adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
71,990 Commits 27 Branches 1,043 Tags
4e61596e7aff309bf20bbc8ee69f2c2ceda10037
Commit Graph

4398 Commits

Author SHA1 Message Date
Christophe De La Fuente da9d04d32d Land #18461, CVE-2023-22515 - Atlassian Confluence unauthenticated RCE 2023-10-19 10:22:57 +02:00
sfewer-r7 5e84f57ab3 set :random to true during generate_jar so we can randomize teh metasploit class path 2023-10-18 09:53:46 +01:00
sfewer-r7 fcffd36af0 no need to test for true, jsut return the value as we are waiting for done to be set to true 2023-10-18 09:37:04 +01:00
sfewer-r7 9fdbccb74f catch a JSON ParserError exception and fail_with() if needed. Also detect if the JSON data doesnt have the expected value and fail_with() if needed 2023-10-18 09:36:02 +01:00
sfewer-r7 34107e4f3b favod over for string concatenation. 2023-10-17 11:36:07 +01:00
sfewer-r7 0fc35bf6d3 randomize the plugins version number 2023-10-17 10:01:02 +01:00
sfewer-r7 415bd49b15 use next semantics to return from a yielded block early (note we cannot use return for this) 2023-10-17 09:43:00 +01:00
sfewer-r7 54f334479a fix another typo 2023-10-17 09:30:52 +01:00
sfewer-r7 9e6e9538e1 typo 2023-10-17 09:29:38 +01:00
sfewer-r7 d2438bad4e add a note to explain we need to concat a trailing forward slash 2023-10-17 09:28:04 +01:00
sfewer-r7 4acdaf3087 typos 2023-10-17 09:22:09 +01:00
sfewer-r7 d17f065f12 remove 'localhost' in favor of some random chars 2023-10-17 09:21:28 +01:00
sfewer-r7 3242a7009b clarify timeout is in seconds 2023-10-17 09:11:05 +01:00
sfewer-r7 b97cb9f63d remove whitespace 2023-10-17 09:10:28 +01:00
sfewer-r7 1c027ac05c add an RCE exploit for CVE-2023-22515 2023-10-16 20:50:18 +01:00
Spencer McIntyre 86b7ec4518 Address comments from the review 2023-10-12 09:50:19 -04:00
Spencer McIntyre 4f734379d3 Add module docs and print some messages 2023-10-12 09:27:26 -04:00
Spencer McIntyre 0799f9d860 Add a check method and populate module metadata 2023-10-12 09:27:26 -04:00
Spencer McIntyre 7a226ba285 Randomize components in the MAR file 2023-10-12 09:27:26 -04:00
Spencer McIntyre 5a6dc7f9a6 Initial commit of CVE-2023-43654 2023-10-12 09:27:26 -04:00
Spencer McIntyre e7ab983279 Minor code changes 
Changes include:
  * Remove the PAYLOAD key which didn't do anything
  * Add the missing payload size constraint
  * Use #retry_until_truthy
 2023-09-28 13:19:26 -04:00
sfewer-r7 89940e8b08 use the correct naming convention for normal options. 2023-09-28 16:36:18 +01:00
sfewer-r7 9a6e2dab71 improve the check routine to explicitly look for either a header value or a cookie value that TeamCity is known to set 2023-09-28 16:28:16 +01:00
sfewer-r7 96568bf6d3 typo in comment 2023-09-28 16:05:46 +01:00
sfewer-r7 ad7ff705c7 add in a Linux target 2023-09-28 14:57:02 +01:00
sfewer-r7 fbd5e60cfc add in coverage for CVE-2023-42793. Currently only a Windows target. 2023-09-28 12:31:59 +01:00
Christophe De La Fuente a33f03d100 Land #18302, Sonicwall rce CVE-2023-34124 2023-09-08 11:48:07 +02:00
Ron Bowes b12fe743d0 Resolve PR comments 2023-09-06 14:11:29 -07:00
Christophe De La Fuente 8217745a85 Land #18257, Apache nifi h2 rce (CVE-2023-34468) 2023-08-30 13:37:37 +02:00
h00die f467e0747a review comments 2023-08-28 17:39:02 -04:00
Christophe De La Fuente bf1b5ffaa3 Land #18272, Bug fix for ColdFusion RCE module - CVE-2023-26360 2023-08-23 16:05:33 +02:00
Ron Bowes 4b130f5be7 Change a variable name 2023-08-22 09:00:31 -07:00
h00die 1bd14dd8f4 error handling for apache modules 2023-08-21 18:12:26 -04:00
Ron Bowes 1bbf8194ce Remove more unnecessary arguments 2023-08-21 14:45:09 -07:00
Ron Bowes 79fa3dea8b Fix a variable name 2023-08-21 14:32:06 -07:00
Ron Bowes b1c1f705be Remove some unneeded arguments 2023-08-21 14:30:25 -07:00
Ron Bowes 6dd89a513b Make some changes from jvoisin's suggestions in the PR 2023-08-21 14:26:34 -07:00
Ron Bowes f5908a5818 Add a comment 2023-08-21 08:53:52 -07:00
Ron Bowes ce50cfa11a Add module for SonicWall vulns, which includes cve-2023-34124 2023-08-21 08:53:07 -07:00
h00die a45792877a lib and spec updates 2023-08-20 19:37:22 -04:00
Jack Heysel 5fdc9924d5 Land #18123, add exploit for Jorani unauth RCE 
This PR adds a module that chains together a log poisoning LFI,
redirection bypass and a path traversal vulnerability to obtain unauth RCE.
 2023-08-18 16:44:42 -04:00
jheysel-r7 0334d28553 Apply final suggestions from code review 2023-08-18 15:40:58 -04:00
jheysel-r7 b064578488 Apply suggestions from code review 2023-08-18 15:37:11 -04:00
jheysel-r7 4ddd789f51 Apply suggestions from code review 2023-08-18 15:33:59 -04:00
h00die 7b024f21bd apache nifi h2 rce 2023-08-08 17:44:35 -04:00
h00die 5cdac38ac0 apache nifi h2 rce 2023-08-08 17:44:35 -04:00
sfewer-r7 85ab3113c2 bug fix for issue 18237. ColdFusion configured with a Development profile behaves slightly differently than ColdFusion deployed in a Production profile, so we need to test for some different return values during exploitation. 2023-08-08 14:47:14 +01:00
ismaildawoodjee 19dcc2d674 Move module and documentation from linux/http to multi/http 2023-08-02 10:10:27 -04:00
adfoster-r7 b979217227 Land #18239, Add version numbers to apache nifi rce module 2023-07-31 22:28:52 +01:00
h00die 5d9a65eeb0 version numbers for apache nifi rce 2023-07-31 16:14:57 -04:00