adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
74,511 Commits 27 Branches 1,043 Tags
4e99e7dfe7b682a0154d4fc8ec49e6a0f4e2a2c8
Commit Graph

297 Commits

Author SHA1 Message Date
dledda-r7 48c69b99fb Land #19344, FortiClient EMS FCTID SQLi to RCE fix for 7.2.x 2024-07-31 09:43:19 -04:00
Jack Heysel c05aebe248 Formatting 2024-07-24 11:16:26 -07:00
Jack Heysel e9cbb9287c Add support for 7.2.x 2024-07-24 10:45:38 -07:00
bwatters 636c72965c Land #19084, Add CVE-2022-1373 and CVE-2022-2334 exploit chain 
Merge branch 'land-19084' into upstream-master
 2024-07-19 12:22:25 -05:00
Christophe De La Fuente ecb628eaab Add module and documentation 2024-06-20 15:30:54 +02:00
Jack Heysel dc70aa0896 Land #19247, PHP CGI Arg injection RCE 
XAMPP installs running on Windows system configured to use Japanese or
Chinese (simplified or traditional) locales are vulnerable to a PHP CGI
argument injection vulnerability. This exploit module returns a session
running in the context of the Administrator user
 2024-06-17 11:27:38 -07:00
Stephen Fewer d7531ef74c fix typo in documentation 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-06-13 15:09:56 +01:00
Spencer McIntyre 18fe758416 Finish up and document the deserialization RCE 2024-06-12 08:58:37 -04:00
Stephen Fewer 2d63038196 Update documentation/modules/exploit/windows/http/rejetto_hfs_rce_cve_2024_23692.md 
fix a typo in the documentation.

Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-06-11 16:23:56 +01:00
sfewer-r7 bf9b3f1d2a add documentation 2024-06-10 17:41:55 +01:00
sfewer-r7 c8208704be add in exploit module for CVE-2024-23692 2024-06-06 18:04:14 +01:00
h00die a89d418725 review of northstar c2 2024-05-16 15:17:28 -04:00
h00die 19af4ae4e6 mermaid flow chart 2024-04-24 16:54:02 -04:00
h00die 9fb217fb59 northstar c2 exploit 2024-04-24 16:54:02 -04:00
Imran E. Dawoodjee 50a303a6e5 Update references and documentation 2024-04-13 18:21:05 +08:00
Imran E. Dawoodjee 6268235cd3 Add CVE-2022-1373 and CVE-2022-2334 exploit chain 2024-04-13 18:10:45 +08:00
Jack Heysel dae9657433 FortiClient EMS Exploit Module 2024-04-12 10:00:07 -07:00
bwatters e58c6b9df2 Land #18721, SharePoint Unauth RCE Exploit Chain (CVE-2023-29357 & CVE-2023-24955) 
Merge branch 'land-18721' into upstream-master
 2024-03-26 12:42:22 -05:00
Jack Heysel 4e4303c274 Fixed backup_bdc_metadata initialization 2024-02-15 09:26:54 -05:00
Jack Heysel 326b50bd4d Responded to comments 2024-02-06 15:22:21 -05:00
jheysel-r7 5f1fa2a678 Apply suggestions from jvoisin 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-01-19 20:30:53 -05:00
Jack Heysel 854ec41db1 Initial commit 2024-01-19 15:22:22 -05:00
Kevin Joensen 2f3e207277 Fixed documentation for exploit 2023-12-15 13:58:10 +01:00
Jemmy Wang 9f9f18c73f Apply suggestions from code review 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-11-02 10:10:26 +08:00
Jemmy Wang 00ccebe8ce Upadte documentation for AjaxPro Deserializaion RCE 2023-10-31 13:31:10 +08:00
Jemmy Wang 40683ff591 Add document for AjaxPro Deserialization RCE Module 2023-10-28 01:37:34 +08:00
h00die 557a15a115 spelling fixes on docs 2023-10-10 14:46:18 -04:00
sfewer-r7 623b589fb5 When I removed the PowerShell target I forgot to update the documentation, this commit updates the documentation to reflect the changes made to the exploit module. 2023-10-04 17:03:28 +01:00
sfewer-r7 1695a12c9c Explicitly state both the release name (e.g. 2022.0.2) and the version number (e.g. 8.8.2) in a more consistent way. 2023-10-02 17:40:11 +01:00
sfewer-r7 53ed4a632b add in exploit module for CVE-2023-40044 - WS_FTP unauthenticated RCE via .NET deserialization. 2023-10-02 11:42:19 +01:00
Ege Balcı 48cb2db70b Update scenario 2023-09-01 03:48:08 +02:00
Ege Balcı 1d9c7fde77 Add LG Simple Editor Unauthenticated RCE (CVE-2023-40498) Exploit 2023-08-29 17:58:43 +02:00
Christophe De La Fuente 7fa2586e34 Land #18247, Netgear NMS RCE CVE-2023-38096/8 2023-08-28 11:23:08 +02:00
Ege Balcı b10d677308 Doc update. 2023-08-25 21:18:48 +02:00
Ege Balcı 0fe335aff2 Update documentation/modules/exploit/windows/http/netgear_nms_rce.md 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2023-08-24 16:10:30 +00:00
Ismail Dawoodjee c216c5a184 Fix lines in SmarterMail RCE docs for linting with msftidy_docs 2023-08-23 23:07:07 +08:00
Ege Balcı 329920eeb2 Add Netgear NMS RCE (CVE-2023-38096/8) exploit 2023-08-02 18:03:57 +02:00
ismaildawoodjee 1706812099 Implemented requested changes 
* Small fixes in Description - removed backticks
* Implemented Windows Command target
* Removed PowerShell Stager, in Targets and in exploit method
* Implemented Rex::Socket::Tcp in place of TCPSocket

* Updated TARGET section in documentation
* Added TARGET 0 - Windows Command scenario
* Removed PowerShell Stager scenario
* Replaced 'Using configured payload' lines to use Windows Command payload
  for the 2nd, 3rd, and 4th scenarios. Did not rerun the scenarios, however
 2023-07-07 04:14:20 -04:00
Ismail Dawoodjee 24ef4e1b90 Update documentation/modules/exploit/windows/http/smartermail_rce.md 
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com>
 2023-07-06 18:49:49 +03:00
ismaildawoodjee ad0d3e79a9 SmarterMail RCE module and documentation 2023-07-06 08:00:28 -04:00
Spencer McIntyre dfd450561e Tweak some messages and cleanup markdown table 2023-06-22 14:23:25 -04:00
bwatters 5f667e1d79 Address code review 2023-06-22 10:22:43 -05:00
bwatters 2adea08f67 Add documentation & code cleanup 2023-06-21 15:41:50 -05:00
Grant Willcox f7d2cdae56 Add in ability to restore settings n documentation changes. 
Previously there was not the ability to restore the server proxy setting.
This updates the code to do so. Additionally this also updates the documentation
to note that Fetch payloads are incompatible with this module since they
use HTTP connections that will be impacted by this module changing the server's
HTTP proxy settings. There is no way around this.
 2023-06-02 09:48:03 -05:00
Grant Willcox 965311d09e Fix documentation and fix bug in creating PARMS value 2023-06-02 09:48:02 -05:00
Grant Willcox 8577f21e52 Add in documentation and updated code 2023-06-02 09:48:01 -05:00
Grant Willcox 459cf871cb Land #17979, Add exploit for Ivanti Avalanche file upload - CVE-2023-28128 2023-05-16 09:19:33 -05:00
Grant Willcox ea988f0c78 Add more documentation on how to set the target up based on my own experience and so that we have a backup in case the link to external documentation breaks 2023-05-12 14:27:39 -05:00
Grant Willcox cf5f90ac4f Minor updates to documentation to tidy things up a bit 2023-05-11 16:48:16 -05:00
space-r7 722de33b6f address feedback, use cleanup to restore path 
fix bug where if config restore failed, module would
output that it was both a failure and a success
add akb topic as reference
 2023-05-11 13:20:25 -05:00