adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
77,480 Commits 27 Branches 1,043 Tags
c23c848d2eeffa5a01dfdcdafa63340002b06eb9
Commit Graph

1572 Commits

Author SHA1 Message Date
Diego Ledda ce6e0d1164 Merge pull request #20096 from h00die-gr3y/CVE-2025-30406 
Gladinet CentreStack/Triofox ASP.NET ViewState Deserialization [CVE-2025-30406]
 2025-05-28 13:46:13 +02:00
h4x-x0r 647545c5ef Update magicinfo_traversal.rb 2025-05-15 22:13:08 +01:00
h4x-x0r bd181f8a13 Update magicinfo_traversal.rb 2025-05-15 22:11:23 +01:00
h4x-x0r 6d2a1e529e Update magicinfo_traversal.rb 2025-05-15 20:11:59 +01:00
h4x-x0r e9c88b55f2 cleanup 2025-05-09 22:39:30 +01:00
h4x-x0r 803581ab81 CVE-2024-7399 2025-05-09 17:27:22 +01:00
h00die-gr3y 2baabfa17b update check method to detected other vulnerable services 2025-05-03 14:08:49 +00:00
h00die-gr3y 1c5be6154a second release including Triofox + documentation 2025-05-02 20:42:14 +00:00
h00die-gr3y a6aca51230 initial module 2025-04-28 21:00:55 +00:00
Jack Heysel 4c5e0203dd Refactor pgAdmin modules to use new lib 2025-04-11 15:55:46 -07:00
Jack Heysel fa0c29837e Update author, rubocop, msftidy_docs 2025-03-27 09:36:10 -07:00
Jack Heysel d54e8d8749 Add check method that returns Detected 2025-03-27 09:28:28 -07:00
Jack Heysel 24a785d6b0 Target and metadata updates 2025-03-25 11:56:15 -07:00
Jack Heysel abeeb091fd Rubocop 2025-03-25 11:18:48 -07:00
machang-r7 a0ca1b10af Create sitecore_xp_cve_2025_27218.rb 2025-03-05 17:54:54 -05:00
Jack Heysel 152710403d Land #19330, Add SSL opt in start_service 
The start_service method now allows users to specify their SSL
preferences directly through the opts parameter. If the ssl option is
not provided in opts, it will default to the value in datastore["SSL"]
 2024-09-05 09:08:07 -07:00
Jack Heysel 434593dcb4 Suggestion and rubocop fixes 2024-09-05 08:49:32 -07:00
adfoster-r7 aaf95f9134 Apply suggestions from code review 2024-08-28 18:46:08 +01:00
igomeow d0d4c3083a Fixing error message 2024-08-28 18:33:31 +02:00
igomeow 2b7cf76fc8 Fixing wrong SideEffects and Reliability values 2024-08-28 18:20:20 +02:00
igomeow 251c1c0c1e Adding check for host operating system 2024-08-28 18:17:36 +02:00
igomeow 6326cac8d4 Fixing nil safe issue 2024-08-26 23:23:43 +02:00
igomeow 7e9f52dd0b Github release 2024-08-26 23:02:53 +02:00
igomeow d1ce041fd0 Inital commit and Rubocop fixes 2024-08-26 19:27:20 +02:00
h4x-x0r 39d615e8d2 Added TARGETURI option 
Added TARGETURI option
 2024-08-13 20:29:30 +01:00
h4x-x0r 8e4503061a Removed debugging code 
Removed debugging code
 2024-08-07 15:23:15 +01:00
h4x-x0r 8732d7cd58 LG Simple Editor Command Injection (CVE-2023-40504) Module 
Exploit Module and Documentation for the LG Simple Editor Command Injection (CVE-2023-40504)
 2024-08-07 05:16:25 +01:00
dledda-r7 48c69b99fb Land #19344, FortiClient EMS FCTID SQLi to RCE fix for 7.2.x 2024-07-31 09:43:19 -04:00
redwaysecurity.com a812617fee Removed "ssl_restore = true" 2024-07-26 17:30:25 +02:00
Jack Heysel 2ffe027eab Responded to comments 2024-07-25 09:14:27 -07:00
Jack Heysel c05aebe248 Formatting 2024-07-24 11:16:26 -07:00
Jack Heysel e9cbb9287c Add support for 7.2.x 2024-07-24 10:45:38 -07:00
adfoster-r7 62a3f73e70 Update rubocop target ruby version 2024-07-24 16:47:17 +01:00
Jack Heysel e6f2352248 WIP 2024-07-19 14:43:13 -07:00
bwatters 636c72965c Land #19084, Add CVE-2022-1373 and CVE-2022-2334 exploit chain 
Merge branch 'land-19084' into upstream-master
 2024-07-19 12:22:25 -05:00
Christophe De La Fuente 2f238fcd24 Code review 2024-06-21 10:13:08 +02:00
Christophe De La Fuente ecb628eaab Add module and documentation 2024-06-20 15:30:54 +02:00
Spencer McIntyre 08575d0895 Land #19176, Add missing Arch parameter 
Adding Arch parameter to dnn_cookie_deserialization_rce module
 2024-06-18 17:07:08 -04:00
Jack Heysel c1826cd2f3 Land #18829, Allow multiple HttpServers in module 
Adding multiple HttpServer services in a module is sometimes complex
since they share the same methods. This usually this causes issues where
on_request_uri needs to be overridden to handle requests coming from
each service. This updates the cmdstager and the Java HTTP ClassLoader
mixins, since these are commonly used in the same module. This also
updates the manageengine_servicedesk_plus_saml_rce_cve_2022_47966 module
to make use of these new changes
 2024-06-18 09:51:38 -07:00
Spencer McIntyre 29307b1321 Appease msftidy 2024-06-18 09:23:41 -04:00
Jack Heysel dc70aa0896 Land #19247, PHP CGI Arg injection RCE 
XAMPP installs running on Windows system configured to use Japanese or
Chinese (simplified or traditional) locales are vulnerable to a PHP CGI
argument injection vulnerability. This exploit module returns a session
running in the context of the Administrator user
 2024-06-17 11:27:38 -07:00
Christophe De La Fuente 8fc6e20cec Update other modules to use java_class_loader_start_service and cmdstager_start_service 2024-06-14 12:57:42 +02:00
Stephen Fewer fb44c7e6ff fix typo in module description 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-06-13 15:10:14 +01:00
Spencer McIntyre 18fe758416 Finish up and document the deserialization RCE 2024-06-12 08:58:37 -04:00
Spencer McIntyre cac5863e75 Update the exploit module to use the scanner 2024-06-12 08:58:37 -04:00
Spencer McIntyre 0e1e6c4fb2 Exploit improvements 
* Delete the report the exploit creates
* Report credentials that are used to authenticate
* Use the specified username and password if provided
 2024-06-12 08:58:37 -04:00
Spencer McIntyre c120a30ba4 Enumerate and select a random category 2024-06-12 08:58:37 -04:00
Spencer McIntyre b8d3cd6708 Initial module for CVE-2024-4358 2024-06-12 08:58:37 -04:00
Stephen Fewer ab0079c0ee Update modules/exploits/windows/http/rejetto_hfs_rce_cve_2024_23692.rb 
improve documentation guidance to mention upgrading to a newer supported version (as 2.x is no longer supported)

Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-06-11 16:26:04 +01:00
sfewer-r7 bf9b3f1d2a add documentation 2024-06-10 17:41:55 +01:00