45c058d6f1
Land #21005 , adds gnu inetutils auth bypass module against a Synology NAS to documentation
...
add dsm target exploitation to gnu telnetd docs
2026-02-25 16:49:30 +01:00
fae76b2961
Land #20978 , adds module BeyondTrust unauth command injection (CVE-2026-1731)
...
Add CVE-2026-1731 support and modernize targets for BeyondTrust PRA/R…
2026-02-25 14:18:59 +01:00
7dcc036b6d
Land #21006 , adds module for Ollama path traversal RCE (CVE-2024-37032)
...
Add Ollama path traversal RCE module (CVE-2024-37032)
2026-02-25 13:06:09 +01:00
002daf8d7d
Merge branch 'beyondtrust-rce-2026' into collab/exploit/beyondtrust/cve-2026-1731
2026-02-25 12:53:37 +01:00
12e21e4c66
Fixes documentation
2026-02-24 12:23:26 -05:00
5aeff61b26
Fix: Address PR review feedback for Ollama RCE module
...
Co-Authored-By: msutovsky-r7 <190406428+msutovsky-r7@users.noreply.github.com >
2026-02-24 17:51:23 +01:00
51af9d0ff1
Adds documentation
2026-02-24 10:25:49 -05:00
1ddee63f05
Merge pull request #20983 from sfewer-r7/0day-grandstream
...
Add exploit (CVE-2026-2329) and auxiliary modules for the Grandstream GXP1600 series
2026-02-24 08:50:42 -06:00
62a466cbed
Land #20819 , adds WSL startup folder persistence module
...
wsl startup folder persistence
2026-02-24 07:59:11 +01:00
ece2374532
target user for wsl_startup_folder
2026-02-21 21:04:40 -05:00
b17d227d28
Feat: Add Ollama path traversal RCE module (CVE-2024-37032)
2026-02-21 16:52:43 +01:00
a24f53f2b6
add dsm exploitation to telnetd docs
2026-02-21 10:27:47 -05:00
1f547f19fb
Merge pull request #20832 from DataExplorerX/doc-linux-samba-module
...
Add documentation for linux/samba/chain_reply module (CVE-2004-0883)
2026-02-20 18:12:05 -06:00
7f8b18d7dc
Update documentation/modules/exploit/linux/samba/chain_reply.md
2026-02-20 17:45:14 -06:00
fcb41a2275
Update documentation/modules/exploit/linux/samba/chain_reply.md
...
Update documentation to point to a specific wayback machine page since the original does not exist, and a few of the wayback machine links are also broken.
2026-02-20 17:42:34 -06:00
c6f7d03d03
Merge pull request #20919 from h00die/emacs
...
emacs extension persistence
2026-02-18 10:58:13 -05:00
08efa9cd16
add in the Grandstream modules
2026-02-17 22:33:46 +00:00
4adf87ac18
Merge pull request #20929 from jheysel-r7/feat/mod/cve-2026-24061
...
GNU Inetutils Telnet Auth Bypass (CVE-2026-24061)
2026-02-11 11:12:29 -08:00
f632cf34bf
add in a module and docs fo rteh EPMM exploit
2026-02-05 12:26:38 +00:00
bd049dcba4
doc update
2026-02-03 18:41:51 -08:00
a868bc95b2
GNU Inetutils Telnet Auth Bypass
2026-02-03 17:45:59 -08:00
75ff7b6af1
emacs extension persistence
2026-01-31 22:54:18 -05:00
c47a74d0dd
Merge pull request #20770 from vognik/Splunk_2022-43571_CVE-2024-36985
...
Add Splunk RCE Exploits (CVE-2022-43571 & CVE-2024-36985)
2026-01-20 12:36:51 -08:00
7b092aeedb
Land #20806 , adds module for unauthenticated command injection in Control Web Panel API (CVE-2025-67888)
...
Adds module for Control Web Panel API Command Injection (CVE-2025-67888)
2026-01-14 15:44:25 +01:00
472016b753
Land #20796 , moves udev module into persistence category
...
update udev to persistence mixin
2026-01-09 16:14:08 +01:00
be9b2c9491
Add documentation for prison_management_rce
2026-01-06 12:33:49 +02:00
ae8ab28eed
Fix msftidy_docs warnings in chain_reply documentation
2026-01-05 16:01:16 +05:30
102ef677b1
Add documentation for linux/samba/chain_reply module (CVE-2004-0883)
2025-12-30 16:17:51 +05:30
0a5cccf5e6
wsl startup folder persistence
2025-12-28 11:17:28 -05:00
e97c23ca16
wsl startup folder persistence
2025-12-28 11:15:04 -05:00
455275d087
add module for CVE-2025-67888
2025-12-23 19:21:34 -05:00
3ea866c41d
udev persistence
2025-12-21 07:50:48 -05:00
d40a35acdb
the version logic changes, update the docs
2025-12-19 15:48:07 +00:00
a4dba96712
add in the HPE OneView exploit
2025-12-19 15:30:53 +00:00
8977538910
add docker lab deploy guide into docs
2025-12-13 12:28:55 -08:00
da0dc35cb8
add documentation
2025-12-12 13:44:44 -08:00
795c38c524
Combine the 7.x and 6.x targets together, as Linux payloads work on 7.x also, so this target is Unix and Linux. This leaves the 8.x target Unix only due to IMA appraisal.
2025-11-28 10:12:02 +00:00
014312873c
get both unix and linux payloads working on 6.x. Add a note to the docs about setting a gateway.
2025-11-27 20:28:44 +00:00
f5e8aa83be
add in exploit support for FortiWeb versions 6.x which are vulnerable, but no longer under support from the vendor.
2025-11-27 12:43:19 +00:00
e998b91aee
Merge pull request #20717 from sfewer-r7/fortiweb-exploit-rce
...
Add exploit module for Fortinet FortiWeb (CVE-2025-64446 + CVE-2025-58034)
2025-11-25 14:14:31 -06:00
fa03ac8b66
on 7.4.8 the command nohup is not available. we must execute our payload in a new session, so we use a python stub to essentially call setsid. This has been tested to work on both 8.0.1 and 7.4.8. Teh payload cmd/unix/reverse_python isnot working as it previously was, so I am removing from the list of confirmed paylaods. The other two, cmd/unix/reverse_bash and cmd/unix/reverse_openssl work fine on both versions
2025-11-25 11:25:41 +00:00
4b2798f357
Correct vulnerable version information
2025-11-24 17:10:51 +00:00
ce926fd3d1
Update vulnerable IGEL OS version to < 11.09.310
2025-11-24 11:57:18 +00:00
933fb7bdf1
Add clean-up information
2025-11-24 11:43:46 +00:00
002795c5be
Update module information in documentation
2025-11-24 11:24:23 +00:00
b13137886a
Add IGEL OS and vulnerability summary to documentation
2025-11-21 13:09:28 +00:00
aff76622fa
add in the unauth RCE exploit module for CVE-2025-64446 + CVE-2025-58034
2025-11-21 12:22:25 +00:00
c6db0d4285
Move IGEL OS persistence module to linux/persistence
2025-11-17 18:42:28 +00:00
c37f7872a3
Add documentation for IGEL OS modules
2025-11-17 16:33:15 +00:00
b646e0e044
docs editing for consistency
2025-11-07 15:42:27 -05:00
msutovsky-r7