adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
79,798 Commits 27 Branches 1,043 Tags
f632cf34bfef55fc2f602f620cda2aa70fb74c8d
Commit Graph

1630 Commits

Author SHA1 Message Date
Valentin Lobstein 7776588577 Address PR #20768 review feedback 
- gladinet.rb: Fix machineKey regex to match decryptionKey then validationKey explicitly
- gladinet.rb: Remove DEFAULT_WEB_CONFIG_PATH constant, inline in each module's datastore option
- gladinet_storage_access_ticket_forge.rb: Inline version check
- gladinet_storage_access_ticket_forge.rb: Inline FILEPATH default value (with C:\ for absolute path)
- gladinet_storage_lfi_cve_2025_11371.rb: Inline version check
- gladinet_storage_lfi_cve_2025_11371.rb: Inline valid_response? method (removed)
- gladinet_storage_lfi_cve_2025_11371.rb: Inline FILEPATH default value (without C:\, stripped by build_lfi_path)
- gladinet_storage_lfi_cve_2025_11371.rb: Use vars_get with encode_params instead of manual URL building
- gladinet_viewstate_deserialization: Remove nil fallback (mandatory option with default)
- gladinet_viewstate_deserialization: Remove DEFAULT_MACHINE_KEY constant, inline in datastore option
- gladinet_viewstate_deserialization: Remove duplicate detect_app_type/extract_build_version (already in shared lib)

Note: Suggestion to rename gladinet? to is_gladinet? was NOT applied.
msftidy enforces Naming/PredicatePrefix convention which requires predicate
methods to NOT have 'is_' prefix (gladinet? is correct, is_gladinet? is not).

Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2026-02-04 08:38:35 +01:00
Valentin Lobstein 628c5ee7af Update Gladinet modules: fix AutoCheck in auxiliary modules and update documentation with real outputs 2026-02-04 08:38:32 +01:00
Valentin Lobstein 478345506e Add Gladinet CentreStack/Triofox auxiliary modules and exploit 2026-02-04 08:38:31 +01:00
Spencer McIntyre 602adeb4c5 Mass rubocop changes 2025-12-18 10:08:31 -05:00
Spencer McIntyre d4b196b309 Update exploits to note target authors 
Target authors were selected based on comments that indicated that the
author was only responsible for a set of descrete targets. Authors that
were noted as assisting with target testing, check module development,
etc. were left at the module level.
 2025-12-17 17:30:16 -05:00
Spencer McIntyre 8945267db6 Remove redundant Platform and Arch definitions 2025-12-17 16:12:31 -05:00
Brendan bb728c44d7 Merge pull request #20560 from cdelafuente-r7/feat/mitre/T1021 
Add T1021 "Remote Services" MITRE technique and sub-technique references
 2025-11-20 11:19:31 -06:00
Martin Sutovsky 6aeb81a499 Adds MITRE reference, updates docs 2025-11-10 18:32:13 +01:00
Martin Sutovsky fc434414d3 Randomizes XML paramater 2025-11-10 16:54:49 +01:00
Martin Sutovsky 5ea47e5ac3 Adds formatting to XML data, adds automatic plugin ID extraction 2025-11-06 16:46:58 +01:00
Martin Sutovsky 570c7c0bf4 Changes CheckCode to Detected 2025-11-06 16:21:42 +01:00
Martin Sutovsky b0afe5e24b Randomizes parameters that can be randomized 2025-11-06 15:06:30 +01:00
Martin Sutovsky 904e752662 Code refactor 2025-11-06 14:52:49 +01:00
Martin Sutovsky cb0011649c Adds SCREEN_EFFECTS to SideEffects 2025-11-06 14:50:31 +01:00
Martin Sutovsky f586fff090 Adds clear message if exploit fails 2025-11-06 14:46:02 +01:00
Martin Sutovsky 5ad76f82d1 Adds more docs, adds description 2025-11-04 13:49:43 +01:00
Martin Sutovsky f195ebd453 Code refactor 2025-11-04 13:36:33 +01:00
Martin Sutovsky 98467f3a21 Adds msf payload to module, adds docs 2025-11-04 12:28:03 +01:00
Martin Sutovsky e885da1f0b Add rce for wsus 2025-11-03 20:47:28 +01:00
Martin Sutovsky 96edf7bad4 Updates 2025-11-03 14:25:39 +01:00
Martin Sutovsky 103e3d5044 Module init 2025-10-21 16:48:23 +02:00
Christophe De La Fuente 0a755ea03a Add references to MITRE ATT&CK T1021 - Remote Services 2025-10-14 16:25:30 +02:00
Spencer McIntyre fd21209e4d Add missing CVEs from VulnCheck 2025-10-07 13:59:13 -04:00
Spencer McIntyre 17c5b3707a Add missing module notes 2025-10-07 13:59:13 -04:00
remmons-r7 12b78c086d Update commvault_rce_cve_2025_57790_cve_2025_57791.rb 
Remove an empty line that msftidy doesn't like
 2025-09-15 11:19:49 -05:00
remmons-r7 ddc5abf20c Update commvault_rce_cve_2025_57790_cve_2025_57791.rb 
Remove a commented out line that isn't needed.
 2025-09-15 10:56:30 -05:00
remmons-r7 bb3a26cff1 Implement peer review suggestions for Commvault module 
Implementing commvault_rce_cve_2025_57790_cve_2025_57791.rb changes from peer review.
 2025-09-15 10:54:34 -05:00
remmons-r7 b754b7027c Merge branch 'rapid7:master' into commvault_rce_cve_2025_57790_cve_2025_57791 2025-09-15 10:47:38 -05:00
Martin Sutovsky 5ab864b9b1 Uses between? for version check, clearer webshell upload 2025-09-11 11:04:34 +02:00
remmons-r7 be546af7c0 Revise and move commvault_rce_cve_2025_57790_cve_2025_57791.rb 
Revised initial module and moved it to windows instead of multi.
 2025-09-05 23:04:02 -05:00
Martin Sutovsky d056164d89 Removes redundant definitions 2025-09-01 15:53:14 +02:00
Martin Sutovsky 2533ddf441 Rubocoping 2025-08-26 12:42:28 +02:00
Martin Sutovsky b43b4c9f37 Updates library, addressing comments 2025-08-25 17:49:34 +02:00
Martin Sutovsky da5b20faa4 Creating lib file for shared functionality, adding more reliable check method for CVE-2025-34511, docs init 2025-08-20 10:59:22 +02:00
Martin Sutovsky 8c28c7dbae Code changes for 34510, adds module for CVE-2025-34511 2025-08-20 09:58:26 +02:00
Martin Sutovsky 7ab12460f1 Fixing payloads 2025-08-19 16:11:25 +02:00
Martin Sutovsky 96791403db Adds malicious zip upload 2025-08-19 09:56:23 +02:00
Martin Sutovsky 52efe8d6de Module init 2025-08-15 14:37:09 +02:00
sfewer-r7 0a923a611d reword the language around our usage of CVE-2025-53770 to make it clear that this module is leveraging the authentication bypass for both CVE-2025-49706 and CVE-2025-53771, and the unsafe deserialization for CVE-2025-49704. 2025-08-06 15:33:57 +01:00
sfewer-r7 228a066521 add a reference to the Kaspersky analysis which covers all 4 CVEs 2025-07-25 12:26:55 +01:00
sfewer-r7 36fff14466 fix a comment typo 2025-07-25 11:04:18 +01:00
sfewer-r7 f16f7bf2ad add in reference to teh LeakIX blog, which shows CVE-2025-53771 2025-07-25 11:02:55 +01:00
sfewer-r7 ae95d3d4e8 add a comment to clarify what CVE-2025-53771 is 2025-07-25 11:02:08 +01:00
sfewer-r7 8df7f64e79 add some comments to clarify what CVE-2025-49704 is 2025-07-25 11:01:41 +01:00
sfewer-r7 6d9d9a70d4 add some comments to clarify what CVE-2025-49706 is 2025-07-25 11:01:22 +01:00
sfewer-r7 a81710486e add in a reference to the new technical analysis from the origional finder 2025-07-24 12:15:24 +01:00
Stephen Fewer 899e275155 Make the double quotes optional, reports of Server 2016 not using these, but Server 2019 is. Thanks @w0rk3r for the bug report and fix. 
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
 2025-07-23 23:51:42 +01:00
sfewer-r7 b8cf458706 the check routine was getting the /_layouts/15/error.aspx page, this will not be accessable unless Forms Based Authentication (FBA) is enabled on the site. A better choice is /_layouts/15/start.aspx as this is accessible regardless of FBA being enabled. Thanks @alexey-at-work-bc for identifying this and sugesting a fix. 2025-07-23 23:03:43 +01:00
sfewer-r7 7838e06f4f reimplement the gadget chain using the Metasploit Msf::Util::DotNetDeserialization routines 2025-07-23 17:36:56 +01:00
sfewer-r7 d2a1f7bae9 add in exploit for CVE-2025-53770 and CVE-2025-53771, Microsoft SharePoint Server ToolPane Unauthenticated Remote Code Execution (aka ToolShell) 2025-07-23 12:40:14 +01:00