adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,506 Commits 27 Branches 1,043 Tags
80a8ffd6546d3de00aadaa1b8d4dc441bf97d89a
Commit Graph

36017 Commits

Author SHA1 Message Date
Spencer McIntyre 43d1bd9a2e Add docs and fix CSRF token for v7.0 2024-03-29 14:05:39 -04:00
Spencer McIntyre c7976d204c Add module metadata and clean things up 2024-03-29 10:40:43 -04:00
Spencer McIntyre 2292da9164 Add the UNC loading technique too 2024-03-29 09:33:47 -04:00
Spencer McIntyre 9dcd0e461f Delete the file using the file manager too 2024-03-29 09:33:47 -04:00
Spencer McIntyre 8fa7aa6407 Initial exploit for CVE-2024-2044 2024-03-29 09:33:44 -04:00
Jack Heysel abb2eb7ffd Land #18891, Add RCE module for wp bricks builder 
This PR adds the wp_bricks_builder_rce exploit module that targets a
known vulnerability in the WordPress Bricks Builder Theme, versions
prior to 1.9.6.
 2024-03-26 14:46:35 -07:00
Balgogan b9b4a624d9 Fix typos 2024-03-26 21:05:35 +01:00
Valentin Lobstein abc39e86f9 Update modules/exploits/multi/http/wp_bricks_builder_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-03-26 20:40:04 +01:00
Valentin Lobstein 672036f53a Update modules/exploits/multi/http/wp_bricks_builder_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-03-26 20:39:33 +01:00
Valentin Lobstein 8a1290c8a6 Update modules/exploits/multi/http/wp_bricks_builder_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-03-26 20:39:23 +01:00
Valentin Lobstein 85e27b0bc3 Update modules/exploits/multi/http/wp_bricks_builder_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-03-26 20:39:04 +01:00
bwatters e58c6b9df2 Land #18721, SharePoint Unauth RCE Exploit Chain (CVE-2023-29357 & CVE-2023-24955) 
Merge branch 'land-18721' into upstream-master
 2024-03-26 12:42:22 -05:00
bwatters e775c7c20a Land #18967, Artica Proxy unauthenticated RCE [CVE-2024-2054] 
Merge branch 'land-18967' into upstream-master
 2024-03-25 15:25:27 -05:00
adfoster-r7 c03e4c4ab0 Land #19009, add missing Platform to osx/local/persistence module 2024-03-25 17:31:15 +00:00
sjanusz-r7 38c5c6bb11 Add missing Platform to osx/local/persistence module 2024-03-25 16:00:25 +00:00
cgranleese-r7 9b4114eda0 Land #18961, Adds session documentation 2024-03-25 11:23:05 +00:00
adfoster-r7 decba4350e Additional changes to documentation 2024-03-25 10:53:08 +00:00
dwelch-r7 a674310c22 Land #18992, Fix postgres version logging 2024-03-22 17:33:43 +00:00
adfoster-r7 acf9745200 Fix postgres version logging 2024-03-22 16:50:01 +00:00
h00die-gr3y f217312ad1 module and documentation updates based on review comments (bwatters-r7/cgranleese-r7) 2024-03-21 16:13:55 +00:00
cgranleese-r7 d750ea19eb Fixes store_valid_credential conditional logic for unix/webapp/wp_admin_shell_upload module 2024-03-21 12:22:11 +00:00
Jack Heysel 2b90d33aef Land #18618, Add OpenNMS privesc and auth RCE 
This module exploits built-in functionality in OpenNMS Horizon in order
to execute arbitrary commands as the opennms user. For versions 32.0.2
and higher, this module requires valid credentials for a user with
ROLE_FILESYSTEM_EDITOR privileges and either ROLE_ADMIN or ROLE_REST.
For versions 32.0.1 and lower, credentials are required for a user with
ROLE_FILESYSTEM_EDITOR, ROLE_REST, and/or ROLE_ADMIN privileges.
 2024-03-20 12:54:16 -07:00
Jack Heysel 6cd7f44197 rubocop 2024-03-20 11:39:19 -07:00
Jack Heysel 149dc15b21 Add check to see if notifications are enabled 2024-03-20 11:33:15 -07:00
cgranleese-r7 2a63d0d1f0 Land #18978, Add user affordance for scanner modules that can create a new session 2024-03-20 16:50:29 +00:00
Dean Welch 7e3048d2f7 Grammar 2024-03-20 15:45:07 +00:00
Dean Welch 686acb4c7b Correctly format CreateSession option in output 2024-03-20 15:06:20 +00:00
Dean Welch 4946fc297f Add user affordance for scanner modules that can create a new session 2024-03-20 12:14:49 +00:00
Spencer McIntyre 0f9986c787 Land #18947, Fix inconsistent casing 
Fix inconsistent casing in windows/local/wmi_persistence
 2024-03-19 12:40:34 -04:00
Jack Heysel bf0d81db03 Land #18838, Improve Runc Priv Esc Check 
This PR adds support for Debian and number of fixes and improvements for
the runc_cwd_priv_esc. Proir to this fix the module would report
vulnerable for a number of versions that the patch had been back ported
to.
 2024-03-18 13:31:09 -07:00
h00die-gr3y e84fe947c2 third release module and documentation updates 2024-03-15 23:33:29 +00:00
h00die-gr3y 5dd75e174b second release module and documentation 2024-03-15 18:27:59 +00:00
h00die-gr3y df0012a63f initial release module 2024-03-15 16:10:05 +00:00
Christophe De La Fuente 44c5422e07 Land #18922, JetBrains TeamCity Unauthenticated RCE exploit module (CVE-2024-27198) 2024-03-13 20:16:27 +01:00
sfewer-r7 6d84f0e898 reduce the size of teh exploit method by spinngin out two new methods create_payload_plugin and auth_new_admin_user. several if/unless blocks were flattened to be inline if/unless 2024-03-13 09:58:51 +00:00
sfewer-r7 4bd105202a improve the readability of the XML 2024-03-13 09:29:43 +00:00
sfewer-r7 b04e84ed99 clarify we must call this a second time 2024-03-13 09:17:18 +00:00
sfewer-r7 df2c94f873 anther typo 2024-03-13 09:14:23 +00:00
Stephen Fewer b9e82375c1 typo 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2024-03-13 09:13:11 +00:00
Stephen Fewer d7bf7bc2ea Use Failure::NoAccess as a better failure error, as we are trying to login 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2024-03-13 09:12:56 +00:00
Stephen Fewer 46dd21d69d use ||= to assign new hash if needed 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2024-03-13 09:11:42 +00:00
cgranleese-r7 a33e7a72b0 Updates Postgres hashdump module to now work with newer versions of Postgres 2024-03-12 16:13:04 +00:00
cgranleese-r7 4e0e3da74c Land #18835, clean up code duplication 2024-03-12 14:09:22 +00:00
Adrian Șendroiu 2007e6d8fb Fix inconsistent casing in windows/local/wmi_persistence 2024-03-12 12:17:46 +02:00
sfewer-r7 1e371d0e4a resolve teh Java payload issue on Linux by leveraging PayloadServlet, runnign teh payload in a thread, and forcing teh default optiosn for Spawn to be 0 2024-03-11 18:06:44 +00:00
SickMcNugget 67fcd57a1f Merge branch 'runc_priv_esc' of github.com:SickMcNugget/metasploit-framework into runc_priv_esc 2024-03-11 22:23:55 +08:00
SickMcNugget 6c1b4c1421 Update check to account for backports 2024-03-11 22:19:18 +08:00
Zach Goldman 7ce91df66e clean up code duplication 2024-03-11 09:09:46 -05:00
Christophe De La Fuente 0252429715 Land #18775, Adding new module for MinIO (CVE-2023-28432) 2024-03-11 14:46:59 +01:00
sfewer-r7 0513654f10 Fix edge case for java payloads when Spawn is set to 0, all access to the plugin will block. We can still get a session if we fall through here. We cant delete the plugin as access will block because we did not spawn. 2024-03-08 17:09:14 +00:00