9dce44f195
Merge pull request #17390 from dwelch-r7/move-debug-ticket-to-new_module
...
Move debug ticket to new module
2023-01-06 11:35:18 -06:00
d69564f3df
Minor update to merge output and example together.
2023-01-06 10:15:16 -06:00
a18efb7882
Improve description and error messages
2023-01-05 14:24:08 +00:00
e99c406355
Merge pull request #17434 from dwelch-r7/fix-typo-keytab-docs
...
Fix keytab docs typo
2023-01-04 11:13:44 -06:00
cb95d92201
Fix keytab docs typo
2023-01-04 15:39:59 +00:00
868072e6c8
Land #17317 , Fix various WinRM modules
2023-01-03 19:57:07 +01:00
95d361754f
Merge branch 'upstream-master' into merge-6.2.33-master-into-kerberos-feature-branch
2022-12-28 13:59:42 +00:00
20d70799a7
Land #17298 , Add opentsdb_yrange_cmd_injection module and docs
2022-12-23 13:38:58 +01:00
6758c8313f
Land #17258 , Update sharphound
2022-12-21 14:04:09 +01:00
a6605d36a3
Land #17334 , enum_commands: Cleanup
2022-12-20 22:52:00 +00:00
fa5e4df3f5
Land #17278 , Add solarwinds_orion_dump post module
2022-12-20 15:42:25 +01:00
e3c6aa7820
solarwinds_orion_dump attribution update
...
Updated original research attribution to align with reality.
2022-12-20 08:55:19 -05:00
78906a8217
enum_commands: Cleanup
2022-12-20 23:42:51 +11:00
cf332a2b20
Move DEBUG_TICKET action from forge ticket to it's own module inspect_ticket
2022-12-15 13:42:30 +00:00
2783e92203
Update windows_secrets_dump and Keytab module to export kerberos keys
2022-12-14 13:40:39 +00:00
abcf4606a8
Land #17360 , document the kerberos forge_ticket DEBUG_TICKET action
2022-12-14 13:37:34 +00:00
2a28af208d
Land #16992 , Syncovery For Linux - Auth. RCE (CVE-2022-36534)
2022-12-14 13:43:00 +01:00
9582411554
Land #16991 , Syncovery For Linux - Insecure Session Token Generation (CVE-2022-36536)
2022-12-14 11:30:47 +01:00
a9ccfe31b7
Merge branch 'upstream-master' into merge-msf-6.2.31-into-kerberos-feature-branch
2022-12-13 19:40:39 +00:00
d6a5590c06
Land #17265 , Add Exploit for CVE-2020-25736
2022-12-13 18:49:56 +01:00
6885e576ed
add note about uninstalling the helper tool
2022-12-12 16:35:44 -06:00
024fc87b4c
Land #17272 , Add F5 MCP post module
...
Add F5 MCP post module
2022-12-12 14:20:31 -05:00
d04111ad6f
solarwinds_orion_dump markdown update
...
Nuked the last embarrassing typo in the module description.
Updated the documentation to include detail on sqlcmd / CSV export
process when manually exporting the data.
2022-12-12 10:54:41 -05:00
4aaf540364
Add modules docs for TICKET_DEBUG
2022-12-12 13:39:09 +00:00
8075654f10
Revise solarwinds_orion_dump MKII
...
Fixed humiliating typos in the markdown doc.
Updated the Author section of the module per guidelines.
Changed credential type for AES key loot storage.
Updated database config code to include the case where the SQL password
is not encrypted (needs testing).
Additional tweaks and fixes.
2022-12-09 14:47:18 -05:00
771b7c58f9
change brute-forcer
2022-12-09 12:33:13 +01:00
005d43f7d1
Merge branch 'rapid7:master' into syncovery_craftable_token
2022-12-09 09:34:42 +01:00
293a203a03
Added path option to cmd payloads
2022-12-08 12:19:31 -06:00
2f3fd6c917
Revise solarwinds_orion_dump
...
Made modifications to documentation to add further detail for each
action.
Significant refactor of error handling, now with (hopefully) proper use
of exceptions.
Various suggested code improvements and optimization.
Fixed some redundant and buggy code.
2022-12-07 07:55:43 -05:00
97a9fb6650
Update docs for Acronis module
...
Note that uninstalling the module doesn't necessarily uninstall the vulnerable service, so call that out to people who are testing this module so they have a chance to do more thorough cleanup after testing.
2022-12-06 11:08:31 -06:00
e7e2849f6d
Land #17183 , Zimbra fixes
2022-12-06 15:38:37 +01:00
d48319a867
Land #17242 , Add Gather Module for WP BookingPress Plugin unauth SQLi (CVE-2022-0739)
2022-12-05 15:04:31 -06:00
cb68c255bb
Fix up issues from review
2022-12-05 14:17:43 -06:00
1fec75621c
Fix up documentation from review
2022-12-05 14:04:22 -06:00
f29b4fad75
Add Gather Module for WP BookingPress Plugin SQLi (CVE-2022-0739)
2022-12-05 14:04:03 -06:00
37540572e0
Land #17214 , add database functionality to vcenter post module
...
Merge branch 'land-17214' into upstream-master
2022-12-05 12:50:14 -06:00
54cd055276
Land #17286 , CVE-2021-22015 vCenter priv esc
...
Merge branch 'land-17286' into upstream-master
2022-12-05 09:31:01 -06:00
6e7d4edf02
Land #16990 , Syncovery for Linux - Login brute-force utility
2022-12-05 14:39:29 +01:00
d90dee8235
enum_proxy: Cleanup and support non-Meterpreter sessions
2022-12-04 15:10:47 +11:00
04e5aa3033
apply suggestions
2022-12-02 16:05:01 +01:00
c6f8bae1ab
Fix from code review and updates the KrbUseCachedCredentials logic
2022-12-02 15:28:08 +01:00
b32ec581d8
apply suggestions
2022-12-02 10:33:25 +01:00
69e08094cd
Update documentation
2022-12-01 21:23:25 +01:00
d3057f15b2
Land #17275 , Add Exploit For CVE-2022-41082 (ProxyNotShell)
2022-11-30 18:16:19 +01:00
d491c10d22
Store service credentials in the database
2022-11-30 11:59:10 -05:00
2d397d37db
Removed warning that I think was actually just a bug - now fixed
2022-11-30 13:14:19 +11:00
3462dc6bf4
Land #17087 , remote control collection rce
...
Merge branch 'land-17087' into upstream-master
2022-11-28 14:29:52 -06:00
abe0549db6
Land #17226 , Module to request TGT/TGS tickets
...
Module to request TGT/TGS Kerberos tickets from the KDC
2022-11-28 11:59:17 -05:00
009c6c5350
Add the MaxBackendRetries datastore option
2022-11-28 09:45:04 -05:00
78dfaa12ef
add opentsdb_yrange_cmd_injection module and docs
2022-11-24 21:37:24 +02:00
Grant Willcox