adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
78,539 Commits 27 Branches 1,043 Tags
e855938ff850dbcdca7f63fa8f3cd2b154ce20b1
Commit Graph

7889 Commits

Author SHA1 Message Date
remmons-r7 12b78c086d Update commvault_rce_cve_2025_57790_cve_2025_57791.rb 
Remove an empty line that msftidy doesn't like
 2025-09-15 11:19:49 -05:00
remmons-r7 ddc5abf20c Update commvault_rce_cve_2025_57790_cve_2025_57791.rb 
Remove a commented out line that isn't needed.
 2025-09-15 10:56:30 -05:00
remmons-r7 bb3a26cff1 Implement peer review suggestions for Commvault module 
Implementing commvault_rce_cve_2025_57790_cve_2025_57791.rb changes from peer review.
 2025-09-15 10:54:34 -05:00
remmons-r7 b754b7027c Merge branch 'rapid7:master' into commvault_rce_cve_2025_57790_cve_2025_57791 2025-09-15 10:47:38 -05:00
Martin Sutovsky 5ab864b9b1 Uses between? for version check, clearer webshell upload 2025-09-11 11:04:34 +02:00
remmons-r7 be546af7c0 Revise and move commvault_rce_cve_2025_57790_cve_2025_57791.rb 
Revised initial module and moved it to windows instead of multi.
 2025-09-05 23:04:02 -05:00
Martin Sutovsky d056164d89 Removes redundant definitions 2025-09-01 15:53:14 +02:00
Martin Sutovsky 2533ddf441 Rubocoping 2025-08-26 12:42:28 +02:00
Martin Sutovsky b43b4c9f37 Updates library, addressing comments 2025-08-25 17:49:34 +02:00
Martin Sutovsky da5b20faa4 Creating lib file for shared functionality, adding more reliable check method for CVE-2025-34511, docs init 2025-08-20 10:59:22 +02:00
Martin Sutovsky 8c28c7dbae Code changes for 34510, adds module for CVE-2025-34511 2025-08-20 09:58:26 +02:00
Martin Sutovsky 7ab12460f1 Fixing payloads 2025-08-19 16:11:25 +02:00
Martin Sutovsky 96791403db Adds malicious zip upload 2025-08-19 09:56:23 +02:00
Martin Sutovsky 52efe8d6de Module init 2025-08-15 14:37:09 +02:00
Brendan b6dc0860e7 Merge pull request #20409 from sfewer-r7/sharepoint-hax 
Exploit module for Microsoft SharePoint ToolPane Unauthenticated RCE (CVE-2025-53770 and CVE-2025-53771)
 2025-08-06 14:24:28 -05:00
sfewer-r7 0a923a611d reword the language around our usage of CVE-2025-53770 to make it clear that this module is leveraging the authentication bypass for both CVE-2025-49706 and CVE-2025-53771, and the unsafe deserialization for CVE-2025-49704. 2025-08-06 15:33:57 +01:00
Spencer McIntyre 3fb2477fbf Increase payload space 2025-07-30 16:13:19 -04:00
msutovsky-r7 f4622d802e Land #20406, adds malicious Windows Script Host VBScript fileformat module 
Add Malicious Windows Script Host VBScript (.vbs) File module
 2025-07-28 13:58:07 +02:00
msutovsky-r7 12340ef6b5 Land #20398, adds malicious Windows Script Host JScript fileformat module 
Add Malicious Windows Script Host JScript (.js) File module
 2025-07-28 13:51:26 +02:00
sfewer-r7 228a066521 add a reference to the Kaspersky analysis which covers all 4 CVEs 2025-07-25 12:26:55 +01:00
sfewer-r7 36fff14466 fix a comment typo 2025-07-25 11:04:18 +01:00
sfewer-r7 f16f7bf2ad add in reference to teh LeakIX blog, which shows CVE-2025-53771 2025-07-25 11:02:55 +01:00
sfewer-r7 ae95d3d4e8 add a comment to clarify what CVE-2025-53771 is 2025-07-25 11:02:08 +01:00
sfewer-r7 8df7f64e79 add some comments to clarify what CVE-2025-49704 is 2025-07-25 11:01:41 +01:00
sfewer-r7 6d9d9a70d4 add some comments to clarify what CVE-2025-49706 is 2025-07-25 11:01:22 +01:00
bcoles cbc03eaeeb Add Malicious Windows Script Host VBScript (.vbs) File module 2025-07-25 18:46:47 +10:00
bcoles 44c61a7e4d Add Malicious Windows Script Host JScript (.js) File module 2025-07-25 18:43:33 +10:00
sfewer-r7 a81710486e add in a reference to the new technical analysis from the origional finder 2025-07-24 12:15:24 +01:00
Stephen Fewer 899e275155 Make the double quotes optional, reports of Server 2016 not using these, but Server 2019 is. Thanks @w0rk3r for the bug report and fix. 
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
 2025-07-23 23:51:42 +01:00
sfewer-r7 b8cf458706 the check routine was getting the /_layouts/15/error.aspx page, this will not be accessable unless Forms Based Authentication (FBA) is enabled on the site. A better choice is /_layouts/15/start.aspx as this is accessible regardless of FBA being enabled. Thanks @alexey-at-work-bc for identifying this and sugesting a fix. 2025-07-23 23:03:43 +01:00
sfewer-r7 7838e06f4f reimplement the gadget chain using the Metasploit Msf::Util::DotNetDeserialization routines 2025-07-23 17:36:56 +01:00
sfewer-r7 d2a1f7bae9 add in exploit for CVE-2025-53770 and CVE-2025-53771, Microsoft SharePoint Server ToolPane Unauthenticated Remote Code Execution (aka ToolShell) 2025-07-23 12:40:14 +01:00
bcoles c5ec45452a Add Malicious Windows Registration Entries (.reg) File module 2025-07-13 23:41:59 +10:00
Spencer McIntyre 50a2749f97 Merge pull request #20289 from cgranleese-r7/adds-mitre-attack-references 
Adds support for MITRE ATT&CK References
 2025-06-27 11:26:09 -04:00
adfoster-r7 a0bb2d8c89 Merge pull request #20298 from bcoles/modules-SSL 
Modules: Convert SSL default option to Boolean in several modules
 2025-06-26 15:00:59 +01:00
cgranleese-r7 a6cdb6deb9 Adds support for MITRE ATT&CK References 2025-06-25 17:24:47 +01:00
cgranleese-r7 04a18fb3ca Updates modules to remove non-printable chars 2025-06-25 14:19:56 +01:00
msutovsky-r7 fde78bf73f Land #20324, adds exploit for UNC path in .url files (CVE-2025-33053) 
Adds exploit module for Internet Shortcut UNC path vulnerability (CVE-2025-33053)
 2025-06-25 11:23:23 +02:00
cgranleese-r7 40ca2b3b1b Adds sentinel notes to modules that are missing stability, reliability or side effects 2025-06-25 09:32:01 +01:00
Martin Sutovsky 13cd2d2e51 Minor code changes, updates documentation 2025-06-24 16:22:42 +02:00
DevBuiHieu fa0d01f55c Update modules/exploits/windows/fileformat/cve_2025_33053.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-06-24 19:24:06 +07:00
cgranleese-r7 a454217bd4 Update info -d markdown 2025-06-24 11:21:49 +01:00
Martin Sutovsky dd6bb2c8dc Remove debug statements 2025-06-24 12:10:46 +02:00
Martin Sutovsky 3d9cc6063d Adds SMB server to send payload 2025-06-24 12:10:19 +02:00
Martin Sutovsky 6aa24a0762 Adds researchers in author section, base for WebDAV server 2025-06-23 15:38:09 +02:00
cgranleese-r7 37388ca1be Adds sentinel values to modules missing notes 2025-06-23 12:24:58 +01:00
bcoles b483312eca Modules: Convert SSL default option to Boolean in several modules 2025-06-23 19:38:36 +10:00
cgranleese-r7 ade9b54d94 Runs Style/TrailingCommaInArguments Rubocop against modules 2025-06-23 09:30:35 +01:00
bcoles e1dec29ef9 exploit/windows/browser/ms08_070_visual_studio_msmask: Cleanup and add documentation 2025-06-23 00:38:44 +10:00
cgranleese-r7 a4b14d8b64 Runs Rubocop to fix layout in modules 2025-06-20 15:18:01 +01:00