adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
77,971 Commits 27 Branches 1,043 Tags
6d9d9a70d410cc94de4d3d9afd7a75cd426d43be
Commit Graph

19741 Commits

Author SHA1 Message Date
sfewer-r7 6d9d9a70d4 add some comments to clarify what CVE-2025-49706 is 2025-07-25 11:01:22 +01:00
sfewer-r7 a81710486e add in a reference to the new technical analysis from the origional finder 2025-07-24 12:15:24 +01:00
Stephen Fewer 899e275155 Make the double quotes optional, reports of Server 2016 not using these, but Server 2019 is. Thanks @w0rk3r for the bug report and fix. 
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
 2025-07-23 23:51:42 +01:00
sfewer-r7 b8cf458706 the check routine was getting the /_layouts/15/error.aspx page, this will not be accessable unless Forms Based Authentication (FBA) is enabled on the site. A better choice is /_layouts/15/start.aspx as this is accessible regardless of FBA being enabled. Thanks @alexey-at-work-bc for identifying this and sugesting a fix. 2025-07-23 23:03:43 +01:00
sfewer-r7 7838e06f4f reimplement the gadget chain using the Metasploit Msf::Util::DotNetDeserialization routines 2025-07-23 17:36:56 +01:00
sfewer-r7 d2a1f7bae9 add in exploit for CVE-2025-53770 and CVE-2025-53771, Microsoft SharePoint Server ToolPane Unauthenticated Remote Code Execution (aka ToolShell) 2025-07-23 12:40:14 +01:00
jheysel-r7 05f2012ccc Merge pull request #20338 from Chocapikk/xorcom 
Add auxiliary and exploit modules for Xorcom CompletePBX 5.2.35 CVEs (2025-2292, 30004, 30005)
 2025-07-22 08:19:36 -07:00
Diego Ledda 18d61d3763 Merge pull request #20356 from msutovsky-r7/exploit/pandorafms_netflow_rce 
Add module for authenticated PandoraFMS command injection (CVE-2025-5306)
 2025-07-17 11:58:54 +02:00
Chocapikk 7431958e5c Update url reference 2025-07-16 22:59:48 +02:00
Chocapikk 4e70dfe70d Rename mixin 2025-07-16 22:40:27 +02:00
Chocapikk 7ddae3ec3f refactor(xorcom): rename helper to completepbx? + pass creds to completepbx_login 2025-07-16 21:48:34 +02:00
Chocapikk b06903810c feat(xorcom): add shared CompletePBX mixin, refactor modules, update docs 2025-07-16 21:25:17 +02:00
Valentin Lobstein daf6cb3c84 Update modules/exploits/linux/http/xorcom_completepbx_scheduler.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2025-07-16 19:33:23 +02:00
Valentin Lobstein 65b7415bcc Update modules/exploits/linux/http/xorcom_completepbx_scheduler.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2025-07-16 19:33:15 +02:00
Valentin Lobstein 82d558bf2a Update modules/exploits/linux/http/xorcom_completepbx_scheduler.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2025-07-16 19:33:04 +02:00
msutovsky-r7 ffdfa07954 Land #20354, adds module for ISPConfig code injection (CVE-2023-46818) 
Add module for ISPConfig Code Injection (CVE-2023-46818)
 2025-07-09 07:47:56 +02:00
msutovsky-r7 93f902fe27 Land #20364, adds WingFTP unauthenticated RCE module 
Add WingFTP unauthenticated RCE (CVE-2025-47812)
 2025-07-07 13:12:10 +02:00
Martin Sutovsky 7d881567f2 Refactors code 2025-07-07 11:54:28 +02:00
Chocapikk 7629dd7518 DRY code, grab wingftp version in check method 2025-07-05 22:25:45 +02:00
Martin Sutovsky 195b874190 Addressing comments 2025-07-04 08:54:30 +02:00
Valentin Lobstein 6edbfb32ec Update modules/exploits/multi/http/wingftp_null_byte_rce.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2025-07-03 19:42:01 +02:00
happybear-21 1700b2eaaa fixed: rubocop issues, changes resolved 2025-07-03 21:25:19 +05:30
Chocapikk 1944c699f8 Fix exploit/unix/http/maltrail_rce.rb 2025-07-03 14:07:14 +02:00
Valentin Lobstein d79810a7e3 Update modules/exploits/multi/http/wingftp_null_byte_rce.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-07-03 13:54:11 +02:00
Valentin Lobstein d625ab5fbc Update modules/exploits/multi/http/wingftp_null_byte_rce.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-07-03 13:54:01 +02:00
Valentin Lobstein 32f7754774 Update modules/exploits/multi/http/wingftp_null_byte_rce.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-07-02 14:42:34 +02:00
Chocapikk 5b268bd4b4 Fix documentation and typos 2025-07-01 22:50:01 +02:00
Chocapikk f7a649c121 Remove php mixin and arch 2025-07-01 19:43:21 +02:00
Chocapikk 5d9eb58848 Remove useless mixin 2025-07-01 19:39:26 +02:00
Chocapikk 1a4a15e83b Add WingFTP unauthenticated RCE (CVE-2025-47812) 2025-07-01 19:15:15 +02:00
happybear-21 03e943726a resolved: changes updated methods 2025-07-01 21:33:41 +05:30
happybear-21 20134b5ced resolved: changes 2025-07-01 15:37:10 +05:30
Chocapikk 8373634932 Add defanged mode, fix metadata, add error handling for zip files 2025-06-30 17:38:13 +02:00
happybear-21 47f2ba2861 removed: unused imports, and functions, removed: falsey statements, resolved: changes 2025-06-30 20:34:17 +05:30
happybear-21 ff15b581ed resolved: issues 2025-06-29 12:34:38 +05:30
Martin Sutovsky af4cd2ab6a Addresses comments, fixes check method 2025-06-28 17:05:52 +02:00
happybear-21 e77abd9bbc added: automatic admin_allow_langedit permission checking and enabling capability 2025-06-28 16:20:49 +05:30
Spencer McIntyre 50a2749f97 Merge pull request #20289 from cgranleese-r7/adds-mitre-attack-references 
Adds support for MITRE ATT&CK References
 2025-06-27 11:26:09 -04:00
msutovsky-r7 126bff18a1 Land #20346, fixes payload encoding and substitutes for smaller base64 encoder 
Use the smaller base64 encoder
 2025-06-27 17:15:05 +02:00
happybear-21 93a8334699 fixed: build issue 2025-06-27 20:16:07 +05:30
happybear-21 840ae0f317 resolved: issues 2025-06-27 19:42:35 +05:30
Diego Ledda a7b038b822 Merge pull request #20341 from msutovsky-r7/exploit/skyvern_ssti_rce 
Adds module for Skyvern SSTI (CVE-2025-49619)
 2025-06-27 14:14:40 +02:00
Martin Sutovsky ee890a83ca Adds BadChars 2025-06-27 11:03:08 +02:00
Martin Sutovsky 37e8780a6b Code refactor, docs 2025-06-27 10:26:31 +02:00
adfoster-r7 a0bb2d8c89 Merge pull request #20298 from bcoles/modules-SSL 
Modules: Convert SSL default option to Boolean in several modules
 2025-06-26 15:00:59 +01:00
happybear-21 016f4ea142 resolved: issues 2025-06-26 10:26:05 +05:30
happybear-21 d787444137 Add exploit module for ISPConfig language_edit.php PHP Code Injection (CVE-2023-46818) 
- Adds modules/exploits/linux/http/ispconfig_lang_edit_php_code_injection.rb
- Adds documentation for the module in documentation/modules/exploit/linux/http/ispconfig_lang_edit_php_code_injection.md
- Module targets ISPConfig < 3.2.11p1 with admin_allow_langedit enabled
- References and implementation based on PoC and advisories at https://github.com/SyFi/CVE-2023-46818
 2025-06-25 22:27:52 +05:30
cgranleese-r7 a6cdb6deb9 Adds support for MITRE ATT&CK References 2025-06-25 17:24:47 +01:00
cgranleese-r7 00c88caffb Updates incorrect arch values in modules 2025-06-25 16:57:27 +01:00
cgranleese-r7 04a18fb3ca Updates modules to remove non-printable chars 2025-06-25 14:19:56 +01:00