65aae010ce
more libs for moodle and teacher priv esc to rce module
2021-09-04 13:31:11 -04:00
80dc8b9502
add elfinder module
2021-09-03 18:26:18 -05:00
99352ad107
Move methods from lfs.rb, fix fail_with types
2021-09-03 16:17:35 -05:00
93aea73939
Update modules/exploits/windows/http/git_lfs_rce.rb
...
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2021-09-03 16:17:35 -05:00
5294c714aa
Fix spacing
2021-09-03 16:17:35 -05:00
f9c4c35431
Update the target_suitable? method
2021-09-03 16:17:35 -05:00
ba64dce5b7
Rubocop offenses
2021-09-03 16:17:30 -05:00
3c43bd409d
Added docs an Git User-Agent FP
2021-09-03 16:15:39 -05:00
514a37ef2f
Removed unecessary gem file + rubocop
2021-09-03 16:15:39 -05:00
21d99a74fb
beta commit
2021-09-03 16:15:38 -05:00
c0e81acc92
Add missing python3 shebang
2021-09-03 19:58:46 +01:00
ad2cc6a1fe
Fixed Module logic
2021-09-03 12:55:52 -05:00
e62f5e3011
Update documentation to reflect latest changes and update module to check files exist and bail if they don't, including when uploading a custom image
2021-09-03 12:55:45 -05:00
059198095a
First round of edits to module from review process
2021-09-03 12:55:44 -05:00
817904a916
Add Geutebruck Post Exploitation Module
2021-09-03 12:55:39 -05:00
142526904a
Moved command shell creation across to winrm_login, rather than winrm_cmd
2021-09-03 13:34:07 +10:00
41690d6e1d
Linting again
2021-09-02 17:33:57 +01:00
f336f7a4d6
Removed global vars & Fixed linting
2021-09-02 17:30:18 +01:00
5138e1c7d3
Remove extra invocation of prepend_db_passwords
2021-09-02 11:57:38 -04:00
dd86907b17
Move the prepend_db calls into the mixin
2021-09-02 11:57:38 -04:00
2db16478b1
Switch to PrivateCredentialCollection
...
These module should be using the PrivateCredentialCollection.
2021-09-02 11:57:38 -04:00
5d443b9409
Update AuthBrute modules
...
This updates existing modules that use the AuthBrute mixin to use the
new build_credential_collection API to consistently handle the new
option.
2021-09-02 11:57:38 -04:00
a76eb67d89
Add the DB_SKIP_EXISTING option
2021-09-02 11:57:36 -04:00
2981e23d0a
Initial DB_SKIP_EXISTING option
2021-09-02 11:56:53 -04:00
112f43f798
Consolidate module argument parsing for ensuring consistency
2021-09-02 13:00:02 +01:00
134fef21c4
Improve validation rhosts validation
2021-09-02 13:00:01 +01:00
b50a1aa988
Moved reusable functionality into separate file
2021-09-02 21:58:07 +10:00
a530336630
Fix segfault apparently caused by using the Rex HTTP client in a finalizer
2021-09-02 19:08:25 +10:00
1138a5bba7
Better messages in the session info table
2021-09-02 17:31:57 +10:00
fdfac2212f
Cleanup up old socket-based approach
2021-09-02 16:58:07 +10:00
f16d91f8b4
Coerce failure immediately on bad password when setting up a session
2021-09-02 15:00:48 +10:00
6648a47ce7
Check stdin repeatedly
2021-09-02 13:23:26 +10:00
77dff0fc13
working admin shell
2021-09-01 17:49:17 -04:00
3580920dde
moving more to libs
2021-09-01 17:36:38 -04:00
5742e1c20e
Add DFLAG_BIG_CREATION to capability flags
...
I have been having trouble with this module (and other projects) using the included set of capability flags (0x3499c) on a specific host. I took some time to analyze the problem and it appears to be with the included flag set. In my case (and I suspect others'), the target node was rejecting the client with "not_allowed". After testing I found that simply adding DFLAG_BIG_CREATION (0x40000) allowed this exploit to work, both on the host I was having trouble with, and an older one where this (unmodified) exploit was working. Breakdown of flags is below.
```
0x0007499c == 0b0000 0000 0111 0100 1001 1001 1100
| ||| | | | | | ||-- DFLAG_EXTENDED_REFERENCES
| ||| | | | | | |-- DFLAG_DIST_MONITOR
| ||| | | | | |-- DFLAG_FUN_TAGS
| ||| | | | |-- DFLAG_NEW_FUN_TAGS
| ||| | | |-- DFLAG_EXTENDED_PIDS_PORTS
| ||| | |-- DFLAG_NEW_FLOATS
| ||| |-- DFLAG_SMALL_ATOM_TAGS
| |||-- DFLAG__UTF8_ATOMS
| ||-- DFLAG_MAP_TAG
| |-- **DFLAG_BIG_CREATION**
|-- DFLAG_HANDSHAKE_23
```
2021-09-01 10:45:41 -07:00
0e0e3bbcfb
Land #15603 , Add Geutebruck CVE_2021_335XX command injection module
2021-09-01 10:59:22 -05:00
ded8200396
Land #15537 , Add support for ruby 3
2021-09-01 10:30:54 +01:00
b78b7413ef
Use stdin rather than separate commands
2021-09-01 17:05:42 +10:00
ff50a94348
Land #15567 , Add in Exploit for CVE-2021-3490
...
Merge branch 'land-15567' into upstream-master
2021-08-31 18:46:25 -05:00
d83ede6306
Fix up some check method issues and some XML data validation issues identified during review
2021-08-31 18:25:01 -05:00
5599929b6a
Fixed Randomization
2021-08-31 18:25:00 -05:00
0a57641aa4
Add in documentation and module code cleanness improvements and also make the output easier for readers to understand should something fail midway through.
2021-08-31 18:24:57 -05:00
cd74e34e3c
Fixed Authors
2021-08-31 18:24:51 -05:00
b5b0b3087a
Fixed References and Description
2021-08-31 18:24:50 -05:00
56cde3eaba
Add Geutebruck CVE_2021_335XX command injections module
2021-08-31 18:24:14 -05:00
5e17074259
moodle_teacher_enrollement_priv_esc working but not full exploit chain
2021-08-31 16:52:08 -04:00
488f58a068
Attempt to fix RuboCop errors
2021-08-31 15:36:00 -05:00
3bca3b0bcb
Update exploit code to use & after the command to execute as root so it executes in the background and doesn't hang Metasploit. Also update the logic of the code to check the response from executing the exploit and respond accordingly and update the documentation to match
2021-08-31 15:07:37 -05:00
33da289a9c
Print stderr when it's not blank
2021-08-31 09:18:11 -04:00
3192f9b4f7
Neatness improvements
2021-08-31 22:30:31 +10:00
h00die