8b8d138812
Land #15496 , specify SSLVersion for servers
2021-08-26 10:57:11 -05:00
07c9350733
Land #15430 , Support for SSH pivoting
2021-08-09 18:34:08 +02:00
06b671e710
Add the SSLVersion datastore option for servers
...
Requires rapid7/rex-socket#37 for the option to be honored.
2021-08-06 14:44:53 -05:00
5e732ddd42
changes parse to take an origin and updates tests
2021-08-03 18:22:23 +01:00
ff111ecd13
remove silent catches of http-cookie argument errs
2021-07-30 17:33:04 +01:00
3668230d44
reposition self return in add
...
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com >
2021-07-30 16:16:12 +01:00
33a34af0df
improve error handling
...
Co-authored-by: dwelch-r7 <Dean_Welch@rapid7.com >
2021-07-30 16:06:53 +01:00
5219c980f7
adds origin values to cookies without domain
2021-07-28 14:08:25 +01:00
c7d4155511
add origin to httpcookie and supporting tests
2021-07-28 14:04:48 +01:00
80f809bc78
handled cookies without valid domain value
2021-07-26 14:29:03 +01:00
e3dbd3a990
fixes bug caused by attrs with string keys
2021-07-20 15:02:41 +01:00
1ddcc9f12b
Remove the socket in psexec
...
PsExec needs the socket to remain open after the session is established
in order to rebove the service. Remote TCP exploits close and remove
their sockets by default which creates a race condition that can result
in failing to cleanup the service.
2021-07-14 11:00:45 -04:00
39455827aa
Land #15254 , use obfuscated powershell protection bypasses
2021-07-12 12:20:17 +01:00
ccf6ec9628
RuboCop selectively
2021-07-06 21:14:48 -05:00
e5fee3b0b8
Improve AutoCheck prints
2021-07-06 21:14:48 -05:00
325ecfedff
Add some error handling while extracting the key
2021-06-08 14:58:58 -04:00
4ccc468dab
Add docs to the SharePoint mixin
2021-06-07 16:04:08 -04:00
64077e1395
Add and use a new sharepoint mixin
2021-06-07 15:25:07 -04:00
73b269cf7e
Land #15225 , cookie jar cleanup
2021-06-01 10:49:56 +01:00
82c078c888
Updates for psexec usage
2021-05-25 14:38:52 -04:00
c84b651ca6
Remoce initial rhost http url attempt
2021-05-24 00:31:09 +01:00
5e4af7241d
prevent TLD use in tests & remove HTTP::Cookie DI
2021-05-20 17:49:21 +01:00
0f73031833
Land #15165 , Add documentation for the new CookieJar functionality
2021-05-12 19:29:21 +01:00
6b61eed3cd
documention
2021-05-07 14:14:46 +01:00
a22ebdf76d
cookie cleanup
2021-05-07 12:46:38 +01:00
0be7452c28
Ensure cookie jars are correctly duped
2021-05-06 12:11:26 +01:00
1b02344b55
consider vhost & expand tests
2021-04-20 15:12:54 +01:00
5df0f0b164
improvements to tests and api
2021-04-19 15:13:42 +01:00
88f17c5128
cleanup and removes cookies filtering
2021-04-16 17:31:11 +01:00
fc55d74b80
http-client cookie jar support and tests
2021-04-16 12:24:21 +01:00
d20285b507
Correct DNS PTR record crash
...
When using `auxiliary/gather/enum_dns` and setting `NS` to an internal system, the following crash occurs (which is fixed with this PR):
```
[-] Auxiliary failed: NoMethodError undefined method `ptr' for #<Dnsruby::RR::IN::PTR:0x00007f8b9e9cb450>
```
2021-04-14 09:58:50 -04:00
4c37e35d82
Land #14770 , guard when spawn is used with TcpServer mixin
2021-04-14 11:34:25 +01:00
893de0c45c
Land #14987 , Update RbMysql to the most recent version
2021-04-07 13:29:43 +01:00
278c56652e
Update RbMysql to the most recent code from this gem https://github.com/tmtm/ruby-mysql
2021-04-01 14:17:28 +01:00
a803d7a0d1
CVE-2019-0307
...
Add post module smdagent_get_properties.rb
Add lib sap_smd_agent_unencrypted_property.rb
Update auxiliary module cve_2020_6207_solman_rce.rb
Update lib sap_sol_man_eem_miss_auth.rb
2021-03-29 20:29:30 +03:00
80ae750df5
Land #14697 , Add Nagios XI mixin and auxiliary scanner module and docs
2021-03-26 18:12:16 -05:00
514f97f4fe
Fix bug in nagios_xi_version regex
2021-03-26 14:18:25 -04:00
83e31aeaa4
Use safe navigation operator for get_nsp regex
2021-03-26 13:44:17 -04:00
9039b5687f
Fix up version regex and also fix a description to be a little more accurate
2021-03-26 11:57:03 -05:00
1dbf1656d3
Update to introduce wrapping on some comments and also to fix up the CVE output a bit
2021-03-26 11:46:51 -05:00
65b35e4e6a
Remove unnecessary empty check for nagios_rce_version_prior hash
2021-03-25 15:06:27 -04:00
122dbbea1e
Add additional supported modules. Align results when printing in scanner.
2021-03-25 15:01:05 -04:00
6d1986e8ca
Avoid mixing return types in login.rb
2021-03-25 14:13:55 -04:00
707f163e15
Avoid type mixing as much as possible, add other feedback from code review
2021-03-25 11:19:31 -04:00
0487e451cf
Updated payload
...
Updated make_rce_payload, renamed get_agent_os to check_agent in lib sap_sol_man_eem_miss_auth.rb
Updated action_ssrf, action_exec in auxiliary module cve_2020_6207_solman_rce.rb
Updated execute_command, exploit in exploit module cve_2020_6207_solman_rs.rb
2021-03-25 14:20:54 +03:00
391e013d89
Removed var lhost, lport in exploit module cve_2020_6207_solman_rs.rb
...
Changed fail reason if agent_name is nil in lib sap_sol_man_eem_miss_auth.rb
2021-03-25 11:26:14 +03:00
924f7feb76
Updated Arch in the exploit module cve_2020_6207_solman_rs.rb
...
Corrected by rubocop library sap_sol_man_eem_miss_auth.rb
2021-03-24 16:26:01 +03:00
abe8c73be9
Added get_agent_os in lib sap_sol_man_eem_miss_auth.rb
2021-03-24 16:03:20 +03:00
567f78c532
Update PAYLOAD_XML, check_response in lib sap_sol_man_eem_miss_auth.rb
...
Delete class var agents in auxiliary and exploit modules
2021-03-24 11:21:57 +03:00
ce8a3eea12
Update check_response in lib sap_sol_man_eem_miss_auth.rb
2021-03-23 23:57:40 +03:00
space-r7