adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
77,275 Commits 27 Branches 1,043 Tags
dd3093c80640849a0c86e75b052d442f342ac37d
Commit Graph

936 Commits

Author SHA1 Message Date
Christophe De La Fuente 365caab8fc Update the error message in case of Broken pipe error and update the documentation 2025-05-15 12:10:53 +02:00
Christophe De La Fuente d83e6072ef Add the module and documentation for Ivanti RCE CVE-2025-22457 2025-04-30 22:02:16 +02:00
Chocapikk 39a5d710aa Refactor module: modularization, session-path leak, randomized key, improved check 
- Centralized fetch_cookies_and_csrf and execute_via_session methods for clarity
- Added leak_session_path() to call send_transform("phpinfo") and parse session.save_path via XPath
- In check(): first try to leak the PHP session directory (report vulnerable if successful), then perform a simple RCE check by summing two 4-digit random numbers with print_r()
- Stub injection now happens once in fetch_cookies_and_csrf; execute_via_session only needs the payload
- Randomized the "as hack" key in send_transform
- Simplified exploit() to reuse execute_via_session with a Base64-encoded payload
- Big thanks to @jvoisin for the suggestions!
 2025-04-30 00:24:25 +02:00
Chocapikk f24801a4a4 Update doc 2025-04-29 20:06:40 +02:00
Chocapikk 89404c28e1 Fix markdown 2025-04-26 23:55:00 +02:00
Chocapikk b8d2681335 Remove useless config suggestions 2025-04-26 23:53:59 +02:00
Chocapikk c4e621f3cf Add new exploit for CVE-2025-32432: Craft CMS Preauth RCE 2025-04-26 05:43:13 +02:00
Takah1ro e1b5109c70 Add BentoML RCE module (CVE-2025-32375) 2025-04-17 20:46:43 +09:00
Takah1ro edcc30699a Make user be able to specify a particular endpoint 2025-04-16 21:47:31 +09:00
Takahiro Yokoyama 8dc4beba7f Update documentation/modules/exploit/linux/http/bentoml_rce_cve_2025_27520.md 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-04-16 20:48:34 +09:00
Takah1ro a33a8d91fe Update the document 2025-04-16 12:52:15 +09:00
Takah1ro e51cd24383 Add BentoML RCE module (CVE-2025-27520) 2025-04-15 22:46:42 +09:00
msutovsky-r7 fe9a0ad25b Land #20008, PandoraFMS Auth RCE module 
Pandora FMS authenticated RCE [CVE-2024-12971]
 2025-04-08 07:50:28 +02:00
h00die-gr3y 76fb34a5db small update in description of the module and documentation 2025-04-06 10:49:03 +00:00
h00die-gr3y 8a72fd6861 init module and documentation 2025-04-06 10:33:56 +00:00
Takah1ro 139dd50333 Add Appsmith RCE module (CVE-2024-55964) 2025-04-05 14:56:04 +09:00
Spencer McIntyre bf1f919d9f Merge pull request #19957 from msutovsky-r7/auxmodule-eramba-update 
Auxmodule eramba update
 2025-03-25 13:54:24 -04:00
Martin Sutovsky d922976ea4 Adding more clear installation steps 2025-03-20 19:54:57 +01:00
Martin Sutovsky df027f3fdd Update documentation, adding more precise check, removing unnecessary characters 2025-03-20 15:18:55 +01:00
Martin Sutovsky 9886f78575 Upgrade Eramba RCE module 2025-03-13 12:34:50 +01:00
h00die-gr3y e341398871 small update on module and documentation 2025-03-10 19:35:37 +00:00
H00die.Gr3y 44bdc5b44f Update documentation/modules/exploit/linux/http/invoiceshelf_unauth_rce_cve_2024_55556.md 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-03-10 19:29:12 +01:00
h00die-gr3y 281b728000 initial module and documentation 2025-03-07 17:34:22 +00:00
msutovsky-r7 3c4d0aae2f Land #19899, D-Tale remote code execution module 
Add D-Tale RCE module (CVE-2024-3408, CVE-2025-0655)
 2025-03-03 13:04:45 +01:00
Takah1ro 47351e4959 Use FETCH_DELETE as default 2025-03-03 20:52:55 +09:00
Takah1ro 65d2b6380b Update vulnerable version 2025-03-02 12:14:25 +09:00
Takah1ro 77c3ce52e0 Improve: 
* Support the prior to 3.13.0 versions
* CVE-2024-3408 bypass for authentication
 2025-03-01 11:58:28 +09:00
Diego Ledda 8dd032e529 Land #19897, Invoice Ninja unauthenticated RCE (CVE-2024-55555) and Laravel Crypto Killer mixin 
Land #19897, Invoice Ninja unauthenticated RCE (CVE-2024-55555) and Laravel Crypto Killer mixin
 2025-02-25 13:14:18 +01:00
Diego Ledda 1c27e2a958 docs: update docs for rubocop 2025-02-25 12:15:52 +01:00
H00die.Gr3y 2d55f5c16e Update documentation/modules/exploit/linux/http/invoiceninja_unauth_rce_cve_2024_55555.md 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2025-02-24 15:51:06 +01:00
h00die-gr3y 41e690445e simplified some code sections 2025-02-23 12:59:52 +00:00
h00die-gr3y ece33ee8ec added documentation 2025-02-23 09:54:26 +00:00
Takah1ro 4d4b88c94e Add D-Tale unauth RCE module (CVE-2025-0655) 2025-02-23 09:33:42 +09:00
h00die-gr3y 215957465c added default options and updated documentation 2025-02-20 13:19:41 -06:00
h00die-gr3y 15c20272ea removed linux dropper code and tested with PR 19850 2025-02-20 13:19:41 -06:00
h00die-gr3y fcc929e228 updated documentation with Linux Dropper (x86_64) target scenario 2025-02-20 13:19:41 -06:00
h00die-gr3y f857e5fe67 fixed code review and updated documentation 2025-02-20 13:19:41 -06:00
h00die-gr3y 682be79920 first release module and documentation 2025-02-20 13:19:41 -06:00
Martin Sutovsky bd42b23ef0 Land #19883, module for unauthenticated RCE in InvokeAI 2025-02-18 14:01:11 +01:00
msutovsky-r7 05c9550d43 Land #19877, BeyondTrust Privileged Remote Access & Remote Support RCE Module 
Exploit module for BeyondTrust Privileged Remote Access & Remote Support (CVE-2024-12356, CVE-2025-1094)
 2025-02-17 17:43:15 +01:00
Takah1ro 611556571f Update document 2025-02-17 20:32:43 +09:00
Takah1ro b454a32f3c Fix typo and update document 2025-02-17 12:52:50 +09:00
Takah1ro 0945fbba81 Add InvokeAI unauth RCE module (CVE-2024-12029) 2025-02-16 15:49:56 +09:00
sfewer-r7 d93a99c504 rename the module 2025-02-13 12:51:46 +00:00
sfewer-r7 37276446a6 improve the description for this option 2025-02-12 17:22:43 +00:00
sfewer-r7 c9be9b65ec fix typos in docs 2025-02-12 17:22:17 +00:00
Takah1ro 9f43fcc7ad Update FETCH_COMMAND default to curl 2025-02-10 22:00:52 +09:00
Takah1ro 8d59201447 Update document 2025-02-10 21:38:14 +09:00
Takah1ro 7149d3f332 Leave cleanup as an option 2025-02-10 21:31:50 +09:00
Takah1ro b02838a8dd NetAlertx -> NetAlertX 2025-02-10 12:52:26 +09:00