adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
75,894 Commits 27 Branches 1,043 Tags
e2bf2162dcf4ceb2fe863f83f799f818736feb06
Commit Graph

2640 Commits

Author SHA1 Message Date
Takah1ro e2bf2162dc Update failure 2025-01-04 09:13:41 +09:00
Takah1ro 6cbb30c91a Avoid the code nesting 2025-01-04 09:11:24 +09:00
Takah1ro bf643041c3 Rubocop formatting 2025-01-04 08:46:12 +09:00
Takahiro Yokoyama 3a28df6b32 Apply suggestions from code review 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2025-01-04 08:41:56 +09:00
Takah1ro bbc282e90c Improve check 2024-12-30 13:36:15 +09:00
Takah1ro 86bd1c2938 Minor improve 
* enable fetch_delete
 * avoid using single quotes
 * update doc
 2024-12-29 12:19:19 +09:00
Takah1ro 6577a18abb Add response check 2024-12-28 15:04:35 +09:00
Takahiro Yokoyama 9f20c575e5 Update modules/exploits/linux/http/selenium_greed_chrome_rce_cve_2022_28108.rb 
Improve version detection messaging

Co-authored-by: bcoles <bcoles@gmail.com>
 2024-12-28 14:40:44 +09:00
Takah1ro 7ecc1cb87b Update vulnerable version 2024-12-28 14:39:24 +09:00
Takah1ro 9bfccc4293 Review fix 
* add check if sudo without password possible
  * base64 encode payload
 2024-12-28 14:02:59 +09:00
Takah1ro 6c5952d3b6 Use send_request_cgi 2024-12-28 13:34:10 +09:00
Takah1ro e3d68d4164 Update author and fix version detection 2024-12-28 11:18:41 +09:00
Takah1ro 38e886f4b6 Update payload string formatting 2024-12-27 21:58:42 +09:00
Takah1ro e17d7cd161 Minor fix 2024-12-27 21:50:26 +09:00
Takah1ro 64b1832567 Update not to use selenium-webdriver 2024-12-27 13:00:20 +09:00
Takah1ro 390f551df7 Fix EDB 2024-12-27 00:10:01 +09:00
Takah1ro 3defb63763 Fix CVE format 2024-12-26 23:57:41 +09:00
Takah1ro 06af9b0b3d Add selenium chrome rce module 2024-12-26 23:44:11 +09:00
jheysel-r7 c7f7cfd848 Land #19656 Close ssh session on error 2024-12-11 17:00:17 -08:00
adfoster-r7 136599a29a Merge pull request #19714 from bwatters-r7/update/projectsend-cveinfo 
Add CVE info to projectsend module
 2024-12-11 13:54:06 +00:00
bwatters-r7 5311b7014e Add CVE info to projectsend module 2024-12-11 07:37:43 -06:00
adfoster-r7 2421ca768f Merge pull request #19705 from ostrichgolf/projectsend_rce 
Add CVE to ProjectSend module
 2024-12-07 14:24:20 +00:00
ostrichgolf 2952dbb0b8 Add CVE to module 2024-12-07 14:23:30 +01:00
Diego Ledda be30a06af4 Land #19430, Moodle RCE (CVE-2024-43425) Module 
Land #19430, Moodle RCE (CVE-2024-43425) Module
 2024-12-06 12:15:35 +01:00
jheysel-r7 21cf475cbb Land #19595 Ivanti Connect Secure auth RCE via OpenSSL (CVE-2024-37404) 2024-12-04 08:26:07 -08:00
Diego Ledda ab2ca41eb8 Land #19629, Chamilo v1.11.24 Unrestricted File Upload (CVE-2023-4220) 
Land #19629, Chamilo v1.11.24 Unrestricted File Upload (CVE-2023-4220)
 2024-12-04 16:49:56 +01:00
jheysel-r7 fa3716408f Add comment explaining payload architecture restraints 2024-12-03 18:33:43 -08:00
Christophe De La Fuente a46b2f437f Use TARGET_URI when checking the redirection URI 2024-12-02 16:45:12 +01:00
Christophe De La Fuente 3dcb9d58ab Code review 2024-12-02 14:02:07 +01:00
Christophe De La Fuente c943cc6378 Add module and documentation 2024-12-02 14:02:07 +01:00
sjanusz-r7 566e12b69e Add error_callback to SSH Command Stream 2024-11-25 16:43:59 +00:00
jheysel-r7 d95d549992 Land #19531 ProjectSend r1335 - r1605 RCE module 2024-11-21 09:53:36 -08:00
ostrichgolf 68eb6599fd Create projectsend_unauth_rce 2024-11-21 09:34:58 -08:00
jheysel-r7 afbbba09e8 Land #19584 Judge0 sandbox escape CVE-2024-28185, CVE-2024-28189 2024-11-20 14:35:38 -08:00
Takah1ro da6f8cd552 Add Judge0 module and document 2024-11-20 14:15:38 -08:00
Spencer McIntyre 5d9add4450 Merge pull request #19640 from jheysel-r7/pyload_js2py_cve_2024_39205 
Pyload RCE (CVE-2024-39205) with js2py sandbox escape (CVE-2024-28397)
 2024-11-15 09:24:37 -05:00
Jack Heysel 92e42a63ea Rubocop 2024-11-14 12:47:35 -08:00
Jack Heysel 4e1f33336c Ofuscation and Gemfile update 2024-11-14 12:44:19 -08:00
Jack Heysel 526451fed5 Responded to comments 2024-11-14 10:46:11 -08:00
Jack Heysel 2ba8a6c08d Responded to comments 2024-11-13 17:23:08 -08:00
Jack Heysel 497ce5e9da Linting and Rex::RandomIdentifier update 2024-11-13 08:28:52 -08:00
h4x-x0r afdddf2e43 updated 2024-11-13 03:40:22 +00:00
Jack Heysel d2ef3cb6a9 Pyload RCE (CVE-2024-39205) with js2py sandbox escape (CVE-2024-28397) 2024-11-12 16:05:07 -08:00
Brendan 19e182ce65 Land #19557, Add Palo Alto Expedition RCE (CVE-2024-5910 & CVE-2024-9464) Module 
Palo Alto Expedition RCE (CVE-2024-5910 & CVE-2024-9464) Module
 2024-11-12 16:42:06 -06:00
h4x-x0r 6f6f92823a fixed typo 
fixed typo
 2024-11-12 15:15:15 +00:00
h4x-x0r fb102ec409 Update modules/exploits/linux/http/paloalto_expedition_rce.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2024-11-12 09:03:22 -06:00
bwatters-r7 03928a56bd Add staging file delete and code cleanup 2024-11-11 14:42:19 -06:00
Jack Heysel 3068511b66 CVE-2023:4220: Chamilo v1.11.24 Unrestricted File Upload 2024-11-11 11:33:34 -08:00
bwatters-r7 0308f46f74 Stage cmd payloads to a file before executing 2024-11-08 19:27:58 -06:00
h4x-x0r 661075a45c handling additional case 
handling additional case when autocheck is disabled and no credentials are provided
 2024-10-22 03:42:39 +01:00