adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
75,481 Commits 27 Branches 1,043 Tags
94e5e49052d4f0f165a3220a488ec33a53b082a2
Commit Graph

18938 Commits

Author SHA1 Message Date
h00die 94e5e49052 ubuntu needrestart lpe 2024-11-22 15:44:45 -05:00
Spencer McIntyre 502e415344 Merge pull request #19630 from remmons-r7/cups_ipp_rce 
Exploit module for IPP attributes remote code execution - OpenPrinting CUPS
 2024-11-22 09:22:21 -05:00
Spencer McIntyre 0ec9b1bcb9 Fix a multicast socket issue 2024-11-21 15:14:46 -05:00
Spencer McIntyre 24d3ef16cf Remove some unnecessary code, switch to passive stance 2024-11-21 15:08:43 -05:00
jheysel-r7 d95d549992 Land #19531 ProjectSend r1335 - r1605 RCE module 2024-11-21 09:53:36 -08:00
ostrichgolf 68eb6599fd Create projectsend_unauth_rce 2024-11-21 09:34:58 -08:00
jheysel-r7 afbbba09e8 Land #19584 Judge0 sandbox escape CVE-2024-28185, CVE-2024-28189 2024-11-20 14:35:38 -08:00
Takah1ro da6f8cd552 Add Judge0 module and document 2024-11-20 14:15:38 -08:00
jheysel-r7 05cbd1d9a3 Land #19593 Add exploit for CVE-2023-28324 (Unauthenticated RCE in Ivanti EPM) 
This exploits an unauthenticated RCE in Ivanti's EPM where a .NET remoting client can invoke a method that results in an OS command being executed in the context of NT AUTHORITY\SYSTEM.
 2024-11-20 11:18:58 -08:00
Spencer McIntyre e52edf447c Implement feedback from the PR 2024-11-20 13:51:39 -05:00
Spencer McIntyre 5d9add4450 Merge pull request #19640 from jheysel-r7/pyload_js2py_cve_2024_39205 
Pyload RCE (CVE-2024-39205) with js2py sandbox escape (CVE-2024-28397)
 2024-11-15 09:24:37 -05:00
Jack Heysel 92e42a63ea Rubocop 2024-11-14 12:47:35 -08:00
Jack Heysel 4e1f33336c Ofuscation and Gemfile update 2024-11-14 12:44:19 -08:00
Jack Heysel 2ba8a6c08d Responded to comments 2024-11-13 17:23:08 -08:00
Jack Heysel 497ce5e9da Linting and Rex::RandomIdentifier update 2024-11-13 08:28:52 -08:00
Jack Heysel d2ef3cb6a9 Pyload RCE (CVE-2024-39205) with js2py sandbox escape (CVE-2024-28397) 2024-11-12 16:05:07 -08:00
Brendan 19e182ce65 Land #19557, Add Palo Alto Expedition RCE (CVE-2024-5910 & CVE-2024-9464) Module 
Palo Alto Expedition RCE (CVE-2024-5910 & CVE-2024-9464) Module
 2024-11-12 16:42:06 -06:00
h4x-x0r 6f6f92823a fixed typo 
fixed typo
 2024-11-12 15:15:15 +00:00
h4x-x0r fb102ec409 Update modules/exploits/linux/http/paloalto_expedition_rce.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2024-11-12 09:03:22 -06:00
remmons-r7 720312ba1c Create cups_ipp_remote_code_execution.rb 2024-11-11 15:51:09 -06:00
bwatters-r7 03928a56bd Add staging file delete and code cleanup 2024-11-11 14:42:19 -06:00
bwatters-r7 0308f46f74 Stage cmd payloads to a file before executing 2024-11-08 19:27:58 -06:00
Spencer McIntyre e709a18128 Merge pull request #19404 from bwatters-r7/smb2http_relay 
SMB to NTLM HTTP Relay with ESC8 module
 2024-11-05 14:12:08 -05:00
Spencer McIntyre 5550e073dd Implement suggested changes 2024-10-31 11:29:34 -04:00
jheysel-r7 222df0bfdf Land #19527 Add bypass for GiveWP RCE (CVE-2024-8353) 
This updates the exploit module wp_giveup_rce_bypass to incorporate the bypass CVE, allowing the payload to work on all affected versions of the GiveWP plugin.
 2024-10-30 16:29:14 -04:00
Jack Heysel f643aee5a4 Lint 2024-10-30 16:17:36 -04:00
jheysel-r7 9c0dc56aa6 Update modules/exploits/multi/http/wp_givewp_rce.rb 2024-10-30 16:04:28 -04:00
jheysel-r7 094250f7e7 Land #19489 Add WordPress wp-automatic SQLi to RCE module 2024-10-30 09:05:03 -04:00
Chocapikk bcd1fab0b8 Add suggestions 2024-10-29 20:42:13 +01:00
Spencer McIntyre 9f41937c7a Finish up the exploit module 2024-10-28 17:20:35 -04:00
adfoster-r7 6e1ea9297f Merge pull request #19360 from gardnerapp/osx_daemon_privesc 
Add LaunchDaemon Persistence to exploits/osx/local/persistence.rb
 2024-10-25 22:42:38 +01:00
Spencer McIntyre 27d5c95323 Refactor into an SMB server relay mixin 2024-10-24 16:25:40 -04:00
Spencer McIntyre 8ba0019ca0 Refactor the existing relay target client code 2024-10-24 16:25:40 -04:00
h4x-x0r 661075a45c handling additional case 
handling additional case when autocheck is disabled and no credentials are provided
 2024-10-22 03:42:39 +01:00
h4x-x0r 4d7d7f2c06 updated 
using instance variables instead of updating the datastores
 2024-10-21 22:07:43 +01:00
h4x-x0r 7028b807ed linting 
linting
 2024-10-21 21:45:04 +01:00
h4x-x0r b6d3a0ef36 safety flag 
added a safety flag for the password reset in case no credentials are provided
 2024-10-21 21:43:48 +01:00
h4x-x0r 202e5e55ac Added exception handling 
Added exception handling
 2024-10-20 19:50:43 +01:00
Diego Ledda 59d026acd3 Land #19544, Magento Arbitrary File Read (CVE-2024-34102) + PHP Buffer Overflow iconv() of GLIBC (CVE-2024-2961) 2024-10-18 14:39:54 +02:00
Spencer McIntyre 77f63442d7 Add the initial higher level client 2024-10-17 12:54:25 -04:00
Spencer McIntyre 619620733d Add the initial Ivanti Agent Portal RCE 2024-10-17 12:54:25 -04:00
adfoster-r7 7b400f18fe Fix metabase rce to support older versions 2024-10-17 10:10:50 +01:00
Jack Heysel ee68e47521 Added http_server cleanup 2024-10-15 10:28:39 -07:00
Jack Heysel 7a89db5080 Updated print statements 2024-10-15 09:21:07 -07:00
Jack Heysel 3635dd1c23 Merge branch 'magento_xxe_to_rce' 2024-10-15 09:17:40 -07:00
Jack Heysel 3f6f060933 Updated check method 2024-10-15 09:17:02 -07:00
Diego Ledda 9a245e6e06 Land #19485, Module BYOB Unauthenticated RCE (CVE-2024-45256, CVE-2024-45257) 
Land #19485, Module BYOB Unauthenticated RCE (CVE-2024-45256, CVE-2024-45257)
 2024-10-15 17:13:15 +02:00
h4x-x0r 7929df2bfd improved reliability 
improved reliability
 2024-10-15 06:26:46 +01:00
Valentin Lobstein 0686cdbb82 Update modules/exploits/multi/http/wp_automatic_sqli_to_rce.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2024-10-14 18:13:19 +02:00
Valentin Lobstein fdb450955e Update modules/exploits/multi/http/wp_automatic_sqli_to_rce.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2024-10-14 18:13:19 +02:00