adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
74,617 Commits 27 Branches 1,043 Tags
ec5892ff1f7d6fcdcd625faa5bb05ddaaa6938a2
Commit Graph

36633 Commits

Author SHA1 Message Date
dledda-r7 ec5892ff1f Land #19363, Ray Modules CVE-2023-6019 CVE-2023-6020 CVE-2023-48022 2024-08-23 04:55:17 -04:00
dledda-r7 35da4662ed Land #19351, DIAEnergie SQL Injection 2024-08-21 09:44:15 -04:00
Takah1ro 39f81e0a45 Update check function 2024-08-21 22:32:53 +09:00
Takah1ro ee58313d64 Update check function 2024-08-21 22:09:56 +09:00
dwelch-r7 f3a220518a Land #19394, SPIP Unauthenticated RCE Exploit 2024-08-21 13:58:26 +01:00
Takahiro Yokoyama c66540ef2f Update modules/exploits/linux/http/ray_agent_job_rce.rb 
use MeterpreterTryToFork to avoid a meterpreter session get killed

Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2024-08-21 21:38:37 +09:00
dwelch-r7 8d838d4d56 Land #19366, Jenkins Login Scanner improvments 2024-08-21 10:28:22 +01:00
Chocapikk 62ab17b14d Update documentation and Docker Compose for SPIP, remove Rex.sleep() in Metasploit module due to stable payload. 2024-08-20 19:41:05 +02:00
Valentin Lobstein fdbf7dd3ef Update modules/exploits/multi/http/spip_porte_plume_previsu_rce.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-08-20 18:54:03 +02:00
Takah1ro 91167fc85f Remove unnecessary option 2024-08-20 21:44:11 +09:00
Takah1ro 4d1782640b Update sideeffects 2024-08-20 19:12:18 +09:00
Takah1ro 01b2a1c55c Enable fetch payload 2024-08-20 13:20:42 +09:00
Takah1ro 45677898a8 Add TARGET_URI 2024-08-20 13:08:01 +09:00
Takah1ro 52852cea72 Add cve ref 2024-08-20 12:59:52 +09:00
Takah1ro 99c81d7821 Set default fetch_command to wget 2024-08-20 08:59:39 +09:00
Takah1ro 64bdf54bb0 Use Fetch Payload (Not tested) 2024-08-20 08:56:05 +09:00
Takah1ro a5b9d553fa Update check to use version info 2024-08-20 08:25:27 +09:00
Takah1ro 5be7e09ff0 Update check to use version info 2024-08-20 08:21:48 +09:00
Takah1ro 17ea7d2b72 Remove explicit return 2024-08-20 08:15:16 +09:00
Takah1ro 1232080340 Update lfi module 2024-08-20 08:09:12 +09:00
Takahiro Yokoyama f902ae84fe Update modules/auxiliary/gather/ray_lfi_cve_2023_6020.rb 
Avoid check method being controlled by the 'FILEPATH' content

Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2024-08-20 07:45:38 +09:00
h4x-x0r 362b2427dc Error handling and code cleanup 
Error handling and code cleanup
 2024-08-19 22:47:19 +01:00
Chocapikk 334a9bafa9 Use encoder/php/base64 2024-08-19 18:26:19 +02:00
Chocapikk 3d00f819c6 Update 2024-08-20 07:04:30 +02:00
Chocapikk b0f3bf1576 Add credit 2024-08-20 07:02:59 +02:00
Chocapikk eaf5661896 Lint 2024-08-19 19:27:29 +02:00
dledda-r7 afd0f1974b Land #19373, Fortra FileCatalyst Workflow SQL Injection 2024-08-19 04:10:58 -04:00
Valentin Lobstein f65ccbec73 Update modules/exploits/multi/http/spip_porte_plume_previsu_rce.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-08-18 21:23:59 +02:00
Valentin Lobstein 6ad0b56099 Update modules/exploits/multi/http/spip_porte_plume_previsu_rce.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-08-18 21:22:16 +02:00
Valentin Lobstein 718c215b96 Update modules/exploits/multi/http/spip_porte_plume_previsu_rce.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-08-18 21:22:09 +02:00
h4x-x0r 5a94869809 cleanup 
cleanup
 2024-08-16 14:12:41 +01:00
h4x-x0r 3577ae8ffb Code cleanup 
Code cleanup
 2024-08-16 13:57:38 +01:00
Chocapikk 3d90eb0f43 Add spip_porte_plume_previsu_rce 2024-08-16 10:50:23 +02:00
h4x-x0r 8ad328a510 Code cleanup 
Code cleanup
 2024-08-16 07:07:16 +01:00
Takah1ro 7258ca4fb1 Remove unnecessary option for simplicity 2024-08-16 08:49:34 +09:00
Takah1ro eeab7ce2a2 Proceed when user specified cmd fails 2024-08-16 08:23:50 +09:00
Takah1ro ea1b9e925e Delete old three exploits in one module 2024-08-15 08:17:36 +09:00
cgranleese-r7 dbc51d1cd4 Land #19347, OpenMetadata authentication bypass and SpEL injection exploit chain[CVE-2024-28255 and CVE-2024-28254] 2024-08-14 16:06:10 +01:00
dledda-r7 f211fcb6a6 Land #19370, LG Simple Editor Command Injection 2024-08-14 10:22:29 -04:00
cgranleese-r7 36322ff274 Land #19348, Apache HugeGraph Gremlin RCE (CVE-2024-27348) 2024-08-14 10:06:21 +01:00
h4x-x0r ea2b5920ac cleanup 
cleanup
 2024-08-14 06:44:43 +01:00
h4x-x0r 14e4a11d24 Added store_valid_credential 
Added store_valid_credential
 2024-08-13 20:54:56 +01:00
h4x-x0r 39d615e8d2 Added TARGETURI option 
Added TARGETURI option
 2024-08-13 20:29:30 +01:00
jheysel-r7 47e5d62ade Update modules/exploits/linux/http/apache_hugegraph_gremlin_rce.rb 2024-08-13 08:48:33 -07:00
jheysel-r7 e04e22bc30 Apply suggestions from code review 2024-08-13 08:40:20 -07:00
adeherdt-r7 a3a24418a8 MS-9517 Jenkins Login Scanner 
Jenkins does not implement Authentication challenges.

By default, Jenkins responds with a HTTP 403 FORBIDDEN response, and does not include the `WWW-Authenticate` header.
This causes problems with the underlying http client, as this one expects the challenge to come forward and resend
the request with the auth header.

By changing the code to look for the HTTP 403 response, and setting the default URL to the correct login validation endpoint
Pro will have an easier time to investigate whether Jenkins can be bruteforced or not.

The original code checks for a 401 response only.
Overwriting the behavior for Jenkins allows us to handle this use-case properly and report the correct behavior.
 2024-08-13 11:16:01 +02:00
h4x-x0r 26d6347919 Code cleanup 
Code cleanup
 2024-08-11 06:15:24 +01:00
Takah1ro cf15124cc8 Add not null check 2024-08-09 15:34:14 +09:00
Takah1ro 2363f8416c Fix Reliability 2024-08-09 12:57:01 +09:00
Takah1ro c36c2eea38 Separate modules 2024-08-09 08:51:14 +09:00