adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
79,032 Commits 27 Branches 1,043 Tags
dcd3a62e884cd3fb72a888fa7f793d1e7fb00a6e
Commit Graph

4799 Commits

Author SHA1 Message Date
Brendan e998b91aee Merge pull request #20717 from sfewer-r7/fortiweb-exploit-rce 
Add exploit module for Fortinet FortiWeb (CVE-2025-64446 + CVE-2025-58034)
 2025-11-25 14:14:31 -06:00
Brendan 1912fe2a95 Merge pull request #20702 from Zedeldi/igel-os-modules 
IGEL OS modules
 2025-11-25 13:59:44 -06:00
sfewer-r7 fa03ac8b66 on 7.4.8 the command nohup is not available. we must execute our payload in a new session, so we use a python stub to essentially call setsid. This has been tested to work on both 8.0.1 and 7.4.8. Teh payload cmd/unix/reverse_python isnot working as it previously was, so I am removing from the list of confirmed paylaods. The other two, cmd/unix/reverse_bash and cmd/unix/reverse_openssl work fine on both versions 2025-11-25 11:25:41 +00:00
sfewer-r7 8a054b74db improve check logic to actualy parse JSON result for expected reply, tested against 8.0.1 and 7.4.8 2025-11-25 11:22:43 +00:00
Zedeldi d1fe17747c Add check methods and update DisclosureDate 2025-11-24 17:12:56 +00:00
Zedeldi ffaf43af2f Add writable? and file? checks to write_payload 2025-11-24 11:45:34 +00:00
Zedeldi 0c4d1e70d1 Add support for ARCH_CMD payload 2025-11-24 11:16:22 +00:00
sfewer-r7 b8cefb1af9 add nohup when bootstraping the payload to avoid the scenario when the parent dies it tears down our payload child process 2025-11-21 15:54:41 +00:00
Zedeldi da33eed842 Use fail_with instead of a check method 2025-11-21 14:02:05 +00:00
Zedeldi c0a756a751 Verify registry has been written successfully 2025-11-21 13:52:41 +00:00
Zedeldi 425adfa9bf Prefer create_process over cmd_exec for commands with arguments 2025-11-21 13:40:25 +00:00
sfewer-r7 aff76622fa add in the unauth RCE exploit module for CVE-2025-64446 + CVE-2025-58034 2025-11-21 12:22:25 +00:00
Zedeldi ba702d40ea Remove x86 target and redundant DefaultOptions 2025-11-21 12:04:49 +00:00
Brendan bb728c44d7 Merge pull request #20560 from cdelafuente-r7/feat/mitre/T1021 
Add T1021 "Remote Services" MITRE technique and sub-technique references
 2025-11-20 11:19:31 -06:00
Zedeldi 8d28ce611a Revert to cmd_exec for modify_service and improve code style 2025-11-19 20:33:46 +00:00
Zedeldi bc2c397b8c Add check for root access to igel_persistence 2025-11-19 20:01:57 +00:00
Zack Didcott beed317573 Use create_process instead of cmd_exec 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2025-11-19 18:02:08 +00:00
Zack Didcott 22aead0db1 Use vprint_status for modify_service and restart_service 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2025-11-19 18:01:05 +00:00
Christophe De La Fuente 179a545312 Remove false positive references 2025-11-19 17:34:15 +01:00
Zedeldi c6db0d4285 Move IGEL OS persistence module to linux/persistence 2025-11-17 18:42:28 +00:00
Zedeldi f29505d0d0 Add IGEL OS modules 2025-11-17 15:18:09 +00:00
Diego Ledda 110cb837aa Merge pull request #20672 from h00die-gr3y/centreon_auth_rce 
Centreon authenticated command injection leading to RCE via broker engine "reload" parameter [CVE-2025-5946]
 2025-11-05 16:29:29 +01:00
h00die-gr3y 34c424f473 update based on dledda-r7 comments 2025-11-05 09:20:13 +00:00
h00die-gr3y 61dfc293d9 update based on dledda-r7 comments 2025-11-03 14:37:23 +00:00
h00die-gr3y 85b4233345 updated module based on review comments and added documentation 2025-11-03 10:21:31 +00:00
h00die-gr3y 83e7fc2667 update attackerkb reference 2025-11-02 18:26:34 +00:00
h00die-gr3y e01456bcf4 init commit module 2025-11-02 17:45:22 +00:00
Diego Ledda 13dc61e2e8 Merge pull request #20523 from h00die/modern_persistence_upstart 
update upstart to persistence mixin
 2025-10-31 12:28:59 +01:00
bcoles 676a2ed4b1 Add Rootkit Privilege Escalation Signal Hunter 2025-10-31 17:22:19 +11:00
h00die c0b3f40b3e upstart review 2025-10-27 19:45:38 -04:00
bcoles 52b7f1ff25 Deprecate exploit/linux/local/diamorphine_rootkit_signal_priv_esc 2025-10-24 17:05:10 +11:00
h00die 55583bd2c8 review for sysv persistence 2025-10-14 19:30:06 -04:00
Christophe De La Fuente 3b727fbaf2 Code review 2025-10-14 16:25:43 +02:00
Christophe De La Fuente 0a755ea03a Add references to MITRE ATT&CK T1021 - Remote Services 2025-10-14 16:25:30 +02:00
h00die 7a8189f976 additional check 2025-10-13 14:07:18 -04:00
h00die c0b09693e3 systemv updated with mixin udpates 2025-10-13 13:42:41 -04:00
h00die 1a13d39a4d use attck ref in sysvinit persistence module 2025-10-13 13:42:41 -04:00
h00die 058e858e82 update systemvinit to persistence mixin 2025-10-13 13:42:41 -04:00
Brendan 91c0adb17f Merge pull request #20585 from vognik/CVE_2025_60787 
Add MotionEye Authenticated RCE (CVE-2025-60787)
 2025-10-09 13:50:25 -05:00
Vognik 267a26b763 code review changes from smcintyre-r7@ 2025-10-09 21:51:31 +04:00
Spencer McIntyre 9dc5696cc4 Update dash characters in module references 2025-10-07 14:03:32 -04:00
Spencer McIntyre fd21209e4d Add missing CVEs from VulnCheck 2025-10-07 13:59:13 -04:00
msutovsky-r7 79ff667d5e Land #20538, adds systemd override persistence module 
persistence: systemd service override
 2025-09-26 15:57:31 +02:00
Martin Sutovsky 00f902b04b Adds formatting to cleanup commands 2025-09-26 15:00:09 +02:00
Martin Sutovsky a91f5f53f2 Substitutes cmd_exec with mkdir to create_process 2025-09-25 18:20:54 +02:00
h00die 160cf5c55b peer review for yum persistence 2025-09-18 16:15:24 -04:00
h00die 15f4abd1b2 update yum to persistence module 2025-09-18 15:36:44 -04:00
Spencer McIntyre cf3abc280e Merge pull request #20533 from cdelafuente-r7/feat/mitre/add_ref 
Add T1003 "OS credential dumping" MITRE technique reference
 2025-09-18 11:56:33 -04:00
Diego Ledda c718a965d7 Merge pull request #20508 from h00die/modern_persistence_cron 
update cron to persistence mixin
 2025-09-18 12:04:00 +02:00
Diego Ledda 448381ee96 Merge pull request #20548 from xHector1337/fix-exploits/linux/samba/is_known_pipename.rb 
Fixes samba share iteration in linux/samba/is_known_pipename
 2025-09-17 15:21:27 +02:00