0252429715
Land #18775 , Adding new module for MinIO (CVE-2023-28432)
2024-03-11 14:46:59 +01:00
ba75b3bb3f
Land #18716 , gitlab password reset account takeover (CVE-2023-7028)
2024-03-07 14:40:29 +01:00
e20558ec35
Land #18821 , Gitlab public email disclosure CVE-2023-5612
2024-03-06 17:39:24 +01:00
23e0abe2f6
Land #18686 , ssh_version module
2024-03-06 10:32:01 -05:00
8b6f7594e4
ssh_version module
2024-03-05 17:18:24 -05:00
c4837d09e9
ssh_version module
2024-03-05 17:15:43 -05:00
7f6be50855
review of ssh_version improvements
2024-03-03 17:59:00 -05:00
f2d836d008
review of ssh_version improvements
2024-03-03 09:18:52 -05:00
d52220cccb
Fixes the create session datastore option from appearing for payloads
2024-02-22 14:58:41 +00:00
7b56d012e8
Land #18678 , add LDAP capture capabilities
2024-02-15 22:11:04 +00:00
35f8c6ce8a
Added fixes suggested by reviewer. Added a fix for redirects due to workspaces being case-insensitive.
2024-02-14 09:09:52 -05:00
fdcd9e26ad
Adding module for gitlab_email_disclosure
2024-02-09 20:51:45 -05:00
2b01b86374
Adding new module for MinIO
2024-01-31 13:33:04 -05:00
482d2b28b1
gitlab password reset account takeoever
2024-01-18 16:19:26 -05:00
a8bc6cc27f
ssh_version module docs
2024-01-11 14:56:09 -05:00
d57c9fb464
ssh_version module
2024-01-11 14:48:21 -05:00
beef573fb8
Land #18635 , Authenticated Splunk Info Disclosure
...
This PR adds a module for an authenticated Splunk information
disclosure. This module gathers information about the host
machine and the Splunk install including OS version, build,
CPU arch, Splunk licnese keys etc.
2023-12-28 11:20:52 -05:00
0394f5f7ad
splunk 6.6.0+
2023-12-20 20:47:04 -05:00
6fc0704930
Land #18477 , Add docs for nessus_rest_login
2023-12-20 16:49:09 -05:00
300c53d005
Fix typos and tweak the section order
2023-12-20 16:31:52 -05:00
a31de9eb05
Adding Splunk Info Disclosure module.
2023-12-20 14:07:50 -05:00
f5e81aee2a
Add docs for ssh_identify_pubkey using Metasploitable2 as target
2023-12-13 17:00:46 +00:00
603e5b2bff
Land #18569 , Add a module to perform ASREP-roasts
...
This adds a module to gather credential material from accounts
with Requires Pre-Authentication disabled. The module supports two
mechanisms, Brute Forcing using a list of usernames or using a LDAP
query to request the relevant usernames, followed by requesting TGTs.
2023-12-11 19:58:06 -05:00
bc16684046
Update nessus_rest_login.md
2023-12-09 22:57:22 -05:00
93cfdd88cb
Rename nessus_http_login.md to nessus_rest_login.md
2023-12-09 22:57:03 -05:00
509ec2c9b5
Land #18591 , add ownCloud auxiliary module
...
This module can extract sensitive environment variables from
the ownCloud target including ownCloud, DB, Redis, SMTP and
S3 credentials.
2023-12-05 10:50:57 -05:00
76657c8f14
`Update documentation/modules/auxiliary/gather/owncloud_phpinfo_reader.md
2023-12-05 10:20:51 -05:00
3d6ddf769e
Land #17667 , Update password crackers
2023-12-04 10:45:53 -05:00
befc87f9f0
owncloud exploit
2023-12-03 15:45:44 -05:00
ea803063b1
owncloud phpinfo reader
2023-12-03 11:04:38 -05:00
11bcd43562
Apply suggestions from code review
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com >
2023-11-30 17:30:59 +11:00
708c795890
Land #18560 , Forging diamond and sapphire tickets
2023-11-28 11:14:15 -05:00
c293c273ba
Attempt to decrypt pre-auth kerberos response
2023-11-27 13:09:59 +11:00
3ca13d9358
Changes from code review.
...
Added in the stability/IOC notes, since diamond/sapphire do make requests.
2023-11-27 10:30:54 +11:00
622277e960
Added documentation for ASREP module
2023-11-24 08:45:26 +11:00
bba178e87f
crack windows
2023-11-21 17:11:15 -05:00
4bca269e01
doc overhaul
2023-11-21 17:11:15 -05:00
5c09c86349
Land #18448 , corrected options confict between module and ldap mixin
2023-11-21 13:33:21 +00:00
64c9968328
Update cisco_ios_xe_os_exec_cve_2023_20273.md, which was missing CISCO_ADMINUSERNAME and CISCO_ADMIN_PASSWORD in the show options command output
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2023-11-08 09:16:12 +00:00
8364ae896b
add the CLI command to sue to enable testing the WebUI
2023-11-06 17:11:39 +00:00
b28668790d
allow user to explicitly specify a CLI mode. Valid modes are 'user', 'privileged', and 'global'.
2023-11-06 11:40:22 +00:00
10ee87c712
Add an optional CISCO_ADMIN_USERNAME and CISCO_ADMIN_PASSWORD options. If set these admin creds are used to leverage CVE-2023-20273. If not set, then CVE-2023-20198 is used to create a new temp admin account before leveraging CVE-2023-20273
2023-11-06 10:20:07 +00:00
be1229747f
fix another typo on documentation
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2023-11-06 09:47:38 +00:00
22cb55b36b
fix type on documentation
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2023-11-06 09:47:23 +00:00
a55132b36f
strip out "**CLI Line # " from the results and use print_line instead of print_status for cleaner output.
2023-11-03 17:09:08 +00:00
c8121ebd8e
mention dropping to User EXEC mode via two exit keywords
2023-11-03 16:43:21 +00:00
17420289dc
Add two auxiliary modules for the recent Cisco IOS XE exploit chain bugs (CVE-2023-20198 and CVE-2023-20273). This allows for unauthenticated remote CLI or OS command execution.
2023-11-03 15:38:35 +00:00
df47814029
Land #18454 , add AppleTV and Axis Login Doc files.
2023-10-30 16:38:14 -04:00
1dc4e35134
Fix typos and log vulnerable servers
...
Log servers that are vulnerable but don't leak any cookies
2023-10-27 11:47:01 -04:00
94ede61a99
Add module docs
2023-10-26 09:52:59 -04:00
Christophe De La Fuente