adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
70,067 Commits 27 Branches 1,043 Tags
fa1e7ae0169c1929be06febfa2d036bd81607644
Commit Graph

34234 Commits

Author SHA1 Message Date
sfewer-r7 fa1e7ae016 close all CMFL tags and chain the getRuntime and exec calls for berevity 2023-04-11 11:22:13 +01:00
sfewer-r7 43fe41bea5 RCE exploit for CVE-2023-26359 and an auxiliary module for arbitrary file read via the same vuln. 2023-04-06 14:02:01 +01:00
adfoster-r7 f7cee703ce Land #17835, cisco_dcnm_auth_bypass: Fix TARGETURI URL normalization 2023-04-03 11:47:56 +01:00
SubcomandanteMeowcos a54f3d4707 fix broken module references 
doing these "by domain" now, piecemeal.

this PR fixes all broken references to the "insecurety" website, which is long dead.
 2023-04-01 05:17:02 -07:00
bcoles 2711ba4b3a cisco_dcnm_auth_bypass: Fix TARGETURI URL normalization 2023-03-31 23:53:41 +11:00
Jack Heysel 15d267a233 Land #17826, post module for CVE-2023-21768 
This adds an exploit module for CVE-2023-21768 that
achieves local privilege escalation on Windows 11 2H22.
 2023-03-30 12:27:28 -04:00
jheysel-r7 152ef4a86b Update modules/exploits/windows/local/cve_2023_21768_afd_lpe.rb 2023-03-30 11:28:46 -04:00
jheysel-r7 6f400052b1 Update modules/exploits/windows/local/cve_2023_21768_afd_lpe.rb 2023-03-30 11:00:55 -04:00
dwelch-r7 ab08cd2d1c Land #17753, Update get_ticket to support using forged golden tickets 2023-03-30 14:15:48 +01:00
space-r7 1f32004901 Land #17813, ssh_enumusers set CHECK_FALSE to true 2023-03-29 12:31:31 -05:00
space-r7 9cd024a7a2 Land #17828, add AMQP login scanner module 2023-03-29 09:24:48 -05:00
adfoster-r7 0a559bfded Land #17704, Apache Solr RCE via Velocity Template: Attempt fix for NoMethodError when exploiting 2023-03-29 15:12:04 +01:00
adfoster-r7 e1ecdac2a5 Land #17724, Add ticket checksum to kerberos ticket creation 2023-03-29 09:01:39 +01:00
space-r7 72ec93d27a Land #17827, add AMQP version scanner module 2023-03-28 16:00:42 -05:00
adfoster-r7 aaa36e2651 Land #17831, Fix dead reference links in rpc_cmsd_opcode21.rb 2023-03-28 19:38:46 +01:00
adfoster-r7 f626b55831 Land #17825, Update zimbra_slapper_priv_esc.rb 2023-03-28 18:36:18 +01:00
dm-ct 1330913e33 Fix dead reference links in rpc_cmsd_opcode21.rb 
Both the reference links in this one are dead, replacing with archive.org links.

Much like https://github.com/rapid7/metasploit-framework/pull/17825, I'll be doing these ad-hoc for a little bit until I figure out a reliable way to do a load of them in one batch.
 2023-03-28 18:15:26 +01:00
Jack Heysel fcb93fef58 Land #17806, Optergy BMS Backdoor RCE module 
This module exploits an undocumented backdoor vulnerability
(CVE-2019-7276) in the Optergy Proton and Enterprise Building
Management System (BMS) applications.
 2023-03-28 10:27:35 -04:00
Jack Heysel f3c12ba176 Land #17808, Update broken secunia references 
The Secunia links in the framework were dead. They have
now been restored using the wayback machine to grab
replacement links from the earliest date possible.
 2023-03-27 17:20:13 -04:00
Spencer McIntyre 97d67c6a79 Add an AMQP login scanner 2023-03-27 16:53:03 -04:00
Spencer McIntyre 95e8a1c175 Initial AMQP version scanner 2023-03-27 16:44:11 -04:00
space-r7 f9c6caa804 Land #17785, add SolarWinds (SWIS) deser RCE 2023-03-27 15:25:17 -05:00
Christophe De La Fuente 6d4ee0c071 Add exploit for CVE-2023-21768 2023-03-27 20:08:22 +02:00
dm-ct 38f7cbdfc6 Update zimbra_slapper_priv_esc.rb 
fixing reference to use an archive link as the sites down.
 2023-03-27 16:46:07 +01:00
h00die-gr3y bcef7ee357 updated module and documentation with SUDO option 2023-03-26 18:31:25 +00:00
Jack Heysel b7ac6d45d5 Land #17789, proftpd_modcopy_exec enhancements 
This PR add documentation, notes, a reference URL, and a few
general code improvements to the check and exploit methods.
 2023-03-24 21:08:28 -04:00
Samuel Henrique d77113dad5 ssh_enumusers.rb: Change default value of 'CHECK_FALSE' to true (closes #17810) 
The default action "Malformed Packet" reports all users as found even
 though they don't exist.

 Setting "CHECK_FALSE" to true will make the scanner bail out as it
 realizes the target is patched.
 2023-03-23 22:24:59 +00:00
Spencer McIntyre 3ca177eb1f Add the exploit for CVE-2022-38108 2023-03-23 17:28:58 -04:00
adfoster-r7 d04c8e1bce Update broken secunia references 2023-03-23 10:43:57 +00:00
h00die-gr3y 28459c286a init commit module and documentation 2023-03-22 18:40:50 +00:00
space-r7 67ac2dc584 Land #17771, add monitorr file upload rce 2023-03-22 13:00:38 -05:00
space-r7 3fe0801d92 use target_uri.path in requests 2023-03-22 12:50:11 -05:00
adfoster-r7 d6e9e8d3bb Land #17735, fix some incorrect YARD parameters 2023-03-22 15:20:12 +00:00
Spencer McIntyre 835f397f79 Add a missing include so the payloads generate 2023-03-21 16:49:25 -04:00
Jack Heysel 1f2a889d0c Land #17388, Zyxel router RCE 
This module adds a new exploit module for a buffer
overflow in roughly 45 different Zyxel router and VPN models.
 2023-03-21 15:07:04 -04:00
Jack Heysel f5d1aab01a Changed send_request_cgi to raw 2023-03-21 14:26:05 -04:00
bwatters 3b73adf05d Land #17401, Add encoder module x86/xor_poly 
Merge branch 'land-17401' into upstream-master
 2023-03-20 17:48:46 -05:00
h00die-gr3y e3df74ee5b Updates addressing review points of space-r7 2023-03-20 21:04:58 +00:00
H00die.Gr3y 871a251c94 Apply suggestions from code review 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2023-03-20 21:44:11 +01:00
h00die-gr3y 5903addbd6 Updates adressing majority of review points 2023-03-19 15:13:09 +00:00
bcoles 1b7cee4589 exploit/unix/ftp/proftpd_modcopy_exec: Add docs and resolve RuboCop violations 2023-03-19 15:35:36 +11:00
space-r7 9e1be62f06 Land #17462, add WhatsUp Gold credential extractor 2023-03-17 16:44:17 -05:00
Jack Heysel 31a32ccd9b linting and srvhost check fix 2023-03-17 14:39:02 -04:00
jheysel-r7 56761a2f6d Update modules/exploits/linux/misc/zyxel_multiple_devices_zhttp_lan_rce.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2023-03-17 13:01:02 -04:00
jheysel-r7 6b853b57c6 Update modules/exploits/linux/misc/zyxel_multiple_devices_zhttp_lan_rce.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2023-03-17 13:00:15 -04:00
jheysel-r7 df365b55a4 Update modules/exploits/linux/misc/zyxel_multiple_devices_zhttp_lan_rce.rb 
Co-authored-by: Jeffrey Martin <jeffrey_martin@rapid7.com>
 2023-03-17 12:57:06 -04:00
Christophe De La Fuente 0df12fd694 Land #17754, Open web analytics 1.7.3 remote code execution 2023-03-17 10:15:33 +01:00
H00die.Gr3y 04e0fc70bf Apply suggestions from code review 
Co-authored-by: dwelch-r7 <Dean_Welch@rapid7.com>
 2023-03-16 19:25:03 +01:00
Pflegusch 3baa894840 Add DefangedMode to warn the user 2023-03-16 18:07:28 +01:00
Christophe De La Fuente daadb4f523 Land #17775 - Add exploit for Bitbucket env var RCE (CVE-2022-43781) 2023-03-16 11:01:07 +01:00