adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
78,450 Commits 27 Branches 1,043 Tags
c901b5a30635ecba53dbbdf398967d720b00a720
Commit Graph

19910 Commits

Author SHA1 Message Date
h00die 15cdbfac2e update at persistence to use attck ref 2025-09-12 14:13:26 +02:00
h00die fd1d70ef93 update at persistence to mixin 2025-09-12 14:13:26 +02:00
jheysel-r7 96a83143f1 Merge pull request #20479 from msutovsky-r7/exploit/sitecore/postauth-rce 
Adds modules for Sitecore XP post-auth remote code executions (CVE-2025-34510, CVE-2025-34511)
 2025-09-11 11:25:27 -07:00
Diego Ledda 985af001d2 Merge pull request #20497 from h00die/modern_persistence_autostart 
update autostart to persistence mixin
 2025-09-11 18:58:32 +02:00
Martin Sutovsky 5ab864b9b1 Uses between? for version check, clearer webshell upload 2025-09-11 11:04:34 +02:00
Diego Ledda 80c5e41650 Merge pull request #20495 from h00die/modern_persistence_apt 
update apt_package_manager to persistence mixin
 2025-09-11 10:49:08 +02:00
h00die 71e9602eba Update modules/exploits/linux/persistence/autostart.rb 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2025-09-10 13:59:23 -04:00
Diego Ledda 1314f5d0bb Merge pull request #20455 from Chocapikk/aitemi_m300_time_rce 
Add unauthenticated RCE on Shenzhen Aitemi M300 MT02 (CVE-2025-34152)
 2025-09-10 10:12:41 +02:00
h00die c4d03023fc autostart updated with mixin udpates 2025-09-09 11:47:13 -04:00
h00die fb29084f86 persistence autostart cleanup updates 2025-09-09 10:49:56 -04:00
h00die c3be5ad23c update autostart to persistence mixin 2025-09-09 10:49:56 -04:00
h00die 638beeb738 apt persistence updates for mixin 2025-09-09 10:33:10 -04:00
h00die 711d8d0896 persistence apt cleanup updates 2025-09-09 10:28:03 -04:00
h00die db2f9f7792 update apt_package_manager to persistence mixin 2025-09-09 10:28:03 -04:00
h00die c4936d1b0f adjustments to the persistence lib and modules 2025-09-09 10:02:06 -04:00
jheysel-r7 7972017936 Merge pull request #20397 from vognik/CVE-2025-34300 
Add Lighthouse Studio unauthenticated RCE (CVE-2025-34300)
 2025-09-08 16:48:29 -07:00
Diego Ledda 68940822fd Merge pull request #20494 from h00die/modern_persistence_example 
add example linux persistence module
 2025-09-08 16:23:20 +02:00
Brendan da7224ed1b Merge pull request #20376 from msutovsky-r7/exploit/sudo-chroot-privesc 
Adds module for sudo chroot LPE (CVE-2025-32463)
 2025-09-03 16:53:43 -05:00
msutovsky-r7 7820c6caec Land #20504, moves bash_profile module to persistence category 
update bash_profile to persistence mixin
 2025-09-02 14:31:42 +02:00
h00die 56c692fc3e example persistence cleanup updates 2025-09-01 19:34:57 -04:00
h00die d9f96571e4 use new ATTCK ref 2025-09-01 18:09:25 -04:00
h00die 4591de4cae last changes for persistence bash module after peer review 2025-09-01 17:49:49 -04:00
Martin Sutovsky d056164d89 Removes redundant definitions 2025-09-01 15:53:14 +02:00
msutovsky-r7 9283562ee5 Land #20493, adds XWiki unauthenticated exploit module (CVE-2025-24893) 
Add XWiki Unauthenticated RCE (CVE-2025-24893)
 2025-09-01 13:37:31 +02:00
h00die fa9d58bb73 update bash_profile to persistence mixin 2025-08-30 15:17:50 -04:00
msutovsky-r7 5d59fbd333 Land #19903, adds module for periodic script persistence 
Add OSX Periodic Script Peristence
 2025-08-29 20:12:12 +02:00
Martin Sutovsky 2681e7cfed Update docs 2025-08-29 17:53:07 +02:00
Martin Sutovsky 57f14339d9 Adds x64 to BSD target 2025-08-29 14:47:11 +02:00
Vognik 071a4a34fc fix tests 2025-08-29 08:41:43 +04:00
Maksim Rogov 9b1d07dea8 removed unnecessary fail_with from check function 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-08-29 06:55:59 +03:00
h00die 2b249d5626 update linux example persistence 2025-08-28 17:00:05 -04:00
Martin Sutovsky ae64436441 Fixes payload delivery, updates targets 2025-08-28 15:47:24 +02:00
msutovsky-r7 c5e5cb84f1 Land #20266, adds UDP keyboard exploit module for Remote for Mac 2025.6 
Adds UDP Keyboard RCE for Remote for Mac 2025.6
 2025-08-28 09:47:16 +02:00
Martin Sutovsky f9b8a9b95e Adds more robust check method 2025-08-28 09:11:01 +02:00
Martin Sutovsky 6c65db52c5 Code rebase, fixing according to the comments 2025-08-28 09:00:12 +02:00
Chokri Hammedi a251694e2f Update modules/exploits/osx/misc/remote_for_mac_udp_rce.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-08-28 08:57:56 +02:00
Chokri Hammedi eda79be4bd Update modules/exploits/osx/misc/remote_for_mac_udp_rce.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-08-28 08:57:56 +02:00
Chokri Hammedi 2d1f700935 Update modules/exploits/osx/misc/remote_for_mac_udp_rce.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-08-28 08:57:55 +02:00
root 8a6d12a2f4 Add exploit for Remote for Mac 2025.6 unauthenticated UDP RCE 2025-08-28 08:57:55 +02:00
root 374407fc79 Add exploit for Remote for Mac 2025.6 unauthenticated UDP RCE 2025-08-28 08:57:54 +02:00
Brendan f1dffd3ad6 Merge pull request #20480 from msutovsky-r7/exploit/pretalx/file-rw 
Adds modules for Pretalx File Read/Limited File Write (CVE-2023-28459, CVE-2023-28458)
 2025-08-27 15:46:39 -05:00
Martin Sutovsky eef1d34506 Adds more comprehensive check, updates build instructions 2025-08-27 17:58:11 +02:00
Martin Sutovsky 2533ddf441 Rubocoping 2025-08-26 12:42:28 +02:00
Martin Sutovsky b43b4c9f37 Updates library, addressing comments 2025-08-25 17:49:34 +02:00
Maksim Rogov bdad398541 Update Payload Generation 2025-08-25 15:49:30 +03:00
Vognik 92ddf5646a Code Review Edits from @msutovsky-r7 2025-08-24 19:13:16 +04:00
h00die 96cc6b479c add example linux persistence module 2025-08-24 08:09:05 -04:00
Vognik 7289c25faa Fix Tests 2025-08-24 12:12:22 +04:00
Vognik 2b01ba6200 Add XWiki Unauthenticated RCE (CVE-2025-24893) 2025-08-23 18:56:24 +04:00
Vlad Dmitrievich baa5469a21 Fix legacy method override in torchserver_cve_2023_43654 
I think `Msf::Exploit::Remote::Java::HTTP::ClassLoader` module had `on_request_uri` method, that was later renamed to `java_class_loader_on_request_uri`.
 2025-08-22 17:01:41 +03:00