15cdbfac2e
update at persistence to use attck ref
2025-09-12 14:13:26 +02:00
fd1d70ef93
update at persistence to mixin
2025-09-12 14:13:26 +02:00
7972017936
Merge pull request #20397 from vognik/CVE-2025-34300
...
Add Lighthouse Studio unauthenticated RCE (CVE-2025-34300)
2025-09-08 16:48:29 -07:00
9283562ee5
Land #20493 , adds XWiki unauthenticated exploit module (CVE-2025-24893)
...
Add XWiki Unauthenticated RCE (CVE-2025-24893)
2025-09-01 13:37:31 +02:00
5d59fbd333
Land #19903 , adds module for periodic script persistence
...
Add OSX Periodic Script Peristence
2025-08-29 20:12:12 +02:00
2681e7cfed
Update docs
2025-08-29 17:53:07 +02:00
57f14339d9
Adds x64 to BSD target
2025-08-29 14:47:11 +02:00
071a4a34fc
fix tests
2025-08-29 08:41:43 +04:00
9b1d07dea8
removed unnecessary fail_with from check function
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2025-08-29 06:55:59 +03:00
ae64436441
Fixes payload delivery, updates targets
2025-08-28 15:47:24 +02:00
bdad398541
Update Payload Generation
2025-08-25 15:49:30 +03:00
92ddf5646a
Code Review Edits from @msutovsky-r7
2025-08-24 19:13:16 +04:00
7289c25faa
Fix Tests
2025-08-24 12:12:22 +04:00
2b01ba6200
Add XWiki Unauthenticated RCE (CVE-2025-24893)
2025-08-23 18:56:24 +04:00
baa5469a21
Fix legacy method override in torchserver_cve_2023_43654
...
I think `Msf::Exploit::Remote::Java::HTTP::ClassLoader` module had `on_request_uri` method, that was later renamed to `java_class_loader_on_request_uri`.
2025-08-22 17:01:41 +03:00
88d7a1ab04
fix coonflicts and rubocop
2025-08-19 12:37:53 -04:00
df917720eb
Remove payload file
2025-08-19 12:33:56 -04:00
a7ab23d083
Add Malicious XDG Desktop File module
2025-08-04 19:23:02 +10:00
a0d03c0638
Update modules/exploits/multi/local/periodic_script_persistence.rb
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2025-07-29 13:20:20 -04:00
a413e78689
Update modules/exploits/multi/local/periodic_script_persistence.rb
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2025-07-29 13:19:28 -04:00
d87787df69
Update modules/exploits/multi/local/periodic_script_persistence.rb
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2025-07-29 13:18:48 -04:00
8024900171
fix tests
2025-07-26 03:15:00 +04:00
9696cc57db
Merge branch 'rapid7:master' into CVE-2025-34300
2025-07-25 11:02:03 +04:00
82eadede83
Code Review Edits from @sjanusz-r7
2025-07-25 05:17:48 +04:00
38b0bd15e1
Code Review Edits
2025-07-24 07:19:25 +04:00
e93755adc6
Added WritableDir Option
2025-07-23 11:59:48 +04:00
d62ef448f1
Code Review Edits
2025-07-22 04:40:14 +04:00
1c1b574b81
Removed Debug Print
2025-07-21 21:37:52 +04:00
d57a36413d
Fix Tests
2025-07-21 21:34:41 +04:00
6276b27dfc
Improved Exploit Stability on Windows
2025-07-21 21:34:01 +04:00
85e97aaaf5
Fix STUDYNAME empty check
2025-07-21 13:14:19 +03:00
e90396a15f
Execute Method Refactoring
2025-07-21 13:59:43 +04:00
c06a7c477b
Check Method Refactoring
2025-07-21 13:06:51 +04:00
45a6176a9c
Removed Limits
2025-07-21 11:03:24 +04:00
6bf385e17a
Removed dublicate logging bug
2025-07-21 03:20:34 +04:00
a836c9bc5e
Fixed CVE Format
2025-07-21 03:17:57 +04:00
e7667d406a
Add Lighthouse Studio unauthenticated RCE (CVE-2025-34300)
2025-07-20 15:23:38 +04:00
0f7aafa48e
Add session platform, apply Rubocop changes
2025-07-10 14:09:44 -04:00
0f0ca54e6c
Remove get_python method
2025-07-10 11:57:06 -04:00
2351a6a9bc
Minor changes to options, add documentation
2025-07-08 13:30:22 -04:00
8a8e3a3047
Rubocop changes
2025-07-08 13:01:09 -04:00
c9d41be766
Add authors, print cleanup, rename vars
2025-07-08 13:00:15 -04:00
d694c27119
Update modules/exploits/multi/local/periodic_script_persistence.rb
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2025-07-08 10:54:08 -04:00
d2c7ac8d51
Update modules/exploits/multi/local/periodic_script_persistence.rb
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2025-07-08 10:53:47 -04:00
52acc15a51
Update modules/exploits/multi/local/periodic_script_persistence.rb
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2025-07-08 10:53:28 -04:00
b3e16e9c47
Update modules/exploits/multi/local/periodic_script_persistence.rb
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2025-07-08 10:52:58 -04:00
7629dd7518
DRY code, grab wingftp version in check method
2025-07-05 22:25:45 +02:00
6edbfb32ec
Update modules/exploits/multi/http/wingftp_null_byte_rce.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2025-07-03 19:42:01 +02:00
d79810a7e3
Update modules/exploits/multi/http/wingftp_null_byte_rce.rb
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2025-07-03 13:54:11 +02:00
d625ab5fbc
Update modules/exploits/multi/http/wingftp_null_byte_rce.rb
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2025-07-03 13:54:01 +02:00
h00die