adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
72,558 Commits 27 Branches 1,043 Tags
d6488dc0c35dbd5e97dc3622be89d260278bfdb2
Commit Graph

6154 Commits

Author SHA1 Message Date
Christophe De La Fuente 3182cb4000 Land #18612, Craft CMS unauthenticed RCE [CVE-2023-41892] 2023-12-22 10:59:39 +01:00
Spencer McIntyre 6fc0704930 Land #18477, Add docs for nessus_rest_login 2023-12-20 16:49:09 -05:00
Spencer McIntyre 300c53d005 Fix typos and tweak the section order 2023-12-20 16:31:52 -05:00
Christophe De La Fuente fb26c93291 Land #18541, Glibc Tunables Privilege Escalation CVE-2023-4911 (Looney Tunables) 2023-12-20 20:04:21 +01:00
Christophe De La Fuente 7ca256560d Land #18542, Vinchin Backup & Recovery Command Injection 2023-12-20 18:56:50 +01:00
Jack Heysel 065abf6b92 Rubocop, doc scenario update 2023-12-19 12:30:02 -05:00
Jack Heysel 4e61596e7a Check Build ID before running exploit 2023-12-19 12:15:35 -05:00
Jack Heysel 549ee43df9 Update docs description minor comments 2023-12-19 00:32:21 -05:00
Christophe De La Fuente 45d2c7f4e0 Land #18566, CVE-2023-22518: Confluence Auth Bypass Restore From Backup RCE 2023-12-18 18:51:36 +01:00
h00die-gr3y 5d7cf90521 Some minor changes to the module and documentation 2023-12-18 08:23:16 +00:00
h00die-gr3y 9ac3739605 Minor changes to the documentation 2023-12-17 13:51:30 +00:00
h00die-gr3y 0641839e69 Added documentation and removed debug info 2023-12-17 13:10:18 +00:00
Jack Heysel d9aa7f914e Added newline to PoC and removed empty file 2023-12-14 18:42:09 -05:00
Jack Heysel df111afb06 Glibc Tunables Exploit 2023-12-14 18:28:43 -05:00
sjanusz-r7 f5e81aee2a Add docs for ssh_identify_pubkey using Metasploitable2 as target 2023-12-13 17:00:46 +00:00
Jack Heysel 603e5b2bff Land #18569, Add a module to perform ASREP-roasts 
This adds a module to gather credential material from accounts
with Requires Pre-Authentication disabled. The module supports two
mechanisms, Brute Forcing using a list of usernames or using a LDAP
query to request the relevant usernames, followed by requesting TGTs.
 2023-12-11 19:58:06 -05:00
Jack Heysel 862194d63f Documentation and rubocop changes 2023-12-11 19:01:35 -05:00
bwatters daa6d5363f Land #18577, Added RCE Module for Splunk Enterprise (CVE-2023-46214) 
Merge branch 'land-18577' into upstream-master
 2023-12-11 15:52:05 -06:00
Aleksa Zatezalo bc16684046 Update nessus_rest_login.md 2023-12-09 22:57:22 -05:00
Aleksa Zatezalo 93cfdd88cb Rename nessus_http_login.md to nessus_rest_login.md 2023-12-09 22:57:03 -05:00
Jack Heysel 3bad98afc6 Land #18488, add kerberos_tickets post module 
Adds a module to manage kerberos tickets from a compromised
host. This PR also includes rail gun enhancements.
 2023-12-07 19:12:48 -05:00
cgranleese-r7 f794268020 Land #18578, Docker cgroup escape (CVE-2022-0492) 2023-12-06 16:07:08 +00:00
h00die eca611aaac review 2023-12-05 16:18:39 -05:00
Jack Heysel 509ec2c9b5 Land #18591, add ownCloud auxiliary module 
This module can extract sensitive environment variables from
the ownCloud target including ownCloud, DB, Redis, SMTP and
S3 credentials.
 2023-12-05 10:50:57 -05:00
jheysel-r7 76657c8f14 `Update documentation/modules/auxiliary/gather/owncloud_phpinfo_reader.md 2023-12-05 10:20:51 -05:00
Christophe De La Fuente 10d4b9233b Land #18463, D-Link Router UPnP unauthenticed LAN RCE via a crafted M-SEARCH packet 2023-12-05 10:58:15 +01:00
Zach Goldman 3d6ddf769e Land #17667, Update password crackers 2023-12-04 10:45:53 -05:00
h00die befc87f9f0 owncloud exploit 2023-12-03 15:45:44 -05:00
h00die ea803063b1 owncloud phpinfo reader 2023-12-03 11:04:38 -05:00
Balgogan ab9576f83d Add changes 2023-12-01 10:55:04 +01:00
Ashley Donaldson 11bcd43562 Apply suggestions from code review 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com>
 2023-11-30 17:30:59 +11:00
h00die 22242732d9 working cve-2022-0492 2023-11-28 15:25:53 -05:00
h00die b171b5e77c working cve-2022-0492 2023-11-28 15:16:18 -05:00
h00die 4ae62a431b not-working docker escape 2023-11-28 13:44:08 -05:00
Jack Heysel c5075ade2a Land #18567, Add exploit module for CVE-2023-5360. 
This pull request adds a new exploit module for
an unauth file upload vulnerability in the
WordPress Royal Elementor Addons and Templates
plugin, versions before 1.3.79, tracked as CVE-2023-5360.
 2023-11-28 13:28:53 -05:00
Spencer McIntyre 708c795890 Land #18560, Forging diamond and sapphire tickets 2023-11-28 11:14:15 -05:00
Balgogan b2fa201a7d Implement check 2023-11-28 16:45:44 +01:00
Balgogan 0146527e55 Add splunk_xslt_authenticated_rce 2023-11-28 15:40:05 +01:00
Balgogan 402434bbf2 Add module output 2023-11-28 08:41:35 +01:00
Valentin Lobstein bfd22f8f01 Update documentation/modules/exploit/multi/http/wp_royal_elementor_addons_rce.md 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-11-28 08:15:14 +01:00
Ashley Donaldson c293c273ba Attempt to decrypt pre-auth kerberos response 2023-11-27 13:09:59 +11:00
Ashley Donaldson 3ca13d9358 Changes from code review. 
Added in the stability/IOC notes, since diamond/sapphire do make requests.
 2023-11-27 10:30:54 +11:00
Ashley Donaldson 622277e960 Added documentation for ASREP module 2023-11-24 08:45:26 +11:00
Balgogan 31daaf58fe Add wp_royal_elementor_addons_rce 2023-11-23 05:15:28 +01:00
h00die bba178e87f crack windows 2023-11-21 17:11:15 -05:00
h00die 4bca269e01 doc overhaul 2023-11-21 17:11:15 -05:00
Balgogan 2750deedee Update 2023-11-21 18:28:28 +01:00
adfoster-r7 5c09c86349 Land #18448, corrected options confict between module and ldap mixin 2023-11-21 13:33:21 +00:00
Balgogan f0ab3a7140 Fix typo 2023-11-21 02:13:58 +01:00
Balgogan 58425df0ef Update vinchin_backup_recovery_cmd_inject exploit and documentation 2023-11-21 02:09:24 +01:00