39455827aa
Land #15254 , use obfuscated powershell protection bypasses
2021-07-12 12:20:17 +01:00
9e61bf5752
Update the rex-powershell gem and unit tests
2021-07-09 15:35:37 -04:00
ccf6ec9628
RuboCop selectively
2021-07-06 21:14:48 -05:00
e5fee3b0b8
Improve AutoCheck prints
2021-07-06 21:14:48 -05:00
325ecfedff
Add some error handling while extracting the key
2021-06-08 14:58:58 -04:00
4ccc468dab
Add docs to the SharePoint mixin
2021-06-07 16:04:08 -04:00
64077e1395
Add and use a new sharepoint mixin
2021-06-07 15:25:07 -04:00
87d69c7553
Land #15263 , adds payload flag to analyze
2021-06-03 16:03:46 +01:00
73b269cf7e
Land #15225 , cookie jar cleanup
2021-06-01 10:49:56 +01:00
814e510e17
Fix unit tests
2021-05-26 15:30:23 +01:00
82c078c888
Updates for psexec usage
2021-05-25 14:38:52 -04:00
ebab5f1e85
Update the powershell mixin
2021-05-25 14:38:52 -04:00
4920800340
Add a null check to the PSH bypass code
...
Powershell version 3 does not have
`System.Management.Automation.AmsiUtils` so check that it's present
before setting the field.
2021-05-25 14:38:52 -04:00
694617b12c
Use an obfuscated stub to bypass PSH protections
2021-05-25 14:36:17 -04:00
c84b651ca6
Remoce initial rhost http url attempt
2021-05-24 00:31:09 +01:00
5e4af7241d
prevent TLD use in tests & remove HTTP::Cookie DI
2021-05-20 17:49:21 +01:00
f3f479fda9
Handle powershell protection bypasses in MSF
2021-05-17 16:00:00 -04:00
e0e8cafda5
Explicitly autotarget analyze results
...
Doesn't really do anything that wasn't done already, but will provide a
good entry point for better and more flexible targeting use, e.g. by
breaking down the OS name with Recog when needed.
2021-05-14 08:45:14 -05:00
0f73031833
Land #15165 , Add documentation for the new CookieJar functionality
2021-05-12 19:29:21 +01:00
6b61eed3cd
documention
2021-05-07 14:14:46 +01:00
a22ebdf76d
cookie cleanup
2021-05-07 12:46:38 +01:00
0be7452c28
Ensure cookie jars are correctly duped
2021-05-06 12:11:26 +01:00
6c6d7699ed
Land #14831 , Add CookieJar support to http_client
2021-04-30 14:08:04 +01:00
619e01bfa3
Land #11257 , Add PSH generation methods to Util::Exe
...
Merge branch 'land-11257' into upstream-master
2021-04-23 13:52:53 -05:00
63e14cf69f
Update method options, method comments, and comment on to_win32pe_psh_rc4 behavior
2021-04-23 13:51:01 -05:00
1b02344b55
consider vhost & expand tests
2021-04-20 15:12:54 +01:00
5df0f0b164
improvements to tests and api
2021-04-19 15:13:42 +01:00
88f17c5128
cleanup and removes cookies filtering
2021-04-16 17:31:11 +01:00
fc55d74b80
http-client cookie jar support and tests
2021-04-16 12:24:21 +01:00
d20285b507
Correct DNS PTR record crash
...
When using `auxiliary/gather/enum_dns` and setting `NS` to an internal system, the following crash occurs (which is fixed with this PR):
```
[-] Auxiliary failed: NoMethodError undefined method `ptr' for #<Dnsruby::RR::IN::PTR:0x00007f8b9e9cb450>
```
2021-04-14 09:58:50 -04:00
4c37e35d82
Land #14770 , guard when spawn is used with TcpServer mixin
2021-04-14 11:34:25 +01:00
893de0c45c
Land #14987 , Update RbMysql to the most recent version
2021-04-07 13:29:43 +01:00
26899ff013
Land #14992 , updates auto_target_host guard clause to additionally handle rhost being nil
2021-04-07 10:19:20 +01:00
a9b3c15601
guard host search on rhost set
...
During module instantiation auto_target process is expected to account
for existing hosts if `rhost` is set, however just testing if the module
responds to `rhost` is not sufficent to guard the query, a value must also
have been set.
2021-04-02 08:47:32 -05:00
278c56652e
Update RbMysql to the most recent code from this gem https://github.com/tmtm/ruby-mysql
2021-04-01 14:17:28 +01:00
1f4046c45f
Update references and delete check_addr in post module smdagent_get_properties.rb
2021-03-29 22:58:48 +03:00
a803d7a0d1
CVE-2019-0307
...
Add post module smdagent_get_properties.rb
Add lib sap_smd_agent_unencrypted_property.rb
Update auxiliary module cve_2020_6207_solman_rce.rb
Update lib sap_sol_man_eem_miss_auth.rb
2021-03-29 20:29:30 +03:00
80ae750df5
Land #14697 , Add Nagios XI mixin and auxiliary scanner module and docs
2021-03-26 18:12:16 -05:00
514f97f4fe
Fix bug in nagios_xi_version regex
2021-03-26 14:18:25 -04:00
83e31aeaa4
Use safe navigation operator for get_nsp regex
2021-03-26 13:44:17 -04:00
9039b5687f
Fix up version regex and also fix a description to be a little more accurate
2021-03-26 11:57:03 -05:00
1dbf1656d3
Update to introduce wrapping on some comments and also to fix up the CVE output a bit
2021-03-26 11:46:51 -05:00
65b35e4e6a
Remove unnecessary empty check for nagios_rce_version_prior hash
2021-03-25 15:06:27 -04:00
122dbbea1e
Add additional supported modules. Align results when printing in scanner.
2021-03-25 15:01:05 -04:00
6d1986e8ca
Avoid mixing return types in login.rb
2021-03-25 14:13:55 -04:00
707f163e15
Avoid type mixing as much as possible, add other feedback from code review
2021-03-25 11:19:31 -04:00
0487e451cf
Updated payload
...
Updated make_rce_payload, renamed get_agent_os to check_agent in lib sap_sol_man_eem_miss_auth.rb
Updated action_ssrf, action_exec in auxiliary module cve_2020_6207_solman_rce.rb
Updated execute_command, exploit in exploit module cve_2020_6207_solman_rs.rb
2021-03-25 14:20:54 +03:00
391e013d89
Removed var lhost, lport in exploit module cve_2020_6207_solman_rs.rb
...
Changed fail reason if agent_name is nil in lib sap_sol_man_eem_miss_auth.rb
2021-03-25 11:26:14 +03:00
924f7feb76
Updated Arch in the exploit module cve_2020_6207_solman_rs.rb
...
Corrected by rubocop library sap_sol_man_eem_miss_auth.rb
2021-03-24 16:26:01 +03:00
abe8c73be9
Added get_agent_os in lib sap_sol_man_eem_miss_auth.rb
2021-03-24 16:03:20 +03:00
Tim W