adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
68,258 Commits 27 Branches 1,043 Tags
e2d052322d68ce4976bae22e4537ea4bea419fc8
Commit Graph

5216 Commits

Author SHA1 Message Date
space-r7 35e4d829d8 Land #17164, add THEME_DIR option to wp_crop_rce 2022-10-25 12:23:50 -05:00
space-r7 7c64b0ba93 add option in documentation and add notes 2022-10-25 12:22:00 -05:00
Jack Heysel 3bf4bd7d7d Land #17162, add RCE module for CVE-2022-35914 
This PR adds an RCE module for the php code injection
present in GLPI versions 10.0.2 and below
 2022-10-24 12:18:34 -04:00
Christophe De La Fuente 43f7d7b73e Land #17098, Hikvision camera unauthenticated information disclosure 2022-10-20 16:20:12 +02:00
Christophe De La Fuente 4cfbae63ac Land #17114, Add exploit for CVE-2022-41352 (zimbra cpio) 2022-10-20 15:10:42 +02:00
Christophe De La Fuente c89569d88c Fix the doc to make msftidy_docs.rb happy 2022-10-20 14:33:40 +02:00
bwatters 73c879a854 Add docs 2022-10-19 17:59:54 -05:00
Ron Bowes d8a5629cf4 Add Zimbra-installation notes 2022-10-19 10:05:20 -07:00
Ron Bowes 56d6f7747b Remove some old code and update documentation with version info 2022-10-19 10:02:29 -07:00
Christophe De La Fuente c43272985e Land #17141, Zimbra Postfix priv esc 2022-10-19 10:33:37 +02:00
Christophe De La Fuente fa67b6973d Documentation fix to follow the template 2022-10-18 16:09:57 +02:00
Ron Bowes dea3f72f6b Resolve feedback - get rid of unnecessary directory, add CVE number, let the user choose the path 2022-10-17 15:00:56 -07:00
Heyder Andrade 26ed9bb053 Update documentation/modules/exploit/linux/http/fortinet_authentication_bypass_cve_2022_40684.md 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2022-10-17 22:49:57 +02:00
Heyder Andrade aece783cee Added reference to user auto-detect method 2022-10-17 01:11:27 +02:00
Heyder Andrade 0b09e564f1 Improved documentation 2022-10-16 14:25:54 +02:00
Heyder Andrade 835b44ca7a Added documentation 2022-10-16 13:42:21 +02:00
Ron Bowes a2a2dcbf6f Check in zimbra_postfix_priv_esc.rb 2022-10-14 13:21:41 -07:00
adfoster-r7 6a682f4fe6 Land #16982, Update Dell iDRAC login scanner to work with v8 and v9 2022-10-14 01:40:35 +01:00
Grant Willcox a3e32ffafa Add TARGET 0 to documentation 2022-10-12 20:00:33 -05:00
Grant Willcox e9f54aa5b8 Update documentation with better wording, and add randomization of parameter name to module along with cleanup code for deleting uploaded files 2022-10-12 19:16:52 -05:00
Jack Heysel 9652823393 Reverted check method to upload shell 2022-10-12 19:16:44 -05:00
Jack Heysel 3c27c8e5aa Condensed payload, changed base64 encoding to hex 2022-10-12 19:12:35 -05:00
Jack Heysel e4eac96b4b Add Module for pfSense pfBlockerNG unauth RCE as root 2022-10-12 19:12:22 -05:00
Grant Willcox f92d913f0c Land #17116, Adding CVE-2022-22947 Spring Cloud Gateway RCE Exploit 2022-10-12 11:53:47 -05:00
bwatters 4aa2b76bde Land #17092, netlm_downgrade Cleanup and support non-Meterpreter sessions 
Merge branch 'land-17092' into upstream-master
 2022-10-12 11:40:20 -05:00
Grant Willcox 487a26ee0f Add in some missing info to examples, set default port, and update IOCs to note we include some IOCs in the logs 2022-10-12 11:19:47 -05:00
Ayantaker 9abaa00b9e Adding some changes to documentation as per review comments 2022-10-12 11:36:35 -04:00
Ayantaker e75438d0b2 Documentation fix and minor fixes 
Fixed the documentation according to msftidy's suggestion and removed a few unessary parts of code
 2022-10-11 18:17:52 -04:00
Grant Willcox 45aa09411e First round of edits from review 2022-10-11 15:46:04 -05:00
Grant Willcox c587360e90 Minor typo fixes 2022-10-11 10:52:42 -05:00
h00die 69d1497ae1 netrc and fetchmailrc docs 2022-10-08 10:43:25 -04:00
JustAnda7 412a07df54 Fixed #16674 2022-10-07 14:35:21 -04:00
Ayantaker c8cd6a7864 Adding CVE-2022-22947 Spring Cloud Gateway RCE Exploit 
CVE-2022-22947 exploits Spring Cloud Gateway. The module has been tested with Spring Cloud gateway version 3.1.0 on Linux kali 5.18.0-kali5-amd64
 2022-10-06 15:48:36 -04:00
Ron Bowes 48dd4693df Add docs for CVE-2022-41352 (zimbra cpio), and fix some text 2022-10-06 10:46:48 -07:00
Jack Heysel 60c21da50e Land #17009, Add MobaXterm cred gather module 
This module determines if MobaXterm is installed and if
it is dumps all saved session information from the target
 2022-10-05 14:14:27 -04:00
Jack Heysel 0145264046 Land #17093, add Enlightenment priv esc module 
This PR adds a local priv esc for Enlightenment on Ubuntu
which exploit a simple cmd injection
 2022-10-04 14:09:18 -04:00
space-r7 63af4e3702 Land #17067, add remote mouse rce 2022-10-04 11:40:33 -05:00
Jack Heysel edc0c622fc Land #17099, Wordpress Elementor plugin RCE 
This PR adds a new authenticated exploit module against
3 versions of Elementor, a plugin for Wordpress.
 2022-10-03 16:59:38 -04:00
h00die b7073df1e0 review comments 2022-10-03 16:53:14 -04:00
bwatters 052d233bd9 Land #17006, Gather_RedisDesktopManager_Password 
Merge branch 'land-17006' into upstream-master
 2022-10-03 15:10:30 -05:00
h00die 68b2aec6fb review comments 2022-10-03 15:25:53 -04:00
h00die-gr3y 08640f0d65 Updated documentation 2022-10-02 20:20:20 +00:00
h00die c6e18ee469 cve-2022-1329 2022-10-02 15:59:58 -04:00
h00die-gr3y 7ae0f552f3 init commit module and documentation 2022-10-02 19:47:47 +00:00
h00die e78babea90 cve-2022-37706 2022-10-01 11:24:29 -04:00
bcoles 3ffbc99d9f netlm_downgrade: Cleanup and support non-Meterpreter sessions 2022-10-01 22:35:11 +10:00
Jack Heysel 9ad513dade Land #16933, Thycotic Secret Server post module 
This PR adds a post exploitation module that exports
and decrypts Thycotic Secret Server credentials
 2022-09-30 13:16:05 -04:00
bwatters 9e74b9887d Land #17048, enum_tokens: Cleanup 
Merge branch 'land-17048' into upstream-master
 2022-09-29 15:58:46 -05:00
jheysel-r7 e06acc7df0 Update documentation/modules/post/windows/gather/credentials/thycotic_secretserver_dump.md 2022-09-29 13:59:01 -04:00
jheysel-r7 e8d4bcdcc6 Update documentation/modules/post/windows/gather/credentials/thycotic_secretserver_dump.md 2022-09-29 13:58:37 -04:00