adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
69,622 Commits 27 Branches 1,043 Tags
d9e23a5c67fa76b01871cba625f40ae215239ca7
Commit Graph

3142 Commits

Author SHA1 Message Date
Spencer McIntyre ecd5ad29a7 Add module docs 2023-02-15 16:29:42 -05:00
Spencer McIntyre ac9d60ce9e Land #17281, Added module for CVE-2022-2992 
Added module for CVE-2022-2992 - Gitlab Remote Command Execution via Github import
 2023-02-14 16:57:29 -05:00
Grant Willcox d012145726 Land #17599, Cisco RV LAN Exploit - CVE-2022-20705 and CVE-2022-20707 2023-02-13 17:50:06 -06:00
Grant Willcox 45e453d687 Fix up remaining review comments 2023-02-13 15:07:25 -06:00
Spencer McIntyre c3fa924cfa Remove the NGROK_URL option 2023-02-13 14:31:44 -05:00
Spencer McIntyre 210b7a3254 Use #get_json_document instead of JSON.parse 
Also fix typos
 2023-02-13 14:00:13 -05:00
Grant Willcox f2a86327d0 Minor fixes from review 2023-02-09 15:34:25 -06:00
Spencer McIntyre c7279e9a0a Add credit for CVE-2023-0669; fix path in docs 2023-02-09 13:02:40 -05:00
bcoles de8a6e1445 Move fortra_goanywhere_rce_cve_2023_0669 module documentation to documentation directory 2023-02-09 23:12:45 +11:00
Stephen Wildow 427c181e9a Utilized msftidy_docs.rb to clean up missing sections, excessively long lines, spaces at EOL, and space end of file. Removed credit section. Expanded on installation procedure. Modified steps procedure to include Verify options and removed failure status. Removed Targets section. Scenarios have device, target, and architecture. 2023-02-08 19:18:14 -05:00
bwatters 01a78f972c Land #17567, ManageEngine Endpoint Central RCE (CVE-2022-47966) 
Merge branch 'land-17567' into upstream-master
 2023-02-08 13:06:53 -06:00
Stephen Wildow 35749a000a Added docs. Performed code linting with rubocop. 2023-02-07 20:27:07 -05:00
bwatters 8ee67085c8 Land #17556, ManageEngine ADSelfService Plus RCE (CVE-2022-47966) 
Merge branch 'land-17556' into upstream-master
 2023-02-07 16:57:22 -06:00
Matthew Dunn 52fa2e5be6 Add example for version 5.5.6 with CVE-2021-25297 2023-02-07 14:18:53 -06:00
Grant Willcox 489ab24876 Add in additional case documentation for the various targets and CVEs and fix a bug in the code 2023-02-07 14:18:45 -06:00
Matthew Dunn 8ba7a28caf Add quotes to set-time command in docs 2023-02-07 14:18:45 -06:00
Matthew Dunn 90e07ef5ed Switch to match over scan and add troubleshooting steps 2023-02-07 14:18:37 -06:00
Matthew Dunn 1cb06b11ac Adjust exploit and docs to support versions 5.5.6-5.7.5 2023-02-07 14:18:09 -06:00
Matthew Dunn 87176f9d7f Address Review Comments and add CVE-2021-25297 coverage 2023-02-07 14:18:06 -06:00
Matthew Dunn b042e71b2a Make Module work for both target url parameters 2023-02-07 14:18:04 -06:00
Matthew Dunn b606d1ff6b Add Documentation for Module 
Fix CVE format

Add Documentation
 2023-02-07 14:18:04 -06:00
bwatters 53c67653f5 Land #17527, ManageEngine ServiceDesk Plus RCE (CVE-2022-47966) 
Merge branch 'land-17527' into upstream-master
 2023-02-06 17:37:31 -06:00
bwatters 8b116a7dcd Minor punctuation change 2023-02-06 16:32:39 -06:00
h00die-gr3y d763faf245 sync documentation 2023-02-06 06:56:59 +00:00
h00die a5a7d5dd10 correct cleanup and stabilization 2023-02-05 08:15:38 -05:00
h00die 561b42f105 use exploit retry function 2023-02-04 18:17:42 -05:00
h00die 6aa6f5176b touch up verbiage and stuff 2023-02-04 18:17:42 -05:00
h00die 2b09af78e1 tomcat 8 priv esc on ubuntu 2023-02-04 18:17:41 -05:00
cgranleese-r7 80dbbca020 Land #17371, Lenovo Diagnostics Driver Privilege Escalation (CVE-2022-3699) 2023-02-03 13:43:04 +00:00
Jack Heysel 6ab7e177f4 Land #17392, add F5 Big-IP priv esc module 
Add a privilege escalation module for F5 that uses
the unsecured MCP socket to create a new root account
 2023-02-02 15:10:33 -05:00
Jack Heysel f4ad778bd0 Added missing session types 2023-02-02 13:29:43 -05:00
Jack Heysel af2ef53462 Land #17415, macOS dirty cow priv esc 2023-02-02 12:15:19 -05:00
Jack Heysel 4de5e44bda Documentation 2023-02-02 10:38:26 -05:00
adfoster-r7 6870efc34a Land #17426, Update all references to old Wiki to point to new docs site 2023-02-01 23:49:20 +00:00
Ron Bowes cf172d22c8 Get rid of #String.hash in favour of UnixCrypt 2023-02-01 11:02:04 -08:00
Ron Bowes 1094221468 Merge branch 'rapid7:master' into f5-createuser-privesc 2023-02-01 10:20:43 -08:00
Ron Bowes 638a1c519d Update documentation/modules/exploit/linux/local/f5_create_user.md 
Better demo exploit

Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-02-01 10:14:25 -08:00
h00die 5a374533af cve-2022-1043 2023-01-31 16:02:25 -05:00
h00die 8d58eb6279 cve-2022-1043 2023-01-31 16:02:25 -05:00
Jack Heysel 022760d24a Land #17300, linux LPE cve-2022-22942 module 
This PR adds a linux priv esc against VMWare virtual machines
 with kernel 4.14-rc1 - 5.17-rc1 due to a VMWare driver bug.
 2023-01-31 14:07:55 -05:00
adfoster-r7 bbf17c167c Land #17511, add exploit for CVE-2022-44877 command injection in CentOS Control Web Panel 2023-01-31 14:05:19 +00:00
Christophe De La Fuente f676568d89 Fix CVE 2023-01-30 12:18:08 +01:00
Christophe De La Fuente a5ba1245c2 Fix CVE 2023-01-30 12:15:14 +01:00
h00die-gr3y a2f4a27614 updated module and added documentation 2023-01-29 10:06:14 +00:00
bcoles e11aaa8027 modules/exploits/multi/local: Resolve Rubocop and msftidy_docs violations 2023-01-28 15:02:24 +11:00
Grant Willcox 6043d0ffba Update all links from Wiki site to new docs site. 2023-01-27 09:58:53 -06:00
Christophe De La Fuente e01239cf7b Add exploit module and documentation 2023-01-26 21:53:14 +01:00
adfoster-r7 672fb9ce9f Land #17460, add support for feature kerberos authentication 2023-01-26 17:47:27 +00:00
Christophe De La Fuente 2be22752be Add Linuc specifics and documentation 2023-01-26 16:16:00 +01:00
Spencer McIntyre f81195d0cc Fix a typo 2023-01-25 13:45:18 -05:00