c8819259ae
Land #14414 , CVE-2020-1337 - patch bypass for CVE-2020-1048
2021-01-15 19:13:14 +01:00
d8e68e6487
Specify you must be SYSTEM for dll removal in docs and removed unused variable in the module
2021-01-12 11:45:53 -06:00
33bd712e0a
Land #14585 , Create module for CVE-2020-17136: Cloud Filter Arbitrary File Creation EoP
2021-01-11 17:16:40 -05:00
50e115b414
Cleanup and edits per review from Christophe
...
Removed unused method from ps script
Cleaned up some code in the module
Added removal instructions to the documentation
2021-01-11 16:02:58 -06:00
7aef731267
Land #14572 , add AIT CSV import rce
2021-01-11 15:37:05 -06:00
7d7263cf1f
spelling
2021-01-09 08:13:19 -05:00
3072391d00
Make second round of review edits to fix Spencer's comments
2021-01-08 12:50:52 -06:00
3e52debd8b
Update the exploit a bit more to remove excess options and also update the documentation accordingly.
2021-01-06 12:16:06 -06:00
17c393f101
Land #14046 , Adding juicypotato-like privilege escalation exploit for windows
2021-01-06 16:02:05 +01:00
863417fca7
Second round of updates and some rubocop changes to conform to standards.
2021-01-06 01:30:40 -06:00
81ee149ea2
Add check code support to module and update the documentation accordingly, plus rework the module description
2021-01-06 01:06:08 -06:00
54f5e565fa
Land #14330 , SpamTitan Gateway Remote Code Execution
...
Merge branch 'land-14330' into upstream-master
2021-01-04 12:14:12 -06:00
d8c55501a5
ait csv improter exploit
2021-01-01 12:14:52 -05:00
7de662c807
Land #14521 , Struts2 Multi Eval OGNL RCE
2020-12-23 11:40:16 -06:00
70f8ff31f8
Update documentation to include missing extra options I forgot to document, edit the wording on the module to match the documentation, and do final touch ups.
2020-12-23 10:50:22 -06:00
799b451324
Add in updates to documentation to fix spelling mistakes and to also add in missing documentation for some options, plus to make some explanations a bit clearer.
2020-12-22 17:33:40 -06:00
d2ca5d331d
Add documentation
2020-12-22 14:14:20 -06:00
4a449f97d3
Land #14522 , Replace hard-coded Shiro default key with ENC_KEY
2020-12-22 09:26:49 -06:00
24e8aeffe5
Incorporate review feedback and update the associated documentation.
2020-12-21 17:29:21 -06:00
39110d04f0
Add note about needing an Oracle account
2020-12-18 21:20:29 -06:00
4d85602fae
Fix incorrect scenario header in module doc
...
I retested in VirtualBox and updated the output but not the header.
2020-12-18 21:15:05 -06:00
57c57a398d
Adding new check to filter out Windows 7 and Windows XP. Indeed, lab experiments has shown that BITS does not attempt to connect to WinRM port, making those systems not vulnerable.
2020-12-19 02:51:48 +01:00
dc6b67f4c6
Land #14509 , Fixes for Solr RCE
2020-12-18 21:51:06 +01:00
9b8b4621df
Land #14368 , Pulse Connect Secure gzip RCE: cve-2020-8260
2020-12-17 17:43:55 -05:00
87dacce2cd
Land #14446 , Add Oracle Solaris SunSSH PAM parse_user_name() exploit (CVE-2020-14871)
2020-12-16 16:01:32 -05:00
c586bde50d
Update documentation to add SNMPPORT option description
2020-12-16 15:20:10 +01:00
60bcc95edc
Fix documentation
2020-12-16 15:15:27 +01:00
298deae709
Add documentation
2020-12-16 15:15:27 +01:00
3d7ed70cec
Tweak the check method and add module docs
2020-12-15 19:49:29 -05:00
246c455c96
Reformat the struts2_namespace_ognl module docs
2020-12-15 09:13:06 -05:00
a30cdfc892
Fix #14254 , Add CVE-2020-1054, win32k DrawIconEx OOB Write LPE
2020-12-14 14:54:54 +00:00
98d6364248
Land #14482 , Use CVE-2020-5752 path traversal bypass for CVE-2019-3999
2020-12-14 15:10:09 +01:00
f255724e01
Changes to support older Solr (tested 5.3.0)
...
Use a new parameter instead of a header because older versions don't
have access to the request object.
There was an issue where the exploit would fail if the exec returned -1
despite the payload otherwise working, fixed by not trying to return
output in that case.
Also updates the documentation to reflect that we have a Java target now
and quoting is no longer a concern.
2020-12-13 19:05:47 -06:00
ba125c1c64
Merge remote-tracking branch 'upstream/master' into feature/solaris
2020-12-11 14:25:05 -06:00
e02451fe13
Fixing mistake in doc.
2020-12-11 04:53:37 -05:00
9c9e8929af
Adding a scenario.
2020-12-11 04:50:53 -05:00
53a12a7984
Updating doc.
2020-12-11 03:53:25 -05:00
83943adf8b
Land #14466 , add Aerospike UDF rce
2020-12-10 11:07:56 -06:00
a9e231ad0a
Use CVE-2020-5752 path traversal bypass for CVE-2019-3999
2020-12-10 12:14:47 +00:00
c005492ee9
Updating doc.
2020-12-10 00:58:53 -05:00
9452c1dcfa
Fix merge conflict from #14202 , in linear history
2020-12-09 17:24:29 -06:00
d337d832b8
Land #14422 , add GitLab file read/rce
2020-12-09 11:34:14 -06:00
fb9b1c5de4
Land #14409 , add weak services technique to the service permissions LPE
2020-12-09 17:16:53 +00:00
6d7c6c054a
Update the module docs with more details for the registry technique
2020-12-08 17:39:34 -05:00
c86f93b9c0
Updating list of tested machines.
2020-12-07 21:38:42 -05:00
8e1cab0131
Land #14339 , add flexdotnetcms rce
2020-12-07 14:28:01 -06:00
d208e441ba
Update the documentation
2020-12-07 10:54:20 -05:00
a69269a101
Update module doc
2020-12-07 01:35:59 -06:00
af27d91eea
Fix download link
...
I was logged in.
2020-12-07 01:35:13 -06:00
9ac5725ce3
Show how to find libc base
2020-12-07 01:35:13 -06:00
Christophe De La Fuente