b6dbc81f44
Fixed the pluralisation
2023-12-01 08:03:32 +11:00
02c892c3fc
Add hierarchical search table support
2023-11-30 16:32:29 +00:00
25f02ebc7c
Better error message in TGT retrieval failure
2023-11-30 17:47:54 +11:00
a0258e3ff6
Nicer pluralisation
2023-11-30 17:43:35 +11:00
11bcd43562
Apply suggestions from code review
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com >
2023-11-30 17:30:59 +11:00
56da86fe6b
Land #18579 , Use the new style of Windows version detection for CVE-2022-3699
...
Merge branch 'land-18579' into upstream-master
2023-11-29 14:28:35 -06:00
b171b5e77c
working cve-2022-0492
2023-11-28 15:16:18 -05:00
7307c9810b
Use the new style of Windows version detection
...
This will become more important once the Windows Meterpreter returns a
more accurate string for the sysinfo OS field.
2023-11-28 14:35:26 -05:00
4ae62a431b
not-working docker escape
2023-11-28 13:44:08 -05:00
c5075ade2a
Land #18567 , Add exploit module for CVE-2023-5360.
...
This pull request adds a new exploit module for
an unauth file upload vulnerability in the
WordPress Royal Elementor Addons and Templates
plugin, versions before 1.3.79, tracked as CVE-2023-5360.
2023-11-28 13:28:53 -05:00
47e7453930
Enhance Splunk RCE module description for clarity and detail
2023-11-28 17:59:16 +01:00
4967d3e95d
Remove spaces
2023-11-28 17:48:07 +01:00
f2f34f64c8
Add suggested changes
2023-11-28 17:45:13 +01:00
708c795890
Land #18560 , Forging diamond and sapphire tickets
2023-11-28 11:14:15 -05:00
b2fa201a7d
Implement check
2023-11-28 16:45:44 +01:00
a1f31d909a
Add splunk_xslt_authenticated_rce
2023-11-28 15:51:39 +01:00
0146527e55
Add splunk_xslt_authenticated_rce
2023-11-28 15:40:05 +01:00
147aa3df33
fixes
2023-11-28 08:04:49 -05:00
fc35a116bb
Update modules/exploits/multi/http/wp_royal_elementor_addons_rce.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2023-11-28 08:15:27 +01:00
1438a88eb5
Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-11-28 08:10:56 +01:00
10e0206b6e
Diamond tickets require AES256
2023-11-28 09:38:06 +11:00
67933c3819
Deprecated module exploit/linux/upnp/dlink_dir859_exec_ssdpcgi
2023-11-27 19:35:34 +00:00
7dbd938e3b
fixed linting with rubocop and msftidy.rb
2023-11-27 18:44:10 +01:00
3ffeef36f6
Update modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2023-11-27 11:48:50 +01:00
ebc18db0ac
Update modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2023-11-27 11:48:12 +01:00
4906ea228d
updated fields to have random values
2023-11-27 09:39:18 +01:00
7ab487612c
Default to NTLM auth, since plaintext will almost certainly never work
2023-11-27 17:52:12 +11:00
c293c273ba
Attempt to decrypt pre-auth kerberos response
2023-11-27 13:09:59 +11:00
3ca13d9358
Changes from code review.
...
Added in the stability/IOC notes, since diamond/sapphire do make requests.
2023-11-27 10:30:54 +11:00
27b2cdf5b1
Update modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb
...
Remove obsolete slash in normalize_uri parameters
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2023-11-25 13:09:15 +01:00
32380d8a26
Update modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb
...
Remove obsolete slash in normalize_uri parameters
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2023-11-25 13:09:03 +01:00
a04943063e
Update modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb
...
Removes quotes from normalize_uri parameters.
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2023-11-25 13:07:08 +01:00
622277e960
Added documentation for ASREP module
2023-11-24 08:45:26 +11:00
2ead152173
Add specific module to perform ASREP-roasting
2023-11-24 07:43:49 +11:00
8c007c0ef7
added exploit for CVE-2023-32781 - PRTG authenticated RCE
2023-11-23 19:28:02 +01:00
e1b3c56de8
Add reference
2023-11-23 19:27:11 +01:00
65ea1188e2
Add suggested changes
2023-11-23 18:22:36 +01:00
c60da4ad58
Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb
...
Co-authored-by: cgranleese-r7 <69522014+cgranleese-r7@users.noreply.github.com >
2023-11-23 17:33:19 +01:00
d20a1703b1
Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb
...
Co-authored-by: cgranleese-r7 <69522014+cgranleese-r7@users.noreply.github.com >
2023-11-23 17:32:57 +01:00
31daaf58fe
Add wp_royal_elementor_addons_rce
2023-11-23 05:15:28 +01:00
397b9971a3
Clean up started
2023-11-22 21:06:55 -05:00
c0be4c2f72
working end to end unix confluence 7.18
2023-11-22 19:49:38 -05:00
e6e2106140
Auth bypass, auth, shell upload, working
2023-11-21 22:14:27 -05:00
9b050e29ae
Add suggested changes
2023-11-22 00:53:12 +01:00
fff8d20eb8
Add suggested changes
2023-11-22 00:50:57 +01:00
bba178e87f
crack windows
2023-11-21 17:11:15 -05:00
4bca269e01
doc overhaul
2023-11-21 17:11:15 -05:00
46909f63bc
linux cracker enhancements
2023-11-21 17:11:15 -05:00
06b6e969e4
better aix crack
2023-11-21 17:11:15 -05:00
aa27b140cf
crack aix rewrite
2023-11-21 17:11:15 -05:00
Ashley Donaldson