4f70be41ae
Removed lib include line as it became redundant
2023-05-16 23:02:55 -04:00
0bf5746bde
Added recommended folders to config
2023-05-16 18:25:37 -04:00
6fdc86db19
Set max files to 0
2023-05-16 18:25:07 -04:00
2e5b38e718
Merge branch 'master' into solargraph
2023-05-12 13:02:36 -04:00
f46967e2c4
Added config for solargraph to aid IDEs
2023-05-12 11:29:32 -04:00
b752735db1
Land #17967 , Fix ruby 3.1 crashes and resource leaks when garbage collecting Meterpreter resources
2023-05-12 14:14:02 +01:00
20ac531254
automatic module_metadata_base.json update
2023-05-11 13:11:32 -05:00
ff1331c11b
Land #17985 , fix typo in sticky_keys.rb
2023-05-11 18:50:18 +01:00
d24f5873bd
Update sticky_keys.rb
...
Persistance -> Persistence
Fix a small typo
2023-05-11 12:22:54 -05:00
484639a2e0
Bump version of framework to 6.3.17
2023-05-11 12:13:25 -05:00
3ffd072852
automatic module_metadata_base.json update
2023-05-11 10:24:58 -05:00
fa6a5e24f0
Land #17807 , Add in documentation on Metasploit's file system
2023-05-11 16:11:12 +01:00
63ffb850dd
Land #17984 , Fix kerberos datastore name typo in winrm docs
...
Fix kerberos datastore name typo in winrm docs
2023-05-11 09:56:22 -05:00
eb959e2e40
Land #17060 , GSoC Project: Implement HTTP-Trace enabled login scanners
2023-05-11 15:45:01 +01:00
e3e23d3d7c
automatic module_metadata_base.json update
2023-05-11 09:42:41 -05:00
020ee7ca5c
Land #17964 - Pentaho Business Server Auth Bypass and SSTI - CVE-2022-43769 and CVE-2022-43939
2023-05-11 09:28:55 -05:00
dbda20d40b
Land #17980 , Fix Powershell session's #exist?
...
Replace [System.IO.File]::Exists with Test-Path
2023-05-11 09:10:43 -04:00
fe63d80679
Fix issues: double encoding bug, nessus scanner logging, remove dead cgi option
2023-05-11 13:01:52 +01:00
55de00911f
Fix kerberos datastore name typo in winrm docs
2023-05-11 12:40:00 +01:00
9f0a6503b7
require.js is not the only way, account for this new discovery in code
2023-05-10 13:02:02 -05:00
5d4e68d36c
Add Metasploit payload example and remove message that may suggest successful exploitation occurred even when it didn't
2023-05-10 10:36:29 -05:00
1b8f1de7c8
Add in fixes from review, add archive of software, and use uri_encode_mode for encoding parameters.
2023-05-10 10:16:08 -05:00
62e59e6250
Replace [System.IO.File]::Exists with Test-Path
...
The exists? method in post/file has a different implementation for
PSH sessions than other shells which are testing for the existence
of a path, not the presence of a file.
Fix this by replacing [System.IO.File]::Exists with Test-Path.
Testing:
```
PS C:\Windows\system32> [System.IO.File]::Exists("C:\")
False
PS C:\Windows\system32>test-path C:\
PS C:\Windows\system32> test-path C:\
True
```
2023-05-10 11:10:08 -04:00
87ba25c706
automatic module_metadata_base.json update
2023-05-10 05:06:35 -05:00
a485a786ef
Land #17881 , Zyxel chained RCE using LFI and weak password derivation algorithm
2023-05-10 11:49:51 +02:00
4f8024454c
Updates based on cdelafuente-r7 latest comments
2023-05-10 07:46:11 +00:00
79d35ad938
Fixed check method
2023-05-09 14:25:03 -05:00
eca87ea2eb
Updated side effects and fixed fail_withs
2023-05-09 14:25:03 -05:00
348750ea70
Updated Authors
2023-05-09 14:25:02 -05:00
07056a74bc
Pentaho Business Server Auth Bypass and SSTI
2023-05-09 14:24:51 -05:00
908f7ad3f3
Land #17972 , updates to some of the example modules to keep them in line with framework changes
2023-05-09 18:46:25 +01:00
4e85f9e4da
automatic module_metadata_base.json update
2023-05-08 17:36:25 -05:00
6dbee6e6f6
Land #17968 , Fix a bug in ACE processing when searching for ESC vulnerabilities
2023-05-08 17:12:12 -05:00
bc25907d1e
Add additional clarity to some segments of the module
2023-05-08 16:43:26 -05:00
cdab415ffb
Fix a bug in ACE processing
...
There was an issue in the ACE processing where only ACEs corresponding
to an object were processed for SIDs with enrollment rights. The
processing should also process ACEs that grant the enrollment right and
are not related to any objects. In other words, only ACEs associated
with an object that is neither the CERTIFICATE_ENROLLMENT_EXTENDED_RIGHT
or CERTIFICATE_AUTOENROLLMENT_EXTENDED_RIGHT right should be ignored.
2023-05-08 16:00:38 -05:00
12911d10fb
review comments
2023-05-08 15:25:31 -04:00
4fa6022adb
automatic module_metadata_base.json update
2023-05-08 13:49:17 -05:00
89889d5e79
Land #17133 , Add manageengine adaudit plus authenticated rce module and docs - CVE-2021-4284
2023-05-08 13:23:38 -05:00
f773d348e1
Add in notes about reliability of the module, and also add documentation on 7005 test on Windows 2022
2023-05-08 12:11:01 -05:00
c221edb1ec
Add in ADAudit Plus build 6077 testing examples
2023-05-08 11:45:44 -05:00
0ace550537
small updates to example modules
2023-05-07 13:02:30 -04:00
51ab9746fb
Updates based on cdelafuente-r7 comments
2023-05-06 19:05:21 +00:00
069ad805c1
Fix ruby 3.1 crashes when garbage collecting meterpreter resources
2023-05-05 14:04:17 +01:00
b8856bbb87
fix capitalization of Htlm_fileName JSON parram
2023-05-05 09:59:11 +03:00
19651633c4
Update the installation instructions to resolve some issues encountered during testing
2023-05-04 18:26:54 -05:00
adec2f4fbb
Update the login.rb code so we aren't as strict on cookies since older versions sometimes use JSESSIONIDADAPSSO instead of JSESSIONIDSSO for login cookies
2023-05-04 15:40:39 -05:00
8c7ae1b6bb
Minor update to comments for clarity
2023-05-04 15:12:32 -05:00
c088430bd9
improve sanity checks in login method and other code review fixes
2023-05-04 15:12:31 -05:00
f27fc28411
Perform review updates
2023-05-04 15:12:31 -05:00
9b596b3efd
minor changes
2023-05-04 15:12:31 -05:00
RadioLogic