d750ea19eb
Fixes store_valid_credential conditional logic for unix/webapp/wp_admin_shell_upload module
2024-03-21 12:22:11 +00:00
094d6ee36b
Add additional reliability and stability notes to modules
2024-01-22 23:29:57 +00:00
1ba704b1cb
Land #18398 , Update deprecated report_auth_info in various modules
2024-01-16 19:30:56 +00:00
9ce3fdc557
added empty line after guard clause
2023-11-09 22:23:27 +00:00
4919291ec8
Update modules/exploits/unix/webapp/zoneminder_snapshots.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2023-11-09 23:21:39 +01:00
21340d0fd8
Update modules/exploits/unix/webapp/zoneminder_snapshots.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2023-11-09 23:21:26 +01:00
87cb12731e
Update modules/exploits/unix/webapp/zoneminder_snapshots.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2023-11-09 23:20:57 +01:00
e4005feb30
Update modules/exploits/unix/webapp/zoneminder_snapshots.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2023-11-09 23:20:33 +01:00
110cea8cc9
Update modules/exploits/unix/webapp/zoneminder_snapshots.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2023-11-09 23:20:17 +01:00
469d33f31c
Added some CMDStagerFlavors
2023-10-13 08:49:18 +00:00
2dae0a2398
moved token-check outside of get_csrf_magic
2023-10-12 15:09:10 +00:00
2c757bc85b
Refactoring
2023-10-12 14:37:58 +00:00
58f9a39f72
replaced custom timer with rex::stopwatch
...
updated documentation
2023-10-12 11:46:56 +00:00
e0dd5117aa
added platform=linux and changed the payload to a fetch-payload
2023-10-12 11:12:32 +00:00
f0862d4d76
Refactoring
2023-10-06 23:02:17 +00:00
2f23d53e90
Exploit module for CVE-2023-26035
...
This commit adds a exploit module for an unauthenticated remote
code execution vulnerability in Zoneminder.
This exploit allows to choose between dropper and in-memory
payloads and works reliable.
2023-10-06 16:47:30 +00:00
203470302a
Remove deprecated report_auth_info method call from vbulletic_vote_sqli_exec module
2023-09-24 22:20:35 +05:30
db853f9a68
Land #17711 , SPIP unauth RCE module
...
This module exploits a publically accessible endpoint in
SPIP that results in code execution in the context of the
user running the webapp (CVE-2023-27372).
2023-04-17 15:30:03 -04:00
a4e1952da3
Add a module for the latest SPIP vuln
2023-04-17 13:41:03 -04:00
e004be00fe
Converted to Active Support
2023-04-05 16:53:01 +01:00
c3a7da54d5
reduces code duplication
2023-04-04 10:27:11 +01:00
40e6917b7f
tests passing
2023-04-04 10:24:09 +01:00
d04c8e1bce
Update broken secunia references
2023-03-23 10:43:57 +00:00
0e72307d36
aerohive_version_fix
2022-10-27 13:33:18 +03:00
06aefb630a
string true to bool true
2022-10-03 19:50:04 -04:00
b56242c7a2
enable MeterpreterTryToFork by default for aerohive_netconfig_lfi_log_poison_rce
2022-07-01 06:15:13 -04:00
3f06e237b7
Correctly format the notes sections
2022-06-10 14:01:57 +01:00
dd0b124e84
fix typo in docs, check some responses
2022-05-04 17:28:37 -05:00
115dad7193
Why do i keep forgeting that res can be nil
2022-05-04 20:23:42 +07:00
10c1c75337
Fail the exploit when the target is not Zoneminder but the user enable the ForceExploit
2022-05-04 20:13:40 +07:00
54f6e270fe
Make sure the target is a Zoneminder before parse the version, and check if the version is not nil
2022-05-04 20:02:37 +07:00
4c231ba226
Apply suggestions from code review
...
Remove unnecessary check for content-type response
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2022-05-04 16:37:20 +07:00
8408f28967
checking status code response for successful exploitation
2022-05-03 20:47:36 +07:00
c582f4277f
res can be nil due to a timeout or other reason
2022-05-03 20:09:58 +07:00
4e6dddd735
Fail if the response is nil or the body is blank
2022-05-03 19:41:06 +07:00
a1dcbb8004
Make sure the response content-type is json before parsing
2022-05-03 19:31:38 +07:00
b4733afe2c
Modify cookie jar, login and responses
...
- use keep_cookies instead of grabbing and set manually
- separate login code to its own method
- check response is not nil before calling get_html_document method
- clear cookie jar in exploit method and authenticate if user disable AutoCheck option
2022-05-03 17:54:59 +07:00
4e2328fc89
Return safe checkcode when authentication failed to benefit from autocheck module
2022-04-30 03:45:06 +07:00
dbc49c67e6
Use nokogiri over regex to parse csrf_magic value
2022-04-30 03:16:37 +07:00
538e3569f4
No need to use rescue block on check method for supported ruby version
2022-04-30 03:12:27 +07:00
a7670b1bfe
Fix Inconsistent indentation detected.
2022-04-30 01:46:13 +07:00
f1f0ec5435
Apply suggestions from code review
...
Remove RPORT option and rescue block
Co-authored-by: Jeffrey Martin <jeffrey_martin@rapid7.com >
2022-04-30 01:18:56 +07:00
e27627fbbf
Assign check result to an instance variable
2022-04-29 23:01:15 +07:00
ae23be355b
Remove rand method
2022-04-29 22:34:34 +07:00
328448e8d4
Get current language before resetting it
2022-04-29 20:52:58 +07:00
7816ffb7c3
Remove checkcode in exploit method and use fail_with instead, no need to use rand method
2022-04-29 19:45:51 +07:00
e58fff1ac3
Remove fail_with in check method and return both checkcode and message instead of print
2022-04-29 19:36:36 +07:00
7c371b65ee
Add Zoneminder Language rce module
2022-04-28 20:59:53 +07:00
d5373a7278
Removed redundant cleanup calls which exploit_driver will call anyway
2022-03-11 12:08:51 +11:00
9761d68c19
Rename stop_service to cleanup_service for services that use reference counting
2022-03-10 10:28:25 +11:00
cgranleese-r7