adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
74,089 Commits 27 Branches 1,043 Tags
b30641022f02da9420928209ed75ce3bfaa8e780
Commit Graph

1297 Commits

Author SHA1 Message Date
Jack Heysel 80ee458410 Land #19151, Add Flowmon Priv Esc Feature Module 
Privilege escalation module for Progress Flowmon unpatched feature
 2024-05-29 11:35:53 -04:00
Jack Heysel 72f332aba0 Land #19150, Add Flowmon Command Injection Module 
Unauthenticated Command Injection Module for Progress Flowmon
CVE-2024-2389
 2024-05-29 08:28:37 -04:00
Jack Heysel 2c6fc11639 Responded to comments, clean up /etc/sudoers file 2024-05-23 16:56:35 -04:00
Jack Heysel a0597007e4 Minor fixes, respond to comments 2024-05-23 14:02:28 -04:00
Dave Yesland 0de89d3b2d Update documentation/modules/exploit/linux/local/progress_flowmon_sudo_privesc_2024.md 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-05-21 13:42:52 -07:00
cgranleese-r7 67154a12e0 Land #19104, CHAOS rat xss to rce 2024-05-21 11:10:57 +01:00
h00die d1739f32c2 review of chaos rat 2024-05-13 16:55:43 -04:00
Spencer McIntyre 80fdde5fdc Land #19100, Add Loadmaster sudo priv esc 
Add Kemp Progress Loadmaster sudo abuse priv esc
 2024-05-10 10:21:38 -04:00
bwatters b28e263a2b Update debug statements and add protection against bad die name 2024-05-10 08:54:23 -05:00
Spencer McIntyre 47c8d7252b Land #18519, Docker kernel module escape 2024-05-06 09:08:08 -04:00
bwatters b044bcab01 Add command payloads and checks for overwritten files 2024-05-03 13:06:16 -05:00
Spencer McIntyre ca669d8f08 Update docs to reflect changes 2024-05-01 13:45:20 -04:00
DaveYesland c2a561630d Add local privesc module for Flowmon 2024-05-01 09:07:34 -07:00
DaveYesland a7e97e50ad Add module for flowmon cmd injection CVE-2024-2389 2024-05-01 08:42:55 -07:00
bwatters d94971598b Add documentation and fix some debug prints 2024-04-29 15:28:34 -05:00
h00die 512da4bc45 chaos rat xss to rce 2024-04-24 16:51:58 -04:00
RadioLogic 1c8c91096f Removed port being in documentation as it made no sense 2024-04-23 18:47:30 -04:00
Dave Yesland a36244073f Merge pull request #1 from bwatters-r7/update-18972 
Remove Priv Esc to add it to another module and update it to only run…
 2024-04-22 17:53:48 -07:00
Dave Yesland c10bde97ff Merge branch 'rapid7:master' into module/progress_kemp_loadmaster_unauth_cmd_injection 2024-04-22 17:53:32 -07:00
remmons-r7 2ad13ac836 Added note about shell from a different IP than RHOST IP 2024-04-19 11:45:56 -05:00
remmons-r7 4f3ee3f78a Incorporate documentation wording change from suggestion 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2024-04-19 08:50:20 -05:00
remmons-r7 982b6aef0a Incorporating PAN-OS module peer review suggestions, adding documentation for the module 2024-04-18 18:21:12 -05:00
bwatters 409f0e45a6 Remove Priv Esc to add it to another module and update it to only run once 2024-04-15 15:44:22 -05:00
fanqiaojun 6b2bdc893b chore: remove repetitive words 
Signed-off-by: fanqiaojun <fanqiaojun@yeah.net>
 2024-04-15 11:06:50 +08:00
Jack Heysel d7f3fd8cc0 Land #18915, Add Watchguard RCE CVE-2022-26318 
This PR adds a module for a buffer overflow at the administration
interface of WatchGuard Firebox and XTM appliances. The appliances are
built from a cherrypy python backend sending XML-RPC requests to a C
binary called wgagent using pre-authentication endpoint /agent/login.
This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before
12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. Successful
exploitation results in remote code execution as user nobody.
 2024-03-28 10:24:32 -07:00
bwatters e775c7c20a Land #18967, Artica Proxy unauthenticated RCE [CVE-2024-2054] 
Merge branch 'land-18967' into upstream-master
 2024-03-25 15:25:27 -05:00
h00die-gr3y f217312ad1 module and documentation updates based on review comments (bwatters-r7/cgranleese-r7) 2024-03-21 16:13:55 +00:00
Jack Heysel 2b90d33aef Land #18618, Add OpenNMS privesc and auth RCE 
This module exploits built-in functionality in OpenNMS Horizon in order
to execute arbitrary commands as the opennms user. For versions 32.0.2
and higher, this module requires valid credentials for a user with
ROLE_FILESYSTEM_EDITOR privileges and either ROLE_ADMIN or ROLE_REST.
For versions 32.0.1 and lower, credentials are required for a user with
ROLE_FILESYSTEM_EDITOR, ROLE_REST, and/or ROLE_ADMIN privileges.
 2024-03-20 12:54:16 -07:00
Jack Heysel 149dc15b21 Add check to see if notifications are enabled 2024-03-20 11:33:15 -07:00
DaveYesland e32d05eab8 Add module and docs for CVE-2024-1212 2024-03-19 11:37:12 -07:00
h00die-gr3y e84fe947c2 third release module and documentation updates 2024-03-15 23:33:29 +00:00
h00die-gr3y 5dd75e174b second release module and documentation 2024-03-15 18:27:59 +00:00
h00die-gr3y 7dbd25bcbf added documentation 2024-03-05 18:42:09 +00:00
RadioLogic cbbb6cbda4 Merge branch 'master' into docker-kernel-module-escape 2024-03-04 22:58:18 -05:00
Jack Heysel 0aa20c73a4 Land #18832, Add exploit module CVE-2023-47218 
The PR adds a module targeting CVE-2023-47218, an
unauthenticated command injection vuln affecting QNAP
QTS and QuTH Hero.
 2024-02-21 08:48:30 -08:00
bwatters d21e4080a9 Land #18792, Ivanti Connect Secure - Unauth RCE (CVE-2024-21893 + CVE-2024-21887) #18792 
Merge branch 'land-18792' into upstream-master
 2024-02-20 17:40:12 -06:00
Jack Heysel 8cddffa3d1 Land #18700, Add Kafka-ui Unauth RCE module 
This PR adds an exploit module for CVE-2023-52251 which
is an unauthenticated rce vulnerability in Kafka's UI.
 2024-02-16 15:38:52 -05:00
Jack Heysel a1b0ff0fcf Land #18681, Update Apache Ofbiz w. Auth-Bypass 
This PR updates the pre-existing apache_ofbiz_deserialization
module to include functionality that will bypass authentication by
using the newly discovered CVE-2023-51467.
 2024-02-16 15:02:34 -05:00
Jack Heysel 6c252de974 Docs plus minor edits 2024-02-15 17:12:11 -05:00
h00die-gr3y d716e60cf2 added base64 encoder module of zerosteiner 2024-02-14 21:33:50 +00:00
H00die.Gr3y 996ca8a7c9 Update documentation/modules/exploit/linux/http/kafka_ui_unauth_rce_cve_2023_52251.md 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-02-14 20:57:46 +00:00
h00die-gr3y f75722ecf2 Small updates to module and documentation 2024-02-14 20:57:46 +00:00
h00die-gr3y eafdb8495b Added documentation 2024-02-14 20:57:46 +00:00
Christophe De La Fuente 747d328bcb Land #18786, Fix option collision in service_persistence 2024-02-14 17:25:15 +01:00
sfewer-r7 1f292c8a73 remove the linux and unix targets in favor of a single automatic target 2024-02-09 09:26:08 +00:00
h00die 84278b8e0e fix ofbiz auto detection 2024-02-06 16:45:02 -05:00
sfewer-r7 367783bcb5 add in RCE exploit for CVE-2024-21893 2024-02-06 11:49:04 +00:00
lihe07 29524fa7f8 Fix option collision in service_persistence 
The option `SHELLPATH` collide with `cmd/unix/reverse_netcat`,
resulting in abnormal backdoors. This commit rename it to BACKDOOR_PATH
 2024-02-03 23:18:45 +08:00
h00die cf2f76e6a2 cve-2024-21626 review 2024-02-02 16:27:02 -05:00
h00die 1c73cf938f cve-2024-21626 2024-02-01 15:28:04 -05:00