adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
77,971 Commits 27 Branches 1,043 Tags
6d9d9a70d410cc94de4d3d9afd7a75cd426d43be
Commit Graph

4643 Commits

Author SHA1 Message Date
Stephen Fewer b8f36628da remove an unnecessary space in the command to write a chunk to disk. 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-11-21 16:08:33 +00:00
Stephen Fewer 077f8700b9 remove an unnecessary space in this command. 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-11-21 16:08:09 +00:00
h00die 0f6da56a52 vcenter sudo module 2024-11-21 04:34:15 -05:00
jheysel-r7 afbbba09e8 Land #19584 Judge0 sandbox escape CVE-2024-28185, CVE-2024-28189 2024-11-20 14:35:38 -08:00
Takah1ro da6f8cd552 Add Judge0 module and document 2024-11-20 14:15:38 -08:00
sfewer-r7 2469d4ea23 add in exploit module for the recent PAN-OS RCE, CVE-2024-0012 + CVE-2024-9474 2024-11-19 16:15:06 +00:00
bwatters-r7 441a3215b2 Catch up to head on other branch 2024-11-19 08:59:22 -06:00
h00die 6bd049e346 operator working 2024-11-18 20:09:13 -05:00
gardnerapp 19770cf870 Remove unneeded file and rudocop corrections 
Update modules/exploits/linux/local/gameoverlay_privesc.rb

Co-authored-by: Brendan <bwatters@rapid7.com>

Give bwatters7 credit, add docs

Experiment with randomized bash copy and Rex::File.join

remove unused line

Add missing parenthesis

fix problem with bash copy

Remove rex::join, call proper method for generating payload

add exploit::exe mixin, bash copy randomization

Rubocop changes

Remove nc
 2024-11-18 17:01:08 -06:00
gardnerapp 6e09722f67 Rubocop changes and arch tracking for payload 
Update modules/exploits/linux/local/gameoverlay_privesc.rb

Co-authored-by: Brendan <bwatters@rapid7.com>

Rubocop changes
 2024-11-18 16:59:37 -06:00
gardnerapp c6425f7245 Break out command building to make it easier to read 
Update modules/exploits/linux/local/gameoverlay_privesc.rb

Co-authored-by: Brendan <bwatters@rapid7.com>
 2024-11-18 16:58:56 -06:00
gardnerapp e506c34e13 Update modules/exploits/linux/local/gameoverlay_privesc.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2024-11-18 16:57:17 -06:00
gardnerapp 883a0f8985 Update modules/exploits/linux/local/gameoverlay_privesc.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2024-11-18 16:57:17 -06:00
gardnerapp 51194ad0c9 Rebase and maintain authorship 
Rebase and change payload delivery

Rebase and remove cmdstager
Update modules/exploits/linux/local/game_overlay_privesc.rb

Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>

remove CmdStager Mixin

Add PrependSetuid

Remove python from exploit

Remove generate_payload_exe and add dynamic directory to upper mount layer

Change where payload is dropped

Remove FileUtils module

Call proper method for generating payload

Seperate exploit and triggering of payload

Seperate exploit and triggering payload

test
 2024-11-18 16:55:59 -06:00
gardnerapp c927f22d66 Update modules/exploits/linux/local/game_overlay_privesc.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-11-18 16:44:33 -06:00
Corey 5edec2525f Rebase and Squash 
init

Add moduel scaffolding

Add Opts, check and exploit methods

Rubocop changes

Add checks for vunerable kernel versions

Write check for distro type

Finish protoype of check add exploit

Make changes to check method

Add checkcode

Add x86 for payload compatability

remove check, add kernel version

add codenam, transform keys in vuln

Note

minor spelling change

Add description

Add cve references

Start trying to drop payloads on disk

Change description, include modules for file upload, use proper methods for writing payload

continue trying to upload

Use write_file instead of upload_and_chmodx

remove upload_dir opt

expirement w g1vi exploit

Include cmd_stage module, add generate_payload_exe, run payload in new namespace

Add missing call to setcap, fix description

Fix unterminated string, fix directory for calling python copy

Rubocop changes

Create dynamic payload

Add mkdir_p and WritableDir opts

Update modules/exploits/linux/local/game_overlay_privesc.rb

Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>

Revert back to python exploit, add dynamic writable dir

Add todos

Remove FileUtils

Change module name

Add checkcodes

Add more checkcodes
 2024-11-18 16:41:38 -06:00
h00die f38661d6c3 pod user working 2024-11-18 07:30:21 -05:00
sfewer-r7 4856817131 fix a typo 2024-11-18 09:44:53 +00:00
sfewer-r7 feb1ac79da add in a suitable certificate and private key to use by default. 2024-11-15 17:41:31 +00:00
Spencer McIntyre 5d9add4450 Merge pull request #19640 from jheysel-r7/pyload_js2py_cve_2024_39205 
Pyload RCE (CVE-2024-39205) with js2py sandbox escape (CVE-2024-28397)
 2024-11-15 09:24:37 -05:00
sfewer-r7 e520ca7ee9 comment the intent of this code block 2024-11-15 12:29:31 +00:00
sfewer-r7 2ec5778405 get_cert_subject_item may return nil, so test for that here 2024-11-15 12:28:25 +00:00
sfewer-r7 51ad7ad0bf improve the send_packet logic to fail gracefully if bad data is recieved 2024-11-15 12:27:33 +00:00
sfewer-r7 c3bd4792ec rename SSLClientCert and SSLClientKey to ClientCert and ClientKey. This then matcheds up with ClientSerialNumber and ClientPlatform, which is clearer IMHO. Also, we explicitly create a Rex TCP socket, so these param names no longer collide with what a mixin would use 2024-11-15 09:44:50 +00:00
sfewer-r7 6eb15d5b66 add a helper method get_cert_subject_item 2024-11-15 09:42:59 +00:00
sfewer-r7 91587ce30b this message can be on a single line 2024-11-15 09:42:06 +00:00
sfewer-r7 e89c27fa3b fix some typos. Make msftidy happy. Add comments to the external references. 2024-11-15 08:54:32 +00:00
Jack Heysel 92e42a63ea Rubocop 2024-11-14 12:47:35 -08:00
Jack Heysel 4e1f33336c Ofuscation and Gemfile update 2024-11-14 12:44:19 -08:00
sfewer-r7 47f924bb8f add in the initial work on the FortiManager exploit. 2024-11-14 18:53:12 +00:00
Jack Heysel 526451fed5 Responded to comments 2024-11-14 10:46:11 -08:00
Jack Heysel 2ba8a6c08d Responded to comments 2024-11-13 17:23:08 -08:00
Jack Heysel 497ce5e9da Linting and Rex::RandomIdentifier update 2024-11-13 08:28:52 -08:00
h4x-x0r afdddf2e43 updated 2024-11-13 03:40:22 +00:00
Jack Heysel d2ef3cb6a9 Pyload RCE (CVE-2024-39205) with js2py sandbox escape (CVE-2024-28397) 2024-11-12 16:05:07 -08:00
Brendan 19e182ce65 Land #19557, Add Palo Alto Expedition RCE (CVE-2024-5910 & CVE-2024-9464) Module 
Palo Alto Expedition RCE (CVE-2024-5910 & CVE-2024-9464) Module
 2024-11-12 16:42:06 -06:00
h4x-x0r 6f6f92823a fixed typo 
fixed typo
 2024-11-12 15:15:15 +00:00
h4x-x0r fb102ec409 Update modules/exploits/linux/http/paloalto_expedition_rce.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2024-11-12 09:03:22 -06:00
h00die 4ebc6f1ff1 peer review 2024-11-11 17:37:33 -05:00
h00die 594c3a82ea peer review 2024-11-11 17:32:49 -05:00
bwatters-r7 03928a56bd Add staging file delete and code cleanup 2024-11-11 14:42:19 -06:00
Jack Heysel 3068511b66 CVE-2023:4220: Chamilo v1.11.24 Unrestricted File Upload 2024-11-11 11:33:34 -08:00
bwatters-r7 0308f46f74 Stage cmd payloads to a file before executing 2024-11-08 19:27:58 -06:00
h00die 0de93eedb7 asterisk ami auth rce 2024-11-04 16:27:58 -05:00
h00die 773355f0e8 making bcenter lpe progress 2024-11-04 16:26:08 -05:00
h00die 8ba4332c33 Merge remote-tracking branch 'upstream/master' into vcenter_privesc 2024-11-03 13:56:14 -05:00
h00die 9cba5dad59 WIP for asterisk rce 2024-11-01 16:28:45 -04:00
h4x-x0r 661075a45c handling additional case 
handling additional case when autocheck is disabled and no credentials are provided
 2024-10-22 03:42:39 +01:00
h4x-x0r 4d7d7f2c06 updated 
using instance variables instead of updating the datastores
 2024-10-21 22:07:43 +01:00
h4x-x0r 7028b807ed linting 
linting
 2024-10-21 21:45:04 +01:00