adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
72,558 Commits 27 Branches 1,043 Tags
d6488dc0c35dbd5e97dc3622be89d260278bfdb2
Commit Graph

4431 Commits

Author SHA1 Message Date
Christophe De La Fuente 45d2c7f4e0 Land #18566, CVE-2023-22518: Confluence Auth Bypass Restore From Backup RCE 2023-12-18 18:51:36 +01:00
Jack Heysel c1459df10f Check method improvement 2023-12-14 12:42:23 -05:00
jheysel-r7 a14b28e941 Update modules/exploits/multi/http/atlassian_confluence_unauth_backup.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2023-12-14 11:55:48 -05:00
Jack Heysel 862194d63f Documentation and rubocop changes 2023-12-11 19:01:35 -05:00
Jack Heysel 61414fab27 Refactored module to use mixin 2023-12-11 18:24:37 -05:00
Valentin Lobstein fc35a116bb Update modules/exploits/multi/http/wp_royal_elementor_addons_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-11-28 08:15:27 +01:00
Balgogan e1b3c56de8 Add reference 2023-11-23 19:27:11 +01:00
Balgogan 65ea1188e2 Add suggested changes 2023-11-23 18:22:36 +01:00
Balgogan 31daaf58fe Add wp_royal_elementor_addons_rce 2023-11-23 05:15:28 +01:00
Jack Heysel 397b9971a3 Clean up started 2023-11-22 21:06:55 -05:00
Jack Heysel c0be4c2f72 working end to end unix confluence 7.18 2023-11-22 19:49:38 -05:00
Jack Heysel e6e2106140 Auth bypass, auth, shell upload, working 2023-11-21 22:14:27 -05:00
sfewer-r7 ea21036995 reduce nesting in the check routine 2023-11-06 09:42:59 +00:00
sfewer-r7 4272678938 reduce the indentation in on_request_uri 2023-11-06 09:36:20 +00:00
sfewer-r7 fa8c40072c ensure the payload doesnt contain a CDATA closing tag, if found then fail before we attempt exploitation 2023-11-06 09:36:20 +00:00
sfewer-r7 24810183ca add in a unix target as ActiveMQ can run on OSX 2023-11-02 10:25:45 +00:00
sfewer-r7 94b5211525 set exploit Stance to Agressive 2023-11-02 09:32:36 +00:00
sfewer-r7 df040b30aa typos and improve comments 2023-11-01 17:59:00 +00:00
sfewer-r7 a408181def Add initial work on exploit module for CVE-2023-46604 2023-11-01 17:34:30 +00:00
adfoster-r7 3b4302d902 Land #18441, Add at rest encryption to Meterpreter payloads 2023-10-27 12:18:19 +01:00
Zach Goldman d960aa522c Land #18348, Splunk account take over (CVE-2023-32707) leading to RCE 2023-10-26 11:34:02 -04:00
Heyder Andrade e5e58bc0be Update modules/exploits/multi/http/splunk_privilege_escalation_cve_2023_32707.rb 
Co-authored-by: Zach Goldman <106169455+zgoldman-r7@users.noreply.github.com>
 2023-10-26 14:03:06 +02:00
Heyder Andrade c0af43c10b Update modules/exploits/multi/http/splunk_privilege_escalation_cve_2023_32707.rb 
Co-authored-by: Zach Goldman <106169455+zgoldman-r7@users.noreply.github.com>
 2023-10-25 11:02:30 +02:00
Heyder Andrade 5e19c8fd88 Update splunk_privilege_escalation_cve_2023_32707.rb 2023-10-24 14:44:27 +02:00
Christophe De La Fuente da9d04d32d Land #18461, CVE-2023-22515 - Atlassian Confluence unauthenticated RCE 2023-10-19 10:22:57 +02:00
sfewer-r7 5e84f57ab3 set :random to true during generate_jar so we can randomize teh metasploit class path 2023-10-18 09:53:46 +01:00
sfewer-r7 fcffd36af0 no need to test for true, jsut return the value as we are waiting for done to be set to true 2023-10-18 09:37:04 +01:00
sfewer-r7 9fdbccb74f catch a JSON ParserError exception and fail_with() if needed. Also detect if the JSON data doesnt have the expected value and fail_with() if needed 2023-10-18 09:36:02 +01:00
sfewer-r7 34107e4f3b favod over for string concatenation. 2023-10-17 11:36:07 +01:00
sfewer-r7 0fc35bf6d3 randomize the plugins version number 2023-10-17 10:01:02 +01:00
sfewer-r7 415bd49b15 use next semantics to return from a yielded block early (note we cannot use return for this) 2023-10-17 09:43:00 +01:00
sfewer-r7 54f334479a fix another typo 2023-10-17 09:30:52 +01:00
sfewer-r7 9e6e9538e1 typo 2023-10-17 09:29:38 +01:00
sfewer-r7 d2438bad4e add a note to explain we need to concat a trailing forward slash 2023-10-17 09:28:04 +01:00
sfewer-r7 4acdaf3087 typos 2023-10-17 09:22:09 +01:00
sfewer-r7 d17f065f12 remove 'localhost' in favor of some random chars 2023-10-17 09:21:28 +01:00
sfewer-r7 3242a7009b clarify timeout is in seconds 2023-10-17 09:11:05 +01:00
sfewer-r7 b97cb9f63d remove whitespace 2023-10-17 09:10:28 +01:00
sfewer-r7 1c027ac05c add an RCE exploit for CVE-2023-22515 2023-10-16 20:50:18 +01:00
sjanusz-r7 1140efc8b4 Support adding encrypted files to archives & jars 2023-10-13 14:42:10 +01:00
Spencer McIntyre 86b7ec4518 Address comments from the review 2023-10-12 09:50:19 -04:00
Spencer McIntyre 4f734379d3 Add module docs and print some messages 2023-10-12 09:27:26 -04:00
Spencer McIntyre 0799f9d860 Add a check method and populate module metadata 2023-10-12 09:27:26 -04:00
Spencer McIntyre 7a226ba285 Randomize components in the MAR file 2023-10-12 09:27:26 -04:00
Spencer McIntyre 5a6dc7f9a6 Initial commit of CVE-2023-43654 2023-10-12 09:27:26 -04:00
Spencer McIntyre e7ab983279 Minor code changes 
Changes include:
  * Remove the PAYLOAD key which didn't do anything
  * Add the missing payload size constraint
  * Use #retry_until_truthy
 2023-09-28 13:19:26 -04:00
sfewer-r7 89940e8b08 use the correct naming convention for normal options. 2023-09-28 16:36:18 +01:00
sfewer-r7 9a6e2dab71 improve the check routine to explicitly look for either a header value or a cookie value that TeamCity is known to set 2023-09-28 16:28:16 +01:00
sfewer-r7 96568bf6d3 typo in comment 2023-09-28 16:05:46 +01:00
sfewer-r7 ad7ff705c7 add in a Linux target 2023-09-28 14:57:02 +01:00