adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
77,971 Commits 27 Branches 1,043 Tags
6d9d9a70d410cc94de4d3d9afd7a75cd426d43be
Commit Graph

2875 Commits

Author SHA1 Message Date
Jack Heysel 7f62dd2143 Responded to comments 2024-04-04 13:39:22 -07:00
Jack Heysel 531e7baa02 Add reminder todo 2024-04-03 17:08:09 -07:00
Jack Heysel 03fced404a Apache Solr Backup Restore RCE 
Writing file to disk working

working on linux

wip authentcaiton

Consolodated conf folders into one

Renamed conf1 to conf in msf data dir

Randomize the configuration name

Docs plus finishing touches

rubocop

Updated exploit file location

Removed unused external dir

Reduced conf folder
 2024-04-02 11:33:52 -07:00
Jack Heysel d7f3fd8cc0 Land #18915, Add Watchguard RCE CVE-2022-26318 
This PR adds a module for a buffer overflow at the administration
interface of WatchGuard Firebox and XTM appliances. The appliances are
built from a cherrypy python backend sending XML-RPC requests to a C
binary called wgagent using pre-authentication endpoint /agent/login.
This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before
12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. Successful
exploitation results in remote code execution as user nobody.
 2024-03-28 10:24:32 -07:00
h00die-gr3y 6e6f1beb92 update addressing jheysel-r7 comments 2024-03-28 08:43:08 +00:00
bwatters e775c7c20a Land #18967, Artica Proxy unauthenticated RCE [CVE-2024-2054] 
Merge branch 'land-18967' into upstream-master
 2024-03-25 15:25:27 -05:00
h00die-gr3y f217312ad1 module and documentation updates based on review comments (bwatters-r7/cgranleese-r7) 2024-03-21 16:13:55 +00:00
Jack Heysel 2b90d33aef Land #18618, Add OpenNMS privesc and auth RCE 
This module exploits built-in functionality in OpenNMS Horizon in order
to execute arbitrary commands as the opennms user. For versions 32.0.2
and higher, this module requires valid credentials for a user with
ROLE_FILESYSTEM_EDITOR privileges and either ROLE_ADMIN or ROLE_REST.
For versions 32.0.1 and lower, credentials are required for a user with
ROLE_FILESYSTEM_EDITOR, ROLE_REST, and/or ROLE_ADMIN privileges.
 2024-03-20 12:54:16 -07:00
Jack Heysel 6cd7f44197 rubocop 2024-03-20 11:39:19 -07:00
Jack Heysel 149dc15b21 Add check to see if notifications are enabled 2024-03-20 11:33:15 -07:00
DaveYesland 1a8233dfe7 msftidy cleanup 2024-03-19 14:52:28 -07:00
DaveYesland e32d05eab8 Add module and docs for CVE-2024-1212 2024-03-19 11:37:12 -07:00
h00die-gr3y e84fe947c2 third release module and documentation updates 2024-03-15 23:33:29 +00:00
h00die-gr3y 5dd75e174b second release module and documentation 2024-03-15 18:27:59 +00:00
h00die-gr3y df0012a63f initial release module 2024-03-15 16:10:05 +00:00
h00die-gr3y 7f02daf37d use send_request_cgi for payload delivery 2024-03-08 10:53:45 +00:00
h00die-gr3y 66e7f3c582 third release module 2024-03-07 21:22:14 +00:00
h00die-gr3y 6bc74364e1 second release module 2024-03-04 18:57:54 +00:00
h00die-gr3y 5d20321153 first release module 2024-03-03 19:38:02 +00:00
Jack Heysel 0aa20c73a4 Land #18832, Add exploit module CVE-2023-47218 
The PR adds a module targeting CVE-2023-47218, an
unauthenticated command injection vuln affecting QNAP
QTS and QuTH Hero.
 2024-02-21 08:48:30 -08:00
bwatters d21e4080a9 Land #18792, Ivanti Connect Secure - Unauth RCE (CVE-2024-21893 + CVE-2024-21887) #18792 
Merge branch 'land-18792' into upstream-master
 2024-02-20 17:40:12 -06:00
Jack Heysel 8cddffa3d1 Land #18700, Add Kafka-ui Unauth RCE module 
This PR adds an exploit module for CVE-2023-52251 which
is an unauthenticated rce vulnerability in Kafka's UI.
 2024-02-16 15:38:52 -05:00
Jack Heysel a1b0ff0fcf Land #18681, Update Apache Ofbiz w. Auth-Bypass 
This PR updates the pre-existing apache_ofbiz_deserialization
module to include functionality that will bypass authentication by
using the newly discovered CVE-2023-51467.
 2024-02-16 15:02:34 -05:00
Jack Heysel 6c252de974 Docs plus minor edits 2024-02-15 17:12:11 -05:00
h00die-gr3y d716e60cf2 added base64 encoder module of zerosteiner 2024-02-14 21:33:50 +00:00
h00die-gr3y f5c71d09c2 using data/kafka_ui_versions.json for the version check 2024-02-14 20:57:46 +00:00
H00die.Gr3y 8b70cefd83 Update modules/exploits/linux/http/kafka_ui_unauth_rce_cve_2023_52251.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-02-14 20:57:46 +00:00
h00die-gr3y f75722ecf2 Small updates to module and documentation 2024-02-14 20:57:46 +00:00
h00die-gr3y dde7e3c5d3 Small tweaks to verbose messages 2024-02-14 20:57:46 +00:00
h00die-gr3y d5f30befbb Second release of module 2024-02-14 20:57:46 +00:00
h00die-gr3y 3db32da70f First release of module. 2024-02-14 20:57:45 +00:00
Jack Heysel d987b81591 Use Rex MIME Message 2024-02-14 13:15:37 -05:00
sfewer-r7 423bf0c519 work in progress exploit module for cve-2023-47218 2024-02-13 17:32:14 +00:00
sfewer-r7 1f292c8a73 remove the linux and unix targets in favor of a single automatic target 2024-02-09 09:26:08 +00:00
h00die 84278b8e0e fix ofbiz auto detection 2024-02-06 16:45:02 -05:00
sfewer-r7 03a58c784b fix typo in variable name 2024-02-06 14:08:54 +00:00
sfewer-r7 367783bcb5 add in RCE exploit for CVE-2024-21893 2024-02-06 11:49:04 +00:00
h00die 2efbf6e2f5 review comments 2024-01-29 17:21:06 -05:00
ErikWynter 14181572c1 add PRIVESC_SAVE_DELAY option for opennms authenticated RCE 2024-01-27 01:13:04 +02:00
ErikWynter acc15c23fe Add code review changes to opennms auth rce 2024-01-27 00:10:45 +02:00
Jack Heysel c278ef9b73 Land #18648, Add Module for GL.iNet products 
This PR adds an exploit module for a number of
different GL.iNet network products. The module combines
an auth by-pass CVE-2023-50919 with an RCE CVE-2023-50445.
 2024-01-23 14:57:29 -05:00
jheysel-r7 13d2968fad Capitalize remaining references to Meterpreter 2024-01-23 13:11:03 -05:00
h00die-gr3y 8d7907edee Update based on @jheysel-r7 comments 2024-01-23 10:10:21 +00:00
adfoster-r7 094d6ee36b Add additional reliability and stability notes to modules 2024-01-22 23:29:57 +00:00
h00die-gr3y 919c846064 Final small updates (removed UDP and corrected typo in release date 2024-01-20 11:27:10 +00:00
Spencer McIntyre 06dcc82ced Land #18630, Add CVE-2023-50917: MajorDoMo RCE 
Add CVE-2023-50917: MajorDoMo Command Injection Module
 2024-01-19 17:10:40 -05:00
sfewer-r7 de6ed9e1d6 use get_json_document instead of JSON.parse 2024-01-18 15:35:43 +00:00
sfewer-r7 4ff399844f By replacing the trailing ';' with a '#' we comment out the remaining portion of the command string (Thank you @jvoisin). We must also include a space character for this to work as expected, doing so also removes the need to bootstrap the Linux payloads with a separate file. 2024-01-18 10:04:38 +00:00
Stephen Fewer c74fd86961 Update modules/exploits/linux/http/ivanti_connect_secure_rce_cve_2023_46805.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-01-18 09:18:46 +00:00
Stephen Fewer 3bb1d2bc02 Update modules/exploits/linux/http/ivanti_connect_secure_rce_cve_2023_46805.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-01-18 09:18:35 +00:00