7a79b8cbc2
Some fixes for Christophe's review
2022-07-26 09:24:33 -07:00
4def2e56bc
Land #16793 , Add Roxy-WI (CVE-2022-31137) Unauthenticated Command Injection RCE
2022-07-25 16:09:43 -05:00
f779f0f482
consolidate the config directory lookups
...
The user configuration directory can be overridden via environment
variables or configuration files.
In the current implementation `Msf::Config.config_directory` should be
utilized for consistent location reporting. `Msf::Config.get_config_root`
is reserved to generation of a default location and should be considered
`private` as it ignores some injected configuration options. Currently
autoloading does not allow application of the `private` keyword to this method,
requiring guidance during development that module writers should access the
full configured `user` value of `Msf::Config.config_directory`.
2022-07-25 15:27:21 -05:00
ae9932d921
Rubocop fixes, register_dir_for_cleanup instead of register_file_for_cleanup in upload_source
2022-07-25 21:31:20 +02:00
72b1dbfeee
Remove code that could cause check method to fail, fix up some documentation errors and add in scenario, and generally address some review comments
2022-07-25 13:05:04 -05:00
8b42e893b1
Update roxy_wi_exec.rb
2022-07-25 16:45:44 +00:00
24ab27bdfe
add x86 arch and additional check for response
2022-07-25 11:16:26 -05:00
eca8af4e2a
Update roxy_wi_exec.rb
2022-07-25 16:13:14 +00:00
b16da0fe92
Update roxy_wi_exec.rb
2022-07-25 16:05:20 +00:00
665bde7f60
Enforcing regex input validation on local IP.
2022-07-25 08:17:39 +03:00
88d069a77d
Add option for compiling the exploit on the target
2022-07-25 01:08:53 +02:00
a6bdc5ea29
-Validating md file with msftidy_docs.
...
-Removing global variables, and calling data stored in datastore when required.
-Calling methods or variables instead of calling terminal commands.
-Some indentations.
-Using heredocs when handling multiple strings.
-Handling the case where LHOST does not contain IP address.
2022-07-24 18:51:53 +03:00
9d3a57c2c5
Update the check method
...
Co-authored-by: bcoles <bcoles@gmail.com >
2022-07-23 02:44:26 +02:00
b4d2294255
Use vprint instead of print for some status messages, and clean up some comments
2022-07-22 10:01:27 -07:00
d63912a1b8
Use better thread synchronization methods
2022-07-22 09:59:04 -07:00
fe99eb0d0a
Whoops, better lint - needed -A instead of -a
2022-07-22 09:52:37 -07:00
e6282c3ff8
Remove win_cmd
2022-07-22 09:49:33 -07:00
f3731191a1
Add timeouts for the reverse connections using IO.select()
2022-07-22 09:45:53 -07:00
c6c745c633
ManageEngine Xnode library changes and some docs/module adjustments after code review
2022-07-22 16:06:21 +03:00
bc0b27e1e2
Apply suggestions from code review
...
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com >
2022-07-22 12:58:46 +00:00
fc3b08fb8b
Apply suggestions from code review
...
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com >
2022-07-22 12:51:40 +00:00
37f1fdd47b
Add module docs, add Ubuntu 22.04 offsets, update check method
2022-07-22 03:30:03 +02:00
e0a5bfd7b3
remove opts used for debugging
2022-07-21 18:50:23 -05:00
abe90c1089
Land #16668 , HTTP Crawler: don't expect page object for msg
2022-07-21 18:35:35 -05:00
e1b0e871b3
add finished module and docs
2022-07-21 18:33:56 -05:00
e91beedc4a
Rubocop fixes
2022-07-21 17:01:56 -05:00
8c729e8414
Add Comm
2022-07-21 08:58:28 -07:00
ebe61b50a7
Fixed parameter quotes
2022-07-21 12:25:29 +00:00
d23c175f28
Added AutoCheck and CmdStager
2022-07-21 11:39:58 +00:00
73db035e57
Add more offsets to the exploit, clean up the exploit C source, add check method
2022-07-21 01:22:20 +02:00
ecf8434f32
Land #16778 , Deprecate checkvm script and update checkvm post module
2022-07-20 17:51:01 -05:00
09ffd7f115
Add in missing features from checkvm script to post/windows/gather/checkvm.rb
2022-07-20 17:21:58 -05:00
e316693bdc
Lint
2022-07-20 13:39:20 -07:00
09c1cf4308
Fix the CRC32 errors in the RAR file
2022-07-20 12:34:10 -07:00
fe2e413426
Add exploit for CVE-2022-34918
2022-07-20 13:51:22 +02:00
a5cb271b21
add initial module work
2022-07-19 17:25:57 -05:00
2974f55126
Better description and more random
2022-07-19 14:18:11 -07:00
3401752fa7
Check in the unrar module for cve-2022-30333
2022-07-19 14:05:15 -07:00
a7b379f292
Fix up check code segment that would never be reached due to if/else statement above
2022-07-19 16:03:44 -05:00
59ea337c6b
Fix up CVE format, add in Notes section
2022-07-19 15:58:11 -05:00
336a1feaf7
Fix up naming of module and documentation and fix most of the RuboCop and formatting errors
2022-07-19 15:44:52 -05:00
d2769ef82b
Add Roxy-WI exec
2022-07-19 21:08:45 +03:00
28c3dd5739
A SCADA scanner module for BACnet protocol.
...
The scanner discovers BACnet devices on the network by broadcasting
Who-is packets, extracts model name, software version, firmware
revision and description from the discovered devices by sending
specific read-property packets. After parsing the data the module saves
it to a local xml file.
Because devices can be nested, every address can have multiple devices.
2022-07-19 17:02:35 +03:00
ebb15ee9e7
Land #16598 , Add in LDAP Query Module
2022-07-19 09:51:00 -04:00
e3e6afbaa3
Land #16753 , ms03_007_ntdll_webdav: Cleanup and add additional offsets
...
Merge branch 'land-16753' into upstream-master
2022-07-19 08:48:06 -05:00
2eaccd657f
Use an OptPath for QUERY_FILE_PATH
...
This adds tab completion and an extra check to make sure it exists.
2022-07-19 09:48:03 -04:00
dcd4caf977
Remove excess error handling that was causing issues
2022-07-19 08:10:53 -05:00
cf54762191
Initial commit of CVE-2022-30526 LPE
2022-07-19 03:29:11 -07:00
2af8042bfa
Land #16761 , clean up ms01_023_printer
...
Adds additional offsets for various Windows 2000 targets.
Replaces raw socket TCP with HttpClient. This works fine in testing.
Fixes default payload, adds docs and notes.
2022-07-16 17:56:59 -04:00
adecb0d94b
Merge branch 'master' into ms02_065_msadc
2022-07-16 17:26:23 -04:00
Ron Bowes