adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
75,371 Commits 27 Branches 1,043 Tags
8158cf5bae2eadf1a2fa8b73b7a4e34ac0aaa44b
Commit Graph

18901 Commits

Author SHA1 Message Date
Spencer McIntyre e709a18128 Merge pull request #19404 from bwatters-r7/smb2http_relay 
SMB to NTLM HTTP Relay with ESC8 module
 2024-11-05 14:12:08 -05:00
jheysel-r7 222df0bfdf Land #19527 Add bypass for GiveWP RCE (CVE-2024-8353) 
This updates the exploit module wp_giveup_rce_bypass to incorporate the bypass CVE, allowing the payload to work on all affected versions of the GiveWP plugin.
 2024-10-30 16:29:14 -04:00
Jack Heysel f643aee5a4 Lint 2024-10-30 16:17:36 -04:00
jheysel-r7 9c0dc56aa6 Update modules/exploits/multi/http/wp_givewp_rce.rb 2024-10-30 16:04:28 -04:00
jheysel-r7 094250f7e7 Land #19489 Add WordPress wp-automatic SQLi to RCE module 2024-10-30 09:05:03 -04:00
Chocapikk bcd1fab0b8 Add suggestions 2024-10-29 20:42:13 +01:00
adfoster-r7 6e1ea9297f Merge pull request #19360 from gardnerapp/osx_daemon_privesc 
Add LaunchDaemon Persistence to exploits/osx/local/persistence.rb
 2024-10-25 22:42:38 +01:00
Spencer McIntyre 27d5c95323 Refactor into an SMB server relay mixin 2024-10-24 16:25:40 -04:00
Spencer McIntyre 8ba0019ca0 Refactor the existing relay target client code 2024-10-24 16:25:40 -04:00
Diego Ledda 59d026acd3 Land #19544, Magento Arbitrary File Read (CVE-2024-34102) + PHP Buffer Overflow iconv() of GLIBC (CVE-2024-2961) 2024-10-18 14:39:54 +02:00
adfoster-r7 7b400f18fe Fix metabase rce to support older versions 2024-10-17 10:10:50 +01:00
Jack Heysel ee68e47521 Added http_server cleanup 2024-10-15 10:28:39 -07:00
Jack Heysel 7a89db5080 Updated print statements 2024-10-15 09:21:07 -07:00
Jack Heysel 3635dd1c23 Merge branch 'magento_xxe_to_rce' 2024-10-15 09:17:40 -07:00
Jack Heysel 3f6f060933 Updated check method 2024-10-15 09:17:02 -07:00
Diego Ledda 9a245e6e06 Land #19485, Module BYOB Unauthenticated RCE (CVE-2024-45256, CVE-2024-45257) 
Land #19485, Module BYOB Unauthenticated RCE (CVE-2024-45256, CVE-2024-45257)
 2024-10-15 17:13:15 +02:00
Valentin Lobstein 0686cdbb82 Update modules/exploits/multi/http/wp_automatic_sqli_to_rce.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2024-10-14 18:13:19 +02:00
Valentin Lobstein fdb450955e Update modules/exploits/multi/http/wp_automatic_sqli_to_rce.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2024-10-14 18:13:19 +02:00
Chocapikk 611a16d368 Update 2024-10-14 18:13:18 +02:00
Chocapikk 465ae37ad2 Use wordpress_sqli_initialize instead 2024-10-14 18:13:18 +02:00
Chocapikk a9f7fb3ace Use Msf::Exploit::Remote::HTTP::Wordpress::SQLi 2024-10-14 18:13:18 +02:00
Chocapikk 6c099f2b73 Add WordPress wp-automatic SQLi to RCE module (CVE-2024-27956) 2024-10-14 18:13:17 +02:00
Chocapikk f881a0e592 Remove useless verbosity 2024-10-14 11:46:53 +02:00
jheysel-r7 3be4eae2f5 Update modules/exploits/linux/http/magento_xxe_to_glibc_buf_overflow.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-10-10 15:20:06 -04:00
Jack Heysel 44b33b8010 Fixed multiple sessions and instability 2024-10-10 11:36:16 -07:00
Jack Heysel 65936d181e Update libc region on sucess print 2024-10-09 23:04:44 -07:00
Jack Heysel dab5d66e37 Test and respond to comments 2024-10-09 22:52:55 -07:00
jheysel-r7 b72f70cbac Apply suggestions from code review 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-10-10 00:40:54 -04:00
Jack Heysel 7a78c0d724 Updated authors 2024-10-09 13:14:09 -07:00
Jack Heysel b94b2f3c72 Merge conflicts and rubocop 2024-10-09 12:59:59 -07:00
Jack Heysel e8711c5b20 Magento XXE to GLIBC buffer overflow 2024-10-09 12:53:29 -07:00
Jack Heysel 9536eaae2d Magento XXE to GLIBC buffer overflow 2024-10-09 12:36:53 -07:00
Chocapikk 3515015e1b Lint 2024-10-04 19:35:15 +02:00
Valentin Lobstein 686f31aac1 Update modules/exploits/multi/http/wp_givewp_rce.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-10-04 17:32:18 +02:00
Valentin Lobstein 888c446f9a Update modules/exploits/multi/http/wp_givewp_rce.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-10-04 17:32:10 +02:00
Valentin Lobstein 3a244212e2 Update modules/exploits/multi/http/wp_givewp_rce.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-10-04 17:32:03 +02:00
Valentin Lobstein b8aad8b22f Update modules/exploits/multi/http/wp_givewp_rce.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-10-04 17:31:54 +02:00
Chocapikk 98b857e1a7 Lint 2024-10-04 18:04:21 +02:00
Valentin Lobstein 0dba8f0963 Update modules/exploits/multi/http/wp_givewp_rce.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-10-04 16:01:29 +02:00
Chocapikk 5733d43fb0 Update check function 2024-10-03 14:13:29 +02:00
jheysel-r7 8d6972081f Land #19480 update service_persistence for openrc 
This updates exploits/linux/local/service_persistence.rb to work on systems that are running OpenRC
 2024-10-02 17:48:18 -04:00
jheysel-r7 1cdaeac843 Land #19463 Add Acronis Cyber Default Password RCE 
This adds an RCE module Acronis Cyber Infrastructure Default Password [CVE-2023-45249]
 2024-10-02 16:02:50 -04:00
Chocapikk d14866a34d Update description 2024-10-02 21:02:26 +02:00
Chocapikk 1d083cf9e8 Add credit for the bypass 2024-10-02 20:57:57 +02:00
Chocapikk fbb74a6d2d Add bypass for GiveWP RCE (CVE-2024-8353) 2024-10-02 19:53:20 +02:00
jvoisin 811678a793 Add openrc to exploits/linux/local/service_persistence.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2024-10-02 12:54:33 +02:00
jheysel-r7 8761226b97 Land #19456 VICIdial Auth RCE module 
This adds a module to exploit CVE-2024-8504 an authenticated RCE in VICIdial
 2024-09-30 17:13:33 -04:00
Chocapikk c2a803aba3 Lint 2024-09-27 01:25:37 +02:00
Chocapikk 10a4b24ed7 Better file clean 2024-09-27 01:17:07 +02:00
h00die-gr3y c43a4f4b0b Fixed cluster ID issue 2024-09-26 21:53:27 +00:00