236f65a948
Land #17188 , Fix the Python Meterpreter for v3.1-3.3
2022-10-31 20:18:37 +00:00
52197f544f
Print the added account SID
2022-10-31 10:56:17 -04:00
b00f706c0b
Handle missing accounts when resolving SIDs
2022-10-31 10:56:17 -04:00
af9e4f0fa9
Update how sAMAccountName is looked up.
...
This tweaks how the objects are looked up by the sAMAccountName field.
The sAMAccountName can contain values not ending in $, so lookup what the
user specified first, and then check with the $ suffix if it's not
found.
2022-10-31 10:56:17 -04:00
fa7d677d45
Consolidate and improve LDAP error handling
2022-10-31 10:56:17 -04:00
2269fec099
Initial working RBCD module
2022-10-31 10:56:17 -04:00
31e2ab683c
Update samr_computer to show the SID when adding
2022-10-31 10:56:17 -04:00
603e710804
Update payloads sizes
2022-10-31 10:35:28 -04:00
4ec7eea436
Fixes from code review
2022-10-28 15:33:34 +02:00
3346ddec2c
Land #17155 , Remote mouse version updates
...
Also add a vulnerable download link to the docs
2022-10-27 16:32:23 -04:00
40fca92b38
Land #16871 , Add vcenter_secrets_dump post module
...
Merge branch 'land-16871' into upstream-master
2022-10-27 11:05:07 -05:00
06e0be0a3d
Land #17128 , Adds support to specify a shared directory to iterate through and highlight keywords
2022-10-27 16:07:12 +01:00
9e7c887347
Land #17187 , update aerohive_netconfig_lfi_log_poison_rce to support 10.0r8
2022-10-27 15:53:03 +01:00
2bd90079a2
Adds support to specify a shared directory to iterate through and highlighting keywords
2022-10-27 12:49:02 +01:00
0e72307d36
aerohive_version_fix
2022-10-27 13:33:18 +03:00
9c5d82e00f
Land #17147 , add Vargrant Breakout module
...
This PR adds a module that exploits a default
Vagrant shared folder to append a Ruby payload
to the Vagrant project Vagrantfile config file.
2022-10-26 17:11:03 -04:00
eee8f49695
Land #17176 , Python Meterpreter AES Constants
2022-10-26 16:29:28 -04:00
13baaad30e
Update cached payload sizes
2022-10-26 14:38:06 -04:00
154edfc6f8
Land #16979 , Add in support for LDAP type decoding
...
Add in support for GUIDs, Certificate Handling, and SIDs to ldap_query Module
2022-10-26 13:49:58 -04:00
01fa2e1041
Add Vagrant Synced Folder Vagrantfile Breakout module
2022-10-26 17:33:44 +11:00
35e4d829d8
Land #17164 , add THEME_DIR option to wp_crop_rce
2022-10-25 12:23:50 -05:00
7c64b0ba93
add option in documentation and add notes
2022-10-25 12:22:00 -05:00
4624031aec
Remove errant puts
2022-10-25 10:21:47 -07:00
4979c0b74f
Add a check to the cve-2022-30333 module for Zimbra that aborts before generating artifacts if the server cannot be reached
2022-10-25 10:05:16 -07:00
3d8e18c1cb
updated module with code suggestions space-r7
2022-10-25 16:38:15 +00:00
51829c5ce9
Add in inital copy of ms_dtyp.rb library and use the definitions there to replace our custom unpack solutions with proper BinData approaches. Also rename some variables to use more appropriate names
2022-10-25 11:29:22 -05:00
982cfb97c2
Refactor: check for THEME_DIR as ternary
...
Suggested by @space-r7
2022-10-25 17:38:30 +02:00
8bc2e647eb
More updates
2022-10-25 10:14:41 -05:00
87aa5d5266
Handle attributes with whitespace better. Also handle isSingleValue correctly now for the certificate values we have at the moment
2022-10-25 10:12:37 -05:00
42463ac3b6
Rework logic so we can now only query once to retrieve the info on the attributes we are examining, instead of once per entry returned
2022-10-25 10:12:37 -05:00
78f5ae47d4
Fix up some improper practices and convert entry_list to a hash
2022-10-25 10:12:36 -05:00
a698145334
Add in better coding practices for certain elements n RuboCop the file
2022-10-25 10:12:36 -05:00
6682eff259
Add in the data type checker feature for checking the data type of attributes retrieved
2022-10-25 10:12:36 -05:00
9bef925e57
Add support for decoding password ages to time strings, Windows timestamps to time strings, and system flags to strings
2022-10-25 10:12:35 -05:00
20c07eafe7
Add support for SID decoding
2022-10-25 10:12:35 -05:00
93e53e0429
Add in support for GUIDs and certificate handling
2022-10-25 10:12:34 -05:00
3e78229fc0
updated module and documentation
2022-10-25 13:33:52 +00:00
78a4c80e33
review comment
2022-10-24 17:16:08 -04:00
9902e9a1e4
Land #17110 , check files exist before doing other things
...
Merge branch 'land-17110' into upstream-master
2022-10-24 14:20:16 -05:00
d6f27a8a71
Used vuln to remove test webshell in check method
2022-10-24 14:17:21 -04:00
3bf4bd7d7d
Land #17162 , add RCE module for CVE-2022-35914
...
This PR adds an RCE module for the php code injection
present in GLPI versions 10.0.2 and below
2022-10-24 12:18:34 -04:00
3bbd05a11a
Update modules/exploits/linux/http/glpi_htmlawed_php_injection.rb
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2022-10-24 11:48:33 -04:00
f1639797b9
Rubocop updates
2022-10-21 17:17:06 +02:00
52904b8cb6
Add support to Kerberos
...
- Add kerberos authenticator to `scanner/smb/smb_login` and the
corresponding login scanner library
- Add new options: `UseCachedCredentials` and `StoreCredentialCache`
- Add `use_cached_credentials` attribute to
Kerberos::ServiceAuthenticator::Base. This enables/disables the use of
cached Kerberos credentials from the database.
- Add `store_credential_cache` attribute to
Kerberos::ServiceAuthenticator::Base. This enables/disables storing
Kerberos TGS MIT Credential Cache to the database.
2022-10-21 16:16:10 +02:00
1c393dc596
init commit module and documentation
2022-10-21 12:50:46 +00:00
08721ccf73
Adding THEME_DIR option to wp_crop_rce exploit
2022-10-20 16:37:21 +02:00
43f7d7b73e
Land #17098 , Hikvision camera unauthenticated information disclosure
2022-10-20 16:20:12 +02:00
4cfbae63ac
Land #17114 , Add exploit for CVE-2022-41352 (zimbra cpio)
2022-10-20 15:10:42 +02:00
11936affd1
Rubocop
2022-10-19 22:07:50 -04:00
b60b440697
Check method improvement
2022-10-19 22:03:43 -04:00
adfoster-r7