adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
74,283 Commits 27 Branches 1,043 Tags
d89df446bfde2a39773feba4f747d43d12f4e601
Commit Graph

6460 Commits

Author SHA1 Message Date
adeherdt-r7 52142f280f MS-9454 Redis Scanner: Support versions 
Updating the Redis Login Scanner to properly support all versions of Redis and their implementations to handle the `AUTH` command.
 2024-06-28 15:25:49 +02:00
adfoster-r7 afa973e05e Fix reids_login scanner when auth is enabled 2024-06-26 13:32:16 +01:00
Spencer McIntyre a5afdd6e04 Land #19205, Add MS-NRPC users enumeration module 2024-06-24 18:52:47 -04:00
Christophe De La Fuente 24fa34e7b9 Land #19188, Netis MW5360 unauthenticated RCE [CVE-2024-22729] 2024-06-24 13:40:51 +02:00
Jack Heysel bae70a4b98 Land #19255, Add SolarWinds Serv-U aux module 
This module exploits an unauthenticated file read vulnerability, due to
directory traversal, affecting SolarWinds Serv-U FTP Server 15.4, Serv-U
Gateway 15.4, and Serv-U MFT Server 15.4. All versions prior to the
vendor supplied hotfix "15.4.2 Hotfix 2" (version 15.4.2.157) are
affected.
 2024-06-19 10:54:45 -07:00
sud0Ru a5a296aef7 Delete old documentation file 2024-06-18 17:52:33 +03:00
Jack Heysel dc70aa0896 Land #19247, PHP CGI Arg injection RCE 
XAMPP installs running on Windows system configured to use Japanese or
Chinese (simplified or traditional) locales are vulnerable to a PHP CGI
argument injection vulnerability. This exploit module returns a session
running in the context of the Administrator user
 2024-06-17 11:27:38 -07:00
Jack Heysel e14dd93d6f Rebased encoder fix, removed PS paylaod dependency 2024-06-14 16:59:55 -07:00
Jack Heysel ade11a5a4b Added default options fixed Verification Steps 2024-06-14 16:41:12 -07:00
Jack Heysel 1dfd5da51e Apache OFBiz Dir Traversal RCE 2024-06-14 16:41:12 -07:00
Jack Heysel 178bb3e085 Land #19229, Junos OS PHPRC module enhancement 
The junos_phprc_auto_prepend_file module used to depend on having a user
authenticated to the J-Web application to steal the necessary session
tokens in order to exploit. With this enhancement the module will now
create a session if one doesnt exist. Also it adds datastore options to
change the hash format to be compatible with older version as well an
option to attempt to set ssh root login to true before attempting to
establish a root ssh session
 2024-06-14 11:35:15 -07:00
Jack Heysel 1bb95acd12 Updated documentation 2024-06-14 11:02:31 -07:00
Jack Heysel 35d161be91 Land #19221, CheckPoint Security Gateway file read 
This module leverages an unauthenticated arbitrary root file read
vulnerability for Check Point Security Gateway appliances. When the
IPSec VPN or Mobile Access blades are enabled on affected devices,
traversal payloads can be used to read any files on the local file
system. This vulnerability is tracked as CVE-2024-24919.
 2024-06-13 11:03:58 -07:00
Jack Heysel 1abe3b9a26 Add detail to setup instructions 2024-06-13 08:57:24 -07:00
Stephen Fewer d7531ef74c fix typo in documentation 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-06-13 15:09:56 +01:00
remmons-r7 c7d40bc6f1 Updating language around file in documentation 
From peer review suggestion.

Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-06-13 08:08:09 -05:00
sfewer-r7 7e37ca5d1a add in link to AKB analysis 2024-06-13 10:22:33 +01:00
sfewer-r7 1d1c37bf44 add in documentation for options 2024-06-13 10:19:53 +01:00
Jack Heysel b9b638dd83 Land #19196, Cacti import package RCE 
This exploit module leverages an arbitrary file write vulnerability
(CVE-2024-25641) in Cacti versions prior to 1.2.27 to achieve RCE. It
abuses the Import Packages feature to upload a specially crafted package
that embeds a PHP file.
 2024-06-12 15:43:46 -07:00
Christophe De La Fuente 45815a4cb5 Code review 2024-06-12 19:47:02 +02:00
sfewer-r7 7617a53993 add documentation 2024-06-12 17:45:11 +01:00
remmons-r7 a18dc69cbc Remove ISO download link from documentation 
Since Check Point has swapped out the download link on this page for a patched version, the link has been removed entirely.
 2024-06-12 11:04:24 -05:00
Spencer McIntyre 18fe758416 Finish up and document the deserialization RCE 2024-06-12 08:58:37 -04:00
bwatters 5b4e3f009d Land #19242, Add exploit for CVE-2024-4358 (Telerik Report Server Auth Bypass) 
Merge branch 'land-19242' into upstream-master
 2024-06-11 16:47:12 -05:00
bwatters f2027784cf Land #19240, Rejetto HTTP File Server (HFS) 2.x - Unauthenticated RCE exploit module (CVE-2024-23692) 
Merge branch 'land-19240' into upstream-master
 2024-06-11 12:22:29 -05:00
Stephen Fewer 2d63038196 Update documentation/modules/exploit/windows/http/rejetto_hfs_rce_cve_2024_23692.md 
fix a typo in the documentation.

Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-06-11 16:23:56 +01:00
Jack Heysel 9bbb82ab55 Land #18998, VSCode exploit for ipynb integration 
VSCode allows users open a Jypiter notebook (.ipynb) file. Versions
v1.4.0 - v1.71.1 allow the Jypiter notebook to embed HTML and
javascript, which can then open new terminal windows within VSCode. Each
of these new windows can then execute arbitrary code at startup
 2024-06-10 14:36:57 -07:00
sud0Ru 5c7b3753f8 Change the module adn the documentation path 2024-06-10 15:03:22 -04:00
sfewer-r7 bf9b3f1d2a add documentation 2024-06-10 17:41:55 +01:00
sud0Ru 88d325775b Update documentation/modules/auxiliary/gather/nrpc_enumusers.md 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2024-06-10 18:43:01 +03:00
h00die-gr3y 55fa94995b Updated check method 2024-06-06 22:23:35 +00:00
Spencer McIntyre d4696c0487 Document the auth bypass module 2024-06-06 15:48:25 -04:00
sfewer-r7 c8208704be add in exploit module for CVE-2024-23692 2024-06-06 18:04:14 +01:00
Christophe De La Fuente 120fa0f2fe Land #19208, Add exploit module for CVE-2024-5084: WordPress Hash Form Plugin RCE 2024-06-05 10:17:02 +02:00
Christophe De La Fuente 67ec4baa66 PR-19208: Add DefaultTarget to the info hash 2024-06-05 10:14:48 +02:00
h00die d7966104f2 touchup docs 2024-06-04 19:40:39 -04:00
remmons-r7 502cb565d6 Add CVE-2024-24919 markdown documentation 2024-05-31 14:33:45 -05:00
Chocapikk 6b127249fa Add suggestions 2024-05-31 20:56:03 +02:00
Jack Heysel 80ee458410 Land #19151, Add Flowmon Priv Esc Feature Module 
Privilege escalation module for Progress Flowmon unpatched feature
 2024-05-29 11:35:53 -04:00
Jack Heysel 72f332aba0 Land #19150, Add Flowmon Command Injection Module 
Unauthenticated Command Injection Module for Progress Flowmon
CVE-2024-2389
 2024-05-29 08:28:37 -04:00
Chocapikk 4fdf6df1e7 Fix doc 2024-05-28 20:16:33 +02:00
Chocapikk bea708d24c Add exploit module for CVE-2024-5084: WordPress Hash Form Plugin RCE 2024-05-28 18:27:02 +02:00
sud0Ru a4d08f3cc3 adding Doc for domain users enumeration module through ms-nrpc interface 2024-05-27 15:43:19 -04:00
Christophe De La Fuente f274c46bd2 Land #19103, jasmin ransomware sqli and dir travers (CVE-2024-30851) 2024-05-27 11:23:42 +02:00
Jack Heysel 2c6fc11639 Responded to comments, clean up /etc/sudoers file 2024-05-23 16:56:35 -04:00
Jack Heysel a0597007e4 Minor fixes, respond to comments 2024-05-23 14:02:28 -04:00
Christophe De La Fuente c6c5f2bf7a Add module, lib and documentation 2024-05-22 17:38:53 +02:00
Dave Yesland 0de89d3b2d Update documentation/modules/exploit/linux/local/progress_flowmon_sudo_privesc_2024.md 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-05-21 13:42:52 -07:00
Jack Heysel 6e9e4a5aed Land #19102, Northstar C2 Stored XSS to Agent RCE 
Add exploit module for CVE-2024-28741, Northstar C2 Stored XSS to Agent
RCE
 2024-05-21 14:57:44 -04:00
Jack Heysel 10acd86390 Land #19071, Add AVideo RCE module 
Add module for CVE-2024-31819 which exploits an LFI in AVideo which uses
PHP Filter Chaining to turn the LFI into unauthenticated RCE
 2024-05-21 14:27:15 -04:00