adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
78,154 Commits 27 Branches 1,043 Tags
bebb43f8f64644e6fd7495d5a202fa7c1954d73a
Commit Graph

19770 Commits

Author SHA1 Message Date
msutovsky-r7 9caa2be9a2 Land #20399, adds module for Pandora ITSM authenticated RCE (CVE-2025-4653) 
Pandora ITSM auth RCE [CVE-2025-4653]
 2025-08-07 08:37:45 +02:00
Brendan b6dc0860e7 Merge pull request #20409 from sfewer-r7/sharepoint-hax 
Exploit module for Microsoft SharePoint ToolPane Unauthenticated RCE (CVE-2025-53770 and CVE-2025-53771)
 2025-08-06 14:24:28 -05:00
sfewer-r7 0a923a611d reword the language around our usage of CVE-2025-53770 to make it clear that this module is leveraging the authentication bypass for both CVE-2025-49706 and CVE-2025-53771, and the unsafe deserialization for CVE-2025-49704. 2025-08-06 15:33:57 +01:00
h00die-gr3y 70f2cbe055 simplified cleaning procedure 2025-08-06 08:22:06 +00:00
msutovsky-r7 c99702c8bf Land #20446, adds module for ICTBroadcast Unauthenticated RCE (CVE-2025-2611) 
Add ICTBroadcast Unauthenticated Remote Code Execution (CVE-2025-2611)
 2025-08-05 09:29:36 +02:00
Chocapikk a81884fb9e Update metadata 2025-08-04 17:53:29 +02:00
Chocapikk 2c9053c45e Refactor fingerprint detection, cookie handling and per-cookie injection 
- Centralize JS fingerprint checks in `check`
- Memoize `get_valid_cookies` correctly and reuse a single `cookie_jar`
- Update `inject_command` to test payload on each cookie separately
 2025-08-04 17:49:34 +02:00
Valentin Lobstein 26099da7a2 Update modules/exploits/linux/http/ictbroadcast_unauth_cookie.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-08-04 17:03:04 +02:00
Valentin Lobstein 46b3012cda Update modules/exploits/linux/http/ictbroadcast_unauth_cookie.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-08-04 17:02:47 +02:00
Valentin Lobstein a6d86fbe59 Update modules/exploits/linux/http/ictbroadcast_unauth_cookie.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-08-04 17:02:35 +02:00
msutovsky-r7 5fd6184494 Land #20423, adds malicious XDG Desktop fileformat module 
Add Malicious XDG Desktop File module
 2025-08-04 11:44:02 +02:00
bcoles a7ab23d083 Add Malicious XDG Desktop File module 2025-08-04 19:23:02 +10:00
Chocapikk 50ef5edd90 Add Unauthenticated ICTBroadcast Remote Code Execution (CVE-2025-2611) 2025-08-02 19:46:14 +02:00
dwelch-r7 540e8b91d0 Merge pull request #20433 from msutovsky-r7/module/fix/disclosure_date 
Fixes disclosure date in exploit/linux/http/pandora_fms_auth_netflow_rce.rb
 2025-07-31 12:01:01 +01:00
Martin Sutovsky d2175c372f Fixes disclosure date 2025-07-31 12:58:28 +02:00
Spencer McIntyre 3fb2477fbf Increase payload space 2025-07-30 16:13:19 -04:00
h00die-gr3y 4b52708357 update module + documentation based on review comments 2025-07-30 11:39:20 +00:00
msutovsky-r7 f4622d802e Land #20406, adds malicious Windows Script Host VBScript fileformat module 
Add Malicious Windows Script Host VBScript (.vbs) File module
 2025-07-28 13:58:07 +02:00
msutovsky-r7 12340ef6b5 Land #20398, adds malicious Windows Script Host JScript fileformat module 
Add Malicious Windows Script Host JScript (.js) File module
 2025-07-28 13:51:26 +02:00
sfewer-r7 228a066521 add a reference to the Kaspersky analysis which covers all 4 CVEs 2025-07-25 12:26:55 +01:00
sfewer-r7 36fff14466 fix a comment typo 2025-07-25 11:04:18 +01:00
sfewer-r7 f16f7bf2ad add in reference to teh LeakIX blog, which shows CVE-2025-53771 2025-07-25 11:02:55 +01:00
sfewer-r7 ae95d3d4e8 add a comment to clarify what CVE-2025-53771 is 2025-07-25 11:02:08 +01:00
sfewer-r7 8df7f64e79 add some comments to clarify what CVE-2025-49704 is 2025-07-25 11:01:41 +01:00
sfewer-r7 6d9d9a70d4 add some comments to clarify what CVE-2025-49706 is 2025-07-25 11:01:22 +01:00
bcoles cbc03eaeeb Add Malicious Windows Script Host VBScript (.vbs) File module 2025-07-25 18:46:47 +10:00
bcoles 44c61a7e4d Add Malicious Windows Script Host JScript (.js) File module 2025-07-25 18:43:33 +10:00
sfewer-r7 a81710486e add in a reference to the new technical analysis from the origional finder 2025-07-24 12:15:24 +01:00
msutovsky-r7 afeded56aa Land #20384, adds module for malicious Windows Registration Entries files 
Add Malicious Windows Registration Entries (.reg) File module
 2025-07-24 12:29:34 +02:00
Stephen Fewer 899e275155 Make the double quotes optional, reports of Server 2016 not using these, but Server 2019 is. Thanks @w0rk3r for the bug report and fix. 
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
 2025-07-23 23:51:42 +01:00
sfewer-r7 b8cf458706 the check routine was getting the /_layouts/15/error.aspx page, this will not be accessable unless Forms Based Authentication (FBA) is enabled on the site. A better choice is /_layouts/15/start.aspx as this is accessible regardless of FBA being enabled. Thanks @alexey-at-work-bc for identifying this and sugesting a fix. 2025-07-23 23:03:43 +01:00
sfewer-r7 7838e06f4f reimplement the gadget chain using the Metasploit Msf::Util::DotNetDeserialization routines 2025-07-23 17:36:56 +01:00
sfewer-r7 d2a1f7bae9 add in exploit for CVE-2025-53770 and CVE-2025-53771, Microsoft SharePoint Server ToolPane Unauthenticated Remote Code Execution (aka ToolShell) 2025-07-23 12:40:14 +01:00
jheysel-r7 05f2012ccc Merge pull request #20338 from Chocapikk/xorcom 
Add auxiliary and exploit modules for Xorcom CompletePBX 5.2.35 CVEs (2025-2292, 30004, 30005)
 2025-07-22 08:19:36 -07:00
h00die-gr3y 58704e9eab init module + documentation 2025-07-20 19:06:01 +00:00
Diego Ledda 18d61d3763 Merge pull request #20356 from msutovsky-r7/exploit/pandorafms_netflow_rce 
Add module for authenticated PandoraFMS command injection (CVE-2025-5306)
 2025-07-17 11:58:54 +02:00
Chocapikk 7431958e5c Update url reference 2025-07-16 22:59:48 +02:00
Chocapikk 4e70dfe70d Rename mixin 2025-07-16 22:40:27 +02:00
Chocapikk 7ddae3ec3f refactor(xorcom): rename helper to completepbx? + pass creds to completepbx_login 2025-07-16 21:48:34 +02:00
Chocapikk b06903810c feat(xorcom): add shared CompletePBX mixin, refactor modules, update docs 2025-07-16 21:25:17 +02:00
Valentin Lobstein daf6cb3c84 Update modules/exploits/linux/http/xorcom_completepbx_scheduler.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2025-07-16 19:33:23 +02:00
Valentin Lobstein 65b7415bcc Update modules/exploits/linux/http/xorcom_completepbx_scheduler.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2025-07-16 19:33:15 +02:00
Valentin Lobstein 82d558bf2a Update modules/exploits/linux/http/xorcom_completepbx_scheduler.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2025-07-16 19:33:04 +02:00
bcoles c5ec45452a Add Malicious Windows Registration Entries (.reg) File module 2025-07-13 23:41:59 +10:00
msutovsky-r7 ffdfa07954 Land #20354, adds module for ISPConfig code injection (CVE-2023-46818) 
Add module for ISPConfig Code Injection (CVE-2023-46818)
 2025-07-09 07:47:56 +02:00
msutovsky-r7 93f902fe27 Land #20364, adds WingFTP unauthenticated RCE module 
Add WingFTP unauthenticated RCE (CVE-2025-47812)
 2025-07-07 13:12:10 +02:00
Martin Sutovsky 7d881567f2 Refactors code 2025-07-07 11:54:28 +02:00
Chocapikk 7629dd7518 DRY code, grab wingftp version in check method 2025-07-05 22:25:45 +02:00
Martin Sutovsky 195b874190 Addressing comments 2025-07-04 08:54:30 +02:00
Valentin Lobstein 6edbfb32ec Update modules/exploits/multi/http/wingftp_null_byte_rce.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2025-07-03 19:42:01 +02:00