adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
72,425 Commits 27 Branches 1,043 Tags
453c8d8d6986934a3b869733fa1d01eaaa1fbbb0
Commit Graph

3850 Commits

Author SHA1 Message Date
cgranleese-r7 f794268020 Land #18578, Docker cgroup escape (CVE-2022-0492) 2023-12-06 16:07:08 +00:00
Christophe De La Fuente 10d4b9233b Land #18463, D-Link Router UPnP unauthenticed LAN RCE via a crafted M-SEARCH packet 2023-12-05 10:58:15 +01:00
Christophe De La Fuente 7cd1b75497 Update deprecation date and message 2023-12-05 10:51:12 +01:00
h00die f1fc6b7cdd review comments, adding new payloads 2023-12-01 16:06:48 -05:00
h00die b171b5e77c working cve-2022-0492 2023-11-28 15:16:18 -05:00
h00die 4ae62a431b not-working docker escape 2023-11-28 13:44:08 -05:00
h00die-gr3y 67933c3819 Deprecated module exploit/linux/upnp/dlink_dir859_exec_ssdpcgi 2023-11-27 19:35:34 +00:00
h00die-gr3y ef84759dd4 Fixed an issue in the DIR-300 rev B version check 2023-11-14 20:40:38 +00:00
h00die-gr3y 3fa9416044 update addressing latest comments 2023-11-14 17:15:25 +00:00
h00die-gr3y 6e1580e5f5 added target DIR-845L 2023-11-13 14:48:59 +00:00
h00die-gr3y 51523e0971 release updating dlink_upnp_msearch_exec exploit module 2023-11-13 12:15:04 +00:00
bwatters 77a93e452f Land #18507, Exploit & Auxiliary modules for CVE-2023-20198 and CVE-2023-20273 (Cisco IOS XE) 
Merge branch 'land-18507' into upstream-master
 2023-11-08 09:05:40 -06:00
sfewer-r7 2a56c3f28b remove redundant \d in check regex 2023-11-07 09:21:04 +00:00
sfewer-r7 25ef7d1272 add the RCE exploit 2023-11-06 17:12:40 +00:00
Christophe De La Fuente 1cde6198b5 Land #18481, MagnusBilling unauthenticated RCE [CVE-2023-30258] 2023-11-03 20:42:27 +01:00
Spencer McIntyre e5790f8d6e Fix a stability issue with the module 
Occassionally the module will fail on login if things are running too
quickly. Fix it by retrying like update_user_password does.
 2023-11-02 17:10:20 -04:00
Spencer McIntyre 27d86be456 Remove the REPEATABLE_SESSION tag 
The module is generally reliable, but may fail after it's been run multiple
times.
 2023-11-02 11:11:36 -04:00
Spencer McIntyre cea4c1f326 Feedback from module review 2023-11-02 10:17:45 -04:00
Spencer McIntyre d26742a266 Add check code annotations, update AJP link 2023-11-02 08:53:56 -04:00
Spencer McIntyre 9c67b92a4d Rename the other TMUI RCE module 2023-11-01 16:55:42 -04:00
Spencer McIntyre 7b53592b4f Add module docs 2023-11-01 16:55:41 -04:00
Spencer McIntyre 03252913a1 Add the check method 2023-11-01 16:55:41 -04:00
Spencer McIntyre 714eeaaa3a Finish cleaning the exploit up 2023-11-01 16:55:36 -04:00
Spencer McIntyre c803d6ef7e Fetch the admin hash as a bonus 2023-10-31 15:27:31 -04:00
Spencer McIntyre 04388d9e25 Initial commit of CVE-2023-46747 2023-10-31 09:55:18 -04:00
h00die-gr3y ad6e4618df third release module with minor text changes 2023-10-31 09:29:13 +00:00
h00die-gr3y bfff35eb63 second release module with php fix 2023-10-31 09:05:51 +00:00
h00die-gr3y 50b7e0305e first release module 2023-10-24 15:29:18 +00:00
h00die fa71d8b6e2 set all targets to dynamically build list 2023-10-23 06:54:38 -04:00
h00die 97f9edb5f7 review 2023-10-23 06:35:23 -04:00
h00die-gr3y c62f9a1c45 added D-Link GO-RT-AC750 target and lowered linemax to 900 bytes 2023-10-22 17:49:21 +00:00
h00die-gr3y 93d38f2d53 added additional CVE reference 2023-10-20 13:58:32 +00:00
h00die-gr3y 13e3d037c9 fifth release module 2023-10-19 17:42:53 +00:00
h00die-gr3y 3024824cc9 fourth release module 2023-10-19 17:31:48 +00:00
h00die-gr3y 8ea82693a9 third release module + documentation 2023-10-18 19:55:13 +00:00
h00die-gr3y 3d405cda0a second release module 2023-10-17 19:09:03 +00:00
h00die 00b534dbed review 2023-10-17 13:17:10 -04:00
h00die-gr3y 7e29519c9c initial release module 2023-10-17 16:59:45 +00:00
h00die b3b1595ef4 vmware aria ssh keys exploit 2023-10-16 13:06:17 -04:00
Spencer McIntyre 05dd2e1473 Land #18351, Apache Superset RCE (CVE-2023-37941) 2023-10-12 17:10:10 -04:00
Spencer McIntyre 45be501a50 Raise a more specific error message 
Check for and raise a more specific error message when the internal
database fails to mount because the path is incorrect.
 2023-10-10 15:21:35 -04:00
Spencer McIntyre 59da2865d9 Use an exec-in-place gadget for Python 
This adds a Python deserialization gadget that will exec arbitrary
Python code in place. It is only compatible with Python 3.x due to
differences in Python's exec function and statement between 2 and 3.
 2023-10-10 14:01:24 -04:00
h00die 931a67d290 kibana telemetry rce rewritten to use fetch payloads 2023-10-06 09:55:10 -04:00
h00die a2a9becc73 convert cmd_stager to fetch payloads 2023-10-06 07:40:17 -04:00
h00die 5e0538a239 review comments round 1 2023-10-05 13:12:33 -04:00
h00die 88eb44be64 kibana telemetry rce 2023-10-02 16:53:20 -04:00
Christophe De La Fuente 1e69086d24 Land #18365, TOTOLINK X5000R Wireless GigaBit Router Unauthenticed RCE [CVE-2023-30013] 2023-09-21 11:27:19 +02:00
h00die-gr3y 6e11f4353b Updates addressing cdelafuente-r7 comments 2023-09-20 22:14:48 +00:00
Christophe De La Fuente 525c957af2 Land #18333, Lexmark Device Embedded Web Server RCE (CVE-2023-26068) 2023-09-19 10:32:59 +02:00
Ismail Dawoodjee f9cdfef304 Move module and documentation from multi/http to linux/http 
* Update documentation scenarios for Docker on Debian 10 and Kali Linux 6.4
* Slightly modify the documentation scenario for Docker on Windows 10
 2023-09-17 22:42:26 +08:00