adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
80,452 Commits 27 Branches 1,043 Tags
81faae13ca109953ccb3d613f46ef9ee66465c5b
Commit Graph

1658 Commits

Author SHA1 Message Date
jheysel-r7 81faae13ca Merge pull request #21033 from Alpenlol/barracuda-esg-cve-2023-2868 
Add exploit for CVE-2023-2868 Barracuda ESG command injection
 2026-03-23 13:18:34 -07:00
Valentin Lobstein 8ad5924bf1 Fix: Use parent of fix commit (78178d1~1) for vulnerable Encoder checkout 2026-03-13 22:59:51 +01:00
Valentin Lobstein 8d44dcd1fb Fix: Lab setup documentation for first-time environments 
- Fix DB permissions (bind mount creates files as www-data instead of mysql)
- Force table creation (cli.php skips it when configuration.php already exists)
- Revert entire Encoder working tree, not just getImage.php (78178d1 patched multiple files)
- Run git checkout from inside the container to avoid safe.directory issues
 2026-03-13 22:55:23 +01:00
Curt Hyvarinen 63561130af Address PR review feedback for CVE-2023-2868 module 2026-03-12 12:59:30 -07:00
Valentin Lobstein 5150a4b68b Docs: Clarify that .compose/encoder is a clone of AVideo-Encoder repo 
The commit c9861e9c exists in WWBN/AVideo-Encoder (not WWBN/AVideo).
Add a note explaining that .compose/encoder is a git clone created by
the container entrypoint, with a link to the correct repository.
 2026-03-11 22:05:23 +01:00
Valentin Lobstein 38e74740f3 Fix: Use correct commit hash for vulnerable getImage.php in lab setup 
The previous commit (e0c2768) did not touch getImage.php. Use c9861e9c
which is the last commit before the security patch (78178d1) that
modifies the file.
 2026-03-11 21:23:27 +01:00
Valentin Lobstein dfe73bb4c5 Add exploit for AVideo Encoder getImage.php command injection (CVE-2026-29058) 
Unauthenticated OS command injection via the base64Url parameter in
getImage.php. The URL is interpolated into an ffmpeg shell command
without escapeshellarg(), and FILTER_VALIDATE_URL does not block
shell metacharacters in the URL path.
 2026-03-06 21:30:12 +01:00
msutovsky-r7 59a1992214 Land #21017, adds module for SSTI in Tactical RMM (CVE-2025-69516) 
Add Tactical RMM Jinja2 SSTI RCE module (CVE-2025-69516)
 2026-03-05 15:38:32 +01:00
Curt Hyvarinen 782c1d5455 Add exploit for CVE-2023-2868 Barracuda ESG command injection 2026-02-27 23:29:56 -08:00
msutovsky-r7 45c058d6f1 Land #21005, adds gnu inetutils auth bypass module against a Synology NAS to documentation 
add dsm target exploitation to gnu telnetd docs
 2026-02-25 16:49:30 +01:00
msutovsky-r7 fae76b2961 Land #20978, adds module BeyondTrust unauth command injection (CVE-2026-1731) 
Add CVE-2026-1731 support and modernize targets for BeyondTrust PRA/R…
 2026-02-25 14:18:59 +01:00
msutovsky-r7 7dcc036b6d Land #21006, adds module for Ollama path traversal RCE (CVE-2024-37032) 
Add Ollama path traversal RCE module (CVE-2024-37032)
 2026-02-25 13:06:09 +01:00
msutovsky-r7 002daf8d7d Merge branch 'beyondtrust-rce-2026' into collab/exploit/beyondtrust/cve-2026-1731 2026-02-25 12:53:37 +01:00
msutovsky-r7 12e21e4c66 Fixes documentation 2026-02-24 12:23:26 -05:00
Valentin Lobstein 5aeff61b26 Fix: Address PR review feedback for Ollama RCE module 
Co-Authored-By: msutovsky-r7 <190406428+msutovsky-r7@users.noreply.github.com>
 2026-02-24 17:51:23 +01:00
msutovsky-r7 51af9d0ff1 Adds documentation 2026-02-24 10:25:49 -05:00
Brendan 1ddee63f05 Merge pull request #20983 from sfewer-r7/0day-grandstream 
Add exploit (CVE-2026-2329) and auxiliary modules for the Grandstream GXP1600 series
 2026-02-24 08:50:42 -06:00
msutovsky-r7 62a466cbed Land #20819, adds WSL startup folder persistence module 
wsl startup folder persistence
 2026-02-24 07:59:11 +01:00
Valentin Lobstein bef9b7ad3b Feat: Add Tactical RMM Jinja2 SSTI RCE module (CVE-2025-69516) 2026-02-23 19:31:22 +01:00
h00die ece2374532 target user for wsl_startup_folder 2026-02-21 21:04:40 -05:00
Valentin Lobstein b17d227d28 Feat: Add Ollama path traversal RCE module (CVE-2024-37032) 2026-02-21 16:52:43 +01:00
h00die a24f53f2b6 add dsm exploitation to telnetd docs 2026-02-21 10:27:47 -05:00
Brendan 1f547f19fb Merge pull request #20832 from DataExplorerX/doc-linux-samba-module 
Add documentation for linux/samba/chain_reply module (CVE-2004-0883)
 2026-02-20 18:12:05 -06:00
Brendan 7f8b18d7dc Update documentation/modules/exploit/linux/samba/chain_reply.md 2026-02-20 17:45:14 -06:00
Brendan fcb41a2275 Update documentation/modules/exploit/linux/samba/chain_reply.md 
Update documentation to point to a specific wayback machine page since the original does not exist, and a few of the wayback machine links are also broken.
 2026-02-20 17:42:34 -06:00
Diego Ledda c6f7d03d03 Merge pull request #20919 from h00die/emacs 
emacs extension persistence
 2026-02-18 10:58:13 -05:00
sfewer-r7 08efa9cd16 add in the Grandstream modules 2026-02-17 22:33:46 +00:00
jheysel-r7 4adf87ac18 Merge pull request #20929 from jheysel-r7/feat/mod/cve-2026-24061 
GNU Inetutils Telnet Auth Bypass (CVE-2026-24061)
 2026-02-11 11:12:29 -08:00
sfewer-r7 f632cf34bf add in a module and docs fo rteh EPMM exploit 2026-02-05 12:26:38 +00:00
Jack Heysel bd049dcba4 doc update 2026-02-03 18:41:51 -08:00
Jack Heysel a868bc95b2 GNU Inetutils Telnet Auth Bypass 2026-02-03 17:45:59 -08:00
h00die 75ff7b6af1 emacs extension persistence 2026-01-31 22:54:18 -05:00
jheysel-r7 c47a74d0dd Merge pull request #20770 from vognik/Splunk_2022-43571_CVE-2024-36985 
Add Splunk RCE Exploits (CVE-2022-43571 & CVE-2024-36985)
 2026-01-20 12:36:51 -08:00
msutovsky-r7 7b092aeedb Land #20806, adds module for unauthenticated command injection in Control Web Panel API (CVE-2025-67888) 
Adds module for Control Web Panel API Command Injection (CVE-2025-67888)
 2026-01-14 15:44:25 +01:00
msutovsky-r7 472016b753 Land #20796, moves udev module into persistence category 
update udev to persistence mixin
 2026-01-09 16:14:08 +01:00
kali be9b2c9491 Add documentation for prison_management_rce 2026-01-06 12:33:49 +02:00
DataExplorerX ae8ab28eed Fix msftidy_docs warnings in chain_reply documentation 2026-01-05 16:01:16 +05:30
DataExplorerX 102ef677b1 Add documentation for linux/samba/chain_reply module (CVE-2004-0883) 2025-12-30 16:17:51 +05:30
h00die 0a5cccf5e6 wsl startup folder persistence 2025-12-28 11:17:28 -05:00
h00die e97c23ca16 wsl startup folder persistence 2025-12-28 11:15:04 -05:00
JohannesLks 455275d087 add module for CVE-2025-67888 2025-12-23 19:21:34 -05:00
h00die 3ea866c41d udev persistence 2025-12-21 07:50:48 -05:00
sfewer-r7 d40a35acdb the version logic changes, update the docs 2025-12-19 15:48:07 +00:00
sfewer-r7 a4dba96712 add in the HPE OneView exploit 2025-12-19 15:30:53 +00:00
vognik 8977538910 add docker lab deploy guide into docs 2025-12-13 12:28:55 -08:00
vognik da0dc35cb8 add documentation 2025-12-12 13:44:44 -08:00
sfewer-r7 795c38c524 Combine the 7.x and 6.x targets together, as Linux payloads work on 7.x also, so this target is Unix and Linux. This leaves the 8.x target Unix only due to IMA appraisal. 2025-11-28 10:12:02 +00:00
sfewer-r7 014312873c get both unix and linux payloads working on 6.x. Add a note to the docs about setting a gateway. 2025-11-27 20:28:44 +00:00
sfewer-r7 f5e8aa83be add in exploit support for FortiWeb versions 6.x which are vulnerable, but no longer under support from the vendor. 2025-11-27 12:43:19 +00:00
Brendan e998b91aee Merge pull request #20717 from sfewer-r7/fortiweb-exploit-rce 
Add exploit module for Fortinet FortiWeb (CVE-2025-64446 + CVE-2025-58034)
 2025-11-25 14:14:31 -06:00