adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
77,971 Commits 27 Branches 1,043 Tags
6d9d9a70d410cc94de4d3d9afd7a75cd426d43be
Commit Graph

4257 Commits

Author SHA1 Message Date
Spencer McIntyre e52edf447c Implement feedback from the PR 2024-11-20 13:51:39 -05:00
sfewer-r7 2469d4ea23 add in exploit module for the recent PAN-OS RCE, CVE-2024-0012 + CVE-2024-9474 2024-11-19 16:15:06 +00:00
h00die 6bd049e346 operator working 2024-11-18 20:09:13 -05:00
gardnerapp 19770cf870 Remove unneeded file and rudocop corrections 
Update modules/exploits/linux/local/gameoverlay_privesc.rb

Co-authored-by: Brendan <bwatters@rapid7.com>

Give bwatters7 credit, add docs

Experiment with randomized bash copy and Rex::File.join

remove unused line

Add missing parenthesis

fix problem with bash copy

Remove rex::join, call proper method for generating payload

add exploit::exe mixin, bash copy randomization

Rubocop changes

Remove nc
 2024-11-18 17:01:08 -06:00
h00die f38661d6c3 pod user working 2024-11-18 07:30:21 -05:00
sfewer-r7 c58dbbfb61 add in documentation 2024-11-15 17:42:57 +00:00
Spencer McIntyre 5d9add4450 Merge pull request #19640 from jheysel-r7/pyload_js2py_cve_2024_39205 
Pyload RCE (CVE-2024-39205) with js2py sandbox escape (CVE-2024-28397)
 2024-11-15 09:24:37 -05:00
h00die 6962d828ac primefaces exploit v2 2024-11-14 14:14:02 -05:00
h00die 7a8e72f9b8 primefaces exploit v1 2024-11-14 14:12:13 -05:00
Heyder Andrade 09d84eaabb Added module for WSO2 API Manager Documentation File Upload Remote Code Execution 
Closes #19646

on-behalf-of: @redwaysecurity <info@redwaysecurity.com>
 2024-11-14 18:34:11 +01:00
h4x-x0r 37c148cc7c CVE-2024-47407 
CVE-2024-47407
 2024-11-13 03:55:17 +00:00
Jack Heysel d2ef3cb6a9 Pyload RCE (CVE-2024-39205) with js2py sandbox escape (CVE-2024-28397) 2024-11-12 16:05:07 -08:00
Brendan 19e182ce65 Land #19557, Add Palo Alto Expedition RCE (CVE-2024-5910 & CVE-2024-9464) Module 
Palo Alto Expedition RCE (CVE-2024-5910 & CVE-2024-9464) Module
 2024-11-12 16:42:06 -06:00
h4x-x0r a09ca39dee Update documentation/modules/exploit/linux/http/paloalto_expedition_rce.md 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2024-11-12 09:03:51 -06:00
h4x-x0r 61486cd877 Update documentation/modules/exploit/linux/http/paloalto_expedition_rce.md 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2024-11-12 09:03:35 -06:00
h00die 4ebc6f1ff1 peer review 2024-11-11 17:37:33 -05:00
remmons-r7 b712f9a745 Create cups_ipp_remote_code_execution.md 2024-11-11 15:53:14 -06:00
Jack Heysel 27459bb10f Updated docs 2024-11-11 12:40:56 -08:00
Jack Heysel 3068511b66 CVE-2023:4220: Chamilo v1.11.24 Unrestricted File Upload 2024-11-11 11:33:34 -08:00
Jack Heysel 81b83f2fd6 Updated docs and check 2024-11-06 09:13:51 -08:00
Jack Heysel 7a5bc60aab Windows Access Mode Mismatch LPE in ks.sys [CVE-2024-35250] 2024-11-05 15:31:44 -08:00
h00die 0de93eedb7 asterisk ami auth rce 2024-11-04 16:27:58 -05:00
h00die 9cba5dad59 WIP for asterisk rce 2024-11-01 16:28:45 -04:00
Valentin Lobstein f85de40d58 Update documentation/modules/exploit/unix/webapp/cyberpanel_preauth_rce_multi_cve.md 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-11-01 15:46:05 +01:00
Chocapikk 3723064ac9 Fix typo 2024-11-01 08:53:55 +01:00
Chocapikk 616ffe7d18 Add CVE-2024-51568 2024-11-01 08:48:34 +01:00
Chocapikk 4269615400 Add CyberPanel Pre-Auth RCE Exploit Module for CVE-2024-51378 and CVE-2024-51567 2024-10-31 22:13:05 +01:00
jheysel-r7 222df0bfdf Land #19527 Add bypass for GiveWP RCE (CVE-2024-8353) 
This updates the exploit module wp_giveup_rce_bypass to incorporate the bypass CVE, allowing the payload to work on all affected versions of the GiveWP plugin.
 2024-10-30 16:29:14 -04:00
jheysel-r7 094250f7e7 Land #19489 Add WordPress wp-automatic SQLi to RCE module 2024-10-30 09:05:03 -04:00
Spencer McIntyre 9f41937c7a Finish up the exploit module 2024-10-28 17:20:35 -04:00
h00die-gr3y 6aeb9d130b added the output option to the documentation 2024-10-25 14:13:18 +00:00
h00die-gr3y ae176fdfd5 update based on review comments of adfoster-r7 2024-10-25 14:01:10 +00:00
h00die-gr3y d9f8b66d21 updated documentation with some small tweaks 2024-10-23 17:36:00 +00:00
h00die-gr3y 331a3ad74a second release module and documentation with some small tweaks 2024-10-23 14:40:00 +00:00
h00die-gr3y 82e0b34670 added documentation 2024-10-23 13:11:14 +00:00
h4x-x0r 661075a45c handling additional case 
handling additional case when autocheck is disabled and no credentials are provided
 2024-10-22 03:42:39 +01:00
Diego Ledda 59d026acd3 Land #19544, Magento Arbitrary File Read (CVE-2024-34102) + PHP Buffer Overflow iconv() of GLIBC (CVE-2024-2961) 2024-10-18 14:39:54 +02:00
adfoster-r7 7b400f18fe Fix metabase rce to support older versions 2024-10-17 10:10:50 +01:00
Diego Ledda 9a245e6e06 Land #19485, Module BYOB Unauthenticated RCE (CVE-2024-45256, CVE-2024-45257) 
Land #19485, Module BYOB Unauthenticated RCE (CVE-2024-45256, CVE-2024-45257)
 2024-10-15 17:13:15 +02:00
Chocapikk 6c099f2b73 Add WordPress wp-automatic SQLi to RCE module (CVE-2024-27956) 2024-10-14 18:13:17 +02:00
h4x-x0r 34538df83c PoC and Documentation 
PoC and Documentation
 2024-10-14 05:09:29 +01:00
Graeme Robinson 5228acb0f1 Update werkzeug_debug_rce docs to show modified output 2024-10-13 23:11:52 +01:00
Graeme Robinson f369a80fcc Satisfy msftidy_docs against werkzeug_debug_rce.md 2024-10-13 22:55:12 +01:00
jvoisin b2ad59d0aa Add modules/exploits/linux/local/udev_persistence.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-10-10 23:08:23 +02:00
Jack Heysel 44b33b8010 Fixed multiple sessions and instability 2024-10-10 11:36:16 -07:00
Jack Heysel dab5d66e37 Test and respond to comments 2024-10-09 22:52:55 -07:00
Jack Heysel a4ef40a233 Updated docs with Options section 2024-10-09 13:08:20 -07:00
Jack Heysel e8711c5b20 Magento XXE to GLIBC buffer overflow 2024-10-09 12:53:29 -07:00
dledda-r7 3211edd83c docs: review changes 2024-10-09 12:18:35 -04:00
dledda-r7 2762132830 docs: adding motd_persistence docs 2024-10-08 11:22:13 -04:00