adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
75,882 Commits 27 Branches 1,043 Tags
e4111cdc97decaad0dc76e4151ab03555fa82ef0
Commit Graph

4325 Commits

Author SHA1 Message Date
Takah1ro e4111cdc97 Update to use FETCH_DELETE 2024-12-29 12:33:39 +09:00
Takah1ro af432a3b72 Improve stability 2024-12-29 12:00:09 +09:00
Takah1ro cb34508321 Avoid using single quote in payload 2024-12-28 20:09:18 +09:00
Takah1ro 02ad81066d Add cleanup 2024-12-28 18:04:56 +09:00
Takahiro Yokoyama c7d7407179 Update modules/exploits/linux/http/selenium_greed_firefox_rce_cve_2022_28108.rb 
Co-authored-by: bcoles <bcoles@gmail.com>
 2024-12-28 18:04:09 +09:00
Takah1ro 90d9bb769d Update vulnerable version 2024-12-28 15:53:31 +09:00
Takah1ro 43230b02a5 Review fix 
* use send_request_cgi
  * add check if sudo without password possible
  * base64 encode payload
 2024-12-28 15:42:15 +09:00
Takah1ro 340d4bcd58 Add selenium firefox rce module 2024-12-28 12:27:18 +09:00
Brendan 7ddffc790c Merge pull request #19460 from gardnerapp/game_overlay 
Land #19460, CVE-2023-2640, CVE-2023-32629 Game Overlay Ubuntu Privilege Escalation
 2024-12-18 14:44:57 -06:00
bwatters-r7 59229ee612 Update payload name, fix payload escapes & quotation, add unix cmd support 2024-12-17 16:52:24 -06:00
jheysel-r7 c7f7cfd848 Land #19656 Close ssh session on error 2024-12-11 17:00:17 -08:00
adfoster-r7 136599a29a Merge pull request #19714 from bwatters-r7/update/projectsend-cveinfo 
Add CVE info to projectsend module
 2024-12-11 13:54:06 +00:00
bwatters-r7 5311b7014e Add CVE info to projectsend module 2024-12-11 07:37:43 -06:00
adfoster-r7 2421ca768f Merge pull request #19705 from ostrichgolf/projectsend_rce 
Add CVE to ProjectSend module
 2024-12-07 14:24:20 +00:00
ostrichgolf 2952dbb0b8 Add CVE to module 2024-12-07 14:23:30 +01:00
Diego Ledda be30a06af4 Land #19430, Moodle RCE (CVE-2024-43425) Module 
Land #19430, Moodle RCE (CVE-2024-43425) Module
 2024-12-06 12:15:35 +01:00
jheysel-r7 e8911f9129 Land #19402 vCenter Sudo LPE (CVE-2024-37081) 2024-12-04 18:25:05 -08:00
h00die bca3626cf2 peer review 2024-12-04 18:39:43 -05:00
jheysel-r7 21cf475cbb Land #19595 Ivanti Connect Secure auth RCE via OpenSSL (CVE-2024-37404) 2024-12-04 08:26:07 -08:00
Diego Ledda ab2ca41eb8 Land #19629, Chamilo v1.11.24 Unrestricted File Upload (CVE-2023-4220) 
Land #19629, Chamilo v1.11.24 Unrestricted File Upload (CVE-2023-4220)
 2024-12-04 16:49:56 +01:00
jheysel-r7 fa3716408f Add comment explaining payload architecture restraints 2024-12-03 18:33:43 -08:00
jheysel-r7 2d1af7d809 Land #19648 Add exploit module for FortiManager (CVE-2024-47575) 2024-12-02 18:31:25 -08:00
jheysel-r7 5a837d1ef6 fix a typo 2024-12-02 18:16:43 -08:00
jheysel-r7 a230a353e4 Land #19613 Asterisk authenticated rce via AMI (CVE-2024-42365) 2024-12-02 08:21:35 -08:00
Christophe De La Fuente a46b2f437f Use TARGET_URI when checking the redirection URI 2024-12-02 16:45:12 +01:00
Christophe De La Fuente 3dcb9d58ab Code review 2024-12-02 14:02:07 +01:00
Christophe De La Fuente c943cc6378 Add module and documentation 2024-12-02 14:02:07 +01:00
h00die d13bccca05 peer review 2024-11-28 20:24:25 -05:00
sjanusz-r7 566e12b69e Add error_callback to SSH Command Stream 2024-11-25 16:43:59 +00:00
sfewer-r7 68e9b39ffa register teh Rex socket we create via add_socket. This lets teh frameowkr close the socket after we get a session, and will wait up to WfsDelay for that to happen. This lets us remove the other timeout we had, and teh user can always adjust WfsDelay if needed. (Thanks Spencer) 2024-11-22 12:42:08 +00:00
sfewer-r7 e5cdf6097d favor File.binread over File.read 2024-11-22 12:40:19 +00:00
sfewer-r7 f59bfe98a3 remove the default payload and the default fetch command, and let the framework choose them for us. 2024-11-22 12:39:34 +00:00
sfewer-r7 2ba112a5a4 We can use OptPath here instead of OptString. Also are these are optional, and we dont specify a default, we can omit the nil default value. 2024-11-22 12:38:46 +00:00
sfewer-r7 000ffb2406 make the check routine return a message for Detected. 2024-11-22 12:37:50 +00:00
jheysel-r7 d95d549992 Land #19531 ProjectSend r1335 - r1605 RCE module 2024-11-21 09:53:36 -08:00
ostrichgolf 68eb6599fd Create projectsend_unauth_rce 2024-11-21 09:34:58 -08:00
h00die 0f6da56a52 vcenter sudo module 2024-11-21 04:34:15 -05:00
jheysel-r7 afbbba09e8 Land #19584 Judge0 sandbox escape CVE-2024-28185, CVE-2024-28189 2024-11-20 14:35:38 -08:00
Takah1ro da6f8cd552 Add Judge0 module and document 2024-11-20 14:15:38 -08:00
bwatters-r7 441a3215b2 Catch up to head on other branch 2024-11-19 08:59:22 -06:00
h00die 6bd049e346 operator working 2024-11-18 20:09:13 -05:00
gardnerapp 19770cf870 Remove unneeded file and rudocop corrections 
Update modules/exploits/linux/local/gameoverlay_privesc.rb

Co-authored-by: Brendan <bwatters@rapid7.com>

Give bwatters7 credit, add docs

Experiment with randomized bash copy and Rex::File.join

remove unused line

Add missing parenthesis

fix problem with bash copy

Remove rex::join, call proper method for generating payload

add exploit::exe mixin, bash copy randomization

Rubocop changes

Remove nc
 2024-11-18 17:01:08 -06:00
gardnerapp 6e09722f67 Rubocop changes and arch tracking for payload 
Update modules/exploits/linux/local/gameoverlay_privesc.rb

Co-authored-by: Brendan <bwatters@rapid7.com>

Rubocop changes
 2024-11-18 16:59:37 -06:00
gardnerapp c6425f7245 Break out command building to make it easier to read 
Update modules/exploits/linux/local/gameoverlay_privesc.rb

Co-authored-by: Brendan <bwatters@rapid7.com>
 2024-11-18 16:58:56 -06:00
gardnerapp e506c34e13 Update modules/exploits/linux/local/gameoverlay_privesc.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2024-11-18 16:57:17 -06:00
gardnerapp 883a0f8985 Update modules/exploits/linux/local/gameoverlay_privesc.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2024-11-18 16:57:17 -06:00
gardnerapp 51194ad0c9 Rebase and maintain authorship 
Rebase and change payload delivery

Rebase and remove cmdstager
Update modules/exploits/linux/local/game_overlay_privesc.rb

Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>

remove CmdStager Mixin

Add PrependSetuid

Remove python from exploit

Remove generate_payload_exe and add dynamic directory to upper mount layer

Change where payload is dropped

Remove FileUtils module

Call proper method for generating payload

Seperate exploit and triggering of payload

Seperate exploit and triggering payload

test
 2024-11-18 16:55:59 -06:00
gardnerapp c927f22d66 Update modules/exploits/linux/local/game_overlay_privesc.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-11-18 16:44:33 -06:00
Corey 5edec2525f Rebase and Squash 
init

Add moduel scaffolding

Add Opts, check and exploit methods

Rubocop changes

Add checks for vunerable kernel versions

Write check for distro type

Finish protoype of check add exploit

Make changes to check method

Add checkcode

Add x86 for payload compatability

remove check, add kernel version

add codenam, transform keys in vuln

Note

minor spelling change

Add description

Add cve references

Start trying to drop payloads on disk

Change description, include modules for file upload, use proper methods for writing payload

continue trying to upload

Use write_file instead of upload_and_chmodx

remove upload_dir opt

expirement w g1vi exploit

Include cmd_stage module, add generate_payload_exe, run payload in new namespace

Add missing call to setcap, fix description

Fix unterminated string, fix directory for calling python copy

Rubocop changes

Create dynamic payload

Add mkdir_p and WritableDir opts

Update modules/exploits/linux/local/game_overlay_privesc.rb

Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>

Revert back to python exploit, add dynamic writable dir

Add todos

Remove FileUtils

Change module name

Add checkcodes

Add more checkcodes
 2024-11-18 16:41:38 -06:00
h00die f38661d6c3 pod user working 2024-11-18 07:30:21 -05:00