417e3427b3
Change to cmd_exec for cleanup and warn about post-exploitation manual cleanup
2020-04-30 18:53:56 -05:00
717223e1a9
One more fix...
2020-04-30 08:09:15 -05:00
35913c829e
add mkdir and other suggested fixes
2020-04-30 07:47:57 -05:00
8e9a162b1b
fix
2020-04-30 18:05:00 +08:00
ea22e34b9c
fix description
2020-04-30 17:51:28 +08:00
3ca0472b18
fix payload size
2020-04-30 17:47:41 +08:00
109f0a01f7
add windows 7 sp1 scenario
2020-04-30 17:19:54 +08:00
ff0704b316
code review from grant <3
2020-04-30 17:19:54 +08:00
5ed871a110
CVE-2019-0808
2020-04-30 17:19:46 +08:00
c581cb390f
remove CVE for merge, will add later
2020-04-30 11:16:09 +07:00
d28a886c51
remove CVE for merge, will add later
2020-04-30 11:15:11 +07:00
95a942d855
Add description
2020-04-29 14:44:59 -05:00
91c317f7b5
Rubocop autocorrect
2020-04-29 11:01:29 -05:00
191044cdad
Final fixes and documentation
2020-04-29 10:18:22 -05:00
3e51730ae3
Land #11359 , Add the shiro_rememberme_v124_deserialize module
2020-04-28 15:35:06 -04:00
2c61fd0aff
Update Apache Shiro RCE module docs
2020-04-28 14:24:17 -04:00
e79fa7ca94
Update ibm_drm_rce.rb
2020-04-28 14:12:38 +07:00
e5857d5544
Comments for the comment god
2020-04-27 20:58:39 -05:00
3e9f7d5f0a
Comment the absolute path prepended to traversal
2020-04-27 20:57:02 -05:00
f18ec9929b
Remove directory traversal prefix altogether
2020-04-27 20:23:29 -05:00
1318faa992
Clarify the quote is from the vendor's advisory
2020-04-27 16:53:34 -05:00
117924e41a
Break out methods to prepare for shipping to libraries
2020-04-27 16:38:11 -05:00
cefeb9ffde
Randomize dir in desktopcentral_deserialization
...
Also apply RuboCop.
2020-04-27 16:13:22 -05:00
a490fe3c1d
Cleanup before breakup
2020-04-27 16:07:45 -05:00
daf31a3178
Avoid server load balancing
2020-04-27 10:50:34 -05:00
64ecd1f95a
fixed
2020-04-27 10:50:09 -05:00
5732b0f038
fixed
2020-04-27 10:50:09 -05:00
f8f90e5b98
Add default payload
2020-04-27 10:50:09 -05:00
6835d2cd9f
Replace <tab> to space
2020-04-27 10:50:09 -05:00
1116635477
fixed
2020-04-27 10:50:09 -05:00
0516f6e5de
Add shiro_rememberme_v124_deserialize Module
2020-04-27 10:50:09 -05:00
af239303d2
Land #13257 , .NET Deserialization Library Improvements
2020-04-27 13:05:38 +02:00
1bec0a9c19
Land #13291 , Update outdated example_linux_priv_esc.rb code
2020-04-24 23:07:38 -05:00
640eb77403
Land #13260 , add docker wincred module
2020-04-24 10:02:38 -05:00
df8d6b7af1
add check for vulnerable path
2020-04-24 09:56:42 -05:00
714c750c04
apply rubocop changes
2020-04-24 10:23:13 +07:00
a29b05c453
add proper check + rubocup changes
2020-04-24 10:20:10 +07:00
38092d512e
The timeout needs to be very long
2020-04-23 17:56:51 -05:00
45eaa4c2f9
add injection with uso loader
2020-04-23 15:17:12 -05:00
e380c63158
Add md5 check on payload
2020-04-23 08:16:21 -05:00
1ad9b181a8
Overwrite successful, attempting trigger
2020-04-22 19:22:19 -05:00
1c757f90db
bcoles suggestions
2020-04-22 18:08:58 -05:00
823c29a127
Update post-RuboCop style in my recent modules
...
Mostly 80 columns (yeah, I know) and additional whitespace to complement
the lack of alignment.
2020-04-22 10:52:00 -05:00
0bef1757d2
Create ibm_drm_a3user.rb
2020-04-22 12:17:34 +07:00
e29ed335de
Add CVE-2020-9015 Arista TACACS+ SSH Shell Escape
...
This module exploits a vulnerability of a combined poorly configured TACACS+ config and
Arista's bash shell.
This module has been tested successfully on:
- tac_plus version: 202001211926/PCRE/DES
- Arista HW/SW DCS-7280SRAM-48C6-R – 4.22.0.1F
- Arista HW/SW DCS-7050CX3-32S-R – 4.20.11M
- Arista HW/SW DCS-7050QX-32S-R – 4.20.9M
2020-04-21 12:21:52 -07:00
0bbb822fe4
Working through mountpoint issues
2020-04-21 09:54:45 -05:00
8f5d6e4fa4
Create ibm_drm_rce.rb
2020-04-21 15:49:48 +07:00
c5df5355ac
Update my module documentation to the new standard
...
Also update CheckModule to match current style and best practices.
2020-04-20 20:06:52 -05:00
2e88fc2f82
more reviews
2020-04-20 21:01:15 -04:00
ca148c772e
minor import changes searching for bug
2020-04-20 09:32:55 -05:00
bwatters-r7