adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
76,268 Commits 27 Branches 1,043 Tags
e60be7fcfbbcc2dce07aba955525da21efda9d35
Commit Graph

4462 Commits

Author SHA1 Message Date
msutovsky-r7 05c9550d43 Land #19877, BeyondTrust Privileged Remote Access & Remote Support RCE Module 
Exploit module for BeyondTrust Privileged Remote Access & Remote Support (CVE-2024-12356, CVE-2025-1094)
 2025-02-17 17:43:15 +01:00
sfewer-r7 65e2a20a5d We can remove this line as it is redundant. The regex that follows will check for the same thing as part of its matching expression. Thanks msutovsky-r7 for spoting this. 2025-02-17 16:33:11 +00:00
sfewer-r7 bb9013a8ee check the frame for nil 2025-02-17 12:29:50 +00:00
sfewer-r7 6f1287d899 add in some logic to detect potentially failed exploitation due to the patch being applied, warning a user of a WebSocket getting closed unexpectadly 2025-02-17 12:17:15 +00:00
sfewer-r7 fbef2baf5c remove the uneeded parenthesis and make rubocop happy. 2025-02-17 11:44:50 +00:00
sfewer-r7 c950264a85 Add some comments in the check routine to note theres is no known lower bound version number, and the patch does not change the version number. 2025-02-17 11:35:22 +00:00
Stephen Fewer ed54130346 Explicitly close the WebSocket connection 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-02-17 11:35:03 +00:00
Stephen Fewer 130895671f Remove a duplicate work in this comment (Thanks jvoisin) 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-02-17 09:46:59 +00:00
Stephen Fewer 6ed60547a3 Print the actual status code in the error message (Thanks msutovsky-r7) 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-02-17 09:43:46 +00:00
Stephen Fewer eb1feba767 Fix typo in comment (Thanks jvoisin) 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-02-17 09:42:50 +00:00
sfewer-r7 2d858ac1f0 Improve the auto discovery of the target site info. We can query an undocumented API endpoint to discover the target site company name. 2025-02-14 09:38:13 +00:00
sfewer-r7 9fc8b3b0dc fix a typo 2025-02-13 15:12:23 +00:00
sfewer-r7 90daccd948 add in link to AKB analysis 2025-02-13 15:10:41 +00:00
sfewer-r7 d93a99c504 rename the module 2025-02-13 12:51:46 +00:00
sfewer-r7 18f0bbeaf0 add in the new CVE ID for the PosgreSQL vuln 2025-02-12 17:23:19 +00:00
Takah1ro 2db7f4f186 Use BadChars and Base64Decoder 2025-02-11 11:25:24 +09:00
Takahiro Yokoyama edbdb985e3 Apply suggestions from code review 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-02-11 08:59:37 +09:00
Takah1ro 9f43fcc7ad Update FETCH_COMMAND default to curl 2025-02-10 22:00:52 +09:00
Takah1ro 7149d3f332 Leave cleanup as an option 2025-02-10 21:31:50 +09:00
Takah1ro 92a73b1fed Fix after applying suggestions 2025-02-10 21:18:19 +09:00
Takahiro Yokoyama 127adda3df Update modules/exploits/linux/http/netalertx_rce_cve_2024_46506.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-02-10 21:06:50 +09:00
Takah1ro b02838a8dd NetAlertx -> NetAlertX 2025-02-10 12:52:26 +09:00
Takah1ro 4f584bd5a4 Use cron restart 2025-02-08 17:35:55 +09:00
Takah1ro 00f4f80530 Add NetAlertx rce module (CVE-2024-46506) 2025-02-08 14:40:31 +09:00
jheysel-r7 652fbf1a62 Merge pull request #19813 from h00die/local_version_patch 
guard Rex::Version.new against crashes on local modules
 2025-02-03 12:43:37 -08:00
sfewer-r7 c6d03069a9 add in the documentation 2025-01-31 11:02:01 +00:00
sfewer-r7 d887ab5fac add in module option to leverage CVE-2024-12356. This option is disabled by default, and we hit the SQLi directly. 2025-01-31 10:01:02 +00:00
sfewer-r7 528409ba87 add in the exploit for cve-2024-12356 2025-01-31 09:20:54 +00:00
Martin Sutovsky 34f3957aea Land #19772, adding module for CraftCMS FTP template exploit 2025-01-23 20:21:17 +01:00
h00die af12460274 wrap tomcat dpkg command and rex version 2025-01-22 17:06:48 -05:00
Takah1ro 393b2167cd Fix after applied suggestion 2025-01-20 21:24:16 +09:00
Takahiro Yokoyama 39351486e9 Update modules/exploits/linux/http/librenms_authenticated_rce_cve_2024_51092.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-01-20 21:07:34 +09:00
Takah1ro b0d5cf1f6a Stage the command to a file if failed to limit 2025-01-19 10:43:20 +09:00
Takah1ro 22523badab Update login check 2025-01-19 08:11:44 +09:00
Takah1ro 54bd55b186 Update vulnerable version 2025-01-18 10:18:10 +09:00
Takah1ro c93609eaa7 Lint formatting and make payload shorter 2025-01-18 08:56:15 +09:00
Takahiro Yokoyama fc005f5624 Update modules/exploits/linux/http/librenms_authenticated_rce_cve_2024_51092.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-01-18 08:49:13 +09:00
h00die ae5f0e8689 guard Rex::Version.new against crashes on local modules 2025-01-17 16:10:23 -05:00
Takah1ro 70146e52d9 Make payload shorter 2025-01-17 22:11:08 +09:00
Takah1ro ca304ae5c4 Avoid to split payload 2025-01-17 21:21:48 +09:00
Takah1ro 61b10a44a3 Update default wait time 2025-01-17 12:43:34 +09:00
Takah1ro 8978486895 Use retry_until_truthy 2025-01-17 08:59:06 +09:00
Takah1ro 4f4a0f9cd5 Add nil check 2025-01-17 08:48:33 +09:00
Takah1ro 9540837b37 Use keep_cookies 2025-01-17 08:46:30 +09:00
Takah1ro f9204fe691 Update message about delete devices for clarity 2025-01-17 08:21:33 +09:00
Takahiro Yokoyama 23a9695ea5 Update modules/exploits/linux/http/librenms_authenticated_rce_cve_2024_51092.rb 
Co-authored-by: dwelch-r7 <Dean_Welch@rapid7.com>
 2025-01-17 08:17:49 +09:00
Takah1ro 99bfc21d5f Revert 2025-01-16 22:06:40 +09:00
Takah1ro 5087e460b0 Split long line 2025-01-16 21:57:54 +09:00
Takah1ro 8b127d3afa Add warning when all RETRY will ran out 2025-01-16 21:19:19 +09:00
Takah1ro 4e53c967c2 Update message 2025-01-16 12:59:18 +09:00