e5c0259723
Add CREATE_BREAKAWAY_FROM_JOB flag to source files related to DLL generation, update the exploit source to denote how to clean up in case the payload can't clean up
2022-03-23 19:38:32 -05:00
b1ce05f97c
Add in updated Ruby code and also update the DLLs and prepend_migrate.rb to use the CREATE_BREAKAWAY_FROM_JOB flag with CreateProcess to break away from the job if the job has the JOB_OBJECT_LIMIT_BREAKAWAY_OK limit set to allow breakaway jobs
2022-03-23 17:47:25 -05:00
715082a960
Update exploit and module with new delay timing and latest copy of DLL
2022-03-21 12:05:48 -05:00
bbf9e3163a
Fix file reads on Windows for binary files
2022-03-21 12:47:39 +00:00
1bfc0feedb
Remove default options from HttpUsername and HttpPassword as blank strings are still considered setting the option when it comes to OptString, and this leads to falsely assuming the strings are set by the user when they are not
2022-03-17 11:29:06 -05:00
6ee0ef0c8a
Add in appropriate warning message in case we hit a snag, might help people out who hit a similar issue. Issue is highly tempermental and sometimes goes away for no reason so its hard to pin down but logging in this way should help. I tried doing things manually in code but it didn't seem to help and I don't want to block the code from working on something like this.
2022-03-17 11:29:05 -05:00
ce062973cb
Make changes from review process, redo code for module to make it make less requests, and generally improve overal operations.
2022-03-17 11:29:05 -05:00
1f53e9d1c4
Rubocop and fix a mistake on commenting too much of the code out from testing
2022-03-17 11:29:00 -05:00
269cd5cfed
Add in Exchange Version mixin and module example
2022-03-17 11:28:53 -05:00
b4de9fa92a
Land #16344 , Add module for CVE-2022-21999 and More Railgun Definitions
...
Merge branch 'land-16344' into upstream-master
2022-03-16 08:37:05 -05:00
381b91de45
change wording in arch check
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2022-03-15 16:45:36 -05:00
e96ec401bf
add arch check, fix logic error, add aka note
2022-03-15 12:58:39 -05:00
99664efed7
use full user name, add test output to docs
2022-03-14 09:15:36 -05:00
a62ca2259e
Land #16316 , deref services correctly
2022-03-11 12:08:42 +00:00
1349a7c486
More redundant cleanup calls
2022-03-11 12:22:27 +11:00
07e6eef201
rename module, modify check
2022-03-10 17:02:58 -06:00
bc9f64f043
use default printer in case target is server
...
clean up code, add EnumPrinters definitions
2022-03-10 16:45:20 -06:00
9761d68c19
Rename stop_service to cleanup_service for services that use reference counting
2022-03-10 10:28:25 +11:00
3b524360ed
Explicitly specify server/client versions, fix logger crash, and specify jtr format
2022-03-09 01:37:22 +00:00
22f88f9ab7
Add docs
2022-03-08 23:52:24 +00:00
53772fa366
Gracefully handle relay host timeout, fix typos, and move SMBHashCapture location
2022-03-08 23:52:24 +00:00
bcb0850e07
Rename SMBHOST
2022-03-08 23:52:23 +00:00
144fc5eddf
Add smarter targetlist support
2022-03-08 23:52:23 +00:00
25265c7a7b
Linting
2022-03-08 23:52:23 +00:00
3e68e298a1
Add targets
2022-03-08 23:52:23 +00:00
e02021ee91
Fix database cred reporting and error handling
2022-03-08 23:52:23 +00:00
507b1dab2b
Apply PR feedback
2022-03-08 23:52:22 +00:00
b4fe2502aa
Update smb_relay to support smb 2 and smb3
2022-03-08 23:52:22 +00:00
aa87d5d387
add fixed definitions and exploit
2022-03-04 15:56:28 -06:00
3f35524c61
Rubocop fixes
2022-03-03 13:02:55 -06:00
f0878f4d1a
Improve check method and add autocheck
2022-03-03 12:52:05 -06:00
40bb5e2afa
correct return val for definition, add module
2022-02-25 18:13:49 -06:00
b69db83398
Land #16202 , Add exploit for CVE-2022-21882 (Win32k LPE)
...
Merge branch 'land-16202' into upstream-master
2022-02-25 15:55:48 -06:00
544f8e161a
Land #16164 , Create Module For CVE-2021-42321
2022-02-24 11:36:12 -05:00
2b0002031d
Fix the minimum build number
...
This particular change looks like a mistake. Build 17134 (v1803) is the
oldest that is supported.
2022-02-24 11:24:20 -05:00
6d325933a9
Remove the default payload options
2022-02-24 10:55:38 -05:00
fddd3f15c2
Fix up code so that it will not block on attempting to delete the configuration on the folder, just in case the configuration doesn't exist in the first place. Instead print a warning and continue.
2022-02-22 17:52:29 -06:00
5fb3dc1d8e
add printer create / spooler settings logic
2022-02-18 17:51:24 -06:00
443bf1249a
Remove all the old CVE-2021-1732 data
2022-02-18 15:25:39 -05:00
bcd7cb1122
Writeup the module metadata and docs
2022-02-18 15:23:44 -05:00
d92259f868
One exploit for CVE-2021-1732 and CVE-2022-21882
2022-02-18 15:23:38 -05:00
6d94a316cf
Add packet fragmentation to ShadowMitmDispatcher
...
The ShadowMitmDispatcher now supports arbitrary size packets. The
ShadowMitmDispatcher now supports SMB3. The ShadowMitmDispatcher no
longer interferes with existing sessions.
2022-02-18 17:05:37 +09:00
0781e90ca2
add struct processing logic
2022-02-17 19:03:32 -06:00
d5ba1afbec
fix URLs not resolving
...
fix URLs not resolving
add csv export to references
fix URLs not resolving
pdf not pd
missed a url change
remove extra recirectedfrom fields
remove extra file
fix ovftool url accidental replacement
2022-02-16 17:22:40 -06:00
6700ed7f3c
Update module to use built in error handling within send_request_cgi vs doing it ourselves
2022-02-15 18:18:53 -06:00
604361b59d
Update hp_dataprotector_cmd_exec.rb
...
64 bit payloads
2022-02-15 18:03:13 +00:00
a7ace66b3f
Use send_request_cgi and update options to use HttpUsername and HttpPassword accordingly. This simplifies code. Also update documentation accordingly
2022-02-14 18:19:00 -06:00
c49591cf11
Add in changes to use targets array as per Spencer's suggestion so we can now spawn Meterpreter shells. Also remove ACCOUNT_LOCKOUTS and fix a call that should have been .get_xml_document
2022-02-14 17:38:10 -06:00
058bb33458
Merge me. More Rubocop updates
2022-02-11 17:28:16 -06:00
1a3f161ec0
Remove extra comments, randomize an additional parameter, update target section with affected versions
2022-02-11 17:26:42 -06:00
Grant Willcox