adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
69,622 Commits 27 Branches 1,043 Tags
d9e23a5c67fa76b01871cba625f40ae215239ca7
Commit Graph

3577 Commits

Author SHA1 Message Date
Jack Heysel e625e2e474 Land #17652, module for pyload js2py exploit 
This adds an exploit for CVE-2023-0297 which is unauthenticated
Javascript injection in pyLoads Click N Load service.
 2023-02-21 16:27:04 -05:00
Spencer McIntyre ecd5ad29a7 Add module docs 2023-02-15 16:29:42 -05:00
Arnout Engelen 5d8b1dc4a6 Link Hadoop YARN exploit to documentation 
This exploit scans for misconfigured installations, link to the documentation
that describes how to properly secure it.
 2023-02-15 21:17:26 +01:00
Spencer McIntyre 557042c91c Initial exploit is working 2023-02-15 14:18:25 -05:00
Grant Willcox d012145726 Land #17599, Cisco RV LAN Exploit - CVE-2022-20705 and CVE-2022-20707 2023-02-13 17:50:06 -06:00
Stephen Wildow 96fecb6048 Modified BadChars and FailWith codes 2023-02-13 17:49:09 -05:00
Grant Willcox 45e453d687 Fix up remaining review comments 2023-02-13 15:07:25 -06:00
Stephen Wildow 79b1801a4f Rewrote check method to only abuse authentication bypass. Added additional status checks. 2023-02-11 17:43:33 -05:00
Stephen Wildow 036ed7f467 Removed /etc/password. Modified check code and fail_with. Added proper checking for non-vulnerable versions of firmware. 2023-02-09 21:55:40 -05:00
Grant Willcox f2a86327d0 Minor fixes from review 2023-02-09 15:34:25 -06:00
Stephen Wildow 4b05ba6189 Update description and vulnerability listings. Cleaned up references. More randomization. Removed first unnecessary request in exploit portion of code. Added rescue section around json grabbing. 2023-02-08 21:26:18 -05:00
adfoster-r7 656ded4b86 Add module notes 2023-02-08 15:46:07 +00:00
adfoster-r7 25ee41df68 Run rubocop on exploit modules 2023-02-08 15:20:32 +00:00
Stephen Wildow 35749a000a Added docs. Performed code linting with rubocop. 2023-02-07 20:27:07 -05:00
Matthew Dunn 52fa2e5be6 Add example for version 5.5.6 with CVE-2021-25297 2023-02-07 14:18:53 -06:00
Grant Willcox 489ab24876 Add in additional case documentation for the various targets and CVEs and fix a bug in the code 2023-02-07 14:18:45 -06:00
Grant Willcox 7c30889784 Refactor code to handle unsigned licenses in one central function 2023-02-07 14:18:39 -06:00
Grant Willcox b14bcd40a2 Fix incorrect match logic grabbing the wrong entry from results for NSP 2023-02-07 14:18:38 -06:00
Grant Willcox 425da60b15 Add in missing case 5 check 2023-02-07 14:18:38 -06:00
Matthew Dunn 90e07ef5ed Switch to match over scan and add troubleshooting steps 2023-02-07 14:18:37 -06:00
Matthew Dunn 8cddf56238 Verify auth_cookies before use 2023-02-07 14:18:37 -06:00
Matthew Dunn a276659681 Use more encompassing single regex 2023-02-07 14:18:36 -06:00
Matthew Dunn 7554b5e4fd Add failure condition for nsp's that fail to match the regex 2023-02-07 14:18:36 -06:00
Matthew Dunn 1cb06b11ac Adjust exploit and docs to support versions 5.5.6-5.7.5 2023-02-07 14:18:09 -06:00
Matthew Dunn 87176f9d7f Address Review Comments and add CVE-2021-25297 coverage 2023-02-07 14:18:06 -06:00
Matthew Dunn c5914d8c99 Insert randomized strings to fix exploit with plugin_output_len 2023-02-07 14:18:05 -06:00
Matthew Dunn 990db5372f Remove extra payload details, add config check 2023-02-07 14:18:05 -06:00
Matthew Dunn b042e71b2a Make Module work for both target url parameters 2023-02-07 14:18:04 -06:00
Matthew Dunn b606d1ff6b Add Documentation for Module 
Fix CVE format

Add Documentation
 2023-02-07 14:18:04 -06:00
Matthew Dunn 5846d95b25 Create nagios_xi_configwizards_authenticated_rce.rb 
Add initial module
 2023-02-07 14:18:03 -06:00
Stephen Wildow 475813eb33 Properly labing ZDI vulnerability 2023-02-05 21:48:48 -05:00
Stephen Wildow 59332da8ce Randomized hard coded strings, modified cmd string, and updated references 2023-02-05 21:42:57 -05:00
Stephen Wildow ac9caa8894 Removed unnecessary CVE listing 2023-02-05 14:32:04 -05:00
Stephen Wildow 7cff3cc2b0 Updated to include vulnerable versions of software 2023-02-05 13:20:52 -05:00
Stephen Wildow 4b3125d14b Add module to exploit Cisco RV34x Small Business Routers 2023-02-05 10:15:16 -05:00
h00die a5a7d5dd10 correct cleanup and stabilization 2023-02-05 08:15:38 -05:00
h00die 561b42f105 use exploit retry function 2023-02-04 18:17:42 -05:00
h00die aff14e8e46 tocat to tomcat 2023-02-04 18:17:42 -05:00
h00die e30cae2e40 uncomment needed code 2023-02-04 18:17:42 -05:00
h00die 34b1e66f90 tomcat 8 priv esc on ubuntu prebuilt so file 2023-02-04 18:17:41 -05:00
h00die 2b09af78e1 tomcat 8 priv esc on ubuntu 2023-02-04 18:17:41 -05:00
Jack Heysel 6ab7e177f4 Land #17392, add F5 Big-IP priv esc module 
Add a privilege escalation module for F5 that uses
the unsecured MCP socket to create a new root account
 2023-02-02 15:10:33 -05:00
adfoster-r7 952a4fe37a Land #17581, modules: Check datastore ForceExploit before checking if session is root 2023-02-02 10:19:07 +00:00
bcoles ef87a63bde modules: Check datastore ForceExploit before checking if session is root 2023-02-02 18:17:02 +11:00
Grant Willcox 48a27ab555 Fix the remaining references to the old wiki site. 2023-02-01 21:25:06 -06:00
Ron Bowes cf172d22c8 Get rid of #String.hash in favour of UnixCrypt 2023-02-01 11:02:04 -08:00
Ron Bowes 1094221468 Merge branch 'rapid7:master' into f5-createuser-privesc 2023-02-01 10:20:43 -08:00
Ron Bowes 34d93e862c Update modules/exploits/linux/local/f5_create_user.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2023-02-01 10:16:03 -08:00
Ron Bowes e90b47fd17 Update modules/exploits/linux/local/f5_create_user.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2023-02-01 10:15:00 -08:00
Ron Bowes d89c193db2 Update modules/exploits/linux/local/f5_create_user.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-02-01 10:14:38 -08:00