253cb8580a
Responded to comments added retry_until_true
2022-04-27 09:45:18 -07:00
266d3bb9ca
Apply suggestions from @bcoles code review
...
Co-authored-by: bcoles <bcoles@gmail.com >
2022-04-26 13:40:25 -07:00
ca0be9c145
Add WSO2 file upload RCE module
2022-04-26 12:29:12 -07:00
de453b8970
Update documentation/modules/exploit/linux/redis/redis_debian_sandbox_escape.md
...
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2022-04-26 14:42:57 -04:00
d20fd996bd
Fix spelling mistakes
2022-04-26 03:38:23 -07:00
71a4023c0d
Initial commit of Redis sandbox escape CVE-2022-0543
2022-04-26 03:32:11 -07:00
02d911e655
gdb_server_exec: Cleanup and add support for armle/aarch64 architectures
2022-04-25 19:25:06 +00:00
ab98aee3a4
Remove unrelated module files
2022-04-23 19:50:05 -04:00
3e07b8c99b
Refactor MKI vcenter_forge_saml_token.rb
...
Extensive refactoring to move away from directly manipulating datastore
options and use local variables instead.
The initial template generation method has been redesigned to use an
external file via Erubi::Engine which is much cleaner vs. jamming a
multiline string into the module.
Response HTML from vCenter is now parsed with Nokogiri HTML vs. pulling
it out with regex.
Registered options have been reworked, following suggestions and
feedback. The use of VHOST in particular eliminates the need to pass
RHOSTS to the template and makes the module behave more closely to "real"
vCenter (i.e., always uses FQDN for the destination).
Added advanced datastore options to control the token lifetime
NOT_BEFORE and NOT_AFTER skew, in seconds. This also uncovered a bug with
the way I was deriving Zulu time which skewed based on the local system
time zone offset from Zulu; this has been fixed.
Corrected a stupid typo in the validate_fqdn method (don't need to check
for capital letters if the test string is always downcase...)
validate_idp_options now uses File.binread and can process certs in keys
in DER or PEM instead of just PEM.
Code optimization, particularly around error handling; other minor
tweaks based on improved understanding of the Framework's capabilities.
Many style changes and modifications based on suggestions and feedback.
Documentation was updated to reflect reality.
2022-04-23 19:42:24 -04:00
3b5719ec88
nfs mount more intelligent
2022-04-23 07:11:00 -04:00
44ab99c89f
nfs mount more intelligent
2022-04-23 07:02:37 -04:00
140c3bfd50
Land #16432 Enumerate Windows AV module
...
Post module that will query WMI via shell
or meterpreter session for deployed AV products
from the root\SecurityCenter2 namespace
2022-04-21 13:07:56 -07:00
7be74eca8b
Updated spacing
2022-04-21 11:52:27 -07:00
f011e923e2
Fixed docs
2022-04-21 11:45:26 -07:00
d8542ad2b5
Changed vprint to print update docs
2022-04-21 11:35:33 -07:00
5411b6b909
Added docs
2022-04-21 09:24:13 -07:00
e2c6c36b2b
Land #1642 , Add module for cve-2022-0995
2022-04-21 09:12:47 -05:00
2e7ae40fcb
Revise vcenter_secrets_dump
2022-04-21 09:51:51 -04:00
925df9dc87
Update markup document
2022-04-21 09:41:09 -04:00
30aaea9350
Add vcenter_forge_saml_token aux module
2022-04-21 09:25:35 -04:00
104071e816
Land #16483 , fix typo 'MetaSploit' in readme and comment
2022-04-21 10:13:14 +01:00
d3c9648af0
Land #16438 , Fix smtp server auth prompt
...
Some smtp servers only give out creds when promted.
Now there exists a mondule option 'AUTHPROMPT' to indicate
whether or not the auth prompt is required by the server.
2022-04-20 22:21:55 -07:00
9297c0e058
FIX: typo 'MetaSploit' in readme and comment
2022-04-21 14:44:57 +10:00
78d4ac8592
Update module reliability and also fix issues from bcoles's review
2022-04-20 19:04:27 -05:00
d9a241defb
Fix overzealous source code edit and some version copy/pasta errors
2022-04-20 14:31:32 -05:00
aba48a6905
Improve JSON cleanup, fix jjs specific wording, and moved JJS_PATH to defaultoptions
2022-04-20 06:27:43 -07:00
ae54c8c3d9
Initial implementation of authenticated RCE against ManageEngine ADSelfService Plus (CVE-2022-28810)
2022-04-19 10:33:54 -07:00
37af434510
Add vcenter_secrets_dump post module
2022-04-17 19:25:32 -04:00
e927da2ffa
land #16359 , docs for ipidseq aux module
2022-04-17 08:35:20 -04:00
079794c2de
doc cleanup for ipidseq
2022-04-17 08:34:53 -04:00
66fe338297
Move getsimplecms_unauth_code_exec.md documentation to http dir
2022-04-16 16:53:34 +00:00
b83a4b2a7a
Add in fixes to module and documentation from final review
2022-04-14 12:45:15 -05:00
83f4473c2a
Correct Ubuntu target version
2022-04-14 12:01:38 -05:00
03d01d2f72
Remove stray markup
2022-04-14 10:29:54 -05:00
f32443b477
Update with debug source code and options, cleanup module code per gwillcox-r7
2022-04-14 10:25:55 -05:00
147d6e1df7
Added docs, reverted strip_comments, rubocop'd
2022-04-12 21:14:11 -05:00
ab382cddf0
change requireauth to authprompt
2022-04-11 14:26:25 -04:00
f7b58e243c
smtp server can prompt for auth
2022-04-10 11:55:07 -04:00
a53be3184a
Improving error handling of Kerberos
2022-04-08 20:48:10 +01:00
1e867ac5a7
Improve kerberos user enum module
2022-04-08 15:55:37 +01:00
525480d592
Change the doc to reflect changes to the module. Additionally, the different target options are showcased
2022-04-08 11:11:27 +02:00
5de966cfb1
Land #16382 , CVE-2022-26904 SuperProfile LPE
2022-04-07 12:52:39 -04:00
fe59475c9f
Change the documentation to resemble the correct exploit filename
2022-04-07 15:43:07 +02:00
4e6176d9ca
Finish exploit CVE-2022-22965
2022-04-07 15:22:18 +02:00
1fd779c52c
Land #15972 , add LEAK_PARAMS option log4shell scan
2022-04-06 11:17:44 -05:00
70b1da6df4
Fix a misspelling
2022-04-06 09:04:26 -04:00
04ac668e21
Update the docs for readability
2022-04-06 08:58:09 -04:00
94e0eec249
Land #16082 , Add ShadowMitmDispatcher to the smb_shadow module
2022-04-06 11:45:59 +02:00
d60754ea37
Land #16401 , add CVE-2022-22616 to osx_gatekeeper_bypass
2022-04-06 07:57:32 +01:00
9b03e74484
Documentation for get_bookmarks module
2022-04-05 22:49:12 -04:00
Jack Heysel