adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
75,975 Commits 27 Branches 1,043 Tags
aa8cf01aef042e9846d0b73d0cfbc9fe3720e42d
Commit Graph

2666 Commits

Author SHA1 Message Date
jheysel-r7 0ff2835bb7 Merge pull request #19770 from h00die-gr3y/netis-unauth-rce 
Netis Router Exploit Chain Reactor [CVE-2024-48455, CVE-2024-48456 and CVE-2024-48457]
 2025-01-07 17:24:37 -08:00
h00die-gr3y 0c723b858f Added attackerkb references 2025-01-07 20:33:41 +00:00
Diego Ledda 7ead96a740 Land #19769, Add Selenium Chrome RCE module (CVE-2022-28108) 
Land #19769, Add Selenium Chrome RCE module (CVE-2022-28108)
 2025-01-07 11:10:37 +01:00
Diego Ledda 0f71c896e5 chore: removing PAYLOAD from DefaultOptions 2025-01-07 10:47:04 +01:00
H00die.Gr3y 9a6d074463 Apply suggestions from code review 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2025-01-07 09:25:41 +01:00
Takah1ro 474f5426b5 Update check 2025-01-06 19:11:27 +09:00
Takah1ro 43294df0dd Add a message about what is failing 2025-01-04 10:21:43 +09:00
Takah1ro e2bf2162dc Update failure 2025-01-04 09:13:41 +09:00
Takah1ro 6cbb30c91a Avoid the code nesting 2025-01-04 09:11:24 +09:00
Takah1ro bf643041c3 Rubocop formatting 2025-01-04 08:46:12 +09:00
Takahiro Yokoyama 3a28df6b32 Apply suggestions from code review 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2025-01-04 08:41:56 +09:00
jheysel-r7 e70b6c777f Merge pull request #19663 from sfewer-r7/CVE-2024-0012 
Exploit module for PAN-OS management interface unauth RCE (CVE-2024-0012 + CVE-2024-9474)
 2024-12-30 10:29:10 -08:00
Takah1ro bbc282e90c Improve check 2024-12-30 13:36:15 +09:00
h00die-gr3y 862f2ee6c6 Added documentation and some small module updates 2024-12-29 20:05:05 +00:00
h00die-gr3y 8a1dd2b1ff fourth release module 2024-12-29 11:33:52 +00:00
h00die-gr3y 0d823fc9a2 third release module 2024-12-29 10:41:36 +00:00
Takah1ro 86bd1c2938 Minor improve 
* enable fetch_delete
 * avoid using single quotes
 * update doc
 2024-12-29 12:19:19 +09:00
Takah1ro 6577a18abb Add response check 2024-12-28 15:04:35 +09:00
Takahiro Yokoyama 9f20c575e5 Update modules/exploits/linux/http/selenium_greed_chrome_rce_cve_2022_28108.rb 
Improve version detection messaging

Co-authored-by: bcoles <bcoles@gmail.com>
 2024-12-28 14:40:44 +09:00
Takah1ro 7ecc1cb87b Update vulnerable version 2024-12-28 14:39:24 +09:00
Takah1ro 9bfccc4293 Review fix 
* add check if sudo without password possible
  * base64 encode payload
 2024-12-28 14:02:59 +09:00
Takah1ro 6c5952d3b6 Use send_request_cgi 2024-12-28 13:34:10 +09:00
Takah1ro e3d68d4164 Update author and fix version detection 2024-12-28 11:18:41 +09:00
h00die-gr3y 677e8ec9dd updated vulnerable firmware versions in description 2024-12-27 22:12:51 +00:00
h00die-gr3y 7ca7d71ab4 second release module 2024-12-27 21:55:44 +00:00
h00die-gr3y d3b4c5becb initial release module 2024-12-27 20:36:31 +00:00
Takah1ro 38e886f4b6 Update payload string formatting 2024-12-27 21:58:42 +09:00
Takah1ro e17d7cd161 Minor fix 2024-12-27 21:50:26 +09:00
Takah1ro 64b1832567 Update not to use selenium-webdriver 2024-12-27 13:00:20 +09:00
Takah1ro 390f551df7 Fix EDB 2024-12-27 00:10:01 +09:00
Takah1ro 3defb63763 Fix CVE format 2024-12-26 23:57:41 +09:00
Takah1ro 06af9b0b3d Add selenium chrome rce module 2024-12-26 23:44:11 +09:00
sfewer-r7 edf8d186f7 use the HttpClient cookie jar. Thank you @jheysel-r7 for this improvement. 2024-12-17 17:47:00 +00:00
Stephen Fewer c25b3ceb03 typo 4 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-12-17 17:26:46 +00:00
Stephen Fewer 51908d6621 typo 3 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-12-17 17:26:31 +00:00
jheysel-r7 c7f7cfd848 Land #19656 Close ssh session on error 2024-12-11 17:00:17 -08:00
adfoster-r7 136599a29a Merge pull request #19714 from bwatters-r7/update/projectsend-cveinfo 
Add CVE info to projectsend module
 2024-12-11 13:54:06 +00:00
bwatters-r7 5311b7014e Add CVE info to projectsend module 2024-12-11 07:37:43 -06:00
adfoster-r7 2421ca768f Merge pull request #19705 from ostrichgolf/projectsend_rce 
Add CVE to ProjectSend module
 2024-12-07 14:24:20 +00:00
ostrichgolf 2952dbb0b8 Add CVE to module 2024-12-07 14:23:30 +01:00
Diego Ledda be30a06af4 Land #19430, Moodle RCE (CVE-2024-43425) Module 
Land #19430, Moodle RCE (CVE-2024-43425) Module
 2024-12-06 12:15:35 +01:00
jheysel-r7 21cf475cbb Land #19595 Ivanti Connect Secure auth RCE via OpenSSL (CVE-2024-37404) 2024-12-04 08:26:07 -08:00
Diego Ledda ab2ca41eb8 Land #19629, Chamilo v1.11.24 Unrestricted File Upload (CVE-2023-4220) 
Land #19629, Chamilo v1.11.24 Unrestricted File Upload (CVE-2023-4220)
 2024-12-04 16:49:56 +01:00
jheysel-r7 fa3716408f Add comment explaining payload architecture restraints 2024-12-03 18:33:43 -08:00
Christophe De La Fuente a46b2f437f Use TARGET_URI when checking the redirection URI 2024-12-02 16:45:12 +01:00
Christophe De La Fuente 3dcb9d58ab Code review 2024-12-02 14:02:07 +01:00
Christophe De La Fuente c943cc6378 Add module and documentation 2024-12-02 14:02:07 +01:00
sjanusz-r7 566e12b69e Add error_callback to SSH Command Stream 2024-11-25 16:43:59 +00:00
sfewer-r7 de599a4407 rework how we calculate the chunk size, we now consume the maximum available space a chunk can take, relative to the size of teh command needed to write the chunk to disk. We also rework the logic to ensure the files are sequential. Finally as the size of a chunk may be less the more chunks we write, we impose a max Payload Space valuecalculated to be 5670 chars. 2024-11-22 10:28:27 +00:00
sfewer-r7 eda46f1a10 the check routing shoudl return Safe the first time we try to leverage teh vulnerability, if that doesnt work. But still return Unknown if the vulnerability fails the second time we leverage it. 2024-11-22 10:26:06 +00:00