393aed445d
Formatting
2024-07-26 21:14:51 +09:00
b5c4fd0e32
use the same instance
...
OpenSSL::Digest.new('sha256')
2024-07-26 21:05:59 +09:00
5ee86967e5
Pass a Hash as argument
2024-07-26 20:59:54 +09:00
bff7e48e3c
Avoid code duplication
2024-07-26 20:44:18 +09:00
10b723751b
Avoid code duplication
2024-07-26 13:11:26 +09:00
0b9b7a49e7
Add response check
2024-07-26 08:48:45 +09:00
b0689971b6
Fix to_bytes
2024-07-26 08:38:14 +09:00
ed0720dcfd
Separate write_file function
2024-07-26 08:32:32 +09:00
ae95bb6c0f
Fix build_routing_packet
2024-07-26 08:22:57 +09:00
b1e304a61f
Fix match
2024-07-26 08:16:30 +09:00
0fab915abb
Update to use original aes_encrypt function
2024-07-24 12:14:16 +09:00
b48a2089cf
fix previous commit bug affecting original exploit
2024-07-24 11:55:05 +09:00
79ad046f56
Refactoring skywalker
2024-07-24 11:42:19 +09:00
eface45c5c
Refactoring skywalker
2024-07-24 10:19:03 +09:00
ab0433e95f
Update to target both vulnerabilities
2024-07-23 22:21:08 +09:00
61754f3c92
Add cve ref and update broken link
2024-07-23 08:43:45 +09:00
ad82481cce
Update empire_skywalker.rb
2024-07-20 21:55:39 +09:00
636c72965c
Land #19084 , Add CVE-2022-1373 and CVE-2022-2334 exploit chain
...
Merge branch 'land-19084' into upstream-master
2024-07-19 12:22:25 -05:00
9b7b1fd16e
Land #19313 , Ghostscript Command Execution via Format String (CVE-2024-29510)
...
Merge branch 'land-19313' into upstream-master
2024-07-19 11:24:11 -05:00
4d485acb73
Remove Windows target since it doesn't work for now
2024-07-19 16:19:56 +02:00
6ad5ba36fd
Land #19304 , Add Magento XXE File Read Exploit
...
This adds an auxiliary module for an XXE which results in an arbirary
file in Magento which is being tracked as CVE-2024-34102
2024-07-18 10:32:03 -07:00
d559a74c1d
Removed dead code
2024-07-18 11:56:22 +02:00
5d9232cc39
It must fails on SRVHOST default configuration.
...
If srvhost is set to 0.0.0.0 the framework will attempt to automatically
set it to your default LHOST although that isn't always accessible by your
target.
2024-07-18 11:15:04 +02:00
55e825bdca
Update modules/auxiliary/gather/magento_xxe_cve_2024_34102.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-07-18 07:36:48 +02:00
400e628226
Update modules/auxiliary/gather/magento_xxe_cve_2024_34102.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-07-18 07:36:24 +02:00
a5208e0c5f
Moved module to auxiliary/gather
2024-07-17 18:47:02 +02:00
236662ce37
Changed CheckCode returned value
...
As we're checking the version and not actually exploiting the vulnerability the check method should return CheckCode::Appears
2024-07-17 18:11:55 +02:00
8b9b8a2cf0
Gives the user a datastore option
...
The user can decide whether or not they want the loot to be stored on disk or printed to the console.
2024-07-17 18:09:46 +02:00
07c1d818a8
Cleaning dead code and addeding default case
2024-07-17 17:14:03 +02:00
16fefd9942
Turning off SSL datastore temporarily.
...
Briefly disable the SSL datastore option before starting the HTTP server to avoid spinning up an HTTPS server, which would cause the exploit to fail.
2024-07-17 16:44:50 +02:00
08de13fe01
Converting the version string
...
The version string needs to be converted to a Rex::Version object in order for the two values to be compared successfully.
2024-07-17 16:13:32 +02:00
2dfe97673a
Bump metasploit_payloads-mettle to 1.0.31
2024-07-16 11:47:14 -04:00
e9c511c979
Add documentation and some updates
2024-07-16 16:34:28 +02:00
54a7ed1cfb
Added check method
...
Signed-off-by: redwaysecurity.com <heyder@redwaysecurity.com >
2024-07-16 13:31:24 +02:00
8a0c65e603
Update geoserver_unauth_rce_cve_2024_36401.rb
...
looks like a copy/paste typo from another exploit
2024-07-16 11:20:35 +02:00
882a283ea9
Land #19322 , Bump metasploit_payloads-mettle to 1.0.30
...
Bump metasploit_payloads-mettle to 1.0.30
2024-07-15 09:02:39 -04:00
f7449ea850
Land #19311 , Add GeoServer unauth RCE module
...
This adds an exploit module for CVE-2024-36401, an unauthenticated RCE
vulnerability in GeoServer versions prior to 2.23.6, between version
2.24.0 and 2.24.3 and in version 2.25.0, 2.25.1.
2024-07-12 11:07:36 -07:00
c5dad68322
Remove comma after the last item of a hash
2024-07-12 13:38:59 -04:00
292c177b74
Apply suggestions from code review
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-07-12 19:20:46 +02:00
5d1ee84cb0
Bump metasploit_payloads-mettle to 1.0.30
2024-07-12 05:17:19 -04:00
5d210b548b
added windows support
2024-07-11 16:34:07 -07:00
4e76068cea
added armle architecture support
2024-07-11 21:42:45 +00:00
1ee2131d8d
update based on cgranleese-r7 review comments
2024-07-11 16:12:52 +00:00
f9bd079618
Apply suggestions from code review
2024-07-10 20:45:53 -04:00
28d6ef92dd
fourth release module
2024-07-10 21:44:28 +00:00
92637c4293
third release module
2024-07-09 21:54:55 +00:00
108e60ae4d
Peer review suggestion to swap out fail_with for print_error
...
If the response to the code execution request isn't a 200, the module should error instead of fail. All versions tested returned 200s, but it's a great point that some Confluence versions might return a different status code but still pop a shell.
2024-07-09 16:23:25 -05:00
abb02a91d5
Add suggested Appears/Safe change from peer review
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-07-09 16:16:41 -05:00
0852fbfeb8
Remove two whitespaces that snuck in
2024-07-09 14:34:33 -05:00
8ee90bf2c7
Adding module for CVE-2024-21683
...
This adds a module to exploit an authenticated admin-level Rhino script engine injection vulnerability for RCE in Atlassian Confluence.
2024-07-09 14:19:15 -05:00
Takah1ro