2fcd97f5ef
close socket
2023-06-06 14:37:58 -05:00
102a32c87b
add SCREEN_EFFECTS and akb assessment
2023-06-06 14:12:21 -05:00
a12b58df22
add cmdstager usage, description, and metadata
2023-06-05 17:38:27 -05:00
1c5f8e09c8
add check method and new options
2023-06-02 17:59:04 -05:00
a66641da55
add delta electronics infrasuite deserialization
2023-06-01 17:57:57 -05:00
9e38ed4459
Land #17929 , Linux sudoedit LPE (CVE-2023-22809)
...
Linux sudoedit priv esc (CVE-2023-22809)
2023-05-23 09:30:18 -04:00
60f6574bf3
Land #17965 , add module for AD CS cert management
2023-05-22 09:50:53 -05:00
e3823691a1
Add module for AD CS template CRUD operations
2023-05-22 10:28:58 -04:00
f464401dde
Land #17782 , Add fetch payloads
...
Add http wget cmd based fetch payload for Linux and Windows
2023-05-18 12:18:27 -04:00
548a2d7ab4
Add fetch payloads for Windows and Linux x64
2023-05-18 10:47:29 -05:00
6c88e85d02
Land #17993 , add invscout RPM privesc
2023-05-17 18:56:42 -05:00
0bc1fdf51d
Add invscout RPM Privilege Escalation
2023-05-17 20:17:55 +10:00
2ca5ca1f63
stronger grep
2023-05-16 16:18:14 -04:00
459cf871cb
Land #17979 , Add exploit for Ivanti Avalanche file upload - CVE-2023-28128
2023-05-16 09:19:33 -05:00
6bee4f56d9
updates from review
2023-05-13 15:49:11 -04:00
560fc9000b
Fix up checks on responses to make sure they are more robust checks
2023-05-12 16:08:47 -05:00
3b2d23eeae
Fix up check method, unduplicate fail_with messages to make them unique, and add @cleanup_needed so we can check if cleanup is needed to avoid unnecessary messages when just checking if the target is vulnerable or not
2023-05-12 14:14:40 -05:00
004a72c32e
ibstat_path: Use AutoCheck, add Notes, resolve Rubocop violations
2023-05-13 01:27:53 +10:00
722de33b6f
address feedback, use cleanup to restore path
...
fix bug where if config restore failed, module would
output that it was both a failure and a success
add akb topic as reference
2023-05-11 13:20:25 -05:00
d24f5873bd
Update sticky_keys.rb
...
Persistance -> Persistence
Fix a small typo
2023-05-11 12:22:54 -05:00
131f2519bc
Update modules/exploits/windows/http/ivanti_avalanche_filestoreconfig_upload.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-05-11 10:48:48 -05:00
fa6a5e24f0
Land #17807 , Add in documentation on Metasploit's file system
2023-05-11 16:11:12 +01:00
eb959e2e40
Land #17060 , GSoC Project: Implement HTTP-Trace enabled login scanners
2023-05-11 15:45:01 +01:00
020ee7ca5c
Land #17964 - Pentaho Business Server Auth Bypass and SSTI - CVE-2022-43769 and CVE-2022-43939
2023-05-11 09:28:55 -05:00
fe63d80679
Fix issues: double encoding bug, nessus scanner logging, remove dead cgi option
2023-05-11 13:01:52 +01:00
9f6a1c18a1
Minor updates to fix URLs, disclosure date, description, and minor gramatical things
2023-05-10 18:22:00 -05:00
9f0a6503b7
require.js is not the only way, account for this new discovery in code
2023-05-10 13:02:02 -05:00
5d4e68d36c
Add Metasploit payload example and remove message that may suggest successful exploitation occurred even when it didn't
2023-05-10 10:36:29 -05:00
1b8f1de7c8
Add in fixes from review, add archive of software, and use uri_encode_mode for encoding parameters.
2023-05-10 10:16:08 -05:00
e514de9aef
add comment about jsf substitution
2023-05-10 09:13:01 -05:00
a485a786ef
Land #17881 , Zyxel chained RCE using LFI and weak password derivation algorithm
2023-05-10 11:49:51 +02:00
4f8024454c
Updates based on cdelafuente-r7 latest comments
2023-05-10 07:46:11 +00:00
79d35ad938
Fixed check method
2023-05-09 14:25:03 -05:00
eca87ea2eb
Updated side effects and fixed fail_withs
2023-05-09 14:25:03 -05:00
348750ea70
Updated Authors
2023-05-09 14:25:02 -05:00
07056a74bc
Pentaho Business Server Auth Bypass and SSTI
2023-05-09 14:24:51 -05:00
908f7ad3f3
Land #17972 , updates to some of the example modules to keep them in line with framework changes
2023-05-09 18:46:25 +01:00
d1e3ce1183
add Ivanti Avalanche file upload
2023-05-08 17:41:52 -05:00
bc25907d1e
Add additional clarity to some segments of the module
2023-05-08 16:43:26 -05:00
cdab415ffb
Fix a bug in ACE processing
...
There was an issue in the ACE processing where only ACEs corresponding
to an object were processed for SIDs with enrollment rights. The
processing should also process ACEs that grant the enrollment right and
are not related to any objects. In other words, only ACEs associated
with an object that is neither the CERTIFICATE_ENROLLMENT_EXTENDED_RIGHT
or CERTIFICATE_AUTOENROLLMENT_EXTENDED_RIGHT right should be ignored.
2023-05-08 16:00:38 -05:00
12911d10fb
review comments
2023-05-08 15:25:31 -04:00
f773d348e1
Add in notes about reliability of the module, and also add documentation on 7005 test on Windows 2022
2023-05-08 12:11:01 -05:00
0ace550537
small updates to example modules
2023-05-07 13:02:30 -04:00
51ab9746fb
Updates based on cdelafuente-r7 comments
2023-05-06 19:05:21 +00:00
f04dababa2
add upload code
2023-05-05 18:59:46 -05:00
e692e927dc
review fixes
2023-05-05 16:43:47 -04:00
b8856bbb87
fix capitalization of Htlm_fileName JSON parram
2023-05-05 09:59:11 +03:00
9fa0dac56c
add login and path change methods
2023-05-04 18:03:02 -05:00
c088430bd9
improve sanity checks in login method and other code review fixes
2023-05-04 15:12:31 -05:00
f27fc28411
Perform review updates
2023-05-04 15:12:31 -05:00
space-r7