68966b86f1
Give warning on invalid config (SSL and REQUIRE_SIGNING both set to true)
2024-04-24 15:05:03 +10:00
a4b3c27e28
Provide more meaningful error message when signing is required
2024-04-24 13:37:27 +10:00
b5f4dfae71
Make encrypting/signing an option
2024-04-24 13:24:05 +10:00
9aead31bb9
Support encrypted LDAP (ldap signing) over Kerberos and NTLM
2024-04-24 12:56:06 +10:00
26a108aadc
Land #19046 , Apache Solr Backup Restore RCE [CVE-2023-50386]
2024-04-23 14:08:33 -04:00
f5046d0c2a
Fix the return value of a few methods
2024-04-19 09:06:48 -04:00
727849202d
Land #19087 , chore: remove repetitive words
2024-04-17 09:59:46 -04:00
84ea514180
Land #19026 , Add pgadmin exploit CVE-2024-2044
...
This adds an exploit for pgAdmin <= 8.3 which is a path traversal
vulnerability in the session management that allows a Python pickle
object to be loaded and deserialized. This also adds a new Python
deserialization gadget chain to execute the code in a new thread so the
target application doesn't block the HTTP request.
2024-04-16 14:12:41 -07:00
6b2bdc893b
chore: remove repetitive words
...
Signed-off-by: fanqiaojun <fanqiaojun@yeah.net >
2024-04-15 11:06:50 +08:00
7f62dd2143
Responded to comments
2024-04-04 13:39:22 -07:00
03fced404a
Apache Solr Backup Restore RCE
...
Writing file to disk working
working on linux
wip authentcaiton
Consolodated conf folders into one
Renamed conf1 to conf in msf data dir
Randomize the configuration name
Docs plus finishing touches
rubocop
Updated exploit file location
Removed unused external dir
Reduced conf folder
2024-04-02 11:33:52 -07:00
2292da9164
Add the UNC loading technique too
2024-03-29 09:33:47 -04:00
31cf0e2633
Land #18764 , Add unauth Jenkins file read module
...
This PR adds a new module to exploit CVE-2024-23897, an unauth arbitrary
(first 2 lines) file read on Jenkins.
2024-03-28 13:29:39 -07:00
14938a2d77
Apply suggestions from code review
2024-03-28 14:41:25 -04:00
f132bdbe30
Enforce single module stance
2024-03-25 11:53:23 +00:00
55dd5aa9c0
Land #18899 , update ysoserial viewstate tool
2024-03-14 00:12:38 +00:00
9b8b7045ff
Land #18715 , Add Splunk library
2024-03-05 16:17:30 -05:00
985b0ba47f
Add reviewed changes to splunk library
2024-03-06 01:32:57 +05:30
b30f264630
Land #18844 , fix #file_dropper_exist? for Window
...
Bugfix Msf::Exploit::FileDropper#file_dropper_exist? for Windows sessions
2024-03-05 15:01:20 -05:00
3c8f43e23e
Align SQL sessions peerhost and peerport
2024-03-04 13:11:32 +00:00
d8abd2bcc2
Land #18898 , Add rex proto mysql client wrapper
2024-02-29 10:13:47 +00:00
a4543b0f41
Land #18897 , Update smb login to support additional configuration
2024-02-29 10:07:02 +00:00
131585235b
Update SMB Login to support additional configuration
2024-02-28 20:24:06 +00:00
b423241e6b
Use Rex Post MySQL Client for lib, specs & modules
2024-02-28 18:19:50 +00:00
55a8d6732f
Add Rex Proto MySQL Client
2024-02-28 18:19:46 +00:00
8bc6705557
Move viewstate signing logic into Rex
2024-02-27 14:37:55 -05:00
4a51e028d8
Print multiple attributes on individual rows
2024-02-26 17:28:41 -05:00
4b7f4e2b0d
Just show the DN, commas and all
...
This way the DN can just be copy-pasted into locations where a DN is
expected.
2024-02-22 17:36:30 -05:00
1b7c2bbaec
SQL sessions consolidation
2024-02-21 16:16:14 +00:00
60bc412026
file_dropper_exist? needs to test if teh path if either a file or a directory, the logic for shell sessions on wqindows is testing if a path if a file and not a directory. this is wrong. Origionally FileDropper only supported cleaningup files, so this logic made sense (it was copied over from teh File post moduile) but FileDropper has since supported directories so teh logic here neds to reflect that.
2024-02-19 09:12:17 +00:00
fc963bd8bb
Add Proxies support to creating a session with postgres_login
2024-02-16 14:45:17 +00:00
3483419d50
file_dropper_exist? was broken on the windows platform, so files registered for cleanup were not being deleted. We must call session.shell_command_token
2024-02-16 10:09:07 +00:00
7b56d012e8
Land #18678 , add LDAP capture capabilities
2024-02-15 22:11:04 +00:00
1d406cfc2a
Land #18809 , DNS command improvements
2024-02-14 22:12:30 +00:00
fc5a12431c
Land #18664 , Add an SMB-based fetch payload for Windows
2024-02-14 14:57:32 +01:00
d18520adc6
update rhost and rport calls
2024-02-13 13:00:38 -06:00
c05c6773df
adjust session logic in modules
2024-02-13 11:59:09 -06:00
94223f05fc
update relevant modules to work with sessions
...
separate out optional session logic
fixing session handling
2024-02-09 13:18:49 -06:00
30fc29e0f5
Use PostgreSQL session type for modules
2024-02-09 15:38:06 +00:00
11ca24e290
Specify the record type for PTR lookups
2024-02-08 11:22:33 -05:00
b060809a8d
Addresses logoff PR feedback
2024-02-07 12:51:04 +00:00
e80f0ef8cd
Removes session logic from mixins and uses client instead of datastore for rhost and rport
2024-02-06 14:11:16 +00:00
1e6cf524b9
rubocop on jenkins lib
2024-02-02 16:35:56 -05:00
c37984edb2
jenkins cli ampersand exploit review
2024-02-02 16:35:11 -05:00
0e9cad6d45
Adds MySQL session type
2024-02-02 14:39:37 +00:00
48221e594d
Land #18704 , Leverage the module metadata cache in the module_sets
2024-02-02 14:16:46 +00:00
7ac4387d35
Land #18696 , Convert MSSQL mixin to class
2024-02-02 14:14:34 +00:00
35778e92b2
client consolidation
...
convert first module from remote to client
move client to rex
remove metasploit mixin
2024-02-01 17:23:55 -06:00
b5906418c2
Update the HashCapture mixin
...
Use #srvport instead of the datastore and pull in upstream chanes for
the metasploit-credential gem to enable use within payloads.
2024-01-29 13:35:56 -05:00
33306fa4dd
The SRVPORT is already registered
...
The SRVPORT datastore option is registered by the Remote::SMB::Server
mixin so including it here is redundant.
2024-01-29 13:35:54 -05:00
Ashley Donaldson