adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
74,283 Commits 27 Branches 1,043 Tags
d89df446bfde2a39773feba4f747d43d12f4e601
Commit Graph

2459 Commits

Author SHA1 Message Date
Christophe De La Fuente 24fa34e7b9 Land #19188, Netis MW5360 unauthenticated RCE [CVE-2024-22729] 2024-06-24 13:40:51 +02:00
Christophe De La Fuente 8fc6e20cec Update other modules to use java_class_loader_start_service and cmdstager_start_service 2024-06-14 12:57:42 +02:00
h00die-gr3y 4e26704d73 Update addressing cdelafuente-r7 comments 2024-06-12 18:57:29 +00:00
h00die-gr3y 6a77c2e562 Final tweaks in check method 2024-06-08 11:33:55 +00:00
h00die-gr3y 0e3471d543 Final draft 2024-06-07 19:47:06 +00:00
h00die-gr3y 55fa94995b Updated check method 2024-06-06 22:23:35 +00:00
Jack Heysel 72f332aba0 Land #19150, Add Flowmon Command Injection Module 
Unauthenticated Command Injection Module for Progress Flowmon
CVE-2024-2389
 2024-05-29 08:28:37 -04:00
Jack Heysel e57f4d3cb5 Change xml to html in get_html_document 2024-05-28 16:29:55 -04:00
h00die-gr3y e7d65fe60a Update based on bwatters-r7 comments 2024-05-27 17:45:07 +00:00
Jack Heysel a0597007e4 Minor fixes, respond to comments 2024-05-23 14:02:28 -04:00
h00die-gr3y 66a7fbf0ea Update based on jvoisin comments 2024-05-21 20:21:35 +00:00
cgranleese-r7 67154a12e0 Land #19104, CHAOS rat xss to rce 2024-05-21 11:10:57 +01:00
h00die-gr3y 31babb6ca1 Fixed disclosure date 2024-05-19 12:23:21 +00:00
h00die-gr3y 6d844ae9c8 first release module 2024-05-19 12:16:14 +00:00
h00die d1739f32c2 review of chaos rat 2024-05-13 16:55:43 -04:00
DaveYesland a7e97e50ad Add module for flowmon cmd injection CVE-2024-2389 2024-05-01 08:42:55 -07:00
bwatters 364d491af7 Land #18972, Progress LoadMaster unauthenticated command injection module CVE-2024-1212 
Merge branch 'land-18972' into upstream-master
 2024-04-26 18:18:40 -05:00
bwatters 02c31159ab Add vulnerable versions and fix indention 2024-04-26 17:36:50 -05:00
h00die 7f02902ba1 add event_dependent to chaos_xss 2024-04-24 16:53:24 -04:00
h00die 512da4bc45 chaos rat xss to rce 2024-04-24 16:51:58 -04:00
Zach Goldman 26a108aadc Land #19046, Apache Solr Backup Restore RCE [CVE-2023-50386] 2024-04-23 14:08:33 -04:00
Dave Yesland a36244073f Merge pull request #1 from bwatters-r7/update-18972 
Remove Priv Esc to add it to another module and update it to only run…
 2024-04-22 17:53:48 -07:00
Dave Yesland c10bde97ff Merge branch 'rapid7:master' into module/progress_kemp_loadmaster_unauth_cmd_injection 2024-04-22 17:53:32 -07:00
remmons-r7 5df1052037 Addressing msftidy issues 
C:132: 20: [Correctable] Layout/SpaceAroundBlockParameters: Space before first block parameter detected.
C:132: 30: [Correctable] Layout/SpaceAroundBlockParameters: Space after last block parameter detected.
C:133:  5: [Correctable] Layout/IndentationWidth: Use 2 (not 4) spaces for indentation.
C:143:  4: [Correctable] Layout/TrailingEmptyLines: Final newline missing.
 2024-04-18 18:34:18 -05:00
remmons-r7 982b6aef0a Incorporating PAN-OS module peer review suggestions, adding documentation for the module 2024-04-18 18:21:12 -05:00
remmons-r7 22d3ee5df2 Changing the wording for TARGETURI 2024-04-18 08:25:06 -05:00
remmons-r7 cea9fb66ed Swap out staged payload for unstaged 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2024-04-18 08:21:18 -05:00
remmons-r7 9741b12d29 Addressing a new issue the linter caught after changes 
W:117:  5: [Correctable] Lint/UselessAssignment: Useless assignment to variable - res.
 2024-04-17 15:44:45 -05:00
remmons-r7 7e191c75e7 Addressing msftidy issues 
Fixes for the following:
W: 80:  5: [Correctable] Lint/UselessAssignment: Useless assignment to variable - res_create_file. Did you mean res_check_created?
C: 90: 81: [Correctable] Style/TrailingCommaInArguments: Avoid comma after the last parameter of a method call.
C: 93:  8: [Correctable] Style/InverseMethods: Use != instead of inverting ==.
C: 93: 42: [Correctable] Style/AndOr: Use && instead of and.
C: 93: 46: [Correctable] Style/InverseMethods: Use != instead of inverting ==.
C: 94: 43: [Correctable] Style/StringLiterals: Prefer single-quoted strings when you don't need string interpolation or special symbols.
C💯 18: [Correctable] Style/StringLiterals: Prefer single-quoted strings when you don't need string interpolation or special symbols.
C:131: 18: [Correctable] Style/StringLiterals: Prefer single-quoted strings when you don't need string interpolation or special symbols.
 2024-04-17 15:40:08 -05:00
remmons-r7 275345b68d Fix single char 2024-04-17 13:54:58 -05:00
remmons-r7 41e19d7759 Draft of CVE-2024-3400 module 2024-04-17 13:52:50 -05:00
sjanusz-r7 010f044117 Add https prefix to module URL references 2024-04-17 13:00:41 +01:00
bwatters 409f0e45a6 Remove Priv Esc to add it to another module and update it to only run once 2024-04-15 15:44:22 -05:00
Jack Heysel 8968222cf0 Rubocop, when will I learn 2024-04-04 13:41:08 -07:00
Jack Heysel 7f62dd2143 Responded to comments 2024-04-04 13:39:22 -07:00
Jack Heysel 531e7baa02 Add reminder todo 2024-04-03 17:08:09 -07:00
Jack Heysel 03fced404a Apache Solr Backup Restore RCE 
Writing file to disk working

working on linux

wip authentcaiton

Consolodated conf folders into one

Renamed conf1 to conf in msf data dir

Randomize the configuration name

Docs plus finishing touches

rubocop

Updated exploit file location

Removed unused external dir

Reduced conf folder
 2024-04-02 11:33:52 -07:00
Jack Heysel d7f3fd8cc0 Land #18915, Add Watchguard RCE CVE-2022-26318 
This PR adds a module for a buffer overflow at the administration
interface of WatchGuard Firebox and XTM appliances. The appliances are
built from a cherrypy python backend sending XML-RPC requests to a C
binary called wgagent using pre-authentication endpoint /agent/login.
This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before
12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. Successful
exploitation results in remote code execution as user nobody.
 2024-03-28 10:24:32 -07:00
h00die-gr3y 6e6f1beb92 update addressing jheysel-r7 comments 2024-03-28 08:43:08 +00:00
bwatters e775c7c20a Land #18967, Artica Proxy unauthenticated RCE [CVE-2024-2054] 
Merge branch 'land-18967' into upstream-master
 2024-03-25 15:25:27 -05:00
h00die-gr3y f217312ad1 module and documentation updates based on review comments (bwatters-r7/cgranleese-r7) 2024-03-21 16:13:55 +00:00
Jack Heysel 2b90d33aef Land #18618, Add OpenNMS privesc and auth RCE 
This module exploits built-in functionality in OpenNMS Horizon in order
to execute arbitrary commands as the opennms user. For versions 32.0.2
and higher, this module requires valid credentials for a user with
ROLE_FILESYSTEM_EDITOR privileges and either ROLE_ADMIN or ROLE_REST.
For versions 32.0.1 and lower, credentials are required for a user with
ROLE_FILESYSTEM_EDITOR, ROLE_REST, and/or ROLE_ADMIN privileges.
 2024-03-20 12:54:16 -07:00
Jack Heysel 6cd7f44197 rubocop 2024-03-20 11:39:19 -07:00
Jack Heysel 149dc15b21 Add check to see if notifications are enabled 2024-03-20 11:33:15 -07:00
DaveYesland 1a8233dfe7 msftidy cleanup 2024-03-19 14:52:28 -07:00
DaveYesland e32d05eab8 Add module and docs for CVE-2024-1212 2024-03-19 11:37:12 -07:00
h00die-gr3y e84fe947c2 third release module and documentation updates 2024-03-15 23:33:29 +00:00
h00die-gr3y 5dd75e174b second release module and documentation 2024-03-15 18:27:59 +00:00
h00die-gr3y df0012a63f initial release module 2024-03-15 16:10:05 +00:00
h00die-gr3y 7f02daf37d use send_request_cgi for payload delivery 2024-03-08 10:53:45 +00:00