adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
68,258 Commits 27 Branches 1,043 Tags
e2d052322d68ce4976bae22e4537ea4bea419fc8
Commit Graph

3431 Commits

Author SHA1 Message Date
bwatters 9902e9a1e4 Land #17110, check files exist before doing other things 
Merge branch 'land-17110' into upstream-master
 2022-10-24 14:20:16 -05:00
Jack Heysel 3bf4bd7d7d Land #17162, add RCE module for CVE-2022-35914 
This PR adds an RCE module for the php code injection
present in GLPI versions 10.0.2 and below
 2022-10-24 12:18:34 -04:00
jheysel-r7 3bbd05a11a Update modules/exploits/linux/http/glpi_htmlawed_php_injection.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2022-10-24 11:48:33 -04:00
Christophe De La Fuente 4cfbae63ac Land #17114, Add exploit for CVE-2022-41352 (zimbra cpio) 2022-10-20 15:10:42 +02:00
bwatters 6039e54b75 For real, this time 2022-10-19 17:23:16 -05:00
bwatters 78e8de826b Sure; I can spell 2022-10-19 17:22:29 -05:00
bwatters 238aa9058f Fix Cmdstager flavor, complete info hash 2022-10-19 17:18:20 -05:00
bwatters 56b8bf6302 Working draft for CVE-2022-35914 2022-10-19 14:33:33 -05:00
Ron Bowes 56d6f7747b Remove some old code and update documentation with version info 2022-10-19 10:02:29 -07:00
Christophe De La Fuente c43272985e Land #17141, Zimbra Postfix priv esc 2022-10-19 10:33:37 +02:00
Ron Bowes 9a35a5c8dd Post patch info 2022-10-18 10:12:54 -07:00
Ron Bowes 6bdf0da994 Add a sanity check before generating the payload - prevents a confusing error if the server is down 2022-10-18 10:09:51 -07:00
Heyder Andrade 1804e5ab60 Update modules/exploits/linux/http/fortinet_authentication_bypass_cve_2022_40684.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2022-10-18 00:51:28 +02:00
Ron Bowes dea3f72f6b Resolve feedback - get rid of unnecessary directory, add CVE number, let the user choose the path 2022-10-17 15:00:56 -07:00
Heyder Andrade 67bd118dd5 Update modules/exploits/linux/http/fortinet_authentication_bypass_cve_2022_40684.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2022-10-17 22:49:48 +02:00
Heyder Andrade 7cdf8e181f Update modules/exploits/linux/http/fortinet_authentication_bypass_cve_2022_40684.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2022-10-17 22:49:34 +02:00
Heyder Andrade b3a0d70688 Added prefer admin 
- One can now say whether the auto-detect user method should prefer to return the admin or other random one.
 2022-10-17 15:16:16 +02:00
Heyder Andrade 5d99428c1d Changed SSH key algorithm and fix bug on cleanup 
- Prefer to use EC over RSA, only because it is smaller
- When there was no previous ssh key for such user the cleanup method was trying to overwrite the one on the index 0
 2022-10-17 14:40:51 +02:00
Heyder Andrade 71a1c60d49 Sticking to the striced needed 
The port in the Forwarded HTTP header can be random.
 2022-10-17 13:01:13 +02:00
Heyder Andrade 422675a0c0 Fixed code-style offenses 2022-10-17 01:08:57 +02:00
Heyder Andrade 6140f0bc4d Added method to auto-detect target user 2022-10-17 00:44:46 +02:00
Heyder Andrade 9241c515d7 Try to cleanup only if there was ssh connection 2022-10-16 18:50:39 +02:00
Heyder Andrade 6cfb277c90 Added cleanup method 2022-10-16 15:09:45 +02:00
Heyder Andrade 45149c144c Code cleanup and ssh key password 
- cleaned up some unecessary code
- add option to the user set an encrypted custom ssh key
 2022-10-16 13:32:25 +02:00
Heyder Andrade 95b1bffdea Do not overwrite the first two keys 2022-10-15 19:04:53 +02:00
Heyder Andrade 47f6971651 It is working but need some improvements 2022-10-15 04:10:12 +02:00
Ron Bowes a2a2dcbf6f Check in zimbra_postfix_priv_esc.rb 2022-10-14 13:21:41 -07:00
Heyder Andrade 31404116a5 Rename module 2022-10-14 22:19:43 +02:00
Heyder Andrade f643bba09a Added module for CVE-2022-40684 2022-10-14 18:36:18 +02:00
Grant Willcox 487a26ee0f Add in some missing info to examples, set default port, and update IOCs to note we include some IOCs in the logs 2022-10-12 11:19:47 -05:00
Ayantaker e75438d0b2 Documentation fix and minor fixes 
Fixed the documentation according to msftidy's suggestion and removed a few unessary parts of code
 2022-10-11 18:17:52 -04:00
Grant Willcox 45aa09411e First round of edits from review 2022-10-11 15:46:04 -05:00
h00die 4950124ea0 use more Post::File functions 2022-10-08 09:50:25 -04:00
h00die a3eee73efb review comments 2022-10-08 09:16:57 -04:00
Ayan Saha f67a7f395f Modified unix_cmd payload as per suggestion 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2022-10-08 02:26:11 +05:30
Ayan Saha ec57260c66 Adding suggested code 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2022-10-08 02:25:35 +05:30
Ayantaker 32db330ff6 Fixing the rubocop issue 2022-10-07 11:08:01 -04:00
Ayantaker 910ee931c2 Fixing the description of the module 2022-10-06 15:55:32 -04:00
Ayantaker c8cd6a7864 Adding CVE-2022-22947 Spring Cloud Gateway RCE Exploit 
CVE-2022-22947 exploits Spring Cloud Gateway. The module has been tested with Spring Cloud gateway version 3.1.0 on Linux kali 5.18.0-kali5-amd64
 2022-10-06 15:48:36 -04:00
Ron Bowes 48dd4693df Add docs for CVE-2022-41352 (zimbra cpio), and fix some text 2022-10-06 10:46:48 -07:00
Ron Bowes 08c29f7f28 Add exploit for CVE-2022-41352 (zimbra cpio) 2022-10-06 10:23:53 -07:00
h00die 6db9ee743e check files exist before suid checking them 2022-10-05 19:43:07 -04:00
adfoster-r7 46910b9390 Land #17105, set keep_cookies value to boolean true instead of string true 2022-10-05 11:37:37 +01:00
Jack Heysel 0145264046 Land #17093, add Enlightenment priv esc module 
This PR adds a local priv esc for Enlightenment on Ubuntu
which exploit a simple cmd injection
 2022-10-04 14:09:18 -04:00
h00die 06aefb630a string true to bool true 2022-10-03 19:50:04 -04:00
h00die b7073df1e0 review comments 2022-10-03 16:53:14 -04:00
h00die de184226f6 repeatable sessions 2022-10-01 11:30:21 -04:00
h00die e78babea90 cve-2022-37706 2022-10-01 11:24:29 -04:00
bcoles 5f92d9418d Modules: Fix Stability/SideEffects/Reliability notes for several modules 2022-10-01 17:54:59 +10:00
bwatters 89ef91c9cd Update ranking for nft_set_elem_init 2022-09-30 09:57:54 -05:00