adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
77,971 Commits 27 Branches 1,043 Tags
6d9d9a70d410cc94de4d3d9afd7a75cd426d43be
Commit Graph

7862 Commits

Author SHA1 Message Date
sfewer-r7 6d9d9a70d4 add some comments to clarify what CVE-2025-49706 is 2025-07-25 11:01:22 +01:00
sfewer-r7 a81710486e add in a reference to the new technical analysis from the origional finder 2025-07-24 12:15:24 +01:00
Stephen Fewer 899e275155 Make the double quotes optional, reports of Server 2016 not using these, but Server 2019 is. Thanks @w0rk3r for the bug report and fix. 
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
 2025-07-23 23:51:42 +01:00
sfewer-r7 b8cf458706 the check routine was getting the /_layouts/15/error.aspx page, this will not be accessable unless Forms Based Authentication (FBA) is enabled on the site. A better choice is /_layouts/15/start.aspx as this is accessible regardless of FBA being enabled. Thanks @alexey-at-work-bc for identifying this and sugesting a fix. 2025-07-23 23:03:43 +01:00
sfewer-r7 7838e06f4f reimplement the gadget chain using the Metasploit Msf::Util::DotNetDeserialization routines 2025-07-23 17:36:56 +01:00
sfewer-r7 d2a1f7bae9 add in exploit for CVE-2025-53770 and CVE-2025-53771, Microsoft SharePoint Server ToolPane Unauthenticated Remote Code Execution (aka ToolShell) 2025-07-23 12:40:14 +01:00
Spencer McIntyre 50a2749f97 Merge pull request #20289 from cgranleese-r7/adds-mitre-attack-references 
Adds support for MITRE ATT&CK References
 2025-06-27 11:26:09 -04:00
adfoster-r7 a0bb2d8c89 Merge pull request #20298 from bcoles/modules-SSL 
Modules: Convert SSL default option to Boolean in several modules
 2025-06-26 15:00:59 +01:00
cgranleese-r7 a6cdb6deb9 Adds support for MITRE ATT&CK References 2025-06-25 17:24:47 +01:00
cgranleese-r7 04a18fb3ca Updates modules to remove non-printable chars 2025-06-25 14:19:56 +01:00
msutovsky-r7 fde78bf73f Land #20324, adds exploit for UNC path in .url files (CVE-2025-33053) 
Adds exploit module for Internet Shortcut UNC path vulnerability (CVE-2025-33053)
 2025-06-25 11:23:23 +02:00
cgranleese-r7 40ca2b3b1b Adds sentinel notes to modules that are missing stability, reliability or side effects 2025-06-25 09:32:01 +01:00
Martin Sutovsky 13cd2d2e51 Minor code changes, updates documentation 2025-06-24 16:22:42 +02:00
DevBuiHieu fa0d01f55c Update modules/exploits/windows/fileformat/cve_2025_33053.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-06-24 19:24:06 +07:00
cgranleese-r7 a454217bd4 Update info -d markdown 2025-06-24 11:21:49 +01:00
Martin Sutovsky dd6bb2c8dc Remove debug statements 2025-06-24 12:10:46 +02:00
Martin Sutovsky 3d9cc6063d Adds SMB server to send payload 2025-06-24 12:10:19 +02:00
Martin Sutovsky 6aa24a0762 Adds researchers in author section, base for WebDAV server 2025-06-23 15:38:09 +02:00
cgranleese-r7 37388ca1be Adds sentinel values to modules missing notes 2025-06-23 12:24:58 +01:00
bcoles b483312eca Modules: Convert SSL default option to Boolean in several modules 2025-06-23 19:38:36 +10:00
cgranleese-r7 ade9b54d94 Runs Style/TrailingCommaInArguments Rubocop against modules 2025-06-23 09:30:35 +01:00
bcoles e1dec29ef9 exploit/windows/browser/ms08_070_visual_studio_msmask: Cleanup and add documentation 2025-06-23 00:38:44 +10:00
cgranleese-r7 a4b14d8b64 Runs Rubocop to fix layout in modules 2025-06-20 15:18:01 +01:00
cgranleese-r7 42f31c0fce Fixes some conditionals in modules 2025-06-20 14:57:03 +01:00
DevBuiHieu dd51952b67 Update cve_2025_33053.rb 2025-06-19 21:32:34 +07:00
DevBuiHieu f3c4d9519f Update modules/exploits/windows/fileformat/cve_2025_33053.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-06-19 19:57:08 +07:00
DevBuiHieu a0f1b0c5b3 Update modules/exploits/windows/fileformat/cve_2025_33053.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-06-19 19:53:49 +07:00
DevBuiHieu efc0c2539d Update cve_2025_33053.rb 2025-06-19 19:53:22 +07:00
DevBuiHieu 600ffdb9b9 Update modules/exploits/windows/fileformat/cve_2025_33053.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-06-19 19:44:35 +07:00
DevBuiHieu 4fde40a96b Update modules/exploits/windows/fileformat/cve_2025_33053.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-06-19 19:43:56 +07:00
DevBuiHieu 1d27be2c1d Final code for CVE-2025-33053 exploit module 2025-06-18 03:53:08 -04:00
DevBuiHieu 20b8a9fcd3 Add some features and fix bugs for CVE-2025-33053 exploit module 2025-06-17 22:59:34 -04:00
DevBuiHieu 58609f3ff9 Add some features and fix bugs for CVE-2025-33053 exploit module 2025-06-17 22:32:57 -04:00
DevBuiHieu cb7badbfad Add some features and fix bugs for CVE-2025-33053 exploit module 2025-06-17 21:41:44 -04:00
DevBuiHieu fda69e0a74 Add some features and fix all errors for CVE-2025-33053 exploit module 2025-06-17 11:15:09 -04:00
DevBuiHieu 20629fe6b8 Add some features and fix all errors for CVE-2025-33053 exploit module 2025-06-17 02:49:10 -04:00
DevBuiHieu 9e5dd0962a Add some features and delete old files for CVE-2025-33053 exploit module 2025-06-17 01:32:07 -04:00
DevBuiHieu 7ad7c62f03 Add some features and delete old files for CVE-2025-33053 exploit module 2025-06-17 01:20:09 -04:00
DevBuiHieu f81ddf82f1 Add some features for CVE-2025-33053 exploit module 2025-06-17 01:00:35 -04:00
bcoles 3272ee0f28 Modules: Convert DisableNops property to Boolean in several modules 2025-06-10 23:57:52 +10:00
Julien Voisin 486390d881 Update ms10_061_spoolss.rb 2025-06-02 20:45:44 +02:00
Julien Voisin 54c5e7df18 Update modules/exploits/windows/smb/ms10_061_spoolss.rb 
Co-authored-by: cgranleese-r7 <69522014+cgranleese-r7@users.noreply.github.com>
 2025-06-02 16:04:59 +02:00
Julien Voisin 0106a4440e Merge branch 'master' into aka_equationgroup 2025-05-30 17:17:54 +02:00
Diego Ledda ce6e0d1164 Merge pull request #20096 from h00die-gr3y/CVE-2025-30406 
Gladinet CentreStack/Triofox ASP.NET ViewState Deserialization [CVE-2025-30406]
 2025-05-28 13:46:13 +02:00
cgranleese-r7 f6faa5598b Fixes modules to now correctly use a hash with report note 2025-05-22 10:59:50 +01:00
bcoles 943c94774a Modules: Resolve Rubocop Lint/Syntax violations 2025-05-21 18:27:24 +10:00
h4x-x0r 647545c5ef Update magicinfo_traversal.rb 2025-05-15 22:13:08 +01:00
h4x-x0r bd181f8a13 Update magicinfo_traversal.rb 2025-05-15 22:11:23 +01:00
h4x-x0r 6d2a1e529e Update magicinfo_traversal.rb 2025-05-15 20:11:59 +01:00
h4x-x0r e9c88b55f2 cleanup 2025-05-09 22:39:30 +01:00