d3e7152954
Changes from code review
2022-07-08 11:47:54 +10:00
2f7cf90b7f
mixin didn't work with linux_dropper payload
...
- Fixed exception handling variable attribution
- Tried to change JavaDeserialization Util to JavaDeserialization mixin
instead
- Changed the fail reason when the connection is unsuccessful
2022-07-08 02:30:26 +02:00
f958b0a053
Land #16738 , correct CVE/lint for weblogic module
2022-07-07 18:08:13 -05:00
46b5092be4
Make Rubocop happy, and improve error handling
2022-07-07 16:07:10 -07:00
52ac281991
change wording in fail_with()
2022-07-07 18:05:56 -05:00
3a9feac1cf
Finish up the first draft of the module, which seems to work decently
2022-07-07 14:22:37 -07:00
4da72a9b01
Land #16735 , Fix defaults for aerohive module
...
This change sets the MeterpreterTryToFork advanced
payload option to true by default for the Linux target
in the aerohive_netconfig_lfi_log_poison_rce module.
2022-07-07 16:21:56 -04:00
966d469aa5
Continuing cleanup
2022-07-07 12:57:34 -07:00
f9664575c5
Working payload
2022-07-07 10:57:41 -07:00
6db340508f
Land #16703 , add Censys API v2 functionality
...
This PR updates the censys_search.rb module to also
make use of the v2 API functionality
2022-07-07 13:09:31 -04:00
d785e90bd9
Get the full exploit working, except for a hardcoded payload
2022-07-07 09:58:07 -07:00
3f63f9fcd1
ms02_065_msadc: Cleanup and add additional offsets
2022-07-08 00:26:02 +10:00
7d32338702
remove ARTIFACTS_ON_DISK from weblogic_deserialize_asyncresponseservice notes
2022-07-07 05:26:59 -07:00
7d111938d5
ms03_007_ntdll_webdav: Cleanup and add additional offsets
2022-07-07 20:31:57 +10:00
b2eb348d94
Added WinRM using Kerberos, including encryption
2022-07-07 13:17:09 +10:00
debf619968
Land #16733 , add dfscoerce scanner module
2022-07-06 18:18:00 -05:00
fa8d109f65
Add the incomplete version of CVE-2022-28219 module to msf
2022-07-06 15:57:13 -07:00
3d13dab11e
Update jenkins_script_console.rb
2022-07-06 19:08:38 +02:00
aea37f7137
Add initial SMB Kerberos authentication support
2022-07-06 16:15:33 +01:00
5db741550b
Update jenkins_script_console.rb
...
Modern Java disabled the sun.misc.BASE64Decoder class so exploit will fail on any newer version of Jenkins.
The java.util.Base64 class should be used now; the change has been confirmed to work with the latest version of Jenkins (the current exploit silently fails).
2022-07-06 15:16:01 +02:00
a8c2b3bdff
Initial exploit for CVE-2022-23642
2022-07-05 16:58:22 -04:00
f7209bfc75
Land #16724 , Modernize ms01_026_dbldecode
...
Use HttpClient; remove meterpreter code; fix stager
2022-07-05 09:36:58 -04:00
50ca5f0ce2
Add description
2022-07-05 00:25:07 +02:00
066d01b7b2
Rework censys_search module to use Censys Search API v2
2022-07-04 17:19:16 +02:00
789397a445
citrix_netscaler_config_decrypt tweaks
...
Minor code tweaks and updates to documentation
2022-07-03 08:21:58 -04:00
04aa05faa2
ms01_026_dbldecode: Use HttpClient; remove meterpreter code; fix stager
2022-07-03 18:22:55 +10:00
8bd0be9837
msftidy pass.
2022-07-02 19:43:41 +02:00
f2419785ba
implemented certificates search as an option.
2022-07-02 19:02:25 +02:00
0ea033be55
Add module for jboss remoting unified invoker RCE
2022-07-01 21:39:42 +02:00
8094c67465
switch to hash, reorder args
2022-07-01 13:05:38 -05:00
b21abbfb18
address review
...
includes using python on target for yescrypt
support, not failing on unsupported hash types,
documentation updates, etc
2022-07-01 12:56:44 -05:00
e1e6089e25
Update modules/post/linux/gather/mimipenguin.rb
...
Co-authored-by: bcoles <bcoles@gmail.com >
2022-07-01 12:56:44 -05:00
4557c86fbb
Update modules/post/linux/gather/mimipenguin.rb
...
Co-authored-by: bcoles <bcoles@gmail.com >
2022-07-01 12:56:44 -05:00
555b2a394c
Update modules/post/linux/gather/mimipenguin.rb
...
Co-authored-by: bcoles <bcoles@gmail.com >
2022-07-01 12:56:44 -05:00
9b50612b84
Update modules/post/linux/gather/mimipenguin.rb
...
Co-authored-by: bcoles <bcoles@gmail.com >
2022-07-01 12:56:43 -05:00
be61ad0171
Update modules/post/linux/gather/mimipenguin.rb
...
Co-authored-by: bcoles <bcoles@gmail.com >
2022-07-01 12:56:43 -05:00
49818b41ab
Update modules/post/linux/gather/mimipenguin.rb
...
Co-authored-by: bcoles <bcoles@gmail.com >
2022-07-01 12:56:43 -05:00
69342f5431
add docs and mixin
2022-07-01 12:56:43 -05:00
0cb1b5b56f
fail on unsupported hash types
2022-07-01 12:56:43 -05:00
73f6d1ab87
check all processes, handle unsupported hash types
2022-07-01 12:56:42 -05:00
045d9f7645
get adjacent regions, add method for addr format
2022-07-01 12:56:42 -05:00
bcc45b1a9c
check more regions
2022-07-01 12:56:42 -05:00
47f8d3acae
rename tlvs, add improvements
2022-07-01 12:56:42 -05:00
6c6ad38b7a
hash text and test against passwords
2022-07-01 12:56:42 -05:00
075a40eb27
search adjacent regions, add processes
2022-07-01 12:56:41 -05:00
6e8016541a
add initial code for module
2022-07-01 12:56:41 -05:00
8c3d7ff42f
Rename Thrift related definitions
...
These definitions are only used by one exploit. BinData registers the
class name globally meaning that the Header and Data types were being
defined here which conflicted with those needed for Kerberos.
2022-07-01 11:56:55 -04:00
b40dd95d4f
Land #16723 , Add FreeSwitch Login auxiliary module
2022-07-01 16:57:34 +02:00
9de7411723
Land #16704 , Fix bad loop terminator checks and data checks in memcached_extractor.rb
2022-07-01 16:36:56 +02:00
48598b8c5b
correct CVE and add linting for weblogic_deserialize_asyncresponseservice
2022-07-01 10:27:51 -04:00
Ashley Donaldson