65d338d00e
Note tested version in module
2020-04-15 15:47:51 -05:00
5a91a1e54f
Remove res.code == 200 check again
...
It really isn't necessary when we're looking for just the header.
2020-04-15 15:47:51 -05:00
7dd3be507f
Add wget CmdStager
2020-04-15 15:47:51 -05:00
e248e2ed43
Consolidate CmdStager flavors to symbols
...
As per the API. Strings are fine, but they're supposed to be symbols.
2020-04-15 15:47:51 -05:00
99336f6bd3
Add ARTIFACTS_ON_DISK, since it uses CmdStager
...
Whoops, forgot this when I changed it from ARCH_CMD.
2020-04-15 15:47:51 -05:00
d9aa80268d
Rearrange methods a bit
2020-04-15 15:47:50 -05:00
e6c42448b2
Add res.code check to match prior commit
2020-04-15 15:47:50 -05:00
df992bf94b
Note compromised user less specifically
...
This is just what was configured in the Docker container.
2020-04-15 15:47:50 -05:00
ae4af1a4f0
Format Java EL expression nicely
2020-04-15 15:47:50 -05:00
baae9db092
Fix some more things
2020-04-15 15:47:50 -05:00
6275b16b04
Fix some things
2020-04-15 15:47:50 -05:00
1ce6c310ba
Escape double quotes in EL payload
2020-04-15 15:47:50 -05:00
143d8463ec
Prefer include? for NXSESSIONID=
...
Co-Authored-By: bcoles <bcoles@gmail.com >
2020-04-15 15:47:50 -05:00
45263b8aa5
Add Nexus Repository Manager Java EL Injection RCE
2020-04-15 15:47:50 -05:00
0858178c09
Add cleanup support and update description
2020-04-14 13:27:25 -05:00
c151b93ba4
Fix up clarity and spelling issues in module and documentation
2020-04-13 16:28:39 -05:00
b7a1fbdde2
Fixed documentation and login method
2020-04-13 18:55:56 +03:00
706a395bc0
Fixed 2nd round of suggested changes
2020-04-13 11:22:02 +03:00
d906c3dc77
Fixed reviews suggestions
2020-04-11 14:38:19 +03:00
eb7d2f821d
Adding CVE number
...
Signed-off-by: Mehmet İnce <mehmet@mehmetince.net >
2020-04-11 12:22:17 +03:00
5d04c2b4a5
Adding documentation and module description
...
Signed-off-by: Mehmet İnce <mehmet@mehmetince.net >
2020-04-11 12:22:17 +03:00
7c2f65da36
Adding vestacp exec
...
Signed-off-by: Mehmet İnce <mehmet@mehmetince.net >
2020-04-11 12:22:17 +03:00
7934d1de09
Land #13098 , add Pandora FMS module
2020-04-06 11:42:24 -05:00
a3c07b7cc1
use nospace opt, fix regex, iterate id_agente
2020-04-06 11:34:13 -05:00
5f0c9942d2
Land #12756 , add dlink dwl2600 exploit
2020-03-27 12:38:35 -05:00
8aa4d7a944
remove mixins, add CVE
2020-03-27 12:37:40 -05:00
bb21c8f6d8
Finishing Touches on DLINK DWL 2600 Module
...
These last finishing touches complete the DLINK DWL 2600 Module. The
fixes include making renaming token to @token and adding the noconcat
CmdStager option.
2020-03-26 20:13:55 -05:00
dc9e215318
remove unused code / add option
2020-03-26 16:05:56 -05:00
f191eb00c9
add command stager
2020-03-26 16:05:56 -05:00
9954fae7ff
Update pandora_ping_cmd_exec.rb
2020-03-23 21:44:33 +03:00
b1fb946533
Update modules/exploits/linux/http/pandora_ping_cmd_exec.rb
...
Co-Authored-By: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2020-03-23 17:29:23 +03:00
8ba7b05eb7
Update modules/exploits/linux/http/pandora_ping_cmd_exec.rb
...
Co-Authored-By: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2020-03-23 17:27:00 +03:00
98fdcedf40
Apply suggestions from space-r7 code review
...
Co-Authored-By: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2020-03-23 14:08:12 +01:00
88ea6b527a
Apply suggestions from code review
...
Co-Authored-By: bcoles <bcoles@gmail.com >
2020-03-23 09:48:00 +01:00
4e81b7b969
Fix indent
2020-03-21 16:12:23 +01:00
58780c6db9
Update Unraid 6.8.0 exploit module
...
- Changed exploit name
- Set Privileged to true
- Better error handling
- Typo fixes
2020-03-21 11:44:35 +01:00
401e000892
Add Unraid auth bypass to RCE exploit
...
Unraid is an operating system for personal and small business use that
brings enterprise-class features letting you configure your computer
systems to maximize performance and capacity using any combination of
applications, VMs, storage devices, and hardware.
This module exploits an authentication bypass vulnerability that leads
to remote code execution as root.
2020-03-20 15:13:54 +01:00
5ccda4b567
Added Pandora FMS 7.0NG exploit
...
Pandora FMS (for Pandora Flexible Monitoring System) is software for
monitoring computer networks. Pandora FMS allows monitoring in a visual
way the status and performance of several parameters from different
operating systems, servers, applications and hardware systems such
as firewalls, proxies, databases, web servers or routers.
This module exploits a vulnerability found in Pandora FMS 7.0 NG and lower.
The vulnerability exists on the `net_tools.php` component, due to the insecure
usage of the `system()` PHP function.
2020-03-19 22:50:00 +03:00
922f1ec708
Land #12901 , add Centreon poller rce
2020-03-17 12:16:29 -05:00
2717683825
change message
2020-03-17 12:15:06 -05:00
98f4642c2d
remove comments / check
2020-03-17 10:33:12 -05:00
5d9d3926e4
Land #13066 , add rConfig 3.9 RCE module
2020-03-16 11:18:59 +00:00
0efe53d869
fix somes code review comments.
2020-03-15 13:30:23 +04:00
ff2421163b
Fix Travis-CI errors
2020-03-13 10:42:40 +01:00
5bbabd6f2a
Add tips to description.
2020-03-13 10:03:27 +01:00
7874308fae
Last typo fixes. No priv required on webapp.
2020-03-13 09:18:50 +01:00
a8e881452b
Add greetz to my colleagues who tested this module
2020-03-13 06:42:48 +01:00
885c8b8a56
Fix formatting issues, and add EDB link for SQLi
2020-03-12 16:17:53 +01:00
e6b9610841
Update modules/exploits/linux/http/rconfig_ajaxarchivefiles_rce.rb
...
Co-Authored-By: acammack-r7 <adam_cammack@rapid7.com >
2020-03-12 15:59:09 +01:00
2cac8f4e3a
Update modules/exploits/linux/http/rconfig_ajaxarchivefiles_rce.rb
...
Co-Authored-By: acammack-r7 <adam_cammack@rapid7.com >
2020-03-12 15:58:38 +01:00
William Vu