adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
74,381 Commits 27 Branches 1,043 Tags
5886e69e92d3eced2e5cd3a0714dbb2e2ddcfda5
Commit Graph

3779 Commits

Author SHA1 Message Date
Jack Heysel f7449ea850 Land #19311, Add GeoServer unauth RCE module 
This adds an exploit module for CVE-2024-36401, an unauthenticated RCE
vulnerability in GeoServer versions prior to 2.23.6, between version
2.24.0 and 2.24.3 and in version 2.25.0, 2.25.1.
 2024-07-12 11:07:36 -07:00
H00die.Gr3y 292c177b74 Apply suggestions from code review 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-07-12 19:20:46 +02:00
Jack Heysel 5d210b548b added windows support 2024-07-11 16:34:07 -07:00
h00die-gr3y 4e76068cea added armle architecture support 2024-07-11 21:42:45 +00:00
h00die-gr3y 92f6445856 added documentation 2024-07-11 21:24:50 +00:00
remmons-r7 7746c8877e Add sysinfo Meterpreter output and target OS version numbers 2024-07-09 16:31:01 -05:00
remmons-r7 06da60cade Adding atlassian_confluence_rce_cve_2024_21683 documentation 
Adding CVE-2024-21683 documentation, which includes both Windows and Linux examples.
 2024-07-09 14:05:43 -05:00
Jack Heysel aabd9febb2 Land #19274, Ivanti EPM SQLi to RCE 
This adds an exploit for CVE-2024-29824, an  unauthenticated SQLi
which can be used to obtain RCE in Ivanti Endpoint Manager 2022 SU5 and
prior
 2024-07-08 12:52:34 -07:00
Christophe De La Fuente df8f281d18 Land #19204, Zyxel VPN Series Pre-auth Command Injection 2024-07-03 20:14:39 +02:00
Jack Heysel 9cfaa2e69f Lowered rank and explained mock testing 2024-06-24 09:13:46 -07:00
Christophe De La Fuente 24fa34e7b9 Land #19188, Netis MW5360 unauthenticated RCE [CVE-2024-22729] 2024-06-24 13:40:51 +02:00
Christophe De La Fuente ecb628eaab Add module and documentation 2024-06-20 15:30:54 +02:00
Jack Heysel dc70aa0896 Land #19247, PHP CGI Arg injection RCE 
XAMPP installs running on Windows system configured to use Japanese or
Chinese (simplified or traditional) locales are vulnerable to a PHP CGI
argument injection vulnerability. This exploit module returns a session
running in the context of the Administrator user
 2024-06-17 11:27:38 -07:00
Jack Heysel e14dd93d6f Rebased encoder fix, removed PS paylaod dependency 2024-06-14 16:59:55 -07:00
Jack Heysel ade11a5a4b Added default options fixed Verification Steps 2024-06-14 16:41:12 -07:00
Jack Heysel 1dfd5da51e Apache OFBiz Dir Traversal RCE 2024-06-14 16:41:12 -07:00
Jack Heysel 178bb3e085 Land #19229, Junos OS PHPRC module enhancement 
The junos_phprc_auto_prepend_file module used to depend on having a user
authenticated to the J-Web application to steal the necessary session
tokens in order to exploit. With this enhancement the module will now
create a session if one doesnt exist. Also it adds datastore options to
change the hash format to be compatible with older version as well an
option to attempt to set ssh root login to true before attempting to
establish a root ssh session
 2024-06-14 11:35:15 -07:00
Jack Heysel 1bb95acd12 Updated documentation 2024-06-14 11:02:31 -07:00
Stephen Fewer d7531ef74c fix typo in documentation 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-06-13 15:09:56 +01:00
Jack Heysel b9b638dd83 Land #19196, Cacti import package RCE 
This exploit module leverages an arbitrary file write vulnerability
(CVE-2024-25641) in Cacti versions prior to 1.2.27 to achieve RCE. It
abuses the Import Packages feature to upload a specially crafted package
that embeds a PHP file.
 2024-06-12 15:43:46 -07:00
Christophe De La Fuente 45815a4cb5 Code review 2024-06-12 19:47:02 +02:00
Spencer McIntyre 18fe758416 Finish up and document the deserialization RCE 2024-06-12 08:58:37 -04:00
bwatters f2027784cf Land #19240, Rejetto HTTP File Server (HFS) 2.x - Unauthenticated RCE exploit module (CVE-2024-23692) 
Merge branch 'land-19240' into upstream-master
 2024-06-11 12:22:29 -05:00
Stephen Fewer 2d63038196 Update documentation/modules/exploit/windows/http/rejetto_hfs_rce_cve_2024_23692.md 
fix a typo in the documentation.

Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-06-11 16:23:56 +01:00
Jack Heysel 9bbb82ab55 Land #18998, VSCode exploit for ipynb integration 
VSCode allows users open a Jypiter notebook (.ipynb) file. Versions
v1.4.0 - v1.71.1 allow the Jypiter notebook to embed HTML and
javascript, which can then open new terminal windows within VSCode. Each
of these new windows can then execute arbitrary code at startup
 2024-06-10 14:36:57 -07:00
sfewer-r7 bf9b3f1d2a add documentation 2024-06-10 17:41:55 +01:00
Jack Heysel 12b1936e16 Fixed typo added Options section docs 2024-06-10 07:39:24 -07:00
h00die-gr3y 55fa94995b Updated check method 2024-06-06 22:23:35 +00:00
sfewer-r7 c8208704be add in exploit module for CVE-2024-23692 2024-06-06 18:04:14 +01:00
Christophe De La Fuente 120fa0f2fe Land #19208, Add exploit module for CVE-2024-5084: WordPress Hash Form Plugin RCE 2024-06-05 10:17:02 +02:00
Christophe De La Fuente 67ec4baa66 PR-19208: Add DefaultTarget to the info hash 2024-06-05 10:14:48 +02:00
h00die d7966104f2 touchup docs 2024-06-04 19:40:39 -04:00
Chocapikk 6b127249fa Add suggestions 2024-05-31 20:56:03 +02:00
Jack Heysel 80ee458410 Land #19151, Add Flowmon Priv Esc Feature Module 
Privilege escalation module for Progress Flowmon unpatched feature
 2024-05-29 11:35:53 -04:00
Jack Heysel 72f332aba0 Land #19150, Add Flowmon Command Injection Module 
Unauthenticated Command Injection Module for Progress Flowmon
CVE-2024-2389
 2024-05-29 08:28:37 -04:00
Jack Heysel d60524d0b3 Started docs file 2024-05-28 15:54:47 -04:00
Chocapikk 4fdf6df1e7 Fix doc 2024-05-28 20:16:33 +02:00
Chocapikk bea708d24c Add exploit module for CVE-2024-5084: WordPress Hash Form Plugin RCE 2024-05-28 18:27:02 +02:00
Jack Heysel 2c6fc11639 Responded to comments, clean up /etc/sudoers file 2024-05-23 16:56:35 -04:00
Jack Heysel a0597007e4 Minor fixes, respond to comments 2024-05-23 14:02:28 -04:00
Christophe De La Fuente c6c5f2bf7a Add module, lib and documentation 2024-05-22 17:38:53 +02:00
Dave Yesland 0de89d3b2d Update documentation/modules/exploit/linux/local/progress_flowmon_sudo_privesc_2024.md 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-05-21 13:42:52 -07:00
Jack Heysel 6e9e4a5aed Land #19102, Northstar C2 Stored XSS to Agent RCE 
Add exploit module for CVE-2024-28741, Northstar C2 Stored XSS to Agent
RCE
 2024-05-21 14:57:44 -04:00
Jack Heysel 10acd86390 Land #19071, Add AVideo RCE module 
Add module for CVE-2024-31819 which exploits an LFI in AVideo which uses
PHP Filter Chaining to turn the LFI into unauthenticated RCE
 2024-05-21 14:27:15 -04:00
cgranleese-r7 67154a12e0 Land #19104, CHAOS rat xss to rce 2024-05-21 11:10:57 +01:00
h00die-gr3y 575e223657 Added documentation 2024-05-19 14:09:58 +00:00
h00die a89d418725 review of northstar c2 2024-05-16 15:17:28 -04:00
Chocapikk da31761336 Lint 2024-05-15 22:13:53 +02:00
Valentin Lobstein 3560860e33 Update documentation/modules/exploit/multi/http/avideo_wwbnindex_unauth_rce.md 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-05-15 22:07:29 +02:00
h00die d1739f32c2 review of chaos rat 2024-05-13 16:55:43 -04:00