9cc17095d4
Land #15282 , CVE-2019-15975 Cisco DCNM auth bypass
2021-06-24 11:59:21 -04:00
3c7d96695e
Land #15349 , add rConfig vendors auth rce
2021-06-24 10:43:18 -05:00
fe6b725d3f
Update the documentation and fix a couple of bugs
2021-06-24 11:19:26 -04:00
5ac025477a
parent e7983c3b6f
...
author Yann Castel <yann.castel@orange.com > 1622466490 +0200
committer Spencer McIntyre <Spencer_McIntyre@rapid7.com > 1624547674 -0400
Add an exploit for CVE-2019-15975 (Cisco DCNM)
add documentation
passed rubocop
edit documentation
set ssl to true by default
edit documentation
rubocop again
int return code was replaced by symbols
Update modules/auxiliary/admin/networking/cisco_dcnm_auth_bypass.rb
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com >
rubocop ok
various changes
Update modules/auxiliary/admin/networking/cisco_dcnm_auth_bypass.rb
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com >
Update modules/auxiliary/admin/networking/cisco_dcnm_auth_bypass.rb
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com >
various changes 2
various changes
Update modules/auxiliary/admin/networking/cisco_dcnm_auth_bypass.rb
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com >
adding some guards + module notes
2021-06-24 11:19:25 -04:00
9f864df5f1
use Rex::Version instead of Gem::Version
2021-06-24 10:14:17 -05:00
df1faf85ff
rename files, change version check, use cookie jar
2021-06-24 09:47:38 -05:00
c3d4bb42bd
Land #15358 , use valid python binary in sshexec
2021-06-22 16:15:36 -05:00
fc509644e7
Fix bug 15218 authentication issue in ssh_login_pubkey
2021-06-22 11:19:01 +10:00
fe41a6b518
Land #15350 , fix shellcode_inject module
2021-06-21 09:03:26 +01:00
27954cc4ae
update checkvm module to include system specific mixin
2021-06-20 10:34:18 +05:30
b85031ff6a
Fallback to Python3 in sshexec when it's available
2021-06-18 13:35:23 -04:00
211bf4351d
adding delay option
2021-06-18 11:32:15 +02:00
1d2e3212d3
using MIME + added some guards
2021-06-18 10:43:30 +02:00
7781d9ff1e
Update modules/exploits/linux/http/rconfig_authenticated_rce.rb
...
Co-authored-by: Jeffrey Martin <jeffrey_martin@rapid7.com >
2021-06-18 10:22:11 +02:00
1e7737f8b4
Update modules/exploits/linux/http/rconfig_authenticated_rce.rb
...
Co-authored-by: Jeffrey Martin <jeffrey_martin@rapid7.com >
2021-06-18 10:17:52 +02:00
f4bd18c5a3
Update modules/exploits/linux/http/rconfig_authenticated_rce.rb
...
Co-authored-by: Jeffrey Martin <jeffrey_martin@rapid7.com >
2021-06-18 09:21:00 +02:00
397c9ef140
Land #15333 , Cisco HyperFlex File Upload RCE
2021-06-17 13:40:39 -04:00
dadc59ebbe
Added changes requested by @smcintyre-r7
...
- Updated default port number to match documentation
- Updated the str append to '<<'
- Fixed issue with the login scanner returning false positives
- Removed rank from login scanner
- Removed Custom Executable target in favor of EXE::CUSTOM
- Moved the X3Crypt code out of the exception block
- Added additional checks to the exploit module, the same that were made in login_scanner
- Changed the check function to produce the proper return 'CheckCode' values
2021-06-17 12:39:17 -05:00
281fce0c94
Cisco HyperFlex File Upload RCE module
...
beta draft
RCE working with linux/x64/meterpreter_reverse_tcp
rubocop
Updated title, removed newlines
Responded to comments
Rubo cop offenses
Update documentation/modules/exploit/linux/http/cisco_hyperflex_file_upload_rce.md
Co-authored-by: wvu <wvu-r7@users.noreply.github.com >
Update modules/exploits/linux/http/cisco_hyperflex_file_upload_rce.rb
Co-authored-by: wvu <wvu-r7@users.noreply.github.com >
Update modules/exploits/linux/http/cisco_hyperflex_file_upload_rce.rb
Co-authored-by: wvu <wvu-r7@users.noreply.github.com >
Update modules/exploits/linux/http/cisco_hyperflex_file_upload_rce.rb
Co-authored-by: wvu <wvu-r7@users.noreply.github.com >
Update modules/exploits/linux/http/cisco_hyperflex_file_upload_rce.rb
Co-authored-by: wvu <wvu-r7@users.noreply.github.com >
Responded to comments
Rubocop offenses
Added support for Java Dropper
Made changes to Linux Dropper
Rubocop
Improved check method, changed to default staged paylod, removed TODO
Switched to single-quoted strings
2021-06-17 12:38:47 -04:00
cc1abe9d1b
adding generic process mixin to the windows process mixin
2021-06-17 21:24:13 +05:30
8598183e98
add process mixin in the modules which required it
2021-06-17 20:46:04 +05:30
c055b1100b
fix shellcode_inject module
2021-06-17 18:51:49 +05:30
dca4f3f471
fix download link
2021-06-17 15:19:42 +02:00
0fda6b348d
initial commit
2021-06-17 15:15:59 +02:00
3a9a16f296
Update modules/exploits/x3/x3_adxsrv_auth_bypass_cmd_exec.rb
...
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com >
2021-07-08 11:01:51 -05:00
3825b39195
Merge branch 'rapid7:master' into SageX3-CVE-2020-7388
2021-07-07 19:44:25 -05:00
fa98e9a3a4
Made a number of changes according to review: https://github.com/rapid7/metasploit-framework/pull/15400
...
- Renamed exploit module to x3_adxsrv_auth_bypass_cmd_exec.rb
- Changed print_bad to fail_with
- Updated Name in module to reflect the auth bypass element
- Updated the rand number generation
- Added error checking to adxdir function return value
- Changed payload variable name -> sage_payload
2021-06-16 14:07:49 -05:00
5ee429fc01
Update modules/exploits/x3/x3_adxsrv_cmd.rb
...
Co-authored-by: bcoles <bcoles@gmail.com >
2021-07-07 18:54:15 -05:00
15a197b368
Update modules/exploits/x3/x3_adxsrv_cmd.rb
...
Co-authored-by: bcoles <bcoles@gmail.com >
2021-07-07 18:50:47 -05:00
e40b98c5f2
added robocop -a'd files
2021-07-07 12:31:05 -05:00
21446c8455
added Sage X3 modules
2021-07-07 11:14:23 -05:00
62f9d15ba3
Land #15314 , Add Exploit for CVE-2021-31181 (SharePoint RCE)
2021-06-16 10:39:49 -05:00
f243bb1d78
Updated gavazzi_em_login_loot: added CVE
...
added CVE
2021-06-16 15:24:15 +02:00
d6de658709
fixed reference url
...
fixed reference url
2021-06-16 10:57:13 +02:00
67406e71e4
WordPress wpDiscuz Unauthenticated File Upload Vulnerability
2021-06-15 14:15:30 +02:00
464dcdf578
Land #15239 , ipfire <= 2.25 Core Update 156 pakfire.cgi Authenticated RCE
2021-06-14 18:01:24 -05:00
f58bbc236f
Land #15319 , Fix a localization issue
2021-06-14 16:42:19 -04:00
537a7763f5
Land #15337 , Update apache_activemq_upload_jsp.rb to fix missing checks and add missing slashes to some requests
2021-06-14 15:28:40 -05:00
5b274770ef
Update exploit code to add missing slashes to certain important parts of the code where the exploit might fail if a custom path is supplied, and also improve the error handling in the code overall
2021-06-14 15:02:38 -05:00
7c597b4ca2
define error_token as a random alphanumeric string
2021-06-14 23:32:44 +05:30
622e82cf44
Update modules/post/windows/gather/enum_hyperv_vms.rb
...
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com >
2021-06-14 23:23:12 +05:30
59928bf941
Update modules/post/windows/gather/enum_hyperv_vms.rb
...
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com >
2021-06-14 23:23:04 +05:30
fb0e0f88a9
Land #15215 , HashiCorp Nomad exec RCE
2021-06-14 17:49:36 +01:00
1789c7b070
Adding notes to Nomad Module
2021-06-14 10:39:23 -05:00
d1be69eae6
Implement changes based on PR feedback
2021-06-14 10:15:27 -04:00
9929d1c11d
fix new rubocop errors
2021-06-14 18:25:22 +05:30
beba2a6e46
add error_token in case the command fails and remove regexp from psh_exec
2021-06-14 15:02:39 +05:30
d8c0b67c96
Merge branch 'nscp_pe' of github.com:Hakyac/metasploit-framework into nscp_pe
2021-06-14 10:08:20 +02:00
c9a0e3b58a
Update modules/exploits/windows/local/nscp_pe.rb
...
Co-authored-by: agalway-r7 <agalway@rapid7.com >
2021-06-14 10:08:59 +02:00
1e6fcd8e3a
Merge branch 'nscp_pe' of github.com:Hakyac/metasploit-framework into nscp_pe
2021-06-14 10:07:14 +02:00
Spencer McIntyre