4183cd444d
Added unixcrypt to payload
2023-06-01 12:30:26 -04:00
c336f179d6
Gave rootmethod option better description
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-06-01 11:32:39 -04:00
d868d0ec14
Fixed double checking of sudoers
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-06-01 11:32:03 -04:00
0e477bdc9a
Used unixcrypt to create encrypted password
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-05-31 13:47:29 -04:00
2fab56f905
Made cachesize dynamic
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-05-31 13:46:05 -04:00
f1468a83ed
Added forgotten end
2023-05-21 13:40:52 -04:00
7a9f13c960
Added option to remove sudoers check
2023-05-21 12:18:32 -04:00
4b3d6b59cc
Replaced fail_with with raised error
2023-05-21 12:10:18 -04:00
dc11d818aa
Corrected failwith statement
2023-05-21 00:37:00 -04:00
33e59a291e
Added check for user
2023-05-21 00:26:18 -04:00
e0e214e241
Merge branch 'master' into useradd
2023-05-20 18:21:18 -04:00
ed026e52eb
Fixed echo option so sudo would work
2023-05-20 18:14:46 -04:00
fffc7f514d
Fixed issue with description
2023-05-19 15:24:53 -04:00
c42905fe92
Updated description
2023-05-19 13:45:45 -04:00
d07f2ed633
Set default method to sudo
2023-05-19 13:45:11 -04:00
b077167d73
Redesigned to not use exectuable at all
2023-05-19 13:34:12 -04:00
a8fd4e7aba
Renamed to adduser for consistency
2023-05-19 13:31:55 -04:00
f464401dde
Land #17782 , Add fetch payloads
...
Add http wget cmd based fetch payload for Linux and Windows
2023-05-18 12:18:27 -04:00
548a2d7ab4
Add fetch payloads for Windows and Linux x64
2023-05-18 10:47:29 -05:00
6c88e85d02
Land #17993 , add invscout RPM privesc
2023-05-17 18:56:42 -05:00
0bc1fdf51d
Add invscout RPM Privilege Escalation
2023-05-17 20:17:55 +10:00
f15c9a0bbb
Added cmd useradd payload
2023-05-16 23:16:54 -04:00
459cf871cb
Land #17979 , Add exploit for Ivanti Avalanche file upload - CVE-2023-28128
2023-05-16 09:19:33 -05:00
560fc9000b
Fix up checks on responses to make sure they are more robust checks
2023-05-12 16:08:47 -05:00
3b2d23eeae
Fix up check method, unduplicate fail_with messages to make them unique, and add @cleanup_needed so we can check if cleanup is needed to avoid unnecessary messages when just checking if the target is vulnerable or not
2023-05-12 14:14:40 -05:00
004a72c32e
ibstat_path: Use AutoCheck, add Notes, resolve Rubocop violations
2023-05-13 01:27:53 +10:00
722de33b6f
address feedback, use cleanup to restore path
...
fix bug where if config restore failed, module would
output that it was both a failure and a success
add akb topic as reference
2023-05-11 13:20:25 -05:00
d24f5873bd
Update sticky_keys.rb
...
Persistance -> Persistence
Fix a small typo
2023-05-11 12:22:54 -05:00
131f2519bc
Update modules/exploits/windows/http/ivanti_avalanche_filestoreconfig_upload.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-05-11 10:48:48 -05:00
fa6a5e24f0
Land #17807 , Add in documentation on Metasploit's file system
2023-05-11 16:11:12 +01:00
eb959e2e40
Land #17060 , GSoC Project: Implement HTTP-Trace enabled login scanners
2023-05-11 15:45:01 +01:00
020ee7ca5c
Land #17964 - Pentaho Business Server Auth Bypass and SSTI - CVE-2022-43769 and CVE-2022-43939
2023-05-11 09:28:55 -05:00
fe63d80679
Fix issues: double encoding bug, nessus scanner logging, remove dead cgi option
2023-05-11 13:01:52 +01:00
9f6a1c18a1
Minor updates to fix URLs, disclosure date, description, and minor gramatical things
2023-05-10 18:22:00 -05:00
9f0a6503b7
require.js is not the only way, account for this new discovery in code
2023-05-10 13:02:02 -05:00
5d4e68d36c
Add Metasploit payload example and remove message that may suggest successful exploitation occurred even when it didn't
2023-05-10 10:36:29 -05:00
1b8f1de7c8
Add in fixes from review, add archive of software, and use uri_encode_mode for encoding parameters.
2023-05-10 10:16:08 -05:00
e514de9aef
add comment about jsf substitution
2023-05-10 09:13:01 -05:00
a485a786ef
Land #17881 , Zyxel chained RCE using LFI and weak password derivation algorithm
2023-05-10 11:49:51 +02:00
4f8024454c
Updates based on cdelafuente-r7 latest comments
2023-05-10 07:46:11 +00:00
79d35ad938
Fixed check method
2023-05-09 14:25:03 -05:00
eca87ea2eb
Updated side effects and fixed fail_withs
2023-05-09 14:25:03 -05:00
348750ea70
Updated Authors
2023-05-09 14:25:02 -05:00
07056a74bc
Pentaho Business Server Auth Bypass and SSTI
2023-05-09 14:24:51 -05:00
908f7ad3f3
Land #17972 , updates to some of the example modules to keep them in line with framework changes
2023-05-09 18:46:25 +01:00
d1e3ce1183
add Ivanti Avalanche file upload
2023-05-08 17:41:52 -05:00
bc25907d1e
Add additional clarity to some segments of the module
2023-05-08 16:43:26 -05:00
cdab415ffb
Fix a bug in ACE processing
...
There was an issue in the ACE processing where only ACEs corresponding
to an object were processed for SIDs with enrollment rights. The
processing should also process ACEs that grant the enrollment right and
are not related to any objects. In other words, only ACEs associated
with an object that is neither the CERTIFICATE_ENROLLMENT_EXTENDED_RIGHT
or CERTIFICATE_AUTOENROLLMENT_EXTENDED_RIGHT right should be ignored.
2023-05-08 16:00:38 -05:00
12911d10fb
review comments
2023-05-08 15:25:31 -04:00
f773d348e1
Add in notes about reliability of the module, and also add documentation on 7005 test on Windows 2022
2023-05-08 12:11:01 -05:00
RadioLogic