f7c271aaf4
Add in fixes from Spencer's quick initial review of module to address typos and proper check code return values
2022-03-25 14:14:56 -05:00
e82c25841c
RuboCop module to pass tests
2022-03-25 12:45:00 -05:00
561c5d513e
Update module's on_new_session code
2022-03-25 12:16:44 -05:00
840d26aa2d
Added module to enumerate through chocolatey applications
2022-03-25 13:13:15 -04:00
6bc0032c8d
Use SSH defaults
...
- Merge ssh defaults
- Remove options equals to default
2022-03-24 22:52:15 +01:00
8e73710843
Add in on_new_session method to do automatic cleanup with supported session types. Think this is only Meterpreter at the moment
2022-03-24 14:36:29 -05:00
bf88b7f618
Land #16325 - Replace IO read on binary files with File binread
2022-03-24 10:08:40 -05:00
e5c0259723
Add CREATE_BREAKAWAY_FROM_JOB flag to source files related to DLL generation, update the exploit source to denote how to clean up in case the payload can't clean up
2022-03-23 19:38:32 -05:00
b1ce05f97c
Add in updated Ruby code and also update the DLLs and prepend_migrate.rb to use the CREATE_BREAKAWAY_FROM_JOB flag with CreateProcess to break away from the job if the job has the JOB_OBJECT_LIMIT_BREAKAWAY_OK limit set to allow breakaway jobs
2022-03-23 17:47:25 -05:00
ff77ff0d11
Fix RuboCop issues with ubiquiti_config.rb
2022-03-23 11:32:45 -05:00
014c98acd8
Land #16369 , fix upgrading meterpreter sessions with shell_to_meterpreter
2022-03-23 07:15:55 +00:00
03d645016c
Land #16250 , Update service mixins for NAT options
2022-03-23 00:13:20 +00:00
964f78fc69
Land #16341 , Implement VNC hash types
2022-03-22 17:00:02 -05:00
5bbde5bb81
Land #16367 , Fix character escaping in the apisix exploit
2022-03-22 14:04:07 -05:00
02c616a29e
Land #16207 , Fix VNC scanner modules and libraries to make them work in 2022
2022-03-22 13:40:29 -05:00
b54cfee665
Open a new Meterpreter session when trying to upgrade Meterpreter
2022-03-22 14:08:25 +00:00
fd2d1c0784
Add and use the ListenerComm option for SOCKS
2022-03-22 09:23:09 -04:00
86aed4928e
Add the HttpListenerBindPort to the log4shell exploit
2022-03-22 09:06:22 -04:00
6ec530a5ee
Improve some error handling
2022-03-21 15:22:00 -04:00
49aff227c5
Fix character escaping in the apisix exploit
2022-03-21 15:06:03 -04:00
12c2d6ff7b
Apply rubocop updates to dns/native_spoofer
2022-03-21 14:02:43 -04:00
6abe2516d6
Update the module to use the Dnsruby API
2022-03-21 13:59:27 -04:00
024da204d1
Land #16353 , respect ssl_version in crawler
2022-03-21 12:24:38 -05:00
715082a960
Update exploit and module with new delay timing and latest copy of DLL
2022-03-21 12:05:48 -05:00
a739083db9
Readd the missing SocketServer mixin for SMB
2022-03-21 11:51:10 -04:00
929e5d5e76
Update the SMB capture module with new options
2022-03-21 11:47:56 -04:00
bbf9e3163a
Fix file reads on Windows for binary files
2022-03-21 12:47:39 +00:00
ccdc2db9e7
Land #16309 , Catch an exception in ssh_login
...
The ssh_login module would crash when the channel used to execute the
commands to gather the platform information reported that they failed.
2022-03-17 16:41:47 -04:00
da1e4853b8
Land #16317 , Free UDP ports after use
2022-03-17 16:39:09 -04:00
acf3906953
Add another instance of missing error handling
2022-03-17 16:07:31 -04:00
1bfc0feedb
Remove default options from HttpUsername and HttpPassword as blank strings are still considered setting the option when it comes to OptString, and this leads to falsely assuming the strings are set by the user when they are not
2022-03-17 11:29:06 -05:00
6ee0ef0c8a
Add in appropriate warning message in case we hit a snag, might help people out who hit a similar issue. Issue is highly tempermental and sometimes goes away for no reason so its hard to pin down but logging in this way should help. I tried doing things manually in code but it didn't seem to help and I don't want to block the code from working on something like this.
2022-03-17 11:29:05 -05:00
ce062973cb
Make changes from review process, redo code for module to make it make less requests, and generally improve overal operations.
2022-03-17 11:29:05 -05:00
1f53e9d1c4
Rubocop and fix a mistake on commenting too much of the code out from testing
2022-03-17 11:29:00 -05:00
269cd5cfed
Add in Exchange Version mixin and module example
2022-03-17 11:28:53 -05:00
0f2813f70c
Update module and documentation for edits found whilst doing final pass of code
2022-03-16 16:55:03 -05:00
e678615f27
Fix items from code review
2022-03-16 16:54:38 -05:00
33e12bf06f
Correct CVE number, comments and documentation
2022-03-16 16:54:24 -05:00
b745a24a9d
Random payload && TARGETURI option
2022-03-16 16:54:15 -05:00
7c806a8723
Add auxiliary module for DOS IIS Server
2022-03-16 16:53:59 -05:00
40c422cdf7
Close NBNS, mDNS and LLMNR sockets when their modules are complete
2022-03-17 08:12:26 +11:00
972c260969
Fix double dereference by moving DNS cleanup into separate function, and force to run as job.
2022-03-17 08:12:25 +11:00
c3445ccb6f
respect ssl_version in crawler
...
When utilizing `Anemone` to crawl pages using `Rex` sockets
Framework common `SSL` settings can pull from standardized options.
This change enables more fine grained user control and avoids issues
with missing or deprecated SSL versions in newer Ruby versions.
2022-03-16 14:24:45 -05:00
b4de9fa92a
Land #16344 , Add module for CVE-2022-21999 and More Railgun Definitions
...
Merge branch 'land-16344' into upstream-master
2022-03-16 08:37:05 -05:00
381b91de45
change wording in arch check
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2022-03-15 16:45:36 -05:00
e96ec401bf
add arch check, fix logic error, add aka note
2022-03-15 12:58:39 -05:00
4dd7fc60e6
Land #16324 , Fix broken DNS native_server
2022-03-15 09:06:03 -04:00
c936c45167
Land #16186 , Add Python Meterpreter Command Payloads
...
Merge branch 'land-16186' into upstream-master
2022-03-14 17:29:03 -05:00
99664efed7
use full user name, add test output to docs
2022-03-14 09:15:36 -05:00
a959725f7c
implement vnc hash types
2022-03-13 13:27:38 -04:00
Grant Willcox