e20558ec35
Land #18821 , Gitlab public email disclosure CVE-2023-5612
2024-03-06 17:39:24 +01:00
f872535c68
Small missing updates before it land
2024-03-06 17:37:33 +01:00
23e0abe2f6
Land #18686 , ssh_version module
2024-03-06 10:32:01 -05:00
936b311a1b
Don't close smb client when it comes from the session
2024-03-06 14:20:34 +00:00
8b6f7594e4
ssh_version module
2024-03-05 17:18:24 -05:00
c4837d09e9
ssh_version module
2024-03-05 17:15:43 -05:00
9b8b7045ff
Land #18715 , Add Splunk library
2024-03-05 16:17:30 -05:00
1667da7b07
Use HTTPS link for postgres_sql reference
2024-03-05 17:49:13 +00:00
1124e347df
Fix rubocop error
2024-03-04 18:39:58 -05:00
bf59f58661
Update modules/auxiliary/gather/gitlab_tags_rss_feed_email_disclosure.rb
2024-03-04 18:34:35 -05:00
1e8e6d3bc4
Land #18796 , Enhance ManageEngine Endpoint Central and ServiceDesk Plus CVE-2022-47966
2024-03-04 20:35:22 +01:00
39af0bf535
Set Java target default paylaod to java/meterpreter/reverse_tcp
2024-03-04 20:33:27 +01:00
3c8f43e23e
Align SQL sessions peerhost and peerport
2024-03-04 13:11:32 +00:00
28a38f3aa0
Land #18908 , Update SAMR computer and ICPR cert to support SMB sessions
2024-03-04 12:20:53 +00:00
f2d836d008
review of ssh_version improvements
2024-03-03 09:18:52 -05:00
76166c0d14
Update SAMR computer and ICPR cert to support SMB sessions
2024-03-01 17:53:58 +00:00
a73a7531a9
Land #18827 , Add module for BoidCMS CVE-2023-38836
...
This is an authenticated RCE against BoidCMS versions 2.0.0 and earlier.
The underlying issue is that the file upload check allows a php file to
be uploaded and executes as a media file if the GIF header is present in
the PHP file.
2024-02-29 21:31:44 -08:00
550c6f030a
Updates based on jheysel-r7's suggestions
2024-02-29 12:42:22 -06:00
8b1ff6d44e
change bloodhound OutputDirectory to OptString
...
OptPath is intended for a local path and performs validation. Attempting to set it to a target path that doesn't exist on the local fails.
2024-02-29 07:12:37 -06:00
d8abd2bcc2
Land #18898 , Add rex proto mysql client wrapper
2024-02-29 10:13:47 +00:00
a4543b0f41
Land #18897 , Update smb login to support additional configuration
2024-02-29 10:07:02 +00:00
131585235b
Update SMB Login to support additional configuration
2024-02-28 20:24:06 +00:00
b423241e6b
Use Rex Post MySQL Client for lib, specs & modules
2024-02-28 18:19:50 +00:00
55a8d6732f
Add Rex Proto MySQL Client
2024-02-28 18:19:46 +00:00
4b54d43db5
Land #18892 , Add AD CS Updates for ESC13
...
This PR adds functionality to enable Metasploit users
to be able to exploit the latest ESC technique, ESC13.
2024-02-28 07:28:16 -08:00
75c6dcdc15
Detect templates that are vulnerable to ESC13
2024-02-26 17:28:42 -05:00
3cbf46c5b7
Reuse the ldap connection once established
2024-02-26 17:28:42 -05:00
fefc3cb73c
Show names for issuance policy OIDs
2024-02-26 17:28:31 -05:00
f2de6d6357
Land #18870 , Add ConnectWise ScreenConnect module.
...
This PR add an unauthenticatd RCE exploit for ConnectWise
ScreenConnect (CVE-2024-1709).
2024-02-23 11:25:33 -08:00
ebe6e54259
use the Faker module to gen the plugins metadata.
2024-02-23 17:48:01 +00:00
fe8867356e
we can use Faker::Internet.uuid here instead of rolling our own uuid maker
2024-02-23 17:47:28 +00:00
f3af1836ce
allow a custom USERNAME and PASSWORD to be specified if needed. Will default to a random value. Also use Faker::Internet.email to gen an email address
2024-02-23 17:46:49 +00:00
257ec484c7
Show names for x509 OID constants
2024-02-22 17:36:30 -05:00
003d5e7006
The check routine can now display the targets platform in addition to the version number (we can determine this with a single request, so there is no major change here). This is usefull so you know what platform to set the exploits target to (so you can select an appropriate payload). Thanks @iagox86 for the idea!
2024-02-22 19:23:48 +00:00
97513d473f
Update manageengine_endpoint_central and servicedesk_plus default payloads
2024-02-23 00:00:18 +05:30
27a1233de8
Turns out only x64 is supported on Windows, so remove ARCH_X86, as if we try to inject an x86 payload in-memory we crash the target x64 service.
2024-02-22 16:41:18 +00:00
79bfbe4310
now that Linux is a target we have to move this to the multi directory
2024-02-22 16:34:43 +00:00
d52220cccb
Fixes the create session datastore option from appearing for payloads
2024-02-22 14:58:41 +00:00
0b14d1b495
add a Linux command payload target, tested on version 20.3.31734. We leverage the path traversal CVE-2023-1708 to ensure the dropped ASHX file can be reached. This was blocking the Linux target from working. Also works fine on Windows. We leverage FileDropper mixin to delete this file.
2024-02-22 14:54:45 +00:00
8b4fee010c
remove the full stop to make it easier to copy andpast the password (and not accidentaly copy the full stop charachter)
2024-02-22 14:52:18 +00:00
b2cb102c9b
Merge branch 'rapid7:master' into manageengine
2024-02-22 17:20:28 +05:30
51dcd5c971
Update splunk cve-2023-32707 to use reviewed changes
2024-02-22 17:13:44 +05:30
eded0e7788
POST the payload.encoded data when we trigger the ASHX file, this way we dont drop the Metasploit payload to disk.
2024-02-21 23:38:35 +00:00
e0ee7940d0
CISA has assigned this vulnerability CVE-2024-1709
2024-02-21 17:12:08 +00:00
2839683af5
use Rex::RandomIdentifier::Generator to generate identifiers.
2024-02-21 17:08:40 +00:00
0aa20c73a4
Land #18832 , Add exploit module CVE-2023-47218
...
The PR adds a module targeting CVE-2023-47218, an
unauthenticated command injection vuln affecting QNAP
QTS and QuTH Hero.
2024-02-21 08:48:30 -08:00
10f11c94e1
improve the error description for failure messages
2024-02-21 16:11:50 +00:00
9828ffa870
add an in-memory payload target
2024-02-21 16:07:01 +00:00
2d8b0f414d
remove redundant slashes in other calls to normalize_uri
2024-02-21 16:04:19 +00:00
61c1a513a5
drop the leading forward slash
2024-02-21 15:59:25 +00:00
Christophe De La Fuente