adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
77,971 Commits 27 Branches 1,043 Tags
6d9d9a70d410cc94de4d3d9afd7a75cd426d43be
Commit Graph

1521 Commits

Author SHA1 Message Date
Takah1ro 3b947cf1c5 Update vulnerable version 2025-01-02 09:57:00 +09:00
jheysel-r7 e70b6c777f Merge pull request #19663 from sfewer-r7/CVE-2024-0012 
Exploit module for PAN-OS management interface unauth RCE (CVE-2024-0012 + CVE-2024-9474)
 2024-12-30 10:29:10 -08:00
Takah1ro 38d8d35dc5 Update doc 2024-12-30 13:50:13 +09:00
Takah1ro bbc282e90c Improve check 2024-12-30 13:36:15 +09:00
Takah1ro 6e0c945a42 Improve check for version 4 2024-12-30 13:00:25 +09:00
h00die-gr3y 862f2ee6c6 Added documentation and some small module updates 2024-12-29 20:05:05 +00:00
Takah1ro 68ae0d40ea Add timeout option 2024-12-29 13:02:32 +09:00
Takah1ro e4111cdc97 Update to use FETCH_DELETE 2024-12-29 12:33:39 +09:00
Takah1ro 86bd1c2938 Minor improve 
* enable fetch_delete
 * avoid using single quotes
 * update doc
 2024-12-29 12:19:19 +09:00
Takah1ro af432a3b72 Improve stability 2024-12-29 12:00:09 +09:00
Takah1ro 90d9bb769d Update vulnerable version 2024-12-28 15:53:31 +09:00
Takah1ro 7ecc1cb87b Update vulnerable version 2024-12-28 14:39:24 +09:00
Takah1ro 340d4bcd58 Add selenium firefox rce module 2024-12-28 12:27:18 +09:00
Takah1ro e3d68d4164 Update author and fix version detection 2024-12-28 11:18:41 +09:00
Takah1ro 64b1832567 Update not to use selenium-webdriver 2024-12-27 13:00:20 +09:00
Takah1ro 82ebdf1f9d Improve docs 2024-12-26 23:54:47 +09:00
Takah1ro acbcd9f3b1 Fix ubuntu version 2024-12-26 23:51:40 +09:00
Takah1ro 06af9b0b3d Add selenium chrome rce module 2024-12-26 23:44:11 +09:00
h00die-gr3y 7c8116a2cb Third release of module + Documentation 2024-12-22 11:41:05 +00:00
Brendan 7ddffc790c Merge pull request #19460 from gardnerapp/game_overlay 
Land #19460, CVE-2023-2640, CVE-2023-32629 Game Overlay Ubuntu Privilege Escalation
 2024-12-18 14:44:57 -06:00
bwatters-r7 b7f477172f Update docs to reflect recent changes 2024-12-18 14:08:10 -06:00
Stephen Fewer 65bb3cc990 typo 2 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-12-17 17:26:20 +00:00
Stephen Fewer 3ed2b5916a fix typo 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-12-17 17:26:00 +00:00
h00die af462f7dcf arch linux compatibility for runc priv esc 2024-12-16 05:52:29 -05:00
Diego Ledda be30a06af4 Land #19430, Moodle RCE (CVE-2024-43425) Module 
Land #19430, Moodle RCE (CVE-2024-43425) Module
 2024-12-06 12:15:35 +01:00
jheysel-r7 e8911f9129 Land #19402 vCenter Sudo LPE (CVE-2024-37081) 2024-12-04 18:25:05 -08:00
jheysel-r7 21cf475cbb Land #19595 Ivanti Connect Secure auth RCE via OpenSSL (CVE-2024-37404) 2024-12-04 08:26:07 -08:00
Diego Ledda ab2ca41eb8 Land #19629, Chamilo v1.11.24 Unrestricted File Upload (CVE-2023-4220) 
Land #19629, Chamilo v1.11.24 Unrestricted File Upload (CVE-2023-4220)
 2024-12-04 16:49:56 +01:00
jheysel-r7 2d1af7d809 Land #19648 Add exploit module for FortiManager (CVE-2024-47575) 2024-12-02 18:31:25 -08:00
jheysel-r7 a230a353e4 Land #19613 Asterisk authenticated rce via AMI (CVE-2024-42365) 2024-12-02 08:21:35 -08:00
Christophe De La Fuente 3dcb9d58ab Code review 2024-12-02 14:02:07 +01:00
Christophe De La Fuente c943cc6378 Add module and documentation 2024-12-02 14:02:07 +01:00
h00die d13bccca05 peer review 2024-11-28 20:24:25 -05:00
h00die e41f5ad577 needrestart exploit updates 2024-11-27 15:41:23 -05:00
h00die d778f5469b needrestart improvements 2024-11-26 18:22:48 -05:00
h00die d4bd00d48e needrestart improvements 2024-11-25 16:38:18 -05:00
h00die 7fd82b89df offload files to data 2024-11-22 15:57:18 -05:00
h00die 94e5e49052 ubuntu needrestart lpe 2024-11-22 15:44:45 -05:00
sfewer-r7 000ffb2406 make the check routine return a message for Detected. 2024-11-22 12:37:50 +00:00
jheysel-r7 d95d549992 Land #19531 ProjectSend r1335 - r1605 RCE module 2024-11-21 09:53:36 -08:00
sfewer-r7 41bcf4629f The payload we essentially being encoded twice (thanks for calling this out Brendan), we now supply a suitable BadChars and let the framewrk encode the framework paylaod. We rename the variable payload to bootstrap_payload as this was colliding with the frameworks payload variable which was not the intent. 2024-11-21 17:37:34 +00:00
ostrichgolf 68eb6599fd Create projectsend_unauth_rce 2024-11-21 09:34:58 -08:00
sfewer-r7 d2f6e0e10f As the payload option FETCH_WRITABLE_DIR may not be available if a non fetch based payload is used, we add a new option WRITABLE_DIR to account for this. Update the documentation to reflect the change. 2024-11-21 16:38:09 +00:00
sfewer-r7 f9b099a46d remove the DefaultOption PAYLOAD value, and let the framework pick one for us. Mention I tested the exploit with cmd/linux/http/x64/meterpreter_reverse_tcp 2024-11-21 16:22:02 +00:00
h00die 0f6da56a52 vcenter sudo module 2024-11-21 04:34:15 -05:00
jheysel-r7 afbbba09e8 Land #19584 Judge0 sandbox escape CVE-2024-28185, CVE-2024-28189 2024-11-20 14:35:38 -08:00
Takah1ro da6f8cd552 Add Judge0 module and document 2024-11-20 14:15:38 -08:00
sfewer-r7 2469d4ea23 add in exploit module for the recent PAN-OS RCE, CVE-2024-0012 + CVE-2024-9474 2024-11-19 16:15:06 +00:00
h00die 6bd049e346 operator working 2024-11-18 20:09:13 -05:00
gardnerapp 19770cf870 Remove unneeded file and rudocop corrections 
Update modules/exploits/linux/local/gameoverlay_privesc.rb

Co-authored-by: Brendan <bwatters@rapid7.com>

Give bwatters7 credit, add docs

Experiment with randomized bash copy and Rex::File.join

remove unused line

Add missing parenthesis

fix problem with bash copy

Remove rex::join, call proper method for generating payload

add exploit::exe mixin, bash copy randomization

Rubocop changes

Remove nc
 2024-11-18 17:01:08 -06:00