39455827aa
Land #15254 , use obfuscated powershell protection bypasses
2021-07-12 12:20:17 +01:00
ccf6ec9628
RuboCop selectively
2021-07-06 21:14:48 -05:00
e5fee3b0b8
Improve AutoCheck prints
2021-07-06 21:14:48 -05:00
325ecfedff
Add some error handling while extracting the key
2021-06-08 14:58:58 -04:00
4ccc468dab
Add docs to the SharePoint mixin
2021-06-07 16:04:08 -04:00
64077e1395
Add and use a new sharepoint mixin
2021-06-07 15:25:07 -04:00
73b269cf7e
Land #15225 , cookie jar cleanup
2021-06-01 10:49:56 +01:00
82c078c888
Updates for psexec usage
2021-05-25 14:38:52 -04:00
c84b651ca6
Remoce initial rhost http url attempt
2021-05-24 00:31:09 +01:00
5e4af7241d
prevent TLD use in tests & remove HTTP::Cookie DI
2021-05-20 17:49:21 +01:00
0f73031833
Land #15165 , Add documentation for the new CookieJar functionality
2021-05-12 19:29:21 +01:00
6b61eed3cd
documention
2021-05-07 14:14:46 +01:00
a22ebdf76d
cookie cleanup
2021-05-07 12:46:38 +01:00
0be7452c28
Ensure cookie jars are correctly duped
2021-05-06 12:11:26 +01:00
1b02344b55
consider vhost & expand tests
2021-04-20 15:12:54 +01:00
5df0f0b164
improvements to tests and api
2021-04-19 15:13:42 +01:00
88f17c5128
cleanup and removes cookies filtering
2021-04-16 17:31:11 +01:00
fc55d74b80
http-client cookie jar support and tests
2021-04-16 12:24:21 +01:00
d20285b507
Correct DNS PTR record crash
...
When using `auxiliary/gather/enum_dns` and setting `NS` to an internal system, the following crash occurs (which is fixed with this PR):
```
[-] Auxiliary failed: NoMethodError undefined method `ptr' for #<Dnsruby::RR::IN::PTR:0x00007f8b9e9cb450>
```
2021-04-14 09:58:50 -04:00
4c37e35d82
Land #14770 , guard when spawn is used with TcpServer mixin
2021-04-14 11:34:25 +01:00
893de0c45c
Land #14987 , Update RbMysql to the most recent version
2021-04-07 13:29:43 +01:00
278c56652e
Update RbMysql to the most recent code from this gem https://github.com/tmtm/ruby-mysql
2021-04-01 14:17:28 +01:00
a803d7a0d1
CVE-2019-0307
...
Add post module smdagent_get_properties.rb
Add lib sap_smd_agent_unencrypted_property.rb
Update auxiliary module cve_2020_6207_solman_rce.rb
Update lib sap_sol_man_eem_miss_auth.rb
2021-03-29 20:29:30 +03:00
80ae750df5
Land #14697 , Add Nagios XI mixin and auxiliary scanner module and docs
2021-03-26 18:12:16 -05:00
514f97f4fe
Fix bug in nagios_xi_version regex
2021-03-26 14:18:25 -04:00
83e31aeaa4
Use safe navigation operator for get_nsp regex
2021-03-26 13:44:17 -04:00
9039b5687f
Fix up version regex and also fix a description to be a little more accurate
2021-03-26 11:57:03 -05:00
1dbf1656d3
Update to introduce wrapping on some comments and also to fix up the CVE output a bit
2021-03-26 11:46:51 -05:00
65b35e4e6a
Remove unnecessary empty check for nagios_rce_version_prior hash
2021-03-25 15:06:27 -04:00
122dbbea1e
Add additional supported modules. Align results when printing in scanner.
2021-03-25 15:01:05 -04:00
6d1986e8ca
Avoid mixing return types in login.rb
2021-03-25 14:13:55 -04:00
707f163e15
Avoid type mixing as much as possible, add other feedback from code review
2021-03-25 11:19:31 -04:00
0487e451cf
Updated payload
...
Updated make_rce_payload, renamed get_agent_os to check_agent in lib sap_sol_man_eem_miss_auth.rb
Updated action_ssrf, action_exec in auxiliary module cve_2020_6207_solman_rce.rb
Updated execute_command, exploit in exploit module cve_2020_6207_solman_rs.rb
2021-03-25 14:20:54 +03:00
391e013d89
Removed var lhost, lport in exploit module cve_2020_6207_solman_rs.rb
...
Changed fail reason if agent_name is nil in lib sap_sol_man_eem_miss_auth.rb
2021-03-25 11:26:14 +03:00
924f7feb76
Updated Arch in the exploit module cve_2020_6207_solman_rs.rb
...
Corrected by rubocop library sap_sol_man_eem_miss_auth.rb
2021-03-24 16:26:01 +03:00
abe8c73be9
Added get_agent_os in lib sap_sol_man_eem_miss_auth.rb
2021-03-24 16:03:20 +03:00
567f78c532
Update PAYLOAD_XML, check_response in lib sap_sol_man_eem_miss_auth.rb
...
Delete class var agents in auxiliary and exploit modules
2021-03-24 11:21:57 +03:00
ce8a3eea12
Update check_response in lib sap_sol_man_eem_miss_auth.rb
2021-03-23 23:57:40 +03:00
2c18435e6e
Update pretty_agents_table in lib sap_sol_man_eem_miss_auth.rb
...
Change output in auxiliary and exploit modules
2021-03-23 23:00:34 +03:00
81a22503d9
Update enable_eem, script_action in lib sap_sol_man_eem_miss_auth.rb
2021-03-23 22:20:46 +03:00
4399fa73fc
Update make_rce_payload, make_soap_body in lib sap_sol_man_eem_miss_auth.rb
...
Update rce command in auxiliary module cve_2020_6207_solman_rce.rb
2021-03-23 19:02:59 +03:00
d5ac1f8078
Update make_ssrf_payload, make_rce_payload, make_soap_body in lib sap_sol_man_eem_miss_auth.rb
2021-03-23 17:41:06 +03:00
70a46d411e
Update make_agents_array in lib sap_sol_man_eem_miss_auth.rb
2021-03-23 16:18:27 +03:00
d76224066f
Rename option URIPATH to TARGETURI
2021-03-23 13:33:39 +03:00
113dce79de
Move lib/metasploit/framework/sap_solman/client.rb to lib/msf/core/exploit/remote/http/sap_sol_man_eem_miss_auth.rb
2021-03-23 13:20:27 +03:00
a38e2702c8
Add recommendations from code review, avoid returning checkcodes
2021-03-18 12:21:51 -04:00
26c1ca56d1
Add unauthenticated version check for older Nagios XI versions
2021-03-18 12:21:51 -04:00
9434f30665
Move login_after_install_or_license to mixin login.rb, minor improments
2021-03-18 12:21:51 -04:00
484d5eee09
Correct version ranges for supported exploit modules, update documentation, make sure to return cookies after authentication
2021-03-18 12:21:51 -04:00
2b081847fa
Add functionality to complete Nagios XI install and sign license agreement, improve cookie filtering logic
2021-03-18 12:21:51 -04:00
Tim W