3f2a07bdca
Update #make_steal_credentials_payload to just take url
2026-03-03 09:37:27 -05:00
1b528c78f0
Swap usages to #bindhost and #srvhost_addr
2026-03-03 09:37:26 -05:00
18bdbfa402
Update instances of #backend_url to use #get_uri
2026-03-03 09:37:26 -05:00
83a82ed043
Remove the extra argument
2026-03-03 09:37:26 -05:00
9df6879a95
Update modules to use srvhost method
2026-03-03 09:37:25 -05:00
a0fb02bd45
Default the address in the SMB share mixin
2026-03-03 09:34:49 -05:00
92e77de800
Update to use OptAddressRourtable for SRVHOST
2026-03-03 09:34:48 -05:00
ccc8367db5
Working Kerberoast and AS-REP modules with LDAP sessions
2026-03-02 15:33:36 +00:00
6a20b24d9c
Land #20740 , Separate SSL and SRVSSL options for client and server connections
2026-02-26 18:11:02 +01:00
44806b805f
Fix: Add http_server_ssl alias to resolve HttpClient/HttpServer mixin conflict
2026-02-26 17:23:39 +01:00
f2856c28b3
Update lib/msf/core/exploit/remote/socket_server.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2026-02-26 17:21:17 +01:00
3720803cdc
Update lib/msf/core/exploit/remote/http_server.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2026-02-26 17:21:03 +01:00
a26036ca7b
Update lib/msf/core/exploit/remote/http_server.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2026-02-26 17:20:37 +01:00
7e937b3d5a
Land #21010 , adds reporting the service to Gitlab mixin
...
Update Gitlab mixin logs
2026-02-26 16:14:35 +01:00
0e60332411
Minor code changes
2026-02-25 14:46:34 +01:00
98b3357e2a
Adds beyondtrust lib, moves functionality into library, shares those functions to two modules
2026-02-24 16:16:05 +01:00
ae24f73a73
more simplification for gitlab_version function
2026-02-24 02:42:10 +02:00
8df17c6c50
Simplifying version handling in GitLab exploit module
2026-02-24 02:26:14 +02:00
dd6a2f97e9
Apply suggestion from @msutovsky-r7
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2026-02-24 02:19:32 +02:00
a8dcc9616c
update gitlab mixin logs
2026-02-23 05:40:59 +02:00
fc9b342a2f
Fix: Separate SSL and SRVSSL using datastore fallback for backwards compatibility
...
Add SRVSSL option with fallbacks: ['SSL'] so modules that use both
HttpClient and HttpServer can control server SSL independently from
client SSL. Old scripts that set SSL continue to work via the fallback.
2026-02-21 08:46:57 +01:00
ea51c45bf5
Land #20859 , breaks up utils/exe.rb into separated files
...
utils/exe.rb break-up
2026-02-20 12:41:15 +01:00
81e54d42e4
Merge pull request #20856 from msutovsky-r7/exploit/cve-2026-21858
...
Adds module for Ni8mare (CVE-2026-21858)
2026-02-16 10:06:14 -05:00
7e03a89304
Land #20798 , adds module for FreeBSD rtsold/rtsol command injection (CVE-2025-14558)
...
Add module for rtsold/rtsol DNSSL Command Injection (CVE-2025-14558)
2026-02-13 10:57:03 +01:00
4adf87ac18
Merge pull request #20929 from jheysel-r7/feat/mod/cve-2026-24061
...
GNU Inetutils Telnet Auth Bypass (CVE-2026-24061)
2026-02-11 11:12:29 -08:00
9512135c84
Merge branch 'master' into rtsold_dnssl_cmdinject
2026-02-10 16:19:53 -05:00
53b4f2921d
chore: lint
2026-02-10 14:58:33 -05:00
b59dfdf352
Refactor rtsold: move RA methods to ipv6.rb
...
. Move packet building to library, fix link-local address usage, and add CheckCode message.
2026-02-10 14:41:12 -05:00
fc0257bcad
Adds default fmt argument to to_executable in msf/core/exploit/exe, comments refactor, adds to_win32pe_dll
2026-02-10 11:52:43 +01:00
c02ac3920d
Reapply "Vulnerability Report Enhancement"
...
This reverts commit c35537252f
2026-02-10 09:46:37 +00:00
db064a4f49
Merge pull request #20895 from rudraditya21/fixed/ldap-entry-cache-misses
...
added: negative caching for LDAP lookup misses
2026-02-06 13:15:57 +00:00
0a5eb04be1
Removes puts
2026-02-04 11:59:41 -05:00
6a1babf6c3
Updates docs, fixes JWT, module cleanup
2026-02-04 12:40:41 +01:00
dbe8b5574f
Updates JWT
2026-02-04 07:52:21 +01:00
366bc5335b
updated: ldap_entry_cache var with max_size argument
2026-02-04 11:22:36 +05:30
a868bc95b2
GNU Inetutils Telnet Auth Bypass
2026-02-03 17:45:59 -08:00
9a18fcf49b
Fixes JWT payload and base64 encoding
2026-02-02 14:13:51 +01:00
a6e750518d
Fixes basic JWT encoding, code refactors, add better failure codes and messages
2026-02-02 11:17:26 +01:00
32eaa4e80b
Adds base for JWT signing
2026-02-02 08:05:32 +01:00
e7f8b07476
Merge pull request #20882 from karanabe/icpr_cert-rsa-keysize
...
Add RSAKeySize option to satisfy AD CS template minimums
2026-01-30 15:56:58 -06:00
0dcebd7ef3
added: max_size as word argument
2026-01-30 21:29:30 +05:30
7134f7ab06
added: negative caching for LDAP lookup misses
2026-01-25 10:13:32 +05:30
2e1d688659
Use OptEnum for RSA key size options
2026-01-23 16:22:13 +09:00
c0e9288ac5
Merge pull request #20799 from jheysel-r7/feat/cacti_graph_template_rce
...
Cacti Graph Template Authenticated RCE [CVE-2025-24367]
2026-01-22 14:26:38 -05:00
18a4cf8c00
Use the ssl setting for HttpServer#start_service
2026-01-22 13:49:28 -05:00
34cebd1453
Update CheckCode messaging
2026-01-22 15:03:32 +01:00
99e032f4af
SmarterTools SmarterMail Unauth File Upload RCE [CVE-2025-52691]
2026-01-22 15:03:30 +01:00
5ba95b5def
Merge pull request #20888 from jheysel-r7/fix/bad_successor_service_auth_fix_2
...
Fixes the base service authenticator for BadSuccessor
2026-01-21 11:37:28 +00:00
c47a74d0dd
Merge pull request #20770 from vognik/Splunk_2022-43571_CVE-2024-36985
...
Add Splunk RCE Exploits (CVE-2022-43571 & CVE-2024-36985)
2026-01-20 12:36:51 -08:00
e3e388d57d
Fixes the base service authenticator for BadSuccessor
2026-01-20 09:24:36 -08:00
Spencer McIntyre