2dfe97673a
Bump metasploit_payloads-mettle to 1.0.31
2024-07-16 11:47:14 -04:00
8a0c65e603
Update geoserver_unauth_rce_cve_2024_36401.rb
...
looks like a copy/paste typo from another exploit
2024-07-16 11:20:35 +02:00
882a283ea9
Land #19322 , Bump metasploit_payloads-mettle to 1.0.30
...
Bump metasploit_payloads-mettle to 1.0.30
2024-07-15 09:02:39 -04:00
f7449ea850
Land #19311 , Add GeoServer unauth RCE module
...
This adds an exploit module for CVE-2024-36401, an unauthenticated RCE
vulnerability in GeoServer versions prior to 2.23.6, between version
2.24.0 and 2.24.3 and in version 2.25.0, 2.25.1.
2024-07-12 11:07:36 -07:00
c5dad68322
Remove comma after the last item of a hash
2024-07-12 13:38:59 -04:00
292c177b74
Apply suggestions from code review
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-07-12 19:20:46 +02:00
5d1ee84cb0
Bump metasploit_payloads-mettle to 1.0.30
2024-07-12 05:17:19 -04:00
5d210b548b
added windows support
2024-07-11 16:34:07 -07:00
4e76068cea
added armle architecture support
2024-07-11 21:42:45 +00:00
1ee2131d8d
update based on cgranleese-r7 review comments
2024-07-11 16:12:52 +00:00
f9bd079618
Apply suggestions from code review
2024-07-10 20:45:53 -04:00
28d6ef92dd
fourth release module
2024-07-10 21:44:28 +00:00
92637c4293
third release module
2024-07-09 21:54:55 +00:00
108e60ae4d
Peer review suggestion to swap out fail_with for print_error
...
If the response to the code execution request isn't a 200, the module should error instead of fail. All versions tested returned 200s, but it's a great point that some Confluence versions might return a different status code but still pop a shell.
2024-07-09 16:23:25 -05:00
abb02a91d5
Add suggested Appears/Safe change from peer review
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-07-09 16:16:41 -05:00
0852fbfeb8
Remove two whitespaces that snuck in
2024-07-09 14:34:33 -05:00
8ee90bf2c7
Adding module for CVE-2024-21683
...
This adds a module to exploit an authenticated admin-level Rhino script engine injection vulnerability for RCE in Atlassian Confluence.
2024-07-09 14:19:15 -05:00
aabd9febb2
Land #19274 , Ivanti EPM SQLi to RCE
...
This adds an exploit for CVE-2024-29824, an unauthenticated SQLi
which can be used to obtain RCE in Ivanti Endpoint Manager 2022 SU5 and
prior
2024-07-08 12:52:34 -07:00
702aff81ce
second release module
2024-07-08 19:35:34 +00:00
8e598acaeb
first draft release
2024-07-08 06:53:16 +00:00
f7902c2826
Land #19295 , MOVEit Transfer SFTP auth bypass
2024-07-04 04:27:50 -04:00
df8f281d18
Land #19204 , Zyxel VPN Series Pre-auth Command Injection
2024-07-03 20:14:39 +02:00
b67f05f50d
Apply suggestions from code review
2024-07-03 13:51:50 -04:00
7e4c6ca028
Added code to print stdout of payloads without reverse connections
2024-07-03 09:36:36 -07:00
cb3966da7f
reduce the nesting in read_file by 2 levels
2024-07-03 17:12:03 +01:00
4ca2ce35eb
use synchronous calls to open, read and close (as the async calls were not being waited on, so moving to the sync implmentations of these avoids that problem), thanks @cdelafuente-r7 :)
2024-07-03 16:38:31 +01:00
0b6d3057ca
fix typos in comments
2024-07-03 16:36:15 +01:00
1e0db9ec83
Land #10113 , Azure CLI steal tokens post module.
2024-07-03 11:32:04 -04:00
1d602da6b5
Added space between command and stderr/stout redirection
2024-07-03 08:23:38 -07:00
9d5ea1f2b7
call sftp.close in an ensure block in case seomthing throws an excpetion. we probably dont *have* to do this (as teh SFTP session will be torn down either way), but it seems like best practise *to* so this.
2024-07-03 16:21:42 +01:00
e1916974a1
we can use glob rather than foreach to recursivly list the contents of a folder
2024-07-03 16:20:27 +01:00
840da8d181
explicitly register an Opt::Proxies option
...
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com >
2024-07-03 10:45:45 +01:00
8422b4cf39
add in support to net/sftp for Metasploits pivot system, by using a new Rex::Socket::Tcp socket when creating the underlying SSH protocols socket.
2024-07-02 16:09:25 +01:00
ec32b76904
The RPORT we register as an option should be 22, not 80. We can also remove the DefaultOptions, RPORT is covered and SSL does not make sense here.
2024-07-02 15:55:09 +01:00
0d7efcaabc
add in AKB analysis link and fix some typos
2024-07-01 09:25:19 +01:00
90ef017cfb
Land #19289 , Update apache_nifi_credentials algo regex
2024-06-28 15:59:24 +01:00
eb0933fc9a
Update apache_nifi_credentials algo regex
2024-06-28 10:36:35 -04:00
52142f280f
MS-9454 Redis Scanner: Support versions
...
Updating the Redis Login Scanner to properly support all versions of Redis and their implementations to handle the `AUTH` command.
2024-06-28 15:25:49 +02:00
6dc1b6a6e4
fix slashes for linux on azure_cli
2024-06-27 10:45:05 -04:00
aff9e07f1f
add in the aux gather module for CVE-2024-5806
2024-06-27 09:32:47 +01:00
a5afdd6e04
Land #19205 , Add MS-NRPC users enumeration module
2024-06-24 18:52:47 -04:00
858a2f8400
Fix rubocop issues
2024-06-24 18:21:49 -04:00
b4975f6a23
updates to azure cli creds
2024-06-24 17:06:04 -04:00
9cfaa2e69f
Lowered rank and explained mock testing
2024-06-24 09:13:46 -07:00
dc2adc0798
Land #19259 , warn on weak meterpreter keys
...
Fixing meterpreter to support is_weak_key byte flag from mettle
2024-06-24 08:58:40 -04:00
24fa34e7b9
Land #19188 , Netis MW5360 unauthenticated RCE [CVE-2024-22729]
2024-06-24 13:40:51 +02:00
09debbb93f
fix: fixed rubocop issue
2024-06-24 05:33:30 -04:00
2de112891c
fix: fixed payload cached size
2024-06-24 05:21:07 -04:00
2f238fcd24
Code review
2024-06-21 10:13:08 +02:00
ecb628eaab
Add module and documentation
2024-06-20 15:30:54 +02:00
dledda-r7