adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
74,839 Commits 27 Branches 1,043 Tags
ad98d749cae9bc2d28e09bdcd9e196dbdbc72cce
Commit Graph

2548 Commits

Author SHA1 Message Date
Jack Heysel 152710403d Land #19330, Add SSL opt in start_service 
The start_service method now allows users to specify their SSL
preferences directly through the opts parameter. If the ssl option is
not provided in opts, it will default to the value in datastore["SSL"]
 2024-09-05 09:08:07 -07:00
Jack Heysel 434593dcb4 Suggestion and rubocop fixes 2024-09-05 08:49:32 -07:00
dledda-r7 ec5892ff1f Land #19363, Ray Modules CVE-2023-6019 CVE-2023-6020 CVE-2023-48022 2024-08-23 04:55:17 -04:00
Takah1ro 39f81e0a45 Update check function 2024-08-21 22:32:53 +09:00
Takah1ro ee58313d64 Update check function 2024-08-21 22:09:56 +09:00
Takahiro Yokoyama c66540ef2f Update modules/exploits/linux/http/ray_agent_job_rce.rb 
use MeterpreterTryToFork to avoid a meterpreter session get killed

Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2024-08-21 21:38:37 +09:00
Takah1ro 91167fc85f Remove unnecessary option 2024-08-20 21:44:11 +09:00
Takah1ro 4d1782640b Update sideeffects 2024-08-20 19:12:18 +09:00
Takah1ro 01b2a1c55c Enable fetch payload 2024-08-20 13:20:42 +09:00
Takah1ro 45677898a8 Add TARGET_URI 2024-08-20 13:08:01 +09:00
Takah1ro 52852cea72 Add cve ref 2024-08-20 12:59:52 +09:00
Takah1ro 99c81d7821 Set default fetch_command to wget 2024-08-20 08:59:39 +09:00
Takah1ro 64bdf54bb0 Use Fetch Payload (Not tested) 2024-08-20 08:56:05 +09:00
Takah1ro a5b9d553fa Update check to use version info 2024-08-20 08:25:27 +09:00
Takah1ro 5be7e09ff0 Update check to use version info 2024-08-20 08:21:48 +09:00
Takah1ro 7258ca4fb1 Remove unnecessary option for simplicity 2024-08-16 08:49:34 +09:00
Takah1ro eeab7ce2a2 Proceed when user specified cmd fails 2024-08-16 08:23:50 +09:00
Takah1ro ea1b9e925e Delete old three exploits in one module 2024-08-15 08:17:36 +09:00
cgranleese-r7 dbc51d1cd4 Land #19347, OpenMetadata authentication bypass and SpEL injection exploit chain[CVE-2024-28255 and CVE-2024-28254] 2024-08-14 16:06:10 +01:00
cgranleese-r7 36322ff274 Land #19348, Apache HugeGraph Gremlin RCE (CVE-2024-27348) 2024-08-14 10:06:21 +01:00
jheysel-r7 47e5d62ade Update modules/exploits/linux/http/apache_hugegraph_gremlin_rce.rb 2024-08-13 08:48:33 -07:00
jheysel-r7 e04e22bc30 Apply suggestions from code review 2024-08-13 08:40:20 -07:00
Takah1ro cf15124cc8 Add not null check 2024-08-09 15:34:14 +09:00
Takah1ro c36c2eea38 Separate modules 2024-08-09 08:51:14 +09:00
Takah1ro 1f68919a42 Fail if optional but required option not set 2024-08-07 13:01:23 +09:00
Takah1ro f168246796 Correct vulnerable version 
<=v2.6.3 == <v2.8.1
 2024-08-07 12:49:17 +09:00
Takah1ro a57678c8d3 Formatting 2024-08-07 08:51:22 +09:00
Takah1ro 4e99e7dfe7 Use Vulnerable when lfi 2024-08-07 08:50:42 +09:00
Takah1ro 92e2694ac5 Use Detected instead of Appears 2024-08-07 08:46:44 +09:00
Takah1ro b7e4247d22 Avoid using CVE as option 2024-08-07 08:43:57 +09:00
Takah1ro c71894f3c4 Remove unnecessary DefaultOptions 2024-08-07 08:21:15 +09:00
h00die-gr3y 8b3392a756 changed check to Appears when vulnerable 2024-08-06 21:00:06 +00:00
Takah1ro b487dadf8c Remove explicit return 2024-08-05 13:01:11 +09:00
Takah1ro 0251f1bd8d Rubocop formatting 2024-08-04 22:10:15 +09:00
Takah1ro 729ecc588a Formatting lfi output 2024-08-04 22:07:53 +09:00
Takah1ro ca0dba1844 Add LFI 2024-08-04 22:02:37 +09:00
Takah1ro a5009cd5ff Add RCE 2024-08-04 21:43:17 +09:00
Takah1ro 7a233f0049 Update CVE-2023-6019 module 2024-08-04 21:07:05 +09:00
Takah1ro 122767cc59 Implement CVE-2023-6019 module 2024-08-04 10:49:11 +09:00
h00die-gr3y 8f0d22ded4 Fourth release module and documentation 2024-08-02 21:04:50 +00:00
Jack Heysel 75c737dabe Responded to comments 2024-08-02 10:47:53 -07:00
h00die-gr3y 75b3afb0ce Third release module and documentation 2024-07-31 14:34:44 +00:00
Takah1ro ca75714959 Change all instance of staging_key to @staging_key 2024-07-31 12:54:09 +09:00
Takah1ro a7512f70eb Change all instance of staging_key to @staging_key 2024-07-31 08:47:07 +09:00
Takah1ro 53d74f0777 Use a multi-line string 
instead of a big number on one line
 2024-07-31 08:27:35 +09:00
Takahiro Yokoyama 1c28150514 Update modules/exploits/linux/http/empire_skywalker.rb 
add prepend Msf::Exploit::Remote::AutoCheck at the beginning of the class

Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2024-07-31 08:11:44 +09:00
Takahiro Yokoyama 6f4ff80a38 Update modules/exploits/linux/http/empire_skywalker.rb 
formatting issue

Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2024-07-31 08:09:40 +09:00
Takahiro Yokoyama a35a2c1814 Update modules/exploits/linux/http/empire_skywalker.rb 
formatting issue

Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2024-07-31 08:08:25 +09:00
Takahiro Yokoyama 13f5d971ed Update modules/exploits/linux/http/empire_skywalker.rb 
use a multi-line string instead of a big number on one line

Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2024-07-31 08:04:39 +09:00
Jack Heysel d7ae1b5463 Minor fixes 2024-07-30 09:19:12 -07:00