ab9576f83d
Add changes
2023-12-01 10:55:04 +01:00
11bcd43562
Apply suggestions from code review
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com >
2023-11-30 17:30:59 +11:00
22242732d9
working cve-2022-0492
2023-11-28 15:25:53 -05:00
b171b5e77c
working cve-2022-0492
2023-11-28 15:16:18 -05:00
4ae62a431b
not-working docker escape
2023-11-28 13:44:08 -05:00
c5075ade2a
Land #18567 , Add exploit module for CVE-2023-5360.
...
This pull request adds a new exploit module for
an unauth file upload vulnerability in the
WordPress Royal Elementor Addons and Templates
plugin, versions before 1.3.79, tracked as CVE-2023-5360.
2023-11-28 13:28:53 -05:00
708c795890
Land #18560 , Forging diamond and sapphire tickets
2023-11-28 11:14:15 -05:00
b2fa201a7d
Implement check
2023-11-28 16:45:44 +01:00
0146527e55
Add splunk_xslt_authenticated_rce
2023-11-28 15:40:05 +01:00
402434bbf2
Add module output
2023-11-28 08:41:35 +01:00
bfd22f8f01
Update documentation/modules/exploit/multi/http/wp_royal_elementor_addons_rce.md
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2023-11-28 08:15:14 +01:00
c293c273ba
Attempt to decrypt pre-auth kerberos response
2023-11-27 13:09:59 +11:00
3ca13d9358
Changes from code review.
...
Added in the stability/IOC notes, since diamond/sapphire do make requests.
2023-11-27 10:30:54 +11:00
622277e960
Added documentation for ASREP module
2023-11-24 08:45:26 +11:00
31daaf58fe
Add wp_royal_elementor_addons_rce
2023-11-23 05:15:28 +01:00
bba178e87f
crack windows
2023-11-21 17:11:15 -05:00
4bca269e01
doc overhaul
2023-11-21 17:11:15 -05:00
2750deedee
Update
2023-11-21 18:28:28 +01:00
5c09c86349
Land #18448 , corrected options confict between module and ldap mixin
2023-11-21 13:33:21 +00:00
f0ab3a7140
Fix typo
2023-11-21 02:13:58 +01:00
58425df0ef
Update vinchin_backup_recovery_cmd_inject exploit and documentation
2023-11-21 02:09:24 +01:00
42cdda7200
Vinchin
2023-11-16 18:10:42 +01:00
24fc989305
Merge branch 'rapid7:master' into master
2023-11-16 16:09:36 +01:00
6e1580e5f5
added target DIR-845L
2023-11-13 14:48:59 +00:00
51523e0971
release updating dlink_upnp_msearch_exec exploit module
2023-11-13 12:15:04 +00:00
04361e1005
Land #18524 , Update reverse_tcp.md, improper switches
2023-11-13 12:08:00 +00:00
1da4333611
Land #18434 , Add module for Zoneminder RCE
...
This PR adds an RCE module for the Zoneminder video
surveillance software system (CVE-2023-26035).
2023-11-10 15:15:01 -05:00
fec66b5bbe
Update reverse_tcp.md, improper switches
...
Improper usage of switches presented in documentation
2023-11-09 19:36:28 -05:00
5d5f711dcd
updated documentation
2023-11-09 22:40:36 +00:00
c5cfc995c2
Add vinchin_backup_recovery_cmd_inject
2023-11-09 19:47:27 +01:00
b5aeab0c9f
Merge #18491 , Add Module for PL/SQL Developer to gather credentials
...
Merge branch 'land-18491' into upstream-master
2023-11-09 11:18:52 -06:00
893da00c6a
Modify Table DisplayName and password matching regex
2023-11-09 13:58:14 +08:00
9c23f86d83
Add support for v15 new encryption algorithm
2023-11-09 05:08:27 +08:00
77a93e452f
Land #18507 , Exploit & Auxiliary modules for CVE-2023-20198 and CVE-2023-20273 (Cisco IOS XE)
...
Merge branch 'land-18507' into upstream-master
2023-11-08 09:05:40 -06:00
64c9968328
Update cisco_ios_xe_os_exec_cve_2023_20273.md, which was missing CISCO_ADMINUSERNAME and CISCO_ADMIN_PASSWORD in the show options command output
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2023-11-08 09:16:12 +00:00
06369281b9
Land #18503 , Apache Nifi Cred Stealer Post Module
...
This PR adds a post module to steal config and credential
information for Apache NiFi.
2023-11-07 20:05:10 -05:00
d4166098a8
Update to be compatible for PL/SQL 14
2023-11-08 01:15:22 +08:00
f1317fa050
review comments
2023-11-06 18:34:36 -05:00
0ce7b03397
update nifi credentials post module
2023-11-06 14:50:02 -05:00
25ef7d1272
add the RCE exploit
2023-11-06 17:12:40 +00:00
8364ae896b
add the CLI command to sue to enable testing the WebUI
2023-11-06 17:11:39 +00:00
e8d45b00ba
Land #18501 , Exploit module for CVE-2023-46604 - Apache ActiveMQ
...
Merge branch 'land-18501' into upstream-master
2023-11-06 09:30:48 -06:00
b28668790d
allow user to explicitly specify a CLI mode. Valid modes are 'user', 'privileged', and 'global'.
2023-11-06 11:40:22 +00:00
10ee87c712
Add an optional CISCO_ADMIN_USERNAME and CISCO_ADMIN_PASSWORD options. If set these admin creds are used to leverage CVE-2023-20273. If not set, then CVE-2023-20198 is used to create a new temp admin account before leveraging CVE-2023-20273
2023-11-06 10:20:07 +00:00
be1229747f
fix another typo on documentation
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2023-11-06 09:47:38 +00:00
22cb55b36b
fix type on documentation
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2023-11-06 09:47:23 +00:00
1cde6198b5
Land #18481 , MagnusBilling unauthenticated RCE [CVE-2023-30258]
2023-11-03 20:42:27 +01:00
a55132b36f
strip out "**CLI Line # " from the results and use print_line instead of print_status for cleaner output.
2023-11-03 17:09:08 +00:00
c8121ebd8e
mention dropping to User EXEC mode via two exit keywords
2023-11-03 16:43:21 +00:00
17420289dc
Add two auxiliary modules for the recent Cisco IOS XE exploit chain bugs (CVE-2023-20198 and CVE-2023-20273). This allows for unauthenticated remote CLI or OS command execution.
2023-11-03 15:38:35 +00:00
Balgogan