metasploit-framework

metasploit-framework copied to clipboard

Continuation of previous fixes for making sure all Ruby version strings in YAML are appropriately quoted to make sure we don't run into issues like https://github.com/rapid7/metasploit-framework/pull/17419 with other parts of...

gwillcox-r7

Add exploit for CVE-2022-44877

2

This adds an exploit for CVE-2022-44877 which is an unauthenticated command injection in Control Web Panel use exploit/linux/http/control_web_panel_login_cmd_exec [*] No payload configured, defaulting to cmd/unix/python/meterpreter/reverse_tcp msf6 exploit(linux/http/control_web_panel_login_cmd_exec) > set RHOSTS...

zeroSteiner

Bug in chrome cookies.rb or whatever is called

1


Frogyfucious

Persist icpr cert as pkcs12 credential

1

Add support for persisting pkcs12 credentials in Metasploit. Updates the `admin/dcerpc/icpr_cert` module to persist requested certificates. Depends on https://github.com/rapid7/metasploit-credential/pull/169 Example: ``` msf6 auxiliary(admin/dcerpc/icpr_cert) > rerun smbuser=Administrator smbpass=p4$$w0rd rhosts=192.168.123.13 ca=adf3-DC3-CA cert_template=ESC1-Test...

adfoster-r7

ldap_query fails on schema extraction when specifying base_dn as child DC

13

## Steps to reproduce Running ldap query results in a crash: ``` msf6 auxiliary(gather/ldap_query) > run domain=za.tryhackme.loc [email protected] password=Mwtv3419 ZA.TRYHACKME.LOC base_dn='DC=za,DC=tryhackme,DC=loc' action=ENUM_CONSTRAINED_DELEGATION [*] Running module against 10.200.60.101 [*] User-specified base...

adfoster-r7

AWS SSM Sessions

15

Amazon Web Services provides conveniently privileged backdoors in the form of their SSM agents which do not require connectivity with the target instance, merely valid credentials to AWS' API. Due...

sempervictus

Metasploit 6.2.31 Kali nethunter

2

Hi if the exploit/multi/handler listener is running, if it runs for a while, it will completely fill the storage even if no device is connected. I do not know whats...

Lalika96

Update show options to be case insensitive

1

## Steps to reproduce Use the ldap_query module and set the action to lowercase `run_query_file`, and note that the module action doesn't appear: ``` msf6 auxiliary(gather/ldap_query) > set action run_query_file...

adfoster-r7

cve-2022-22942: linux priv esc on VMWare Virtual Machines, with kernel 4.14-rc1 - 5.17-rc1

14

One of two exploits in #17200 This PR adds a linux priv esc against VMWare virtual machines with kernel 4.14-rc1 - 5.17-rc1 due to a VMWare driver bug. If the...

h00die

Meterpreters Should No Longer Return TLV_TYPE_ADDR_TYPE When Resolving Hostnames

1

Now that https://github.com/rapid7/metasploit-framework/pull/17244 is landed, it's unnecessary for Meterepter's to return the `TLV_TYPE_ADDR_TYPE` when resolving hostnames. It appears to always be the value that was echoed to it and is...

zeroSteiner