adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

35981 Commits

Author SHA1 Message Date
Ege Balcı 20d25e46d0 Update modules/exploits/unix/http/maltrail_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-08-16 18:45:12 +00:00
Ismail Dawoodjee a2a4489ce4 Merge branch 'rapid7:master' into apache_airflow_dag_rce 2023-08-16 13:50:13 +06:30
h00die 07d6312781 prometheus stuff 2023-08-15 20:30:54 -04:00
h00die d75c53fffe prometheus api gather 2023-08-15 20:30:54 -04:00
h00die 7629c7d0f4 prometheus node exporter library 2023-08-15 20:30:54 -04:00
adfoster-r7 33193bdd41 Update java reverse http and https to be dynamic 2023-08-16 00:50:41 +01:00
Jack Heysel 900e418796 Land #18226, H2 Web Interface RCE 
This PR adds a module to exploit an RCE feature in
the H2 databases Web Interface.
 2023-08-15 16:23:09 -04:00
Ismail Dawoodjee 13dbb27245 Implement usual version comparison and remove unactionable text 2023-08-15 12:35:08 +06:30
Ismail Dawoodjee bdaaef8d60 Merge branch 'rapid7:master' into apache_airflow_dag_rce 2023-08-15 12:24:06 +06:30
Jack Heysel 6cf136ec3a Land #18263, Add RaspAP Unauth Command Injection 
This PR adds an unauthenticated command injection
module for the RaspAP webgui application.
 2023-08-14 23:25:23 -04:00
RadioLogic 6a4d3d3854 Changed bad print to warning 2023-08-14 16:20:08 -04:00
Spencer McIntyre 5dee288464 Stream LDAP query results 2023-08-14 16:14:36 -04:00
RadioLogic 6ff0c956b3 Merge branch 'master' into useradd 2023-08-14 16:13:54 -04:00
RadioLogic 5a66693ae1 Added more description to groups error 2023-08-14 16:05:37 -04:00
RadioLogic 2720027468 Added comments to manual groups 2023-08-14 15:52:54 -04:00
RadioLogic 4b9243c061 Added validation to check valid groups to add 2023-08-14 15:32:56 -04:00
RadioLogic 0550f44012 replace print status to print line 2023-08-14 15:31:42 -04:00
RadioLogic 6632993bf1 Added gid correction to manual group additions 2023-08-14 14:11:38 -04:00
Spencer McIntyre 7d9abc87b1 Fix a stack trace in forge_ticket when SPN is blank 2023-08-14 10:42:32 -04:00
Ismail Dawoodjee 93da96e02f Add additional text to check for Airflow login page 2023-08-12 19:29:57 +06:30
Ismail Dawoodjee 60e8e3a487 Remove space before semicolon in payload command 2023-08-12 10:37:38 +06:30
Ismail Dawoodjee bbe8892549 Terminate payload command with a semicolon 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2023-08-12 09:56:00 +06:30
Ismail Dawoodjee 27039c156b Use the whole <a> tag in version check 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2023-08-12 09:41:53 +06:30
Bastian Kanbach 6930605cde Update cve_2023_21554_queuejumper.rb 
corrected minor typo
 2023-08-12 00:14:51 +02:00
Bastian Kanbach 40272beaf5 Update cve_2023_21554_queuejumper.rb 
Splitted the payload up into different headers to improve readability. Documented headers as well
 2023-08-12 00:10:59 +02:00
RadioLogic 54fa11c822 Added new UseraddMethod argument 2023-08-11 17:58:57 -04:00
Bastian Kanbach fe948f77c9 Update modules/auxiliary/scanner/msmq/cve_2023_21554_queuejumper.rb 
Splitted the line mentioning the two security researchers in two lines

Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2023-08-11 21:27:17 +02:00
Ege Balcı 2edf12d303 Syntax fix 2023-08-11 18:25:36 +02:00
Ege Balcı 0d7591c2fb Update modules/exploits/unix/http/maltrail_rce.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2023-08-11 16:24:38 +00:00
Ege Balcı 63305a8db6 Update modules/exploits/unix/http/maltrail_rce.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2023-08-11 16:24:19 +00:00
Ismail Dawoodjee 26b1317147 Fix "Notes value PatchedVersion must be an array" error 2023-08-11 22:15:41 +06:30
Ismail Dawoodjee 54b0abb318 Apache Airflow 1.10.10 - Example DAG Remote Code Execution (CVE-2020-11978 + CVE-2020-13927) 2023-08-11 21:43:16 +06:30
jvoisin 86c868084c Remove joesandbox and virtualpc 2023-08-11 14:42:51 +02:00
jvoisin 88a5a52c1a Stringy arrays before checking anything 
As suggested in https://github.com/rapid7/metasploit-framework/pull/18179#pullrequestreview-1533226875
 2023-08-11 14:42:01 +02:00
jvoisin 9b87a9d4f1 Run HyperV check after Parallels 
As suggested in https://github.com/rapid7/metasploit-framework/pull/18179#discussion_r1265637311
 2023-08-11 14:42:01 +02:00
jvoisin 075a7e9a14 Narrow a virtualbox check 2023-08-11 14:42:01 +02:00
jvoisin 1188256260 Update the Description to add newly detected VM 2023-08-11 14:42:01 +02:00
jvoisin 89dd8ce930 Add some references 2023-08-11 14:42:01 +02:00
jvoisin f439ca4fb7 Fix Multi String value issues 
Spotted by @cdelafuente-r7
 2023-08-11 14:42:01 +02:00
jvoisin c3b77844cc Improve Qemu detection 2023-08-11 14:42:01 +02:00
jvoisin fd45073d36 Improve Xen detection 2023-08-11 14:42:01 +02:00
jvoisin 9bed3da364 Improve VirtualBox detection 2023-08-11 14:42:01 +02:00
jvoisin 29d9908f22 Improve virtualpc detection 2023-08-11 14:42:01 +02:00
jvoisin fdd212625f Improve VMWare detection 2023-08-11 14:42:01 +02:00
jvoisin 04da17fc7b Add detection for JoeSandbox 2023-08-11 14:42:01 +02:00
jvoisin dec237ce0a Add Parallels detection 2023-08-11 14:42:01 +02:00
cudalac 904e8ba89f roundcube arbitrary file read 2023-08-10 22:45:01 -04:00
Bastian Kanbach cf9976d857 Update cve_2023_21554_queuejumper.rb 
Further tidying according to rubocop
 2023-08-11 01:38:02 +02:00
Bastian Kanbach 3953322e80 Update cve_2023_21554_queuejumper.rb 
Changed according to the linter
 2023-08-11 01:27:59 +02:00
bka-dev 6ced21b4a9 Adds module to detect CVE-2023-21554 aka QueueJumper 2023-08-11 00:45:03 +02:00