adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
79,798 Commits 27 Branches 1,043 Tags
f632cf34bfef55fc2f602f620cda2aa70fb74c8d
Commit Graph

20427 Commits

Author SHA1 Message Date
sfewer-r7 f632cf34bf add in a module and docs fo rteh EPMM exploit 2026-02-05 12:26:38 +00:00
Valentin Lobstein 7776588577 Address PR #20768 review feedback 
- gladinet.rb: Fix machineKey regex to match decryptionKey then validationKey explicitly
- gladinet.rb: Remove DEFAULT_WEB_CONFIG_PATH constant, inline in each module's datastore option
- gladinet_storage_access_ticket_forge.rb: Inline version check
- gladinet_storage_access_ticket_forge.rb: Inline FILEPATH default value (with C:\ for absolute path)
- gladinet_storage_lfi_cve_2025_11371.rb: Inline version check
- gladinet_storage_lfi_cve_2025_11371.rb: Inline valid_response? method (removed)
- gladinet_storage_lfi_cve_2025_11371.rb: Inline FILEPATH default value (without C:\, stripped by build_lfi_path)
- gladinet_storage_lfi_cve_2025_11371.rb: Use vars_get with encode_params instead of manual URL building
- gladinet_viewstate_deserialization: Remove nil fallback (mandatory option with default)
- gladinet_viewstate_deserialization: Remove DEFAULT_MACHINE_KEY constant, inline in datastore option
- gladinet_viewstate_deserialization: Remove duplicate detect_app_type/extract_build_version (already in shared lib)

Note: Suggestion to rename gladinet? to is_gladinet? was NOT applied.
msftidy enforces Naming/PredicatePrefix convention which requires predicate
methods to NOT have 'is_' prefix (gladinet? is correct, is_gladinet? is not).

Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2026-02-04 08:38:35 +01:00
Valentin Lobstein 628c5ee7af Update Gladinet modules: fix AutoCheck in auxiliary modules and update documentation with real outputs 2026-02-04 08:38:32 +01:00
Valentin Lobstein 478345506e Add Gladinet CentreStack/Triofox auxiliary modules and exploit 2026-02-04 08:38:31 +01:00
Spencer McIntyre e55d22a7cd Merge pull request #20739 from cdelafuente-r7/add_mitre_tech_kerb_unconst_deleg 
Add MITRE ATT&CK techniques to Kerberos and unconstrained delegation modules
 2026-02-03 16:11:37 -05:00
Christophe De La Fuente 0c0e290cc2 Code review 2 2026-02-03 21:53:05 +01:00
Christophe De La Fuente b85b2d4528 Add comments and remove T1077_WINDOWS_ADMIN_SHARES (deprecated) 2026-02-02 12:03:17 +01:00
jheysel-r7 c31a606cb4 Merge pull request #20898 from raboof/exploit-continuum-add-cve-reference 
add CVE reference to Continuum exploit
 2026-01-30 06:47:30 -08:00
jheysel-r7 641ab527aa Merge pull request #20857 from msutovsky-r7/exploit/freepbx/sql_to_rce_chain 
Adds exploit module for FreePBX (CVE-2025-66039, CVE-2025-61675)
 2026-01-28 20:03:17 -08:00
Jack Heysel 63a66ee162 Improved CVE version range info in description 2026-01-28 20:15:25 -07:00
jheysel-r7 7d931c960c Merge pull request #20858 from msutovsky-r7/exploit/freepbx/unrestricted_file_upload 
Adds exploit module for FreePBX (CVE-2025-66039, CVE-2025-61678)
 2026-01-28 06:23:43 -08:00
jheysel-r7 147a94cee5 Update freepbx_firmware_file_upload print statement 2026-01-28 06:08:47 -08:00
Martin Sutovsky e6b97a79a4 Addresses comments 2026-01-28 11:33:54 +01:00
jheysel-r7 f31776caf0 Merge pull request #20778 from h00die/ssh_keys 
Update and combine ssh key persistence with mixin
 2026-01-27 06:39:10 -08:00
h00die 0b68476817 Update modules/exploits/multi/persistence/ssh_key.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2026-01-26 16:44:46 -05:00
Martin Sutovsky b44e06f25f Code cleanup, adds more entropy to job name 2026-01-26 13:40:31 +01:00
Martin Sutovsky ce4e176798 Expands check method 2026-01-26 13:30:26 +01:00
Arnout Engelen 2f2fea7f6b add CVE reference to Continuum exploit 2026-01-26 12:36:12 +01:00
Martin Sutovsky b263530180 Increases entropy of payload filename 2026-01-26 11:32:33 +01:00
h00die 048163ea89 ssh_key persistence review 2026-01-24 16:36:54 -05:00
Spencer McIntyre c0e9288ac5 Merge pull request #20799 from jheysel-r7/feat/cacti_graph_template_rce 
Cacti Graph Template Authenticated RCE [CVE-2025-24367]
 2026-01-22 14:26:38 -05:00
Spencer McIntyre 18a4cf8c00 Use the ssl setting for HttpServer#start_service 2026-01-22 13:49:28 -05:00
Jack Heysel e9a6a6fd45 Responded to comments 2026-01-22 15:03:32 +01:00
Jack Heysel 96b788e1e8 Increase length of cron job name 2026-01-22 15:03:32 +01:00
Jack Heysel 0e0a6cc9cd Removed duplicate platform 2026-01-22 15:03:31 +01:00
Jack Heysel 2e484d552e Finishing touches 2026-01-22 15:03:31 +01:00
Jack Heysel 99e032f4af SmarterTools SmarterMail Unauth File Upload RCE [CVE-2025-52691] 2026-01-22 15:03:30 +01:00
msutovsky-r7 537a1c5395 Land #19821, adds Burpsuite persistence module 
Burp extension persistence
 2026-01-22 11:03:08 +01:00
jheysel-r7 719874a7f4 Merge pull request #20750 from MatDupas/add-exploit-oracle-ebs-cve-2025-61882-module 
Add exploit oracle ebs CVE 2025 61882 module
 2026-01-21 16:08:09 -08:00
Jack Heysel 927f5330f4 Rubocop fixes 2026-01-21 14:56:08 -08:00
Jack Heysel c45309e9ab Added payload length guards 2026-01-21 11:34:21 -08:00
jheysel-r7 b6da204725 Apply suggestions from code review 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2026-01-21 10:09:12 -08:00
MatDupas b46649769e Fix formatting issues in oracle_ebs exploit script 2026-01-21 09:00:52 +01:00
MatDupas a05863f6f6 Clean up comment in generate_xsl_payload method 
Removed comment about generating XSLT payload.
 2026-01-21 08:57:10 +01:00
MatDupas cb3df4b4de Refactor payload options in Oracle EBS exploit 2026-01-21 08:56:01 +01:00
MatDupas c5df078b41 Clarify payload option comment in exploit module 
Updated the comment for the payload option to clarify usage.
 2026-01-21 08:54:53 +01:00
Martin Sutovsky ffb725f4da Rubocopes 2026-01-21 08:16:39 +01:00
h00die 0234dc7a26 Update modules/exploits/multi/persistence/burp_extension.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2026-01-20 19:28:18 -05:00
h00die ad343cb383 Update modules/exploits/multi/persistence/burp_extension.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2026-01-20 19:27:46 -05:00
h00die cf43e496b1 Update modules/exploits/multi/persistence/burp_extension.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2026-01-20 19:27:08 -05:00
jheysel-r7 c47a74d0dd Merge pull request #20770 from vognik/Splunk_2022-43571_CVE-2024-36985 
Add Splunk RCE Exploits (CVE-2022-43571 & CVE-2024-36985)
 2026-01-20 12:36:51 -08:00
MatDupas c351514291 Refine description for Oracle EBS CVE-2025-61882 exploit 
Updated the description of the Oracle E-Business Suite CVE-2025-61882 RCE exploit module to provide more detailed information about the exploit mechanism and affected versions.
 2026-01-20 21:09:25 +01:00
MatDupas 37c69a9bf1 Refactor Oracle EBS CVE-2025-61882 exploit module 
Updated the Oracle E-Business Suite exploit module to fix rubocop linting errors
 2026-01-20 09:12:05 +01:00
vognik 9e320dd168 add suggestions from @jheysel-r7 2026-01-19 18:45:01 -08:00
MatDupas bff88db29b Update modules/exploits/multi/http/oracle_ebs_cve_2025_61882_exploit_rce.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2026-01-19 15:07:45 +01:00
MatDupas 9377662118 Update modules/exploits/multi/http/oracle_ebs_cve_2025_61882_exploit_rce.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2026-01-19 15:06:47 +01:00
MatDupas 68f7d42bb8 Update modules/exploits/multi/http/oracle_ebs_cve_2025_61882_exploit_rce.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2026-01-19 15:04:59 +01:00
MatDupas 47d0b1c208 Clarify default payload comment in exploit module 
Updated the comment for the default payload option to clarify its usage.
 2026-01-19 10:47:47 +01:00
MatDupas 141fa5a169 Refactor smuggling payload creation and session handling 
Refactor HTTP request smuggling logic and error handling.
 2026-01-19 10:41:23 +01:00
MatDupas daf0fc89fc Update modules/exploits/multi/http/oracle_ebs_cve_2025_61882_exploit_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2026-01-19 10:34:24 +01:00