de5f335618
Fix formatting
2020-08-17 11:53:39 -05:00
0c34c2559e
Remove no-op Nokogiri::XML pretty printing
...
ea1f3d60f1
2020-08-17 11:16:11 -05:00
27ae6c4edd
Land #13986 , Add CVE-2020-16205 exploit for Geutebruck G-CAM
2020-08-17 09:24:32 -05:00
ea1f3d60f1
Adjust XML whitespace and add commands to the setup docs
2020-08-17 10:03:44 -04:00
eda222434f
Execute commands in a shell
2020-08-14 21:46:34 -05:00
22cf22fe53
Fix ARCH_CMD payload
...
Currently, we're not invoking within a shell.
2020-08-14 21:46:34 -05:00
f151c511bc
Explain what we're doing in the check
2020-08-14 21:46:34 -05:00
d3febe3284
Set SSL as a DefaultOption and update RPORT
2020-08-14 21:46:34 -05:00
46b6368597
Add Apache OFBiz XML-RPC Java deserialization
2020-08-14 21:46:34 -05:00
4a8b64a12f
Use WritableDir in execute_cmdstager, too
2020-08-14 21:07:08 -05:00
93fa66bfc5
Update geutebruck_testaction_exec.rb
...
And a fix for the fix ;)
I guess now everything will work as intended !
2020-08-15 00:56:53 +02:00
1da359ee01
Merge with last fix. This fix just fixes a issue with a method call as I tried calling the nonexistant method .true?
2020-08-14 17:49:02 -05:00
896c8aacae
Add in AutoCheck mixin so that we ensure targets are vulnerable before attempting to exploit them.
2020-08-14 17:27:39 -05:00
898f94320c
Add in fixes to check method so that the code will return the correct status if the connection fails
2020-08-14 17:18:31 -05:00
f3fdcf4343
Update geutebruck_testaction_exec.rb
...
Oops sorry, don't know what this "return true" was doing there.
2020-08-14 23:56:21 +02:00
f726967ba7
Update geutebruck_testaction_exec.rb
...
with the updated check using `Gem::Version`
2020-08-14 23:17:26 +02:00
a6f7c0c0de
Backport miscellaneous fixes to my modules
2020-08-14 13:40:23 -05:00
0dc53c46d4
Apply Rubocop fixes I forgot about and update the module description to add in missing information about affected parameters
2020-08-13 15:23:09 -05:00
c59b3835f9
Fix up module description to have better sentence structure and English and to also include the actual versions of the products that were affected in addition to the firmware versions. This prevents people from having to read the documentation to find affected targets
2020-08-13 15:18:10 -05:00
3c70f37dbe
Update exploit ranking to reflect the fact that this is a CMD Injection vulnerability with no chance of crashing the host
2020-08-13 14:40:33 -05:00
959689d5de
Update geutebruck_testaction_exec.rb
...
Fixed rubocop offenses / msftidy warnings and added @bcoles enhancements.
2020-08-13 14:29:31 -05:00
5f6a0746a6
Update modules/exploits/linux/http/geutebruck_testaction_exec.rb
...
Co-authored-by: bcoles <bcoles@gmail.com >
2020-08-13 14:29:30 -05:00
a69d941a72
Update modules/exploits/linux/http/geutebruck_testaction_exec.rb
...
Co-authored-by: bcoles <bcoles@gmail.com >
2020-08-13 14:29:30 -05:00
4ceb542fac
Update modules/exploits/linux/http/geutebruck_testaction_exec.rb
...
Co-authored-by: bcoles <bcoles@gmail.com >
2020-08-13 14:29:30 -05:00
a5e25f5a42
Add exploit for Geutebruck G-CAM
2020-08-13 14:29:28 -05:00
35017886b8
Land #13935 , Preliminary Version 6
2020-08-06 10:19:34 -05:00
fade2c76b5
Land #13904 , Added Module: priviledged docker container escape
...
Merge branch 'land-13904' into upstream-master
2020-08-04 14:39:17 -05:00
9aa26d1208
Merge upstream into 6.x
2020-08-03 11:43:47 -05:00
10e591ae24
Randomized exploit filenames
2020-07-30 17:35:30 +01:00
f424887536
Using upload_and_chmodx function and linting
2020-07-30 17:04:45 +01:00
f4ae295572
added autocheck mixin
2020-07-26 10:10:13 +01:00
be1fa2ae95
Update modules/exploits/linux/local/docker_privileged_container_escape.rb
...
Co-authored-by: bcoles <bcoles@gmail.com >
2020-07-26 09:44:51 +01:00
0533167418
Update modules/exploits/linux/local/docker_privileged_container_escape.rb
...
Co-authored-by: bcoles <bcoles@gmail.com >
2020-07-26 09:44:38 +01:00
ce22c58a1d
Update modules/exploits/linux/local/docker_privileged_container_escape.rb
...
Co-authored-by: bcoles <bcoles@gmail.com >
2020-07-26 09:44:21 +01:00
140bf04d87
Update modules/exploits/linux/local/docker_privileged_container_escape.rb
...
Co-authored-by: bcoles <bcoles@gmail.com >
2020-07-26 09:44:07 +01:00
3d3dcc503f
Added docker priviledged container escape
2020-07-25 12:14:30 +01:00
3dbb63241c
Land #13853 , bpf signed ext privesc improvements
2020-07-22 14:09:17 -05:00
d34ab2bd98
Land #13859 , remove fail_with call from exim4_deliver_message_priv_esc check method
2020-07-22 10:16:45 +01:00
96fea955d0
Remove fail_with from check method
2020-07-18 10:00:14 +00:00
d5d4716b1c
Update TMSH escape reliability notes
...
What's strange is that if the stars align, like if the system has been
"used" enough, the exploit is incredibly reliable. Maybe my test
environment is bonkers.
2020-07-17 06:26:00 -05:00
c082ccd337
Make Meterpreter the default target
2020-07-17 06:10:53 -05:00
1ae689ce5f
Improve robustness by refactoring error handling
...
tmshCmd.jsp is extremely unreliable!
2020-07-17 05:23:42 -05:00
fe773c0422
Use Msf::Exploit::Remote::AutoCheck and Msf::Post::Linux::Compile
2020-07-17 10:06:42 +00:00
65039a5091
Merge upstream into 6.x
2020-07-15 09:58:07 -05:00
7e7881fbfa
Land #13730 , Add Pandora FMS Events Remote Code Execution (CVE-2020-13851) module and docs
2020-07-11 13:10:47 +01:00
c61f34ed16
Land #13596 , [GSoC] SQLi library with support to MySQL (and MariaDB)
2020-07-10 13:45:47 -05:00
957042f0a3
Nuke redundant force-exploit advanced option
2020-07-09 17:24:19 -04:00
df42399f61
Add installation instructions to docs
2020-07-09 17:20:07 -04:00
dc34acd070
Push to test autocheck issue
2020-07-09 16:43:18 -04:00
6bb20f41d8
Code review changes
2020-07-09 15:21:13 -05:00
William Vu