adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
69,533 Commits 27 Branches 1,043 Tags
8aef054dfdfe83d73674bb15df2411e237120bf2
Commit Graph

3127 Commits

Author SHA1 Message Date
bwatters 01a78f972c Land #17567, ManageEngine Endpoint Central RCE (CVE-2022-47966) 
Merge branch 'land-17567' into upstream-master
 2023-02-08 13:06:53 -06:00
bwatters 8ee67085c8 Land #17556, ManageEngine ADSelfService Plus RCE (CVE-2022-47966) 
Merge branch 'land-17556' into upstream-master
 2023-02-07 16:57:22 -06:00
Matthew Dunn 52fa2e5be6 Add example for version 5.5.6 with CVE-2021-25297 2023-02-07 14:18:53 -06:00
Grant Willcox 489ab24876 Add in additional case documentation for the various targets and CVEs and fix a bug in the code 2023-02-07 14:18:45 -06:00
Matthew Dunn 8ba7a28caf Add quotes to set-time command in docs 2023-02-07 14:18:45 -06:00
Matthew Dunn 90e07ef5ed Switch to match over scan and add troubleshooting steps 2023-02-07 14:18:37 -06:00
Matthew Dunn 1cb06b11ac Adjust exploit and docs to support versions 5.5.6-5.7.5 2023-02-07 14:18:09 -06:00
Matthew Dunn 87176f9d7f Address Review Comments and add CVE-2021-25297 coverage 2023-02-07 14:18:06 -06:00
Matthew Dunn b042e71b2a Make Module work for both target url parameters 2023-02-07 14:18:04 -06:00
Matthew Dunn b606d1ff6b Add Documentation for Module 
Fix CVE format

Add Documentation
 2023-02-07 14:18:04 -06:00
bwatters 53c67653f5 Land #17527, ManageEngine ServiceDesk Plus RCE (CVE-2022-47966) 
Merge branch 'land-17527' into upstream-master
 2023-02-06 17:37:31 -06:00
bwatters 8b116a7dcd Minor punctuation change 2023-02-06 16:32:39 -06:00
h00die-gr3y d763faf245 sync documentation 2023-02-06 06:56:59 +00:00
h00die a5a7d5dd10 correct cleanup and stabilization 2023-02-05 08:15:38 -05:00
h00die 561b42f105 use exploit retry function 2023-02-04 18:17:42 -05:00
h00die 6aa6f5176b touch up verbiage and stuff 2023-02-04 18:17:42 -05:00
h00die 2b09af78e1 tomcat 8 priv esc on ubuntu 2023-02-04 18:17:41 -05:00
cgranleese-r7 80dbbca020 Land #17371, Lenovo Diagnostics Driver Privilege Escalation (CVE-2022-3699) 2023-02-03 13:43:04 +00:00
Jack Heysel 6ab7e177f4 Land #17392, add F5 Big-IP priv esc module 
Add a privilege escalation module for F5 that uses
the unsecured MCP socket to create a new root account
 2023-02-02 15:10:33 -05:00
Jack Heysel f4ad778bd0 Added missing session types 2023-02-02 13:29:43 -05:00
Jack Heysel af2ef53462 Land #17415, macOS dirty cow priv esc 2023-02-02 12:15:19 -05:00
Jack Heysel 4de5e44bda Documentation 2023-02-02 10:38:26 -05:00
adfoster-r7 6870efc34a Land #17426, Update all references to old Wiki to point to new docs site 2023-02-01 23:49:20 +00:00
Ron Bowes cf172d22c8 Get rid of #String.hash in favour of UnixCrypt 2023-02-01 11:02:04 -08:00
Ron Bowes 1094221468 Merge branch 'rapid7:master' into f5-createuser-privesc 2023-02-01 10:20:43 -08:00
Ron Bowes 638a1c519d Update documentation/modules/exploit/linux/local/f5_create_user.md 
Better demo exploit

Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-02-01 10:14:25 -08:00
h00die 5a374533af cve-2022-1043 2023-01-31 16:02:25 -05:00
h00die 8d58eb6279 cve-2022-1043 2023-01-31 16:02:25 -05:00
Jack Heysel 022760d24a Land #17300, linux LPE cve-2022-22942 module 
This PR adds a linux priv esc against VMWare virtual machines
 with kernel 4.14-rc1 - 5.17-rc1 due to a VMWare driver bug.
 2023-01-31 14:07:55 -05:00
adfoster-r7 bbf17c167c Land #17511, add exploit for CVE-2022-44877 command injection in CentOS Control Web Panel 2023-01-31 14:05:19 +00:00
Christophe De La Fuente f676568d89 Fix CVE 2023-01-30 12:18:08 +01:00
Christophe De La Fuente a5ba1245c2 Fix CVE 2023-01-30 12:15:14 +01:00
h00die-gr3y a2f4a27614 updated module and added documentation 2023-01-29 10:06:14 +00:00
bcoles e11aaa8027 modules/exploits/multi/local: Resolve Rubocop and msftidy_docs violations 2023-01-28 15:02:24 +11:00
Grant Willcox 6043d0ffba Update all links from Wiki site to new docs site. 2023-01-27 09:58:53 -06:00
Christophe De La Fuente e01239cf7b Add exploit module and documentation 2023-01-26 21:53:14 +01:00
adfoster-r7 672fb9ce9f Land #17460, add support for feature kerberos authentication 2023-01-26 17:47:27 +00:00
Christophe De La Fuente 2be22752be Add Linuc specifics and documentation 2023-01-26 16:16:00 +01:00
Spencer McIntyre f81195d0cc Fix a typo 2023-01-25 13:45:18 -05:00
space-r7 153af9fb68 Land #17407, add Cacti unauth command injection 2023-01-23 13:06:46 -06:00
Spencer McIntyre 6fe0933c1e Add exploit for CVE-2022-44877 2023-01-20 09:04:24 -05:00
Jack Heysel 4da94325f3 Rubocop 2023-01-19 13:52:58 -05:00
Jack Heysel 63d9445911 Fix for Win Server 2022 and 2019 2023-01-19 00:52:38 -05:00
Jack Heysel 2c2bfec4a0 Tested on Windows Build 19044, 19045 and 22000 2023-01-18 01:41:30 -05:00
h00die be7ca91a8f cve-2022-22942 2023-01-17 15:30:36 -05:00
Grant Willcox 7e23c34e6c Apply fixes per code review 2023-01-17 12:44:22 -06:00
h00die-gr3y da3ae22135 added documentation 2023-01-17 12:44:20 -06:00
h00die 0ac4d3d2e6 doc how to set permissions on service 2023-01-13 17:07:17 -05:00
Spencer McIntyre 3ddcf73c2b Remove the QUICK option altogether 
Use blocks to check whether each service is exploitable as they are
enumerated. With this change, it is the service and path enumeration
halts once an exploitable one is found that yields a session.

Also all files are registered for cleanup.
 2023-01-13 17:06:42 -05:00
h00die 90a12cf3b0 unquoted service path tweaks 2023-01-13 17:06:42 -05:00