adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,937 Commits 27 Branches 1,043 Tags
a5e2196e70435ce72d02c8c19e0bc0a73918c508
Commit Graph

6371 Commits

Author SHA1 Message Date
Spencer McIntyre 733c014223 Land #19115, read/write registry key SD 
Module to read/write registry key security descriptor remotely
 2024-05-13 15:41:54 -04:00
Spencer McIntyre 80fdde5fdc Land #19100, Add Loadmaster sudo priv esc 
Add Kemp Progress Loadmaster sudo abuse priv esc
 2024-05-10 10:21:38 -04:00
bwatters b28e263a2b Update debug statements and add protection against bad die name 2024-05-10 08:54:23 -05:00
Christophe De La Fuente 8c76143a9d Land #19127, Ldap signing 2024-05-07 17:28:36 +02:00
Christophe De La Fuente 946cc3baf1 Land #19147, Auxiliary module for CVE-2024-4040 - CrushFTP arbitrary file read 2024-05-07 15:44:24 +02:00
Spencer McIntyre 47c8d7252b Land #18519, Docker kernel module escape 2024-05-06 09:08:08 -04:00
bwatters b044bcab01 Add command payloads and checks for overwritten files 2024-05-03 13:06:16 -05:00
remmons-r7 5653ea5dfb Implement peer review suggestions for documentation 
Revise 'Options' section to format each option as a level-3 heading
Update to latest module console output in 'Scenarios'
 2024-05-03 12:24:42 -05:00
Spencer McIntyre 69d603e6fc Switch to an enum option for the signing 2024-05-03 10:27:10 -04:00
Christophe De La Fuente 69cbddde92 Land #19050, Adobe ColdFusion Arbitrary File Read [CVE-2024-20767] 2024-05-03 15:15:08 +02:00
Jack Heysel e3d7dce4a9 Updated res.body parsing, responded to comments 2024-05-02 09:47:22 -07:00
remmons-r7 6c91ca37b6 Implement peer review suggestion to add CrushFTP10.zip SHA256 2024-05-02 11:42:49 -05:00
Spencer McIntyre ca669d8f08 Update docs to reflect changes 2024-05-01 13:45:20 -04:00
Spencer McIntyre a98554a1f4 Land #19048, Enable inline credentials dump 
Windows Secrets Dump: Enable inline credentials dump
 2024-05-01 09:05:40 -04:00
Christophe De La Fuente 91be90c43e Add registry_security_descriptor module and documentation 2024-04-30 20:57:32 +02:00
remmons-r7 d7b63679c9 Add documentation markdown for crushftp_fileread_cve_2024_4040 2024-04-30 11:24:43 -05:00
bwatters d94971598b Add documentation and fix some debug prints 2024-04-29 15:28:34 -05:00
bwatters 364d491af7 Land #18972, Progress LoadMaster unauthenticated command injection module CVE-2024-1212 
Merge branch 'land-18972' into upstream-master
 2024-04-26 18:18:40 -05:00
Christophe De La Fuente 4794844b67 Update the documentation 2024-04-26 18:44:05 +02:00
Ashley Donaldson 631e4e34db Update LDAP doco with current options 2024-04-24 15:40:11 +10:00
RadioLogic 1c8c91096f Removed port being in documentation as it made no sense 2024-04-23 18:47:30 -04:00
Zach Goldman 26a108aadc Land #19046, Apache Solr Backup Restore RCE [CVE-2023-50386] 2024-04-23 14:08:33 -04:00
Dave Yesland a36244073f Merge pull request #1 from bwatters-r7/update-18972 
Remove Priv Esc to add it to another module and update it to only run…
 2024-04-22 17:53:48 -07:00
Dave Yesland c10bde97ff Merge branch 'rapid7:master' into module/progress_kemp_loadmaster_unauth_cmd_injection 2024-04-22 17:53:32 -07:00
Jack Heysel b8675f0fd7 Land #19005, Add Gambio Webshop Unauth RCE 
A Remote Code Execution vulnerability in Gambio online webshop version
4.9.2.0 and lower allows remote attackers to run arbitrary commands via
unauthenticated HTTP POST request
 2024-04-19 12:18:17 -07:00
Zach Goldman 488653d942 Land #19082, FortiNet FortiClient EMS SQLi to RCE [CVE-2023-48788] 2024-04-19 15:03:22 -04:00
bwatters 4733d1dc04 Land #19101, Exploit module for CVE-2024-4300 - Palo Alto Networks PAN-OS 
Merge branch 'land-19101' into upstream-master
 2024-04-19 12:49:41 -05:00
Spencer McIntyre 3697d4cb77 Land #18956, Rancher CVE-2021-36782 
Rancher Authenticated API Credential Exposure (CVE-2021-36782)
 2024-04-19 13:27:30 -04:00
Spencer McIntyre d93b97d7c4 Add rancher installation docs 2024-04-19 12:55:46 -04:00
remmons-r7 2ad13ac836 Added note about shell from a different IP than RHOST IP 2024-04-19 11:45:56 -05:00
remmons-r7 4f3ee3f78a Incorporate documentation wording change from suggestion 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2024-04-19 08:50:20 -05:00
adfoster-r7 376bdefefb Land #19054, Add NText column parsing to MSSQL 2024-04-19 14:17:50 +01:00
Jack Heysel 27f5ad8e05 Land #18996, VSCode Malicious Ext module 
This PR adds a new exploit that creates a malicious vsix file. a vsix
file is a VS and VSCode extension file. Once installed, the users
computer will call back with a shell. Its not a bug, its a feature!
 2024-04-18 18:10:46 -07:00
Jack Heysel bcaa5359da Land #18997, Add GitLens VSCode Extension Exploit 
GitKraken GitLens before v.14.0.0 allows an untrusted workspace to
execute git commands. A repo may include its own .git folder including a
malicious config file to execute arbitrary code.
 2024-04-18 17:19:41 -07:00
remmons-r7 982b6aef0a Incorporating PAN-OS module peer review suggestions, adding documentation for the module 2024-04-18 18:21:12 -05:00
Zach Goldman d35748497c adds ntext parsing to mssql 2024-04-18 16:41:37 -05:00
h00die-gr3y 331c961412 update module and documentation with tax country logic 2024-04-18 19:13:19 +00:00
h00die bae1a2e20f gitlens review 2024-04-17 16:06:32 -04:00
Spencer McIntyre 727849202d Land #19087, chore: remove repetitive words 2024-04-17 09:59:46 -04:00
Jack Heysel 84ea514180 Land #19026, Add pgadmin exploit CVE-2024-2044 
This adds an exploit for pgAdmin <= 8.3 which is a path traversal
vulnerability in the session management that allows a Python pickle
object to be loaded and deserialized. This also adds a new Python
deserialization gadget chain to execute the code in a new thread so the
target application doesn't block the HTTP request.
 2024-04-16 14:12:41 -07:00
Spencer McIntyre 9cf4372f2b Clean up some of the module's documentation 2024-04-16 13:36:21 -04:00
bwatters 409f0e45a6 Remove Priv Esc to add it to another module and update it to only run once 2024-04-15 15:44:22 -05:00
fanqiaojun 6b2bdc893b chore: remove repetitive words 
Signed-off-by: fanqiaojun <fanqiaojun@yeah.net>
 2024-04-15 11:06:50 +08:00
Jack Heysel 1174344b76 Land #18918, Add CrushFTP Module CVE-2023-43177 
This exploit module leverages an Improperly Controlled Modification of
Dynamically-Determined Object Attributes vulnerability (CVE-2023-43177)
to achieve unauthenticated remote code execution. This affects CrushFTP
versions prior to 10.5.1.
 2024-04-12 12:26:16 -07:00
Jack Heysel dae9657433 FortiClient EMS Exploit Module 2024-04-12 10:00:07 -07:00
Christophe De La Fuente d36e22fdc6 Land #18936, mongodb ops manager diagnostic archive info disclosure (cve-2023-0342) 2024-04-12 15:22:18 +02:00
Spencer McIntyre aa739cd92d Land #18962, rancher audit logs information leak 
new post module: rancher audit logs sensitive information leak (CVE-2023-22649)
 2024-04-10 11:51:54 -04:00
Spencer McIntyre f579ec7a1a Clean table printing, document tested version 2024-04-10 11:31:55 -04:00
Ashley Donaldson 4557de9a72 Changes from code review 2024-04-08 11:47:09 +10:00
Ashley Donaldson b1d0918074 Add documentation for module and functions 2024-04-08 11:32:53 +10:00