adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
71,990 Commits 27 Branches 1,043 Tags
4e61596e7aff309bf20bbc8ee69f2c2ceda10037
Commit Graph

3816 Commits

Author SHA1 Message Date
Jack Heysel 4e61596e7a Check Build ID before running exploit 2023-12-19 12:15:35 -05:00
Jack Heysel e858628292 Execute python payload in memory 2023-12-19 00:46:11 -05:00
Jack Heysel 549ee43df9 Update docs description minor comments 2023-12-19 00:32:21 -05:00
Jack Heysel c6a6809700 Updated attribution 2023-12-18 19:41:49 -05:00
Jack Heysel df111afb06 Glibc Tunables Exploit 2023-12-14 18:28:43 -05:00
Spencer McIntyre 05dd2e1473 Land #18351, Apache Superset RCE (CVE-2023-37941) 2023-10-12 17:10:10 -04:00
Spencer McIntyre 45be501a50 Raise a more specific error message 
Check for and raise a more specific error message when the internal
database fails to mount because the path is incorrect.
 2023-10-10 15:21:35 -04:00
Spencer McIntyre 59da2865d9 Use an exec-in-place gadget for Python 
This adds a Python deserialization gadget that will exec arbitrary
Python code in place. It is only compatible with Python 3.x due to
differences in Python's exec function and statement between 2 and 3.
 2023-10-10 14:01:24 -04:00
h00die 931a67d290 kibana telemetry rce rewritten to use fetch payloads 2023-10-06 09:55:10 -04:00
h00die a2a9becc73 convert cmd_stager to fetch payloads 2023-10-06 07:40:17 -04:00
h00die 5e0538a239 review comments round 1 2023-10-05 13:12:33 -04:00
h00die 88eb44be64 kibana telemetry rce 2023-10-02 16:53:20 -04:00
Christophe De La Fuente 1e69086d24 Land #18365, TOTOLINK X5000R Wireless GigaBit Router Unauthenticed RCE [CVE-2023-30013] 2023-09-21 11:27:19 +02:00
h00die-gr3y 6e11f4353b Updates addressing cdelafuente-r7 comments 2023-09-20 22:14:48 +00:00
Christophe De La Fuente 525c957af2 Land #18333, Lexmark Device Embedded Web Server RCE (CVE-2023-26068) 2023-09-19 10:32:59 +02:00
Ismail Dawoodjee f9cdfef304 Move module and documentation from multi/http to linux/http 
* Update documentation scenarios for Docker on Debian 10 and Kali Linux 6.4
* Slightly modify the documentation scenario for Docker on Windows 10
 2023-09-17 22:42:26 +08:00
h00die e34ed10eca superset rce more stable 2023-09-15 16:29:05 -04:00
h00die a8da47e73c still working on resetting values 2023-09-15 13:32:24 -04:00
Jack Heysel 46832abd49 Land #18358, Add a Thrift RPC client 
This PR adds a Thrift RPC client and updates
two modules to make use of the new addition.
 2023-09-14 19:01:13 -04:00
h00die 0c418fdf65 still working on resetting values 2023-09-14 14:28:29 -04:00
h00die-gr3y 784f3118f0 third release module and documentation 2023-09-14 17:59:59 +00:00
h00die 619a46d450 working hashes for apache superset rce 2023-09-14 13:21:01 -04:00
h00die-gr3y 094685fa93 second release module 2023-09-14 13:12:33 +00:00
h00die-gr3y 4bb465bcee initial release module 2023-09-13 20:59:53 +00:00
h00die 686d704b37 superset rce wip 2023-09-13 15:26:29 -04:00
cgranleese-r7 e82bff37e1 Land #18330, Ivanti Sentry MICSLogService Auth Bypass resulting in RCE (CVE-2023-38035) 2023-09-13 10:15:59 +01:00
Jack Heysel b83a49e573 Thanks to Spencer improved execute_command method 2023-09-12 15:14:10 -04:00
Spencer McIntyre 8e8b8ad191 Update nimbus_gettopologyhistory_cmd_exec 2023-09-12 12:21:10 -04:00
Spencer McIntyre 187cca848e Replace the binray blobs 2023-09-12 12:21:10 -04:00
Spencer McIntyre ba84c0484c Update the Nimbus module to use the Thrift client 2023-09-11 14:42:54 -04:00
Spencer McIntyre fbf95ecd92 Add and use a Thrift client object 2023-09-11 14:37:38 -04:00
Spencer McIntyre f1aea836f3 Land #18273, Add VMware vRealize Log Insight RCE 
Add VMware vRealize Log Insight unauthenticated RCE exploit
 2023-09-08 17:17:23 -04:00
Spencer McIntyre 21dde19511 Make some final tweaks 
Change strings to reference `VMware` using the proper case. Don't
include CmdStager (because it's unnecessary). Set PrependFork to fix
shell payloads. Move CamelCase options to advanced.
 2023-09-08 16:55:42 -04:00
Simon Janusz 57f3b8a352 Land #18350, Add opentsdb_key_cmd_injection exploit module and docs 2023-09-08 16:50:46 +01:00
Simon Janusz 7302394ffa Land #18316, Kibana Timelion Prototype Pollution RCE (CVE-2019-7609) 2023-09-08 11:50:47 +01:00
Ege Balcı 5b6ee0cfaf Add extra sleep during PakUpgrade for stabilization 2023-09-07 19:49:57 +02:00
Ege Balcı 9a5dd4e4e5 Refactor thrift usage, add extra SRVHOST check, switch to decoded mf_file 2023-09-07 19:29:23 +02:00
ErikWynter 7cabe14461 add opentsdb_key_cmd_injection exploit module 2023-09-07 17:29:16 +03:00
Jack Heysel cf62d3fa78 rubocop 2023-09-06 15:47:54 -04:00
Jack Heysel 31d5f8e128 Responded to comments 2023-09-06 15:40:43 -04:00
Jack Heysel 482fdefb2c Land #18313, SolarView Compact unauth RCE module 
This PR adds a SolarView Compact unauth RCE module.
 2023-09-05 17:49:28 -04:00
jheysel-r7 03ccb3cce0 Apply grammatical suggestions from code review 2023-09-05 17:06:01 -04:00
h00die c6a2652861 review comments 2023-09-01 20:34:35 -04:00
Jack Heysel 5c12a3e6f4 Remove unused default options 2023-08-31 02:47:40 -04:00
Jack Heysel 3a7ef46d17 Remove platform linux 2023-08-31 02:32:21 -04:00
Jack Heysel 7b8debd58f Tidy up, last minute rubocop 2023-08-31 02:17:35 -04:00
Jack Heysel 9779b1eeae Lexmark Device Embedded Web Server RCE (CVE-2023-26068) 2023-08-30 20:30:14 -04:00
jheysel-r7 68090d0406 Update modules/exploits/linux/http/ivanti_sentry_misc_log_service.rb 
Co-authored-by: wvu <4551878+wvu@users.noreply.github.com>
 2023-08-30 11:46:44 -04:00
Christophe De La Fuente 8217745a85 Land #18257, Apache nifi h2 rce (CVE-2023-34468) 2023-08-30 13:37:37 +02:00
Jack Heysel a3a7454f74 Ivanti Sentry MICSLogService Auth Bypass resulting in RCE (CVE-2023-38035) 2023-08-29 15:24:04 -04:00