adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
72,558 Commits 27 Branches 1,043 Tags
d6488dc0c35dbd5e97dc3622be89d260278bfdb2
Commit Graph

35559 Commits

Author SHA1 Message Date
Christophe De La Fuente 3182cb4000 Land #18612, Craft CMS unauthenticed RCE [CVE-2023-41892] 2023-12-22 10:59:39 +01:00
h00die-gr3y 4c404765a4 Final update to the module based on cdelafuente-r7 comments 2023-12-21 12:06:21 +00:00
Christophe De La Fuente fb26c93291 Land #18541, Glibc Tunables Privilege Escalation CVE-2023-4911 (Looney Tunables) 2023-12-20 20:04:21 +01:00
Jack Heysel 77fb5d02b2 Fixed up indentation and rubocop complaints 2023-12-20 13:16:32 -05:00
jheysel-r7 342492557d Apply suggestions from code review 2023-12-20 13:09:13 -05:00
jheysel-r7 6a16602a08 Apply suggestions from code review 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2023-12-20 13:08:33 -05:00
Christophe De La Fuente 7ca256560d Land #18542, Vinchin Backup & Recovery Command Injection 2023-12-20 18:56:50 +01:00
Jack Heysel d65ceb9abc Rubocop 2023-12-19 13:54:23 -05:00
Jack Heysel b86df4820c Responded to comments from jvoisin 2023-12-19 13:50:09 -05:00
jheysel-r7 96241f509a Apply suggestions from code review 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2023-12-19 13:18:45 -05:00
Jack Heysel 065abf6b92 Rubocop, doc scenario update 2023-12-19 12:30:02 -05:00
Jack Heysel 44b4b3b5bc Update version parsing 2023-12-19 12:16:17 -05:00
Jack Heysel 4e61596e7a Check Build ID before running exploit 2023-12-19 12:15:35 -05:00
Jack Heysel e858628292 Execute python payload in memory 2023-12-19 00:46:11 -05:00
Jack Heysel 549ee43df9 Update docs description minor comments 2023-12-19 00:32:21 -05:00
Jack Heysel c6a6809700 Updated attribution 2023-12-18 19:41:49 -05:00
Christophe De La Fuente 45d2c7f4e0 Land #18566, CVE-2023-22518: Confluence Auth Bypass Restore From Backup RCE 2023-12-18 18:51:36 +01:00
h00die-gr3y 5d7cf90521 Some minor changes to the module and documentation 2023-12-18 08:23:16 +00:00
h00die-gr3y 0641839e69 Added documentation and removed debug info 2023-12-17 13:10:18 +00:00
h00die-gr3y db099f8f4c Third release of module 2023-12-16 16:06:05 +00:00
adfoster-r7 c1186be67d Land #18622, Update PetitPotam For New Windows Servers 2023-12-15 19:22:09 +00:00
Spencer McIntyre 8d344a921d Cleanup the tree and pipe 2023-12-15 13:40:55 -05:00
Spencer McIntyre 0023e19e57 Update petitpotam to use the refactored module 2023-12-15 11:50:33 -05:00
Spencer McIntyre 6bc3e1eb9a Update DCERPC to authenticate for newer targets 
Newer versions of Windows require the inner DCERPC connection to also be
authenticated. The prior version of the petitpotam module used Rex and
did not provide this authentication. Switching to RubySMB exposes this
functionality and allows the module to work on the latest versions of
Windows.
 2023-12-15 10:02:35 -05:00
Jack Heysel df111afb06 Glibc Tunables Exploit 2023-12-14 18:28:43 -05:00
Jack Heysel c1459df10f Check method improvement 2023-12-14 12:42:23 -05:00
jheysel-r7 a14b28e941 Update modules/exploits/multi/http/atlassian_confluence_unauth_backup.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2023-12-14 11:55:48 -05:00
h00die-gr3y d00249f083 Second release with manual cleanup of php* files 2023-12-14 12:57:07 +00:00
sjanusz-r7 7d37c017fe Register RHOST for ssh_identify_pubkeys 2023-12-13 17:00:19 +00:00
cgranleese-r7 5f396245f2 Land #18539, Add Smb session type 2023-12-12 11:45:19 +00:00
Jack Heysel 603e5b2bff Land #18569, Add a module to perform ASREP-roasts 
This adds a module to gather credential material from accounts
with Requires Pre-Authentication disabled. The module supports two
mechanisms, Brute Forcing using a list of usernames or using a LDAP
query to request the relevant usernames, followed by requesting TGTs.
 2023-12-11 19:58:06 -05:00
Jack Heysel 862194d63f Documentation and rubocop changes 2023-12-11 19:01:35 -05:00
Jack Heysel 61414fab27 Refactored module to use mixin 2023-12-11 18:24:37 -05:00
bwatters daa6d5363f Land #18577, Added RCE Module for Splunk Enterprise (CVE-2023-46214) 
Merge branch 'land-18577' into upstream-master
 2023-12-11 15:52:05 -06:00
Balgogan 374d724567 Lint 2023-12-11 15:36:10 +01:00
Valentin Lobstein 78c57c1c5c Update modules/exploits/unix/http/splunk_xslt_authenticated_rce.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2023-12-11 15:22:33 +01:00
Valentin Lobstein cb0ee49f71 Update modules/exploits/unix/http/splunk_xslt_authenticated_rce.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2023-12-11 15:22:09 +01:00
h00die-gr3y ff44932113 first draft release of module 2023-12-10 21:09:40 +00:00
Jack Heysel 3bad98afc6 Land #18488, add kerberos_tickets post module 
Adds a module to manage kerberos tickets from a compromised
host. This PR also includes rail gun enhancements.
 2023-12-07 19:12:48 -05:00
adfoster-r7 45880850f5 Land #18603, add cves to snmp modules 2023-12-06 22:47:06 +00:00
h00die 5b8e7594f2 add cves to snmp modules 2023-12-06 16:52:10 -05:00
cgranleese-r7 f794268020 Land #18578, Docker cgroup escape (CVE-2022-0492) 2023-12-06 16:07:08 +00:00
Jack Heysel 509ec2c9b5 Land #18591, add ownCloud auxiliary module 
This module can extract sensitive environment variables from
the ownCloud target including ownCloud, DB, Redis, SMTP and
S3 credentials.
 2023-12-05 10:50:57 -05:00
Christophe De La Fuente 10d4b9233b Land #18463, D-Link Router UPnP unauthenticed LAN RCE via a crafted M-SEARCH packet 2023-12-05 10:58:15 +01:00
Christophe De La Fuente 7cd1b75497 Update deprecation date and message 2023-12-05 10:51:12 +01:00
Jack Heysel abfec99735 Added loop with key value pairs 2023-12-04 20:09:56 -05:00
Dean Welch 152056b001 DRY up post mixin/optional session 2023-12-04 17:55:15 +00:00
Dean Welch cd8cc75cf3 Add smb session type 2023-12-04 17:55:11 +00:00
dwelch-r7 45c54797ac Land #18581, Add hierarchical search table support 2023-12-04 17:11:00 +00:00
Zach Goldman 3d6ddf769e Land #17667, Update password crackers 2023-12-04 10:45:53 -05:00