672fb9ce9f
Land #17460 , add support for feature kerberos authentication
2023-01-26 17:47:27 +00:00
153af9fb68
Land #17407 , add Cacti unauth command injection
2023-01-23 13:06:46 -06:00
58cd5bb003
specify command stager flavors
2023-01-23 11:53:19 -06:00
7e23c34e6c
Apply fixes per code review
2023-01-17 12:44:22 -06:00
541dab9365
simplified messaging
2023-01-17 12:44:20 -06:00
77687bff3f
init module
2023-01-17 12:44:20 -06:00
3ddcf73c2b
Remove the QUICK option altogether
...
Use blocks to check whether each service is exploitable as they are
enumerated. With this change, it is the service and path enumeration
halts once an exploitable one is found that yields a session.
Also all files are registered for cleanup.
2023-01-13 17:06:42 -05:00
f98d1d838b
unquoted service path tweaks to check
2023-01-13 17:06:42 -05:00
90a12cf3b0
unquoted service path tweaks
2023-01-13 17:06:42 -05:00
a6ec7762ea
unquoted service path tweaks
2023-01-13 17:06:42 -05:00
c52eb09cbb
unquoted service path tweaks
2023-01-13 17:06:42 -05:00
eddac9321c
Merge 6.2.36 master into kerberos feature branch
2023-01-13 17:31:02 +00:00
8472efed02
fix typos, add reference, don't use methods to wrap datastore options
2023-01-13 14:53:29 +02:00
98b3b29cc2
Land #17439 , Removing Rex::ConnectionError exception handler from module template
2023-01-05 14:24:58 -06:00
25f4c023b4
Removing Rex::ConnectionError exception handler
2023-01-05 20:26:11 +01:00
725f83601f
Land #17435 , Restore raw_send_recv for module using SMTP mixin
2023-01-05 11:29:53 -06:00
f39973de86
Fix up missing option in documentation and also add some additional validation on server response.
2023-01-04 17:02:05 -06:00
11b95b2094
added additional response check
2023-01-04 17:02:04 -06:00
c7b59b4815
updates based on gwillcox-r7 review comments
2023-01-04 17:02:04 -06:00
f9ecaa92ae
updated references section
2023-01-04 17:02:03 -06:00
4db15346e1
init commit module
2023-01-04 17:01:58 -06:00
6b5948a69d
restore raw_send_recv for module using SMTP mixin
...
changes in #16153 adjusted modules that were not utilizing
`Exploit::Remote::SMTPDeliver` in error restore calls to `raw_send_recv`
that is no longer shadowed by in `SMTPDeliver`.
2023-01-04 14:45:58 -06:00
868072e6c8
Land #17317 , Fix various WinRM modules
2023-01-03 19:57:07 +01:00
45c0af48c2
Suggested changes from code review
2023-01-03 11:26:07 +11:00
95d361754f
Merge branch 'upstream-master' into merge-6.2.33-master-into-kerberos-feature-branch
2022-12-28 13:59:42 +00:00
20d70799a7
Land #17298 , Add opentsdb_yrange_cmd_injection module and docs
2022-12-23 13:38:58 +01:00
83b11a69a8
Make rubocop happy
2022-12-23 13:38:16 +01:00
7fa557805e
add final code review suggestions
2022-12-23 11:29:29 +02:00
8f96746551
fix typo and add credit for discovery
2022-12-23 11:11:31 +02:00
4c2dfe0279
add cacti_unauthenticated_cmd_injection
2022-12-22 17:55:45 +02:00
63583af153
Land #17389 , Log4shell_header_injection bug fix
...
prevent .keys call on nil
2022-12-21 16:26:55 -05:00
3c219c8a77
prevent .keys call on nil in log4shell_header_injection
2022-12-15 12:51:30 +02:00
28bd03f971
Apply suggestions from code review
...
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com >
2022-12-15 14:50:10 +11:00
57152fdd5f
Use framework's thread mechanism for background keepalive worker
2022-12-15 14:44:57 +11:00
2a28af208d
Land #16992 , Syncovery For Linux - Auth. RCE (CVE-2022-36534)
2022-12-14 13:43:00 +01:00
1f1b04e009
finalization
2022-12-14 08:38:20 +01:00
0ae824e169
Update modules/exploits/unix/http/syncovery_linux_rce_2022_36534.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2022-12-14 08:07:55 +01:00
e16e689308
Update modules/exploits/unix/http/syncovery_linux_rce_2022_36534.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2022-12-14 08:07:45 +01:00
d6ba30adcf
Update modules/exploits/unix/http/syncovery_linux_rce_2022_36534.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2022-12-14 08:07:35 +01:00
911431c63b
Update modules/exploits/unix/http/syncovery_linux_rce_2022_36534.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2022-12-14 08:07:24 +01:00
a9ccfe31b7
Merge branch 'upstream-master' into merge-msf-6.2.31-into-kerberos-feature-branch
2022-12-13 19:40:39 +00:00
d6a5590c06
Land #17265 , Add Exploit for CVE-2020-25736
2022-12-13 18:49:56 +01:00
0596620de7
Update modules/exploits/osx/local/acronis_trueimage_xpc_privesc.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2022-12-13 09:49:59 -06:00
f158cfaadd
Update modules/exploits/unix/http/syncovery_linux_rce_2022_36534.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2022-12-13 16:05:56 +01:00
c8e301224b
Update modules/exploits/unix/http/syncovery_linux_rce_2022_36534.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2022-12-13 16:05:45 +01:00
53cde6d2ef
Update modules/exploits/unix/http/syncovery_linux_rce_2022_36534.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2022-12-13 16:04:45 +01:00
d09aef7dc5
Land #17350 , Remove unnecesary sleep
...
Remove unnecesary sleep in several bypassuac modules
2022-12-12 17:45:10 -05:00
13a557013c
support 2021 version of software
...
specifically, the exploit will now search
for com.acronis.helpertool in addtion to the
2020 helper tool name. This also updates the
check() method to return CheckCode::Detected
for when we find the vulnerable service but
can't detect the build number
2022-12-12 15:53:35 -06:00
5a66666b4d
Fix check methods by using #present?
2022-12-12 16:53:34 -05:00
c1d090334c
apply suggestions
2022-12-09 09:31:20 +01:00
adfoster-r7