43f4ec921d
update docs and remove lscpu check
2021-04-20 21:12:27 +05:30
fcdd47e8f5
Land #15064 - Fix Rex::Socket::SSHFactory NameError in exploit/linux/ssh/f5_bigip_known_privkey
2021-04-20 10:41:42 -05:00
490e49acdb
fix msftidy warning
2021-04-20 20:58:04 +05:30
673084b65c
remove sys/bus/xen check and add /sys/class/dmi/id/product_name check
2021-04-20 20:51:04 +05:30
cde5c83517
add nil check and remove readable?
2021-04-20 18:44:38 +05:30
61d4ab4e26
fix linux checkvm bug
2021-04-20 09:40:11 +05:30
8d71cfc024
Fix SSHFactory NameError in f5_bigip_known_privkey
...
This could probably be refactored to use Msf::Exploit::Remote::SSH.
2021-04-19 17:07:26 -05:00
d60cdbebb3
Add in Regex fix to ensure that really old versions of NagiosXI will still be detected as vulnerable despite unusual version naming convention
2021-04-19 14:17:05 -05:00
51f9e1ae73
cockpit cms rce
2021-04-18 18:52:04 -04:00
4ac9304ca2
Land #14968 - Add Nagios XI Mibs.php Authenticated RCE module and docs (CVE-2020-5791)
2021-04-16 14:37:15 -05:00
496e074ec8
Add in fixes to documentation and module from review
2021-04-16 13:14:17 -05:00
88f17c5128
cleanup and removes cookies filtering
2021-04-16 17:31:11 +01:00
d155702356
Add in Notes section to chrome_simplifiedlowering_overflow.rb
2021-04-16 11:02:52 -05:00
c6464313d4
Update modules/exploits/multi/browser/chrome_simplifiedlowering_overflow.rb
...
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com >
2021-04-16 16:46:43 +01:00
97425602e9
fix typo and docs in chrome_simplifiedlowering_overflow
2021-04-16 14:59:43 +01:00
cc1aa34534
Tweak what is restored to avoid a bugcheck
2021-04-16 09:16:38 -04:00
fc55d74b80
http-client cookie jar support and tests
2021-04-16 12:24:21 +01:00
c4956ce19b
Updatied the module with the full set of actions
2021-04-16 04:54:29 -04:00
9e6f425427
Move exploit/linux/http/citrix_dir_traversal_rce
...
To exploit/freebsd/http/citrix_dir_traversal_rce. It's actually FreeBSD.
2021-04-15 19:13:25 -05:00
832ca92f42
Land #14700 , Add Nagios XI Plugins Filename Authenticate RCE module and docs (CVE-2020-35578)
2021-04-14 16:58:55 -05:00
ee8838eea5
added validation to make sure the file path is set
2021-04-14 17:47:19 -04:00
61395f3cb1
Update scenarios in documentation and also update the module to handle cases where the version number may not be in a format that Rex::Text can immediately handle.
2021-04-14 16:32:53 -05:00
76353efada
Fix minor RuboCop error
2021-04-14 15:38:06 -05:00
154e237edd
Add in fixes to documentation and module that were covered in the review process
2021-04-14 15:33:42 -05:00
4c37e35d82
Land #14770 , guard when spawn is used with TcpServer mixin
2021-04-14 11:34:25 +01:00
ddde7ebb71
Land #15037 , Update redis_login to check that authentication is required
2021-04-14 11:11:00 +01:00
a59e7e196d
Land #14701 , Rename Nagios XI authenticated RCE module and integrate Nagios XI mixin
2021-04-13 18:58:29 -05:00
d766cf9b96
Change module title to be more descriptive and remove bad characters
2021-04-13 17:33:34 -05:00
0aada27128
Update the documentation to account for the fact that the plugin name has to be check_ping and also update the module to randomize some of the fields where possible.
2021-04-13 17:15:34 -05:00
6176f6fd16
Avoid a CRITICAL_STRUCTURE_CORRUPTION bugcheck from patch guard
2021-04-13 17:39:32 -04:00
ead9d73dc5
Add in fixes from review to documentation and module
2021-04-13 16:34:13 -05:00
ba9674ca69
Search a wider range of the hal heap and remove an irrelevant sentence
2021-04-13 14:44:24 -04:00
ec962cf2be
Adjust the hal heap base address calculation
2021-04-13 13:11:24 -04:00
552c0e7cea
Land #15028 , payloads/singles/linux/x64/exec.rb refactoring, metasm, and new NullFreeVersion option
2021-04-13 10:21:11 -05:00
cffb82e8d9
Updating KOFFEE module enabling actions that can be selected by a user to trigger functionalities on the head unit
2021-04-13 10:00:12 -04:00
20f4050e5b
Update redis_login to check that authentication is required
2021-04-12 19:53:01 -04:00
e842c3ecab
Fix Gem::Package NameError with Rex::Tar::Writer
2021-04-12 18:50:31 -05:00
fb9aa68b7a
Comment out several additional parts of the shellcode for better clarity
2021-04-12 17:26:46 -05:00
e2532ab01b
Land #14994 , Update session_spy.rb to have a PID option for session migration.
2021-04-12 16:18:26 -05:00
c4f88e35ba
Land #14622 , add the sp_oacreate technique to the mssql_exec module
2021-04-12 15:00:15 -04:00
ef82219235
Update the mssql_exec docs and some verbiage
2021-04-12 14:52:13 -04:00
045367cff7
Apply RuboCop formatting to documentation and module
2021-04-12 13:52:00 -05:00
54aa9d42e9
Add one additional guard clause in to prevent outputting a message if the database isn't properly connected
2021-04-12 13:41:17 -05:00
0b06904dd0
Update module with more checks and replace the Process migration strategy with a PID migration strategy. Also update documentation accordingly
2021-04-12 13:05:26 -05:00
7a828b5884
updating w/ proc option to migrate into and proc check before auto migrate
2021-04-12 13:05:26 -05:00
e9088cfc12
Run rubocop and msftidy_docs, both on the module and documentation
2021-04-12 04:13:03 -04:00
7a07146d03
add ref for xp_cmdshell
2021-04-11 22:18:44 +02:00
75aba6707b
modify original module, add technique option
2021-04-11 22:16:15 +02:00
938b4741a9
saltstack doc update and tested
2021-04-10 13:46:19 -04:00
6f5c82c388
payloads/x64: exec.rb new behaviour
...
This patch adds new behaviour to CMD option.
Now if CMD is empty or unset, a 21 byte not null-free execve payload is built.
The arbitrary command option continues the same when CMD is set.
It also adds the OptBool NullFreeVersion advanced option.
Its default value is false. When set as true, generate will output a
self included null-free version of the payload without need of encoding.
Signed-off-by: Geyslan G. Bem <geyslan@gmail.com >
2021-04-10 00:55:44 -03:00
pingport80