75d137fce5
Rubocop and add todo to printnightmare
2022-05-16 14:56:46 -04:00
19a9ff1198
Update a couple of modules for the new SMB server
2022-05-16 14:39:45 -04:00
edd977165c
Revert option changes for the capture NTLM provider
2022-05-16 14:39:45 -04:00
b79b550d6c
Centralize the log adapter
...
This should eventually be updated to map the levels to the framework
logger and appropriate module-print_* function.
2022-05-16 14:39:45 -04:00
7c15b144c4
Update the SMB capture server
2022-05-16 14:39:44 -04:00
906fdd6a05
Update the MSSQL capture module
...
Remove the apparently unused reference to the SMB server mixin.
2022-05-16 14:39:44 -04:00
475f6eee8c
Capture hash when serving files over SMB
2022-05-16 14:39:44 -04:00
879591f686
Land #16499 , Specify peer hostname for SNI
2022-05-16 14:21:57 -04:00
0196b6fa75
Land #16555 , move duplicated retry_until_truthy code into centralized location
2022-05-16 18:31:57 +01:00
f9a5d8285a
Use the retry mixin for printnightmare
...
This module gets disconnected from the named pipe. Use the new retry
mixin to avoid waiting for a standard delay.
2022-05-16 09:53:57 -04:00
db694efd36
Improve relative redirect handling
2022-05-16 12:03:24 +01:00
133b9e307a
Land #16563 , Zyxel Firewall Unauthenticated Command Injection (CVE-2022-30525)
2022-05-13 18:55:30 -05:00
2eb31cf765
Add in edits from review
2022-05-13 15:32:12 -05:00
8b502d074f
vcenter_offline_mdb_extract aux module
...
Add new aux module vcenter_offline_mdb_extract for extracting IdP
credentials, certificates and keys from a vCenter backup file.
Added module documentation.
2022-05-13 15:57:59 -04:00
ecec8a5993
Clean up unrelated files.
2022-05-13 15:53:40 -04:00
1fe04caadd
Land #16406 , Create get_bookmarks.rb
...
Merge branch 'land-16406' into upstream-master
2022-05-13 13:42:31 -05:00
1aceb71971
Rename the function to emphasize truthy
2022-05-13 09:16:01 -04:00
739c0fcad1
Specify peer hostname for ssl connections
2022-05-13 13:55:43 +01:00
c0c02e56ba
Land #16430 , Improve kerberos user enum module
2022-05-13 12:17:26 +01:00
6a1fe27406
Land #16442 , add vars_form_data to the HTTP client
2022-05-13 10:53:16 +01:00
934f193dc0
Land #16484 , Add vcenter_forge_saml_token aux module
...
Merge branch 'land-16484' into upstream-master
2022-05-12 17:36:20 -05:00
23f8a0b915
Added Zyxel advisory. Added AKB reference. Used xpath as requested.
2022-05-12 07:17:37 -07:00
f3b23c072f
Added a reference to Rapid7 disclosure
2022-05-12 06:33:27 -07:00
24fa9aabe0
Fixed privilege flag. Swapped 'exploit' for 'command' in a couple of places
2022-05-12 06:24:33 -07:00
d210d2fd2b
Land #16544 , Update ad_to_sqlite to store loot
2022-05-12 13:09:54 +01:00
4af93ecfe2
Updated affected
2022-05-12 03:22:21 -07:00
617b4ae044
Initial commit of Zyxel unauth command injection (CVE=2022-30525)
2022-05-12 01:43:59 -07:00
93334b56ef
Properly credit Azeria and also include blog post at her request
2022-05-11 18:43:27 -05:00
8dbd6f3334
Change default target to 1 so we get benefit of avoiding some timeout issues since Unix Command may still cause server's REST API to time out at times.
2022-05-11 16:43:37 -05:00
196aac6b42
Add in PrependFork and MeterpreterTryToFork options as default to fix timeout issues and potential failure cases due to server not responding
2022-05-11 16:43:36 -05:00
27169c4ae1
Add in missing CmdStager library, add some more attribution, and add in PoC link
2022-05-11 16:43:36 -05:00
6354d7a055
Redo explanation of exploit in documentation to appropriately account for various nuances. Also update exploit title and description accordingly.
2022-05-11 16:43:36 -05:00
1bc2616c19
Update modules/exploits/linux/http/f5_icontrol_rce.rb
...
Co-authored-by: wvu <4551878+wvu@users.noreply.github.com >
2022-05-11 16:43:13 -05:00
208367d735
Improved check method reliability
...
Extra modifications:
- Promote advanced options HttpUsername and HttpPassword
- password is not really necessary, but if one have credential, can
use this module as an exec
- Fixed print statement on check
- Splitted execute_command in two, because we also send a command on the check
methods, however we don't need the checks that are in the execute_command
2022-05-11 16:43:12 -05:00
55163b86d6
Improvements
...
- Change module name and description
- Added author from the PoC
- Added reference
- Added payloads, targets and notes
- Removed headers used during the tests
2022-05-11 16:43:11 -05:00
77f60eb21e
Added module and documentation for f5 icontrol RCE (CVE-2022-1388)
2022-05-11 16:43:00 -05:00
05fcbd803e
Add a new Retry mixin
2022-05-11 15:41:37 -04:00
535a6e752d
Update get_bookmarks.rb
...
style changes made
2022-05-11 14:29:36 -04:00
e4f42d7eaa
Update more modules to use the vars_form_data api
2022-05-11 18:18:21 +01:00
03d658c28d
Update get_bookmarks.rb
...
style changes
2022-05-11 13:14:05 -04:00
606669e7cf
Update modules/post/windows/gather/get_bookmarks.rb
...
Skip symbols for current and parent dir
Co-authored-by: Brendan <bwatters@rapid7.com >
2022-05-11 12:59:47 -04:00
1c934b87b4
Land #16169 , Add sploit for Cisco RV340 SSL VPN - CVE-2022-20699
2022-05-11 10:15:08 -05:00
68fdb103fe
Add in final touch ups to documentation to fix a typo or two for formatting. Also update exploit ranking since this exploit doesn't retrieve version information before exploiting and is not 100% reliable so Excellent ranking isn't appropriate
2022-05-11 09:39:47 -05:00
f5df9b500d
Update to include Internet Explorer
2022-05-10 18:13:22 -04:00
b920c04b75
Land #16548 , Add Powershell Command Adapter
2022-05-10 16:47:57 -05:00
d5fb559e05
Land #16485 , Allow all post-Vista builds
2022-05-10 10:32:09 -04:00
92715c883f
Land #16423 , Add module for exploit CVE-2022-22965
...
Merge branch 'land-16423' into upstream-master
2022-05-10 08:44:06 -05:00
94e1ad3fe5
Update form data api defaults
2022-05-10 14:12:17 +01:00
e48624558a
Set the UUID arch and platform correctly
2022-05-09 11:55:57 -04:00
dd5aee4956
Increase the size of psexec commands
2022-05-09 11:55:57 -04:00
Spencer McIntyre