
Kevin Joensen 3ffeef36f6 Update modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2023-11-27 11:48:50 +01:00
Kevin Joensen ebc18db0ac Update modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2023-11-27 11:48:12 +01:00
Kevin Joensen 4906ea228d updated fields to have random values 2023-11-27 09:39:18 +01:00
Kevin Joensen 27b2cdf5b1 Update modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb 
Remove obsolete slash in normalize_uri parameters

Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2023-11-25 13:09:15 +01:00
Kevin Joensen 32380d8a26 Update modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb 
Remove obsolete slash in normalize_uri parameters

Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2023-11-25 13:09:03 +01:00
Kevin Joensen a04943063e Update modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb 
Removes quotes from normalize_uri parameters.

Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2023-11-25 13:07:08 +01:00
Kevin Joensen 8c007c0ef7 added exploit for CVE-2023-32781 - PRTG authenticated RCE 2023-11-23 19:28:02 +01:00
Balgogan e1b3c56de8 Add reference 2023-11-23 19:27:11 +01:00
Balgogan 65ea1188e2 Add suggested changes 2023-11-23 18:22:36 +01:00
Valentin Lobstein c60da4ad58 Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb 
Co-authored-by: cgranleese-r7 <69522014+cgranleese-r7@users.noreply.github.com>
 2023-11-23 17:33:19 +01:00
Valentin Lobstein d20a1703b1 Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb 
Co-authored-by: cgranleese-r7 <69522014+cgranleese-r7@users.noreply.github.com>
 2023-11-23 17:32:57 +01:00
Balgogan 31daaf58fe Add wp_royal_elementor_addons_rce 2023-11-23 05:15:28 +01:00
Jack Heysel 397b9971a3 Clean up started 2023-11-22 21:06:55 -05:00
Jack Heysel c0be4c2f72 working end to end unix confluence 7.18 2023-11-22 19:49:38 -05:00
Jack Heysel e6e2106140 Auth bypass, auth, shell upload, working 2023-11-21 22:14:27 -05:00
Balgogan 9b050e29ae Add suggested changes 2023-11-22 00:53:12 +01:00
Balgogan fff8d20eb8 Add suggested changes 2023-11-22 00:50:57 +01:00
Balgogan 2750deedee Update 2023-11-21 18:28:28 +01:00
Valentin Lobstein 218f652429 Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2023-11-21 17:08:55 +01:00
Balgogan 58425df0ef Update vinchin_backup_recovery_cmd_inject exploit and documentation 2023-11-21 02:09:24 +01:00
Valentin Lobstein d59d5e5524 Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2023-11-20 19:07:04 +01:00
Valentin Lobstein 4e1ec6484a Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2023-11-20 19:06:51 +01:00
Valentin Lobstein 8eb1f61217 Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2023-11-20 19:06:41 +01:00
Valentin Lobstein 223cb245ba Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2023-11-20 19:06:05 +01:00
Valentin Lobstein 13b19ba537 Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2023-11-20 19:05:54 +01:00