adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
77,971 Commits 27 Branches 1,043 Tags
6d9d9a70d410cc94de4d3d9afd7a75cd426d43be
Commit Graph

38478 Commits

Author SHA1 Message Date
sfewer-r7 6d9d9a70d4 add some comments to clarify what CVE-2025-49706 is 2025-07-25 11:01:22 +01:00
sfewer-r7 a81710486e add in a reference to the new technical analysis from the origional finder 2025-07-24 12:15:24 +01:00
Stephen Fewer 899e275155 Make the double quotes optional, reports of Server 2016 not using these, but Server 2019 is. Thanks @w0rk3r for the bug report and fix. 
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
 2025-07-23 23:51:42 +01:00
sfewer-r7 b8cf458706 the check routine was getting the /_layouts/15/error.aspx page, this will not be accessable unless Forms Based Authentication (FBA) is enabled on the site. A better choice is /_layouts/15/start.aspx as this is accessible regardless of FBA being enabled. Thanks @alexey-at-work-bc for identifying this and sugesting a fix. 2025-07-23 23:03:43 +01:00
sfewer-r7 7838e06f4f reimplement the gadget chain using the Metasploit Msf::Util::DotNetDeserialization routines 2025-07-23 17:36:56 +01:00
sfewer-r7 d2a1f7bae9 add in exploit for CVE-2025-53770 and CVE-2025-53771, Microsoft SharePoint Server ToolPane Unauthenticated Remote Code Execution (aka ToolShell) 2025-07-23 12:40:14 +01:00
jheysel-r7 05f2012ccc Merge pull request #20338 from Chocapikk/xorcom 
Add auxiliary and exploit modules for Xorcom CompletePBX 5.2.35 CVEs (2025-2292, 30004, 30005)
 2025-07-22 08:19:36 -07:00
jheysel-r7 00c8c773a3 Merge pull request #20375 from Chocapikk/wp_photo_gallery_sqli 
WP Photo Gallery by 10Web Unauthenticated SQLi (CVE-2022-0169)
 2025-07-18 16:37:14 -07:00
Diego Ledda 18d61d3763 Merge pull request #20356 from msutovsky-r7/exploit/pandorafms_netflow_rce 
Add module for authenticated PandoraFMS command injection (CVE-2025-5306)
 2025-07-17 11:58:54 +02:00
Chocapikk 7431958e5c Update url reference 2025-07-16 22:59:48 +02:00
Chocapikk 4e70dfe70d Rename mixin 2025-07-16 22:40:27 +02:00
Chocapikk efa49d2aa2 refactor(wp_photo_gallery): drop unused action + guard against LocalJumpError in SQLi helper 2025-07-16 22:04:13 +02:00
Chocapikk 7ddae3ec3f refactor(xorcom): rename helper to completepbx? + pass creds to completepbx_login 2025-07-16 21:48:34 +02:00
Chocapikk b06903810c feat(xorcom): add shared CompletePBX mixin, refactor modules, update docs 2025-07-16 21:25:17 +02:00
Valentin Lobstein 136cc0ab3d Update modules/auxiliary/scanner/http/xorcom_completepbx_diagnostics_file_read.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2025-07-16 19:33:44 +02:00
Valentin Lobstein 131ce6cb3f Update modules/auxiliary/scanner/http/xorcom_completepbx_diagnostics_file_read.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2025-07-16 19:33:31 +02:00
Valentin Lobstein daf6cb3c84 Update modules/exploits/linux/http/xorcom_completepbx_scheduler.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2025-07-16 19:33:23 +02:00
Valentin Lobstein 65b7415bcc Update modules/exploits/linux/http/xorcom_completepbx_scheduler.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2025-07-16 19:33:15 +02:00
Valentin Lobstein 82d558bf2a Update modules/exploits/linux/http/xorcom_completepbx_scheduler.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2025-07-16 19:33:04 +02:00
Jack Heysel e328a8f8c4 Fix update action in ad_cs_cert_template 2025-07-15 17:20:36 -07:00
jheysel-r7 914f874e12 Merge pull request #20216 from sjanusz-r7/add-graphql-aux-scanner-module 
Add GraphQL Auxiliary Scanner module
 2025-07-15 10:39:44 -07:00
Brendan b4188e70be Merge pull request #20357 from xaitax/add-windows-aarch64-winexec-payload 
Revive and Finalize windows/aarch64/exec Payload
 2025-07-11 10:18:17 -05:00
Chocapikk 9d56001643 fix 2025-07-10 16:20:53 +02:00
Valentin Lobstein cf0596a8e9 Update modules/auxiliary/gather/wp_photo_gallery_sqli.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2025-07-10 16:19:13 +02:00
Valentin Lobstein 69f8679ac2 Update modules/auxiliary/gather/wp_photo_gallery_sqli.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-07-10 16:18:27 +02:00
Chocapikk 622072bba4 WP Photo Gallery by 10Web Unauthenticated SQLi (CVE-2022-0169) 2025-07-10 13:22:19 +02:00
Brendan 36675ccd9a Merge pull request #20349 from sfewer-r7/0day-cve-2024-51978 
Add auxiliary module for multiple Brother devices authentication bypass (CVE-2024-51978)
 2025-07-09 13:07:25 -05:00
sfewer-r7 df24090fc0 fix typo in message 2025-07-09 14:59:54 +01:00
sfewer-r7 ab913b0416 make this error message not that no password may be present on the device 2025-07-09 14:58:59 +01:00
sfewer-r7 34952d73f6 display the AuthCookie if one is received 2025-07-09 10:15:30 +01:00
msutovsky-r7 ffdfa07954 Land #20354, adds module for ISPConfig code injection (CVE-2023-46818) 
Add module for ISPConfig Code Injection (CVE-2023-46818)
 2025-07-09 07:47:56 +02:00
jheysel-r7 79d67dd1f0 Merge pull request #20345 from zeroSteiner/feat/lib/ldap-adds/1 
Add an Active Directory LDAP Mixin
 2025-07-08 14:37:23 -07:00
Spencer McIntyre 2ab90df4b2 Check for full permissions on certs too 2025-07-08 15:46:43 -04:00
Spencer McIntyre 8b8b350950 Use the new function instead of the old 2025-07-08 15:01:54 -04:00
Spencer McIntyre 7cacc4cd45 Update the ad_cs_cert_template module too 2025-07-08 15:01:54 -04:00
Spencer McIntyre c2a06e341d Expand on the matcher logic 2025-07-08 15:01:46 -04:00
msutovsky-r7 93f902fe27 Land #20364, adds WingFTP unauthenticated RCE module 
Add WingFTP unauthenticated RCE (CVE-2025-47812)
 2025-07-07 13:12:10 +02:00
Martin Sutovsky 7d881567f2 Refactors code 2025-07-07 11:54:28 +02:00
msutovsky-r7 bc705b8c5a Land #20334, adds payload linux/x64/set_hostname 
Add payload/linux/x64/set_hostname module.
 2025-07-06 18:56:43 +02:00
Chocapikk 7629dd7518 DRY code, grab wingftp version in check method 2025-07-05 22:25:45 +02:00
Martin Sutovsky 1ee9d61de1 Running Rubocop 2025-07-05 15:57:38 +02:00
Umut f0a64b92a7 Update CachedSize 2025-07-04 18:22:52 +03:00
Umut 4cb523a20c Add exit(0) syscall 2025-07-04 18:21:20 +03:00
Martin Sutovsky b1de0c6313 Removes null-bytes 2025-07-04 12:30:01 +02:00
Martin Sutovsky dbe422698f Updates cached_size 2025-07-04 12:16:16 +02:00
Martin Sutovsky d0df343f74 Rewriting shellcode, making it smaller 2025-07-04 12:12:00 +02:00
Martin Sutovsky 195b874190 Addressing comments 2025-07-04 08:54:30 +02:00
Valentin Lobstein 6edbfb32ec Update modules/exploits/multi/http/wingftp_null_byte_rce.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2025-07-03 19:42:01 +02:00
happybear-21 1700b2eaaa fixed: rubocop issues, changes resolved 2025-07-03 21:25:19 +05:30
msutovsky-r7 0553d6b4e6 Land #20365, fixes/refactors the Maltrail RCE module 
Fix `exploit/unix/http/maltrail_rce.rb`
 2025-07-03 15:29:28 +02:00