adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
72,952 Commits 27 Branches 1,043 Tags
8a1f5de8f1dbdfc1933f5f30b447d4889b1a552e
Commit Graph

35780 Commits

Author SHA1 Message Date
bwatters 8a1f5de8f1 Fix msftidy issue and update file delete 2024-02-15 10:00:44 -06:00
bwatters 20563b64b2 add check method 2024-02-15 09:05:54 -06:00
bwatters 843c64d2f6 Code cleaned up 2024-02-14 19:08:11 -06:00
bwatters 67cd9b425b Working, but ugly 2024-02-14 15:42:50 -06:00
bwatters cc0fc56874 Draft nonworking start 2024-02-12 17:44:24 -06:00
cgranleese-r7 285fbe5ac5 Land #18812, Revert mssql_login TDSENCRYPTION value to false 2024-02-09 17:03:10 +00:00
adfoster-r7 37ee910d2f Revert mssql_login TDSENCRYPTION value to false 2024-02-09 16:07:45 +00:00
sjanusz-r7 30fc29e0f5 Use PostgreSQL session type for modules 2024-02-09 15:38:06 +00:00
adfoster-r7 9caa2fac17 Land #18747, Add new mssql session type 2024-02-09 15:27:43 +00:00
Zach Goldman 2c60780dc0 Add MSSQL session Type 2024-02-09 07:27:01 -06:00
adfoster-r7 8b71afdd53 Land #18759, Updates MySQL modules to now support the new MySQL session type 2024-02-08 12:39:51 +00:00
cgranleese-r7 b060809a8d Addresses logoff PR feedback 2024-02-07 12:51:04 +00:00
cgranleese-r7 e80f0ef8cd Removes session logic from mixins and uses client instead of datastore for rhost and rport 2024-02-06 14:11:16 +00:00
Christophe De La Fuente d546db6055 Land #18780, runc cwd priv esc (docker) (cve-2024-21626) 2024-02-05 13:12:02 +01:00
h00die cf2f76e6a2 cve-2024-21626 review 2024-02-02 16:27:02 -05:00
Jack Heysel 85974d16c2 Land #18769, Add Cacti RCE via SQLi Module 
This exploit module leverages a SQLi (CVE-2023-49085) and
a LFI (CVE-2023-49084) vulnerability in Cacti versions prior
to 1.2.26 to achieve RCE
 2024-02-02 11:46:10 -05:00
cgranleese-r7 577304cf7c Updates more modules 2024-02-02 14:59:56 +00:00
cgranleese-r7 ae1cb57dc3 Updates MySQL modules to now support the new MySQL session type 2024-02-02 14:59:56 +00:00
cgranleese-r7 0e9cad6d45 Adds MySQL session type 2024-02-02 14:39:37 +00:00
adfoster-r7 48221e594d Land #18704, Leverage the module metadata cache in the module_sets 2024-02-02 14:16:46 +00:00
adfoster-r7 7ac4387d35 Land #18696, Convert MSSQL mixin to class 2024-02-02 14:14:34 +00:00
Christophe De La Fuente b91648f065 Fix typos 2024-02-02 11:45:51 +01:00
Christophe De La Fuente 1ff1302df7 Use exceptions instead of returning a boolean in do_login 2024-02-02 11:39:13 +01:00
adfoster-r7 372b792b8c Land #18761, Add alert to show user the new session options available in Metasploit 6.4 2024-02-02 10:25:32 +00:00
Jack Heysel be2d2d61ca Land #18762, Add exploit module for CVE-2024-0204 
This pull request adds an exploit module for CVE-2024-0204
in Fortra GoAnywhere MFT. GoAnywhere MFT versions 6.x from
6.0.1, and 7.x before 7.4.1 are vulnerable.
 2024-02-01 22:36:32 -05:00
Zach Goldman 35778e92b2 client consolidation 
convert first module from remote to client

move client to rex

remove metasploit mixin
 2024-02-01 17:23:55 -06:00
h00die 1c73cf938f cve-2024-21626 2024-02-01 15:28:04 -05:00
sfewer-r7 b259c5d6a7 store the credentials we create in the DB 2024-02-01 19:48:01 +00:00
sfewer-r7 612feac5f1 add in vendor advisory URL 2024-02-01 19:47:23 +00:00
Christophe De La Fuente 81eba7a6e7 Use FileDropper mixin and fix typo 2024-02-01 17:23:05 +01:00
Christophe De La Fuente 5054b3bfd0 Add methods to get the version and the CSRF token 2024-02-01 12:31:01 +01:00
Stephen Fewer a867793870 Update modules/exploits/multi/http/fortra_goanywhere_mft_rce_cve_2024_0204.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-02-01 09:05:02 +00:00
Stephen Fewer 546de49bec Update modules/exploits/multi/http/fortra_goanywhere_mft_rce_cve_2024_0204.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-02-01 09:04:49 +00:00
Stephen Fewer 6e4294c013 Update modules/exploits/multi/http/fortra_goanywhere_mft_rce_cve_2024_0204.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-02-01 09:04:26 +00:00
Jack Heysel 024b855231 Land #18628, Add Puppet post module 
This PR adds a post gather module to get
Puppet configs and sensitive files.
 2024-01-30 19:20:48 -05:00
adfoster-r7 4d0ba2fa1d Land #18742, Memory search module improvements 2024-01-30 17:39:12 +00:00
Dean Welch 1abaef4945 Move new session information alerts behind a feature flag 2024-01-30 16:38:00 +00:00
Christophe De La Fuente f10619d870 Add module and documentation 2024-01-30 12:52:02 +01:00
h00die 68f333cb7b review comments for puppet module 2024-01-29 19:18:54 -05:00
Spencer McIntyre 577898d91b Check the response when exploiting 2024-01-29 14:38:49 -05:00
sfewer-r7 c70092a2c7 bugfix a copy pasta whereby a path seperator was not being added as expected 2024-01-29 17:52:37 +00:00
sfewer-r7 08a19959fe add an RCE exploit module for CVE-2024-0204 in Fortra GoAnywhere MFT 2024-01-29 17:17:45 +00:00
Spencer McIntyre b5de25a2b6 Fingerprint the target as Mirth Connect first 2024-01-29 12:11:38 -05:00
Dean Welch 9a2ec90c16 Add alert to show user the new session options available in Metasploit 6.4 2024-01-29 17:06:21 +00:00
Spencer McIntyre 8a793dd1b0 Use the correct exploit and use sh instead of bash 2024-01-29 09:03:25 -05:00
Spencer McIntyre 9e41825e51 Finish up the exploit 
Tested on Linux (versions 4.1.1, 4.3.0, and 4.4.0) and Windows (version
4.4.0).
 2024-01-26 17:20:54 -05:00
Spencer McIntyre 530d58de49 Initial commit of NextGen Connect RCEs 2024-01-26 14:50:33 -05:00
Jack Heysel fe84c0dff7 Land #18734, Add exploit for CVE-2023-22527 
This adds an exploit for CVE-2023-22527 which is an
unauthenticated RCE in Atlassian Confluence. The
vulnerability is due to an SSTI flaw that allows an
OGNL expression to be evaluated.
 2024-01-25 14:15:10 -05:00
Spencer McIntyre 96241b3a6e Keep version detection consistent 2024-01-25 13:50:34 -05:00
Christophe De La Fuente 44bf6867c6 Land #18737, Update metasploit-payloads gem to 2.0.165 2024-01-25 15:49:25 +01:00