97caca4f6e
Update modules/exploits/multi/http/dotcms_file_upload_rce.rb
...
Co-authored-by: cdelafuente-r7 <56716719+cdelafuente-r7@users.noreply.github.com >
2022-06-01 10:54:02 -04:00
bea4207c62
Land PR #16607 - MyBB RCE Module (CVE-2022-24734)
...
This exploit module leverages an improper input validation
vulnerability in MyBB prior to 1.8.30 to execute arbitrary
code in the context of the user running the application.
2022-05-31 11:59:53 -04:00
7f89e92da3
add more informations about
2022-05-31 00:12:30 +04:00
2c02a607ee
Responded to PR feedback
2022-05-30 14:46:54 -04:00
97921b4ed9
fix chmod 644
2022-05-30 22:11:35 +04:00
dfc226cf5f
add. Supposed 0day MSWord RCE
2022-05-30 21:23:18 +04:00
b996f5ee49
Fixes from code review
2022-05-30 16:24:18 +02:00
5f5444936f
Land #16488 , Windows Task Scheduler Mixin
2022-05-25 12:37:03 -04:00
52a8191821
Fix vss_persistence module and remove Windows 7 target
2022-05-25 13:11:34 +02:00
1524020643
Use moved_from to deprecate the module
2022-05-24 09:16:30 -04:00
1f304ef2c4
Add module exploit for MyBB RCE - CVE-2022-24734
2022-05-23 17:27:20 +02:00
3afb9b2ffe
dotCMS file upload to RCE module
2022-05-20 15:57:22 -04:00
4f4287eb6b
Module working on linux
2022-05-19 09:37:48 -04:00
5fd18ef864
Fixes from review
2022-05-19 14:54:07 +02:00
7992cb2072
Update vss_persistenceand persistence_exe modules to includes
...
changes in `TaskScheduler` mixin
2022-05-17 14:52:47 +02:00
14cd7bc335
Add task scheduler mixin and update persistence_exe and vss_persistence modules
2022-05-17 14:52:47 +02:00
02e7a65b93
Just move the auxiliary module into an exploit
2022-05-16 17:44:31 -04:00
d278ad9be1
Add the printnightmare exploit
2022-05-16 14:56:46 -04:00
19a9ff1198
Update a couple of modules for the new SMB server
2022-05-16 14:39:45 -04:00
b79b550d6c
Centralize the log adapter
...
This should eventually be updated to map the levels to the framework
logger and appropriate module-print_* function.
2022-05-16 14:39:45 -04:00
475f6eee8c
Capture hash when serving files over SMB
2022-05-16 14:39:44 -04:00
0196b6fa75
Land #16555 , move duplicated retry_until_truthy code into centralized location
2022-05-16 18:31:57 +01:00
133b9e307a
Land #16563 , Zyxel Firewall Unauthenticated Command Injection (CVE-2022-30525)
2022-05-13 18:55:30 -05:00
2eb31cf765
Add in edits from review
2022-05-13 15:32:12 -05:00
1aceb71971
Rename the function to emphasize truthy
2022-05-13 09:16:01 -04:00
6a1fe27406
Land #16442 , add vars_form_data to the HTTP client
2022-05-13 10:53:16 +01:00
23f8a0b915
Added Zyxel advisory. Added AKB reference. Used xpath as requested.
2022-05-12 07:17:37 -07:00
f3b23c072f
Added a reference to Rapid7 disclosure
2022-05-12 06:33:27 -07:00
24fa9aabe0
Fixed privilege flag. Swapped 'exploit' for 'command' in a couple of places
2022-05-12 06:24:33 -07:00
4af93ecfe2
Updated affected
2022-05-12 03:22:21 -07:00
617b4ae044
Initial commit of Zyxel unauth command injection (CVE=2022-30525)
2022-05-12 01:43:59 -07:00
93334b56ef
Properly credit Azeria and also include blog post at her request
2022-05-11 18:43:27 -05:00
8dbd6f3334
Change default target to 1 so we get benefit of avoiding some timeout issues since Unix Command may still cause server's REST API to time out at times.
2022-05-11 16:43:37 -05:00
196aac6b42
Add in PrependFork and MeterpreterTryToFork options as default to fix timeout issues and potential failure cases due to server not responding
2022-05-11 16:43:36 -05:00
27169c4ae1
Add in missing CmdStager library, add some more attribution, and add in PoC link
2022-05-11 16:43:36 -05:00
6354d7a055
Redo explanation of exploit in documentation to appropriately account for various nuances. Also update exploit title and description accordingly.
2022-05-11 16:43:36 -05:00
1bc2616c19
Update modules/exploits/linux/http/f5_icontrol_rce.rb
...
Co-authored-by: wvu <4551878+wvu@users.noreply.github.com >
2022-05-11 16:43:13 -05:00
208367d735
Improved check method reliability
...
Extra modifications:
- Promote advanced options HttpUsername and HttpPassword
- password is not really necessary, but if one have credential, can
use this module as an exec
- Fixed print statement on check
- Splitted execute_command in two, because we also send a command on the check
methods, however we don't need the checks that are in the execute_command
2022-05-11 16:43:12 -05:00
55163b86d6
Improvements
...
- Change module name and description
- Added author from the PoC
- Added reference
- Added payloads, targets and notes
- Removed headers used during the tests
2022-05-11 16:43:11 -05:00
77f60eb21e
Added module and documentation for f5 icontrol RCE (CVE-2022-1388)
2022-05-11 16:43:00 -05:00
05fcbd803e
Add a new Retry mixin
2022-05-11 15:41:37 -04:00
e4f42d7eaa
Update more modules to use the vars_form_data api
2022-05-11 18:18:21 +01:00
1c934b87b4
Land #16169 , Add sploit for Cisco RV340 SSL VPN - CVE-2022-20699
2022-05-11 10:15:08 -05:00
68fdb103fe
Add in final touch ups to documentation to fix a typo or two for formatting. Also update exploit ranking since this exploit doesn't retrieve version information before exploiting and is not 100% reliable so Excellent ranking isn't appropriate
2022-05-11 09:39:47 -05:00
b920c04b75
Land #16548 , Add Powershell Command Adapter
2022-05-10 16:47:57 -05:00
d5fb559e05
Land #16485 , Allow all post-Vista builds
2022-05-10 10:32:09 -04:00
92715c883f
Land #16423 , Add module for exploit CVE-2022-22965
...
Merge branch 'land-16423' into upstream-master
2022-05-10 08:44:06 -05:00
94e1ad3fe5
Update form data api defaults
2022-05-10 14:12:17 +01:00
dd5aee4956
Increase the size of psexec commands
2022-05-09 11:55:57 -04:00
4ad4ca32e8
Fix test alignment
2022-05-09 16:51:20 +01:00
jheysel-r7