2de77b6e8a
Refactored code. Primarily line length increased.
2020-11-26 13:46:01 +01:00
012b040fc1
Reformat code layout to satisfy msftidy
2020-11-26 13:46:01 +01:00
41ff86178b
Add new module exploit module
...
Add new module /exploits/multi/http/apache_nifi_processor_rce.rb
2020-11-26 13:46:01 +01:00
6d6c71bc2a
Fix another typo in the bypassuac_comhijack module
2020-11-26 13:14:36 +01:00
9757c68f9b
Fix typo in modules/exploits/windows/local/bypassuac module
...
Correct small typo in the output to the msfconsole.
2020-11-26 12:55:29 +01:00
63a98adff0
Land #14427 , phpstudy_backdoor_rce.rb TARGETURI handling and default value modifications
2020-11-25 10:32:53 -06:00
ca28f59ac4
Update the description of the TARGETURI option to reflect the recent changes
2020-11-25 10:32:17 -06:00
95665e916c
Land #14416 , wordpress plugin 'simple file list' rce
2020-11-25 09:58:26 -05:00
94c157bc95
Tweak the documentation and module output just a little for clarity
2020-11-25 09:58:07 -05:00
31426576e0
Land #14264 , Add exploit/multi/http/kong_gateway_admin_api_rce
2020-11-25 11:09:02 +00:00
efdc7f062e
Land #14241 , OpenMediaVault 5.5.11 Authenticated Remote Code Execution
2020-11-24 13:42:53 -06:00
e0a8aff72b
Ninja edit in fix to remove support for IN_MEMORY Unix payloads since most of them don't work correctly or return multiple shells if they do work. Will potentially add this in with another PR once fixes are made to make it more reliable
2020-11-24 13:41:57 -06:00
d4b2babae1
Report success when leveraging the registry permissions technique
2020-11-24 09:06:13 -05:00
c8fc5b52cf
TARGETURI Default value modification
...
TARGETURI Default value modification
2020-11-24 14:05:49 +08:00
9417266d21
replace Checkcode:Unknown with Detected in check(), skip cleanup unless required
2020-11-23 08:17:44 -05:00
8e299de712
Update modules/exploits/multi/http/kong_gateway_admin_api_rce.rb
...
Co-authored-by: cgranleese-r7 <69522014+cgranleese-r7@users.noreply.github.com >
2020-11-22 14:49:51 +00:00
a988e85d90
remove not needed code
2020-11-22 09:07:11 -05:00
92c92f1573
simple file list rce
2020-11-21 08:51:07 -05:00
810898e97b
Rough attempt at CVE-2020-1337
...
Non-functional
2020-11-20 17:36:19 -06:00
1031b12c57
Land #14206 , Rockwell FactoryTalk CVE-2020-12027 RCE
2020-11-20 08:49:39 -05:00
5e4e52c619
convert strings to bytes and mandate python3
2020-11-20 12:57:36 +00:00
cbc5899edf
Add module docs for the Service Permissions LPE module
2020-11-19 14:17:20 -05:00
9368f4bdf3
Apply rubocop suggestions to the service permissions module
2020-11-19 12:54:16 -05:00
d1faea5bb7
Add a TargetServiceName option and adjust exception handling
2020-11-19 12:54:16 -05:00
205a9db8cf
Add the initial registry technique for the service permissions LPE
2020-11-19 12:54:10 -05:00
a5024238d3
Tweak the check method to return detected and fix a typo
2020-11-19 09:24:27 -05:00
2eb2fad212
Land #14294 , Allow adding details to CheckCodes, and update ms17_010_eternalblue to validate the target is x64
2020-11-19 14:09:55 +00:00
b56d2e00fe
Update modules/exploits/windows/scada/rockwell_factorytalk_rce.rb
...
Co-authored-by: bcoles <bcoles@gmail.com >
2020-11-19 19:39:59 +07:00
c635538e9d
Update modules/exploits/windows/scada/rockwell_factorytalk_rce.rb
...
Co-authored-by: bcoles <bcoles@gmail.com >
2020-11-19 19:39:47 +07:00
4c8adcfd46
Update rockwell_factorytalk_rce.rb
2020-11-19 17:56:31 +07:00
d3f16c7061
Land #14361 , COOKIE for sharepoint_ssi_viewstate
2020-11-18 15:55:19 -06:00
72a6993408
Add patch bypass (CVE-2020-14750) to references
...
We were already using it... but now there's a CVE.
2020-11-18 10:57:05 -06:00
78999bb92c
Add an exploit from Exploit-DB
...
Written by either (Nguyen) Jang or Mohammed Althibyani. Not used by the
module.
https://www.exploit-db.com/exploits/48971
2020-11-18 10:56:03 -06:00
83beae731f
Add WebLogic Administration Console Handle RCE
...
CVE-2020-14882
CVE-2020-14883
2020-11-18 10:56:02 -06:00
4f7329d93d
Remove EOL spaces from consul_service_exec.rb
2020-11-18 09:09:55 +00:00
6f1365b75d
Add Windows support to consul_service_exec.rb
...
Added Windows to the 'Targets' list with CmdStagerFlavor psh_invokewebrequest. Generalised the payload delivery to allow for both Windows and the existing Linux payloads.
2020-11-17 15:37:55 +00:00
f73a88a39c
Land #14396 , hadoop_unauth_exec clarification
2020-11-16 12:44:13 -06:00
06a0634828
Describe the Hadoop vuln as not-a-vuln clearly
2020-11-16 11:31:59 -06:00
0328e3f815
Land #14359 , gives preference to default target options
2020-11-13 14:44:13 +00:00
d6b412c58e
Land #14340 , Add HorizontCMS 1.0.0-beta exploit module and documentation
2020-11-13 13:03:04 +01:00
020e90543d
IOS -> IOC
2020-11-11 17:43:16 -05:00
6880376c61
add reliability, stability, side effects to pulse_secure_gzip_rce
2020-11-11 17:19:10 -05:00
79a3328cd3
Validate that AutoCheck is prepended
2020-11-11 22:15:40 +00:00
fcb507e412
Fix AutoCheck
...
I'm a big dummy.
2020-11-11 15:57:38 -06:00
42bdae919b
Add SaltStack Salt REST API RCE (CVE-2020-16846)
...
Leveraging CVE-2020-25592.
2020-11-11 13:09:26 -06:00
67ae309896
Set plat/arch in saltstack_salt_unauth_rce targets
...
Looks like I forgot this, and it affects compatible payloads.
2020-11-11 13:09:26 -06:00
d3b67069c8
add cmd stager example py exploit
2020-11-11 10:27:53 -05:00
ce7031e263
Add suggestions from code review
2020-11-11 07:41:22 -05:00
4c39695a50
remove cwe-20 from chkrootkit
2020-11-10 12:01:08 -05:00
768fb7d3a7
remove cwe-74 from cmsms
2020-11-10 11:43:42 -05:00
Graeme Robinson