adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
74,110 Commits 27 Branches 1,043 Tags
d7531ef74c448c2fe2ce06336c7e4792f2dee4db
Commit Graph

673 Commits

Author SHA1 Message Date
Christophe De La Fuente 67ec4baa66 PR-19208: Add DefaultTarget to the info hash 2024-06-05 10:14:48 +02:00
Chocapikk 6b127249fa Add suggestions 2024-05-31 20:56:03 +02:00
Chocapikk 4fdf6df1e7 Fix doc 2024-05-28 20:16:33 +02:00
Chocapikk bea708d24c Add exploit module for CVE-2024-5084: WordPress Hash Form Plugin RCE 2024-05-28 18:27:02 +02:00
Jack Heysel 10acd86390 Land #19071, Add AVideo RCE module 
Add module for CVE-2024-31819 which exploits an LFI in AVideo which uses
PHP Filter Chaining to turn the LFI into unauthenticated RCE
 2024-05-21 14:27:15 -04:00
Chocapikk da31761336 Lint 2024-05-15 22:13:53 +02:00
Valentin Lobstein 3560860e33 Update documentation/modules/exploit/multi/http/avideo_wwbnindex_unauth_rce.md 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-05-15 22:07:29 +02:00
Zach Goldman 26a108aadc Land #19046, Apache Solr Backup Restore RCE [CVE-2023-50386] 2024-04-23 14:08:33 -04:00
Jack Heysel b8675f0fd7 Land #19005, Add Gambio Webshop Unauth RCE 
A Remote Code Execution vulnerability in Gambio online webshop version
4.9.2.0 and lower allows remote attackers to run arbitrary commands via
unauthenticated HTTP POST request
 2024-04-19 12:18:17 -07:00
h00die-gr3y 331c961412 update module and documentation with tax country logic 2024-04-18 19:13:19 +00:00
Jack Heysel 84ea514180 Land #19026, Add pgadmin exploit CVE-2024-2044 
This adds an exploit for pgAdmin <= 8.3 which is a path traversal
vulnerability in the session management that allows a Python pickle
object to be loaded and deserialized. This also adds a new Python
deserialization gadget chain to execute the code in a new thread so the
target application doesn't block the HTTP request.
 2024-04-16 14:12:41 -07:00
Spencer McIntyre 9cf4372f2b Clean up some of the module's documentation 2024-04-16 13:36:21 -04:00
Jack Heysel 1174344b76 Land #18918, Add CrushFTP Module CVE-2023-43177 
This exploit module leverages an Improperly Controlled Modification of
Dynamically-Determined Object Attributes vulnerability (CVE-2023-43177)
to achieve unauthenticated remote code execution. This affects CrushFTP
versions prior to 10.5.1.
 2024-04-12 12:26:16 -07:00
Chocapikk 162fc91193 Add CVE-2024-31819 2024-04-09 22:09:10 +02:00
Jack Heysel 7f62dd2143 Responded to comments 2024-04-04 13:39:22 -07:00
h00die-gr3y 978fb46e52 added documentation 2024-04-04 17:35:12 +00:00
Jack Heysel 03fced404a Apache Solr Backup Restore RCE 
Writing file to disk working

working on linux

wip authentcaiton

Consolodated conf folders into one

Renamed conf1 to conf in msf data dir

Randomize the configuration name

Docs plus finishing touches

rubocop

Updated exploit file location

Removed unused external dir

Reduced conf folder
 2024-04-02 11:33:52 -07:00
Spencer McIntyre 43d1bd9a2e Add docs and fix CSRF token for v7.0 2024-03-29 14:05:39 -04:00
Christophe De La Fuente e6e13e7b45 Fixes from code review 2024-03-29 12:18:16 +01:00
Jack Heysel abb2eb7ffd Land #18891, Add RCE module for wp bricks builder 
This PR adds the wp_bricks_builder_rce exploit module that targets a
known vulnerability in the WordPress Bricks Builder Theme, versions
prior to 1.9.6.
 2024-03-26 14:46:35 -07:00
h00die-gr3y 4546fd1600 small updates documentation 2024-03-26 19:34:12 +00:00
Christophe De La Fuente 57a45a0b55 CrushFTP exploit module CVE-2023-43177 and documentation 2024-03-25 12:41:24 +01:00
h00die-gr3y d240d17113 added documentation 2024-03-24 10:30:36 +00:00
Christophe De La Fuente 44c5422e07 Land #18922, JetBrains TeamCity Unauthenticated RCE exploit module (CVE-2024-27198) 2024-03-13 20:16:27 +01:00
sfewer-r7 5c56d6a4fc typo 2024-03-05 14:47:04 +00:00
sfewer-r7 b925f798e5 typo and clarify description 2024-03-05 14:39:17 +00:00
sfewer-r7 aac4ef09cc add in disclosure date and blogs 2024-03-05 11:09:22 +00:00
sfewer-r7 a5fb83d0e1 add in 2023.11.2 as tested on 2024-03-01 17:03:38 +00:00
sfewer-r7 9988117cca rename with cve number 2024-03-01 16:42:59 +00:00
Jack Heysel a73a7531a9 Land #18827, Add module for BoidCMS CVE-2023-38836 
This is an authenticated RCE against BoidCMS versions 2.0.0 and earlier.
The underlying issue is that the file upload check allows a php file to
be uploaded and executes as a media file if the GIF header is present in
the PHP file.
 2024-02-29 21:31:44 -08:00
bwatters 550c6f030a Updates based on jheysel-r7's suggestions 2024-02-29 12:42:22 -06:00
sfewer-r7 b7200b52e1 typo 2024-02-27 14:58:56 +00:00
sfewer-r7 f52543b4a6 Older version of TeamCity (circa 2018) do not support access tokens, so we can fall back on creating an admin user accoutn before we upload the plugin. Creating an access token is better as we can delete the token, unlike the user account. 2024-02-27 12:01:57 +00:00
Balgogan f04b66d6dd Add wp_bricks_builder_rce 2024-02-26 22:09:38 +01:00
sfewer-r7 d7a0dee7d1 @rad10 noted the download link we gave no longer works, but has provided a second link, so adding that to the docs 2024-02-23 17:54:14 +00:00
sfewer-r7 f3af1836ce allow a custom USERNAME and PASSWORD to be specified if needed. Will default to a random value. Also use Faker::Internet.email to gen an email address 2024-02-23 17:46:49 +00:00
sfewer-r7 47596c6a0c add in docs 2024-02-23 14:30:53 +00:00
sfewer-r7 003d5e7006 The check routine can now display the targets platform in addition to the version number (we can determine this with a single request, so there is no major change here). This is usefull so you know what platform to set the exploits target to (so you can select an appropriate payload). Thanks @iagox86 for the idea! 2024-02-22 19:23:48 +00:00
sfewer-r7 79bfbe4310 now that Linux is a target we have to move this to the multi directory 2024-02-22 16:34:43 +00:00
bwatters c298540bea Add documentation and fix default payloads 2024-02-16 16:49:49 -06:00
Jack Heysel 85974d16c2 Land #18769, Add Cacti RCE via SQLi Module 
This exploit module leverages a SQLi (CVE-2023-49085) and
a LFI (CVE-2023-49084) vulnerability in Cacti versions prior
to 1.2.26 to achieve RCE
 2024-02-02 11:46:10 -05:00
Christophe De La Fuente b91648f065 Fix typos 2024-02-02 11:45:51 +01:00
Jack Heysel be2d2d61ca Land #18762, Add exploit module for CVE-2024-0204 
This pull request adds an exploit module for CVE-2024-0204
in Fortra GoAnywhere MFT. GoAnywhere MFT versions 6.x from
6.0.1, and 7.x before 7.4.1 are vulnerable.
 2024-02-01 22:36:32 -05:00
Christophe De La Fuente f10619d870 Add module and documentation 2024-01-30 12:52:02 +01:00
Spencer McIntyre 577898d91b Check the response when exploiting 2024-01-29 14:38:49 -05:00
sfewer-r7 c70092a2c7 bugfix a copy pasta whereby a path seperator was not being added as expected 2024-01-29 17:52:37 +00:00
sfewer-r7 08a19959fe add an RCE exploit module for CVE-2024-0204 in Fortra GoAnywhere MFT 2024-01-29 17:17:45 +00:00
Spencer McIntyre 8a793dd1b0 Use the correct exploit and use sh instead of bash 2024-01-29 09:03:25 -05:00
Spencer McIntyre 9e41825e51 Finish up the exploit 
Tested on Linux (versions 4.1.1, 4.3.0, and 4.4.0) and Windows (version
4.4.0).
 2024-01-26 17:20:54 -05:00
Spencer McIntyre deabf9b1d8 Add module docs 2024-01-24 12:49:27 -05:00