7820c6caec
Land #20504 , moves bash_profile module to persistence category
...
update bash_profile to persistence mixin
2025-09-02 14:31:42 +02:00
d9f96571e4
use new ATTCK ref
2025-09-01 18:09:25 -04:00
4591de4cae
last changes for persistence bash module after peer review
2025-09-01 17:49:49 -04:00
9283562ee5
Land #20493 , adds XWiki unauthenticated exploit module (CVE-2025-24893)
...
Add XWiki Unauthenticated RCE (CVE-2025-24893)
2025-09-01 13:37:31 +02:00
fa9d58bb73
update bash_profile to persistence mixin
2025-08-30 15:17:50 -04:00
5d59fbd333
Land #19903 , adds module for periodic script persistence
...
Add OSX Periodic Script Peristence
2025-08-29 20:12:12 +02:00
2681e7cfed
Update docs
2025-08-29 17:53:07 +02:00
57f14339d9
Adds x64 to BSD target
2025-08-29 14:47:11 +02:00
071a4a34fc
fix tests
2025-08-29 08:41:43 +04:00
9b1d07dea8
removed unnecessary fail_with from check function
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2025-08-29 06:55:59 +03:00
ae64436441
Fixes payload delivery, updates targets
2025-08-28 15:47:24 +02:00
c5e5cb84f1
Land #20266 , adds UDP keyboard exploit module for Remote for Mac 2025.6
...
Adds UDP Keyboard RCE for Remote for Mac 2025.6
2025-08-28 09:47:16 +02:00
f9b8a9b95e
Adds more robust check method
2025-08-28 09:11:01 +02:00
6c65db52c5
Code rebase, fixing according to the comments
2025-08-28 09:00:12 +02:00
a251694e2f
Update modules/exploits/osx/misc/remote_for_mac_udp_rce.rb
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2025-08-28 08:57:56 +02:00
eda79be4bd
Update modules/exploits/osx/misc/remote_for_mac_udp_rce.rb
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2025-08-28 08:57:56 +02:00
2d1f700935
Update modules/exploits/osx/misc/remote_for_mac_udp_rce.rb
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2025-08-28 08:57:55 +02:00
8a6d12a2f4
Add exploit for Remote for Mac 2025.6 unauthenticated UDP RCE
2025-08-28 08:57:55 +02:00
374407fc79
Add exploit for Remote for Mac 2025.6 unauthenticated UDP RCE
2025-08-28 08:57:54 +02:00
f1dffd3ad6
Merge pull request #20480 from msutovsky-r7/exploit/pretalx/file-rw
...
Adds modules for Pretalx File Read/Limited File Write (CVE-2023-28459, CVE-2023-28458)
2025-08-27 15:46:39 -05:00
bdad398541
Update Payload Generation
2025-08-25 15:49:30 +03:00
92ddf5646a
Code Review Edits from @msutovsky-r7
2025-08-24 19:13:16 +04:00
7289c25faa
Fix Tests
2025-08-24 12:12:22 +04:00
2b01ba6200
Add XWiki Unauthenticated RCE (CVE-2025-24893)
2025-08-23 18:56:24 +04:00
baa5469a21
Fix legacy method override in torchserver_cve_2023_43654
...
I think `Msf::Exploit::Remote::Java::HTTP::ClassLoader` module had `on_request_uri` method, that was later renamed to `java_class_loader_on_request_uri`.
2025-08-22 17:01:41 +03:00
d49870211b
Adding exceptions to exploit module, bug fix for aux module, adds documentation for exploit module
2025-08-22 15:26:46 +02:00
4e113b1768
Addresses comments, adds exception for Pretalx, modifies aux module
2025-08-22 13:59:50 +02:00
2e9b5453ec
Adds description
2025-08-21 15:29:08 +02:00
fb062075e3
Adds target, adds side effects
2025-08-21 15:21:16 +02:00
408f7575e4
Fixing write primitive for exploit module, library update
2025-08-21 15:17:32 +02:00
01c09bcfed
Library fixes, refactoring exploit module
2025-08-21 09:22:21 +02:00
72dcc5a301
Library fix
2025-08-21 07:21:56 +02:00
5735a82df7
Merge pull request #20460 from msutovsky-r7/exploit/ndsudo-priv-esc
...
Adds an exploit for ndsudo privilege escalation (CVE-2024-32019)
2025-08-20 14:13:24 -04:00
e23feb0faf
Adds check for ndsudo binary
2025-08-20 12:49:38 +02:00
aae5356190
Updates the docs
2025-08-20 12:10:11 +02:00
88d7a1ab04
fix coonflicts and rubocop
2025-08-19 12:37:53 -04:00
df917720eb
Remove payload file
2025-08-19 12:33:56 -04:00
38f81e073f
Fixing documentation, adds more reliable cmd_exec
2025-08-15 07:26:56 +02:00
8251d89e92
Merge pull request #20400 from msutovsky-r7/exploit/pivotx-rce
...
Adds module for PivotX RCE (CVE-2025-52367)
2025-08-12 12:28:28 -07:00
0273f1474f
Added incorrect creds check
2025-08-12 10:42:46 -07:00
e59a24823b
Merge pull request #20387 from h00die-gr3y/wazuh-auth-rce
...
Wazuh Server authenticated RCE [CVE-2025-24016]
2025-08-12 09:22:22 -07:00
94bd9eea98
Removes leftover includes
2025-08-11 16:29:16 +02:00
fbd1c1767f
Finish documentation, adds description and notes
2025-08-11 16:25:56 +02:00
d219efc0ac
Adds documentation, adds check method
2025-08-11 12:25:33 +02:00
936e68eb2e
Module init
2025-08-08 07:53:56 +02:00
9caa2be9a2
Land #20399 , adds module for Pandora ITSM authenticated RCE (CVE-2025-4653)
...
Pandora ITSM auth RCE [CVE-2025-4653]
2025-08-07 08:37:45 +02:00
b6dc0860e7
Merge pull request #20409 from sfewer-r7/sharepoint-hax
...
Exploit module for Microsoft SharePoint ToolPane Unauthenticated RCE (CVE-2025-53770 and CVE-2025-53771)
2025-08-06 14:24:28 -05:00
0a923a611d
reword the language around our usage of CVE-2025-53770 to make it clear that this module is leveraging the authentication bypass for both CVE-2025-49706 and CVE-2025-53771, and the unsafe deserialization for CVE-2025-49704.
2025-08-06 15:33:57 +01:00
70f2cbe055
simplified cleaning procedure
2025-08-06 08:22:06 +00:00
c99702c8bf
Land #20446 , adds module for ICTBroadcast Unauthenticated RCE (CVE-2025-2611)
...
Add ICTBroadcast Unauthenticated Remote Code Execution (CVE-2025-2611)
2025-08-05 09:29:36 +02:00
msutovsky-r7