adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
77,217 Commits 27 Branches 1,043 Tags
72ae91e4bc763da378bbd5be104f642f9d7eebc1
Commit Graph

4560 Commits

Author SHA1 Message Date
jheysel-r7 4b9032a487 Merge pull request #20060 from mekhalleh/rce_cve-2025-21293 
Added exploit module for CVE-2025-32433 (Erlang/OTP)
 2025-05-02 07:05:30 -07:00
RAMELLA Sebastien 8da70b64d7 modify exploit response message 
Signed-off-by: RAMELLA Sebastien <sebastien.ramella@pirates.re>
 2025-05-02 13:41:47 +04:00
RAMELLA Sebastien eef2fac8dc add HrrRbSsh and fix exploit response message 
Signed-off-by: RAMELLA Sebastien <sebastien.ramella@pirates.re>
 2025-05-02 13:18:21 +04:00
Chocapikk 73f0963d81 Lint ^^ 2025-04-30 16:16:30 +02:00
Valentin Lobstein 691cead95c Update modules/exploits/linux/http/craftcms_preauth_rce_cve_2025_32432.rb 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2025-04-30 16:10:32 +02:00
Valentin Lobstein c85fe60596 Update modules/exploits/linux/http/craftcms_preauth_rce_cve_2025_32432.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-04-30 11:33:14 +02:00
Valentin Lobstein 301e9e64e7 Update modules/exploits/linux/http/craftcms_preauth_rce_cve_2025_32432.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-04-30 11:32:58 +02:00
Chocapikk 39a5d710aa Refactor module: modularization, session-path leak, randomized key, improved check 
- Centralized fetch_cookies_and_csrf and execute_via_session methods for clarity
- Added leak_session_path() to call send_transform("phpinfo") and parse session.save_path via XPath
- In check(): first try to leak the PHP session directory (report vulnerable if successful), then perform a simple RCE check by summing two 4-digit random numbers with print_r()
- Stub injection now happens once in fetch_cookies_and_csrf; execute_via_session only needs the payload
- Randomized the "as hack" key in send_transform
- Simplified exploit() to reuse execute_via_session with a Base64-encoded payload
- Big thanks to @jvoisin for the suggestions!
 2025-04-30 00:24:25 +02:00
Valentin Lobstein 9d0d12004e Update modules/exploits/linux/http/craftcms_preauth_rce_cve_2025_32432.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-04-29 19:59:09 +02:00
Valentin Lobstein 59b9249cec Update modules/exploits/linux/http/craftcms_preauth_rce_cve_2025_32432.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-04-29 19:58:38 +02:00
RAMELLA Sebastien 32a8e6797e fixes review 
Signed-off-by: RAMELLA Sebastien <sebastien.ramella@pirates.re>
 2025-04-27 20:31:13 +04:00
Chocapikk a0e9758c7f Improve error handling, and search csrf_token in root uri 2025-04-27 08:01:17 +02:00
Chocapikk ba094199da Fix typo 2025-04-26 10:41:30 +02:00
Chocapikk 332c61b6ea Fix cookie handling and switch to send_request_cgi for HTTP requests 2025-04-26 08:24:11 +02:00
Chocapikk 3e96b4148e Add comment about msftidy issue 2025-04-26 06:02:27 +02:00
Chocapikk 9392d0bdf9 Add suggestions 2025-04-26 05:56:41 +02:00
Chocapikk c4e621f3cf Add new exploit for CVE-2025-32432: Craft CMS Preauth RCE 2025-04-26 05:43:13 +02:00
RAMELLA Sebastien 740a8130d4 combine modules 
Signed-off-by: RAMELLA Sebastien <sebastien.ramella@pirates.re>
 2025-04-25 10:35:16 +04:00
adfoster-r7 1bfb43a467 Merge pull request #20077 from adfoster-r7/update-haraka-module-to-work-with-newer-python-versions 
Update haraka module to work with newer python versions
 2025-04-23 17:43:53 +01:00
adfoster-r7 da8e9e1b03 Update haraka module to work with newer python versions 2025-04-23 17:28:29 +01:00
Takah1ro dc8531e37f Fix after applied suggestions (escape ') 2025-04-22 21:57:05 +09:00
Takahiro Yokoyama f579235b95 Apply suggestions from code review 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2025-04-22 21:53:05 +09:00
RAMELLA Sebastien 0a428b8d03 add scanner capability + code review 
Signed-off-by: RAMELLA Sebastien <sebastien.ramella@pirates.re>
 2025-04-20 18:02:52 +04:00
RAMELLA Sebastien fbbaab9480 fix. fail with timeout expired 
Signed-off-by: RAMELLA Sebastien <sebastien.ramella@pirates.re>
 2025-04-19 00:51:54 +04:00
RAMELLA Sebastien 59ed219775 Added exploit module for CVE-2025-21293 (Erlang/OTP) 
Signed-off-by: RAMELLA Sebastien <sebastien.ramella@pirates.re>
 2025-04-19 00:18:46 +04:00
Takah1ro e1b5109c70 Add BentoML RCE module (CVE-2025-32375) 2025-04-17 20:46:43 +09:00
Takahiro Yokoyama 5945e0db0e Update modules/exploits/linux/http/bentoml_rce_cve_2025_27520.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-04-16 22:05:04 +09:00
Takah1ro edcc30699a Make user be able to specify a particular endpoint 2025-04-16 21:47:31 +09:00
Takah1ro 4463bb2ced Support a pure-python payload 2025-04-16 21:25:36 +09:00
Takah1ro 6d936a72b1 Delete ARTIFACTS_ON_DISK 2025-04-16 20:54:22 +09:00
Takah1ro e51cd24383 Add BentoML RCE module (CVE-2025-27520) 2025-04-15 22:46:42 +09:00
msutovsky-r7 fe9a0ad25b Land #20008, PandoraFMS Auth RCE module 
Pandora FMS authenticated RCE [CVE-2024-12971]
 2025-04-08 07:50:28 +02:00
h00die-gr3y 40ba981c98 update based on reviewer suggestions 2025-04-07 14:29:51 +00:00
Takah1ro 39e4093310 Rubocop formatting after applied suggestions 2025-04-07 21:03:58 +09:00
Takahiro Yokoyama 7aabe06f66 Apply suggestions from code review 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-04-07 20:59:57 +09:00
Takah1ro ec6f4022cd Make the Ruby code error-safe 2025-04-07 20:28:57 +09:00
Takah1ro f42083db03 Increased the size of email to avoid duplicate 2025-04-07 20:23:31 +09:00
Takahiro Yokoyama 35c1ccccdb Update modules/exploits/linux/http/appsmith_rce_cve_2024_55964.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-04-07 20:06:55 +09:00
h00die-gr3y 76fb34a5db small update in description of the module and documentation 2025-04-06 10:49:03 +00:00
h00die-gr3y 8a72fd6861 init module and documentation 2025-04-06 10:33:56 +00:00
Takah1ro 139dd50333 Add Appsmith RCE module (CVE-2024-55964) 2025-04-05 14:56:04 +09:00
jheysel-r7 08e227faca Merge pull request #19934 from sfewer-r7/bugfix-cisco-iosxe-rce 
Improve exploit/linux/misc/cisco_ios_xe_rce (CVE-2023-20198 + CVE-2023-20273)
 2025-03-27 16:51:16 -07:00
Spencer McIntyre bf1f919d9f Merge pull request #19957 from msutovsky-r7/auxmodule-eramba-update 
Auxmodule eramba update
 2025-03-25 13:54:24 -04:00
Martin Sutovsky 95f9e22eff Addressing comments 2025-03-20 20:46:38 +01:00
Martin Sutovsky df027f3fdd Update documentation, adding more precise check, removing unnecessary characters 2025-03-20 15:18:55 +01:00
msutovsky-r7 741a222e9a Land #19961, fixing incorrect URL in the InvoiceNinja module 
BUGFIX invoiceninja module - fixed invalid attackerkb reference
 2025-03-14 11:15:23 +01:00
msutovsky-r7 9961bfbc58 Land #19950, module for InvoiceShelf unauthenticated PHP deserialization 
InvoiceShelf unauthenticated PHP deserialization vulnerability [CVE-2024-55556]
 2025-03-14 10:21:56 +01:00
h00die-gr3y 84012fd60c fixed invalid attackerkb reference 2025-03-14 08:23:10 +00:00
h00die-gr3y 0ca2599f48 update based on review comments 2025-03-14 08:04:22 +00:00
Martin Sutovsky 9886f78575 Upgrade Eramba RCE module 2025-03-13 12:34:50 +01:00