459cf871cb
Land #17979 , Add exploit for Ivanti Avalanche file upload - CVE-2023-28128
2023-05-16 09:19:33 -05:00
6bee4f56d9
updates from review
2023-05-13 15:49:11 -04:00
560fc9000b
Fix up checks on responses to make sure they are more robust checks
2023-05-12 16:08:47 -05:00
3b2d23eeae
Fix up check method, unduplicate fail_with messages to make them unique, and add @cleanup_needed so we can check if cleanup is needed to avoid unnecessary messages when just checking if the target is vulnerable or not
2023-05-12 14:14:40 -05:00
b7b1df23ea
Implemented threading into module
2023-05-12 14:28:10 -04:00
04e6bf804f
Made stability involve service down
2023-05-12 14:27:58 -04:00
004a72c32e
ibstat_path: Use AutoCheck, add Notes, resolve Rubocop violations
2023-05-13 01:27:53 +10:00
722de33b6f
address feedback, use cleanup to restore path
...
fix bug where if config restore failed, module would
output that it was both a failure and a success
add akb topic as reference
2023-05-11 13:20:25 -05:00
d24f5873bd
Update sticky_keys.rb
...
Persistance -> Persistence
Fix a small typo
2023-05-11 12:22:54 -05:00
a445b07233
removing unnecessary call to payload_uri
2023-05-11 16:35:53 +00:00
131f2519bc
Update modules/exploits/windows/http/ivanti_avalanche_filestoreconfig_upload.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-05-11 10:48:48 -05:00
fa6a5e24f0
Land #17807 , Add in documentation on Metasploit's file system
2023-05-11 16:11:12 +01:00
eb959e2e40
Land #17060 , GSoC Project: Implement HTTP-Trace enabled login scanners
2023-05-11 15:45:01 +01:00
020ee7ca5c
Land #17964 - Pentaho Business Server Auth Bypass and SSTI - CVE-2022-43769 and CVE-2022-43939
2023-05-11 09:28:55 -05:00
fe63d80679
Fix issues: double encoding bug, nessus scanner logging, remove dead cgi option
2023-05-11 13:01:52 +01:00
d50bd24c2f
Adding config cleanup.
2023-05-11 04:57:57 +00:00
cb2c6a7d80
Prevent bypass_auth from being called twice when AutoCheck is true
2023-05-11 00:34:47 +00:00
9f6a1c18a1
Minor updates to fix URLs, disclosure date, description, and minor gramatical things
2023-05-10 18:22:00 -05:00
9f0a6503b7
require.js is not the only way, account for this new discovery in code
2023-05-10 13:02:02 -05:00
5d4e68d36c
Add Metasploit payload example and remove message that may suggest successful exploitation occurred even when it didn't
2023-05-10 10:36:29 -05:00
1b8f1de7c8
Add in fixes from review, add archive of software, and use uri_encode_mode for encoding parameters.
2023-05-10 10:16:08 -05:00
e742df1c33
Rubocop warning fix
2023-05-10 16:18:33 +02:00
e514de9aef
add comment about jsf substitution
2023-05-10 09:13:01 -05:00
cfea6530a1
Merge branch 'rapid7:master' into dolibarr_16_contact_dump
2023-05-10 11:59:46 +02:00
d50993cd80
reviews from cdelafuente-r7
...
Used the AutoCheck mixin, removed the exploit function that was mileading, removed the hardcoded HttpTimeout, and refactored some code portions.
2023-05-10 11:59:09 +02:00
a485a786ef
Land #17881 , Zyxel chained RCE using LFI and weak password derivation algorithm
2023-05-10 11:49:51 +02:00
4f8024454c
Updates based on cdelafuente-r7 latest comments
2023-05-10 07:46:11 +00:00
c5b0bc68d7
Improved automatic targeting, tested back to major version 14
2023-05-09 23:44:46 +00:00
eff189f221
Ensuring csrf_token is initialized.
2023-05-09 23:43:56 +00:00
43564b5267
Removing unneeded features/options.
2023-05-09 23:43:30 +00:00
79d35ad938
Fixed check method
2023-05-09 14:25:03 -05:00
eca87ea2eb
Updated side effects and fixed fail_withs
2023-05-09 14:25:03 -05:00
348750ea70
Updated Authors
2023-05-09 14:25:02 -05:00
07056a74bc
Pentaho Business Server Auth Bypass and SSTI
2023-05-09 14:24:51 -05:00
908f7ad3f3
Land #17972 , updates to some of the example modules to keep them in line with framework changes
2023-05-09 18:46:25 +01:00
d1e3ce1183
add Ivanti Avalanche file upload
2023-05-08 17:41:52 -05:00
bc25907d1e
Add additional clarity to some segments of the module
2023-05-08 16:43:26 -05:00
cdab415ffb
Fix a bug in ACE processing
...
There was an issue in the ACE processing where only ACEs corresponding
to an object were processed for SIDs with enrollment rights. The
processing should also process ACEs that grant the enrollment right and
are not related to any objects. In other words, only ACEs associated
with an object that is neither the CERTIFICATE_ENROLLMENT_EXTENDED_RIGHT
or CERTIFICATE_AUTOENROLLMENT_EXTENDED_RIGHT right should be ignored.
2023-05-08 16:00:38 -05:00
12911d10fb
review comments
2023-05-08 15:25:31 -04:00
f773d348e1
Add in notes about reliability of the module, and also add documentation on 7005 test on Windows 2022
2023-05-08 12:11:01 -05:00
0ace550537
small updates to example modules
2023-05-07 13:02:30 -04:00
51ab9746fb
Updates based on cdelafuente-r7 comments
2023-05-06 19:05:21 +00:00
c69ca39748
consistent indenting
2023-05-06 05:07:59 +00:00
0448d408ea
Match wording from "How to write a module using HttpServer and HttpClient" on docs.metasploit.com
2023-05-06 04:58:50 +00:00
af3c482acd
heh, I probably should have tested that too
2023-05-06 04:55:23 +00:00
e37e506fe2
heh, I probably should have tested this
2023-05-06 04:37:43 +00:00
f04dababa2
add upload code
2023-05-05 18:59:46 -05:00
e692e927dc
review fixes
2023-05-05 16:43:47 -04:00
f27648799b
Adding original ZDI reference. Minor formatting changes.
2023-05-05 18:19:53 +00:00
5f12f0e0ba
Apply suggestions from code review
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-05-05 11:07:08 -07:00
Grant Willcox