adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
77,971 Commits 27 Branches 1,043 Tags
6d9d9a70d410cc94de4d3d9afd7a75cd426d43be
Commit Graph

38478 Commits

Author SHA1 Message Date
adfoster-r7 fabb5d1f78 Land #19422, pgAdmin 8.4 RCE / CVE-2024-3116 2024-08-28 18:54:53 +01:00
adfoster-r7 aaf95f9134 Apply suggestions from code review 2024-08-28 18:46:08 +01:00
Chocapikk 9eb630d993 Add credit 2024-08-28 19:20:32 +02:00
Chocapikk 6bec3d2db0 Lint 2024-08-28 19:16:26 +02:00
igomeow d0d4c3083a Fixing error message 2024-08-28 18:33:31 +02:00
igomeow 2b7cf76fc8 Fixing wrong SideEffects and Reliability values 2024-08-28 18:20:20 +02:00
igomeow 251c1c0c1e Adding check for host operating system 2024-08-28 18:17:36 +02:00
jvoisin 2c79c3d02f Add a mixin to get SPIP version and make use of it 2024-08-28 17:17:53 +02:00
Spencer McIntyre a22db071f0 Appease rubocop 2024-08-28 10:46:48 -04:00
h4x-x0r 018b041335 cleanup 
cleanup
 2024-08-28 15:40:35 +01:00
Valentin Lobstein 57343d3bc4 Update modules/exploits/multi/http/wp_givewp_rce.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-08-28 13:00:20 +02:00
jvoisin 24750deab3 Add modules/encoders/php/hex.rb 
This one increases the size of the payload by a bit more than a factor two,
but should be able to generate a valid encoded payload in some pathological
BADCHAR situations where modules/encoders/php/base64.rb can't.
 2024-08-28 12:19:04 +02:00
bwatters 02eb49ed00 Land #19395, Electerm post password gather module 
Merge branch 'land-19395' into upstream-master
 2024-08-27 16:17:45 -05:00
Chocapikk 1d7cffbdac Refactored exploit module based on RCESecurity's analysis of CVE-2024-5932 
- Completely overhauled the method for exploiting the GiveWP plugin by removing dependency on the REST API, which may require authentication.
- Instead, we now use the admin-ajax.php endpoint for retrieving form lists and nonce values, ensuring compatibility even when REST API authentication is required.
- The exploit now works with all form types; however, the give_price_id and give_amount must be set to '0' and '0.00', respectively, as attempts to randomize these values caused the exploit to fail.
 2024-08-27 22:15:12 +02:00
Jack Heysel 8bf354cad2 Land #19417, Improve wp_backup_migration_php exploit 
The new PHP filter chain evaluates a POST parameter, which simplifies
the process and reduces the payload size enabling the module to send the
entire paylaod in one POST request instead of writing the payload to a
file character by character over many POST requests. Support for both
Windows and Linux Meterpreter payloads, not just PHP Meterpreter, has
also been added.
 2024-08-27 15:17:00 -04:00
Chocapikk 7f37731396 Lint 2024-08-27 21:14:35 +02:00
Chocapikk 80c784f0e8 Update detail about payloads 2024-08-27 21:07:18 +02:00
Chocapikk 23cd137fbd Update module 2024-08-27 20:28:44 +02:00
Chocapikk bc7840ea7f Add wp_givewp_rce exploit module 2024-08-27 19:50:35 +02:00
bwatters 6c24e0a952 Land #19393, Update OFBiz ProgramExport RCE for Patch Bypass 
Merge branch 'land-19393' into upstream-master
 2024-08-27 11:48:38 -05:00
bwatters 4af2294709 Land #19386, Ivanti Virtual Traffic Manager (vTM) Authentication Bypass (CVE-2024-7593) Module 
Merge branch 'land-19386' into upstream-master
 2024-08-27 09:39:10 -05:00
Jack Heysel 49d382692a Land #19377, Add compressinon to php/base64 
This enables users to set a datastore option in enocoders/php/base64
which will compress the payload using zlib, greatly reducing its size
 2024-08-27 10:27:45 -04:00
Simon Janusz 3ad24b45e3 Land #19241, Remove uri unescape usage 2024-08-27 15:22:43 +01:00
bwatters f74b7ccef5 Land #19415, Update the ldap_esc_vulnerable_cert_finder module 
Merge branch 'land-19415' into upstream-master
 2024-08-26 18:28:33 -05:00
bwatters 84431b0a4e Land #19380, Control iD iDSecure Authentication Bypass (CVE-2023-6329) Module 
Merge branch 'land-19380' into upstream-master
 2024-08-26 18:09:09 -05:00
igomeow 6326cac8d4 Fixing nil safe issue 2024-08-26 23:23:43 +02:00
igomeow 7e9f52dd0b Github release 2024-08-26 23:02:53 +02:00
Spencer McIntyre db7dc6596f Fix rubocop complaints 2024-08-26 16:59:04 -04:00
jheysel-r7 573643a7b4 Update modules/encoders/php/base64.rb 2024-08-26 16:35:29 -04:00
Spencer McIntyre b61e6b1cc2 Add ARCH_X64 and test it, refactor to drop EXENAME 2024-08-26 16:25:03 -04:00
jvoisin 656c8fd4fb Remove some useless code in modules/encoders/php/base64.rb 
The payload is always quoted since 975de9d479, so
there is no need to care if the first character is alpha or not.
This has some chance to make the payload 5 chars smaller, woo!
 2024-08-26 22:21:27 +02:00
Jack Heysel e0037fb167 Land #19376, Fix php/base64 encoder 
This fixes the php/base64 encoder which was previously generating php
payloads that were failing when being being run
 2024-08-26 16:08:03 -04:00
igomeow d1ce041fd0 Inital commit and Rubocop fixes 2024-08-26 19:27:20 +02:00
Chocapikk 05b1837e7b Random parameter generation 2024-08-24 17:27:13 +02:00
Chocapikk 4ee30b24cb Rewrite wp_backup_migration_php_filter 2024-08-24 17:16:58 +02:00
h4x-x0r 6532255600 PoC & Documentation 
PoC & Documentation
 2024-08-23 23:21:49 +01:00
Spencer McIntyre 4cfa93f878 Update the ldap_esc_vulnerable_cert_finder module 2024-08-23 16:49:30 -04:00
dledda-r7 ec5892ff1f Land #19363, Ray Modules CVE-2023-6019 CVE-2023-6020 CVE-2023-48022 2024-08-23 04:55:17 -04:00
jvoisin debb01062d Improve a bit modules/post/linux/gather/checkvm.rb 
Based on some old notes that I never bothered to upstream into metasploit.
 2024-08-22 23:19:09 +02:00
Jack Heysel 6689614d8f Responded to comments 2024-08-22 13:06:29 -07:00
三米前有蕉皮 ea6efff830 Update modules/post/multi/gather/electerm.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2024-08-22 22:28:01 +08:00
Jack Heysel 31348dac33 Windows LPE CVE-2024-30088 2024-08-21 23:16:37 -07:00
dledda-r7 35da4662ed Land #19351, DIAEnergie SQL Injection 2024-08-21 09:44:15 -04:00
Takah1ro 39f81e0a45 Update check function 2024-08-21 22:32:53 +09:00
Takah1ro ee58313d64 Update check function 2024-08-21 22:09:56 +09:00
dwelch-r7 f3a220518a Land #19394, SPIP Unauthenticated RCE Exploit 2024-08-21 13:58:26 +01:00
Takahiro Yokoyama c66540ef2f Update modules/exploits/linux/http/ray_agent_job_rce.rb 
use MeterpreterTryToFork to avoid a meterpreter session get killed

Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2024-08-21 21:38:37 +09:00
dwelch-r7 8d838d4d56 Land #19366, Jenkins Login Scanner improvments 2024-08-21 10:28:22 +01:00
Chocapikk 62ab17b14d Update documentation and Docker Compose for SPIP, remove Rex.sleep() in Metasploit module due to stable payload. 2024-08-20 19:41:05 +02:00
Valentin Lobstein fdbf7dd3ef Update modules/exploits/multi/http/spip_porte_plume_previsu_rce.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-08-20 18:54:03 +02:00