metasploit-framework
metasploit-framework copied to clipboard
rapid7
Metasploit Framework
The [original advisory](https://blog.exodusintel.com/2022/06/09/salesagility-suitecrm-export-request-sql-injection-vulnerability/) by Exodus Intelligence mentions a unauthenticated RCE vulnerability in SuiteCRM. After some enumeration I wasn't able to find an unauthenticated entry point, or an RCE. However I...
When evaluating available data to target a host via the `analyze` command only credentials in the current workspace are consider valid for use however since the workspace is not passed...
I'm not sure why, but setting `Space` messes things up. This fixes https://github.com/rapid7/metasploit-framework/issues/16924 ## Verification Run the exploit: ``` msf6 > use exploit/linux/fileformat/unrar_cve_2022_30333 [*] No payload configured, defaulting to linux/x64/meterpreter/reverse_tcp...
Note: I'll PR a patch for this shortly. @cdelafuente-r7 found this. ## Steps to reproduce Create RAR file with the exploit in `linux/fileformat/unrar_cve_2022_30333`: ``` msf6 > use exploit/linux/fileformat/unrar_cve_2022_30333 [*] No...
Alternative solution to https://github.com/rapid7/metasploit-framework/pull/16397 This is a draft PR and needs to have support added for x64 windows, but I wanted to get some eyes on it, first.... This is...
 ## Summary ## Relevant information
Add a working exploit for Zimbra mboximport (CVE-2022-27925). Web request to the admin port -> RCE. ## Verification I tested this on Zimbra Collaboration Suite *Network* Edition (trial version) version...
This pull request fixes issues with `modules/auxiliary/scanner/http/cisco_asa_asdm.rb`. Specifically, the module was never really brute forcing the Cisco ASA ASDM interface. The old module targeted login attempts to `/+webvpn+/index.html` which is...
`post/multi/manage/shell_to_meterpreter` fails on Windows XP SP3 x86 over a `windows/shell/reverse_tcp` session. Meterpreter supports Windows XP SP3. Since #15864, `shell_to_meterpreter` attempts to use `wmic os get osarchitecture` which is not a...
Resolves Rubocop violations. Adds `Notes` module meta information. Update documentation. Use AutoCheck. Use `Msf::Post::Windows::TaskScheduler`. Ensure the scheduled task is removed if exploitation fails. The `CMD` option has been removed, favoring...