1c73cf938f
cve-2024-21626
2024-02-01 15:28:04 -05:00
3c46f51924
Land #18753 , Fix typo in alloc_and_write_wstring
...
The method str_to_uniz_a was being called but does not exist.
The actual method name is str_to_uni_z, this PR fixes that typo.
2024-02-01 15:09:16 -05:00
b259c5d6a7
store the credentials we create in the DB
2024-02-01 19:48:01 +00:00
612feac5f1
add in vendor advisory URL
2024-02-01 19:47:23 +00:00
e21dcf34ed
Bump version of framework to 6.3.55
2024-02-01 12:08:45 -06:00
d9defd40e4
Update PHP Github action for acceptance tests
2024-02-01 18:02:46 +00:00
10dfe9c428
Remove prefix from alerts
2024-02-01 17:33:31 +00:00
5193d30db7
Move message order
2024-02-01 17:17:58 +00:00
81eba7a6e7
Use FileDropper mixin and fix typo
2024-02-01 17:23:05 +01:00
2a4d50c6e7
Fix source location tracking for ruby kernel patches
2024-02-01 15:38:30 +00:00
1c334ad670
address stack trace noticed in testing
2024-02-01 08:49:16 -06:00
e5b5f12a4e
add missing sasl mechanism constant
...
* support mechanism reported as NTLM or GSS-SPNEGO
* return ResultCodeAuthMethodNotSupported for unknown bindRequest auth
2024-02-01 08:44:55 -06:00
5054b3bfd0
Add methods to get the version and the CSRF token
2024-02-01 12:31:01 +01:00
a867793870
Update modules/exploits/multi/http/fortra_goanywhere_mft_rce_cve_2024_0204.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-02-01 09:05:02 +00:00
546de49bec
Update modules/exploits/multi/http/fortra_goanywhere_mft_rce_cve_2024_0204.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-02-01 09:04:49 +00:00
6e4294c013
Update modules/exploits/multi/http/fortra_goanywhere_mft_rce_cve_2024_0204.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-02-01 09:04:26 +00:00
2b01b86374
Adding new module for MinIO
2024-01-31 13:33:04 -05:00
15d22d2807
automatic module_metadata_base.json update
2024-01-30 18:40:48 -06:00
024b855231
Land #18628 , Add Puppet post module
...
This PR adds a post gather module to get
Puppet configs and sensitive files.
2024-01-30 19:20:48 -05:00
c8d2727023
automatic module_metadata_base.json update
2024-01-30 12:02:57 -06:00
764a87fda8
nil check and fix mock
2024-01-30 17:51:40 +00:00
4d0ba2fa1d
Land #18742 , Memory search module improvements
2024-01-30 17:39:12 +00:00
1abaef4945
Move new session information alerts behind a feature flag
2024-01-30 16:38:00 +00:00
056ed770b5
automatic module_metadata_base.json update
2024-01-30 10:05:09 -06:00
59df04be97
Land #18755 , Add an exploit for Mirth Connect RCE
...
This PR add an exploit module for both CVE-2023-43208
and CVE-2023-37679 where the former is a patch bypass
for the later.
2024-01-30 10:33:47 -05:00
f10619d870
Add module and documentation
2024-01-30 12:52:02 +01:00
6702dd0195
review comments for puppet module
2024-01-29 19:21:25 -05:00
68f333cb7b
review comments for puppet module
2024-01-29 19:18:54 -05:00
2efbf6e2f5
review comments
2024-01-29 17:21:06 -05:00
44916e67d5
Check if the SMB share exists before overwriting
2024-01-29 16:55:25 -05:00
3d476f4ef3
Add the missing #on_client_connect method
2024-01-29 16:44:32 -05:00
b9cf7ba894
Fix an issue where info would raise an exception
...
Fix instances where the `info` command would raise an exception while
generating the payload to calculate its length.
2024-01-29 16:44:32 -05:00
1c36d89942
Fix a double deref issue with the HTTP service
2024-01-29 16:44:32 -05:00
c9504f9c53
Update the payload specs
2024-01-29 16:44:32 -05:00
96316a94fe
Initial SMB server for fetch payloads
2024-01-29 16:44:28 -05:00
577898d91b
Check the response when exploiting
2024-01-29 14:38:49 -05:00
b5906418c2
Update the HashCapture mixin
...
Use #srvport instead of the datastore and pull in upstream chanes for
the metasploit-credential gem to enable use within payloads.
2024-01-29 13:35:56 -05:00
33306fa4dd
The SRVPORT is already registered
...
The SRVPORT datastore option is registered by the Remote::SMB::Server
mixin so including it here is redundant.
2024-01-29 13:35:54 -05:00
a8c240f671
Refactor existing fetch work
...
* Build the HTTPS server on top of HTTP instead of the other way around
* Set the fetch service to nil after it has been cleaned up
* Don't capitalize the H in the word handler
* Check if the fetch_service is truthy before cleaning it up
* Remove the unused FetchServerName datastore option
* Fixup the description text
* Don't allow slashes in fetch file names
* Also add the #fetch_bindnetloc method
Fix a problem in fetch/tftp.rb
2024-01-29 13:34:56 -05:00
c70092a2c7
bugfix a copy pasta whereby a path seperator was not being added as expected
2024-01-29 17:52:37 +00:00
08a19959fe
add an RCE exploit module for CVE-2024-0204 in Fortra GoAnywhere MFT
2024-01-29 17:17:45 +00:00
b5de25a2b6
Fingerprint the target as Mirth Connect first
2024-01-29 12:11:38 -05:00
9a2ec90c16
Add alert to show user the new session options available in Metasploit 6.4
2024-01-29 17:06:21 +00:00
e5f96bdbe1
Land #18760 , Ensure DNS command config loading does not crash msfconsole
2024-01-29 14:53:15 +00:00
8a793dd1b0
Use the correct exploit and use sh instead of bash
2024-01-29 09:03:25 -05:00
7ce13101df
Ensure DNS command config loading does not crash msfconsole
2024-01-29 13:23:18 +00:00
779da83d59
gitlab password reset account takeoever review
2024-01-27 07:44:11 -05:00
e6c4195ad3
gitlab password reset account takeoever review
2024-01-27 07:42:25 -05:00
26e2b2e319
Add docs for opennms authenticated rce
2024-01-27 01:13:22 +02:00
14181572c1
add PRIVESC_SAVE_DELAY option for opennms authenticated RCE
2024-01-27 01:13:04 +02:00
h00die