abb11cf896
Land #15918 , add more targets for ms07_029_msdns_zonename
2021-11-30 08:24:03 +00:00
28bc460bac
ms07_029_msdns_zonename: Add additional Windows 2000/2003 target offsets
2021-11-30 07:38:08 +00:00
14064ff3f9
Update module description and remove extra module.
2021-11-29 15:23:02 -06:00
8fa73f9e90
ms05_039_pnp: Rename 'Windows 2000 SP4 English/French/German/Dutch' target to 'Windows 2000 SP4 Universal'
2021-11-28 13:39:05 +00:00
5fab1da09b
ms03_026_dcom: cleanup
2021-11-28 08:25:31 +00:00
bfd57daea7
Update Range Syntax to Support Ruby 2.5
...
Change [?..] to [?..-1] to be compatible with older ruby versions. Fix
failing msftidy rubocop linting tests.
2021-11-25 15:05:39 +09:00
e19511a31c
Update documentation for the smb_shadow module.
...
Add additional clarity and details to the existing documentation for the
smb_shadow module. Remove some outdated comments and fix some spelling
errors.
2021-11-25 08:12:13 +09:00
344bdacae4
Remove preferred payload
...
We'll add it back to Framework later.
2021-11-24 10:44:59 -06:00
e2734293e1
Add SMB Shadow Module: Direct SMB Session Takeover
...
This module intercepts direct SMB connections on the LAN.
Both the SMB Server and Client must be on the LAN.
The SMB Client must be authenticating to the Server as an Administrator.
This module is dependent on an external ARP spoofer.
2021-11-24 20:05:30 +09:00
e8e5467b70
Credit mr_me for keytool classloading technique
...
Confirmed. :)
2021-11-23 20:12:05 -06:00
3702615003
Improve check precision by matching more stuff
2021-11-23 19:05:09 -06:00
e2cf3e6706
Clarify working directory for FileDropper
2021-11-23 19:05:09 -06:00
2f1bfa738a
Add ManageEngine ADSelfService Plus CVE-2021-40539
2021-11-23 19:05:09 -06:00
d802a9ee0b
remove rubocop exemption no longer required
2021-11-23 07:58:07 -06:00
21a6a18d92
trade URI.encode & URI.escape for Ruby 3
...
Ruby 3 removed the `URI.escape` methods however access to
the a parse for the same RFC is stil available at `URI::DEFAULT_PARSER.escape`.
Per the Ruby forum [comment](https://bugs.ruby-lang.org/issues/17309#note-1 ) this should equal.
2021-11-22 14:11:03 -06:00
7f6d661ff7
Land #15866 , Add Exploit For CVE-2021-38294 (Apache Storm Nimbus getTopologyHistory RCE)
2021-11-18 17:02:50 -06:00
d7cb7804e6
Implement some changes from PR feedback
2021-11-18 16:35:13 -05:00
a915c3ce5c
Add fixes for some of the issues raised during the review process on both the documentation and module side of things
2021-11-17 17:25:50 -06:00
9023c61ac8
Land #15851 , User Agent Refresh
2021-11-17 15:08:52 -06:00
2a68b9ae9f
Add targets to track http server status
2021-11-17 07:54:49 -06:00
9fa65092d1
Switch to the new Rex stopwatch function
2021-11-16 10:12:57 -05:00
d7047cdb6f
Land #15867 , Update example modules
2021-11-15 15:32:45 -06:00
a620b425dd
Fix a few capitalization errors
2021-11-15 14:56:25 -06:00
fc05f53688
Reword comments a bit to make it cleare to end users how to use some of the libraries we provide
2021-11-15 14:54:13 -06:00
e2ec4438a4
further update examples
2021-11-15 15:16:08 -05:00
a100cd77ae
Land #15858 , Add exploit for CVE-2021-42237
2021-11-15 14:24:47 -05:00
b428863d9e
Land #15875 , Bash payload works outside of bash
2021-11-15 10:46:05 -05:00
7549aaaf61
Remove warning now that bash payloads should work in this situation
2021-11-15 15:56:59 +11:00
93a1473e49
fix return add http timeout
2021-11-13 04:46:38 -05:00
69c0c367fe
rubocop and example updates
2021-11-13 04:33:24 -05:00
d5e024ae4c
Refactor to generic/ssh/interact
2021-11-12 16:03:29 -05:00
726c5f26e3
SSH session consistency with auto-platform IDing
2021-11-12 16:03:27 -05:00
87d1e925d0
Add an interactive SSH payload
2021-11-12 16:01:22 -05:00
0b3f95abca
Writeup the module docs and move the protocol code
2021-11-12 15:15:51 -05:00
1f1e0fc2cc
Write and use a check method
2021-11-12 14:08:19 -05:00
7284f14fd8
Define custom Thrift types, improve syncing
2021-11-12 10:30:48 -05:00
21ff65994c
Initial commit of the Storm Nimbus cmd exec
2021-11-12 10:30:15 -05:00
7e01e33e51
Make the XML generation into a function that accepts an argument and do further cleanup to simplify the code around this
2021-11-11 23:56:11 -06:00
4505d7e834
Land #15700 , Add Aerohive NetConfig <= 10.0r8a RCE (CVE-2020-16152) module
...
Merge branch 'land-15700' into upstream-master
2021-11-11 17:03:54 -06:00
8d55b16ade
Fix one more mistake and rename document and module to a more easy to find name
2021-11-11 16:42:58 -06:00
be4fa90f1a
Fix up wvu's review comments
2021-11-11 14:39:40 -06:00
9d6f0a0eb2
Update XML to reduce it to the bare minimum needed to get the exploit working. Possible I could do more but in my tests it seems everything in here now is needed
2021-11-10 16:25:08 -06:00
27310dc002
Add in exploit and documentation for CVE-2021-42237
2021-11-10 15:52:22 -06:00
527057c700
Updated user agent strings in some modules where it shouldn't impact exploitability
2021-11-10 11:12:38 +11:00
3af93cbacc
Fix up changes from timwr's review so long
2021-11-09 10:36:50 -06:00
780a9370a2
First draft of code, documentation, and exploit DLL plus exploit code
2021-11-09 10:36:40 -06:00
1dd26bca03
Land #15802 , add OMIGOD LPE
2021-11-09 10:30:50 -06:00
38973510f7
update modules (auxiliary and exploit)
2021-11-09 15:18:58 +04:00
56a544c184
Fix two minor issues in kubernetes/exec
2021-11-05 10:35:22 -04:00
9346a43e4a
Improve kube exec reliability
2021-11-05 02:38:44 +00:00
Tim W