adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,125 Commits 27 Branches 1,043 Tags
c8d50bda0f2ade01c0b38fdd4fbf6eeca030d0e9
Commit Graph

907 Commits

Author SHA1 Message Date
Jack Heysel 85974d16c2 Land #18769, Add Cacti RCE via SQLi Module 
This exploit module leverages a SQLi (CVE-2023-49085) and
a LFI (CVE-2023-49084) vulnerability in Cacti versions prior
to 1.2.26 to achieve RCE
 2024-02-02 11:46:10 -05:00
Christophe De La Fuente b91648f065 Fix typos 2024-02-02 11:45:51 +01:00
Jack Heysel be2d2d61ca Land #18762, Add exploit module for CVE-2024-0204 
This pull request adds an exploit module for CVE-2024-0204
in Fortra GoAnywhere MFT. GoAnywhere MFT versions 6.x from
6.0.1, and 7.x before 7.4.1 are vulnerable.
 2024-02-01 22:36:32 -05:00
Christophe De La Fuente f10619d870 Add module and documentation 2024-01-30 12:52:02 +01:00
Spencer McIntyre 577898d91b Check the response when exploiting 2024-01-29 14:38:49 -05:00
sfewer-r7 c70092a2c7 bugfix a copy pasta whereby a path seperator was not being added as expected 2024-01-29 17:52:37 +00:00
sfewer-r7 08a19959fe add an RCE exploit module for CVE-2024-0204 in Fortra GoAnywhere MFT 2024-01-29 17:17:45 +00:00
Spencer McIntyre 8a793dd1b0 Use the correct exploit and use sh instead of bash 2024-01-29 09:03:25 -05:00
Spencer McIntyre 9e41825e51 Finish up the exploit 
Tested on Linux (versions 4.1.1, 4.3.0, and 4.4.0) and Windows (version
4.4.0).
 2024-01-26 17:20:54 -05:00
Spencer McIntyre deabf9b1d8 Add module docs 2024-01-24 12:49:27 -05:00
ekalinichev-r7 847a72c417 Land #18638, add exploit for CVE-2022-42889 Apache Commons Text RCE 2024-01-19 13:02:53 +01:00
Christophe De La Fuente b8aa55c322 Land #18633, WordPress Backup Migration Plugin PHP Filter Chain RCE (CVE-2023-6553) 2024-01-17 18:42:52 +01:00
Gaurav Jain 225ef6847f Add output from test run on windows target 2024-01-15 00:26:47 +05:30
Jack Heysel 6d8666e35b Fixed spacing and removed unused method 2024-01-11 13:13:57 -05:00
Jack Heysel cdc66dd91f Last minute fix 2024-01-11 12:56:01 -05:00
Jack Heysel 5c7061cc0c Remove OS dependant payload 2024-01-11 12:30:04 -05:00
Gaurav Jain 98667edf76 Add suggested changes 2024-01-05 22:31:51 +05:30
Gaurav Jain d0beea91bd Add exploit for CVE-2022-42889 2023-12-25 00:43:50 +05:30
Jack Heysel eeb74cd5e1 Updated metadata 2023-12-20 16:49:45 -05:00
Jack Heysel e3062d45e0 Module working docs updated 2023-12-20 16:41:52 -05:00
Jack Heysel c895364675 Initial commit, files created 2023-12-18 19:26:14 -05:00
Christophe De La Fuente 45d2c7f4e0 Land #18566, CVE-2023-22518: Confluence Auth Bypass Restore From Backup RCE 2023-12-18 18:51:36 +01:00
Jack Heysel 862194d63f Documentation and rubocop changes 2023-12-11 19:01:35 -05:00
Balgogan 402434bbf2 Add module output 2023-11-28 08:41:35 +01:00
Valentin Lobstein bfd22f8f01 Update documentation/modules/exploit/multi/http/wp_royal_elementor_addons_rce.md 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-11-28 08:15:14 +01:00
Balgogan 31daaf58fe Add wp_royal_elementor_addons_rce 2023-11-23 05:15:28 +01:00
Stephen Fewer 00104ce467 Update documentation to specify bin directory 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2023-11-02 17:41:21 +00:00
Stephen Fewer 8b70c3ec77 Update documentation/modules/exploit/multi/misc/apache_activemq_rce_cve_2023_46604.md 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2023-11-02 17:40:54 +00:00
sfewer-r7 05f0b6a70c change the verification stesp to be for alinux target, as the testing steps above are for linux 2023-11-02 10:28:21 +00:00
sfewer-r7 58d03a3dab add in documentation 2023-11-02 10:26:02 +00:00
Zach Goldman d960aa522c Land #18348, Splunk account take over (CVE-2023-32707) leading to RCE 2023-10-26 11:34:02 -04:00
Heyder Andrade 1ac0e2dc66 Update splunk_privilege_escalation_cve_2023_32707.md 2023-10-23 11:31:19 +02:00
Christophe De La Fuente da9d04d32d Land #18461, CVE-2023-22515 - Atlassian Confluence unauthenticated RCE 2023-10-19 10:22:57 +02:00
sfewer-r7 c63aaba760 add in documentation for Options 2023-10-18 10:05:05 +01:00
sfewer-r7 1c027ac05c add an RCE exploit for CVE-2023-22515 2023-10-16 20:50:18 +01:00
Spencer McIntyre 86b7ec4518 Address comments from the review 2023-10-12 09:50:19 -04:00
Spencer McIntyre 4f734379d3 Add module docs and print some messages 2023-10-12 09:27:26 -04:00
h00die 7ffc1ca491 undo some spelling fixes when upstream has those issues 2023-10-11 06:30:11 -04:00
h00die 557a15a115 spelling fixes on docs 2023-10-10 14:46:18 -04:00
Spencer McIntyre e7ab983279 Minor code changes 
Changes include:
  * Remove the PAYLOAD key which didn't do anything
  * Add the missing payload size constraint
  * Use #retry_until_truthy
 2023-09-28 13:19:26 -04:00
sfewer-r7 89940e8b08 use the correct naming convention for normal options. 2023-09-28 16:36:18 +01:00
sfewer-r7 ad7ff705c7 add in a Linux target 2023-09-28 14:57:02 +01:00
sfewer-r7 fbd5e60cfc add in coverage for CVE-2023-42793. Currently only a Windows target. 2023-09-28 12:31:59 +01:00
Heyder Andrade 766766be78 Apply suggestions from code review 
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com>
 2023-09-14 16:13:10 +02:00
eu 8627616404 Added scenario for a non-vulnrable version 2023-09-14 15:56:35 +02:00
eu 54a7b55eb4 Fix code style 2023-09-14 15:05:41 +02:00
eu fc4b47cddd Added documentation 2023-09-13 17:18:18 +02:00
Christophe De La Fuente a33f03d100 Land #18302, Sonicwall rce CVE-2023-34124 2023-09-08 11:48:07 +02:00
Ron Bowes b12fe743d0 Resolve PR comments 2023-09-06 14:11:29 -07:00
Christophe De La Fuente 8217745a85 Land #18257, Apache nifi h2 rce (CVE-2023-34468) 2023-08-30 13:37:37 +02:00