b69db83398
Land #16202 , Add exploit for CVE-2022-21882 (Win32k LPE)
...
Merge branch 'land-16202' into upstream-master
2022-02-25 15:55:48 -06:00
217afa0f3b
Land #16190 , Axis Camera App RCE (No CVE)
2022-02-25 11:35:03 -06:00
1e0db45f1d
Add small note about ARMLE stager for future travelers
2022-02-25 11:34:31 -06:00
2bec5c425f
Change CheckCode to Appears
2022-02-25 08:32:06 -08:00
1facfe4a2f
Alter upload filename.
2022-02-25 02:53:52 -08:00
d055a7d811
Altered some randomization, the json extracted by check, and fixed some wording
2022-02-24 18:48:21 -08:00
48072b6554
Fix rubcop complaint introduced in suggestion commit
2022-02-24 18:28:38 -08:00
454eba2438
Apply suggestions from code review
...
Added changes suggested by @gwillcox-r7
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com >
2022-02-24 21:25:09 -05:00
544f8e161a
Land #16164 , Create Module For CVE-2021-42321
2022-02-24 11:36:12 -05:00
2b0002031d
Fix the minimum build number
...
This particular change looks like a mistake. Build 17134 (v1803) is the
oldest that is supported.
2022-02-24 11:24:20 -05:00
9f05a7d11a
Removed unneeded custom timeout
2022-02-24 08:13:04 -08:00
6d325933a9
Remove the default payload options
2022-02-24 10:55:38 -05:00
3739dad470
Updated to use print_bad instead of fail_with for application removal errors. Also included instructions on how to manually remove the application
2022-02-24 07:44:34 -08:00
e1616a520f
Fixed a couple of typos. Changed a CheckCode. Randomized the replaced tmp file name
2022-02-24 06:38:36 -08:00
fddd3f15c2
Fix up code so that it will not block on attempting to delete the configuration on the folder, just in case the configuration doesn't exist in the first place. Instead print a warning and continue.
2022-02-22 17:52:29 -06:00
4cd3563bc7
Initial commit of exploit for CVE-2021-36260
2022-02-19 13:13:24 -08:00
5fb3dc1d8e
add printer create / spooler settings logic
2022-02-18 17:51:24 -06:00
f311bd4fce
Remove duplicate warning
2022-02-18 16:31:35 -06:00
3ea032472d
Updated exploit with better check method, added OnSessionCmd option
...
to run a command when a session is bootstrapped, added more
documentation.
2022-02-18 16:30:47 -06:00
443bf1249a
Remove all the old CVE-2021-1732 data
2022-02-18 15:25:39 -05:00
bcd7cb1122
Writeup the module metadata and docs
2022-02-18 15:23:44 -05:00
d92259f868
One exploit for CVE-2021-1732 and CVE-2022-21882
2022-02-18 15:23:38 -05:00
6d94a316cf
Add packet fragmentation to ShadowMitmDispatcher
...
The ShadowMitmDispatcher now supports arbitrary size packets. The
ShadowMitmDispatcher now supports SMB3. The ShadowMitmDispatcher no
longer interferes with existing sessions.
2022-02-18 17:05:37 +09:00
0781e90ca2
add struct processing logic
2022-02-17 19:03:32 -06:00
92856e739b
Fix shellcode so that it works with "0" octets in LHOST IP
2022-02-17 23:06:53 +07:00
d5ba1afbec
fix URLs not resolving
...
fix URLs not resolving
add csv export to references
fix URLs not resolving
pdf not pd
missed a url change
remove extra recirectedfrom fields
remove extra file
fix ovftool url accidental replacement
2022-02-16 17:22:40 -06:00
4e5cd8693d
add notes section to placate msftidy
2022-02-16 11:48:55 +00:00
480c44e9cb
refactor DEBUG_EXPLOIT code into mixin
2022-02-16 11:38:04 +00:00
35d122e16d
msftidy
2022-02-16 08:35:04 +00:00
fb53ca0ac2
actually add support for Windows
2022-02-16 08:33:24 +00:00
841af2c6e1
add support for Windows
2022-02-16 08:30:07 +00:00
6e59efc324
fix evil is undefined on exploit failure
2022-02-16 07:52:42 +00:00
6700ed7f3c
Update module to use built in error handling within send_request_cgi vs doing it ourselves
2022-02-15 18:18:53 -06:00
1086926b2e
Land #16159 , Add module for CVE-2021-3129
...
Merge branch 'land-16159' into upstream-master
2022-02-15 17:14:01 -06:00
0239ef1cc6
Land #16117 , Updates for Log4Shell
2022-02-15 16:39:00 -06:00
604361b59d
Update hp_dataprotector_cmd_exec.rb
...
64 bit payloads
2022-02-15 18:03:13 +00:00
2405a040a8
rubocop and msftidy
2022-02-15 09:31:06 +00:00
891387885b
Fixed typos
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2022-02-15 08:47:50 +01:00
bbb66eba55
Fixed typos
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2022-02-15 08:47:26 +01:00
acfc7348c3
Fixed typos
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2022-02-15 08:47:10 +01:00
c935bc6388
Update modules/exploits/multi/php/ignition_laravel_debug_rce.rb
...
Fix typos
Co-authored-by: Brendan <bwatters@rapid7.com >
2022-02-15 08:46:25 +01:00
2e73469b6b
Update modules/exploits/multi/php/ignition_laravel_debug_rce.rb
...
Fix typos
Co-authored-by: Brendan <bwatters@rapid7.com >
2022-02-15 08:46:02 +01:00
5ac3330802
Initial commit of Axis camera app install exploit
2022-02-14 17:54:18 -08:00
a7ace66b3f
Use send_request_cgi and update options to use HttpUsername and HttpPassword accordingly. This simplifies code. Also update documentation accordingly
2022-02-14 18:19:00 -06:00
c49591cf11
Add in changes to use targets array as per Spencer's suggestion so we can now spawn Meterpreter shells. Also remove ACCOUNT_LOCKOUTS and fix a call that should have been .get_xml_document
2022-02-14 17:38:10 -06:00
af3fa09896
refactor smtp delivery to support continuation
...
When dealing with SMTP servers the communication needs to flow
a known protocol. To ensure the socket is in the correct state
after a send and receive it needs to be read until a line return
a response code followed by a `space` and additional data and `\r\n`
or the response code immediately followed by `\r\n` is returned.
2022-02-14 16:55:49 -06:00
098a82a9d0
cleanup and encode shellcode
2022-02-14 11:21:32 +00:00
14fbbff00b
initial commit of CVE-2020-26950
2022-02-14 10:36:19 +00:00
5e738309f9
add shellcode comment
2022-02-14 02:24:59 +07:00
a13ae3882b
Land #16174 , fix specifying the mode on File.read for ruby 3 on multiple modules
2022-02-13 12:08:13 +00:00
bwatters