6d473b2424
remove debug prints
2024-02-21 13:30:06 +00:00
c529749f77
fix tabs
2024-02-21 13:14:35 +00:00
d21e4080a9
Land #18792 , Ivanti Connect Secure - Unauth RCE (CVE-2024-21893 + CVE-2024-21887) #18792
...
Merge branch 'land-18792' into upstream-master
2024-02-20 17:40:12 -06:00
e66f6c106b
Land #18847 , Add Proxies support to creating a session with postgres_login
2024-02-19 16:20:09 +00:00
3be5988679
Land #18848 , Add Proxies support to creating a session with mssql_login
2024-02-19 16:10:37 +00:00
b2f36e41c4
Add Proxies support to creating a session with mysql_login
2024-02-19 12:22:51 +00:00
edf2bae69a
add native java payload support
2024-02-19 11:37:34 +00:00
db3b2de3f3
Land #18855 , Use database_name for SQL sessions
2024-02-19 11:10:02 +00:00
de17261926
Removes session types from module with session type mixin
2024-02-19 10:34:16 +00:00
64ab62f2c3
Use database_name for SQL sessions
2024-02-17 03:31:58 +00:00
c298540bea
Add documentation and fix default payloads
2024-02-16 16:49:49 -06:00
8cddffa3d1
Land #18700 , Add Kafka-ui Unauth RCE module
...
This PR adds an exploit module for CVE-2023-52251 which
is an unauthenticated rce vulnerability in Kafka's UI.
2024-02-16 15:38:52 -05:00
bc6bf1c4f3
Add Proxies support to creating a session with mssql_login
2024-02-16 20:22:11 +00:00
a1b0ff0fcf
Land #18681 , Update Apache Ofbiz w. Auth-Bypass
...
This PR updates the pre-existing apache_ofbiz_deserialization
module to include functionality that will bypass authentication by
using the newly discovered CVE-2023-51467.
2024-02-16 15:02:34 -05:00
a8408f139e
add in ARCH_CMD payloads to get a native meterpreter session
2024-02-16 17:28:38 +00:00
32ed8eeedf
rework some of the cleanup logic
2024-02-16 15:31:07 +00:00
fc963bd8bb
Add Proxies support to creating a session with postgres_login
2024-02-16 14:45:17 +00:00
04d501a7a7
make msftidy happy
2024-02-16 10:05:24 +00:00
cdba70b44d
add in jetbrains teamcity rce 0day
2024-02-16 10:04:28 +00:00
6c252de974
Docs plus minor edits
2024-02-15 17:12:11 -05:00
7b56d012e8
Land #18678 , add LDAP capture capabilities
2024-02-15 22:11:04 +00:00
9e75b70868
Add Windows target
2024-02-15 16:00:59 -06:00
57eda908d1
Added suggested modificaitons to check for nil response and modify reference link to vendor's issues page.
2024-02-15 13:28:44 -05:00
8a1f5de8f1
Fix msftidy issue and update file delete
2024-02-15 10:00:44 -06:00
20563b64b2
add check method
2024-02-15 09:05:54 -06:00
e49c6a792a
Land #18770 , Extract SMB, PostgreSQL, MySQL and MSSQL optional sessions into their own mixins
2024-02-15 13:19:37 +00:00
69b566ce35
Wider runC version support, add Debian, fix bugs.
...
Now uses the Rex::Version system to check the user's version of runC.
The old system used to allow runC version 1.1.12 (which is patched).
Now it allows from 1.0.0-rc93->1.1.11 (and I tested that it works as expected).
Support added for Debian as this was tested with both Debian and Ubuntu.
Newer versions of Docker wouldn't delete the built container due to the message format.
I added a new regex to check for the message format which now deletes containers.
Fixed error reporting bug, runC version sanitising
Some runC versions contain the `+` and `~` token. These break
Rex::Version objects. A simple check was added against these symbols
and anything following them is cut off. Another solution may be
to replace these tokens with the `-` symbol to maintain information.
One of the failure cases was unreachable and this was fixed.
Fix runC and docker presence checks
The old runC and docker presence checks wer using `if` instead of `unless`.
executable? also requires a full path to work correctly. Since only the command
names themselves were being passed in, the check was silently failing.
The chosen fix was to instead use the command_exists? function,
which has the added benefit of working on both Windows and Linux.
2024-02-15 16:45:40 +08:00
843c64d2f6
Code cleaned up
2024-02-14 19:08:11 -06:00
67cd9b425b
Working, but ugly
2024-02-14 15:42:50 -06:00
d716e60cf2
added base64 encoder module of zerosteiner
2024-02-14 21:33:50 +00:00
f5c71d09c2
using data/kafka_ui_versions.json for the version check
2024-02-14 20:57:46 +00:00
8b70cefd83
Update modules/exploits/linux/http/kafka_ui_unauth_rce_cve_2023_52251.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-02-14 20:57:46 +00:00
f75722ecf2
Small updates to module and documentation
2024-02-14 20:57:46 +00:00
dde7e3c5d3
Small tweaks to verbose messages
2024-02-14 20:57:46 +00:00
d5f30befbb
Second release of module
2024-02-14 20:57:46 +00:00
3db32da70f
First release of module.
2024-02-14 20:57:45 +00:00
5f703b2e28
First draft. Not ready for review
2024-02-14 20:57:45 +00:00
d987b81591
Use Rex MIME Message
2024-02-14 13:15:37 -05:00
747d328bcb
Land #18786 , Fix option collision in service_persistence
2024-02-14 17:25:15 +01:00
fa5c4c0193
lowercase session types
2024-02-14 15:45:34 +00:00
0d4e1ed755
Use mssql option session mixin with mssql modules
2024-02-14 15:37:11 +00:00
587a8690a1
Use individual session mixins
2024-02-14 15:37:11 +00:00
08872d0211
Add session type to info hash in the mixin
2024-02-14 15:37:11 +00:00
0f319bdfb9
Extract SMB and PostgreSQL optional sessions into their own mixins
2024-02-14 15:37:11 +00:00
35f8c6ce8a
Added fixes suggested by reviewer. Added a fix for redirects due to workspaces being case-insensitive.
2024-02-14 09:09:52 -05:00
fc5a12431c
Land #18664 , Add an SMB-based fetch payload for Windows
2024-02-14 14:57:32 +01:00
1794a5fbee
Land #18763 , Mssql session modules
2024-02-14 10:54:04 +00:00
d18520adc6
update rhost and rport calls
2024-02-13 13:00:38 -06:00
c05c6773df
adjust session logic in modules
2024-02-13 11:59:09 -06:00
1cd5b707bb
Add additional platforms and decoders
2024-02-13 18:34:40 +01:00
sfewer-r7