adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,905 Commits 27 Branches 1,043 Tags
d8d1ea7ffb8c1a210bffc1925bc700459823aeb4
Commit Graph

6366 Commits

Author SHA1 Message Date
Jack Heysel d60524d0b3 Started docs file 2024-05-28 15:54:47 -04:00
Christophe De La Fuente 8c76143a9d Land #19127, Ldap signing 2024-05-07 17:28:36 +02:00
Christophe De La Fuente 946cc3baf1 Land #19147, Auxiliary module for CVE-2024-4040 - CrushFTP arbitrary file read 2024-05-07 15:44:24 +02:00
Spencer McIntyre 47c8d7252b Land #18519, Docker kernel module escape 2024-05-06 09:08:08 -04:00
remmons-r7 5653ea5dfb Implement peer review suggestions for documentation 
Revise 'Options' section to format each option as a level-3 heading
Update to latest module console output in 'Scenarios'
 2024-05-03 12:24:42 -05:00
Spencer McIntyre 69d603e6fc Switch to an enum option for the signing 2024-05-03 10:27:10 -04:00
Christophe De La Fuente 69cbddde92 Land #19050, Adobe ColdFusion Arbitrary File Read [CVE-2024-20767] 2024-05-03 15:15:08 +02:00
Jack Heysel e3d7dce4a9 Updated res.body parsing, responded to comments 2024-05-02 09:47:22 -07:00
remmons-r7 6c91ca37b6 Implement peer review suggestion to add CrushFTP10.zip SHA256 2024-05-02 11:42:49 -05:00
Spencer McIntyre ca669d8f08 Update docs to reflect changes 2024-05-01 13:45:20 -04:00
Spencer McIntyre a98554a1f4 Land #19048, Enable inline credentials dump 
Windows Secrets Dump: Enable inline credentials dump
 2024-05-01 09:05:40 -04:00
remmons-r7 d7b63679c9 Add documentation markdown for crushftp_fileread_cve_2024_4040 2024-04-30 11:24:43 -05:00
bwatters 364d491af7 Land #18972, Progress LoadMaster unauthenticated command injection module CVE-2024-1212 
Merge branch 'land-18972' into upstream-master
 2024-04-26 18:18:40 -05:00
Christophe De La Fuente 4794844b67 Update the documentation 2024-04-26 18:44:05 +02:00
Ashley Donaldson 631e4e34db Update LDAP doco with current options 2024-04-24 15:40:11 +10:00
RadioLogic 1c8c91096f Removed port being in documentation as it made no sense 2024-04-23 18:47:30 -04:00
Zach Goldman 26a108aadc Land #19046, Apache Solr Backup Restore RCE [CVE-2023-50386] 2024-04-23 14:08:33 -04:00
Dave Yesland a36244073f Merge pull request #1 from bwatters-r7/update-18972 
Remove Priv Esc to add it to another module and update it to only run…
 2024-04-22 17:53:48 -07:00
Dave Yesland c10bde97ff Merge branch 'rapid7:master' into module/progress_kemp_loadmaster_unauth_cmd_injection 2024-04-22 17:53:32 -07:00
Jack Heysel b8675f0fd7 Land #19005, Add Gambio Webshop Unauth RCE 
A Remote Code Execution vulnerability in Gambio online webshop version
4.9.2.0 and lower allows remote attackers to run arbitrary commands via
unauthenticated HTTP POST request
 2024-04-19 12:18:17 -07:00
Zach Goldman 488653d942 Land #19082, FortiNet FortiClient EMS SQLi to RCE [CVE-2023-48788] 2024-04-19 15:03:22 -04:00
bwatters 4733d1dc04 Land #19101, Exploit module for CVE-2024-4300 - Palo Alto Networks PAN-OS 
Merge branch 'land-19101' into upstream-master
 2024-04-19 12:49:41 -05:00
Spencer McIntyre 3697d4cb77 Land #18956, Rancher CVE-2021-36782 
Rancher Authenticated API Credential Exposure (CVE-2021-36782)
 2024-04-19 13:27:30 -04:00
Spencer McIntyre d93b97d7c4 Add rancher installation docs 2024-04-19 12:55:46 -04:00
remmons-r7 2ad13ac836 Added note about shell from a different IP than RHOST IP 2024-04-19 11:45:56 -05:00
remmons-r7 4f3ee3f78a Incorporate documentation wording change from suggestion 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2024-04-19 08:50:20 -05:00
adfoster-r7 376bdefefb Land #19054, Add NText column parsing to MSSQL 2024-04-19 14:17:50 +01:00
Jack Heysel 27f5ad8e05 Land #18996, VSCode Malicious Ext module 
This PR adds a new exploit that creates a malicious vsix file. a vsix
file is a VS and VSCode extension file. Once installed, the users
computer will call back with a shell. Its not a bug, its a feature!
 2024-04-18 18:10:46 -07:00
Jack Heysel bcaa5359da Land #18997, Add GitLens VSCode Extension Exploit 
GitKraken GitLens before v.14.0.0 allows an untrusted workspace to
execute git commands. A repo may include its own .git folder including a
malicious config file to execute arbitrary code.
 2024-04-18 17:19:41 -07:00
remmons-r7 982b6aef0a Incorporating PAN-OS module peer review suggestions, adding documentation for the module 2024-04-18 18:21:12 -05:00
Zach Goldman d35748497c adds ntext parsing to mssql 2024-04-18 16:41:37 -05:00
h00die-gr3y 331c961412 update module and documentation with tax country logic 2024-04-18 19:13:19 +00:00
h00die bae1a2e20f gitlens review 2024-04-17 16:06:32 -04:00
Spencer McIntyre 727849202d Land #19087, chore: remove repetitive words 2024-04-17 09:59:46 -04:00
Jack Heysel 84ea514180 Land #19026, Add pgadmin exploit CVE-2024-2044 
This adds an exploit for pgAdmin <= 8.3 which is a path traversal
vulnerability in the session management that allows a Python pickle
object to be loaded and deserialized. This also adds a new Python
deserialization gadget chain to execute the code in a new thread so the
target application doesn't block the HTTP request.
 2024-04-16 14:12:41 -07:00
Spencer McIntyre 9cf4372f2b Clean up some of the module's documentation 2024-04-16 13:36:21 -04:00
bwatters 409f0e45a6 Remove Priv Esc to add it to another module and update it to only run once 2024-04-15 15:44:22 -05:00
fanqiaojun 6b2bdc893b chore: remove repetitive words 
Signed-off-by: fanqiaojun <fanqiaojun@yeah.net>
 2024-04-15 11:06:50 +08:00
Jack Heysel 1174344b76 Land #18918, Add CrushFTP Module CVE-2023-43177 
This exploit module leverages an Improperly Controlled Modification of
Dynamically-Determined Object Attributes vulnerability (CVE-2023-43177)
to achieve unauthenticated remote code execution. This affects CrushFTP
versions prior to 10.5.1.
 2024-04-12 12:26:16 -07:00
Jack Heysel dae9657433 FortiClient EMS Exploit Module 2024-04-12 10:00:07 -07:00
Christophe De La Fuente d36e22fdc6 Land #18936, mongodb ops manager diagnostic archive info disclosure (cve-2023-0342) 2024-04-12 15:22:18 +02:00
Spencer McIntyre aa739cd92d Land #18962, rancher audit logs information leak 
new post module: rancher audit logs sensitive information leak (CVE-2023-22649)
 2024-04-10 11:51:54 -04:00
Spencer McIntyre f579ec7a1a Clean table printing, document tested version 2024-04-10 11:31:55 -04:00
Ashley Donaldson 4557de9a72 Changes from code review 2024-04-08 11:47:09 +10:00
Ashley Donaldson b1d0918074 Add documentation for module and functions 2024-04-08 11:32:53 +10:00
h00die b83a91a468 review for mongodb ops manager 2024-04-07 05:39:51 -04:00
Jack Heysel 7f62dd2143 Responded to comments 2024-04-04 13:39:22 -07:00
h00die-gr3y 978fb46e52 added documentation 2024-04-04 17:35:12 +00:00
Jack Heysel 9a88ca33e0 second commit with a couple TODOs 2024-04-03 19:36:39 -07:00
Jack Heysel 03fced404a Apache Solr Backup Restore RCE 
Writing file to disk working

working on linux

wip authentcaiton

Consolodated conf folders into one

Renamed conf1 to conf in msf data dir

Randomize the configuration name

Docs plus finishing touches

rubocop

Updated exploit file location

Removed unused external dir

Reduced conf folder
 2024-04-02 11:33:52 -07:00