adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

73452 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
h00die-gr3y 8d7907edee Update based on @jheysel-r7 comments 2024-01-23 10:10:21 +00:00
Metasploit 11d1a5938e automatic module_metadata_base.json update 2024-01-23 03:57:08 -06:00
Simon Janusz 7411dc1b1b Land #17634, Add additional reliability and stability notes to modules 2024-01-23 09:42:15 +00:00
Metasploit 71fb0876f6 automatic module_metadata_base.json update 2024-01-22 21:17:56 -06:00
Jack Heysel 953382731e Land #18645, improve glibc tunables exploit 
This PR adds a way to get the Build ID from ld.so by
using the perf command. Before this the module depended
on file and readelf being installed to get the Build ID.
 2024-01-22 22:00:28 -05:00
aleksa 67e402e1be Added Notes 2024-01-22 19:12:21 -05:00
adfoster-r7 094d6ee36b Add additional reliability and stability notes to modules 2024-01-22 23:29:57 +00:00
aleksa e9e5a44522 Updated with side effects 2024-01-22 18:03:28 -05:00
aleksa 8e3fbcae26 notes added to storage path exploit. 2024-01-22 17:55:26 -05:00
Spencer McIntyre b8a0e33ce3 Initial exploit for CVE-2023-22527 2024-01-22 17:06:29 -05:00
Metasploit 6430b3f138 automatic module_metadata_base.json update 2024-01-22 11:56:29 -06:00
bwatters 46a0052286 Land #18568, added exploit for CVE-2023-32781 - PRTG authenticated RCE 
Merge branch 'land-18568' into upstream-master
 2024-01-22 11:35:38 -06:00
sjanusz-r7 2bd93ae72c Use a glob for memory_search PROCESS_NAMES_GLOB 2024-01-22 16:53:32 +00:00
sjanusz-r7 f8bdb02593 Validate memory_search PROCESS_IDS using regex 2024-01-22 16:53:00 +00:00
adfoster-r7 4921f6bbd1 Land #18712, Fix undefined method error in /api/v1/modules endpoint 2024-01-22 15:06:52 +00:00
sjanusz-r7 1fe448f2f4 Revert remote/postgres verbosity changes 2024-01-22 14:27:38 +00:00
sjanusz-r7 9de20d3c7f Add additional comments to PostgreSQL cmd_run_help 2024-01-22 14:02:10 +00:00
Spencer McIntyre d8bdc258fb Land #18729, Fix a typo in Metasploit-Guide-SMB.md 2024-01-22 08:59:46 -05:00
sjanusz-r7 7f0f65d867 Align PostgreSQL Shell REPL output with psql utility 2024-01-22 13:56:09 +00:00
Dean Welch 82e9c2703f Improve module ranking performance 2024-01-22 12:40:24 +00:00
sjanusz-r7 e58ef0fee4 Add Reline requirement comment 2024-01-22 10:48:13 +00:00
sjanusz-r7 a5dcf5a2f4 Fix PostgreSQL autoruns 2024-01-22 10:47:34 +00:00
Kevin Joensen dfa54d02b9 Update modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2024-01-22 10:10:14 +01:00
Poupapaa 8af928ec36 Update Metasploit-Guide-SMB.md 
Fixed tiny typo:

Other terminology to be aware of:
- SMB - Ser**v**er Message Blocks
 2024-01-22 09:01:04 +01:00
h00die-gr3y 919c846064 Final small updates (removed UDP and corrected typo in release date 2024-01-20 11:27:10 +00:00
Metasploit 37e82384e4 automatic module_metadata_base.json update 2024-01-19 16:26:22 -06:00
Spencer McIntyre 06dcc82ced Land #18630, Add CVE-2023-50917: MajorDoMo RCE 
Add CVE-2023-50917: MajorDoMo Command Injection Module
 2024-01-19 17:10:40 -05:00
Metasploit 9db6ac7e3c automatic module_metadata_base.json update 2024-01-19 16:03:20 -06:00
bwatters fadb0f45dd Land #18708, Ivanti Connect Secure RCE exploit module (CVE-2023-46805 and CVE-2024-21887) 
Merge branch 'land-18708' into upstream-master
 2024-01-19 15:47:43 -06:00
Spencer McIntyre b31abcc9b2 Mark unix encoders as compatible with linux 
Fixes #18572
 2024-01-19 13:40:43 -05:00
Dean Welch 763a97d40a Add test to ensure module ranking is consistent 2024-01-19 18:11:31 +00:00
Dean Welch 334a469d2c rank modules consistently 2024-01-19 17:50:31 +00:00
adfoster-r7 f56c9fc9ac Land #18662, Fix dns resolution skipping over nameservers with valid responses 2024-01-19 16:44:16 +00:00
Dean Welch 391bc4e69e shuffle platform parsing and code quality 2024-01-19 14:30:34 +00:00
Metasploit eb570f883a automatic module_metadata_base.json update 2024-01-19 06:27:27 -06:00
ekalinichev-r7 847a72c417 Land #18638, add exploit for CVE-2022-42889 Apache Commons Text RCE 2024-01-19 13:02:53 +01:00
sjanusz-r7 b1fb58749b Use PostgreSQL session type for postgres_schemadump 2024-01-19 10:29:44 +00:00
sjanusz-r7 fbdb025542 Notify user on failed Postgres connection 2024-01-19 10:29:44 +00:00
sjanusz-r7 a4305f0ca0 Allow PostgreSQL lib to use session client 2024-01-19 10:29:44 +00:00
sjanusz-r7 5d7251ce44 Add PostgreSQL session type tests 2024-01-19 10:29:44 +00:00
sjanusz-r7 23a9938283 Add PostgreSQL session type 2024-01-19 10:29:37 +00:00
h00die 482d2b28b1 gitlab password reset account takeoever 2024-01-18 16:19:26 -05:00
Gaurav Jain fd3ca96988 Update splunk cve-2023-32707 to use splunk library 2024-01-19 01:56:15 +05:30
Metasploit d60e38220e Bump version of framework to 6.3.53 2024-01-18 12:08:11 -06:00
Gaurav Jain 97ef243d2e Add Splunk library 2024-01-18 22:47:13 +05:30
sfewer-r7 de6ed9e1d6 use get_json_document instead of JSON.parse 2024-01-18 15:35:43 +00:00
sjanusz-r7 6ca4c113ee Get memory match length from buffer TLV length for Mettle 2024-01-18 11:08:38 +00:00
sjanusz-r7 337400b9b8 Remove AARCH64 reference 2024-01-18 11:08:38 +00:00
sjanusz-r7 1e7b74a0e5 Correctly use process glob when searching for processes 2024-01-18 11:08:34 +00:00
sfewer-r7 4ff399844f By replacing the trailing ';' with a '#' we comment out the remaining portion of the command string (Thank you @jvoisin). We must also include a space character for this to work as expected, doing so also removes the need to bootstrap the Linux payloads with a separate file. 2024-01-18 10:04:38 +00:00