e49c6a792a
Land #18770 , Extract SMB, PostgreSQL, MySQL and MSSQL optional sessions into their own mixins
2024-02-15 13:19:37 +00:00
747d328bcb
Land #18786 , Fix option collision in service_persistence
2024-02-14 17:25:15 +01:00
fa5c4c0193
lowercase session types
2024-02-14 15:45:34 +00:00
587a8690a1
Use individual session mixins
2024-02-14 15:37:11 +00:00
30fc29e0f5
Use PostgreSQL session type for modules
2024-02-09 15:38:06 +00:00
29524fa7f8
Fix option collision in service_persistence
...
The option `SHELLPATH` collide with `cmd/unix/reverse_netcat`,
resulting in abnormal backdoors. This commit rename it to BACKDOOR_PATH
2024-02-03 23:18:45 +08:00
cf2f76e6a2
cve-2024-21626 review
2024-02-02 16:27:02 -05:00
1c73cf938f
cve-2024-21626
2024-02-01 15:28:04 -05:00
4c525dad66
Land #18648 , Add enhancement to Asan check method
...
Before this PR when running asan_suid_executable_priv_esc
if the user did not set the SUID_EXECUTABLE option the
module would fail with an undescriptive error message.
This PR removes the default value of an empty string from
SUID_EXECUTABLE so now if it's not set the user is informed.
2024-01-23 15:22:33 -05:00
c278ef9b73
Land #18648 , Add Module for GL.iNet products
...
This PR adds an exploit module for a number of
different GL.iNet network products. The module combines
an auth by-pass CVE-2023-50919 with an RCE CVE-2023-50445.
2024-01-23 14:57:29 -05:00
08f6da7b33
Removed default empty string for SUID_EXECUTABLE
2024-01-23 14:21:58 -05:00
13d2968fad
Capitalize remaining references to Meterpreter
2024-01-23 13:11:03 -05:00
904e34434e
Land #18626 , SaltStack Minion Deployer
...
This PR adds an exploit module which allows for
a user who has compromised a host acting as a
SaltStack Master to deploy payloads to the Minions
attached to that Master.
2024-01-23 11:58:38 -05:00
8d7907edee
Update based on @jheysel-r7 comments
2024-01-23 10:10:21 +00:00
7411dc1b1b
Land #17634 , Add additional reliability and stability notes to modules
2024-01-23 09:42:15 +00:00
953382731e
Land #18645 , improve glibc tunables exploit
...
This PR adds a way to get the Build ID from ld.so by
using the perf command. Before this the module depended
on file and readelf being installed to get the Build ID.
2024-01-22 22:00:28 -05:00
094d6ee36b
Add additional reliability and stability notes to modules
2024-01-22 23:29:57 +00:00
919c846064
Final small updates (removed UDP and corrected typo in release date
2024-01-20 11:27:10 +00:00
06dcc82ced
Land #18630 , Add CVE-2023-50917: MajorDoMo RCE
...
Add CVE-2023-50917: MajorDoMo Command Injection Module
2024-01-19 17:10:40 -05:00
fadb0f45dd
Land #18708 , Ivanti Connect Secure RCE exploit module (CVE-2023-46805 and CVE-2024-21887)
...
Merge branch 'land-18708' into upstream-master
2024-01-19 15:47:43 -06:00
de6ed9e1d6
use get_json_document instead of JSON.parse
2024-01-18 15:35:43 +00:00
4ff399844f
By replacing the trailing ';' with a '#' we comment out the remaining portion of the command string (Thank you @jvoisin). We must also include a space character for this to work as expected, doing so also removes the need to bootstrap the Linux payloads with a separate file.
2024-01-18 10:04:38 +00:00
c74fd86961
Update modules/exploits/linux/http/ivanti_connect_secure_rce_cve_2023_46805.rb
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2024-01-18 09:18:46 +00:00
3bb1d2bc02
Update modules/exploits/linux/http/ivanti_connect_secure_rce_cve_2023_46805.rb
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2024-01-18 09:18:35 +00:00
a8d46b3e7a
Land #18627 , Ansible: post gather module, payload deployer, and file reader
2024-01-17 15:26:25 +01:00
70ef0dcb0d
improve the check logic to fall through when the json doesnt have the key we expect it to have
2024-01-17 10:02:59 +00:00
518c1e5d3c
mention Pull Connect as well as the CVEs in the description
2024-01-17 10:02:11 +00:00
ad7e348eaa
remove a copy pasta link
2024-01-17 09:16:18 +00:00
f9419c4839
seperate commands into an array instead of one bog long string
2024-01-16 17:19:13 +00:00
ea1dafa353
this is a slightly nicer way to write this
2024-01-16 17:08:09 +00:00
4060e069ed
first commit of the ICS exploit
2024-01-16 14:32:48 +00:00
56a9beb39d
ansible review
2024-01-15 17:18:49 -05:00
e7f2abbf9e
Small typo update
2024-01-14 19:26:10 +00:00
381b840f11
salt review
2024-01-10 17:19:58 -05:00
e711c9ea43
ansible review
2024-01-10 17:16:57 -05:00
e9296d1add
saltstack review
2024-01-10 17:04:03 -05:00
85897a2596
update adding aarch64 architecture and some new targets
2024-01-06 17:26:38 +00:00
80e9f1b97d
saltstack salt-master review
2024-01-06 06:38:59 -05:00
94a84960a2
Improved check for v3.x routers to obtain exact version
2024-01-05 16:20:29 +00:00
eb902457f2
small update to module for mt6000 vuln test
2024-01-05 13:19:54 +00:00
adf455e8cb
Third release of module and documentation
2024-01-04 14:01:37 +00:00
b2312c97d3
Second release of module and documentation
2024-01-04 09:26:16 +00:00
9fdac8fd28
First release of module
2024-01-03 19:43:49 +00:00
08c5e6a689
Draft release of module. Not ready for review
2023-12-31 10:19:34 +00:00
ed421c21ca
Add a way to get the buildid via perf
2023-12-29 17:24:27 +01:00
11d58ef2e8
Land #18631 , Improve vScalation Priv Esc Check
...
This PR adds an improvement to the check method of the
vcenter_java_wrapper_vmon_priv_esc module. Before the module
would attempt to run stat on a file before checking if the file
existed on the system. This fixes that issue.
2023-12-28 13:16:11 -05:00
63eb5f2a35
Land #18632 , Add improvements to glibc tunables
...
This PR adds improvements to the glibc tunables module. In the
event the file command is not present on the target the module
will try to use the readelf command in order to get the ld.so
BuildID to determine whether or not the target is compatible with
exploit.
2023-12-28 12:41:52 -05:00
357bdc8c10
ansible post library
2023-12-24 11:49:27 -05:00
b654275ec4
add saltstack lib
2023-12-23 13:52:52 -05:00
11c12fcb6d
review comments
2023-12-23 13:23:34 -05:00
adfoster-r7