adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
71,114 Commits 27 Branches 1,043 Tags
a3daab88e674ac06193e2db255dcbf14719aecbc
Commit Graph

3335 Commits

Author SHA1 Message Date
h00die-gr3y a3daab88e6 Added documentation and updated exploitable plugins list 2023-07-25 14:06:42 +01:00
bwatters 297c484a1c Land #18173, Add Openfire Authentication Bypass RCE [CVE-2023-32315] 
Merge branch 'land-18173' into upstream-master
 2023-07-18 18:13:20 -05:00
Jack Heysel 10c1b79c37 Land #17861, pfSense Config Data RCE as root 
This module exploits a vulnerability in pfSense version
2.6.0 and below which allows for authenticated users to
execute arbitrary operating systems commands as root.
 2023-07-12 14:32:06 -04:00
emirpolatt 34f25fbb65 pfSense Config Data Remote Command Execution as root (CVE-2023-27253) Module 2023-07-12 13:27:02 -04:00
h00die-gr3y a3ea55f2a6 added documentation 2023-07-08 12:30:54 +00:00
ismaildawoodjee 1706812099 Implemented requested changes 
* Small fixes in Description - removed backticks
* Implemented Windows Command target
* Removed PowerShell Stager, in Targets and in exploit method
* Implemented Rex::Socket::Tcp in place of TCPSocket

* Updated TARGET section in documentation
* Added TARGET 0 - Windows Command scenario
* Removed PowerShell Stager scenario
* Replaced 'Using configured payload' lines to use Windows Command payload
  for the 2nd, 3rd, and 4th scenarios. Did not rerun the scenarios, however
 2023-07-07 04:14:20 -04:00
Ismail Dawoodjee 24ef4e1b90 Update documentation/modules/exploit/windows/http/smartermail_rce.md 
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com>
 2023-07-06 18:49:49 +03:00
ismaildawoodjee ad0d3e79a9 SmarterMail RCE module and documentation 2023-07-06 08:00:28 -04:00
Jack Heysel f1b5cd46f4 Apache RocketMQ update config RCE 2023-07-05 12:38:51 -04:00
Jack Heysel bf1e6bddd1 Land #18134, Add exploit for CVE-2023-25194 
This exploits a Java deserialization vulnerbility
in Apache Druid which arises from a JNDI injection
within Apache Kafka clients.
 2023-06-23 16:52:04 -04:00
Heyder Andrade b026b38851 Apply suggestions from code review 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-06-23 09:36:50 +02:00
Spencer McIntyre b5e028b47c Land #18100, Add MOVEit CVE-2023-34362 2023-06-22 14:23:44 -04:00
Spencer McIntyre dfd450561e Tweak some messages and cleanup markdown table 2023-06-22 14:23:25 -04:00
Redwaysecurity.com 77bb6759a6 Review suggestions 2023-06-22 18:12:13 +02:00
bwatters 5f667e1d79 Address code review 2023-06-22 10:22:43 -05:00
dwelch-r7 e298788a28 Land #18049, Update jenkins login scanner to work with newer versions 2023-06-22 14:04:24 +01:00
Redwaysecurity.com e2fc3c5eff Fixed documentation offenses 2023-06-22 14:48:16 +02:00
Redwaysecurity.com a8332e6064 Added exploit for CVE-2023-25194 2023-06-22 14:17:32 +02:00
bwatters 2adea08f67 Add documentation & code cleanup 2023-06-21 15:41:50 -05:00
cgranleese-r7 0609d246f3 adds more future proofing to implementation 2023-06-21 14:19:24 +01:00
space-r7 7af22bfd41 Land #18077, add Symmetricom unauth cmd injection 2023-06-13 17:07:16 -05:00
space-r7 0d85c9e380 add module documentation 2023-06-13 13:14:51 -05:00
h00die-gr3y 4479d94658 Updates based on review comments from space-r7 and jvoisin 2023-06-12 19:28:08 +00:00
h00die-gr3y 7cd3854208 Removed Webshell upload and updated documentation 2023-06-12 13:58:59 +00:00
h00die-gr3y db8a49cc99 Updated documentation 2023-06-10 12:14:05 +00:00
h00die-gr3y 417c9fa591 init commit module and documentation 2023-06-10 09:42:32 +00:00
space-r7 c9af514be4 Land #18063, add TerraMaster webshell upload 2023-06-09 17:55:32 -05:00
Spencer McIntyre 4c817ce1de Land #17946, CVE-2023-21839 - Oracle Weblogic RCE 
CVE-2023-21839 - Oracle Weblogic PreAuth Remote Command Execution via ForeignOpaqueReference IIOP Deserialization
 2023-06-09 14:55:43 -04:00
space-r7 c8609d7983 Land #18070, add TerraMaster chained exp module 2023-06-09 12:29:47 -05:00
sfewer-r7 27f5a789c9 rework the exploit to use the new MIPS64 fetch payload adapters. Removed the seperate command and dropper targets in favor of a single default target which can do both thanks to fetch payloads. Removed the redundant IO select() call which was bad copy pasta on my part. 2023-06-09 09:47:57 +01:00
Stephen Fewer a1528556e0 Merge branch 'rapid7:master' into CVE-2023-28771 2023-06-09 09:42:19 +01:00
Grant Willcox a1e930397a Land #18072, Add CVE-2023-1133 - .NET Deserialization exploit for Delta Electronics InfraSuite Device Master 2023-06-08 08:42:07 -05:00
h00die-gr3y 0bcd930f61 Updated NAS model and version check 2023-06-08 09:12:45 +00:00
h00die-gr3y b3b0cb4ccf Updates based on space-r7 comments 2023-06-08 07:39:44 +00:00
space-r7 74dd134783 add options in scenarios output 2023-06-07 17:15:28 -05:00
Grant Willcox 4465582fee Add in link to archived version of the installer 2023-06-07 16:51:01 -05:00
Shelby Pace 2738906f87 Update documentation/modules/exploit/windows/misc/delta_electronics_infrasuite_deserialization.md 
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com>
 2023-06-07 16:41:44 -05:00
Shelby Pace 54649fb856 Update documentation/modules/exploit/windows/misc/delta_electronics_infrasuite_deserialization.md 
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com>
 2023-06-07 16:41:37 -05:00
Shelby Pace 4377ff037a Update documentation/modules/exploit/windows/misc/delta_electronics_infrasuite_deserialization.md 
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com>
 2023-06-07 16:41:28 -05:00
Shelby Pace 60c642bcd0 Update documentation/modules/exploit/windows/misc/delta_electronics_infrasuite_deserialization.md 
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com>
 2023-06-07 16:41:19 -05:00
Christophe De La Fuente 82c8b5418e Land #17936, PaperCutNG Authentication Bypass with RCE 2023-06-07 15:05:51 +02:00
Christophe De La Fuente 991b9604e5 Add options to the documentation 2023-06-07 15:05:12 +02:00
h00die-gr3y 46fcdb76d5 Updates based on jvoisin comments 2023-06-07 08:27:55 +00:00
space-r7 3b53966caa add installation steps 2023-06-06 12:14:14 -05:00
catatonicprime a03603d076 Documentation linting. 2023-06-06 15:35:20 +00:00
h00die-gr3y 2e34d69133 Added documentation 2023-06-06 12:18:59 +00:00
space-r7 5f7ae883f8 add documentation 2023-06-05 17:38:58 -05:00
h00die-gr3y 52745a96d7 Added documentation 2023-06-05 17:18:57 +00:00
Grant Willcox f7d2cdae56 Add in ability to restore settings n documentation changes. 
Previously there was not the ability to restore the server proxy setting.
This updates the code to do so. Additionally this also updates the documentation
to note that Fetch payloads are incompatible with this module since they
use HTTP connections that will be impacted by this module changing the server's
HTTP proxy settings. There is no way around this.
 2023-06-02 09:48:03 -05:00
Grant Willcox 965311d09e Fix documentation and fix bug in creating PARMS value 2023-06-02 09:48:02 -05:00