11d58ef2e8
Land #18631 , Improve vScalation Priv Esc Check
...
This PR adds an improvement to the check method of the
vcenter_java_wrapper_vmon_priv_esc module. Before the module
would attempt to run stat on a file before checking if the file
existed on the system. This fixes that issue.
2023-12-28 13:16:11 -05:00
63eb5f2a35
Land #18632 , Add improvements to glibc tunables
...
This PR adds improvements to the glibc tunables module. In the
event the file command is not present on the target the module
will try to use the readelf command in order to get the ld.so
BuildID to determine whether or not the target is compatible with
exploit.
2023-12-28 12:41:52 -05:00
3182cb4000
Land #18612 , Craft CMS unauthenticed RCE [CVE-2023-41892]
2023-12-22 10:59:39 +01:00
4c404765a4
Final update to the module based on cdelafuente-r7 comments
2023-12-21 12:06:21 +00:00
fc66cd1522
Improve a bit glibc_tunables_priv_esc
...
- Fix some typos
- Add a check via `readelf` should `file` not be available
- Add a message before launching the exploit, since it might take some time to finish.
2023-12-20 20:59:47 +01:00
fb26c93291
Land #18541 , Glibc Tunables Privilege Escalation CVE-2023-4911 (Looney Tunables)
2023-12-20 20:04:21 +01:00
77fb5d02b2
Fixed up indentation and rubocop complaints
2023-12-20 13:16:32 -05:00
342492557d
Apply suggestions from code review
2023-12-20 13:09:13 -05:00
6a16602a08
Apply suggestions from code review
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2023-12-20 13:08:33 -05:00
7ca256560d
Land #18542 , Vinchin Backup & Recovery Command Injection
2023-12-20 18:56:50 +01:00
1e374403ec
better check for vmon
2023-12-19 19:01:45 -05:00
d65ceb9abc
Rubocop
2023-12-19 13:54:23 -05:00
b86df4820c
Responded to comments from jvoisin
2023-12-19 13:50:09 -05:00
96241f509a
Apply suggestions from code review
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2023-12-19 13:18:45 -05:00
065abf6b92
Rubocop, doc scenario update
2023-12-19 12:30:02 -05:00
44b4b3b5bc
Update version parsing
2023-12-19 12:16:17 -05:00
4e61596e7a
Check Build ID before running exploit
2023-12-19 12:15:35 -05:00
e858628292
Execute python payload in memory
2023-12-19 00:46:11 -05:00
549ee43df9
Update docs description minor comments
2023-12-19 00:32:21 -05:00
c6a6809700
Updated attribution
2023-12-18 19:41:49 -05:00
5d7cf90521
Some minor changes to the module and documentation
2023-12-18 08:23:16 +00:00
0641839e69
Added documentation and removed debug info
2023-12-17 13:10:18 +00:00
db099f8f4c
Third release of module
2023-12-16 16:06:05 +00:00
df111afb06
Glibc Tunables Exploit
2023-12-14 18:28:43 -05:00
d00249f083
Second release with manual cleanup of php* files
2023-12-14 12:57:07 +00:00
ff44932113
first draft release of module
2023-12-10 21:09:40 +00:00
f794268020
Land #18578 , Docker cgroup escape (CVE-2022-0492)
2023-12-06 16:07:08 +00:00
10d4b9233b
Land #18463 , D-Link Router UPnP unauthenticed LAN RCE via a crafted M-SEARCH packet
2023-12-05 10:58:15 +01:00
7cd1b75497
Update deprecation date and message
2023-12-05 10:51:12 +01:00
f1fc6b7cdd
review comments, adding new payloads
2023-12-01 16:06:48 -05:00
b171b5e77c
working cve-2022-0492
2023-11-28 15:16:18 -05:00
4ae62a431b
not-working docker escape
2023-11-28 13:44:08 -05:00
1438a88eb5
Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-11-28 08:10:56 +01:00
67933c3819
Deprecated module exploit/linux/upnp/dlink_dir859_exec_ssdpcgi
2023-11-27 19:35:34 +00:00
c60da4ad58
Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb
...
Co-authored-by: cgranleese-r7 <69522014+cgranleese-r7@users.noreply.github.com >
2023-11-23 17:33:19 +01:00
d20a1703b1
Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb
...
Co-authored-by: cgranleese-r7 <69522014+cgranleese-r7@users.noreply.github.com >
2023-11-23 17:32:57 +01:00
9b050e29ae
Add suggested changes
2023-11-22 00:53:12 +01:00
fff8d20eb8
Add suggested changes
2023-11-22 00:50:57 +01:00
2750deedee
Update
2023-11-21 18:28:28 +01:00
218f652429
Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-11-21 17:08:55 +01:00
58425df0ef
Update vinchin_backup_recovery_cmd_inject exploit and documentation
2023-11-21 02:09:24 +01:00
d59d5e5524
Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-11-20 19:07:04 +01:00
4e1ec6484a
Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-11-20 19:06:51 +01:00
8eb1f61217
Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-11-20 19:06:41 +01:00
223cb245ba
Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-11-20 19:06:05 +01:00
13b19ba537
Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-11-20 19:05:54 +01:00
00cc8dcc09
Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-11-20 19:05:45 +01:00
42cdda7200
Vinchin
2023-11-16 18:10:42 +01:00
ef84759dd4
Fixed an issue in the DIR-300 rev B version check
2023-11-14 20:40:38 +00:00
3fa9416044
update addressing latest comments
2023-11-14 17:15:25 +00:00
Jack Heysel