adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
76,154 Commits 27 Branches 1,043 Tags
441b671edd1531ceb457017fa7600aeee42072f7
Commit Graph

1438 Commits

Author SHA1 Message Date
h00die d13bccca05 peer review 2024-11-28 20:24:25 -05:00
h00die e41f5ad577 needrestart exploit updates 2024-11-27 15:41:23 -05:00
h00die d778f5469b needrestart improvements 2024-11-26 18:22:48 -05:00
h00die d4bd00d48e needrestart improvements 2024-11-25 16:38:18 -05:00
h00die 7fd82b89df offload files to data 2024-11-22 15:57:18 -05:00
h00die 94e5e49052 ubuntu needrestart lpe 2024-11-22 15:44:45 -05:00
sfewer-r7 000ffb2406 make the check routine return a message for Detected. 2024-11-22 12:37:50 +00:00
jheysel-r7 d95d549992 Land #19531 ProjectSend r1335 - r1605 RCE module 2024-11-21 09:53:36 -08:00
sfewer-r7 41bcf4629f The payload we essentially being encoded twice (thanks for calling this out Brendan), we now supply a suitable BadChars and let the framewrk encode the framework paylaod. We rename the variable payload to bootstrap_payload as this was colliding with the frameworks payload variable which was not the intent. 2024-11-21 17:37:34 +00:00
ostrichgolf 68eb6599fd Create projectsend_unauth_rce 2024-11-21 09:34:58 -08:00
sfewer-r7 d2f6e0e10f As the payload option FETCH_WRITABLE_DIR may not be available if a non fetch based payload is used, we add a new option WRITABLE_DIR to account for this. Update the documentation to reflect the change. 2024-11-21 16:38:09 +00:00
sfewer-r7 f9b099a46d remove the DefaultOption PAYLOAD value, and let the framework pick one for us. Mention I tested the exploit with cmd/linux/http/x64/meterpreter_reverse_tcp 2024-11-21 16:22:02 +00:00
h00die 0f6da56a52 vcenter sudo module 2024-11-21 04:34:15 -05:00
jheysel-r7 afbbba09e8 Land #19584 Judge0 sandbox escape CVE-2024-28185, CVE-2024-28189 2024-11-20 14:35:38 -08:00
Takah1ro da6f8cd552 Add Judge0 module and document 2024-11-20 14:15:38 -08:00
sfewer-r7 2469d4ea23 add in exploit module for the recent PAN-OS RCE, CVE-2024-0012 + CVE-2024-9474 2024-11-19 16:15:06 +00:00
h00die 6bd049e346 operator working 2024-11-18 20:09:13 -05:00
gardnerapp 19770cf870 Remove unneeded file and rudocop corrections 
Update modules/exploits/linux/local/gameoverlay_privesc.rb

Co-authored-by: Brendan <bwatters@rapid7.com>

Give bwatters7 credit, add docs

Experiment with randomized bash copy and Rex::File.join

remove unused line

Add missing parenthesis

fix problem with bash copy

Remove rex::join, call proper method for generating payload

add exploit::exe mixin, bash copy randomization

Rubocop changes

Remove nc
 2024-11-18 17:01:08 -06:00
h00die f38661d6c3 pod user working 2024-11-18 07:30:21 -05:00
sfewer-r7 c58dbbfb61 add in documentation 2024-11-15 17:42:57 +00:00
Spencer McIntyre 5d9add4450 Merge pull request #19640 from jheysel-r7/pyload_js2py_cve_2024_39205 
Pyload RCE (CVE-2024-39205) with js2py sandbox escape (CVE-2024-28397)
 2024-11-15 09:24:37 -05:00
Jack Heysel d2ef3cb6a9 Pyload RCE (CVE-2024-39205) with js2py sandbox escape (CVE-2024-28397) 2024-11-12 16:05:07 -08:00
Brendan 19e182ce65 Land #19557, Add Palo Alto Expedition RCE (CVE-2024-5910 & CVE-2024-9464) Module 
Palo Alto Expedition RCE (CVE-2024-5910 & CVE-2024-9464) Module
 2024-11-12 16:42:06 -06:00
h4x-x0r a09ca39dee Update documentation/modules/exploit/linux/http/paloalto_expedition_rce.md 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2024-11-12 09:03:51 -06:00
h4x-x0r 61486cd877 Update documentation/modules/exploit/linux/http/paloalto_expedition_rce.md 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2024-11-12 09:03:35 -06:00
h00die 4ebc6f1ff1 peer review 2024-11-11 17:37:33 -05:00
Jack Heysel 27459bb10f Updated docs 2024-11-11 12:40:56 -08:00
Jack Heysel 3068511b66 CVE-2023:4220: Chamilo v1.11.24 Unrestricted File Upload 2024-11-11 11:33:34 -08:00
h00die 0de93eedb7 asterisk ami auth rce 2024-11-04 16:27:58 -05:00
h00die 9cba5dad59 WIP for asterisk rce 2024-11-01 16:28:45 -04:00
h4x-x0r 661075a45c handling additional case 
handling additional case when autocheck is disabled and no credentials are provided
 2024-10-22 03:42:39 +01:00
Diego Ledda 59d026acd3 Land #19544, Magento Arbitrary File Read (CVE-2024-34102) + PHP Buffer Overflow iconv() of GLIBC (CVE-2024-2961) 2024-10-18 14:39:54 +02:00
adfoster-r7 7b400f18fe Fix metabase rce to support older versions 2024-10-17 10:10:50 +01:00
h4x-x0r 34538df83c PoC and Documentation 
PoC and Documentation
 2024-10-14 05:09:29 +01:00
Jack Heysel 44b33b8010 Fixed multiple sessions and instability 2024-10-10 11:36:16 -07:00
Jack Heysel dab5d66e37 Test and respond to comments 2024-10-09 22:52:55 -07:00
Jack Heysel a4ef40a233 Updated docs with Options section 2024-10-09 13:08:20 -07:00
Jack Heysel e8711c5b20 Magento XXE to GLIBC buffer overflow 2024-10-09 12:53:29 -07:00
dledda-r7 3211edd83c docs: review changes 2024-10-09 12:18:35 -04:00
dledda-r7 2762132830 docs: adding motd_persistence docs 2024-10-08 11:22:13 -04:00
jheysel-r7 1cdaeac843 Land #19463 Add Acronis Cyber Default Password RCE 
This adds an RCE module Acronis Cyber Infrastructure Default Password [CVE-2023-45249]
 2024-10-02 16:02:50 -04:00
h00die-gr3y c43a4f4b0b Fixed cluster ID issue 2024-09-26 21:53:27 +00:00
Brendan dbc020a745 Merge pull request #19441 from Takahiro-Yoko/cve_2023_0386_priv_esc 
Land #19441, Add module: Linux Priv Esc (OverlayFS copying bug) CVE-2023-0386
 2024-09-26 14:07:17 -05:00
h00die-gr3y 589b0f8331 updated documentation 2024-09-20 10:29:17 +00:00
h00die-gr3y 8e62f22315 fifth release with the option to use your own SSH private key 2024-09-20 09:50:13 +00:00
h00die-gr3y 8b197a60f9 fourth release addressing review comments of jheysel-r7 2024-09-19 20:54:55 +00:00
h00die-gr3y 9971aed96f third release addressing majority of the review comments 2024-09-17 19:23:38 +00:00
H00die.Gr3y d7fa23f30f Apply suggestions from code review 
Co-authored-by: bcoles <bcoles@gmail.com>
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-09-17 19:00:48 +02:00
h00die-gr3y 86c8879270 Added documentation 2024-09-16 19:54:59 +00:00
Takah1ro 6b64640f8b Update doc 2024-09-09 21:22:07 +09:00