494c9601ca
Land #17222 , Pre-authenticated Remote Code Execution in VMware NSX Manager using XStream [CVE-2021-39144]
2022-11-15 14:16:14 +01:00
e0c693c5a8
add objective-c code and pid code
2022-11-14 17:57:39 -06:00
59535b6799
remove 'is'
2022-11-12 16:19:50 -05:00
70669f3fea
addressed code improvement suggestions
2022-11-12 10:21:43 +00:00
72080910e7
Update modules/exploits/linux/http/vmware_nsxmgr_xstream_rce_cve_2021_39144.rb
...
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com >
2022-11-12 09:22:06 +01:00
85b4512292
Update modules/exploits/linux/http/vmware_nsxmgr_xstream_rce_cve_2021_39144.rb
...
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com >
2022-11-12 09:21:55 +01:00
5d314e5799
Update modules/exploits/linux/http/vmware_nsxmgr_xstream_rce_cve_2021_39144.rb
...
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com >
2022-11-12 09:21:42 +01:00
04d6a310af
Update modules/exploits/linux/http/vmware_nsxmgr_xstream_rce_cve_2021_39144.rb
...
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com >
2022-11-12 09:16:46 +01:00
1ce8695401
Update modules/exploits/linux/http/vmware_nsxmgr_xstream_rce_cve_2021_39144.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2022-11-12 09:16:30 +01:00
e38138d69e
Update modules/exploits/linux/http/vmware_nsxmgr_xstream_rce_cve_2021_39144.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2022-11-12 09:16:17 +01:00
967388eba7
Update modules/exploits/linux/http/vmware_nsxmgr_xstream_rce_cve_2021_39144.rb
...
Agreed !
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2022-11-12 09:15:42 +01:00
8e59cac3a8
add check and exploit methods
2022-11-11 17:56:13 -06:00
639afebe1e
Update module
...
- handle cleanup method on manual `check`
- adjust targets flavour option
- add :win_dropper target and handle the payload delivery
NOTE: the Windows dropper target is still unsuccessfull but keep this for further review
2022-11-09 16:12:20 +07:00
13bb31feeb
Update module
...
- move repository migration to execute_command.
NOTE: the stageless payload is still unsuccessfull but keep this anyway for christophe to review.
2022-11-09 04:52:18 +07:00
bca5138fc8
Update module
...
- move cleanup process to its own method and handle the response
- remove timeout and http delay option
- adjust target type location as code review suggestion
2022-11-09 01:42:27 +07:00
a50cca27e6
remove cookie_jar manipulation
2022-11-09 00:48:23 +07:00
52d867bbc7
follow Ruby coding convetions
...
- combine gitea_version into get_gitea_version for the check method
- validate empty username
2022-11-09 00:41:30 +07:00
f0b67c8812
fix msftidy
2022-11-08 14:14:45 +07:00
540984804d
Apply suggestions from code review
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2022-11-08 14:09:31 +07:00
da189041b4
randomized endpoint url
2022-11-07 08:16:54 +00:00
bf0ed5b513
fixed some typos in documentation
2022-11-05 15:36:42 +00:00
642a83bd0d
Updated module and added documentation
2022-11-05 15:14:31 +00:00
71d1c971a7
init commit module
2022-11-04 13:31:27 +00:00
197b37751b
Land #17174 , add FLIR AX8 command injection module
2022-11-01 12:41:01 -05:00
c4c4e736d9
Land #17142 , Apache CouchDB Erlang RCE module CVE-2022-24706
2022-11-01 12:26:49 -05:00
f61136dd6d
Fixed powershell taget
2022-11-01 10:55:50 -05:00
757c0da639
Review updates
...
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com >
2022-11-01 10:55:20 -05:00
b31c0f6987
Added check method, refactored, updated docs
2022-11-01 10:54:27 -05:00
a0babb354a
Apache CouchDB Erlang module initial commit
2022-11-01 10:54:19 -05:00
c4c2c7c0c1
Beta commit, injection working
2022-11-01 10:54:12 -05:00
45ddcf02c9
Remove unused mix in, add low bound to check
2022-11-01 10:42:43 -05:00
2ed8dbc08d
Rubocop
2022-11-01 10:42:43 -05:00
4587691d64
Fixed module to work over SSL
2022-11-01 10:42:42 -05:00
3b645ad9f4
Moved get variables from uri to vars_get
2022-11-01 10:42:42 -05:00
c810a1f5aa
Update modules/exploits/linux/http/webmin_file_manager_rce.rb
...
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2022-11-01 10:42:42 -05:00
ebf7496ee2
Update modules/exploits/linux/http/webmin_file_manager_rce.rb
...
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2022-11-01 10:42:41 -05:00
0ede1ca94f
Update modules/exploits/linux/http/webmin_file_manager_rce.rb
...
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2022-11-01 10:40:01 -05:00
d79515c3fe
Fix file cleanup
2022-11-01 10:40:00 -05:00
d1e1350ef9
Updated author
2022-11-01 10:40:00 -05:00
ad5b03ed96
Finished TODOs and added docs
2022-11-01 10:40:00 -05:00
9af689e130
draft module no docs
2022-11-01 10:40:00 -05:00
c400a97b63
beta commit
2022-11-01 10:39:59 -05:00
7774b7ddcf
Merge remote-tracking branch 'upstream/master' into merge-6.2.25-master-into-kerberos-feature-branch
2022-10-31 23:15:11 +00:00
3346ddec2c
Land #17155 , Remote mouse version updates
...
Also add a vulnerable download link to the docs
2022-10-27 16:32:23 -04:00
9e7c887347
Land #17187 , update aerohive_netconfig_lfi_log_poison_rce to support 10.0r8
2022-10-27 15:53:03 +01:00
0e72307d36
aerohive_version_fix
2022-10-27 13:33:18 +03:00
9c5d82e00f
Land #17147 , add Vargrant Breakout module
...
This PR adds a module that exploits a default
Vagrant shared folder to append a Ruby payload
to the Vagrant project Vagrantfile config file.
2022-10-26 17:11:03 -04:00
01fa2e1041
Add Vagrant Synced Folder Vagrantfile Breakout module
2022-10-26 17:33:44 +11:00
35e4d829d8
Land #17164 , add THEME_DIR option to wp_crop_rce
2022-10-25 12:23:50 -05:00
7c64b0ba93
add option in documentation and add notes
2022-10-25 12:22:00 -05:00
Christophe De La Fuente