2f023f7315
Update modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2023-12-29 14:50:47 +01:00
ce43db0904
Fix TBDs and give better documentation.
2023-12-21 16:18:36 -06:00
6f17088e33
Fix some linting
2023-12-20 16:44:49 -06:00
3ac9c0c38a
Patch in the theme version to the MSStyles file
2023-12-19 17:05:01 -05:00
5de0e4e234
Update modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2023-12-13 14:30:00 +01:00
52a23e3afb
Update modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2023-12-13 14:29:49 +01:00
95eb4cc304
Pull in changes from Spencer's branch, but not the Gemfile changes.
2023-12-12 10:09:13 -06:00
3534181067
rename file
2023-12-12 10:09:13 -06:00
d3b0c538a1
Probably need to figure out how to get the requested filename....
2023-12-12 10:09:13 -06:00
62d3cfa72d
Still not working, but closer
2023-12-12 10:09:13 -06:00
ce55c1cd78
Fix silly file name disagreement
2023-12-12 10:09:13 -06:00
486f42896f
Non-Working Draft Module
2023-12-12 10:09:13 -06:00
cf24bca946
Add smb session support to smb_relay module
2023-12-12 11:59:07 +00:00
83dccfafaf
added retry_until_truthy and sensor deletion upon payload running
2023-12-07 15:16:42 +01:00
152056b001
DRY up post mixin/optional session
2023-12-04 17:55:15 +00:00
cd8cc75cf3
Add smb session type
2023-12-04 17:55:11 +00:00
2718c078d2
removed WfsDelay
2023-12-01 10:15:55 +01:00
d26db0b1dd
changed datastore['TARGETURI'] to target_uri.path
2023-12-01 10:15:13 +01:00
26e7807154
updated URI to TARGETURI
2023-12-01 10:09:06 +01:00
9105966b20
Fixed debug string
2023-12-01 10:07:28 +01:00
7307c9810b
Use the new style of Windows version detection
...
This will become more important once the Windows Meterpreter returns a
more accurate string for the sysinfo OS field.
2023-11-28 14:35:26 -05:00
7dbd938e3b
fixed linting with rubocop and msftidy.rb
2023-11-27 18:44:10 +01:00
3ffeef36f6
Update modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2023-11-27 11:48:50 +01:00
ebc18db0ac
Update modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2023-11-27 11:48:12 +01:00
4906ea228d
updated fields to have random values
2023-11-27 09:39:18 +01:00
27b2cdf5b1
Update modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb
...
Remove obsolete slash in normalize_uri parameters
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2023-11-25 13:09:15 +01:00
32380d8a26
Update modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb
...
Remove obsolete slash in normalize_uri parameters
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2023-11-25 13:09:03 +01:00
a04943063e
Update modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb
...
Removes quotes from normalize_uri parameters.
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2023-11-25 13:07:08 +01:00
8c007c0ef7
added exploit for CVE-2023-32781 - PRTG authenticated RCE
2023-11-23 19:28:02 +01:00
c27412a1ac
Land #18494 , Add AjaxPro Deserialization RCE
...
This PR adds a module which leverages an insecure
deserialization of data to get remote code execution
on the target OS in the context of the user running
the website which utilized AjaxPro.
2023-11-02 13:54:17 -04:00
f83f183fe2
Apply Code Suggestions from review
2023-11-03 00:04:20 +08:00
a7e8be4860
Fix code styling to pass msftidy
2023-11-02 10:35:49 +08:00
9f9f18c73f
Apply suggestions from code review
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2023-11-02 10:10:26 +08:00
00ccebe8ce
Upadte documentation for AjaxPro Deserializaion RCE
2023-10-31 13:31:10 +08:00
62f3dafd91
Apply CheckCode message suggestions from code review
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2023-10-31 10:45:58 +08:00
cd3556dd71
Add Exploit for AjaxPro Deserialization RCE (CVE2021-23758)
2023-10-28 00:48:52 +08:00
daa8b8ae99
Use Metasploit-Payloads Crypto to decrypt payloads
2023-10-13 14:42:10 +01:00
b428736e03
Add support for injection of encrypted dll payloads
2023-10-13 14:42:10 +01:00
1b172768b4
Use upstream ruby-mysql in Remote::MYSQL
...
* ... and dependents
2023-10-12 13:08:35 +02:00
8431d11654
leverage Rex::MIME::Message instead of creating the multipart data manualy
2023-10-04 09:39:25 +01:00
ccd8c71ec6
change the payload space to 5000. This allows all the payloads I tested to work but also allows all the 3 gadget chains I tested to work. ClaimsPrincipal and TypeConfuseDelegate will fail if the space is too large.
2023-10-04 09:38:42 +01:00
1be8e0245b
remove the powershell target as the powershell command adapter will handle this for us (thanks Spencer). Increate the space to handle the larger powershell command lines. I tested with cmd/windows/powershell/x64/meterpreter/reverse_tcp and the powershell command length was 4404.
2023-10-03 17:48:37 +01:00
2eacb75feb
Add a reference to the AssetNote blog. Better describe what teh TARGET_URI option is for and why it defaults to /AHT/
2023-10-03 11:17:21 +01:00
1695a12c9c
Explicitly state both the release name (e.g. 2022.0.2) and the version number (e.g. 8.8.2) in a more consistent way.
2023-10-02 17:40:11 +01:00
53ed4a632b
add in exploit module for CVE-2023-40044 - WS_FTP unauthenticated RCE via .NET deserialization.
2023-10-02 11:42:19 +01:00
a4c6b11237
Fix pass by reference bug on the module side
2023-09-27 09:43:32 -05:00
1058291af9
Land #18314 , Windows Error Reporting RCE (CVE-2023-36874)
2023-09-27 15:25:06 +02:00
0b84feaf60
updates from code review
2023-09-26 14:03:31 -05:00
be731f330e
Add error checking and randomize the report directory
2023-09-22 14:43:21 -05:00
03fa034ff5
Actually delete the file I told you to delete
2023-09-20 09:10:51 -05:00
Kevin Joensen