adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
74,110 Commits 27 Branches 1,043 Tags
d7531ef74c448c2fe2ce06336c7e4792f2dee4db
Commit Graph

2449 Commits

Author SHA1 Message Date
Jack Heysel 72f332aba0 Land #19150, Add Flowmon Command Injection Module 
Unauthenticated Command Injection Module for Progress Flowmon
CVE-2024-2389
 2024-05-29 08:28:37 -04:00
Jack Heysel e57f4d3cb5 Change xml to html in get_html_document 2024-05-28 16:29:55 -04:00
Jack Heysel a0597007e4 Minor fixes, respond to comments 2024-05-23 14:02:28 -04:00
cgranleese-r7 67154a12e0 Land #19104, CHAOS rat xss to rce 2024-05-21 11:10:57 +01:00
h00die d1739f32c2 review of chaos rat 2024-05-13 16:55:43 -04:00
DaveYesland a7e97e50ad Add module for flowmon cmd injection CVE-2024-2389 2024-05-01 08:42:55 -07:00
bwatters 364d491af7 Land #18972, Progress LoadMaster unauthenticated command injection module CVE-2024-1212 
Merge branch 'land-18972' into upstream-master
 2024-04-26 18:18:40 -05:00
bwatters 02c31159ab Add vulnerable versions and fix indention 2024-04-26 17:36:50 -05:00
h00die 7f02902ba1 add event_dependent to chaos_xss 2024-04-24 16:53:24 -04:00
h00die 512da4bc45 chaos rat xss to rce 2024-04-24 16:51:58 -04:00
Zach Goldman 26a108aadc Land #19046, Apache Solr Backup Restore RCE [CVE-2023-50386] 2024-04-23 14:08:33 -04:00
Dave Yesland a36244073f Merge pull request #1 from bwatters-r7/update-18972 
Remove Priv Esc to add it to another module and update it to only run…
 2024-04-22 17:53:48 -07:00
Dave Yesland c10bde97ff Merge branch 'rapid7:master' into module/progress_kemp_loadmaster_unauth_cmd_injection 2024-04-22 17:53:32 -07:00
remmons-r7 5df1052037 Addressing msftidy issues 
C:132: 20: [Correctable] Layout/SpaceAroundBlockParameters: Space before first block parameter detected.
C:132: 30: [Correctable] Layout/SpaceAroundBlockParameters: Space after last block parameter detected.
C:133:  5: [Correctable] Layout/IndentationWidth: Use 2 (not 4) spaces for indentation.
C:143:  4: [Correctable] Layout/TrailingEmptyLines: Final newline missing.
 2024-04-18 18:34:18 -05:00
remmons-r7 982b6aef0a Incorporating PAN-OS module peer review suggestions, adding documentation for the module 2024-04-18 18:21:12 -05:00
remmons-r7 22d3ee5df2 Changing the wording for TARGETURI 2024-04-18 08:25:06 -05:00
remmons-r7 cea9fb66ed Swap out staged payload for unstaged 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2024-04-18 08:21:18 -05:00
remmons-r7 9741b12d29 Addressing a new issue the linter caught after changes 
W:117:  5: [Correctable] Lint/UselessAssignment: Useless assignment to variable - res.
 2024-04-17 15:44:45 -05:00
remmons-r7 7e191c75e7 Addressing msftidy issues 
Fixes for the following:
W: 80:  5: [Correctable] Lint/UselessAssignment: Useless assignment to variable - res_create_file. Did you mean res_check_created?
C: 90: 81: [Correctable] Style/TrailingCommaInArguments: Avoid comma after the last parameter of a method call.
C: 93:  8: [Correctable] Style/InverseMethods: Use != instead of inverting ==.
C: 93: 42: [Correctable] Style/AndOr: Use && instead of and.
C: 93: 46: [Correctable] Style/InverseMethods: Use != instead of inverting ==.
C: 94: 43: [Correctable] Style/StringLiterals: Prefer single-quoted strings when you don't need string interpolation or special symbols.
C💯 18: [Correctable] Style/StringLiterals: Prefer single-quoted strings when you don't need string interpolation or special symbols.
C:131: 18: [Correctable] Style/StringLiterals: Prefer single-quoted strings when you don't need string interpolation or special symbols.
 2024-04-17 15:40:08 -05:00
remmons-r7 275345b68d Fix single char 2024-04-17 13:54:58 -05:00
remmons-r7 41e19d7759 Draft of CVE-2024-3400 module 2024-04-17 13:52:50 -05:00
sjanusz-r7 010f044117 Add https prefix to module URL references 2024-04-17 13:00:41 +01:00
bwatters 409f0e45a6 Remove Priv Esc to add it to another module and update it to only run once 2024-04-15 15:44:22 -05:00
Jack Heysel 8968222cf0 Rubocop, when will I learn 2024-04-04 13:41:08 -07:00
Jack Heysel 7f62dd2143 Responded to comments 2024-04-04 13:39:22 -07:00
Jack Heysel 531e7baa02 Add reminder todo 2024-04-03 17:08:09 -07:00
Jack Heysel 03fced404a Apache Solr Backup Restore RCE 
Writing file to disk working

working on linux

wip authentcaiton

Consolodated conf folders into one

Renamed conf1 to conf in msf data dir

Randomize the configuration name

Docs plus finishing touches

rubocop

Updated exploit file location

Removed unused external dir

Reduced conf folder
 2024-04-02 11:33:52 -07:00
Jack Heysel d7f3fd8cc0 Land #18915, Add Watchguard RCE CVE-2022-26318 
This PR adds a module for a buffer overflow at the administration
interface of WatchGuard Firebox and XTM appliances. The appliances are
built from a cherrypy python backend sending XML-RPC requests to a C
binary called wgagent using pre-authentication endpoint /agent/login.
This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before
12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. Successful
exploitation results in remote code execution as user nobody.
 2024-03-28 10:24:32 -07:00
h00die-gr3y 6e6f1beb92 update addressing jheysel-r7 comments 2024-03-28 08:43:08 +00:00
bwatters e775c7c20a Land #18967, Artica Proxy unauthenticated RCE [CVE-2024-2054] 
Merge branch 'land-18967' into upstream-master
 2024-03-25 15:25:27 -05:00
h00die-gr3y f217312ad1 module and documentation updates based on review comments (bwatters-r7/cgranleese-r7) 2024-03-21 16:13:55 +00:00
Jack Heysel 2b90d33aef Land #18618, Add OpenNMS privesc and auth RCE 
This module exploits built-in functionality in OpenNMS Horizon in order
to execute arbitrary commands as the opennms user. For versions 32.0.2
and higher, this module requires valid credentials for a user with
ROLE_FILESYSTEM_EDITOR privileges and either ROLE_ADMIN or ROLE_REST.
For versions 32.0.1 and lower, credentials are required for a user with
ROLE_FILESYSTEM_EDITOR, ROLE_REST, and/or ROLE_ADMIN privileges.
 2024-03-20 12:54:16 -07:00
Jack Heysel 6cd7f44197 rubocop 2024-03-20 11:39:19 -07:00
Jack Heysel 149dc15b21 Add check to see if notifications are enabled 2024-03-20 11:33:15 -07:00
DaveYesland 1a8233dfe7 msftidy cleanup 2024-03-19 14:52:28 -07:00
DaveYesland e32d05eab8 Add module and docs for CVE-2024-1212 2024-03-19 11:37:12 -07:00
h00die-gr3y e84fe947c2 third release module and documentation updates 2024-03-15 23:33:29 +00:00
h00die-gr3y 5dd75e174b second release module and documentation 2024-03-15 18:27:59 +00:00
h00die-gr3y df0012a63f initial release module 2024-03-15 16:10:05 +00:00
h00die-gr3y 7f02daf37d use send_request_cgi for payload delivery 2024-03-08 10:53:45 +00:00
h00die-gr3y 66e7f3c582 third release module 2024-03-07 21:22:14 +00:00
h00die-gr3y 6bc74364e1 second release module 2024-03-04 18:57:54 +00:00
h00die-gr3y 5d20321153 first release module 2024-03-03 19:38:02 +00:00
Jack Heysel 0aa20c73a4 Land #18832, Add exploit module CVE-2023-47218 
The PR adds a module targeting CVE-2023-47218, an
unauthenticated command injection vuln affecting QNAP
QTS and QuTH Hero.
 2024-02-21 08:48:30 -08:00
bwatters d21e4080a9 Land #18792, Ivanti Connect Secure - Unauth RCE (CVE-2024-21893 + CVE-2024-21887) #18792 
Merge branch 'land-18792' into upstream-master
 2024-02-20 17:40:12 -06:00
Jack Heysel 8cddffa3d1 Land #18700, Add Kafka-ui Unauth RCE module 
This PR adds an exploit module for CVE-2023-52251 which
is an unauthenticated rce vulnerability in Kafka's UI.
 2024-02-16 15:38:52 -05:00
Jack Heysel a1b0ff0fcf Land #18681, Update Apache Ofbiz w. Auth-Bypass 
This PR updates the pre-existing apache_ofbiz_deserialization
module to include functionality that will bypass authentication by
using the newly discovered CVE-2023-51467.
 2024-02-16 15:02:34 -05:00
Jack Heysel 6c252de974 Docs plus minor edits 2024-02-15 17:12:11 -05:00
h00die-gr3y d716e60cf2 added base64 encoder module of zerosteiner 2024-02-14 21:33:50 +00:00
h00die-gr3y f5c71d09c2 using data/kafka_ui_versions.json for the version check 2024-02-14 20:57:46 +00:00