adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
80,113 Commits 27 Branches 1,043 Tags
d2ed326b16ff5dc8f95633e287c19eb467c5ac6c
Commit Graph

270 Commits

Author SHA1 Message Date
jheysel-r7 641ab527aa Merge pull request #20857 from msutovsky-r7/exploit/freepbx/sql_to_rce_chain 
Adds exploit module for FreePBX (CVE-2025-66039, CVE-2025-61675)
 2026-01-28 20:03:17 -08:00
Jack Heysel 63a66ee162 Improved CVE version range info in description 2026-01-28 20:15:25 -07:00
Martin Sutovsky e6b97a79a4 Addresses comments 2026-01-28 11:33:54 +01:00
Martin Sutovsky c5ffa557a7 Adds UID in documentation 2026-01-26 13:44:09 +01:00
Martin Sutovsky d2af23a4a6 Adds additional installation step 2026-01-19 11:25:39 +01:00
Martin Sutovsky 4e36ff99ac Adds additional installation step 2026-01-19 11:24:45 +01:00
Martin Sutovsky b01353cc07 Code cleanup, removes line from documentation 2026-01-15 15:26:30 +01:00
Martin Sutovsky 85221800a4 Removes line from documentation, code cleanup 2026-01-15 15:23:54 +01:00
Martin Sutovsky e8efe19598 Moves file upload module into separate PR 2026-01-09 11:19:37 +01:00
Martin Sutovsky fcabe61271 Moves SQLi to RCE module into separate PR 2026-01-09 11:15:47 +01:00
h00die caa2873a14 more adjustments 2025-11-07 15:42:27 -05:00
h00die d8c73f6684 replace bold options with h3 2025-11-07 15:42:23 -05:00
Echo_Slow 19074eef02 Add exploit for CVE-2025-57819 
Added an exploit script for unauthenticated remote code execution targeting FreePBX
 2025-09-21 22:56:19 +02:00
h00die fd1d70ef93 update at persistence to mixin 2025-09-12 14:13:26 +02:00
cgranleese-r7 adff497bd2 Updates msf5 as well 2025-07-17 11:51:29 +01:00
cgranleese-r7 469f102596 Updates docs to reflect new default prompt 2025-07-17 09:53:40 +01:00
whotwagner 2259de33c1 Fixed a txpo in nextcloud_workflows_rce.md 2025-05-14 13:40:47 +00:00
whotwagner 09aaf5865c Rearranged code and removed wait_for_payload_session 2025-05-13 13:48:56 +00:00
jenkins-metasploit e819362398 automatic module_metadata_base.json update 2025-05-13 13:45:30 +00:00
Valentin Lobstein 5cdf7ae175 Update documentation/modules/exploit/unix/webapp/cyberpanel_preauth_rce_multi_cve.md 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-11-30 13:55:02 +01:00
Chocapikk 9c74467950 Refactor code + add check and autocheck 2024-11-21 22:48:36 +01:00
Valentin Lobstein f85de40d58 Update documentation/modules/exploit/unix/webapp/cyberpanel_preauth_rce_multi_cve.md 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-11-01 15:46:05 +01:00
Chocapikk 3723064ac9 Fix typo 2024-11-01 08:53:55 +01:00
Chocapikk 616ffe7d18 Add CVE-2024-51568 2024-11-01 08:48:34 +01:00
Chocapikk 4269615400 Add CyberPanel Pre-Auth RCE Exploit Module for CVE-2024-51378 and CVE-2024-51567 2024-10-31 22:13:05 +01:00
Diego Ledda 9a245e6e06 Land #19485, Module BYOB Unauthenticated RCE (CVE-2024-45256, CVE-2024-45257) 
Land #19485, Module BYOB Unauthenticated RCE (CVE-2024-45256, CVE-2024-45257)
 2024-10-15 17:13:15 +02:00
Chocapikk 10a4b24ed7 Better file clean 2024-09-27 01:17:07 +02:00
Valentin Lobstein 5408d0b5ac Update documentation/modules/exploit/unix/webapp/byob_unauth_rce.md 2024-09-23 18:40:26 +02:00
Valentin Lobstein b18cb3ecac Update documentation/modules/exploit/unix/webapp/byob_unauth_rce.md 2024-09-23 18:40:19 +02:00
Chocapikk 9e6adea0dc Add BYOB Unauthenticated RCE module exploiting arbitrary file write and command injection (CVE-2024-45256, CVE-2024-45257) 2024-09-21 04:00:56 +02:00
Chocapikk ae8df6c34b Add working documentation + working exploit 2024-09-18 17:00:18 +02:00
Chocapikk 36621c05d9 del documentation/modules/exploit/unix/webapp/spip_rce_form.md 2024-08-30 22:22:41 +02:00
h00die-gr3y b65c7ecb08 added support for all openmediavault versions (0.1 - 7.4.2-2) 2024-07-20 20:55:33 +00:00
h00die-gr3y a9f8475bf5 moved module + doc to exploit/unix/webapp 2024-07-16 15:50:20 +00:00
fanqiaojun 6b2bdc893b chore: remove repetitive words 
Signed-off-by: fanqiaojun <fanqiaojun@yeah.net>
 2024-04-15 11:06:50 +08:00
Balgogan ab9576f83d Add changes 2023-12-01 10:55:04 +01:00
Balgogan b2fa201a7d Implement check 2023-11-28 16:45:44 +01:00
Balgogan 0146527e55 Add splunk_xslt_authenticated_rce 2023-11-28 15:40:05 +01:00
Jack Heysel 1da4333611 Land #18434, Add module for Zoneminder RCE 
This PR adds an RCE module for the Zoneminder video
surveillance software system (CVE-2023-26035).
 2023-11-10 15:15:01 -05:00
Wolfgang Hotwagner 5d5f711dcd updated documentation 2023-11-09 22:40:36 +00:00
Wolfgang Hotwagner 58f9a39f72 replaced custom timer with rex::stopwatch 
updated documentation
 2023-10-12 11:46:56 +00:00
h00die 557a15a115 spelling fixes on docs 2023-10-10 14:46:18 -04:00
Wolfgang Hotwagner 2d065d59cf Documentation for exploit module for CVE-2023-26035 2023-10-06 17:43:44 +00:00
Jack Heysel 8717e66b14 Land #18280, Add Maltrail Unauth RCE Module 
This PR adds a module for an unauthenticated RCE vulnerability
in Maltrail, a malicious traffic detection system. This vuln
does not have a CVE associated with it.
 2023-08-16 17:29:05 -04:00
Ege Balcı a91f928d62 Update documentation/modules/exploit/unix/http/maltrail_rce.md 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-08-16 18:45:37 +00:00
Jack Heysel 99e78a4c00 Update documentaion file 2023-08-14 21:01:10 -04:00
Ege Balcı 4b7d98df07 Add Maltrail Unauthenticated RCE exploit 2023-08-10 23:02:20 +02:00
Ege Balcı da9200819d Update scenarios for new targets 2023-08-10 00:55:52 +02:00
Ege Balcı 41f0c30855 Add RaspAP Unauthenticated Command Injection (CVE-2022-39986) Exploit 2023-08-04 21:22:07 +02:00
emirpolatt 34f25fbb65 pfSense Config Data Remote Command Execution as root (CVE-2023-27253) Module 2023-07-12 13:27:02 -04:00