adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
75,444 Commits 27 Branches 1,043 Tags
3ed2b5916aafdc484e8aa535459bc7ce5c27caf2
Commit Graph

3928 Commits

Author SHA1 Message Date
Stephen Fewer 3ed2b5916a fix typo 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-12-17 17:26:00 +00:00
sfewer-r7 41bcf4629f The payload we essentially being encoded twice (thanks for calling this out Brendan), we now supply a suitable BadChars and let the framewrk encode the framework paylaod. We rename the variable payload to bootstrap_payload as this was colliding with the frameworks payload variable which was not the intent. 2024-11-21 17:37:34 +00:00
sfewer-r7 d2f6e0e10f As the payload option FETCH_WRITABLE_DIR may not be available if a non fetch based payload is used, we add a new option WRITABLE_DIR to account for this. Update the documentation to reflect the change. 2024-11-21 16:38:09 +00:00
sfewer-r7 f9b099a46d remove the DefaultOption PAYLOAD value, and let the framework pick one for us. Mention I tested the exploit with cmd/linux/http/x64/meterpreter_reverse_tcp 2024-11-21 16:22:02 +00:00
sfewer-r7 2469d4ea23 add in exploit module for the recent PAN-OS RCE, CVE-2024-0012 + CVE-2024-9474 2024-11-19 16:15:06 +00:00
Spencer McIntyre 5d9add4450 Merge pull request #19640 from jheysel-r7/pyload_js2py_cve_2024_39205 
Pyload RCE (CVE-2024-39205) with js2py sandbox escape (CVE-2024-28397)
 2024-11-15 09:24:37 -05:00
Jack Heysel d2ef3cb6a9 Pyload RCE (CVE-2024-39205) with js2py sandbox escape (CVE-2024-28397) 2024-11-12 16:05:07 -08:00
Brendan 19e182ce65 Land #19557, Add Palo Alto Expedition RCE (CVE-2024-5910 & CVE-2024-9464) Module 
Palo Alto Expedition RCE (CVE-2024-5910 & CVE-2024-9464) Module
 2024-11-12 16:42:06 -06:00
h4x-x0r a09ca39dee Update documentation/modules/exploit/linux/http/paloalto_expedition_rce.md 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2024-11-12 09:03:51 -06:00
h4x-x0r 61486cd877 Update documentation/modules/exploit/linux/http/paloalto_expedition_rce.md 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2024-11-12 09:03:35 -06:00
jheysel-r7 222df0bfdf Land #19527 Add bypass for GiveWP RCE (CVE-2024-8353) 
This updates the exploit module wp_giveup_rce_bypass to incorporate the bypass CVE, allowing the payload to work on all affected versions of the GiveWP plugin.
 2024-10-30 16:29:14 -04:00
jheysel-r7 094250f7e7 Land #19489 Add WordPress wp-automatic SQLi to RCE module 2024-10-30 09:05:03 -04:00
h4x-x0r 661075a45c handling additional case 
handling additional case when autocheck is disabled and no credentials are provided
 2024-10-22 03:42:39 +01:00
Diego Ledda 59d026acd3 Land #19544, Magento Arbitrary File Read (CVE-2024-34102) + PHP Buffer Overflow iconv() of GLIBC (CVE-2024-2961) 2024-10-18 14:39:54 +02:00
adfoster-r7 7b400f18fe Fix metabase rce to support older versions 2024-10-17 10:10:50 +01:00
Diego Ledda 9a245e6e06 Land #19485, Module BYOB Unauthenticated RCE (CVE-2024-45256, CVE-2024-45257) 
Land #19485, Module BYOB Unauthenticated RCE (CVE-2024-45256, CVE-2024-45257)
 2024-10-15 17:13:15 +02:00
Chocapikk 6c099f2b73 Add WordPress wp-automatic SQLi to RCE module (CVE-2024-27956) 2024-10-14 18:13:17 +02:00
h4x-x0r 34538df83c PoC and Documentation 
PoC and Documentation
 2024-10-14 05:09:29 +01:00
Jack Heysel 44b33b8010 Fixed multiple sessions and instability 2024-10-10 11:36:16 -07:00
Jack Heysel dab5d66e37 Test and respond to comments 2024-10-09 22:52:55 -07:00
Jack Heysel a4ef40a233 Updated docs with Options section 2024-10-09 13:08:20 -07:00
Jack Heysel e8711c5b20 Magento XXE to GLIBC buffer overflow 2024-10-09 12:53:29 -07:00
dledda-r7 3211edd83c docs: review changes 2024-10-09 12:18:35 -04:00
dledda-r7 2762132830 docs: adding motd_persistence docs 2024-10-08 11:22:13 -04:00
Valentin Lobstein 48e740d1fc Update documentation/modules/exploit/multi/http/wp_givewp_rce.md 
Co-authored-by: cgranleese-r7 <69522014+cgranleese-r7@users.noreply.github.com>
 2024-10-03 16:34:24 +02:00
jheysel-r7 1cdaeac843 Land #19463 Add Acronis Cyber Default Password RCE 
This adds an RCE module Acronis Cyber Infrastructure Default Password [CVE-2023-45249]
 2024-10-02 16:02:50 -04:00
Chocapikk 58878db970 update doc 2024-10-02 19:56:22 +02:00
Chocapikk fbb74a6d2d Add bypass for GiveWP RCE (CVE-2024-8353) 2024-10-02 19:53:20 +02:00
jheysel-r7 8761226b97 Land #19456 VICIdial Auth RCE module 
This adds a module to exploit CVE-2024-8504 an authenticated RCE in VICIdial
 2024-09-30 17:13:33 -04:00
Chocapikk 10a4b24ed7 Better file clean 2024-09-27 01:17:07 +02:00
h00die-gr3y c43a4f4b0b Fixed cluster ID issue 2024-09-26 21:53:27 +00:00
Brendan dbc020a745 Merge pull request #19441 from Takahiro-Yoko/cve_2023_0386_priv_esc 
Land #19441, Add module: Linux Priv Esc (OverlayFS copying bug) CVE-2023-0386
 2024-09-26 14:07:17 -05:00
Jack Heysel 8e2dbbbd56 Land #19416, Add Traccar RCE module 
This module exploits two vulnerabilities in Traccar v5.1 - v5.12 to
obtain remote code execution: A path traversal vulnerability
CVE-2024-24809 and an unrestricted file upload vulnerability
CVE-2024-31214.
 2024-09-23 15:25:02 -07:00
Valentin Lobstein 5408d0b5ac Update documentation/modules/exploit/unix/webapp/byob_unauth_rce.md 2024-09-23 18:40:26 +02:00
Valentin Lobstein b18cb3ecac Update documentation/modules/exploit/unix/webapp/byob_unauth_rce.md 2024-09-23 18:40:19 +02:00
Chocapikk 9e6adea0dc Add BYOB Unauthenticated RCE module exploiting arbitrary file write and command injection (CVE-2024-45256, CVE-2024-45257) 2024-09-21 04:00:56 +02:00
h00die-gr3y 589b0f8331 updated documentation 2024-09-20 10:29:17 +00:00
h00die-gr3y 8e62f22315 fifth release with the option to use your own SSH private key 2024-09-20 09:50:13 +00:00
h00die-gr3y 8b197a60f9 fourth release addressing review comments of jheysel-r7 2024-09-19 20:54:55 +00:00
Chocapikk ae8df6c34b Add working documentation + working exploit 2024-09-18 17:00:18 +02:00
h00die-gr3y 9971aed96f third release addressing majority of the review comments 2024-09-17 19:23:38 +00:00
H00die.Gr3y d7fa23f30f Apply suggestions from code review 
Co-authored-by: bcoles <bcoles@gmail.com>
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-09-17 19:00:48 +02:00
dledda-r7 0bf524482c Land #19345, Post module Windows LPE CVE-2024-30088 2024-09-17 08:13:21 -04:00
dledda-r7 6e696e24e5 Land #19457, WP Plugin LiteSpeed Cache Account Take Over Module 2024-09-17 06:30:33 -04:00
h00die-gr3y 86c8879270 Added documentation 2024-09-16 19:54:59 +00:00
Jack Heysel 84a8eb7273 Respond to comments 2024-09-16 09:46:57 -07:00
Jack Heysel c11ef15897 Removed unnecessary log lines 2024-09-11 23:49:18 -07:00
Jack Heysel 41cf622f38 Minor docs fix 2024-09-11 23:46:13 -07:00
Jack Heysel c80a03fece WP LiteSpeed exploit CVE-2024-44000 2024-09-11 23:31:26 -07:00
dledda-r7 5e2bf5aaca fix(modules): spip_bigup_unauth_rce minor fix 2024-09-11 11:46:52 -04:00