adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
79,426 Commits 27 Branches 1,043 Tags
8a9eeafd1c7b2d0e6ccc46378cdfd246ea4bf08e
Commit Graph

3087 Commits

Author SHA1 Message Date
dledda-r7 d5fb4a95ed fix: minor fix linux elf templates 2026-01-06 09:51:56 -05:00
dledda-r7 f7caa72f3f fix: align assembly comments, add single build instructions 2026-01-06 09:51:28 -05:00
Martin Sutovsky 0b0ab91594 Add build script 2026-01-06 09:50:07 -05:00
Martin Sutovsky 7c77a9cfc7 ARMBe and Zarch stageless payload 2026-01-06 09:47:55 -05:00
dledda-r7 3f2be78f9b feat: add mips64 elf template and meterpreter_loader 2026-01-06 09:47:54 -05:00
Martin Sutovsky 861e1b77d6 PowerPC stageless payload 2026-01-06 09:47:50 -05:00
Martin Sutovsky ca9706b6ae PPC progress 2026-01-06 09:47:27 -05:00
Martin Sutovsky 0c2b25e099 PPC64 shellcode added, adding PPC initial work 2026-01-06 09:47:06 -05:00
Martin Sutovsky 764c0c449f PPC64le init 2026-01-06 09:46:33 -05:00
Brendan 6c4a61fa42 Merge pull request #20761 from Chocapikk/acf-extended-rce 
Add WordPress ACF Extended unauthenticated RCE exploit (CVE-2025-13486)
 2025-12-18 16:03:06 -06:00
jheysel-r7 d86c5f0908 Merge pull request #20746 from Chocapikk/king-addons 
Add WordPress King Addons privilege escalation exploit (CVE-2025-8489)
 2025-12-10 08:37:11 -08:00
Diego Ledda d6560b951f Merge branch 'master' into loongarch64 2025-12-10 07:08:40 -05:00
Valentin Lobstein b4d65afcf5 Add exploit module for WordPress ACF Extended CVE-2025-13486 unauthenticated RCE 2025-12-09 22:02:41 +01:00
sfewer-r7 1a8e88c054 fix a typo with the use of CVE-2025-55102, it should be CVE-2025-55182 2025-12-09 09:05:59 +00:00
jheysel-r7 66279422d1 Merge pull request #20747 from vognik/2025-55182 
Add CVE-2025-55182 / CVE-2025-66478
 2025-12-08 13:41:49 -08:00
vognik 1dde12b483 fix naming errors 2025-12-06 02:53:38 -08:00
vognik 38682b5ed6 refactoring 2025-12-05 14:58:59 -08:00
vognik f71a71ab18 add exploit mvp 2025-12-04 22:16:27 -08:00
vognik eb33e08efa Add Documentation 2025-12-04 05:48:26 -08:00
Valentin Lobstein b3fc1b05e5 Add WordPress King Addons privilege escalation exploit (CVE-2025-8489) 2025-12-04 01:37:40 +01:00
Valentin Lobstein 0ccffdd5ff Fix wp_ai_engine_mcp_rce: handle existing users by updating password via MCP fields API 2025-12-03 00:41:16 +01:00
bcoles 2e000c2b1c Add support for LoongArch64 payloads 2025-11-23 17:22:32 +11:00
h00die 450e1df340 windows service now with persistence mixin 2025-11-17 19:02:50 -05:00
dbono-r7 7aebd592ef Update named_pipes.txt 
Added the cert pipe for quick unauthenticated for likely Certificate Authority servers.
 2025-11-10 16:00:39 -06:00
vognik 9ad83f6454 Add Vvveb CMS Authenticated RCE (CVE-2025-8518) 2025-10-18 17:12:05 -07:00
Brendan 91c0adb17f Merge pull request #20585 from vognik/CVE_2025_60787 
Add MotionEye Authenticated RCE (CVE-2025-60787)
 2025-10-09 13:50:25 -05:00
Vognik 267a26b763 code review changes from smcintyre-r7@ 2025-10-09 21:51:31 +04:00
Spencer McIntyre 75c1415de4 Add the new exe templates 2025-08-28 17:41:48 -04:00
Spencer McIntyre cf8aa2fc48 Fix the build script 2025-08-28 17:41:28 -04:00
Spencer McIntyre 3af8bd97ad Consistently use the same technique for exe-service 2025-08-28 17:39:57 -04:00
Spencer McIntyre 0e95f25d4b Add the exe_service template to the build script 2025-08-28 17:28:55 -04:00
Spencer McIntyre 0192f314ce Begin normalizing PE templates 2025-08-28 17:28:37 -04:00
Alex 8d0aaac0db Update data/templates/src/pe/exe/template_aarch64_windows.asm 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2025-07-10 14:37:23 +02:00
dledda-r7 ea68ee5dc7 chore: update template_aarch64_windows.exe 2025-07-09 08:54:54 -04:00
Alex 7b76a832ac Add ASM template 2025-06-28 10:15:28 +02:00
Alex 1dadec8369 Revive windows/aarch64/exec Payload 2025-06-27 23:57:12 +02:00
Diego Ledda fda250d604 Merge pull request #19910 from msutovsky-r7/fix/add-PPC64-template 
Fixing PPC64 template and payloads
 2025-06-25 12:33:39 +02:00
Diego Ledda 6d843385ec Merge pull request #20301 from msutovsky-r7/exploit/cve-2021-25094 
Adds module for Tatsu WP plugin (CVE-2021-25094)
 2025-06-25 10:58:22 +02:00
cgranleese-r7 a454217bd4 Update info -d markdown 2025-06-24 11:21:49 +01:00
Martin Sutovsky 00852f4682 Adding PPC64 template, fixing PPC64 single payloads 2025-06-19 17:17:19 +02:00
Martin Sutovsky 0b2e4bc337 Adds module for CVE-2021-25094 2025-06-11 19:03:00 +02:00
Spencer McIntyre 0a280ae800 Merge pull request #19996 from hantwister/patch-1 
Detect the CxUIUSvcChannel named pipe
 2025-06-05 11:56:50 -04:00
Diego Ledda 9b7e27e946 Merge pull request #20185 from Chocapikk/wp_depicter_sqli_cve_2025_2011 
Add WP Depicter Plugin Unauth SQL Injection (CVE-2025-2011)
 2025-05-28 18:38:52 +02:00
cgranleese-r7 f6faa5598b Fixes modules to now correctly use a hash with report note 2025-05-22 10:59:50 +01:00
Chocapikk 1888abaa4d Add WP Depicter Plugin Unauth SQL Injection (CVE-2025-2011) 2025-05-14 15:54:40 +02:00
msutovsky-r7 fe5f56cac0 Land #20159, adds module for privilege escalation in Wordpress (CVE-2025-2563) 
Add Unauthenticated privesc for WP User Registration & Membership plugin (CVE-2025-2563)
 2025-05-14 15:33:30 +02:00
Brendan 1982d81e22 Merge pull request #20098 from smashery/execute-assembly32 
Execute assembly32
 2025-05-13 16:49:25 -05:00
Chocapikk e335841bb0 Add Unauthenticated privesc for WP User Registration & Membership plugin (CVE-2025-2563) 2025-05-13 21:42:09 +02:00
Chocapikk 4d0c7bb71a Add WP SureTriggers ≤1.0.78 admin-creation & RCE module (CVE-2025-3102) 2025-05-07 17:45:30 +02:00
Ashley Donaldson 1ab3fc1a72 Add built HostingCLR binaries 2025-05-01 08:28:12 +10:00