700d063645
Implement copilot feedback
2026-03-26 14:43:33 -04:00
b743296f48
Reapply "This adjusts module options that need a routable address"
...
This reverts commit 628275ef59
2026-03-26 14:43:31 -04:00
1faa27f7e6
Fix encoding issues in files
2026-03-25 19:01:57 +00:00
bf1a12301b
Merge pull request #20967 from jheysel-r7/fix/lib/smb_relay_ruby_client_support
...
Add support for Ruby SMB Client and `smbclient` to be compatible with Msf::Exploit::Remote::SMB::RelayServer
2026-03-24 18:12:45 +01:00
45884fa090
Removed method parse override
2026-03-23 23:10:29 -07:00
b89fb5aa62
Merge pull request #21049 from h00die/fix_persistence_directory
...
better wriable_dir for windows persistence
2026-03-23 15:40:32 -04:00
7631b54c0f
better wriable_dir for windows persistence
2026-03-21 12:21:09 -04:00
d0551c397e
fix: correct typo 'recieved' to 'received' in two files
2026-03-21 13:24:51 +05:30
81b34421a9
Responded to comments
2026-03-19 14:15:49 -07:00
e9502ce7ed
Fix for gss token identification
2026-03-18 16:56:07 -07:00
a4a34410c7
Mech type update for ruby_smb
2026-03-18 11:18:28 -07:00
09bb0337d1
Merge pull request #20997 from Nayeraneru/OptTD
...
Introduce OptTimedelta
2026-03-17 18:41:42 -04:00
01d88791d2
Removed unnecessary code and module
2026-03-18 00:14:15 +02:00
143071ab36
Refactor duplicate code
2026-03-16 19:59:46 -07:00
e0a4b969ae
Add support for simplified single target relaying (smbclient)
2026-03-16 19:42:17 -07:00
b3aa45fb09
Land #20719 , adds module for authenticated command injection in FreePBX filestore (CVE-2025-64328)
...
Add authenticated RCE module for FreePBX filestore (CVE-2025-64328)
2026-03-13 11:00:43 +01:00
c882d91155
Merge pull request #21025 from Hemang360/cookie-jar-doc-fix
...
Fix HttpCookie integer conversion and cookie jar docs
2026-03-13 00:08:13 +00:00
ccf56437da
Merge pull request #20960 from g0tmi1k/dhcp_server
...
dhcp_server: Add DHCPINTERFACE
2026-03-12 15:48:36 -04:00
33eb773a4d
dhcp_server: Check to validate for _determine_server_comm
...
Untested - As requested by @smcintyre-r7
2026-03-12 17:29:21 +00:00
b2f1e46c82
OptString -> OptAddress
2026-03-12 16:41:25 +00:00
16b55848b4
Fix: Remove duplicate Content-Type header from FreePBX requests
...
send_request_cgi already sets Content-Type when vars_post is used.
Setting it manually in headers causes a duplicate header.
2026-03-11 20:09:52 +01:00
2b0f1c3c21
Fix: Omit default port from Referer header in FreePBX mixin
...
FreePBX rejects ajax requests when the Referer includes :80 for HTTP
or :443 for HTTPS. Only include the port when it differs from the
protocol default.
2026-03-11 20:06:08 +01:00
c42e44e349
Optimize FreePBX module: cache auth/version, reduce verbosity, inline single-use functions
2026-03-11 19:43:29 +01:00
c266e687c2
Add authenticated RCE module for FreePBX filestore (CVE-2025-64328)
2026-03-11 19:43:28 +01:00
31665e1b88
Land #20730 , Allow toggling the SACL in LDAP queries
...
# Release Notes
This update modifies the ldap_query module to skip querying the SACL (System Access Control List) on security descriptors by default. This behavior is now controlled by a new option, LDAP::QuerySacl. This change is necessary when using a non-privileged user to query security descriptors via LDAP; otherwise, querying the SACL will cause the entire query to be blocked, resulting in no security descriptors being returned.
2026-03-11 16:36:35 +01:00
e6ee6a7c94
Land #20961 , adds service reporting to Wordpress mixin
...
Update Wordpress Mixin to log services
2026-03-10 09:05:05 +01:00
c6aabc1c75
Land #21001 , adds module for SPIP Saisies plugin (CVE-2025-71243)
...
Add SPIP Saisies plugin RCE module (CVE-2025-71243)
2026-03-09 10:34:52 +01:00
628275ef59
Revert "This adjusts module options that need a routable address"
2026-03-08 17:37:49 +00:00
2eb160add6
dhcp_server: Add DHCPINTERFACE
2026-03-04 22:09:14 +00:00
821e3c28f1
Replace old patterns with srvhost_addr
2026-03-03 09:37:27 -05:00
3f2a07bdca
Update #make_steal_credentials_payload to just take url
2026-03-03 09:37:27 -05:00
1b528c78f0
Swap usages to #bindhost and #srvhost_addr
2026-03-03 09:37:26 -05:00
18bdbfa402
Update instances of #backend_url to use #get_uri
2026-03-03 09:37:26 -05:00
83a82ed043
Remove the extra argument
2026-03-03 09:37:26 -05:00
9df6879a95
Update modules to use srvhost method
2026-03-03 09:37:25 -05:00
a0fb02bd45
Default the address in the SMB share mixin
2026-03-03 09:34:49 -05:00
92e77de800
Update to use OptAddressRourtable for SRVHOST
2026-03-03 09:34:48 -05:00
ccc8367db5
Working Kerberoast and AS-REP modules with LDAP sessions
2026-03-02 15:33:36 +00:00
bfbc425469
Remove type check
...
Co-authored-by: gardnerapp <70026825+gardnerapp@users.noreply.github.com >
2026-03-01 15:12:44 +05:30
a6eb33b657
Fix httpcookie constructor to handle non string value
2026-02-27 14:58:37 +05:30
6a20b24d9c
Land #20740 , Separate SSL and SRVSSL options for client and server connections
2026-02-26 18:11:02 +01:00
44806b805f
Fix: Add http_server_ssl alias to resolve HttpClient/HttpServer mixin conflict
2026-02-26 17:23:39 +01:00
f2856c28b3
Update lib/msf/core/exploit/remote/socket_server.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2026-02-26 17:21:17 +01:00
3720803cdc
Update lib/msf/core/exploit/remote/http_server.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2026-02-26 17:21:03 +01:00
a26036ca7b
Update lib/msf/core/exploit/remote/http_server.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2026-02-26 17:20:37 +01:00
7e937b3d5a
Land #21010 , adds reporting the service to Gitlab mixin
...
Update Gitlab mixin logs
2026-02-26 16:14:35 +01:00
0e60332411
Minor code changes
2026-02-25 14:46:34 +01:00
98b3357e2a
Adds beyondtrust lib, moves functionality into library, shares those functions to two modules
2026-02-24 16:16:05 +01:00
ae24f73a73
more simplification for gitlab_version function
2026-02-24 02:42:10 +02:00
8df17c6c50
Simplifying version handling in GitLab exploit module
2026-02-24 02:26:14 +02:00
Spencer McIntyre