58aed837b2
Update docs and options
2022-03-01 14:48:48 -06:00
3ea032472d
Updated exploit with better check method, added OnSessionCmd option
...
to run a command when a session is bootstrapped, added more
documentation.
2022-02-18 16:30:47 -06:00
97d83f3fd5
cve_2021_4034_pwnkit_lpe_pkexec.md
2022-01-27 18:32:46 +04:00
44f040ad78
Land #16056 , Exploit Module for Grandstream UCM62xx IP PBX (CVE-2020-5722)
2022-01-24 21:03:46 -06:00
15751a0f78
Minor langauge fix and final typo
2022-01-24 21:01:34 -06:00
2c989ec714
Addressed multiple review comments (spelling, doc details, randomization, etc)
2022-01-22 14:09:58 -08:00
458d584f83
Add details to check codes and PR feedback
2022-01-21 09:40:23 -05:00
579627f5c7
Update docs, note OS X support
2022-01-20 10:47:11 -05:00
ba469a4b2c
Add version detection to the Unifi exploit
2022-01-20 09:26:48 -05:00
ef344d9d12
Add the Unifi Log4Shell RCE exploit
2022-01-19 17:51:31 -05:00
4cf3ae352c
Land #16050 , Log4Shell: vCenter RCE
...
Merge branch 'land-16050' into upstream-master
2022-01-19 16:30:33 -06:00
8bb3e39fd7
Land #16036 , Add Grandstream GXV3175 'settimezone' Unauthenticated Command Execution
2022-01-19 10:58:42 -06:00
ee2feb1207
Add Grandstream GXV3175 'settimezone' Unauthenticated Command Execution
2022-01-19 00:04:15 +00:00
4ebb702405
Added an exploit for Grandstream UCM62xx IP PBX (CVE-2020-5722)
2022-01-15 12:46:56 -08:00
3f04b80d8b
Add vCenter Log4Shell docs
2022-01-13 14:50:28 -05:00
435e79aaef
Land #16041 , add SonicWALL cmd injection
2022-01-12 13:23:57 -06:00
877bab6f2a
Land #15969 , Log4j2 HTTP Header Injection Exploit
2022-01-11 16:52:08 -05:00
7b64383040
Preemptively tweak references to ysoserial
2022-01-11 16:25:21 -05:00
d4ee9a0183
Initial commit of CVE-2021-20039 exploit
2022-01-10 12:43:50 -08:00
3f15c9ecc1
Writeup the module docs
2022-01-07 17:30:39 -05:00
41ebb3aa29
Land #15903 , SMB Shadow Module: Direct SMB Session Takeover
2022-01-07 16:57:17 +01:00
3051c5d9f5
Add mutex to cleanup in smb_shadow
...
The mutex will prevent multiple calls to cleanup when the module is
stopped with Ctrl-C. Add a Notes section to the documentation which
describes arpspoof usage and such.
2022-01-07 14:18:15 +09:00
3ef9afb0fc
Land #15988 , add wp catch themes file upload
2022-01-04 14:44:06 -06:00
c6372ecdf1
more wp catch themes doc and error handling
2022-01-04 04:34:42 -05:00
d8255978ac
Wordpress Plugin Catch Themes Demo Import cve-2021-39352
2021-12-24 11:56:51 -05:00
d55af3aa00
Add module doc
2021-12-23 12:27:57 -06:00
4e0fc5a4e5
Wordpress Plugin Catch Themes Demo Import cve-2021-39352
2021-12-21 20:04:09 -05:00
2705d6ae94
Land #15948 , Wordpress wp_popular_posts rce
...
Merge branch 'land-15948' into upstream-master
2021-12-20 09:28:23 -06:00
1915b1395e
Land #15742 , Added module for CVE-2021-40444
2021-12-08 17:46:02 -05:00
2f6710e02e
Remove the Not_Hosted target
...
It's not currently working and Metasploit should just handle everything
2021-12-08 17:22:44 -05:00
75deb69eab
Reformat the CVE-2021-40444 module docs
2021-12-08 16:45:22 -05:00
22ecedf135
wp_popular_posts_rce
2021-12-08 16:45:19 -05:00
852230c739
Fix bug brought in by importing Msf::Post::File
...
Split out javascript to a file and deobfuscate it
Update documentation for new targets
Fix other small suggestions
2021-12-08 10:36:27 -06:00
609bf4be3c
Update smb_shadow module to clean unnecessary code
...
Remove the return statement after fail_with which will never be reached.
Add documentation for the module options. Reset the packet forwarding
settings during the module cleanup.
2021-12-07 08:41:52 +09:00
260ea0725c
Update smb_shadow module and docs for review
...
Add mutex to module to prevent race condition. Add sleep to after arp
query to prevent arp cache restoration. Add DefangedMode to indicate
system network changes. Change module INTERFACE option to be explicit.
Remove unnecessary module payload parameters. Add module Notes.
2021-12-03 14:33:40 +09:00
77812ae4c4
Update documentation for multiple binaries, add targeting data,
...
other bcoles improvements
2021-12-02 09:57:48 -06:00
1f33305ce1
Add documentation
2021-12-01 14:54:48 -06:00
14064ff3f9
Update module description and remove extra module.
2021-11-29 15:23:02 -06:00
5fab1da09b
ms03_026_dcom: cleanup
2021-11-28 08:25:31 +00:00
e19511a31c
Update documentation for the smb_shadow module.
...
Add additional clarity and details to the existing documentation for the
smb_shadow module. Remove some outdated comments and fix some spelling
errors.
2021-11-25 08:12:13 +09:00
344bdacae4
Remove preferred payload
...
We'll add it back to Framework later.
2021-11-24 10:44:59 -06:00
e2734293e1
Add SMB Shadow Module: Direct SMB Session Takeover
...
This module intercepts direct SMB connections on the LAN.
Both the SMB Server and Client must be on the LAN.
The SMB Client must be authenticating to the Server as an Administrator.
This module is dependent on an external ARP spoofer.
2021-11-24 20:05:30 +09:00
d2c322e875
Revert option name styling in module doc
...
Bug in our local renderer's styling. GitHub renders it just fine.
2021-11-23 19:05:26 -06:00
053dc70782
Add words to module doc
2021-11-23 19:05:09 -06:00
a8daed1e79
Add module doc
2021-11-23 19:05:09 -06:00
7f6d661ff7
Land #15866 , Add Exploit For CVE-2021-38294 (Apache Storm Nimbus getTopologyHistory RCE)
2021-11-18 17:02:50 -06:00
725c5f8d8c
Add in another scenario into documentation and add additional detail to one setup step
2021-11-18 17:01:25 -06:00
a915c3ce5c
Add fixes for some of the issues raised during the review process on both the documentation and module side of things
2021-11-17 17:25:50 -06:00
a100cd77ae
Land #15858 , Add exploit for CVE-2021-42237
2021-11-15 14:24:47 -05:00
0b3f95abca
Writeup the module docs and move the protocol code
2021-11-12 15:15:51 -05:00
bwatters