adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
79,798 Commits 27 Branches 1,043 Tags
f632cf34bfef55fc2f602f620cda2aa70fb74c8d
Commit Graph

39492 Commits

Author SHA1 Message Date
sfewer-r7 f632cf34bf add in a module and docs fo rteh EPMM exploit 2026-02-05 12:26:38 +00:00
Valentin Lobstein 005fbb17a1 Address PR #20768 review feedback 
- Fix machineKey extraction regex to handle decryption attribute
- Replace Base64.strict_encode64 with Rex::Text.encode_base64
- Add READ_FILE and EXTRACT_MACHINEKEY actions
- Add PRODUCT option for CentreStack/Triofox support
- Use different storage endpoints per product type
- Update documentation with new options and actions
 2026-02-04 08:38:35 +01:00
Valentin Lobstein 7776588577 Address PR #20768 review feedback 
- gladinet.rb: Fix machineKey regex to match decryptionKey then validationKey explicitly
- gladinet.rb: Remove DEFAULT_WEB_CONFIG_PATH constant, inline in each module's datastore option
- gladinet_storage_access_ticket_forge.rb: Inline version check
- gladinet_storage_access_ticket_forge.rb: Inline FILEPATH default value (with C:\ for absolute path)
- gladinet_storage_lfi_cve_2025_11371.rb: Inline version check
- gladinet_storage_lfi_cve_2025_11371.rb: Inline valid_response? method (removed)
- gladinet_storage_lfi_cve_2025_11371.rb: Inline FILEPATH default value (without C:\, stripped by build_lfi_path)
- gladinet_storage_lfi_cve_2025_11371.rb: Use vars_get with encode_params instead of manual URL building
- gladinet_viewstate_deserialization: Remove nil fallback (mandatory option with default)
- gladinet_viewstate_deserialization: Remove DEFAULT_MACHINE_KEY constant, inline in datastore option
- gladinet_viewstate_deserialization: Remove duplicate detect_app_type/extract_build_version (already in shared lib)

Note: Suggestion to rename gladinet? to is_gladinet? was NOT applied.
msftidy enforces Naming/PredicatePrefix convention which requires predicate
methods to NOT have 'is_' prefix (gladinet? is correct, is_gladinet? is not).

Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2026-02-04 08:38:35 +01:00
Valentin Lobstein b1adc514d1 Apply suggestions 
Co-authored-by: jheysel-r7 <jheysel-r7@users.noreply.github.com>
 2026-02-04 08:38:35 +01:00
Valentin Lobstein 232471ad46 Update modules/auxiliary/gather/gladinet_storage_access_ticket_forge.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2026-02-04 08:38:34 +01:00
Valentin Lobstein 3cffeda00e Fix machineKey extraction regex and add reviewer credit 
- Fix regex in gladinet mixin to handle machineKey with decryption attribute
- Add Julien Voisin as reviewer in auxiliary modules

Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2026-02-04 08:38:34 +01:00
Valentin Lobstein 628c5ee7af Update Gladinet modules: fix AutoCheck in auxiliary modules and update documentation with real outputs 2026-02-04 08:38:32 +01:00
Valentin Lobstein 180527876b Fix Rubocop offenses in gladinet_storage_lfi_cve_2025_11371 2026-02-04 08:38:31 +01:00
Valentin Lobstein 478345506e Add Gladinet CentreStack/Triofox auxiliary modules and exploit 2026-02-04 08:38:31 +01:00
msutovsky-r7 9f90da27c8 Land #20834, fixes NoMethodError in teamviewer_password post module 
Fix teamviewer_password module NoMethodError
 2026-02-04 08:09:32 +01:00
Spencer McIntyre e55d22a7cd Merge pull request #20739 from cdelafuente-r7/add_mitre_tech_kerb_unconst_deleg 
Add MITRE ATT&CK techniques to Kerberos and unconstrained delegation modules
 2026-02-03 16:11:37 -05:00
Christophe De La Fuente 0c0e290cc2 Code review 2 2026-02-03 21:53:05 +01:00
Christophe De La Fuente b85b2d4528 Add comments and remove T1077_WINDOWS_ADMIN_SHARES (deprecated) 2026-02-02 12:03:17 +01:00
adfoster-r7 677fa6243e Merge pull request #20883 from jheysel-r7/fix/impersonate_config_check 
Add validate_options check for IMPERSONATE and IMPERSONATE_TYPE in get_ticket
 2026-02-01 20:16:18 +00:00
kukly 14f10c73e4 rm unused element from TeamViewer registry keys array 2026-01-31 18:33:04 +01:00
Chepycou 343132b658 fix : Update sap_soap_rfc_system_info.rb result printing to fix crash 2026-01-30 18:44:02 +01:00
Chepycou 12a1467b7e fix: Updated sap_icf_public_info.rb result printing to prevent crash 2026-01-30 18:43:07 +01:00
jheysel-r7 adee4d223a Merge pull request #20894 from jameskim200/issue-20893-fix-typos-in-icmp_exfil 
[ISSUE-20893] fix typos in the options descriptions of the `auxiliary/server/icmp_exfil` module
 2026-01-30 07:46:54 -08:00
jheysel-r7 c31a606cb4 Merge pull request #20898 from raboof/exploit-continuum-add-cve-reference 
add CVE reference to Continuum exploit
 2026-01-30 06:47:30 -08:00
dwelch-r7 6fedaeefc6 Merge pull request #20909 from adfoster-r7/align-login-scanner-apis 
Align login scanner APIs
 2026-01-29 15:29:12 +00:00
adfoster-r7 e70483b785 Rubocop 2026-01-29 14:13:18 +00:00
jheysel-r7 641ab527aa Merge pull request #20857 from msutovsky-r7/exploit/freepbx/sql_to_rce_chain 
Adds exploit module for FreePBX (CVE-2025-66039, CVE-2025-61675)
 2026-01-28 20:03:17 -08:00
Jack Heysel 63a66ee162 Improved CVE version range info in description 2026-01-28 20:15:25 -07:00
adfoster-r7 7d81b1aecb Align login scanner APIs 2026-01-28 16:56:52 +00:00
Spencer McIntyre 751ceaaaf3 Merge pull request #20902 from rudraditya21/fix/ssh-login-no-shell-success 
Handle SSH login success when shell creation fails
 2026-01-28 10:18:39 -05:00
jheysel-r7 be4a69ab1d Merge pull request #20846 from msutovsky-r7/exploit/freepbx/injections_rce 
Adds auxiliary module for FreePBX (CVE-2025-66039, CVE-2025-61675)
 2026-01-28 06:39:47 -08:00
jheysel-r7 7d931c960c Merge pull request #20858 from msutovsky-r7/exploit/freepbx/unrestricted_file_upload 
Adds exploit module for FreePBX (CVE-2025-66039, CVE-2025-61678)
 2026-01-28 06:23:43 -08:00
jheysel-r7 147a94cee5 Update freepbx_firmware_file_upload print statement 2026-01-28 06:08:47 -08:00
Martin Sutovsky e6b97a79a4 Addresses comments 2026-01-28 11:33:54 +01:00
Martin Sutovsky 7e92ef4811 Addresses comments 2026-01-28 11:14:24 +01:00
jheysel-r7 f31776caf0 Merge pull request #20778 from h00die/ssh_keys 
Update and combine ssh key persistence with mixin
 2026-01-27 06:39:10 -08:00
h00die 0b68476817 Update modules/exploits/multi/persistence/ssh_key.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2026-01-26 16:44:46 -05:00
Rudraditya Thakur ea63e0df93 handles ssh login success when session creation fails 2026-01-26 22:06:55 +05:30
Martin Sutovsky a1e56a0d36 Adds check method, adds sql injection abstraction 2026-01-26 16:07:00 +01:00
Martin Sutovsky 4a24653812 Adds disclosure date 2026-01-26 15:58:08 +01:00
Martin Sutovsky b44e06f25f Code cleanup, adds more entropy to job name 2026-01-26 13:40:31 +01:00
Martin Sutovsky ce4e176798 Expands check method 2026-01-26 13:30:26 +01:00
Arnout Engelen 2f2fea7f6b add CVE reference to Continuum exploit 2026-01-26 12:36:12 +01:00
Martin Sutovsky b263530180 Increases entropy of payload filename 2026-01-26 11:32:33 +01:00
h00die 048163ea89 ssh_key persistence review 2026-01-24 16:36:54 -05:00
kukly 510ec9b57d Merge branch 'master' into teamviewer_syntax_fix 2026-01-24 19:25:30 +01:00
jameskim200 d5eb7ed233 fix typos for the options descriptions 2026-01-23 02:52:28 -05:00
Spencer McIntyre c0e9288ac5 Merge pull request #20799 from jheysel-r7/feat/cacti_graph_template_rce 
Cacti Graph Template Authenticated RCE [CVE-2025-24367]
 2026-01-22 14:26:38 -05:00
Spencer McIntyre 18a4cf8c00 Use the ssl setting for HttpServer#start_service 2026-01-22 13:49:28 -05:00
Jack Heysel e9a6a6fd45 Responded to comments 2026-01-22 15:03:32 +01:00
Jack Heysel 96b788e1e8 Increase length of cron job name 2026-01-22 15:03:32 +01:00
Jack Heysel 0e0a6cc9cd Removed duplicate platform 2026-01-22 15:03:31 +01:00
Jack Heysel 2e484d552e Finishing touches 2026-01-22 15:03:31 +01:00
Jack Heysel 99e032f4af SmarterTools SmarterMail Unauth File Upload RCE [CVE-2025-52691] 2026-01-22 15:03:30 +01:00
msutovsky-r7 537a1c5395 Land #19821, adds Burpsuite persistence module 
Burp extension persistence
 2026-01-22 11:03:08 +01:00