b259c5d6a7
store the credentials we create in the DB
2024-02-01 19:48:01 +00:00
612feac5f1
add in vendor advisory URL
2024-02-01 19:47:23 +00:00
81eba7a6e7
Use FileDropper mixin and fix typo
2024-02-01 17:23:05 +01:00
5054b3bfd0
Add methods to get the version and the CSRF token
2024-02-01 12:31:01 +01:00
a867793870
Update modules/exploits/multi/http/fortra_goanywhere_mft_rce_cve_2024_0204.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-02-01 09:05:02 +00:00
546de49bec
Update modules/exploits/multi/http/fortra_goanywhere_mft_rce_cve_2024_0204.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-02-01 09:04:49 +00:00
6e4294c013
Update modules/exploits/multi/http/fortra_goanywhere_mft_rce_cve_2024_0204.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-02-01 09:04:26 +00:00
2b01b86374
Adding new module for MinIO
2024-01-31 13:33:04 -05:00
024b855231
Land #18628 , Add Puppet post module
...
This PR adds a post gather module to get
Puppet configs and sensitive files.
2024-01-30 19:20:48 -05:00
4d0ba2fa1d
Land #18742 , Memory search module improvements
2024-01-30 17:39:12 +00:00
1abaef4945
Move new session information alerts behind a feature flag
2024-01-30 16:38:00 +00:00
f10619d870
Add module and documentation
2024-01-30 12:52:02 +01:00
68f333cb7b
review comments for puppet module
2024-01-29 19:18:54 -05:00
2efbf6e2f5
review comments
2024-01-29 17:21:06 -05:00
96316a94fe
Initial SMB server for fetch payloads
2024-01-29 16:44:28 -05:00
577898d91b
Check the response when exploiting
2024-01-29 14:38:49 -05:00
a8c240f671
Refactor existing fetch work
...
* Build the HTTPS server on top of HTTP instead of the other way around
* Set the fetch service to nil after it has been cleaned up
* Don't capitalize the H in the word handler
* Check if the fetch_service is truthy before cleaning it up
* Remove the unused FetchServerName datastore option
* Fixup the description text
* Don't allow slashes in fetch file names
* Also add the #fetch_bindnetloc method
Fix a problem in fetch/tftp.rb
2024-01-29 13:34:56 -05:00
c70092a2c7
bugfix a copy pasta whereby a path seperator was not being added as expected
2024-01-29 17:52:37 +00:00
08a19959fe
add an RCE exploit module for CVE-2024-0204 in Fortra GoAnywhere MFT
2024-01-29 17:17:45 +00:00
b5de25a2b6
Fingerprint the target as Mirth Connect first
2024-01-29 12:11:38 -05:00
9a2ec90c16
Add alert to show user the new session options available in Metasploit 6.4
2024-01-29 17:06:21 +00:00
8a793dd1b0
Use the correct exploit and use sh instead of bash
2024-01-29 09:03:25 -05:00
779da83d59
gitlab password reset account takeoever review
2024-01-27 07:44:11 -05:00
e6c4195ad3
gitlab password reset account takeoever review
2024-01-27 07:42:25 -05:00
14181572c1
add PRIVESC_SAVE_DELAY option for opennms authenticated RCE
2024-01-27 01:13:04 +02:00
9e41825e51
Finish up the exploit
...
Tested on Linux (versions 4.1.1, 4.3.0, and 4.4.0) and Windows (version
4.4.0).
2024-01-26 17:20:54 -05:00
acc15c23fe
Add code review changes to opennms auth rce
2024-01-27 00:10:45 +02:00
530d58de49
Initial commit of NextGen Connect RCEs
2024-01-26 14:50:33 -05:00
fe84c0dff7
Land #18734 , Add exploit for CVE-2023-22527
...
This adds an exploit for CVE-2023-22527 which is an
unauthenticated RCE in Atlassian Confluence. The
vulnerability is due to an SSTI flaw that allows an
OGNL expression to be evaluated.
2024-01-25 14:15:10 -05:00
96241b3a6e
Keep version detection consistent
2024-01-25 13:50:34 -05:00
44bf6867c6
Land #18737 , Update metasploit-payloads gem to 2.0.165
2024-01-25 15:49:25 +01:00
49532613e5
Implement some feedback from the review
2024-01-25 09:20:17 -05:00
502511a71a
memory_search module improvements
2024-01-24 19:55:53 +00:00
f496a71cf0
Make mimipenguin work with updated memory search API
2024-01-24 19:53:57 +00:00
deabf9b1d8
Add module docs
2024-01-24 12:49:27 -05:00
15d0d4f0df
Land #18663 , Add new PostgreSQL Session Type
2024-01-24 10:46:26 +00:00
4c525dad66
Land #18648 , Add enhancement to Asan check method
...
Before this PR when running asan_suid_executable_priv_esc
if the user did not set the SUID_EXECUTABLE option the
module would fail with an undescriptive error message.
This PR removes the default value of an empty string from
SUID_EXECUTABLE so now if it's not set the user is informed.
2024-01-23 15:22:33 -05:00
c278ef9b73
Land #18648 , Add Module for GL.iNet products
...
This PR adds an exploit module for a number of
different GL.iNet network products. The module combines
an auth by-pass CVE-2023-50919 with an RCE CVE-2023-50445.
2024-01-23 14:57:29 -05:00
08f6da7b33
Removed default empty string for SUID_EXECUTABLE
2024-01-23 14:21:58 -05:00
bcefde29c3
correct metadata for Actions usage
2024-01-23 12:13:24 -06:00
13d2968fad
Capitalize remaining references to Meterpreter
2024-01-23 13:11:03 -05:00
904e34434e
Land #18626 , SaltStack Minion Deployer
...
This PR adds an exploit module which allows for
a user who has compromised a host acting as a
SaltStack Master to deploy payloads to the Minions
attached to that Master.
2024-01-23 11:58:38 -05:00
8c5628826f
Land #18735 , update iis_webdav_scstoragepathfromurl module metadata
2024-01-23 15:56:01 +00:00
583d39b038
Land #18720 , Mark unix encoders as compatible with linux
...
Merge branch 'land-18720' into upstream-master
2024-01-23 09:45:42 -06:00
dd3d1a9397
Update metasploit-payloads gem to 2.0.165
...
Includes changes from:
* rapid7/metasploit-payloads#694
2024-01-23 10:42:14 -05:00
a25b0ee5e0
Land #18713 , Add generic memory search post/multi module
2024-01-23 12:57:24 +00:00
8d7907edee
Update based on @jheysel-r7 comments
2024-01-23 10:10:21 +00:00
7411dc1b1b
Land #17634 , Add additional reliability and stability notes to modules
2024-01-23 09:42:15 +00:00
953382731e
Land #18645 , improve glibc tunables exploit
...
This PR adds a way to get the Build ID from ld.so by
using the perf command. Before this the module depended
on file and readelf being installed to get the Build ID.
2024-01-22 22:00:28 -05:00
67e402e1be
Added Notes
2024-01-22 19:12:21 -05:00
sfewer-r7