adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
80,113 Commits 27 Branches 1,043 Tags
d2ed326b16ff5dc8f95633e287c19eb467c5ac6c
Commit Graph

5329 Commits

Author SHA1 Message Date
msutovsky-r7 b6f37bef11 Land #20976, adds module for StoryChief WP plugin (CVE-2025-7441) 
Add StoryChief WordPress 1.0.42 unauthenticated RCE module (CVE-2025-7441)
 2026-02-19 10:06:25 +01:00
Nayeraneru 9c7347d6b5 Trriged failed_with and Removed unnecessary line 2026-02-18 02:20:36 +02:00
Nayera faca50288d Enhance CheckCode::Safe message for clarity 
Update CheckCode::Safe to include a detailed message.
 2026-02-18 00:14:18 +02:00
Nayeraneru 8ee79fa524 Add StoryChief WordPress 1.0.42 unauthenticated RCE module 2026-02-16 00:44:20 +02:00
LucasCsmt bbfe139e7f Merge branch 'master' into multi/http/churchcrm_unauth_rce 2026-02-13 15:01:52 +01:00
LucasCsmt b1758de52b Adding version control on the check method 2026-02-13 14:42:07 +01:00
LucasCsmt d90b3fdc89 Resolving compatibility issues 
In the last version of ChurchCRM (6.8.0), in order to be correct, the
url in the post request needed to end with a '/'. This issues is now
fixed and the exploit work again on the 6.8.0 version.
 2026-02-13 14:36:52 +01:00
LucasCsmt efcd0411e4 Adding a code to the check method 2026-02-13 14:04:40 +01:00
LucasCsmt fe302d30e1 Refactoring the code 2026-02-13 13:43:00 +01:00
LucasCsmt dcf4221cff Adding support for fetch payload 2026-02-13 13:23:40 +01:00
Diego Ledda a4ec3cd40d Merge pull request #20917 from sfewer-r7/solarwinds-webhelpdesk-rce 
Add exploit module for SolarWinds Web Help Desk (CVE-2025-40536 + CVE-2025-40551)
 2026-02-13 06:51:42 -05:00
LucasCsmt 3e98c7a045 Changing code according to Rubocop 2026-02-13 11:35:11 +01:00
LucasCsmt 06eba2245e Creating a check method 2026-02-13 11:34:46 +01:00
LucasCsmt 867624cad3 Removing default option 
The default option has been remove in favor of metasploit's default
selection.
 2026-02-13 10:42:42 +01:00
LucasCsmt dc2e73b44a Adding a failwith if the injection fail 2026-02-13 09:57:39 +01:00
LucasCsmt aacbd1d180 Changing PHP injection logic 
The PHP payload is injected directly into the PHP code injection. The
cleanup method has been remove in favor of a InitialAutoRunScript that
clear the config file.
 2026-02-13 09:52:48 +01:00
LucasCsmt 78f4b8f97d Merge branch 'master' into multi/http/churchcrm_unauth_rce 2026-02-13 08:50:23 +01:00
Spencer McIntyre 35b52df28a Merge pull request #20849 from haicenhacks/haicen_xerte 
Add three modules for exploiting Xerte Online Toolkits
 2026-02-12 15:01:42 -05:00
haicen 803e6d3991 adds auto-check and fixes print statements 2026-02-12 12:58:01 -05:00
haicen 0af126cba9 adds ability to create a project if none exist. 2026-02-12 12:50:00 -05:00
haicen 930bb4fecd fixes error in .htaccess policy generation 2026-02-12 12:43:16 -05:00
haicen b4f26d0329 conform to uri normalization pattern 2026-02-12 12:42:33 -05:00
haicen f25fab7c40 fixes error in .htaccess policy generation 2026-02-12 12:41:28 -05:00
haicen 66aad682d6 changes the .htaccess payload to use heredoc 2026-02-11 18:30:20 -05:00
haicen 208dc3489c fixes linting errors 2026-02-11 17:55:21 -05:00
Brendan 2c7b7e8b5c Merge pull request #20942 from rudraditya21/attack-exploit-privesc 
Add MITRE ATT&CK mappings for exploit and privilege escalation modules
 2026-02-11 15:38:59 -06:00
LucasCsmt 838d047b66 Fix the GHSA notation 2026-02-11 11:27:24 +01:00
LucasCsmt af3ce4a0f5 Changing placeholders to random text inside request 
The 'alter_config' function has been altered in order to use random text
as placeholder to fake information in the configuration. The GHSA is
fixed too.
 2026-02-11 11:26:59 +01:00
Lucas Coussement 7c9f18bbab Shorten the if condition's format 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2026-02-11 10:48:54 +01:00
Lucas Coussement fc9d2b2fce adding CONFIG_CHANGES to side effect 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2026-02-11 10:47:49 +01:00
LucasCsmt 37fe98c7bd Merge branch 'master' into multi/http/churchcrm_unauth_rce 2026-02-10 16:34:08 +01:00
haicen 68e17f2b13 Normalizes URI construction 2026-02-09 20:56:08 -05:00
haicen a1b02d1139 adds newlines between functions 2026-02-09 20:53:36 -05:00
haicen 3ee7bd435b changes URI construction to comply with standards 2026-02-09 20:45:10 -05:00
haicen e28afb7e12 renames files to conform to standards 2026-02-09 20:30:33 -05:00
haicen d8fd09b156 adds newline between functions 2026-02-09 20:30:29 -05:00
haicen 98d8e35d85 adds checks to address nil condition on variables 2026-02-09 20:30:25 -05:00
haicen f852aac863 Changes url structure to conform to requested changes 2026-02-09 20:30:18 -05:00
haicen 60b0209914 Improves module vulnerability check 2026-02-09 20:29:50 -05:00
Rudraditya Thakur 8d6f775ebe added: ATT&CK references to exploit and privilege escalation modules 2026-02-09 23:03:01 +05:30
Valentin Lobstein f41eda1128 Add GHSA and OSV reference type support 
Add support for GHSA (GitHub Security Advisories) and OSV (Open Source
Vulnerabilities) as structured reference types in Metasploit modules.

Convert 49 hardcoded GHSA URLs to structured ['GHSA', 'GHSA-xxxx'] format
across existing modules, and add support for repository-specific GHSA
references with an optional third parameter ['GHSA', 'GHSA-xxxx', 'repo'].

Update reference validation, module validator, and info_fixups to handle
the new reference types correctly.
 2026-02-09 15:17:23 +01:00
sfewer-r7 5accca7907 Lower the ranking to GreatRanking and stability is CRASH_SERVICE_RESTARTS due to how the 12.8.* target on Windows works. 2026-02-05 21:38:27 +00:00
sfewer-r7 58dd29107f remove SMB_SRVPORT as an option. It must allways be 445 so the user cannot change it. We print a message to inform the user this port is intended to be in use so that the SMB server is not compleatly opaque. 2026-02-05 17:21:31 +00:00
sfewer-r7 5338a8e4b9 this is the prefered way to test for a non routable IP 2026-02-05 17:20:04 +00:00
sfewer-r7 2a39aa5124 fix typo in SRVPORT 2026-02-05 16:28:31 +00:00
LucasCsmt 9cb6ddb7c1 Mentioning the version in the title 
Title has been changed in order to mention the version where the exploit
work.
 2026-02-05 15:46:38 +01:00
LucasCsmt eb5507844b Testing the module on different version 
The module have been tested on different version of ChurchCRM (6.8.0 and
6.2.0) prooving it's vulnerability to this exploit. This commit contains
modification of the dockerfile/docker-compose in order to support
multi-version installation.
 2026-02-05 12:36:26 +01:00
sfewer-r7 c7e18ee5d6 block untill we get a session, so we dont tear down the SMB/LDAP service prematurly. 2026-02-04 20:35:57 +00:00
sfewer-r7 7d926efa95 Ships as a Java application running in a x64 java.exe process 2026-02-04 20:35:40 +00:00
sfewer-r7 153a65fbb6 rework the targets/paylaods. We now support 12.8.* on windows and 12.7.* on linux and windows. 12.8.* on linux might work but depends on the underlying cron daemon 2026-02-04 20:14:44 +00:00