adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
75,481 Commits 27 Branches 1,043 Tags
94e5e49052d4f0f165a3220a488ec33a53b082a2
Commit Graph

6709 Commits

Author SHA1 Message Date
h00die 94e5e49052 ubuntu needrestart lpe 2024-11-22 15:44:45 -05:00
Spencer McIntyre 502e415344 Merge pull request #19630 from remmons-r7/cups_ipp_rce 
Exploit module for IPP attributes remote code execution - OpenPrinting CUPS
 2024-11-22 09:22:21 -05:00
jheysel-r7 d95d549992 Land #19531 ProjectSend r1335 - r1605 RCE module 2024-11-21 09:53:36 -08:00
ostrichgolf 68eb6599fd Create projectsend_unauth_rce 2024-11-21 09:34:58 -08:00
adfoster-r7 d9d7f1a898 Merge pull request #19654 from h00die/strapi 
strapi 3.0.0 beta 17.4 password reset (CVE-2019-18818)
 2024-11-21 12:35:30 +00:00
jheysel-r7 afbbba09e8 Land #19584 Judge0 sandbox escape CVE-2024-28185, CVE-2024-28189 2024-11-20 14:35:38 -08:00
Takah1ro da6f8cd552 Add Judge0 module and document 2024-11-20 14:15:38 -08:00
jheysel-r7 05cbd1d9a3 Land #19593 Add exploit for CVE-2023-28324 (Unauthenticated RCE in Ivanti EPM) 
This exploits an unauthenticated RCE in Ivanti's EPM where a .NET remoting client can invoke a method that results in an OS command being executed in the context of NT AUTHORITY\SYSTEM.
 2024-11-20 11:18:58 -08:00
Spencer McIntyre e52edf447c Implement feedback from the PR 2024-11-20 13:51:39 -05:00
Spencer McIntyre f7e210d3e9 Merge pull request #19624 from cdelafuente-r7/fix/mod/ms_icpr 
Fix a crash when generating CSRs with OpenSSL 3.4.0
 2024-11-19 10:58:52 -05:00
Spencer McIntyre dd7e1786e1 Merge pull request #19643 from smashery/dcsync_individual 
DCsync individual accounts and groups
 2024-11-18 09:25:21 -05:00
h00die 219981227d Update documentation/modules/auxiliary/scanner/http/strapi_3_password_reset.md 
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com>
 2024-11-16 15:36:00 -05:00
h00die 6629d5dff2 strapi password reset 2024-11-15 15:12:34 -05:00
Spencer McIntyre 5d9add4450 Merge pull request #19640 from jheysel-r7/pyload_js2py_cve_2024_39205 
Pyload RCE (CVE-2024-39205) with js2py sandbox escape (CVE-2024-28397)
 2024-11-15 09:24:37 -05:00
Ashley Donaldson 3e3e81ff22 Update documentation with new datastore options 2024-11-14 15:15:06 +11:00
Jack Heysel d2ef3cb6a9 Pyload RCE (CVE-2024-39205) with js2py sandbox escape (CVE-2024-28397) 2024-11-12 16:05:07 -08:00
Brendan 19e182ce65 Land #19557, Add Palo Alto Expedition RCE (CVE-2024-5910 & CVE-2024-9464) Module 
Palo Alto Expedition RCE (CVE-2024-5910 & CVE-2024-9464) Module
 2024-11-12 16:42:06 -06:00
Christophe De La Fuente 24e19e4ebb Update the ESC8 relay module to use the new helper 
It also fixes some unrelated minor issues found in the module and the documentation
 2024-11-12 18:23:31 +01:00
h4x-x0r a09ca39dee Update documentation/modules/exploit/linux/http/paloalto_expedition_rce.md 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2024-11-12 09:03:51 -06:00
h4x-x0r 61486cd877 Update documentation/modules/exploit/linux/http/paloalto_expedition_rce.md 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2024-11-12 09:03:35 -06:00
remmons-r7 b712f9a745 Create cups_ipp_remote_code_execution.md 2024-11-11 15:53:14 -06:00
Spencer McIntyre e709a18128 Merge pull request #19404 from bwatters-r7/smb2http_relay 
SMB to NTLM HTTP Relay with ESC8 module
 2024-11-05 14:12:08 -05:00
Spencer McIntyre 006ed90f1c Move the ESC8 module and document the attack 2024-11-04 09:37:12 -05:00
jheysel-r7 ea45d83562 Land #19499, Adds SolarWinds Help Desk Backdoor module 
This adds a new module which exploits a backdoor in SolarWinds Web Help Desk (CVE-2024-28987) <= v12.8.3 which enables attackers to retrieve all tickets currently logged in the application.
 2024-10-31 12:17:32 -04:00
jheysel-r7 2e8892cb01 Land #19517, Add WooCommerce SQLi module 
This adds a new auxiliary module that exploits an unauthenticated SQL injection vulnerability in the TI WooCommerce Wishlist plugin for WordPress (versions <= 2.8.2). The vulnerability allows attackers to execute SQL queries via the order parameter which can be used to dump usernames and their hashed passwords.
 2024-10-31 12:09:55 -04:00
jheysel-r7 222df0bfdf Land #19527 Add bypass for GiveWP RCE (CVE-2024-8353) 
This updates the exploit module wp_giveup_rce_bypass to incorporate the bypass CVE, allowing the payload to work on all affected versions of the GiveWP plugin.
 2024-10-30 16:29:14 -04:00
adfoster-r7 7b745b2dcb Merge pull request #19506 from xaitax/enum_browsers 
Add Browser Data Extraction for Chromium- and Gecko-based Browsers
 2024-10-30 15:30:56 +00:00
jheysel-r7 d107ac8470 Land #19488 Add aux module for unauth SQLi in Ultimate Member plugin 2024-10-30 09:06:17 -04:00
jheysel-r7 094250f7e7 Land #19489 Add WordPress wp-automatic SQLi to RCE module 2024-10-30 09:05:03 -04:00
jheysel-r7 87af327507 Merge branch 'master' into wp_ultimate_member_sorting_sqli 2024-10-29 16:34:10 -04:00
Chocapikk 7ccb2991f6 Improve nonce detection, fix bug 2024-10-29 19:41:47 +01:00
Spencer McIntyre 9f41937c7a Finish up the exploit module 2024-10-28 17:20:35 -04:00
Alex 6fb49a27e0 [Added] Improvements after review 2024-10-24 13:48:50 +02:00
Christophe De La Fuente ae213813b5 Updates from code review 2024-10-22 14:41:02 +02:00
h4x-x0r 661075a45c handling additional case 
handling additional case when autocheck is disabled and no credentials are provided
 2024-10-22 03:42:39 +01:00
h4x-x0r d950bf7bb3 updated 
updated
 2024-10-21 20:51:41 +01:00
Alex 87b2cb7f5a Fix Readme 2024-10-20 23:19:17 +02:00
Alex ecd9f99d16 [Added] Extract Browser Cache 2024-10-20 23:15:18 +02:00
Alex a2d8d7dd76 [Added] Extract Installed Browser Extensions (Name & Version) 2024-10-20 21:23:06 +02:00
Diego Ledda 59d026acd3 Land #19544, Magento Arbitrary File Read (CVE-2024-34102) + PHP Buffer Overflow iconv() of GLIBC (CVE-2024-2961) 2024-10-18 14:39:54 +02:00
Spencer McIntyre 6ca0bb74fd Add workflow docs 2024-10-17 11:23:31 -04:00
Spencer McIntyre 2e4315b3c9 Add support to icpr_cert for ESC15 2024-10-17 11:23:31 -04:00
cgranleese-r7 3bd875c4e6 Land #19563, Update metabase setuptoken rce to support older versions 2024-10-17 10:42:26 +01:00
Diego Ledda e85ee0271d Land #19482, LearnPress SQLi module (CVE-2024-8522, CVE-2024-8529) 2024-10-17 11:13:49 +02:00
adfoster-r7 7b400f18fe Fix metabase rce to support older versions 2024-10-17 10:10:50 +01:00
Diego Ledda 9a245e6e06 Land #19485, Module BYOB Unauthenticated RCE (CVE-2024-45256, CVE-2024-45257) 
Land #19485, Module BYOB Unauthenticated RCE (CVE-2024-45256, CVE-2024-45257)
 2024-10-15 17:13:15 +02:00
Chocapikk 145a23625d Add LearnPress SQLi module (CVE-2024-8522, CVE-2024-8529) 2024-10-14 18:15:01 +02:00
Chocapikk 668424a444 Add unauth SQLi exploit module for Ultimate Member plugin (CVE-2024-1071) 2024-10-14 18:14:10 +02:00
Chocapikk 6c099f2b73 Add WordPress wp-automatic SQLi to RCE module (CVE-2024-27956) 2024-10-14 18:13:17 +02:00
Chocapikk 95e64a0a3b Add module for TI WooCommerce Wishlist SQL Injection (CVE-2024-43917) 2024-10-14 18:11:41 +02:00