b4dd46a8de
Land #14721 , sudo_baron_samedit: Add target: Debian 10 x64, sudo v1.8.27, libc v2.28
2021-02-05 16:01:58 -05:00
fc8ed5ba4e
Land #14154 , use prepend autocheck
2021-02-05 12:22:38 -06:00
606c6561a0
remove manual ForceExploit check in emacs_movemail
2021-02-05 12:15:44 -06:00
cfda83df99
sudo_baron_samedit: Add target: Debian 10 x64, sudo v1.8.27, libc v2.28
2021-02-05 07:54:34 +00:00
504865d507
Add a target for Ubuntu 18.04 and setgid and setuid by default
2021-02-04 10:45:00 -05:00
7281d00938
Implement feedback from PR review
2021-02-04 09:25:40 -05:00
c33c08bae9
Add a check method using the version information
2021-02-03 18:16:13 -05:00
c590d7b1bb
Add module docs and be more permissive with Length formatting
2021-02-03 18:16:13 -05:00
117cdc4fd7
Populate module metadata and cleanup files
2021-02-03 18:16:13 -05:00
b9413b4103
Update the exploit C code to allocate it's own PTY
2021-02-03 18:16:13 -05:00
13dd9ac10e
Initial work on CVE-2021-3156
2021-02-03 18:16:13 -05:00
3a2932b798
Migrate old uses of manual autocheck to use the new prepend autocheck
2021-02-02 10:15:46 +00:00
50b3a4c73a
Land #14679 , Remove < character from Archive_Tar exploit module
2021-01-29 08:49:00 -06:00
e0ab259880
Remove < character from Archive_Tar exploit module
2021-01-29 11:20:50 +00:00
89f4d3e2d7
Fix for issue #14678
...
Stops the printing of a rogue nil when exploit completes.
See https://github.com/rapid7/metasploit-framework/issues/14678
2021-01-29 11:17:38 +00:00
9174958489
Land #14627 , Add PRTG Network Monitor RCE (CVE-2018-9276)
...
Merge branch 'land-14627' into upstream-master
2021-01-27 15:48:27 -06:00
74898461b4
Land #14654 , Add exploit for Micro Focus UCMDB unauthenticated RCE
2021-01-27 10:00:22 -05:00
191e772f06
fix issues highlighted by smcintyre-r7
2021-01-25 22:25:07 +07:00
ba730d5c3c
Land #14618 , Add exploit for CVE-2020-28949: Archive_Tar PEAR plugin arbitrary file write
2021-01-25 12:12:12 +00:00
ffd59c3254
Land #14651 , msftidy: Add check for module description
2021-01-25 11:17:39 +00:00
fc0e221f5a
add comment for self removal
2021-01-24 22:47:47 +07:00
7220dc3ff6
add new note on broken payloads
2021-01-24 22:39:01 +07:00
12157163f7
Merge branch 'obm_deser' into ucmdb
2021-01-24 22:25:57 +07:00
bf4ac7b1a8
add UCMDB sploit
2021-01-24 22:25:45 +07:00
b5d746cc44
msftidy: Add check for module description
2021-01-22 23:29:16 +00:00
17b99983d9
Land #14645 , Add MobileIron CVE-2020-15505 exploit
2021-01-22 17:56:35 -05:00
39b7ba584e
Randomize strings
...
Spencer tells me not to signature-bait, at least not so obviously. ;)
2021-01-22 16:15:16 -06:00
72ef81d8aa
Land #14640 , rubocop -a modules/exploits/unix/local/
2021-01-22 15:13:58 -06:00
57bb3fbc1c
Land #14383 , Add exploit and auxiliary Python module examples and update executable loader accordingly
2021-01-22 13:03:57 -06:00
7473d0ca56
Add in missing command parameter to exploit.py, should be good to land now
2021-01-22 12:33:03 -06:00
ff6a1f135c
Land #14629 , migrate msf folder to Zeitwerk
2021-01-22 14:21:26 +00:00
0d410f32c3
Add MobileIron CVE-2020-15505 exploit
2021-01-22 00:37:07 -06:00
70bb693660
rubocop -a modules/exploits/unix/local/
2021-01-21 19:59:29 +00:00
b9800b087f
Change notification name
...
From "Exploit" to a random alphanumeric String in order to make it less fingerprintable.
Co-authored-by: acammack-r7 <adam_cammack@rapid7.com >
2021-01-21 18:32:05 +01:00
7ce10f68ae
RuboCop for great justice
...
And update docs.
2021-01-21 10:44:18 -06:00
131bf632bd
Update the OpenSMTPD target versions and add the EDB reference
2021-01-21 09:09:42 -05:00
a336ee483a
Update exploit/unix/smtp/opensmtpd_mail_from_rce
...
Failure was caused by POSIX read requiring an argument.
2021-01-21 03:56:19 -06:00
6e326d6a60
Fix up confusing variable name and a typo as pointed out during review
2021-01-19 09:25:56 -06:00
364591069c
Fix payload failing to trigger
...
For whatever reason, `;for #{rand_text_alpha(1)} in #{iter};do read;done;sh;exit 0;` causes an issue with the payload triggering.
Editing `do read` to `do read r`, as taken from the PoC script at https://www.exploit-db.com/exploits/48051 , causes the `MAIL_FROM` field to exceed 64 characters.
However, this seems to make 0 difference to the payload, so I commented out the length check.
Reliably working on OpenSMTPd 6.6.0 on an Ubuntu 20.04 host.
2021-01-19 18:31:35 +10:00
d6896dadc0
remove msf folder requires
2021-01-18 14:21:54 +00:00
d437a32374
remove msf/util requires
2021-01-18 14:21:54 +00:00
14f24b258d
Add PRTG Network Monitor RCE (CVE-2018-9276)
2021-01-18 12:01:44 +01:00
95d3bd98ac
Do msftidy_docs and rubocop changes
2021-01-15 18:10:23 -06:00
2f0abe4900
Add in documentation and fix up small issues with module
2021-01-15 18:06:07 -06:00
65370a6b47
Initial module code
2021-01-15 16:20:06 -06:00
c8819259ae
Land #14414 , CVE-2020-1337 - patch bypass for CVE-2020-1048
2021-01-15 19:13:14 +01:00
9beb570ca3
Remove unnecessary require that broke things
2021-01-15 08:32:05 -06:00
ea154717aa
Use an absolute assembly path for the CVE-2020-17136 exploit
2021-01-14 08:53:11 -05:00
6fc4518625
Land #14600 , Refactor and document some of the FileSystem mixin methods
2021-01-12 16:10:23 -06:00
d8e68e6487
Specify you must be SYSTEM for dll removal in docs and removed unused variable in the module
2021-01-12 11:45:53 -06:00
Spencer McIntyre