b171b5e77c
working cve-2022-0492
2023-11-28 15:16:18 -05:00
7307c9810b
Use the new style of Windows version detection
...
This will become more important once the Windows Meterpreter returns a
more accurate string for the sysinfo OS field.
2023-11-28 14:35:26 -05:00
1b6efbbcd6
automatic module_metadata_base.json update
2023-11-28 12:49:11 -06:00
4ae62a431b
not-working docker escape
2023-11-28 13:44:08 -05:00
c5075ade2a
Land #18567 , Add exploit module for CVE-2023-5360.
...
This pull request adds a new exploit module for
an unauth file upload vulnerability in the
WordPress Royal Elementor Addons and Templates
plugin, versions before 1.3.79, tracked as CVE-2023-5360.
2023-11-28 13:28:53 -05:00
e6321e46c4
Land #18565 , Add kerberos cache TGT lookup logic
...
This PR adds an enhancement to adjust the cache lookup logic.
If no TGT for the specific host is found, it will try again but
with any host.
2023-11-28 12:00:48 -05:00
47e7453930
Enhance Splunk RCE module description for clarity and detail
2023-11-28 17:59:16 +01:00
4967d3e95d
Remove spaces
2023-11-28 17:48:07 +01:00
f2f34f64c8
Add suggested changes
2023-11-28 17:45:13 +01:00
4676e6d5d4
automatic module_metadata_base.json update
2023-11-28 10:39:12 -06:00
708c795890
Land #18560 , Forging diamond and sapphire tickets
2023-11-28 11:14:15 -05:00
b2fa201a7d
Implement check
2023-11-28 16:45:44 +01:00
a1f31d909a
Add splunk_xslt_authenticated_rce
2023-11-28 15:51:39 +01:00
0146527e55
Add splunk_xslt_authenticated_rce
2023-11-28 15:40:05 +01:00
147aa3df33
fixes
2023-11-28 08:04:49 -05:00
402434bbf2
Add module output
2023-11-28 08:41:35 +01:00
fc35a116bb
Update modules/exploits/multi/http/wp_royal_elementor_addons_rce.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2023-11-28 08:15:27 +01:00
bfd22f8f01
Update documentation/modules/exploit/multi/http/wp_royal_elementor_addons_rce.md
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2023-11-28 08:15:14 +01:00
1438a88eb5
Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-11-28 08:10:56 +01:00
10e0206b6e
Diamond tickets require AES256
2023-11-28 09:38:06 +11:00
67933c3819
Deprecated module exploit/linux/upnp/dlink_dir859_exec_ssdpcgi
2023-11-27 19:35:34 +00:00
7dbd938e3b
fixed linting with rubocop and msftidy.rb
2023-11-27 18:44:10 +01:00
c31b0f0dd1
Land #18575 , Remove spurious print
2023-11-27 11:59:46 +00:00
3ffeef36f6
Update modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2023-11-27 11:48:50 +01:00
ebc18db0ac
Update modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2023-11-27 11:48:12 +01:00
4906ea228d
updated fields to have random values
2023-11-27 09:39:18 +01:00
7ab487612c
Default to NTLM auth, since plaintext will almost certainly never work
2023-11-27 17:52:12 +11:00
2ea1f43f12
Unit test for new kerberos client pre-auth behaviour
2023-11-27 17:10:19 +11:00
c293c273ba
Attempt to decrypt pre-auth kerberos response
2023-11-27 13:09:59 +11:00
3ca13d9358
Changes from code review.
...
Added in the stability/IOC notes, since diamond/sapphire do make requests.
2023-11-27 10:30:54 +11:00
2eec5e0914
Remove spurious print; resolves #18562
2023-11-27 07:37:02 +11:00
27b2cdf5b1
Update modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb
...
Remove obsolete slash in normalize_uri parameters
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2023-11-25 13:09:15 +01:00
32380d8a26
Update modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb
...
Remove obsolete slash in normalize_uri parameters
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2023-11-25 13:09:03 +01:00
a04943063e
Update modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb
...
Removes quotes from normalize_uri parameters.
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2023-11-25 13:07:08 +01:00
ff70cc7e42
Clearer RHOST error message
2023-11-24 11:34:18 +11:00
e3046d18c9
Update docker ruby version to 3.1
2023-11-23 23:16:25 +00:00
622277e960
Added documentation for ASREP module
2023-11-24 08:45:26 +11:00
2ead152173
Add specific module to perform ASREP-roasting
2023-11-24 07:43:49 +11:00
8c007c0ef7
added exploit for CVE-2023-32781 - PRTG authenticated RCE
2023-11-23 19:28:02 +01:00
e1b3c56de8
Add reference
2023-11-23 19:27:11 +01:00
65ea1188e2
Add suggested changes
2023-11-23 18:22:36 +01:00
0d591a3136
Land #18526 , Add a command to customise DNS resolution
2023-11-23 17:46:16 +01:00
c60da4ad58
Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb
...
Co-authored-by: cgranleese-r7 <69522014+cgranleese-r7@users.noreply.github.com >
2023-11-23 17:33:19 +01:00
d20a1703b1
Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb
...
Co-authored-by: cgranleese-r7 <69522014+cgranleese-r7@users.noreply.github.com >
2023-11-23 17:32:57 +01:00
21d23be8e3
Bump version of framework to 6.3.45
2023-11-23 09:57:42 -06:00
31daaf58fe
Add wp_royal_elementor_addons_rce
2023-11-23 05:15:28 +01:00
397b9971a3
Clean up started
2023-11-22 21:06:55 -05:00
c0be4c2f72
working end to end unix confluence 7.18
2023-11-22 19:49:38 -05:00
473ded345b
Fix UDP detection when DNS resolution is not on
2023-11-23 10:34:09 +11:00
4321aafe77
Land #18547 , Update ssh login pubkey module
...
Update ssh login pubkey module to correctly identify windows ssh platform
2023-11-22 17:09:06 -05:00
h00die