2ce0a90965
Land #14856 , Fix method check for linux/ftp/proftp_telnet_iac module
2021-03-17 09:26:31 -04:00
b99114787a
re-adding first check, but not including [^ ]
2021-03-17 06:51:08 +07:00
294a1a275c
dropping extra version c that stated vulnerable
2021-03-17 06:20:59 +07:00
b1c3c49eb5
Land #14757 , nagios_xi_magpie_debug: add writable paths, improvements, cleanup, fixes
2021-03-16 17:43:43 -05:00
e30d8db082
nagios_xi_magpie_debug: add writable paths, improvements, cleanup, fixes
...
Resolve Rubocop violations
Fix off-by-one in array index triggered when no file upload succeeds
Fix cleanup: ensure files are removed when upload succeeds but execution fails
Add AutoCheck
Add module notes
Add error handling and associated operator feedback
Add additional writable paths required for some old Nagios versions
Add fallback to session as `apache` if privlege escalation fails
Update documentation in line with above changes and fix software download links
2021-03-16 07:13:55 +00:00
b112cc52eb
change variable into snake case
2021-03-15 06:39:55 +07:00
ea95048377
fix identation. make readable check version 3. fix logical operator
2021-03-15 06:34:53 +07:00
d580e7d122
Fix some documentation, remove unnecessary code and fix a filename typo
2021-03-11 12:09:29 -06:00
8d2e644f4f
Add a new Java Deserialization mixin and use it to set the shell
2021-03-11 12:09:29 -06:00
4ed489c12c
fix method check for linux/ftp/proftp_telnet_iac module
2021-03-05 14:49:51 +07:00
319f15d938
Handle nil versions for rubygems 4
2021-02-25 16:47:49 +00:00
b06c5c12aa
Rubocop recently landed modules continued
2021-02-25 14:13:40 +00:00
edea755096
Land #14740 , CVE-2021-3156 Sudo LPE (AKA: Baron Samedit) Improvements
2021-02-22 17:48:33 +00:00
8a339f54c1
Land #14734 , updates and runs rubocop against recent modules
...
Rubocop recently landed modules
2021-02-19 13:48:47 +00:00
275e9c5454
Land #14696 , Further Zeitwerk lands to improve boot speed
...
Zeitwerk rex folder
2021-02-19 10:33:37 +00:00
5b3fde7735
Rubocop recently landed modules
2021-02-16 15:08:08 +00:00
a1c316c679
msftidy: Fix exploit module checks for author and stack buffer overflow
2021-02-13 04:10:13 +00:00
c1e2cfd9e7
Land #14744 , add Klog Server unauth cmd injection
2021-02-12 11:40:57 -06:00
bdc2041c83
Add Klog Server authenticate.php user Unauthenticated Command Injection
2021-02-12 17:07:52 +00:00
01593f21b4
Add the Ubuntu 19.04 target for CVE-2021-3156
2021-02-12 10:06:47 -05:00
20067d183e
Use single quotes for escaping arguments consistently
2021-02-12 08:59:38 -05:00
bed7ae2c78
Add latest rubocop rules
2021-02-12 13:31:51 +00:00
f31c7846d2
Escape shell arguments even more thoroughly
2021-02-11 12:25:28 -05:00
944e8d572d
Register missing files for cleanup
2021-02-10 18:05:20 -05:00
6562f309ce
Handle whitespace in the target path
2021-02-10 17:40:42 -05:00
8757eb33fe
Add an automatic target that uses version fingerprinting
2021-02-10 16:16:33 -05:00
b9dd1b927b
Randomize the path to the library that's loaded
2021-02-10 08:45:52 -05:00
b95be3ed10
Zeitwerk rex folder
2021-02-08 12:24:12 +00:00
b4dd46a8de
Land #14721 , sudo_baron_samedit: Add target: Debian 10 x64, sudo v1.8.27, libc v2.28
2021-02-05 16:01:58 -05:00
fc8ed5ba4e
Land #14154 , use prepend autocheck
2021-02-05 12:22:38 -06:00
cfda83df99
sudo_baron_samedit: Add target: Debian 10 x64, sudo v1.8.27, libc v2.28
2021-02-05 07:54:34 +00:00
504865d507
Add a target for Ubuntu 18.04 and setgid and setuid by default
2021-02-04 10:45:00 -05:00
7281d00938
Implement feedback from PR review
2021-02-04 09:25:40 -05:00
c33c08bae9
Add a check method using the version information
2021-02-03 18:16:13 -05:00
c590d7b1bb
Add module docs and be more permissive with Length formatting
2021-02-03 18:16:13 -05:00
117cdc4fd7
Populate module metadata and cleanup files
2021-02-03 18:16:13 -05:00
b9413b4103
Update the exploit C code to allocate it's own PTY
2021-02-03 18:16:13 -05:00
13dd9ac10e
Initial work on CVE-2021-3156
2021-02-03 18:16:13 -05:00
3a2932b798
Migrate old uses of manual autocheck to use the new prepend autocheck
2021-02-02 10:15:46 +00:00
39b7ba584e
Randomize strings
...
Spencer tells me not to signature-bait, at least not so obviously. ;)
2021-01-22 16:15:16 -06:00
0d410f32c3
Add MobileIron CVE-2020-15505 exploit
2021-01-22 00:37:07 -06:00
9b8b4621df
Land #14368 , Pulse Connect Secure gzip RCE: cve-2020-8260
2020-12-17 17:43:55 -05:00
43b1497cf6
Remove some debug info and mark bind payloads as being incompatible
2020-12-17 16:36:20 -05:00
83943adf8b
Land #14466 , add Aerospike UDF rce
2020-12-10 11:07:56 -06:00
e52084242f
Remove unused vprint_status conditional
2020-12-09 22:45:41 -06:00
399c8dbb79
Don't be lazy about sending the request
...
Don't telegraph our command injection _quite_ so much. We still
"complete" the initial command line to minimize disruption.
I am now backgrounding ssh-keygen to improve the speed of the exploit.
2020-12-09 22:07:08 -06:00
2a2694ef16
Apply rubocop changes and precompute the encryption key
2020-12-07 14:59:40 -05:00
d208e441ba
Update the documentation
2020-12-07 10:54:20 -05:00
811de07e7a
Add logout functionality and cleanup HTTP session management
2020-12-07 10:41:42 -05:00
b968cf9183
Cleanup the payload delivery mechanism
2020-12-07 09:40:29 -05:00
Spencer McIntyre