adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
79,216 Commits 27 Branches 1,043 Tags
f6430ee09397325076b85ff2144b90c4697cd1ea
Commit Graph

1185 Commits

Author SHA1 Message Date
Valentin Lobstein f6430ee093 Fix MariaDB tc.log corruption issue in AVideo lab setup 
The MariaDB container fails to start with 'Bad magic header in tc log' error
when the data directory has incorrect permissions or was previously corrupted.
This occurs during first-time setup of the AVideo lab environment.

The fix:
- Creates a custom entrypoint script that detects and removes corrupted tc.log
  files by checking the magic header (should be 01 00 00 00)
- Modifies Dockerfile.mariadb to integrate the fix script into the original
  MariaDB entrypoint using sed
- Ensures the fix runs automatically before MariaDB initialization

This allows the lab to start successfully on first run without manual intervention.

Co-authored-by: bwatters-r7 <bwatters-r7@users.noreply.github.com>
 2026-01-13 22:31:38 +01:00
Valentin Lobstein 8df7347791 Add AVideo notify.ffmpeg.json.php unauthenticated RCE exploit (CVE-2025-34433) 2025-12-19 21:51:41 +01:00
Brendan 6c4a61fa42 Merge pull request #20761 from Chocapikk/acf-extended-rce 
Add WordPress ACF Extended unauthenticated RCE exploit (CVE-2025-13486)
 2025-12-18 16:03:06 -06:00
jheysel-r7 388a967101 Merge pull request #20749 from nakkouchtarek/grav-ssti-rce 
Add Grav CMS Twig SSTI Sandbox Bypass RCE Exploit Module & Documentation
 2025-12-11 16:13:09 -08:00
jheysel-r7 0c921ea2e7 Merge pull request #20725 from Chocapikk/magento 
Add Magento SessionReaper (CVE-2025-54236) exploit module
 2025-12-10 08:56:47 -08:00
jheysel-r7 d86c5f0908 Merge pull request #20746 from Chocapikk/king-addons 
Add WordPress King Addons privilege escalation exploit (CVE-2025-8489)
 2025-12-10 08:37:11 -08:00
Valentin Lobstein b4d65afcf5 Add exploit module for WordPress ACF Extended CVE-2025-13486 unauthenticated RCE 2025-12-09 22:02:41 +01:00
Valentin Lobstein e9467cd1e3 Clarify file-based session storage requirements and exploit limitations 
Co-authored-by: jheysel-r7 <jheysel-r7@users.noreply.github.com>
 2025-12-09 19:26:30 +01:00
Valentin Lobstein 6bc2bffd8c Refactor create_admin_user to handle errors internally and remove custom.ini from documentation 2025-12-09 19:20:56 +01:00
Valentin Lobstein 17cc68df0f Update documentation/modules/exploit/multi/http/wp_king_addons_privilege_escalation.md 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-12-09 19:14:22 +01:00
sfewer-r7 1a8e88c054 fix a typo with the use of CVE-2025-55102, it should be CVE-2025-55182 2025-12-09 09:05:59 +00:00
jheysel-r7 66279422d1 Merge pull request #20747 from vognik/2025-55182 
Add CVE-2025-55182 / CVE-2025-66478
 2025-12-08 13:41:49 -08:00
vognik bdd7cb5365 upgraded payload 2025-12-08 01:32:43 -08:00
vognik 1dde12b483 fix naming errors 2025-12-06 02:53:38 -08:00
vognik 38682b5ed6 refactoring 2025-12-05 14:58:59 -08:00
vognik 88309b5a4a add suggestions from @Chocapikk 2025-12-05 08:02:56 -08:00
vognik baa0a11492 small fixes 2025-12-05 00:11:44 -08:00
vognik 770e63b0d1 add windows documentation 2025-12-05 00:06:58 -08:00
vognik e51ea0ae23 improve documentation 2025-12-04 23:03:13 -08:00
vognik f71a71ab18 add exploit mvp 2025-12-04 22:16:27 -08:00
Tarek Nakkouch 3c4fdfcad0 Add Grav CMS Twig SSTI Sandbox Bypass RCE Exploit Module (CVE-2025-66294) 2025-12-05 00:01:56 +01:00
Diego Ledda 4d52e22480 Merge pull request #20720 from Chocapikk/wp-ai-engine 
Add WordPress AI Engine MCP RCE exploit (CVE-2025-11749)
 2025-12-04 12:56:04 +01:00
Valentin Lobstein 296e931b7d Fix WordPress lab permissions in documentation 2025-12-04 01:39:25 +01:00
Valentin Lobstein b3fc1b05e5 Add WordPress King Addons privilege escalation exploit (CVE-2025-8489) 2025-12-04 01:37:40 +01:00
msutovsky-r7 b6330acb12 Land #20718, adds module for Monsta FTP RCE (CVE-2025-34299) 
Add Monsta FTP downloadFile RCE (CVE-2025-34299)
 2025-11-27 15:16:58 +01:00
Valentin Lobstein 4ff9fd4542 Apply reviewer suggestions and remove unnecessary Options section from documentation 2025-11-25 23:48:39 +01:00
Valentin Lobstein be7ad39127 Fix reference URL in documentation to correct Searchlight Cyber research article 2025-11-24 23:26:29 +01:00
Valentin Lobstein 9ef10eeea8 Update documentation with complete Docker lab setup files 2025-11-24 21:12:14 +01:00
Valentin Lobstein 1623660bec Add Magento SessionReaper (CVE-2025-54236) exploit module 2025-11-24 21:04:20 +01:00
Valentin Lobstein 080230edd0 Add WordPress AI Engine MCP RCE exploit (CVE-2025-11749) 2025-11-23 03:56:11 +01:00
Valentin Lobstein 8cffe50470 Add Monsta FTP downloadFile RCE (CVE-2025-34299) 2025-11-21 20:43:37 +01:00
Valentin Lobstein 6ab2452153 Fix documentation inconsistency: update ports for Flowise 3.0.1 (3005) and add Basic Auth service example 2025-11-19 22:58:27 +01:00
Valentin Lobstein 8fbbc3e043 Update flowise_custommcp_rce documentation: add Basic Auth testing scenario 2025-11-19 22:24:28 +01:00
Valentin Lobstein 44cf2e309f Add Flowise RCE exploits (CVE-2025-59528, CVE-2025-8943) with shared mixin, documentation, and Docker Compose setup 2025-11-19 22:12:49 +01:00
Valentin Lobstein df1c157471 Improve Flowise CustomMCP RCE exploit stability with Basic Auth support and HTTP response validation 2025-11-19 20:12:31 +01:00
Valentin Lobstein b26c4f5c7b Add Flowise Custom MCP RCE exploit (CVE-2025-8943) 2025-11-18 22:25:39 +01:00
Valentin Lobstein 88aadcc856 Add Flowise Custom MCP RCE exploit (CVE-2025-8943) 2025-11-18 22:03:59 +01:00
h00die caa2873a14 more adjustments 2025-11-07 15:42:27 -05:00
h00die d8c73f6684 replace bold options with h3 2025-11-07 15:42:23 -05:00
vognik 74c7f98ad9 code review changes from @msutovsky-r7 2025-10-20 09:00:24 -07:00
vognik 9ad83f6454 Add Vvveb CMS Authenticated RCE (CVE-2025-8518) 2025-10-18 17:12:05 -07:00
h00die 1e9dd04505 update periodic_script to new persistence mechanism 2025-10-13 17:48:00 -04:00
Diego Ledda c718a965d7 Merge pull request #20508 from h00die/modern_persistence_cron 
update cron to persistence mixin
 2025-09-18 12:04:00 +02:00
msutovsky-r7 32aa0d84e4 Land #20525, moves obsidian plugin module to persistence category and mixin 
update obsidian to persistence mixin
 2025-09-16 14:58:15 +02:00
h00die 5abe0f57b7 Update documentation/modules/exploit/multi/persistence/at.md 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-09-12 14:13:27 +02:00
h00die fd1d70ef93 update at persistence to mixin 2025-09-12 14:13:26 +02:00
h00die 785397bb0c cron to multi with persistence mixin 2025-09-09 11:50:31 -04:00
jheysel-r7 7972017936 Merge pull request #20397 from vognik/CVE-2025-34300 
Add Lighthouse Studio unauthenticated RCE (CVE-2025-34300)
 2025-09-08 16:48:29 -07:00
jheysel-r7 0e325e6217 Update documentation/modules/exploit/multi/http/lighthouse_studio_unauth_rce_CVE_2025_34300.md 2025-09-08 16:29:00 -07:00
h00die 5c1673bb20 update obsidian to persistence mixin 2025-09-06 15:05:21 -04:00