adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
75,134 Commits 27 Branches 1,043 Tags
e52edf447c8c15feb50331f031bf8dfe5e1bcef7
Commit Graph

4217 Commits

Author SHA1 Message Date
adfoster-r7 7b400f18fe Fix metabase rce to support older versions 2024-10-17 10:10:50 +01:00
jheysel-r7 8d6972081f Land #19480 update service_persistence for openrc 
This updates exploits/linux/local/service_persistence.rb to work on systems that are running OpenRC
 2024-10-02 17:48:18 -04:00
jheysel-r7 1cdaeac843 Land #19463 Add Acronis Cyber Default Password RCE 
This adds an RCE module Acronis Cyber Infrastructure Default Password [CVE-2023-45249]
 2024-10-02 16:02:50 -04:00
jvoisin 811678a793 Add openrc to exploits/linux/local/service_persistence.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2024-10-02 12:54:33 +02:00
h00die-gr3y c43a4f4b0b Fixed cluster ID issue 2024-09-26 21:53:27 +00:00
Brendan dbc020a745 Merge pull request #19441 from Takahiro-Yoko/cve_2023_0386_priv_esc 
Land #19441, Add module: Linux Priv Esc (OverlayFS copying bug) CVE-2023-0386
 2024-09-26 14:07:17 -05:00
Takah1ro 6d541b625f Remove unnecessary shell_path 2024-09-24 08:18:30 +09:00
Takahiro Yokoyama 130f146819 Apply suggestions from code review 
Change to call setgid and setuid in the exploit before executing the payload

Co-authored-by: Brendan <bwatters@rapid7.com>
 2024-09-24 08:06:26 +09:00
Jack Heysel 8e2dbbbd56 Land #19416, Add Traccar RCE module 
This module exploits two vulnerabilities in Traccar v5.1 - v5.12 to
obtain remote code execution: A path traversal vulnerability
CVE-2024-24809 and an unrestricted file upload vulnerability
CVE-2024-31214.
 2024-09-23 15:25:02 -07:00
jheysel-r7 e0e7c67ff7 Remove jsessionid parsing now that keep_cookies is being used 2024-09-23 18:12:01 -04:00
h00die-gr3y 8e62f22315 fifth release with the option to use your own SSH private key 2024-09-20 09:50:13 +00:00
h00die-gr3y 8b197a60f9 fourth release addressing review comments of jheysel-r7 2024-09-19 20:54:55 +00:00
h00die-gr3y 9971aed96f third release addressing majority of the review comments 2024-09-17 19:23:38 +00:00
H00die.Gr3y d7fa23f30f Apply suggestions from code review 
Co-authored-by: bcoles <bcoles@gmail.com>
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-09-17 19:00:48 +02:00
h00die-gr3y 455c5b2391 second release module 2024-09-15 20:01:27 +00:00
h00die-gr3y 1ba05ac88a first release module 2024-09-15 19:47:32 +00:00
Takah1ro 30704c494a Remove unnecessary strip_comments 2024-09-15 10:00:43 +09:00
dledda-r7 83a31c8a2a Land #19454, Persistence post module using motd 2024-09-13 09:02:22 -04:00
jvoisin 6d659e3aa8 Add modules/exploits/linux/local/motd_persistence.rb 2024-09-12 17:41:47 +02:00
h4x-x0r 30e6af7791 cleanup 
Code cleanup and better handling of different use cases.
 2024-09-12 14:34:45 +01:00
Spencer McIntyre 5e71490b66 Fix a typo when the kernel is not Ubuntu 2024-09-09 14:19:20 -04:00
Takah1ro 8ddf8a04ff Remove options 2024-09-07 12:44:37 +09:00
Takah1ro 8366252ba2 Not call payload directory 2024-09-07 12:28:40 +09:00
Takah1ro 692531bb87 Call payload directory 2024-09-07 12:16:04 +09:00
Takah1ro 2b63f8bb88 Rename exploit 2024-09-07 10:29:41 +09:00
Takah1ro 731780ca1a Formatting 2024-09-07 09:21:30 +09:00
Takah1ro 9e832eb483 Use exploit_path variable 2024-09-07 09:19:17 +09:00
Takah1ro fd7321dd3f Strip_comments 2024-09-06 22:58:31 +09:00
Takah1ro b34e807277 Remove unnecessary directory existing check 2024-09-06 22:05:34 +09:00
Takah1ro a40fbb2a7b Remove unnecessary check 2024-09-06 22:04:51 +09:00
Takah1ro d4ac300d73 Fix typo 2024-09-06 21:59:16 +09:00
Takahiro Yokoyama 7a921bbeff Update modules/exploits/linux/local/cve_2023_0386_overlayfs_priv_esc.rb 
Use kernel_version.btween

Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-09-06 21:45:32 +09:00
Takah1ro cd97b08c62 Move C code to separate file 2024-09-06 21:09:39 +09:00
Takah1ro 1cc562c863 Use mkdir function 2024-09-06 12:55:51 +09:00
Takah1ro 920ef70105 Exploit dir existing check 2024-09-06 12:53:18 +09:00
Takahiro Yokoyama b243b86157 Update modules/exploits/linux/local/cve_2023_0386_overlayfs_priv_esc.rb 
use linux/x64/meterpreter_reverse_tcp

Co-authored-by: Brendan <bwatters@rapid7.com>
 2024-09-06 08:51:20 +09:00
Takah1ro dc81711301 Make timeout user configurable 2024-09-06 08:24:14 +09:00
Jack Heysel 152710403d Land #19330, Add SSL opt in start_service 
The start_service method now allows users to specify their SSL
preferences directly through the opts parameter. If the ssl option is
not provided in opts, it will default to the value in datastore["SSL"]
 2024-09-05 09:08:07 -07:00
Jack Heysel 434593dcb4 Suggestion and rubocop fixes 2024-09-05 08:49:32 -07:00
Takah1ro afb8c6c27c Strip comments 2024-09-05 23:13:08 +09:00
Takah1ro 3d20dd6ddf Add module: 
Linux Priv Esc (OverlayFS copying bug) CVE-2023-0386
 2024-09-05 22:54:55 +09:00
h4x-x0r a39c4076e4 cleanup 
cleanup
 2024-08-29 13:36:54 +01:00
h4x-x0r 018b041335 cleanup 
cleanup
 2024-08-28 15:40:35 +01:00
h4x-x0r 6532255600 PoC & Documentation 
PoC & Documentation
 2024-08-23 23:21:49 +01:00
dledda-r7 ec5892ff1f Land #19363, Ray Modules CVE-2023-6019 CVE-2023-6020 CVE-2023-48022 2024-08-23 04:55:17 -04:00
Takah1ro 39f81e0a45 Update check function 2024-08-21 22:32:53 +09:00
Takah1ro ee58313d64 Update check function 2024-08-21 22:09:56 +09:00
Takahiro Yokoyama c66540ef2f Update modules/exploits/linux/http/ray_agent_job_rce.rb 
use MeterpreterTryToFork to avoid a meterpreter session get killed

Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2024-08-21 21:38:37 +09:00
Takah1ro 91167fc85f Remove unnecessary option 2024-08-20 21:44:11 +09:00
Takah1ro 4d1782640b Update sideeffects 2024-08-20 19:12:18 +09:00