adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
67,211 Commits 27 Branches 1,043 Tags
a727ebbf5ec9bc5f34374b07b3901ac536d3c31e
Commit Graph

2876 Commits

Author SHA1 Message Date
bwatters e3e6afbaa3 Land #16753, ms03_007_ntdll_webdav: Cleanup and add additional offsets 
Merge branch 'land-16753' into upstream-master
 2022-07-19 08:48:06 -05:00
Jack Heysel 2af8042bfa Land #16761, clean up ms01_023_printer 
Adds additional offsets for various Windows 2000 targets.
Replaces raw socket TCP with HttpClient. This works fine in testing.
Fixes default payload, adds docs and notes.
 2022-07-16 17:56:59 -04:00
Jack Heysel 77be219bc2 Land #16754, add offsets to ms02_065 
Adds additional offsets for various Windows 2000
Professional targets, adds  docs, fixes default
payload and resolves rubocop violations.
 2022-07-16 16:43:47 -04:00
Jack Heysel 819d1fa2dd Land #16762, Sourcegraph RCE module 
This module exploits a vuln in the gitserver
component of sourcegraph that results in OS
command execution in the context of gitserver.
 2022-07-13 10:09:06 -04:00
Jack Heysel 52fd45b7ab Land #16744 Jboss EAP/AS RCE module 
This module exploits a Java deserialization vulnerability
in JBOSS EAP/AS Remoting Unified Invoker interface for
versions 6.1.0 and prior.
 2022-07-12 10:49:22 -04:00
Spencer McIntyre 63734832b2 Add sourcegraph RCE module docs 2022-07-08 17:27:27 -04:00
Spencer McIntyre 27ad62c964 Add a decent check method 2022-07-08 16:40:42 -04:00
bcoles 83bc954e9d ms01_023_printer: cleanup; use HttpClient; add additional targets 2022-07-09 01:36:10 +10:00
Heyder Andrade d6b6f47b09 change doc file 2022-07-08 02:36:18 +02:00
space-r7 f958b0a053 Land #16738, correct CVE/lint for weblogic module 2022-07-07 18:08:13 -05:00
Jack Heysel 4da72a9b01 Land #16735, Fix defaults for aerohive module 
This change sets the MeterpreterTryToFork advanced
payload option to true by default for the Linux target
in the aerohive_netconfig_lfi_log_poison_rce module.
 2022-07-07 16:21:56 -04:00
Erik Wynter 3ad42dd153 change option names to H3 for weblogic_deserialize_asyncresponseservice docs 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2022-07-07 19:04:26 +03:00
bcoles 3f63f9fcd1 ms02_065_msadc: Cleanup and add additional offsets 2022-07-08 00:26:02 +10:00
bcoles 7d111938d5 ms03_007_ntdll_webdav: Cleanup and add additional offsets 2022-07-07 20:31:57 +10:00
Spencer McIntyre f7209bfc75 Land #16724, Modernize ms01_026_dbldecode 
Use HttpClient; remove meterpreter code; fix stager
 2022-07-05 09:36:58 -04:00
Heyder Andrade bbf56c7f4c Delete jboss_remoting_unified_invoker.md 2022-07-05 00:33:30 +02:00
Heyder Andrade 1ccc91d23c Rename doc file 2022-07-05 00:25:56 +02:00
Heyder Andrade b8834e1534 Added documentation 2022-07-05 00:19:17 +02:00
bcoles 04aa05faa2 ms01_026_dbldecode: Use HttpClient; remove meterpreter code; fix stager 2022-07-03 18:22:55 +10:00
kalba-security 12522d1407 fix cve in weblogic_deserialize_asyncresponseservice docs and run msftidy_docs 2022-07-01 10:34:27 -04:00
kalba-security b56242c7a2 enable MeterpreterTryToFork by default for aerohive_netconfig_lfi_log_poison_rce 2022-07-01 06:15:13 -04:00
Spencer McIntyre 1b7d8f1e74 Fix a whitespace issue, restore option naming 2022-06-29 12:24:29 -04:00
Erik e9b2fc6ecf Merge branch 'rapid7:master' into master 2022-06-23 12:52:09 -10:00
Erik 84aa9ceeb9 Update phpmailer_arg_injection.md 
Added options to the module docs for the new options
 2022-06-23 12:50:33 -10:00
Spencer McIntyre a96bc36d9c Update the docs with the Windows target 2022-06-15 17:24:44 -04:00
bwatters 3875db78ae Land #16644, Add Exploit for CVE-2022-26134 (Confluence RCE) 
Merge branch 'land-16644' into upstream-master
 2022-06-07 16:00:37 -05:00
Spencer McIntyre 1a06f69f95 Works through v7.18 now too 2022-06-06 22:03:21 -04:00
Spencer McIntyre 2c0e034a18 Fix a couple of typos 2022-06-06 18:14:05 -04:00
bwatters c751ef46c9 Land #16635, Add 0-day MSWord RCE #Follina CVE-2022-30190 
Merge branch 'land-16635' into upstream-master
 2022-06-06 14:41:31 -05:00
Spencer McIntyre 1aec2e8649 Note version in the docs 2022-06-03 18:29:28 -04:00
Spencer McIntyre 600fba7fa1 Add module docs 2022-06-03 17:26:15 -04:00
Christophe De La Fuente 474116d413 Land #16611, DotCMS File Upload to RCE Module (CVE-2022-26352) 2022-06-02 15:30:10 +02:00
RAMELLA Sébastien 3ab06461af fix. second review 2022-06-02 00:58:20 +04:00
RAMELLA Sébastien dd1814903c fix. SRVHOST default value 2022-06-02 00:07:15 +04:00
RAMELLA Sébastien 8c19a02835 fix. first review 2022-06-01 20:15:08 +04:00
Jack Heysel bea4207c62 Land PR #16607 - MyBB RCE Module (CVE-2022-24734) 
This exploit module leverages an improper input validation
vulnerability in MyBB prior to 1.8.30 to execute arbitrary
code in the context of the user running the application.
 2022-05-31 11:59:53 -04:00
RAMELLA Sébastien 7f89e92da3 add more informations about 2022-05-31 00:12:30 +04:00
Jack Heysel 2c02a607ee Responded to PR feedback 2022-05-30 14:46:54 -04:00
RAMELLA Sébastien 97921b4ed9 fix chmod 644 2022-05-30 22:11:35 +04:00
RAMELLA Sébastien dfc226cf5f add. Supposed 0day MSWord RCE 2022-05-30 21:23:18 +04:00
Christophe De La Fuente b996f5ee49 Fixes from code review 2022-05-30 16:24:18 +02:00
Jack Heysel 9d9d81a855 Docs update 2022-05-24 10:16:36 -04:00
Christophe De La Fuente bac9be956f Add documentation 2022-05-23 17:27:42 +02:00
Jack Heysel 3afb9b2ffe dotCMS file upload to RCE module 2022-05-20 15:57:22 -04:00
Spencer McIntyre 02e7a65b93 Just move the auxiliary module into an exploit 2022-05-16 17:44:31 -04:00
Jake Baines 39567281bf Revised setup guidance 2022-05-13 13:41:05 -07:00
Grant Willcox 2eb31cf765 Add in edits from review 2022-05-13 15:32:12 -05:00
Jake Baines da133a34c8 Updated affected 2022-05-12 03:22:02 -07:00
Jake Baines 617b4ae044 Initial commit of Zyxel unauth command injection (CVE=2022-30525) 2022-05-12 01:43:59 -07:00
Grant Willcox 6354d7a055 Redo explanation of exploit in documentation to appropriately account for various nuances. Also update exploit title and description accordingly. 2022-05-11 16:43:36 -05:00