4e61596e7a
Check Build ID before running exploit
2023-12-19 12:15:35 -05:00
e858628292
Execute python payload in memory
2023-12-19 00:46:11 -05:00
549ee43df9
Update docs description minor comments
2023-12-19 00:32:21 -05:00
2ed3b771ed
Updated python exploit
2023-12-19 00:26:54 -05:00
c6a6809700
Updated attribution
2023-12-18 19:41:49 -05:00
d9aa7f914e
Added newline to PoC and removed empty file
2023-12-14 18:42:09 -05:00
df111afb06
Glibc Tunables Exploit
2023-12-14 18:28:43 -05:00
b0b4da543d
Land #18400 , Kerberos ticket_search fix passing in a workspace
2023-10-23 16:17:24 +02:00
77a8b0efa2
Land #18421 , Save Kerberos tickets in the MSF cache upon a successful login
2023-10-23 15:25:09 +02:00
a3c5ca6cc1
automatic module_metadata_base.json update
2023-10-19 16:59:52 -05:00
15aaa90379
Land #18447 , CVE-2023-22515 Confluence Auth Bypass
...
CVE-2023-22515 - Atlassian Confluence Data Center and Server Authentication Bypass
2023-10-19 17:35:17 -04:00
ee0e5b9eda
Tidy the docs, fix the username
...
The username can not contain capital letters, or the operation will
fail.
2023-10-19 17:19:55 -04:00
c79cc5a36b
Final Checks
2023-10-19 17:19:55 -04:00
b3a9579e8a
Update modules/auxiliary/admin/http/atlassian_confluence_auth_bypass.rb
...
Implement changes proposed by Spencer McIntyre (smcintyre-r7)
2023-10-19 17:19:30 -04:00
258ac6421b
Fix fail_with response code compare and documentation fixes
2023-10-19 17:19:30 -04:00
7c977e07ef
Remove of the X-Atlassian-Token header from server-info.action
2023-10-19 17:19:30 -04:00
236a301f27
Check method fixes
...
get_confluence_version inside to check method. Also new status messages
2023-10-19 17:19:08 -04:00
30e1930444
Bump version of framework to 6.3.40
2023-10-19 12:08:32 -05:00
7baabd08db
Land #18364 , Add support for filtering sessions
2023-10-19 16:40:42 +01:00
b4b73529d3
add -e flag for stale sessions
...
remove single flag
pivot to search flag
added support for search session type
adds search session id support
remove stale references
reshuffle code
fix time parsing, add command support
fix search list, reduce duplicated code
testing added
killall with search lists table of killed sessions
sessions are no longer represented by ids
addresses feedback on code structure and search behavior
some test reshuffling, switch raised errors to printed ones
add checkin validation, rest of cmd_sessions tests
add time parsing test
refactoring
test reformatting and adjusted error validation
make error handling more explicit, add test context
fixes
sub quotes, make constant
rubocopping
switch before and after to greater than and less than
mbetter incorporate constants
update example
2023-10-19 09:41:18 -05:00
dba2ac88f0
automatic module_metadata_base.json update
2023-10-19 03:44:02 -05:00
da9d04d32d
Land #18461 , CVE-2023-22515 - Atlassian Confluence unauthenticated RCE
2023-10-19 10:22:57 +02:00
c63aaba760
add in documentation for Options
2023-10-18 10:05:05 +01:00
5e84f57ab3
set :random to true during generate_jar so we can randomize teh metasploit class path
2023-10-18 09:53:46 +01:00
fcffd36af0
no need to test for true, jsut return the value as we are waiting for done to be set to true
2023-10-18 09:37:04 +01:00
9fdbccb74f
catch a JSON ParserError exception and fail_with() if needed. Also detect if the JSON data doesnt have the expected value and fail_with() if needed
2023-10-18 09:36:02 +01:00
34107e4f3b
favod over for string concatenation.
2023-10-17 11:36:07 +01:00
0fc35bf6d3
randomize the plugins version number
2023-10-17 10:01:02 +01:00
415bd49b15
use next semantics to return from a yielded block early (note we cannot use return for this)
2023-10-17 09:43:00 +01:00
54f334479a
fix another typo
2023-10-17 09:30:52 +01:00
9e6e9538e1
typo
2023-10-17 09:29:38 +01:00
d2438bad4e
add a note to explain we need to concat a trailing forward slash
2023-10-17 09:28:04 +01:00
4acdaf3087
typos
2023-10-17 09:22:09 +01:00
d17f065f12
remove 'localhost' in favor of some random chars
2023-10-17 09:21:28 +01:00
3242a7009b
clarify timeout is in seconds
2023-10-17 09:11:05 +01:00
b97cb9f63d
remove whitespace
2023-10-17 09:10:28 +01:00
1c027ac05c
add an RCE exploit for CVE-2023-22515
2023-10-16 20:50:18 +01:00
ec5648f6c5
Land #18452 , Update Writing Module Docs to reference msftidy_docs.rb
2023-10-13 17:55:16 +01:00
4ff3c0f102
Update docs/metasploit-framework.wiki/Writing-Module-Documentation.md
2023-10-13 11:58:01 -04:00
2464c43151
Update Writing Module Docs to reference msftidy_docs.rb
2023-10-13 11:26:19 -04:00
718cdd9a6b
Land #18428 , Add mssql_login docs
...
This PR adds a documentation file for the mssql_login scanner.
2023-10-13 10:56:58 -04:00
d2607c7a77
Land #18451 , Update creds cracked password to work with remote database
2023-10-13 13:15:59 +01:00
5d6b63c8ef
automatic module_metadata_base.json update
2023-10-13 06:51:04 -05:00
941c44f9ad
Update creds cracked password to work with remote database
2023-10-13 12:30:27 +01:00
bb19151891
Land #17689 , adding a new column cracked password in creds command to show cracked passwords
2023-10-13 12:25:51 +01:00
44e5a93add
Land #18442 , Improve stability of msfdb initialization on windows environments
2023-10-13 12:21:02 +01:00
e1a307e03a
Land #18450 , Add support for ruby 3.3.0-preview2
2023-10-13 11:55:43 +01:00
9def455f65
Land #18449 , Update mysql authbypass hashdump module to correctly close sockets
2023-10-13 11:43:59 +01:00
a1b3c8dc5f
Land #18438 , Improve UX for database management prompts
2023-10-13 11:16:37 +01:00
5f6b8dc7ef
Land #18381 , Add option to reload all libs when calling run or check on a module
2023-10-13 11:06:10 +01:00
Jack Heysel