adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
75,405 Commits 27 Branches 1,043 Tags
e5cdf6097da4ee538d52867b8a09ac8d7d6a019a
Commit Graph

4261 Commits

Author SHA1 Message Date
sfewer-r7 e5cdf6097d favor File.binread over File.read 2024-11-22 12:40:19 +00:00
sfewer-r7 f59bfe98a3 remove the default payload and the default fetch command, and let the framework choose them for us. 2024-11-22 12:39:34 +00:00
sfewer-r7 2ba112a5a4 We can use OptPath here instead of OptString. Also are these are optional, and we dont specify a default, we can omit the nil default value. 2024-11-22 12:38:46 +00:00
sfewer-r7 000ffb2406 make the check routine return a message for Detected. 2024-11-22 12:37:50 +00:00
sfewer-r7 4856817131 fix a typo 2024-11-18 09:44:53 +00:00
sfewer-r7 feb1ac79da add in a suitable certificate and private key to use by default. 2024-11-15 17:41:31 +00:00
sfewer-r7 e520ca7ee9 comment the intent of this code block 2024-11-15 12:29:31 +00:00
sfewer-r7 2ec5778405 get_cert_subject_item may return nil, so test for that here 2024-11-15 12:28:25 +00:00
sfewer-r7 51ad7ad0bf improve the send_packet logic to fail gracefully if bad data is recieved 2024-11-15 12:27:33 +00:00
sfewer-r7 c3bd4792ec rename SSLClientCert and SSLClientKey to ClientCert and ClientKey. This then matcheds up with ClientSerialNumber and ClientPlatform, which is clearer IMHO. Also, we explicitly create a Rex TCP socket, so these param names no longer collide with what a mixin would use 2024-11-15 09:44:50 +00:00
sfewer-r7 6eb15d5b66 add a helper method get_cert_subject_item 2024-11-15 09:42:59 +00:00
sfewer-r7 91587ce30b this message can be on a single line 2024-11-15 09:42:06 +00:00
sfewer-r7 e89c27fa3b fix some typos. Make msftidy happy. Add comments to the external references. 2024-11-15 08:54:32 +00:00
sfewer-r7 47f924bb8f add in the initial work on the FortiManager exploit. 2024-11-14 18:53:12 +00:00
Brendan 19e182ce65 Land #19557, Add Palo Alto Expedition RCE (CVE-2024-5910 & CVE-2024-9464) Module 
Palo Alto Expedition RCE (CVE-2024-5910 & CVE-2024-9464) Module
 2024-11-12 16:42:06 -06:00
h4x-x0r 6f6f92823a fixed typo 
fixed typo
 2024-11-12 15:15:15 +00:00
h4x-x0r fb102ec409 Update modules/exploits/linux/http/paloalto_expedition_rce.rb 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2024-11-12 09:03:22 -06:00
bwatters-r7 03928a56bd Add staging file delete and code cleanup 2024-11-11 14:42:19 -06:00
bwatters-r7 0308f46f74 Stage cmd payloads to a file before executing 2024-11-08 19:27:58 -06:00
h4x-x0r 661075a45c handling additional case 
handling additional case when autocheck is disabled and no credentials are provided
 2024-10-22 03:42:39 +01:00
h4x-x0r 4d7d7f2c06 updated 
using instance variables instead of updating the datastores
 2024-10-21 22:07:43 +01:00
h4x-x0r 7028b807ed linting 
linting
 2024-10-21 21:45:04 +01:00
h4x-x0r b6d3a0ef36 safety flag 
added a safety flag for the password reset in case no credentials are provided
 2024-10-21 21:43:48 +01:00
h4x-x0r 202e5e55ac Added exception handling 
Added exception handling
 2024-10-20 19:50:43 +01:00
Diego Ledda 59d026acd3 Land #19544, Magento Arbitrary File Read (CVE-2024-34102) + PHP Buffer Overflow iconv() of GLIBC (CVE-2024-2961) 2024-10-18 14:39:54 +02:00
adfoster-r7 7b400f18fe Fix metabase rce to support older versions 2024-10-17 10:10:50 +01:00
Jack Heysel ee68e47521 Added http_server cleanup 2024-10-15 10:28:39 -07:00
Jack Heysel 7a89db5080 Updated print statements 2024-10-15 09:21:07 -07:00
Jack Heysel 3635dd1c23 Merge branch 'magento_xxe_to_rce' 2024-10-15 09:17:40 -07:00
Jack Heysel 3f6f060933 Updated check method 2024-10-15 09:17:02 -07:00
h4x-x0r 7929df2bfd improved reliability 
improved reliability
 2024-10-15 06:26:46 +01:00
h4x-x0r 5716b6c799 linting 
linting
 2024-10-14 15:56:00 +01:00
h4x-x0r ea74802a5a cleanup 
cleanup
 2024-10-14 15:53:07 +01:00
h4x-x0r bd7cd8b3ba cleanup 
cleanup
 2024-10-14 15:36:45 +01:00
h4x-x0r 34538df83c PoC and Documentation 
PoC and Documentation
 2024-10-14 05:09:29 +01:00
h4x-x0r d28a098398 CVE-2024-9464 
CVE-2024-9464
 2024-10-11 19:31:56 +01:00
jheysel-r7 3be4eae2f5 Update modules/exploits/linux/http/magento_xxe_to_glibc_buf_overflow.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-10-10 15:20:06 -04:00
Jack Heysel 44b33b8010 Fixed multiple sessions and instability 2024-10-10 11:36:16 -07:00
Jack Heysel 65936d181e Update libc region on sucess print 2024-10-09 23:04:44 -07:00
Jack Heysel dab5d66e37 Test and respond to comments 2024-10-09 22:52:55 -07:00
jheysel-r7 b72f70cbac Apply suggestions from code review 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-10-10 00:40:54 -04:00
Jack Heysel 7a78c0d724 Updated authors 2024-10-09 13:14:09 -07:00
Jack Heysel b94b2f3c72 Merge conflicts and rubocop 2024-10-09 12:59:59 -07:00
Jack Heysel e8711c5b20 Magento XXE to GLIBC buffer overflow 2024-10-09 12:53:29 -07:00
Jack Heysel 9536eaae2d Magento XXE to GLIBC buffer overflow 2024-10-09 12:36:53 -07:00
jheysel-r7 8d6972081f Land #19480 update service_persistence for openrc 
This updates exploits/linux/local/service_persistence.rb to work on systems that are running OpenRC
 2024-10-02 17:48:18 -04:00
jheysel-r7 1cdaeac843 Land #19463 Add Acronis Cyber Default Password RCE 
This adds an RCE module Acronis Cyber Infrastructure Default Password [CVE-2023-45249]
 2024-10-02 16:02:50 -04:00
jvoisin 811678a793 Add openrc to exploits/linux/local/service_persistence.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2024-10-02 12:54:33 +02:00
h00die-gr3y c43a4f4b0b Fixed cluster ID issue 2024-09-26 21:53:27 +00:00
Brendan dbc020a745 Merge pull request #19441 from Takahiro-Yoko/cve_2023_0386_priv_esc 
Land #19441, Add module: Linux Priv Esc (OverlayFS copying bug) CVE-2023-0386
 2024-09-26 14:07:17 -05:00