adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,125 Commits 27 Branches 1,043 Tags
c8d50bda0f2ade01c0b38fdd4fbf6eeca030d0e9
Commit Graph

18219 Commits

Author SHA1 Message Date
cgranleese-r7 de17261926 Removes session types from module with session type mixin 2024-02-19 10:34:16 +00:00
Jack Heysel 8cddffa3d1 Land #18700, Add Kafka-ui Unauth RCE module 
This PR adds an exploit module for CVE-2023-52251 which
is an unauthenticated rce vulnerability in Kafka's UI.
 2024-02-16 15:38:52 -05:00
Jack Heysel a1b0ff0fcf Land #18681, Update Apache Ofbiz w. Auth-Bypass 
This PR updates the pre-existing apache_ofbiz_deserialization
module to include functionality that will bypass authentication by
using the newly discovered CVE-2023-51467.
 2024-02-16 15:02:34 -05:00
adfoster-r7 e49c6a792a Land #18770, Extract SMB, PostgreSQL, MySQL and MSSQL optional sessions into their own mixins 2024-02-15 13:19:37 +00:00
h00die-gr3y d716e60cf2 added base64 encoder module of zerosteiner 2024-02-14 21:33:50 +00:00
h00die-gr3y f5c71d09c2 using data/kafka_ui_versions.json for the version check 2024-02-14 20:57:46 +00:00
H00die.Gr3y 8b70cefd83 Update modules/exploits/linux/http/kafka_ui_unauth_rce_cve_2023_52251.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-02-14 20:57:46 +00:00
h00die-gr3y f75722ecf2 Small updates to module and documentation 2024-02-14 20:57:46 +00:00
h00die-gr3y dde7e3c5d3 Small tweaks to verbose messages 2024-02-14 20:57:46 +00:00
h00die-gr3y d5f30befbb Second release of module 2024-02-14 20:57:46 +00:00
h00die-gr3y 3db32da70f First release of module. 2024-02-14 20:57:45 +00:00
h00die-gr3y 5f703b2e28 First draft. Not ready for review 2024-02-14 20:57:45 +00:00
Christophe De La Fuente 747d328bcb Land #18786, Fix option collision in service_persistence 2024-02-14 17:25:15 +01:00
Dean Welch fa5c4c0193 lowercase session types 2024-02-14 15:45:34 +00:00
Dean Welch 0d4e1ed755 Use mssql option session mixin with mssql modules 2024-02-14 15:37:11 +00:00
Dean Welch 587a8690a1 Use individual session mixins 2024-02-14 15:37:11 +00:00
Dean Welch 08872d0211 Add session type to info hash in the mixin 2024-02-14 15:37:11 +00:00
Dean Welch 0f319bdfb9 Extract SMB and PostgreSQL optional sessions into their own mixins 2024-02-14 15:37:11 +00:00
adfoster-r7 1794a5fbee Land #18763, Mssql session modules 2024-02-14 10:54:04 +00:00
Zach Goldman d18520adc6 update rhost and rport calls 2024-02-13 13:00:38 -06:00
Zach Goldman c05c6773df adjust session logic in modules 2024-02-13 11:59:09 -06:00
Spencer McIntyre 202db99004 Land #18801, Fix revision number checks 
Fix revision number checks in cve_2022_26904_superprofile.rb
 2024-02-12 15:52:16 -05:00
Spencer McIntyre 45365c8666 Land #18800, Fix revision number checks 
Fix revision number checks for cve_2021_40449.rb
 2024-02-12 15:19:56 -05:00
Spencer McIntyre ce0498377d Land #18798, fix version checks 
windows/local/cve_2020_0787_bits_arbitrary_file_move (and similar) fails due to incorrect revision_number checks
 2024-02-12 15:11:07 -05:00
Spencer McIntyre 8eb5aa6aa6 Land #18799, Fix revision number checks 
Fix revision number checks for cve_2020_17136.rb
 2024-02-12 15:01:45 -05:00
Zach Goldman 94223f05fc update relevant modules to work with sessions 
separate out optional session logic

fixing session handling
 2024-02-09 13:18:49 -06:00
sjanusz-r7 30fc29e0f5 Use PostgreSQL session type for modules 2024-02-09 15:38:06 +00:00
adfoster-r7 8b71afdd53 Land #18759, Updates MySQL modules to now support the new MySQL session type 2024-02-08 12:39:51 +00:00
upsidedwn 4b5d04e59e Fix revision number checks in cve_2022_26904_superprofile.rb 2024-02-07 11:30:42 +08:00
upsidedwn ccb446f2ae Fix revision number checks for cve_2021_40449.rb 2024-02-07 11:28:00 +08:00
upsidedwn 436efad4ca Fix revision number checks 2024-02-07 11:25:41 +08:00
upsidedwn 47d30696bc Fix revision_number checks 2024-02-07 11:20:12 +08:00
h00die 84278b8e0e fix ofbiz auto detection 2024-02-06 16:45:02 -05:00
cgranleese-r7 e80f0ef8cd Removes session logic from mixins and uses client instead of datastore for rhost and rport 2024-02-06 14:11:16 +00:00
Christophe De La Fuente d546db6055 Land #18780, runc cwd priv esc (docker) (cve-2024-21626) 2024-02-05 13:12:02 +01:00
lihe07 29524fa7f8 Fix option collision in service_persistence 
The option `SHELLPATH` collide with `cmd/unix/reverse_netcat`,
resulting in abnormal backdoors. This commit rename it to BACKDOOR_PATH
 2024-02-03 23:18:45 +08:00
h00die cf2f76e6a2 cve-2024-21626 review 2024-02-02 16:27:02 -05:00
Jack Heysel 85974d16c2 Land #18769, Add Cacti RCE via SQLi Module 
This exploit module leverages a SQLi (CVE-2023-49085) and
a LFI (CVE-2023-49084) vulnerability in Cacti versions prior
to 1.2.26 to achieve RCE
 2024-02-02 11:46:10 -05:00
cgranleese-r7 577304cf7c Updates more modules 2024-02-02 14:59:56 +00:00
adfoster-r7 7ac4387d35 Land #18696, Convert MSSQL mixin to class 2024-02-02 14:14:34 +00:00
Christophe De La Fuente b91648f065 Fix typos 2024-02-02 11:45:51 +01:00
Christophe De La Fuente 1ff1302df7 Use exceptions instead of returning a boolean in do_login 2024-02-02 11:39:13 +01:00
adfoster-r7 372b792b8c Land #18761, Add alert to show user the new session options available in Metasploit 6.4 2024-02-02 10:25:32 +00:00
Jack Heysel be2d2d61ca Land #18762, Add exploit module for CVE-2024-0204 
This pull request adds an exploit module for CVE-2024-0204
in Fortra GoAnywhere MFT. GoAnywhere MFT versions 6.x from
6.0.1, and 7.x before 7.4.1 are vulnerable.
 2024-02-01 22:36:32 -05:00
Zach Goldman 35778e92b2 client consolidation 
convert first module from remote to client

move client to rex

remove metasploit mixin
 2024-02-01 17:23:55 -06:00
h00die 1c73cf938f cve-2024-21626 2024-02-01 15:28:04 -05:00
sfewer-r7 b259c5d6a7 store the credentials we create in the DB 2024-02-01 19:48:01 +00:00
sfewer-r7 612feac5f1 add in vendor advisory URL 2024-02-01 19:47:23 +00:00
Christophe De La Fuente 81eba7a6e7 Use FileDropper mixin and fix typo 2024-02-01 17:23:05 +01:00
Christophe De La Fuente 5054b3bfd0 Add methods to get the version and the CSRF token 2024-02-01 12:31:01 +01:00