adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
74,035 Commits 27 Branches 1,043 Tags
91cb94e72544a42b7deba67cc92b74162d239e32
Commit Graph

3731 Commits

Author SHA1 Message Date
Jack Heysel 6e9e4a5aed Land #19102, Northstar C2 Stored XSS to Agent RCE 
Add exploit module for CVE-2024-28741, Northstar C2 Stored XSS to Agent
RCE
 2024-05-21 14:57:44 -04:00
Jack Heysel 10acd86390 Land #19071, Add AVideo RCE module 
Add module for CVE-2024-31819 which exploits an LFI in AVideo which uses
PHP Filter Chaining to turn the LFI into unauthenticated RCE
 2024-05-21 14:27:15 -04:00
cgranleese-r7 67154a12e0 Land #19104, CHAOS rat xss to rce 2024-05-21 11:10:57 +01:00
h00die a89d418725 review of northstar c2 2024-05-16 15:17:28 -04:00
Chocapikk da31761336 Lint 2024-05-15 22:13:53 +02:00
Valentin Lobstein 3560860e33 Update documentation/modules/exploit/multi/http/avideo_wwbnindex_unauth_rce.md 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-05-15 22:07:29 +02:00
h00die d1739f32c2 review of chaos rat 2024-05-13 16:55:43 -04:00
Spencer McIntyre 80fdde5fdc Land #19100, Add Loadmaster sudo priv esc 
Add Kemp Progress Loadmaster sudo abuse priv esc
 2024-05-10 10:21:38 -04:00
bwatters b28e263a2b Update debug statements and add protection against bad die name 2024-05-10 08:54:23 -05:00
Spencer McIntyre 47c8d7252b Land #18519, Docker kernel module escape 2024-05-06 09:08:08 -04:00
bwatters b044bcab01 Add command payloads and checks for overwritten files 2024-05-03 13:06:16 -05:00
Spencer McIntyre ca669d8f08 Update docs to reflect changes 2024-05-01 13:45:20 -04:00
bwatters d94971598b Add documentation and fix some debug prints 2024-04-29 15:28:34 -05:00
bwatters 364d491af7 Land #18972, Progress LoadMaster unauthenticated command injection module CVE-2024-1212 
Merge branch 'land-18972' into upstream-master
 2024-04-26 18:18:40 -05:00
h00die 19af4ae4e6 mermaid flow chart 2024-04-24 16:54:02 -04:00
h00die 9fb217fb59 northstar c2 exploit 2024-04-24 16:54:02 -04:00
h00die 512da4bc45 chaos rat xss to rce 2024-04-24 16:51:58 -04:00
RadioLogic 1c8c91096f Removed port being in documentation as it made no sense 2024-04-23 18:47:30 -04:00
Zach Goldman 26a108aadc Land #19046, Apache Solr Backup Restore RCE [CVE-2023-50386] 2024-04-23 14:08:33 -04:00
Dave Yesland a36244073f Merge pull request #1 from bwatters-r7/update-18972 
Remove Priv Esc to add it to another module and update it to only run…
 2024-04-22 17:53:48 -07:00
Dave Yesland c10bde97ff Merge branch 'rapid7:master' into module/progress_kemp_loadmaster_unauth_cmd_injection 2024-04-22 17:53:32 -07:00
Jack Heysel b8675f0fd7 Land #19005, Add Gambio Webshop Unauth RCE 
A Remote Code Execution vulnerability in Gambio online webshop version
4.9.2.0 and lower allows remote attackers to run arbitrary commands via
unauthenticated HTTP POST request
 2024-04-19 12:18:17 -07:00
Zach Goldman 488653d942 Land #19082, FortiNet FortiClient EMS SQLi to RCE [CVE-2023-48788] 2024-04-19 15:03:22 -04:00
bwatters 4733d1dc04 Land #19101, Exploit module for CVE-2024-4300 - Palo Alto Networks PAN-OS 
Merge branch 'land-19101' into upstream-master
 2024-04-19 12:49:41 -05:00
remmons-r7 2ad13ac836 Added note about shell from a different IP than RHOST IP 2024-04-19 11:45:56 -05:00
remmons-r7 4f3ee3f78a Incorporate documentation wording change from suggestion 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2024-04-19 08:50:20 -05:00
Jack Heysel 27f5ad8e05 Land #18996, VSCode Malicious Ext module 
This PR adds a new exploit that creates a malicious vsix file. a vsix
file is a VS and VSCode extension file. Once installed, the users
computer will call back with a shell. Its not a bug, its a feature!
 2024-04-18 18:10:46 -07:00
Jack Heysel bcaa5359da Land #18997, Add GitLens VSCode Extension Exploit 
GitKraken GitLens before v.14.0.0 allows an untrusted workspace to
execute git commands. A repo may include its own .git folder including a
malicious config file to execute arbitrary code.
 2024-04-18 17:19:41 -07:00
remmons-r7 982b6aef0a Incorporating PAN-OS module peer review suggestions, adding documentation for the module 2024-04-18 18:21:12 -05:00
h00die-gr3y 331c961412 update module and documentation with tax country logic 2024-04-18 19:13:19 +00:00
h00die bae1a2e20f gitlens review 2024-04-17 16:06:32 -04:00
Spencer McIntyre 727849202d Land #19087, chore: remove repetitive words 2024-04-17 09:59:46 -04:00
Jack Heysel 84ea514180 Land #19026, Add pgadmin exploit CVE-2024-2044 
This adds an exploit for pgAdmin <= 8.3 which is a path traversal
vulnerability in the session management that allows a Python pickle
object to be loaded and deserialized. This also adds a new Python
deserialization gadget chain to execute the code in a new thread so the
target application doesn't block the HTTP request.
 2024-04-16 14:12:41 -07:00
Spencer McIntyre 9cf4372f2b Clean up some of the module's documentation 2024-04-16 13:36:21 -04:00
bwatters 409f0e45a6 Remove Priv Esc to add it to another module and update it to only run once 2024-04-15 15:44:22 -05:00
fanqiaojun 6b2bdc893b chore: remove repetitive words 
Signed-off-by: fanqiaojun <fanqiaojun@yeah.net>
 2024-04-15 11:06:50 +08:00
Jack Heysel 1174344b76 Land #18918, Add CrushFTP Module CVE-2023-43177 
This exploit module leverages an Improperly Controlled Modification of
Dynamically-Determined Object Attributes vulnerability (CVE-2023-43177)
to achieve unauthenticated remote code execution. This affects CrushFTP
versions prior to 10.5.1.
 2024-04-12 12:26:16 -07:00
Jack Heysel dae9657433 FortiClient EMS Exploit Module 2024-04-12 10:00:07 -07:00
Chocapikk 162fc91193 Add CVE-2024-31819 2024-04-09 22:09:10 +02:00
Jack Heysel 7f62dd2143 Responded to comments 2024-04-04 13:39:22 -07:00
h00die-gr3y 978fb46e52 added documentation 2024-04-04 17:35:12 +00:00
Jack Heysel 03fced404a Apache Solr Backup Restore RCE 
Writing file to disk working

working on linux

wip authentcaiton

Consolodated conf folders into one

Renamed conf1 to conf in msf data dir

Randomize the configuration name

Docs plus finishing touches

rubocop

Updated exploit file location

Removed unused external dir

Reduced conf folder
 2024-04-02 11:33:52 -07:00
Spencer McIntyre 43d1bd9a2e Add docs and fix CSRF token for v7.0 2024-03-29 14:05:39 -04:00
Christophe De La Fuente e6e13e7b45 Fixes from code review 2024-03-29 12:18:16 +01:00
Jack Heysel d7f3fd8cc0 Land #18915, Add Watchguard RCE CVE-2022-26318 
This PR adds a module for a buffer overflow at the administration
interface of WatchGuard Firebox and XTM appliances. The appliances are
built from a cherrypy python backend sending XML-RPC requests to a C
binary called wgagent using pre-authentication endpoint /agent/login.
This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before
12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. Successful
exploitation results in remote code execution as user nobody.
 2024-03-28 10:24:32 -07:00
Jack Heysel abb2eb7ffd Land #18891, Add RCE module for wp bricks builder 
This PR adds the wp_bricks_builder_rce exploit module that targets a
known vulnerability in the WordPress Bricks Builder Theme, versions
prior to 1.9.6.
 2024-03-26 14:46:35 -07:00
h00die-gr3y 4546fd1600 small updates documentation 2024-03-26 19:34:12 +00:00
bwatters e58c6b9df2 Land #18721, SharePoint Unauth RCE Exploit Chain (CVE-2023-29357 & CVE-2023-24955) 
Merge branch 'land-18721' into upstream-master
 2024-03-26 12:42:22 -05:00
bwatters e775c7c20a Land #18967, Artica Proxy unauthenticated RCE [CVE-2024-2054] 
Merge branch 'land-18967' into upstream-master
 2024-03-25 15:25:27 -05:00
Christophe De La Fuente 57a45a0b55 CrushFTP exploit module CVE-2023-43177 and documentation 2024-03-25 12:41:24 +01:00