8e4a33f2a2
Land #15223 , move TokenMagic validation logic
2021-05-24 14:51:13 -05:00
8e1391f098
Land #15216 , Fix targeting for CVE-2021-21551
...
Merge branch 'land-15216' into upstream-master
2021-05-21 14:56:08 -05:00
72375d1f67
Land #15024 , Add RCE Exploit For CVE-2020-0796 (SMBGhost)
...
Merge branch 'land-15024' into upstream-master
2021-05-20 17:02:04 -05:00
a6f650a1a3
Add a clear warning about instability due to KPP
2021-05-20 17:28:14 -04:00
a89fffade1
Update check method and move it to earlier in the module to prevent crashing
...
on windows 7 sp0 targets.
2021-05-19 15:58:40 -05:00
133b40de30
Land #15212 , Converts Python shebangs over to Python 3
2021-05-19 10:39:09 -05:00
56388cd696
Land #15146 , Add support for extra OSes for CVE-2021-3156 (Baron Samedit)
2021-05-18 18:02:30 -04:00
a8a1cf75b8
Reorder the Fedora targets to be descending
2021-05-18 18:02:12 -04:00
47633ac9e6
Land #15205 , Fix TLS bug for gitlab file read RCE module to work on TLS enabled GitLab servers
2021-05-18 16:02:04 -05:00
78d47b11f2
Add targeting for Windows 10 v21H1
2021-05-18 12:56:02 -04:00
a894b8cc29
Updates Python shebangs to Python 3
2021-05-18 12:43:04 +01:00
aad4ea8e09
Add check
...
Thanks to @adfoster-r7 for the round of golf!
2021-05-17 13:58:03 -05:00
47740c8ac3
Add NetMotion Mobility CVE-2021-26914 exploit
2021-05-17 13:58:03 -05:00
aee65a6d8d
Fix indentation
2021-05-17 23:31:49 +08:00
5e04eec4fc
Update fix
...
Changing the regex to solve the bug
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com >
2021-05-17 23:27:12 +08:00
e0f6700a7e
Add empty line
2021-05-17 23:10:29 +08:00
ce4748494a
Fix whitespace issue
2021-05-17 23:07:05 +08:00
e7983c3b6f
Land #15192 , Enforce Style/RedundantBegin for new modules
2021-05-17 09:51:57 -05:00
69b1f4bbc7
Bug fix
...
Fix bug that prevent the module from working on SSL enabled GitLab server
2021-05-16 14:23:16 +08:00
7a9050c7ea
Fix up check method so that it will correctly warn the user that the target might not be vulnerable only cause the DLL hijacking technique doesn't work on certain targets.
2021-05-14 17:47:39 -05:00
c8b62a1ff9
Fixed check method nil check, update numberd list in docs, added wfsdelay warning when in dll mode
2021-05-14 17:47:31 -05:00
950bbad852
Removed nil script check, updated docs
2021-05-14 17:47:15 -05:00
eb4573164b
Addressed comments
2021-05-14 17:46:26 -05:00
e29dce4f08
Removed comments from powershell script
2021-05-14 17:45:42 -05:00
d23df37b62
Responded to comments, refactored to remove duplicate code
2021-05-14 17:44:08 -05:00
d5f2cfb3de
Added x86 codepath for uso trigger
2021-05-14 17:44:08 -05:00
b112aae55c
Rubocop offense
2021-05-14 17:44:08 -05:00
fab3a9afc8
Added wfsdelay, updated docs
2021-05-14 17:44:07 -05:00
addc1ad601
Replace shelled usoclient call with uso_trigger
2021-05-14 17:44:07 -05:00
5640dac24d
Fixed sc command, updated check method, moved tokenmagic.ps1
2021-05-14 17:44:07 -05:00
ca637be0c9
Fixed powershell script, updated authors
2021-05-14 17:44:06 -05:00
1eab94cc26
beta draft
2021-05-14 17:43:44 -05:00
8792febcf8
Land #15190 , Add Exploit For CVE-2021-21551 (Dell DBUtil_2_3 IOCTL)
...
Merge branch 'land-15190' into upstream-master
2021-05-14 13:55:12 -05:00
ac2c467121
Land #15011 , Enhance analyze command API to understand modules' needs
2021-05-14 14:30:33 +01:00
d990e884af
Add and test even more targets
2021-05-13 17:27:58 -04:00
eb89550f85
Clear up some target offset discrepancies
2021-05-13 16:06:15 -04:00
7d841a0f79
Add a target for Windows 7 x64
2021-05-13 14:24:15 -04:00
4825407d21
Add a target for Windows 8.1 x64
2021-05-13 12:56:47 -04:00
100da2f1b1
Enforce Style/RedundantBegin for new modules
2021-05-13 04:01:03 +01:00
477749f77f
Refactor the code to be reusable and add docs
2021-05-12 16:36:17 -04:00
d3de52da59
The exploit is now functional for Win10 v1803-20H2
2021-05-12 16:14:59 -04:00
1a321e3cc1
Land #15164 , Converts Cockpit CMS to use new CookieJar API
2021-05-12 19:25:47 +01:00
5a0360228f
Update cockpit cms module
2021-05-12 17:20:31 +01:00
5290549cac
Land #15185 , Add CVE-2021-22204 ExifTool ANT perl injection
2021-05-11 16:41:44 -05:00
23bab9405a
Land #15175 , Change depreciated URI::encode call to URI::encode_www_form_component within rejetto_hfs_exec
2021-05-11 11:21:50 -05:00
acd79d41b7
Appease rubocop
2021-05-11 12:11:22 +10:00
fa73c0af3e
Add CVE-2021-22204 ExifTool ANT perl injection
2021-05-11 12:02:12 +10:00
b9d45af201
Land #15167 , Ensure Adobe Sandbox Collab Sync session types is an array
2021-05-10 10:52:55 -05:00
54dbedf181
URI.escape is obsolete and needs to be updated
...
The current code results in the following error :
```
[*] Started reverse TCP handler on 192.168.1.105:4444
[*] Using URL: http://0.0.0.0:8080/o6wYorU
[*] Local IP: http://192.168.1.105:8080/o6wYorU
[*] Server started.
[*] Sending a malicious request to /
/usr/share/metasploit-framework/modules/exploits/windows/http/rejetto_hfs_exec.rb:110: warning: URI.escape is obsolete
/usr/share/metasploit-framework/modules/exploits/windows/http/rejetto_hfs_exec.rb:110: warning: URI.escape is obsolete
[*] Server stopped.
[!] This exploit may require manual cleanup of '%TEMP%\jsywNguEzNXZF.vbs' on the target
[*] Exploit completed, but no session was created.
```
This minor edit should fix it.
2021-05-09 12:40:48 +05:30
48697625da
Ensure adobe sandbox collab sync session types is an array
2021-05-07 18:51:06 +01:00
Shelby Pace