adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
75,481 Commits 27 Branches 1,043 Tags
94e5e49052d4f0f165a3220a488ec33a53b082a2
Commit Graph

7764 Commits

Author SHA1 Message Date
jheysel-r7 05cbd1d9a3 Land #19593 Add exploit for CVE-2023-28324 (Unauthenticated RCE in Ivanti EPM) 
This exploits an unauthenticated RCE in Ivanti's EPM where a .NET remoting client can invoke a method that results in an OS command being executed in the context of NT AUTHORITY\SYSTEM.
 2024-11-20 11:18:58 -08:00
Spencer McIntyre e52edf447c Implement feedback from the PR 2024-11-20 13:51:39 -05:00
Spencer McIntyre 5550e073dd Implement suggested changes 2024-10-31 11:29:34 -04:00
Spencer McIntyre 9f41937c7a Finish up the exploit module 2024-10-28 17:20:35 -04:00
Spencer McIntyre 27d5c95323 Refactor into an SMB server relay mixin 2024-10-24 16:25:40 -04:00
Spencer McIntyre 8ba0019ca0 Refactor the existing relay target client code 2024-10-24 16:25:40 -04:00
Spencer McIntyre 77f63442d7 Add the initial higher level client 2024-10-17 12:54:25 -04:00
Spencer McIntyre 619620733d Add the initial Ivanti Agent Portal RCE 2024-10-17 12:54:25 -04:00
dledda-r7 0bf524482c Land #19345, Post module Windows LPE CVE-2024-30088 2024-09-17 08:13:21 -04:00
Jack Heysel 9fad484029 Land #19439, Update bypassuac_comhijack supported arch 
This explicitly defines x86 and x64 as supported architectures for the
bypassuac_comhijack module. Prior to this change there were no defined
architectures and if you tried to use an x64 based payload the module
would fail.
 2024-09-05 09:41:41 -07:00
Jack Heysel 152710403d Land #19330, Add SSL opt in start_service 
The start_service method now allows users to specify their SSL
preferences directly through the opts parameter. If the ssl option is
not provided in opts, it will default to the value in datastore["SSL"]
 2024-09-05 09:08:07 -07:00
Jack Heysel 434593dcb4 Suggestion and rubocop fixes 2024-09-05 08:49:32 -07:00
Jack Heysel 05c3c9ac65 Updated reliability comment 2024-09-04 14:09:04 -07:00
Jack Heysel 2da95ebc6a Remove SLEEP datastore option 2024-09-04 13:39:01 -07:00
bcoles b1ec86ebc5 bypassuac_comhijack: Specify x86/x64 as supported payload architectures 2024-09-04 23:49:33 +10:00
Jack Heysel 9ad5b41064 Rubocop 2024-08-30 12:56:10 -07:00
Jack Heysel 7bfd814297 Removed memory polling 2024-08-30 12:52:18 -07:00
bwatters 6b83f09312 Land #19421, Updates to adobe_pdf_embedded_exe 
Merge branch 'land-19421' into upstream-master
 2024-08-28 18:40:55 -05:00
adfoster-r7 fabb5d1f78 Land #19422, pgAdmin 8.4 RCE / CVE-2024-3116 2024-08-28 18:54:53 +01:00
adfoster-r7 aaf95f9134 Apply suggestions from code review 2024-08-28 18:46:08 +01:00
igomeow d0d4c3083a Fixing error message 2024-08-28 18:33:31 +02:00
igomeow 2b7cf76fc8 Fixing wrong SideEffects and Reliability values 2024-08-28 18:20:20 +02:00
igomeow 251c1c0c1e Adding check for host operating system 2024-08-28 18:17:36 +02:00
igomeow 6326cac8d4 Fixing nil safe issue 2024-08-26 23:23:43 +02:00
igomeow 7e9f52dd0b Github release 2024-08-26 23:02:53 +02:00
Spencer McIntyre db7dc6596f Fix rubocop complaints 2024-08-26 16:59:04 -04:00
Spencer McIntyre b61e6b1cc2 Add ARCH_X64 and test it, refactor to drop EXENAME 2024-08-26 16:25:03 -04:00
igomeow d1ce041fd0 Inital commit and Rubocop fixes 2024-08-26 19:27:20 +02:00
Jack Heysel 6689614d8f Responded to comments 2024-08-22 13:06:29 -07:00
Jack Heysel 31348dac33 Windows LPE CVE-2024-30088 2024-08-21 23:16:37 -07:00
dledda-r7 35da4662ed Land #19351, DIAEnergie SQL Injection 2024-08-21 09:44:15 -04:00
h4x-x0r 362b2427dc Error handling and code cleanup 
Error handling and code cleanup
 2024-08-19 22:47:19 +01:00
h4x-x0r 39d615e8d2 Added TARGETURI option 
Added TARGETURI option
 2024-08-13 20:29:30 +01:00
h4x-x0r 8e4503061a Removed debugging code 
Removed debugging code
 2024-08-07 15:23:15 +01:00
h4x-x0r 8732d7cd58 LG Simple Editor Command Injection (CVE-2023-40504) Module 
Exploit Module and Documentation for the LG Simple Editor Command Injection (CVE-2023-40504)
 2024-08-07 05:16:25 +01:00
h4x-x0r 35cbf63890 Minor fixes 
Specified a default payload
Randomized date and time
Wrapped cleanup in an ensure block
 2024-08-02 16:58:24 +01:00
h4x-x0r 80961b0fef Merge branch 'rapid7:master' into my_awesome_branch 2024-08-01 22:57:36 -05:00
dledda-r7 48c69b99fb Land #19344, FortiClient EMS FCTID SQLi to RCE fix for 7.2.x 2024-07-31 09:43:19 -04:00
h4x-x0r 341142dc23 DIAEnergie SQL Injection (CVE-2024-4548) Module 2024-07-30 13:28:10 -04:00
redwaysecurity.com a812617fee Removed "ssl_restore = true" 2024-07-26 17:30:25 +02:00
dledda-r7 2989c9ed1b Land #19337, MySCADA MyPRO Command Injection module 2024-07-26 10:07:19 -04:00
h4x-x0r 14945679ba Updated email generation part. 2024-07-25 23:54:27 -04:00
Jack Heysel 2ffe027eab Responded to comments 2024-07-25 09:14:27 -07:00
h4x-x0r 90ed8ae797 Revised the code to make it cleaner 2024-07-24 22:40:26 -04:00
Jack Heysel c05aebe248 Formatting 2024-07-24 11:16:26 -07:00
Jack Heysel e9cbb9287c Add support for 7.2.x 2024-07-24 10:45:38 -07:00
adfoster-r7 62a3f73e70 Update rubocop target ruby version 2024-07-24 16:47:17 +01:00
h4x-x0r c1bf8df690 Updated the module to take advantage of the check method 2024-07-23 23:52:05 -04:00
h4x-x0r d7e50cb126 mySCADA MyPRO <= v8.28.0 Command Injection (CVE-2023-28384) exploit module 2024-07-22 16:49:40 -04:00
Jack Heysel e6f2352248 WIP 2024-07-19 14:43:13 -07:00