adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,713 Commits 27 Branches 1,043 Tags
b8675f0fd7291b2fd4ebe37d644eae8298e4ef92
Commit Graph

2429 Commits

Author SHA1 Message Date
remmons-r7 5df1052037 Addressing msftidy issues 
C:132: 20: [Correctable] Layout/SpaceAroundBlockParameters: Space before first block parameter detected.
C:132: 30: [Correctable] Layout/SpaceAroundBlockParameters: Space after last block parameter detected.
C:133:  5: [Correctable] Layout/IndentationWidth: Use 2 (not 4) spaces for indentation.
C:143:  4: [Correctable] Layout/TrailingEmptyLines: Final newline missing.
 2024-04-18 18:34:18 -05:00
remmons-r7 982b6aef0a Incorporating PAN-OS module peer review suggestions, adding documentation for the module 2024-04-18 18:21:12 -05:00
remmons-r7 22d3ee5df2 Changing the wording for TARGETURI 2024-04-18 08:25:06 -05:00
remmons-r7 cea9fb66ed Swap out staged payload for unstaged 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2024-04-18 08:21:18 -05:00
remmons-r7 9741b12d29 Addressing a new issue the linter caught after changes 
W:117:  5: [Correctable] Lint/UselessAssignment: Useless assignment to variable - res.
 2024-04-17 15:44:45 -05:00
remmons-r7 7e191c75e7 Addressing msftidy issues 
Fixes for the following:
W: 80:  5: [Correctable] Lint/UselessAssignment: Useless assignment to variable - res_create_file. Did you mean res_check_created?
C: 90: 81: [Correctable] Style/TrailingCommaInArguments: Avoid comma after the last parameter of a method call.
C: 93:  8: [Correctable] Style/InverseMethods: Use != instead of inverting ==.
C: 93: 42: [Correctable] Style/AndOr: Use && instead of and.
C: 93: 46: [Correctable] Style/InverseMethods: Use != instead of inverting ==.
C: 94: 43: [Correctable] Style/StringLiterals: Prefer single-quoted strings when you don't need string interpolation or special symbols.
C💯 18: [Correctable] Style/StringLiterals: Prefer single-quoted strings when you don't need string interpolation or special symbols.
C:131: 18: [Correctable] Style/StringLiterals: Prefer single-quoted strings when you don't need string interpolation or special symbols.
 2024-04-17 15:40:08 -05:00
remmons-r7 275345b68d Fix single char 2024-04-17 13:54:58 -05:00
remmons-r7 41e19d7759 Draft of CVE-2024-3400 module 2024-04-17 13:52:50 -05:00
sjanusz-r7 010f044117 Add https prefix to module URL references 2024-04-17 13:00:41 +01:00
Jack Heysel d7f3fd8cc0 Land #18915, Add Watchguard RCE CVE-2022-26318 
This PR adds a module for a buffer overflow at the administration
interface of WatchGuard Firebox and XTM appliances. The appliances are
built from a cherrypy python backend sending XML-RPC requests to a C
binary called wgagent using pre-authentication endpoint /agent/login.
This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before
12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. Successful
exploitation results in remote code execution as user nobody.
 2024-03-28 10:24:32 -07:00
h00die-gr3y 6e6f1beb92 update addressing jheysel-r7 comments 2024-03-28 08:43:08 +00:00
bwatters e775c7c20a Land #18967, Artica Proxy unauthenticated RCE [CVE-2024-2054] 
Merge branch 'land-18967' into upstream-master
 2024-03-25 15:25:27 -05:00
h00die-gr3y f217312ad1 module and documentation updates based on review comments (bwatters-r7/cgranleese-r7) 2024-03-21 16:13:55 +00:00
Jack Heysel 2b90d33aef Land #18618, Add OpenNMS privesc and auth RCE 
This module exploits built-in functionality in OpenNMS Horizon in order
to execute arbitrary commands as the opennms user. For versions 32.0.2
and higher, this module requires valid credentials for a user with
ROLE_FILESYSTEM_EDITOR privileges and either ROLE_ADMIN or ROLE_REST.
For versions 32.0.1 and lower, credentials are required for a user with
ROLE_FILESYSTEM_EDITOR, ROLE_REST, and/or ROLE_ADMIN privileges.
 2024-03-20 12:54:16 -07:00
Jack Heysel 6cd7f44197 rubocop 2024-03-20 11:39:19 -07:00
Jack Heysel 149dc15b21 Add check to see if notifications are enabled 2024-03-20 11:33:15 -07:00
h00die-gr3y e84fe947c2 third release module and documentation updates 2024-03-15 23:33:29 +00:00
h00die-gr3y 5dd75e174b second release module and documentation 2024-03-15 18:27:59 +00:00
h00die-gr3y df0012a63f initial release module 2024-03-15 16:10:05 +00:00
h00die-gr3y 7f02daf37d use send_request_cgi for payload delivery 2024-03-08 10:53:45 +00:00
h00die-gr3y 66e7f3c582 third release module 2024-03-07 21:22:14 +00:00
h00die-gr3y 6bc74364e1 second release module 2024-03-04 18:57:54 +00:00
h00die-gr3y 5d20321153 first release module 2024-03-03 19:38:02 +00:00
Jack Heysel 0aa20c73a4 Land #18832, Add exploit module CVE-2023-47218 
The PR adds a module targeting CVE-2023-47218, an
unauthenticated command injection vuln affecting QNAP
QTS and QuTH Hero.
 2024-02-21 08:48:30 -08:00
bwatters d21e4080a9 Land #18792, Ivanti Connect Secure - Unauth RCE (CVE-2024-21893 + CVE-2024-21887) #18792 
Merge branch 'land-18792' into upstream-master
 2024-02-20 17:40:12 -06:00
Jack Heysel 8cddffa3d1 Land #18700, Add Kafka-ui Unauth RCE module 
This PR adds an exploit module for CVE-2023-52251 which
is an unauthenticated rce vulnerability in Kafka's UI.
 2024-02-16 15:38:52 -05:00
Jack Heysel a1b0ff0fcf Land #18681, Update Apache Ofbiz w. Auth-Bypass 
This PR updates the pre-existing apache_ofbiz_deserialization
module to include functionality that will bypass authentication by
using the newly discovered CVE-2023-51467.
 2024-02-16 15:02:34 -05:00
Jack Heysel 6c252de974 Docs plus minor edits 2024-02-15 17:12:11 -05:00
h00die-gr3y d716e60cf2 added base64 encoder module of zerosteiner 2024-02-14 21:33:50 +00:00
h00die-gr3y f5c71d09c2 using data/kafka_ui_versions.json for the version check 2024-02-14 20:57:46 +00:00
H00die.Gr3y 8b70cefd83 Update modules/exploits/linux/http/kafka_ui_unauth_rce_cve_2023_52251.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-02-14 20:57:46 +00:00
h00die-gr3y f75722ecf2 Small updates to module and documentation 2024-02-14 20:57:46 +00:00
h00die-gr3y dde7e3c5d3 Small tweaks to verbose messages 2024-02-14 20:57:46 +00:00
h00die-gr3y d5f30befbb Second release of module 2024-02-14 20:57:46 +00:00
h00die-gr3y 3db32da70f First release of module. 2024-02-14 20:57:45 +00:00
Jack Heysel d987b81591 Use Rex MIME Message 2024-02-14 13:15:37 -05:00
sfewer-r7 423bf0c519 work in progress exploit module for cve-2023-47218 2024-02-13 17:32:14 +00:00
sfewer-r7 1f292c8a73 remove the linux and unix targets in favor of a single automatic target 2024-02-09 09:26:08 +00:00
h00die 84278b8e0e fix ofbiz auto detection 2024-02-06 16:45:02 -05:00
sfewer-r7 03a58c784b fix typo in variable name 2024-02-06 14:08:54 +00:00
sfewer-r7 367783bcb5 add in RCE exploit for CVE-2024-21893 2024-02-06 11:49:04 +00:00
h00die 2efbf6e2f5 review comments 2024-01-29 17:21:06 -05:00
ErikWynter 14181572c1 add PRIVESC_SAVE_DELAY option for opennms authenticated RCE 2024-01-27 01:13:04 +02:00
ErikWynter acc15c23fe Add code review changes to opennms auth rce 2024-01-27 00:10:45 +02:00
Jack Heysel c278ef9b73 Land #18648, Add Module for GL.iNet products 
This PR adds an exploit module for a number of
different GL.iNet network products. The module combines
an auth by-pass CVE-2023-50919 with an RCE CVE-2023-50445.
 2024-01-23 14:57:29 -05:00
jheysel-r7 13d2968fad Capitalize remaining references to Meterpreter 2024-01-23 13:11:03 -05:00
h00die-gr3y 8d7907edee Update based on @jheysel-r7 comments 2024-01-23 10:10:21 +00:00
adfoster-r7 094d6ee36b Add additional reliability and stability notes to modules 2024-01-22 23:29:57 +00:00
h00die-gr3y 919c846064 Final small updates (removed UDP and corrected typo in release date 2024-01-20 11:27:10 +00:00
Spencer McIntyre 06dcc82ced Land #18630, Add CVE-2023-50917: MajorDoMo RCE 
Add CVE-2023-50917: MajorDoMo Command Injection Module
 2024-01-19 17:10:40 -05:00