adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
75,371 Commits 27 Branches 1,043 Tags
8158cf5bae2eadf1a2fa8b73b7a4e34ac0aaa44b
Commit Graph

4231 Commits

Author SHA1 Message Date
Diego Ledda 59d026acd3 Land #19544, Magento Arbitrary File Read (CVE-2024-34102) + PHP Buffer Overflow iconv() of GLIBC (CVE-2024-2961) 2024-10-18 14:39:54 +02:00
adfoster-r7 7b400f18fe Fix metabase rce to support older versions 2024-10-17 10:10:50 +01:00
Jack Heysel ee68e47521 Added http_server cleanup 2024-10-15 10:28:39 -07:00
Jack Heysel 7a89db5080 Updated print statements 2024-10-15 09:21:07 -07:00
Jack Heysel 3635dd1c23 Merge branch 'magento_xxe_to_rce' 2024-10-15 09:17:40 -07:00
Jack Heysel 3f6f060933 Updated check method 2024-10-15 09:17:02 -07:00
jheysel-r7 3be4eae2f5 Update modules/exploits/linux/http/magento_xxe_to_glibc_buf_overflow.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-10-10 15:20:06 -04:00
Jack Heysel 44b33b8010 Fixed multiple sessions and instability 2024-10-10 11:36:16 -07:00
Jack Heysel 65936d181e Update libc region on sucess print 2024-10-09 23:04:44 -07:00
Jack Heysel dab5d66e37 Test and respond to comments 2024-10-09 22:52:55 -07:00
jheysel-r7 b72f70cbac Apply suggestions from code review 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-10-10 00:40:54 -04:00
Jack Heysel 7a78c0d724 Updated authors 2024-10-09 13:14:09 -07:00
Jack Heysel b94b2f3c72 Merge conflicts and rubocop 2024-10-09 12:59:59 -07:00
Jack Heysel e8711c5b20 Magento XXE to GLIBC buffer overflow 2024-10-09 12:53:29 -07:00
Jack Heysel 9536eaae2d Magento XXE to GLIBC buffer overflow 2024-10-09 12:36:53 -07:00
jheysel-r7 8d6972081f Land #19480 update service_persistence for openrc 
This updates exploits/linux/local/service_persistence.rb to work on systems that are running OpenRC
 2024-10-02 17:48:18 -04:00
jheysel-r7 1cdaeac843 Land #19463 Add Acronis Cyber Default Password RCE 
This adds an RCE module Acronis Cyber Infrastructure Default Password [CVE-2023-45249]
 2024-10-02 16:02:50 -04:00
jvoisin 811678a793 Add openrc to exploits/linux/local/service_persistence.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2024-10-02 12:54:33 +02:00
h00die-gr3y c43a4f4b0b Fixed cluster ID issue 2024-09-26 21:53:27 +00:00
Brendan dbc020a745 Merge pull request #19441 from Takahiro-Yoko/cve_2023_0386_priv_esc 
Land #19441, Add module: Linux Priv Esc (OverlayFS copying bug) CVE-2023-0386
 2024-09-26 14:07:17 -05:00
Takah1ro 6d541b625f Remove unnecessary shell_path 2024-09-24 08:18:30 +09:00
Takahiro Yokoyama 130f146819 Apply suggestions from code review 
Change to call setgid and setuid in the exploit before executing the payload

Co-authored-by: Brendan <bwatters@rapid7.com>
 2024-09-24 08:06:26 +09:00
Jack Heysel 8e2dbbbd56 Land #19416, Add Traccar RCE module 
This module exploits two vulnerabilities in Traccar v5.1 - v5.12 to
obtain remote code execution: A path traversal vulnerability
CVE-2024-24809 and an unrestricted file upload vulnerability
CVE-2024-31214.
 2024-09-23 15:25:02 -07:00
jheysel-r7 e0e7c67ff7 Remove jsessionid parsing now that keep_cookies is being used 2024-09-23 18:12:01 -04:00
h00die-gr3y 8e62f22315 fifth release with the option to use your own SSH private key 2024-09-20 09:50:13 +00:00
h00die-gr3y 8b197a60f9 fourth release addressing review comments of jheysel-r7 2024-09-19 20:54:55 +00:00
h00die-gr3y 9971aed96f third release addressing majority of the review comments 2024-09-17 19:23:38 +00:00
H00die.Gr3y d7fa23f30f Apply suggestions from code review 
Co-authored-by: bcoles <bcoles@gmail.com>
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-09-17 19:00:48 +02:00
h00die-gr3y 455c5b2391 second release module 2024-09-15 20:01:27 +00:00
h00die-gr3y 1ba05ac88a first release module 2024-09-15 19:47:32 +00:00
Takah1ro 30704c494a Remove unnecessary strip_comments 2024-09-15 10:00:43 +09:00
dledda-r7 83a31c8a2a Land #19454, Persistence post module using motd 2024-09-13 09:02:22 -04:00
jvoisin 6d659e3aa8 Add modules/exploits/linux/local/motd_persistence.rb 2024-09-12 17:41:47 +02:00
h4x-x0r 30e6af7791 cleanup 
Code cleanup and better handling of different use cases.
 2024-09-12 14:34:45 +01:00
Spencer McIntyre 5e71490b66 Fix a typo when the kernel is not Ubuntu 2024-09-09 14:19:20 -04:00
Takah1ro 8ddf8a04ff Remove options 2024-09-07 12:44:37 +09:00
Takah1ro 8366252ba2 Not call payload directory 2024-09-07 12:28:40 +09:00
Takah1ro 692531bb87 Call payload directory 2024-09-07 12:16:04 +09:00
Takah1ro 2b63f8bb88 Rename exploit 2024-09-07 10:29:41 +09:00
Takah1ro 731780ca1a Formatting 2024-09-07 09:21:30 +09:00
Takah1ro 9e832eb483 Use exploit_path variable 2024-09-07 09:19:17 +09:00
Takah1ro fd7321dd3f Strip_comments 2024-09-06 22:58:31 +09:00
Takah1ro b34e807277 Remove unnecessary directory existing check 2024-09-06 22:05:34 +09:00
Takah1ro a40fbb2a7b Remove unnecessary check 2024-09-06 22:04:51 +09:00
Takah1ro d4ac300d73 Fix typo 2024-09-06 21:59:16 +09:00
Takahiro Yokoyama 7a921bbeff Update modules/exploits/linux/local/cve_2023_0386_overlayfs_priv_esc.rb 
Use kernel_version.btween

Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-09-06 21:45:32 +09:00
Takah1ro cd97b08c62 Move C code to separate file 2024-09-06 21:09:39 +09:00
Takah1ro 1cc562c863 Use mkdir function 2024-09-06 12:55:51 +09:00
Takah1ro 920ef70105 Exploit dir existing check 2024-09-06 12:53:18 +09:00
Takahiro Yokoyama b243b86157 Update modules/exploits/linux/local/cve_2023_0386_overlayfs_priv_esc.rb 
use linux/x64/meterpreter_reverse_tcp

Co-authored-by: Brendan <bwatters@rapid7.com>
 2024-09-06 08:51:20 +09:00