adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

35981 Commits

Author SHA1 Message Date
Spencer McIntyre 49e689d909 Some improvements to the encoder 
* Skip encoding when it is not necessary
* Use command -v instead of which for portability
 2024-02-13 18:34:40 +01:00
Spencer McIntyre 9c6e1a584a Add a base64 ARCH_CMD encoder 2024-02-13 18:34:40 +01:00
sfewer-r7 423bf0c519 work in progress exploit module for cve-2023-47218 2024-02-13 17:32:14 +00:00
adfoster-r7 b762d2ba65 Land #18795, Move CreateSession from advanced into basic options 2024-02-13 10:00:35 +00:00
bwatters cc0fc56874 Draft nonworking start 2024-02-12 17:44:24 -06:00
Spencer McIntyre 202db99004 Land #18801, Fix revision number checks 
Fix revision number checks in cve_2022_26904_superprofile.rb
 2024-02-12 15:52:16 -05:00
Spencer McIntyre 45365c8666 Land #18800, Fix revision number checks 
Fix revision number checks for cve_2021_40449.rb
 2024-02-12 15:19:56 -05:00
Spencer McIntyre ce0498377d Land #18798, fix version checks 
windows/local/cve_2020_0787_bits_arbitrary_file_move (and similar) fails due to incorrect revision_number checks
 2024-02-12 15:11:07 -05:00
Spencer McIntyre 8eb5aa6aa6 Land #18799, Fix revision number checks 
Fix revision number checks for cve_2020_17136.rb
 2024-02-12 15:01:45 -05:00
n00bhaxor 58eba131a8 fixed error with single character variable 2024-02-12 09:47:21 -05:00
n00bhaxor 3203c7cb66 corrected formatting and other errors with rubocop 2024-02-12 09:37:37 -05:00
adfoster-r7 5fa1ce8ed2 Add support for newer sqlcmd versions 2024-02-12 11:51:02 +00:00
cgranleese-r7 699afaff45 Adds some notification message about 6.4 release features 2024-02-12 11:37:47 +00:00
cgranleese-r7 5d165466ff Move CreateSession from advanced into basic options 2024-02-12 11:35:27 +00:00
n00bhaxor fdcd9e26ad Adding module for gitlab_email_disclosure 2024-02-09 20:51:45 -05:00
Zach Goldman 94223f05fc update relevant modules to work with sessions 
separate out optional session logic

fixing session handling
 2024-02-09 13:18:49 -06:00
cgranleese-r7 285fbe5ac5 Land #18812, Revert mssql_login TDSENCRYPTION value to false 2024-02-09 17:03:10 +00:00
adfoster-r7 37ee910d2f Revert mssql_login TDSENCRYPTION value to false 2024-02-09 16:07:45 +00:00
sjanusz-r7 30fc29e0f5 Use PostgreSQL session type for modules 2024-02-09 15:38:06 +00:00
adfoster-r7 9caa2fac17 Land #18747, Add new mssql session type 2024-02-09 15:27:43 +00:00
Zach Goldman 2c60780dc0 Add MSSQL session Type 2024-02-09 07:27:01 -06:00
sfewer-r7 1f292c8a73 remove the linux and unix targets in favor of a single automatic target 2024-02-09 09:26:08 +00:00
Gaurav Jain 184ed3a162 Add suggested changes 2024-02-09 02:22:20 +05:30
adfoster-r7 8b71afdd53 Land #18759, Updates MySQL modules to now support the new MySQL session type 2024-02-08 12:39:51 +00:00
Gaurav Jain 4dc21bae45 Merge branch 'rapid7:master' into manageengine 2024-02-08 15:11:15 +05:30
Gaurav Jain 25804edbf4 Add java targets for manageengine cve-2022-47966 modules 2024-02-08 01:55:52 +05:30
cgranleese-r7 b060809a8d Addresses logoff PR feedback 2024-02-07 12:51:04 +00:00
upsidedwn 4b5d04e59e Fix revision number checks in cve_2022_26904_superprofile.rb 2024-02-07 11:30:42 +08:00
upsidedwn ccb446f2ae Fix revision number checks for cve_2021_40449.rb 2024-02-07 11:28:00 +08:00
upsidedwn 436efad4ca Fix revision number checks 2024-02-07 11:25:41 +08:00
upsidedwn 47d30696bc Fix revision_number checks 2024-02-07 11:20:12 +08:00
h00die 84278b8e0e fix ofbiz auto detection 2024-02-06 16:45:02 -05:00
cgranleese-r7 e80f0ef8cd Removes session logic from mixins and uses client instead of datastore for rhost and rport 2024-02-06 14:11:16 +00:00
sfewer-r7 03a58c784b fix typo in variable name 2024-02-06 14:08:54 +00:00
sfewer-r7 367783bcb5 add in RCE exploit for CVE-2024-21893 2024-02-06 11:49:04 +00:00
Christophe De La Fuente d546db6055 Land #18780, runc cwd priv esc (docker) (cve-2024-21626) 2024-02-05 13:12:02 +01:00
lihe07 29524fa7f8 Fix option collision in service_persistence 
The option `SHELLPATH` collide with `cmd/unix/reverse_netcat`,
resulting in abnormal backdoors. This commit rename it to BACKDOOR_PATH
 2024-02-03 23:18:45 +08:00
h00die cf2f76e6a2 cve-2024-21626 review 2024-02-02 16:27:02 -05:00
Jack Heysel 85974d16c2 Land #18769, Add Cacti RCE via SQLi Module 
This exploit module leverages a SQLi (CVE-2023-49085) and
a LFI (CVE-2023-49084) vulnerability in Cacti versions prior
to 1.2.26 to achieve RCE
 2024-02-02 11:46:10 -05:00
cgranleese-r7 577304cf7c Updates more modules 2024-02-02 14:59:56 +00:00
cgranleese-r7 ae1cb57dc3 Updates MySQL modules to now support the new MySQL session type 2024-02-02 14:59:56 +00:00
cgranleese-r7 0e9cad6d45 Adds MySQL session type 2024-02-02 14:39:37 +00:00
adfoster-r7 48221e594d Land #18704, Leverage the module metadata cache in the module_sets 2024-02-02 14:16:46 +00:00
adfoster-r7 7ac4387d35 Land #18696, Convert MSSQL mixin to class 2024-02-02 14:14:34 +00:00
Christophe De La Fuente b91648f065 Fix typos 2024-02-02 11:45:51 +01:00
Christophe De La Fuente 1ff1302df7 Use exceptions instead of returning a boolean in do_login 2024-02-02 11:39:13 +01:00
adfoster-r7 372b792b8c Land #18761, Add alert to show user the new session options available in Metasploit 6.4 2024-02-02 10:25:32 +00:00
Jack Heysel be2d2d61ca Land #18762, Add exploit module for CVE-2024-0204 
This pull request adds an exploit module for CVE-2024-0204
in Fortra GoAnywhere MFT. GoAnywhere MFT versions 6.x from
6.0.1, and 7.x before 7.4.1 are vulnerable.
 2024-02-01 22:36:32 -05:00
Zach Goldman 35778e92b2 client consolidation 
convert first module from remote to client

move client to rex

remove metasploit mixin
 2024-02-01 17:23:55 -06:00
h00die 1c73cf938f cve-2024-21626 2024-02-01 15:28:04 -05:00