5f92d9418d
Modules: Fix Stability/SideEffects/Reliability notes for several modules
2022-10-01 17:54:59 +10:00
76c6632305
Land #16673 , qdPM 9.1 - Authenticated Remote Code Execution (CVE-2020-7246)
...
Merge branch 'land-16673' into upstream-master
2022-09-29 09:46:27 -05:00
a05606ff33
Fix beagent sha auth linting
2022-09-27 16:23:05 +01:00
2b5e85cd27
Land #17012 , Veritas Backup Agent RCE
...
This module exploits a chain of the vulnerabilities CVE-2021-27876,
CVE-2021-27877 and CVE-2021-27878 in Veritas Backup Exec Agent which
leads to remote code execution with privileges of system or root user
2022-09-23 12:31:46 -04:00
425d58dd15
fix check methos output in Veritas BE rce
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2022-09-23 09:46:52 +03:00
04c897dbeb
Fix description info Veritas BE RCE
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2022-09-23 09:45:18 +03:00
a8210bfe70
add autocheck to veritas BE RCE
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2022-09-23 09:44:39 +03:00
27744edbb3
Fix dwelch-r7 comments: use fail_with and change return value in tls_enabling
2022-09-15 20:13:25 +03:00
aa87ce7018
Fix option names
2022-09-15 19:02:25 +03:00
0216735a83
Fix option name and description
...
Co-authored-by: dwelch-r7 <Dean_Welch@rapid7.com >
2022-09-15 18:58:32 +03:00
0fd3a82126
Land #17014 , Increase timeout for laravel check
...
Increase timeout for laravel rce check method
2022-09-15 11:41:07 -04:00
c39b437f01
Increase timeout for laravel rce check method
2022-09-13 22:36:53 +01:00
0dcfe72614
Use the standard Linux stager
2022-09-13 16:10:48 -04:00
9445731b7e
Change author mail
2022-09-13 22:50:00 +03:00
5e04ece15b
Support newer versions of Jenkins
...
This retains backwards compatibility
2022-09-13 15:08:23 -04:00
03441a72c6
RuboCop Fixes for module Veritas Backup Exec Agent Remote Code Execution
2022-09-13 18:27:21 +03:00
efbe06f944
Add module Veritas Backup Exec Agent Remote Code Execution
2022-09-13 18:18:52 +03:00
a7d2145e8d
firefox_xpi_bootstrapped_addon: Add notes, description, references, docs
2022-09-05 02:23:37 +10:00
fb28f81700
Land #16750 , update jenkins_script_console
2022-08-31 16:59:33 -05:00
324fb69735
Resolve rubocop issues
2022-08-25 14:41:30 -04:00
8a79128ac4
Switch to using Rex::RandomIdentifier
2022-08-25 14:37:37 -04:00
2e8e15e338
Fail back to the old method using error handling
...
Tested successfully on docker image tags:
* Jenkins 1.565 (pushed 2015-11-14)
* Jenkins 2.60.3 (pushed 2018-07-17)
Tested unsuccessfully on docker image tags:
* Jenkins 2.346.3 (pushed 2022-08-10)
Issue is that login is broken because the URI changed from
j_acegi_security_check to j_spring_security_check.
2022-08-25 14:06:47 -04:00
76f6eda5a9
Using FileDropper Mixin
2022-07-27 19:32:50 +02:00
ccef129807
Land #16727 , set tftphost option
2022-07-12 15:29:42 -05:00
fdd7a863c8
Land #16736 , fix confluence_widget_connector crash
...
This change fixes a bug in the confluence_widget_connector
exploit module to prevent it from crashing when the HTTP
response body received in the get_java_property method is
empty or does not match expected regex.
2022-07-12 12:27:40 -04:00
52fd45b7ab
Land #16744 Jboss EAP/AS RCE module
...
This module exploits a Java deserialization vulnerability
in JBOSS EAP/AS Remoting Unified Invoker interface for
versions 6.1.0 and prior.
2022-07-12 10:49:22 -04:00
7df6d73741
Added new line to end of file
2022-07-12 09:08:19 -04:00
44abcfcb28
Added flavour to fix linux_dropper
2022-07-12 09:06:06 -04:00
2f7cf90b7f
mixin didn't work with linux_dropper payload
...
- Fixed exception handling variable attribution
- Tried to change JavaDeserialization Util to JavaDeserialization mixin
instead
- Changed the fail reason when the connection is unsuccessful
2022-07-08 02:30:26 +02:00
52ac281991
change wording in fail_with()
2022-07-07 18:05:56 -05:00
7d32338702
remove ARTIFACTS_ON_DISK from weblogic_deserialize_asyncresponseservice notes
2022-07-07 05:26:59 -07:00
3d13dab11e
Update jenkins_script_console.rb
2022-07-06 19:08:38 +02:00
5db741550b
Update jenkins_script_console.rb
...
Modern Java disabled the sun.misc.BASE64Decoder class so exploit will fail on any newer version of Jenkins.
The java.util.Base64 class should be used now; the change has been confirmed to work with the latest version of Jenkins (the current exploit silently fails).
2022-07-06 15:16:01 +02:00
50ca5f0ce2
Add description
2022-07-05 00:25:07 +02:00
0ea033be55
Add module for jboss remoting unified invoker RCE
2022-07-01 21:39:42 +02:00
48598b8c5b
correct CVE and add linting for weblogic_deserialize_asyncresponseservice
2022-07-01 10:27:51 -04:00
17f82a900e
linting for confluence_widget_connecter and add catch for all scenarios where clear_response returns nil
2022-07-01 08:43:47 -04:00
f6b6ad4bf1
prevent confluence_widget_connector from crashing when the response body in get_java_property is empty
2022-07-01 07:37:54 -04:00
2d6e910078
Land #16721 , Phpmailer arg injection update
2022-06-29 13:00:48 -04:00
1b7d8f1e74
Fix a whitespace issue, restore option naming
2022-06-29 12:24:29 -04:00
bbbec267b6
exploits: Set tftphost option for modules which use Windows TFTP stager
2022-06-29 19:10:52 +10:00
695e1243b8
Update modules/exploits/multi/http/phpmailer_arg_injection.rb
...
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com >
2022-06-28 23:08:20 -10:00
9087f86cce
exploit/multi/misc/nomad_exec: Fix notes for SideEffects and Reliability
2022-06-28 17:02:51 +10:00
836970e1ae
Update phpmailer_arg_injection.rb
...
fixed typo
2022-06-23 13:45:42 -10:00
8259e8e495
Update phpmailer_arg_injection.rb
...
Fixed regex to match legal name tags
2022-06-23 13:43:21 -10:00
ae8f1c3378
Update on phpmailer_arg_injection.rb #15810
...
Added Regex to validate new options
2022-06-23 13:10:19 -10:00
e9b2fc6ecf
Merge branch 'rapid7:master' into master
2022-06-23 12:52:09 -10:00
96feb8d1be
Update phpmailer_arg_injection.rb
...
Changed new advanced option to camel case
2022-06-23 12:47:26 -10:00
9160573d0c
Better cleanup for Linux
2022-06-16 23:08:32 +02:00
7963b22fa5
Added Windows support
2022-06-16 22:37:56 +02:00
bcoles