4624031aec
Remove errant puts
2022-10-25 10:21:47 -07:00
4979c0b74f
Add a check to the cve-2022-30333 module for Zimbra that aborts before generating artifacts if the server cannot be reached
2022-10-25 10:05:16 -07:00
3d8e18c1cb
updated module with code suggestions space-r7
2022-10-25 16:38:15 +00:00
982cfb97c2
Refactor: check for THEME_DIR as ternary
...
Suggested by @space-r7
2022-10-25 17:38:30 +02:00
3e78229fc0
updated module and documentation
2022-10-25 13:33:52 +00:00
9902e9a1e4
Land #17110 , check files exist before doing other things
...
Merge branch 'land-17110' into upstream-master
2022-10-24 14:20:16 -05:00
d6f27a8a71
Used vuln to remove test webshell in check method
2022-10-24 14:17:21 -04:00
3bf4bd7d7d
Land #17162 , add RCE module for CVE-2022-35914
...
This PR adds an RCE module for the php code injection
present in GLPI versions 10.0.2 and below
2022-10-24 12:18:34 -04:00
3bbd05a11a
Update modules/exploits/linux/http/glpi_htmlawed_php_injection.rb
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2022-10-24 11:48:33 -04:00
1c393dc596
init commit module and documentation
2022-10-21 12:50:46 +00:00
08721ccf73
Adding THEME_DIR option to wp_crop_rce exploit
2022-10-20 16:37:21 +02:00
4cfbae63ac
Land #17114 , Add exploit for CVE-2022-41352 (zimbra cpio)
2022-10-20 15:10:42 +02:00
11936affd1
Rubocop
2022-10-19 22:07:50 -04:00
b60b440697
Check method improvement
2022-10-19 22:03:43 -04:00
6039e54b75
For real, this time
2022-10-19 17:23:16 -05:00
78e8de826b
Sure; I can spell
2022-10-19 17:22:29 -05:00
238aa9058f
Fix Cmdstager flavor, complete info hash
2022-10-19 17:18:20 -05:00
56b8bf6302
Working draft for CVE-2022-35914
2022-10-19 14:33:33 -05:00
56d6f7747b
Remove some old code and update documentation with version info
2022-10-19 10:02:29 -07:00
15d81ca04c
Land #17135 , Add namespace to identify.rb
2022-10-19 10:48:25 +02:00
c43272985e
Land #17141 , Zimbra Postfix priv esc
2022-10-19 10:33:37 +02:00
9a35a5c8dd
Post patch info
2022-10-18 10:12:54 -07:00
6bdf0da994
Add a sanity check before generating the payload - prevents a confusing error if the server is down
2022-10-18 10:09:51 -07:00
1804e5ab60
Update modules/exploits/linux/http/fortinet_authentication_bypass_cve_2022_40684.rb
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2022-10-18 00:51:28 +02:00
dea3f72f6b
Resolve feedback - get rid of unnecessary directory, add CVE number, let the user choose the path
2022-10-17 15:00:56 -07:00
1e50ba3415
Move to Hashes module, address requested changes
...
Fix rubocop
Move identify to hashes module up one layer, use full reference to identify_hash instead of full include
Fix SMTP require
Remove hashes require statement
Remove hashes require statement
Remove hashes require statement
Remove hashes require statement
Address remaining requested changes, reference constants directly
Add all the missing direct references
Co-Authored-By: Jeffrey Martin <jeffrey_martin@rapid7.com >
2022-10-17 17:28:31 -04:00
8b5223f53b
Modularize Identify, Update referenced use cases
...
Modularize Identity.rb
Include new module style Identify
Update juniper.rb
Fix inadvertent change
Add new module to identify spec
Put the require back
Put back require line for juniper
2022-10-17 17:28:30 -04:00
67bd118dd5
Update modules/exploits/linux/http/fortinet_authentication_bypass_cve_2022_40684.rb
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2022-10-17 22:49:48 +02:00
7cdf8e181f
Update modules/exploits/linux/http/fortinet_authentication_bypass_cve_2022_40684.rb
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2022-10-17 22:49:34 +02:00
05b80631f3
update remote mouse version checks
2022-10-17 15:30:17 -04:00
08deb21ae3
update remote mouse version checks
2022-10-17 15:29:10 -04:00
b3a0d70688
Added prefer admin
...
- One can now say whether the auto-detect user method should prefer to return the admin or other random one.
2022-10-17 15:16:16 +02:00
5d99428c1d
Changed SSH key algorithm and fix bug on cleanup
...
- Prefer to use EC over RSA, only because it is smaller
- When there was no previous ssh key for such user the cleanup method was trying to overwrite the one on the index 0
2022-10-17 14:40:51 +02:00
71a1c60d49
Sticking to the striced needed
...
The port in the Forwarded HTTP header can be random.
2022-10-17 13:01:13 +02:00
422675a0c0
Fixed code-style offenses
2022-10-17 01:08:57 +02:00
6140f0bc4d
Added method to auto-detect target user
2022-10-17 00:44:46 +02:00
9241c515d7
Try to cleanup only if there was ssh connection
2022-10-16 18:50:39 +02:00
6cfb277c90
Added cleanup method
2022-10-16 15:09:45 +02:00
45149c144c
Code cleanup and ssh key password
...
- cleaned up some unecessary code
- add option to the user set an encrypted custom ssh key
2022-10-16 13:32:25 +02:00
95b1bffdea
Do not overwrite the first two keys
2022-10-15 19:04:53 +02:00
47f6971651
It is working but need some improvements
2022-10-15 04:10:12 +02:00
a2a2dcbf6f
Check in zimbra_postfix_priv_esc.rb
2022-10-14 13:21:41 -07:00
31404116a5
Rename module
2022-10-14 22:19:43 +02:00
f643bba09a
Added module for CVE-2022-40684
2022-10-14 18:36:18 +02:00
a3e32ffafa
Add TARGET 0 to documentation
2022-10-12 20:00:33 -05:00
e9f54aa5b8
Update documentation with better wording, and add randomization of parameter name to module along with cleanup code for deleting uploaded files
2022-10-12 19:16:52 -05:00
44271c529f
Update code to include defaults that work with standard application
2022-10-12 19:16:52 -05:00
9652823393
Reverted check method to upload shell
2022-10-12 19:16:44 -05:00
f6a36a432c
Shortened shellcode
2022-10-12 19:16:43 -05:00
ffd1d00991
Updated WEBSHELL_NAME option description
2022-10-12 19:16:36 -05:00
Ron Bowes