76f89dc4d4
Update apache_druid_js_rce.rb
2021-04-04 21:36:53 +08:00
80f96f0045
Update modules/exploits/linux/http/apache_druid_js_rce.rb
...
Co-authored-by: wvu <wvu-r7@users.noreply.github.com >
2021-04-03 23:57:22 +08:00
34a5f7906c
Rebase so we can use the latest mixin code,update the version range, update docs
2021-04-01 13:29:44 -04:00
faab100d9a
Add Nagios XI Mibs.php Authenticated RCE module and docs
2021-04-01 13:06:33 -04:00
f76f58eb51
Rebase, use latest mixin code in check, update version and docs
2021-04-01 12:43:44 -04:00
dd5c747584
Add Nagios XI snmptrap RCE and docs
2021-04-01 12:26:06 -04:00
02b9e5c939
rebase, use latest mixin code, correct vulnerable versions, update docs
2021-04-01 12:18:46 -04:00
3b7e612541
Add Nagios XI Plugins Filename Authenticate RCE module and docs
2021-04-01 11:23:52 -04:00
2df90d8d23
Rebase, rename module to nagios_xi_plugins_check_plugin_authenticated_rce, update check to take advantage of mixin, minor improvements
2021-04-01 11:07:49 -04:00
2cbd1a6be9
Land #14935 , add F5 iControl REST API SSRF RCE
2021-04-01 08:40:38 -05:00
a02f14f644
Add 'moved_from' alias
2021-04-01 09:26:24 -04:00
0e7c11ada3
Rename module and modify it to use the Nagios XI mixin, add autocheck, fix syntax and linting, also update docs
2021-04-01 09:26:16 -04:00
2ac30a5c61
Update modules/exploits/linux/http/apache_druid_js_rce.rb
...
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com >
2021-04-01 07:07:24 +08:00
cb3f1238f3
Add F5 iControl REST CVE-2021-22986 exploit
2021-03-31 14:02:32 -05:00
9806026ab9
Update from code review
2021-03-31 17:48:35 +02:00
b6b7956f0f
Add Apache Druid CVE-2021-25646 RCE
2021-03-31 21:11:23 +08:00
d73ec7a751
Remove the CmdStager allow list and randomize the domain
2021-03-31 08:54:37 -04:00
21ec87d8bd
Add Apache Druid CVE-2021-25646 RCE
2021-03-31 20:43:28 +08:00
a0a4bc079a
Add the exploit module for CVE-2021-26295
2021-03-30 18:18:16 -04:00
fca8bf37e2
Update description & add Stability trait
2021-03-29 11:14:35 +02:00
00698d20bf
Add waiting status message and update doc
2021-03-26 14:59:27 +01:00
b069fec866
Add module and doc for Saltstack Salt API wheel_async RCE
2021-03-26 13:54:06 +01:00
fb7a97077f
Land #14875,CVE-2021-21978 - VMWare View Planner Harness 4.6.x < 4.6 Security Patch 1 Arbitrary File Upload RCE
...
Merge branch 'land-14875' into upstream-master
2021-03-18 12:06:12 -05:00
b1c3c49eb5
Land #14757 , nagios_xi_magpie_debug: add writable paths, improvements, cleanup, fixes
2021-03-16 17:43:43 -05:00
e30d8db082
nagios_xi_magpie_debug: add writable paths, improvements, cleanup, fixes
...
Resolve Rubocop violations
Fix off-by-one in array index triggered when no file upload succeeds
Fix cleanup: ensure files are removed when upload succeeds but execution fails
Add AutoCheck
Add module notes
Add error handling and associated operator feedback
Add additional writable paths required for some old Nagios versions
Add fallback to session as `apache` if privlege escalation fails
Update documentation in line with above changes and fix software download links
2021-03-16 07:13:55 +00:00
57931956d9
Fix bad style again
2021-03-15 01:33:32 -05:00
ecae6eb91a
Update response check to explicitly check if the response body is empty and to remove unneeded safe navigation operator
2021-03-14 13:14:52 -05:00
6616112b59
Correct exploit ranking, wrap file restoration in ensure clause, fix typos, and address other review comments
2021-03-14 00:00:18 -06:00
89ce1c5229
Quick update to make the backdoor a bit stealthier by removing the extra Payload Success! message that wasn't needed
2021-03-14 00:00:17 -06:00
a6c92a12a1
Add link to wvu's PoC and fix typo
2021-03-14 00:00:17 -06:00
4f2e299d8f
Update the exploit to use Python as its payload since this is a lot more flexible, allows Meterpreter, returns a shell faster, and we are already injecting into and executing a Python file
2021-03-14 00:00:06 -06:00
c2c5db95d8
Add in documentation and fix some mistakes in the description of the module
2021-03-14 00:00:05 -06:00
7d6e636114
Initial upload of exploit code for CVE-2021-21978
2021-03-13 23:59:47 -06:00
d580e7d122
Fix some documentation, remove unnecessary code and fix a filename typo
2021-03-11 12:09:29 -06:00
8d2e644f4f
Add a new Java Deserialization mixin and use it to set the shell
2021-03-11 12:09:29 -06:00
319f15d938
Handle nil versions for rubygems 4
2021-02-25 16:47:49 +00:00
b06c5c12aa
Rubocop recently landed modules continued
2021-02-25 14:13:40 +00:00
8a339f54c1
Land #14734 , updates and runs rubocop against recent modules
...
Rubocop recently landed modules
2021-02-19 13:48:47 +00:00
275e9c5454
Land #14696 , Further Zeitwerk lands to improve boot speed
...
Zeitwerk rex folder
2021-02-19 10:33:37 +00:00
5b3fde7735
Rubocop recently landed modules
2021-02-16 15:08:08 +00:00
a1c316c679
msftidy: Fix exploit module checks for author and stack buffer overflow
2021-02-13 04:10:13 +00:00
c1e2cfd9e7
Land #14744 , add Klog Server unauth cmd injection
2021-02-12 11:40:57 -06:00
bdc2041c83
Add Klog Server authenticate.php user Unauthenticated Command Injection
2021-02-12 17:07:52 +00:00
bed7ae2c78
Add latest rubocop rules
2021-02-12 13:31:51 +00:00
b95be3ed10
Zeitwerk rex folder
2021-02-08 12:24:12 +00:00
3a2932b798
Migrate old uses of manual autocheck to use the new prepend autocheck
2021-02-02 10:15:46 +00:00
39b7ba584e
Randomize strings
...
Spencer tells me not to signature-bait, at least not so obviously. ;)
2021-01-22 16:15:16 -06:00
0d410f32c3
Add MobileIron CVE-2020-15505 exploit
2021-01-22 00:37:07 -06:00
9b8b4621df
Land #14368 , Pulse Connect Secure gzip RCE: cve-2020-8260
2020-12-17 17:43:55 -05:00
43b1497cf6
Remove some debug info and mark bind payloads as being incompatible
2020-12-17 16:36:20 -05:00
je5442804