adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
74,511 Commits 27 Branches 1,043 Tags
4e99e7dfe7b682a0154d4fc8ec49e6a0f4e2a2c8
Commit Graph

1544 Commits

Author SHA1 Message Date
dledda-r7 48c69b99fb Land #19344, FortiClient EMS FCTID SQLi to RCE fix for 7.2.x 2024-07-31 09:43:19 -04:00
Jack Heysel 2ffe027eab Responded to comments 2024-07-25 09:14:27 -07:00
Jack Heysel c05aebe248 Formatting 2024-07-24 11:16:26 -07:00
Jack Heysel e9cbb9287c Add support for 7.2.x 2024-07-24 10:45:38 -07:00
adfoster-r7 62a3f73e70 Update rubocop target ruby version 2024-07-24 16:47:17 +01:00
Jack Heysel e6f2352248 WIP 2024-07-19 14:43:13 -07:00
bwatters 636c72965c Land #19084, Add CVE-2022-1373 and CVE-2022-2334 exploit chain 
Merge branch 'land-19084' into upstream-master
 2024-07-19 12:22:25 -05:00
Christophe De La Fuente 2f238fcd24 Code review 2024-06-21 10:13:08 +02:00
Christophe De La Fuente ecb628eaab Add module and documentation 2024-06-20 15:30:54 +02:00
Spencer McIntyre 08575d0895 Land #19176, Add missing Arch parameter 
Adding Arch parameter to dnn_cookie_deserialization_rce module
 2024-06-18 17:07:08 -04:00
Jack Heysel c1826cd2f3 Land #18829, Allow multiple HttpServers in module 
Adding multiple HttpServer services in a module is sometimes complex
since they share the same methods. This usually this causes issues where
on_request_uri needs to be overridden to handle requests coming from
each service. This updates the cmdstager and the Java HTTP ClassLoader
mixins, since these are commonly used in the same module. This also
updates the manageengine_servicedesk_plus_saml_rce_cve_2022_47966 module
to make use of these new changes
 2024-06-18 09:51:38 -07:00
Spencer McIntyre 29307b1321 Appease msftidy 2024-06-18 09:23:41 -04:00
Jack Heysel dc70aa0896 Land #19247, PHP CGI Arg injection RCE 
XAMPP installs running on Windows system configured to use Japanese or
Chinese (simplified or traditional) locales are vulnerable to a PHP CGI
argument injection vulnerability. This exploit module returns a session
running in the context of the Administrator user
 2024-06-17 11:27:38 -07:00
Christophe De La Fuente 8fc6e20cec Update other modules to use java_class_loader_start_service and cmdstager_start_service 2024-06-14 12:57:42 +02:00
Stephen Fewer fb44c7e6ff fix typo in module description 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-06-13 15:10:14 +01:00
Spencer McIntyre 18fe758416 Finish up and document the deserialization RCE 2024-06-12 08:58:37 -04:00
Spencer McIntyre cac5863e75 Update the exploit module to use the scanner 2024-06-12 08:58:37 -04:00
Spencer McIntyre 0e1e6c4fb2 Exploit improvements 
* Delete the report the exploit creates
* Report credentials that are used to authenticate
* Use the specified username and password if provided
 2024-06-12 08:58:37 -04:00
Spencer McIntyre c120a30ba4 Enumerate and select a random category 2024-06-12 08:58:37 -04:00
Spencer McIntyre b8d3cd6708 Initial module for CVE-2024-4358 2024-06-12 08:58:37 -04:00
Stephen Fewer ab0079c0ee Update modules/exploits/windows/http/rejetto_hfs_rce_cve_2024_23692.rb 
improve documentation guidance to mention upgrading to a newer supported version (as 2.x is no longer supported)

Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-06-11 16:26:04 +01:00
sfewer-r7 bf9b3f1d2a add documentation 2024-06-10 17:41:55 +01:00
sfewer-r7 c6de00968f typo 2024-06-10 17:17:39 +01:00
sfewer-r7 3a19a54c59 remove dead link 2024-06-10 17:17:28 +01:00
sfewer-r7 998724f683 first commit for cve-2024-4577 2024-06-07 15:44:05 +01:00
sfewer-r7 e325d23526 first commit for cve-2024-4577 2024-06-07 15:43:40 +01:00
sfewer-r7 c8208704be add in exploit module for CVE-2024-23692 2024-06-06 18:04:14 +01:00
fufu 95ebf18691 Adding Arch parameter to dnn_cookie_deserialization_rce module 2024-05-09 23:09:03 +02:00
h00die 9ed9ea8c38 add event_dependent to northstar_c2 2024-04-24 16:54:58 -04:00
h00die dd5a8c629f northstar_c2 adjustments 2024-04-24 16:54:02 -04:00
h00die 9fb217fb59 northstar c2 exploit 2024-04-24 16:54:02 -04:00
Zach Goldman 488653d942 Land #19082, FortiNet FortiClient EMS SQLi to RCE [CVE-2023-48788] 2024-04-19 15:03:22 -04:00
Imran E. Dawoodjee 8d6a20634f Attempt to improve file cleanup functionality 2024-04-19 23:05:02 +08:00
Imran E. Dawoodjee afd4b8af2e Remove x86 things, include AutoCheck 2024-04-19 22:49:40 +08:00
Spencer McIntyre 727849202d Land #19087, chore: remove repetitive words 2024-04-17 09:59:46 -04:00
sjanusz-r7 010f044117 Add https prefix to module URL references 2024-04-17 13:00:41 +01:00
fanqiaojun 6b2bdc893b chore: remove repetitive words 
Signed-off-by: fanqiaojun <fanqiaojun@yeah.net>
 2024-04-15 11:06:50 +08:00
Imran E. Dawoodjee 27e46fe8b1 Really make RuboCop happy 2024-04-13 18:29:27 +08:00
Imran E. Dawoodjee c8b9b321a9 Fix linting 2024-04-13 18:22:20 +08:00
Imran E. Dawoodjee 50a303a6e5 Update references and documentation 2024-04-13 18:21:05 +08:00
Imran E. Dawoodjee 6268235cd3 Add CVE-2022-1373 and CVE-2022-2334 exploit chain 2024-04-13 18:10:45 +08:00
Jack Heysel dae9657433 FortiClient EMS Exploit Module 2024-04-12 10:00:07 -07:00
bwatters e58c6b9df2 Land #18721, SharePoint Unauth RCE Exploit Chain (CVE-2023-29357 & CVE-2023-24955) 
Merge branch 'land-18721' into upstream-master
 2024-03-26 12:42:22 -05:00
errorxyz 97513d473f Update manageengine_endpoint_central and servicedesk_plus default payloads 2024-02-23 00:00:18 +05:30
Jack Heysel 4e4303c274 Fixed backup_bdc_metadata initialization 2024-02-15 09:26:54 -05:00
Gaurav Jain 184ed3a162 Add suggested changes 2024-02-09 02:22:20 +05:30
Gaurav Jain 4dc21bae45 Merge branch 'rapid7:master' into manageengine 2024-02-08 15:11:15 +05:30
Gaurav Jain 25804edbf4 Add java targets for manageengine cve-2022-47966 modules 2024-02-08 01:55:52 +05:30
Jack Heysel ad45681116 Updated jwt_token format 2024-02-06 16:42:56 -05:00
Jack Heysel 92bbc47bd8 Changed tabs to spaces fixed msftidy 2024-02-06 15:54:33 -05:00