67c60c9c5f
Specify the vulnerable version
2022-07-08 10:27:25 -07:00
bcd4b6e49f
Better name
2022-07-08 10:26:09 -07:00
9685bc4bc3
Use flat_map instead of map().flatten
2022-07-08 10:25:10 -07:00
134ce0d7bd
Make the FTP server more realistic, and remove Timeout
2022-07-08 10:21:58 -07:00
46b5092be4
Make Rubocop happy, and improve error handling
2022-07-07 16:07:10 -07:00
3a9feac1cf
Finish up the first draft of the module, which seems to work decently
2022-07-07 14:22:37 -07:00
966d469aa5
Continuing cleanup
2022-07-07 12:57:34 -07:00
f9664575c5
Working payload
2022-07-07 10:57:41 -07:00
d785e90bd9
Get the full exploit working, except for a hardcoded payload
2022-07-07 09:58:07 -07:00
fa8d109f65
Add the incomplete version of CVE-2022-28219 module to msf
2022-07-06 15:57:13 -07:00
bbbec267b6
exploits: Set tftphost option for modules which use Windows TFTP stager
2022-06-29 19:10:52 +10:00
bf1f786813
Title case the target name
2022-04-20 15:22:07 -04:00
aba48a6905
Improve JSON cleanup, fix jjs specific wording, and moved JJS_PATH to defaultoptions
2022-04-20 06:27:43 -07:00
ae54c8c3d9
Initial implementation of authenticated RCE against ManageEngine ADSelfService Plus (CVE-2022-28810)
2022-04-19 10:33:54 -07:00
1bfc0feedb
Remove default options from HttpUsername and HttpPassword as blank strings are still considered setting the option when it comes to OptString, and this leads to falsely assuming the strings are set by the user when they are not
2022-03-17 11:29:06 -05:00
6ee0ef0c8a
Add in appropriate warning message in case we hit a snag, might help people out who hit a similar issue. Issue is highly tempermental and sometimes goes away for no reason so its hard to pin down but logging in this way should help. I tried doing things manually in code but it didn't seem to help and I don't want to block the code from working on something like this.
2022-03-17 11:29:05 -05:00
ce062973cb
Make changes from review process, redo code for module to make it make less requests, and generally improve overal operations.
2022-03-17 11:29:05 -05:00
1f53e9d1c4
Rubocop and fix a mistake on commenting too much of the code out from testing
2022-03-17 11:29:00 -05:00
269cd5cfed
Add in Exchange Version mixin and module example
2022-03-17 11:28:53 -05:00
9761d68c19
Rename stop_service to cleanup_service for services that use reference counting
2022-03-10 10:28:25 +11:00
544f8e161a
Land #16164 , Create Module For CVE-2021-42321
2022-02-24 11:36:12 -05:00
6d325933a9
Remove the default payload options
2022-02-24 10:55:38 -05:00
fddd3f15c2
Fix up code so that it will not block on attempting to delete the configuration on the folder, just in case the configuration doesn't exist in the first place. Instead print a warning and continue.
2022-02-22 17:52:29 -06:00
d5ba1afbec
fix URLs not resolving
...
fix URLs not resolving
add csv export to references
fix URLs not resolving
pdf not pd
missed a url change
remove extra recirectedfrom fields
remove extra file
fix ovftool url accidental replacement
2022-02-16 17:22:40 -06:00
6700ed7f3c
Update module to use built in error handling within send_request_cgi vs doing it ourselves
2022-02-15 18:18:53 -06:00
a7ace66b3f
Use send_request_cgi and update options to use HttpUsername and HttpPassword accordingly. This simplifies code. Also update documentation accordingly
2022-02-14 18:19:00 -06:00
c49591cf11
Add in changes to use targets array as per Spencer's suggestion so we can now spawn Meterpreter shells. Also remove ACCOUNT_LOCKOUTS and fix a call that should have been .get_xml_document
2022-02-14 17:38:10 -06:00
058bb33458
Merge me. More Rubocop updates
2022-02-11 17:28:16 -06:00
1a3f161ec0
Remove extra comments, randomize an additional parameter, update target section with affected versions
2022-02-11 17:26:42 -06:00
862b057277
Fix up RuboCop issues
2022-02-11 14:18:25 -06:00
4c1b2478fa
Add in exploit and documentation
2022-02-11 13:58:56 -06:00
5431d3d0f6
Add in initial check method code
2022-02-09 20:12:41 -06:00
09d6b1388c
fix kaseya links
2022-01-13 18:47:11 +00:00
4cd83b5e72
Add ManageEngine ServiceDesk Plus CVE-2021-44077
2021-12-23 12:27:57 -06:00
344bdacae4
Remove preferred payload
...
We'll add it back to Framework later.
2021-11-24 10:44:59 -06:00
e8e5467b70
Credit mr_me for keytool classloading technique
...
Confirmed. :)
2021-11-23 20:12:05 -06:00
3702615003
Improve check precision by matching more stuff
2021-11-23 19:05:09 -06:00
e2cf3e6706
Clarify working directory for FileDropper
2021-11-23 19:05:09 -06:00
2f1bfa738a
Add ManageEngine ADSelfService Plus CVE-2021-40539
2021-11-23 19:05:09 -06:00
9023c61ac8
Land #15851 , User Agent Refresh
2021-11-17 15:08:52 -06:00
7e01e33e51
Make the XML generation into a function that accepts an argument and do further cleanup to simplify the code around this
2021-11-11 23:56:11 -06:00
8d55b16ade
Fix one more mistake and rename document and module to a more easy to find name
2021-11-11 16:42:58 -06:00
be4fa90f1a
Fix up wvu's review comments
2021-11-11 14:39:40 -06:00
9d6f0a0eb2
Update XML to reduce it to the bare minimum needed to get the exploit working. Possible I could do more but in my tests it seems everything in here now is needed
2021-11-10 16:25:08 -06:00
27310dc002
Add in exploit and documentation for CVE-2021-42237
2021-11-10 15:52:22 -06:00
527057c700
Updated user agent strings in some modules where it shouldn't impact exploitability
2021-11-10 11:12:38 +11:00
28eab4d871
Add Meterpreter compatibility metadata
2021-10-06 13:54:51 +01:00
56cd43a8b8
Land #15624 , Add module for CVE-2020-27955
2021-09-15 14:54:19 -04:00
1bd3a764a6
Fixup issues from testing
2021-09-14 16:32:25 -04:00
46718e3390
Run Rubocop layout rules on modules
2021-09-10 12:53:39 +01:00
Ron Bowes