d86f9427c9
change version check and add sleep
2020-09-11 11:49:14 -05:00
e5c9439974
rubocop and metadata additions
2020-09-10 18:32:30 -05:00
8474462458
add command stager usage
2020-09-10 18:02:07 -05:00
4d9f5e14e8
remove pry statement and comments
2020-09-02 13:41:33 -05:00
1e90d10531
add functionality for channel setup
2020-09-02 13:37:41 -05:00
314fb755c0
update comment on Author metadata
2020-09-02 19:43:06 +02:00
1b09ecfd04
make auth_bypass return a checkcode
2020-09-02 17:50:09 +02:00
1d4c0bedfc
base64-encode the command in the check method
2020-09-01 20:58:37 +02:00
9d3981723b
use hex encoding in command injection
2020-09-01 18:26:25 +02:00
cd38077974
Add the non-encoded serialized object in the script, to make it more readable
2020-08-31 15:15:52 +02:00
82d8b92e24
add module documentation
2020-08-30 16:57:01 +02:00
f96ad15dfa
minor fix / refactoring
2020-08-30 16:31:04 +02:00
9d33ebd54a
Add Mida Solutions eFramework ajaxreq.php Command Injection
2020-08-30 12:46:00 +00:00
efdbf5716c
avoid printing on methods called from check, and remove autocheck
2020-08-30 13:53:55 +02:00
2fde21a621
add check method, and address feedback from bcoles
2020-08-30 12:45:40 +02:00
7a120ef60b
Add EDB and PACKETSTORM references
...
Co-authored-by: bcoles <bcoles@gmail.com >
2020-08-30 12:44:12 +02:00
43501cc92c
rubocop / remove newline at EOF
2020-08-20 15:50:18 +02:00
c83ec8ea04
Add Artica Proxy RCE+Auth bypass module
2020-08-20 02:15:58 +02:00
de5f335618
Fix formatting
2020-08-17 11:53:39 -05:00
0c34c2559e
Remove no-op Nokogiri::XML pretty printing
...
ea1f3d60f1
2020-08-17 11:16:11 -05:00
27ae6c4edd
Land #13986 , Add CVE-2020-16205 exploit for Geutebruck G-CAM
2020-08-17 09:24:32 -05:00
ea1f3d60f1
Adjust XML whitespace and add commands to the setup docs
2020-08-17 10:03:44 -04:00
eda222434f
Execute commands in a shell
2020-08-14 21:46:34 -05:00
22cf22fe53
Fix ARCH_CMD payload
...
Currently, we're not invoking within a shell.
2020-08-14 21:46:34 -05:00
f151c511bc
Explain what we're doing in the check
2020-08-14 21:46:34 -05:00
d3febe3284
Set SSL as a DefaultOption and update RPORT
2020-08-14 21:46:34 -05:00
46b6368597
Add Apache OFBiz XML-RPC Java deserialization
2020-08-14 21:46:34 -05:00
4a8b64a12f
Use WritableDir in execute_cmdstager, too
2020-08-14 21:07:08 -05:00
93fa66bfc5
Update geutebruck_testaction_exec.rb
...
And a fix for the fix ;)
I guess now everything will work as intended !
2020-08-15 00:56:53 +02:00
1da359ee01
Merge with last fix. This fix just fixes a issue with a method call as I tried calling the nonexistant method .true?
2020-08-14 17:49:02 -05:00
896c8aacae
Add in AutoCheck mixin so that we ensure targets are vulnerable before attempting to exploit them.
2020-08-14 17:27:39 -05:00
898f94320c
Add in fixes to check method so that the code will return the correct status if the connection fails
2020-08-14 17:18:31 -05:00
f3fdcf4343
Update geutebruck_testaction_exec.rb
...
Oops sorry, don't know what this "return true" was doing there.
2020-08-14 23:56:21 +02:00
f726967ba7
Update geutebruck_testaction_exec.rb
...
with the updated check using `Gem::Version`
2020-08-14 23:17:26 +02:00
a6f7c0c0de
Backport miscellaneous fixes to my modules
2020-08-14 13:40:23 -05:00
0dc53c46d4
Apply Rubocop fixes I forgot about and update the module description to add in missing information about affected parameters
2020-08-13 15:23:09 -05:00
c59b3835f9
Fix up module description to have better sentence structure and English and to also include the actual versions of the products that were affected in addition to the firmware versions. This prevents people from having to read the documentation to find affected targets
2020-08-13 15:18:10 -05:00
3c70f37dbe
Update exploit ranking to reflect the fact that this is a CMD Injection vulnerability with no chance of crashing the host
2020-08-13 14:40:33 -05:00
959689d5de
Update geutebruck_testaction_exec.rb
...
Fixed rubocop offenses / msftidy warnings and added @bcoles enhancements.
2020-08-13 14:29:31 -05:00
5f6a0746a6
Update modules/exploits/linux/http/geutebruck_testaction_exec.rb
...
Co-authored-by: bcoles <bcoles@gmail.com >
2020-08-13 14:29:30 -05:00
a69d941a72
Update modules/exploits/linux/http/geutebruck_testaction_exec.rb
...
Co-authored-by: bcoles <bcoles@gmail.com >
2020-08-13 14:29:30 -05:00
4ceb542fac
Update modules/exploits/linux/http/geutebruck_testaction_exec.rb
...
Co-authored-by: bcoles <bcoles@gmail.com >
2020-08-13 14:29:30 -05:00
a5e25f5a42
Add exploit for Geutebruck G-CAM
2020-08-13 14:29:28 -05:00
d5d4716b1c
Update TMSH escape reliability notes
...
What's strange is that if the stars align, like if the system has been
"used" enough, the exploit is incredibly reliable. Maybe my test
environment is bonkers.
2020-07-17 06:26:00 -05:00
c082ccd337
Make Meterpreter the default target
2020-07-17 06:10:53 -05:00
1ae689ce5f
Improve robustness by refactoring error handling
...
tmshCmd.jsp is extremely unreliable!
2020-07-17 05:23:42 -05:00
7e7881fbfa
Land #13730 , Add Pandora FMS Events Remote Code Execution (CVE-2020-13851) module and docs
2020-07-11 13:10:47 +01:00
c61f34ed16
Land #13596 , [GSoC] SQLi library with support to MySQL (and MariaDB)
2020-07-10 13:45:47 -05:00
957042f0a3
Nuke redundant force-exploit advanced option
2020-07-09 17:24:19 -04:00
df42399f61
Add installation instructions to docs
2020-07-09 17:20:07 -04:00
Shelby Pace