adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
78,795 Commits 27 Branches 1,043 Tags
8528cb255a994eb621269a34412be0caa1d511f5
Commit Graph

7901 Commits

Author SHA1 Message Date
h00die ef9300870a linqpad persistence cleanup 2025-10-19 10:05:48 -04:00
h00die 287cba7436 linqpad persistence cleanup 2025-10-19 10:05:36 -04:00
jheysel-r7 eeaf760948 Merge pull request #20595 from zeroSteiner/fix/add-missing-cves 
Add Missing CVE Data To Modules In Bulk
 2025-10-07 15:28:37 -07:00
Spencer McIntyre fd21209e4d Add missing CVEs from VulnCheck 2025-10-07 13:59:13 -04:00
Spencer McIntyre 17c5b3707a Add missing module notes 2025-10-07 13:59:13 -04:00
jheysel-r7 dbf84abec3 Merge pull request #20586 from bcoles/windows_script_host_wsf 
Add Malicious Windows Script Host Script File (.wsf) module
 2025-10-06 13:21:56 -07:00
bcoles 9a8d1473d8 Add Malicious Windows Script Host Script File (.wsf) module 2025-10-05 20:16:00 +11:00
jheysel-r7 5252e92954 Merge pull request #20568 from bcoles/vbsobfuscate 
Msf::Exploit::VBSObfuscate: Add VBS obfuscation library
 2025-10-03 13:36:43 -07:00
h00die 81d8d46166 peer review 2025-09-26 15:44:31 -04:00
bcoles bbc9928a75 exploit/windows/fileformat/windows_script_host_vbscript: Use VBSObfuscate 2025-09-26 03:06:37 +10:00
h00die 915cad72b5 modern persistence for windows image_exec_options 2025-09-23 17:25:27 -04:00
h00die 01a07ac9a1 modernizing windows persistence 2025-09-23 16:39:56 -04:00
remmons-r7 12b78c086d Update commvault_rce_cve_2025_57790_cve_2025_57791.rb 
Remove an empty line that msftidy doesn't like
 2025-09-15 11:19:49 -05:00
remmons-r7 ddc5abf20c Update commvault_rce_cve_2025_57790_cve_2025_57791.rb 
Remove a commented out line that isn't needed.
 2025-09-15 10:56:30 -05:00
remmons-r7 bb3a26cff1 Implement peer review suggestions for Commvault module 
Implementing commvault_rce_cve_2025_57790_cve_2025_57791.rb changes from peer review.
 2025-09-15 10:54:34 -05:00
remmons-r7 b754b7027c Merge branch 'rapid7:master' into commvault_rce_cve_2025_57790_cve_2025_57791 2025-09-15 10:47:38 -05:00
Martin Sutovsky 5ab864b9b1 Uses between? for version check, clearer webshell upload 2025-09-11 11:04:34 +02:00
remmons-r7 be546af7c0 Revise and move commvault_rce_cve_2025_57790_cve_2025_57791.rb 
Revised initial module and moved it to windows instead of multi.
 2025-09-05 23:04:02 -05:00
Martin Sutovsky d056164d89 Removes redundant definitions 2025-09-01 15:53:14 +02:00
Martin Sutovsky 2533ddf441 Rubocoping 2025-08-26 12:42:28 +02:00
Martin Sutovsky b43b4c9f37 Updates library, addressing comments 2025-08-25 17:49:34 +02:00
Martin Sutovsky da5b20faa4 Creating lib file for shared functionality, adding more reliable check method for CVE-2025-34511, docs init 2025-08-20 10:59:22 +02:00
Martin Sutovsky 8c28c7dbae Code changes for 34510, adds module for CVE-2025-34511 2025-08-20 09:58:26 +02:00
Martin Sutovsky 7ab12460f1 Fixing payloads 2025-08-19 16:11:25 +02:00
Martin Sutovsky 96791403db Adds malicious zip upload 2025-08-19 09:56:23 +02:00
Martin Sutovsky 52efe8d6de Module init 2025-08-15 14:37:09 +02:00
Brendan b6dc0860e7 Merge pull request #20409 from sfewer-r7/sharepoint-hax 
Exploit module for Microsoft SharePoint ToolPane Unauthenticated RCE (CVE-2025-53770 and CVE-2025-53771)
 2025-08-06 14:24:28 -05:00
sfewer-r7 0a923a611d reword the language around our usage of CVE-2025-53770 to make it clear that this module is leveraging the authentication bypass for both CVE-2025-49706 and CVE-2025-53771, and the unsafe deserialization for CVE-2025-49704. 2025-08-06 15:33:57 +01:00
Spencer McIntyre 3fb2477fbf Increase payload space 2025-07-30 16:13:19 -04:00
msutovsky-r7 f4622d802e Land #20406, adds malicious Windows Script Host VBScript fileformat module 
Add Malicious Windows Script Host VBScript (.vbs) File module
 2025-07-28 13:58:07 +02:00
msutovsky-r7 12340ef6b5 Land #20398, adds malicious Windows Script Host JScript fileformat module 
Add Malicious Windows Script Host JScript (.js) File module
 2025-07-28 13:51:26 +02:00
sfewer-r7 228a066521 add a reference to the Kaspersky analysis which covers all 4 CVEs 2025-07-25 12:26:55 +01:00
sfewer-r7 36fff14466 fix a comment typo 2025-07-25 11:04:18 +01:00
sfewer-r7 f16f7bf2ad add in reference to teh LeakIX blog, which shows CVE-2025-53771 2025-07-25 11:02:55 +01:00
sfewer-r7 ae95d3d4e8 add a comment to clarify what CVE-2025-53771 is 2025-07-25 11:02:08 +01:00
sfewer-r7 8df7f64e79 add some comments to clarify what CVE-2025-49704 is 2025-07-25 11:01:41 +01:00
sfewer-r7 6d9d9a70d4 add some comments to clarify what CVE-2025-49706 is 2025-07-25 11:01:22 +01:00
bcoles cbc03eaeeb Add Malicious Windows Script Host VBScript (.vbs) File module 2025-07-25 18:46:47 +10:00
bcoles 44c61a7e4d Add Malicious Windows Script Host JScript (.js) File module 2025-07-25 18:43:33 +10:00
sfewer-r7 a81710486e add in a reference to the new technical analysis from the origional finder 2025-07-24 12:15:24 +01:00
Stephen Fewer 899e275155 Make the double quotes optional, reports of Server 2016 not using these, but Server 2019 is. Thanks @w0rk3r for the bug report and fix. 
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
 2025-07-23 23:51:42 +01:00
sfewer-r7 b8cf458706 the check routine was getting the /_layouts/15/error.aspx page, this will not be accessable unless Forms Based Authentication (FBA) is enabled on the site. A better choice is /_layouts/15/start.aspx as this is accessible regardless of FBA being enabled. Thanks @alexey-at-work-bc for identifying this and sugesting a fix. 2025-07-23 23:03:43 +01:00
sfewer-r7 7838e06f4f reimplement the gadget chain using the Metasploit Msf::Util::DotNetDeserialization routines 2025-07-23 17:36:56 +01:00
sfewer-r7 d2a1f7bae9 add in exploit for CVE-2025-53770 and CVE-2025-53771, Microsoft SharePoint Server ToolPane Unauthenticated Remote Code Execution (aka ToolShell) 2025-07-23 12:40:14 +01:00
bcoles c5ec45452a Add Malicious Windows Registration Entries (.reg) File module 2025-07-13 23:41:59 +10:00
Spencer McIntyre 50a2749f97 Merge pull request #20289 from cgranleese-r7/adds-mitre-attack-references 
Adds support for MITRE ATT&CK References
 2025-06-27 11:26:09 -04:00
adfoster-r7 a0bb2d8c89 Merge pull request #20298 from bcoles/modules-SSL 
Modules: Convert SSL default option to Boolean in several modules
 2025-06-26 15:00:59 +01:00
cgranleese-r7 a6cdb6deb9 Adds support for MITRE ATT&CK References 2025-06-25 17:24:47 +01:00
cgranleese-r7 04a18fb3ca Updates modules to remove non-printable chars 2025-06-25 14:19:56 +01:00
msutovsky-r7 fde78bf73f Land #20324, adds exploit for UNC path in .url files (CVE-2025-33053) 
Adds exploit module for Internet Shortcut UNC path vulnerability (CVE-2025-33053)
 2025-06-25 11:23:23 +02:00