adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
74,802 Commits 27 Branches 1,043 Tags
d7fa23f30fc997b97dbd83ef39af5fd5cf0c2f63
Commit Graph

1001 Commits

Author SHA1 Message Date
dledda-r7 5e2bf5aaca fix(modules): spip_bigup_unauth_rce minor fix 2024-09-11 11:46:52 -04:00
dledda-r7 62e852176d Land #19444, SPIP BigUp Plugin Unauthenticated RCE 2024-09-11 10:29:12 -04:00
Chocapikk c75ffb4d43 Update documentation 2024-09-08 07:19:35 +02:00
Chocapikk 43fabb07e5 Update doc + module + (mixin see #19444) 2024-09-08 06:56:13 +02:00
Chocapikk f8675026ec Update documentation again 2024-09-08 06:32:05 +02:00
Chocapikk 289f47fac1 Update documentation with docker setup, working mixin now, update module 2024-09-08 05:59:11 +02:00
Valentin Lobstein 48f8e248a6 Update documentation/modules/exploit/multi/http/spip_bigup_unauth_rce.md 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-09-07 01:49:57 +02:00
Chocapikk 8608e7021d Add spip_bigup_unauth_rce module 2024-09-06 22:10:18 +02:00
Chocapikk 7458a2dba3 Remove useless documentation 2024-09-03 20:29:45 +02:00
Chocapikk 586cf482ce Refactoring SPIP Modules for Windows Compatibility and Incorporating SPIP Mixin 2024-08-30 20:37:32 +02:00
adfoster-r7 84ffa524e5 Land #19424, WordPress GiveWP Plugin RCE 2024-08-28 21:09:42 +01:00
adfoster-r7 71ee987079 Add additional documentation steps, and use 0 for the payload http timeout 2024-08-28 19:21:27 +01:00
Valentin Lobstein 2900d45e9f Update documentation/modules/exploit/multi/http/wp_givewp_rce.md 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-08-28 13:00:32 +02:00
Chocapikk 06a9583cfd Fix typo 2024-08-27 22:16:11 +02:00
Chocapikk 1d7cffbdac Refactored exploit module based on RCESecurity's analysis of CVE-2024-5932 
- Completely overhauled the method for exploiting the GiveWP plugin by removing dependency on the REST API, which may require authentication.
- Instead, we now use the admin-ajax.php endpoint for retrieving form lists and nonce values, ensuring compatibility even when REST API authentication is required.
- The exploit now works with all form types; however, the give_price_id and give_amount must be set to '0' and '0.00', respectively, as attempts to randomize these values caused the exploit to fail.
 2024-08-27 22:15:12 +02:00
Jack Heysel 8bf354cad2 Land #19417, Improve wp_backup_migration_php exploit 
The new PHP filter chain evaluates a POST parameter, which simplifies
the process and reduces the payload size enabling the module to send the
entire paylaod in one POST request instead of writing the payload to a
file character by character over many POST requests. Support for both
Windows and Linux Meterpreter payloads, not just PHP Meterpreter, has
also been added.
 2024-08-27 15:17:00 -04:00
Chocapikk d249711480 Update doc 2024-08-27 20:27:46 +02:00
jheysel-r7 61fa0c40b8 Update documentation/modules/exploit/multi/http/wp_backup_migration_php_filter.md 2024-08-27 14:14:28 -04:00
Chocapikk bc7840ea7f Add wp_givewp_rce exploit module 2024-08-27 19:50:35 +02:00
bwatters 6c24e0a952 Land #19393, Update OFBiz ProgramExport RCE for Patch Bypass 
Merge branch 'land-19393' into upstream-master
 2024-08-27 11:48:38 -05:00
Chocapikk c32c1e3a66 Update doc 2024-08-24 17:31:09 +02:00
Chocapikk 4ee30b24cb Rewrite wp_backup_migration_php_filter 2024-08-24 17:16:58 +02:00
dwelch-r7 f3a220518a Land #19394, SPIP Unauthenticated RCE Exploit 2024-08-21 13:58:26 +01:00
Chocapikk 62ab17b14d Update documentation and Docker Compose for SPIP, remove Rex.sleep() in Metasploit module due to stable payload. 2024-08-20 19:41:05 +02:00
Chocapikk c7d20853d6 Update documentation 2024-08-19 19:51:36 +02:00
Chocapikk 3d90eb0f43 Add spip_porte_plume_previsu_rce 2024-08-16 10:50:23 +02:00
jheysel-r7 ea10360c81 Update OFBiz ProgramExport RCE for Patch Bypass 2024-08-15 09:18:15 -07:00
h4x-x0r 2ce0a7a3fd v7.15 Support added 
Updated to work with v7.15 too.
 2024-08-02 15:43:26 +01:00
h4x-x0r 6dbb264a0d Calibre Python Code Injection (CVE-2024-6782) 
New Exploit Module for Calibre Python Code Injection (CVE-2024-6782)
 2024-08-02 06:03:15 +01:00
bwatters 9b7b1fd16e Land #19313, Ghostscript Command Execution via Format String (CVE-2024-29510) 
Merge branch 'land-19313' into upstream-master
 2024-07-19 11:24:11 -05:00
Christophe De La Fuente e9c511c979 Add documentation and some updates 2024-07-16 16:34:28 +02:00
Jack Heysel f7449ea850 Land #19311, Add GeoServer unauth RCE module 
This adds an exploit module for CVE-2024-36401, an unauthenticated RCE
vulnerability in GeoServer versions prior to 2.23.6, between version
2.24.0 and 2.24.3 and in version 2.25.0, 2.25.1.
 2024-07-12 11:07:36 -07:00
H00die.Gr3y 292c177b74 Apply suggestions from code review 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-07-12 19:20:46 +02:00
Jack Heysel 5d210b548b added windows support 2024-07-11 16:34:07 -07:00
h00die-gr3y 4e76068cea added armle architecture support 2024-07-11 21:42:45 +00:00
h00die-gr3y 92f6445856 added documentation 2024-07-11 21:24:50 +00:00
remmons-r7 7746c8877e Add sysinfo Meterpreter output and target OS version numbers 2024-07-09 16:31:01 -05:00
remmons-r7 06da60cade Adding atlassian_confluence_rce_cve_2024_21683 documentation 
Adding CVE-2024-21683 documentation, which includes both Windows and Linux examples.
 2024-07-09 14:05:43 -05:00
Jack Heysel e14dd93d6f Rebased encoder fix, removed PS paylaod dependency 2024-06-14 16:59:55 -07:00
Jack Heysel ade11a5a4b Added default options fixed Verification Steps 2024-06-14 16:41:12 -07:00
Jack Heysel 1dfd5da51e Apache OFBiz Dir Traversal RCE 2024-06-14 16:41:12 -07:00
Jack Heysel b9b638dd83 Land #19196, Cacti import package RCE 
This exploit module leverages an arbitrary file write vulnerability
(CVE-2024-25641) in Cacti versions prior to 1.2.27 to achieve RCE. It
abuses the Import Packages feature to upload a specially crafted package
that embeds a PHP file.
 2024-06-12 15:43:46 -07:00
Christophe De La Fuente 45815a4cb5 Code review 2024-06-12 19:47:02 +02:00
Jack Heysel 9bbb82ab55 Land #18998, VSCode exploit for ipynb integration 
VSCode allows users open a Jypiter notebook (.ipynb) file. Versions
v1.4.0 - v1.71.1 allow the Jypiter notebook to embed HTML and
javascript, which can then open new terminal windows within VSCode. Each
of these new windows can then execute arbitrary code at startup
 2024-06-10 14:36:57 -07:00
Christophe De La Fuente 67ec4baa66 PR-19208: Add DefaultTarget to the info hash 2024-06-05 10:14:48 +02:00
h00die d7966104f2 touchup docs 2024-06-04 19:40:39 -04:00
Chocapikk 6b127249fa Add suggestions 2024-05-31 20:56:03 +02:00
Chocapikk 4fdf6df1e7 Fix doc 2024-05-28 20:16:33 +02:00
Chocapikk bea708d24c Add exploit module for CVE-2024-5084: WordPress Hash Form Plugin RCE 2024-05-28 18:27:02 +02:00
Christophe De La Fuente c6c5f2bf7a Add module, lib and documentation 2024-05-22 17:38:53 +02:00