bf1e6bddd1
Land #18134 , Add exploit for CVE-2023-25194
...
This exploits a Java deserialization vulnerbility
in Apache Druid which arises from a JNDI injection
within Apache Kafka clients.
2023-06-23 16:52:04 -04:00
b026b38851
Apply suggestions from code review
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2023-06-23 09:36:50 +02:00
b5e028b47c
Land #18100 , Add MOVEit CVE-2023-34362
2023-06-22 14:23:44 -04:00
dfd450561e
Tweak some messages and cleanup markdown table
2023-06-22 14:23:25 -04:00
77bb6759a6
Review suggestions
2023-06-22 18:12:13 +02:00
5f667e1d79
Address code review
2023-06-22 10:22:43 -05:00
e298788a28
Land #18049 , Update jenkins login scanner to work with newer versions
2023-06-22 14:04:24 +01:00
e2fc3c5eff
Fixed documentation offenses
2023-06-22 14:48:16 +02:00
a8332e6064
Added exploit for CVE-2023-25194
2023-06-22 14:17:32 +02:00
2adea08f67
Add documentation & code cleanup
2023-06-21 15:41:50 -05:00
0609d246f3
adds more future proofing to implementation
2023-06-21 14:19:24 +01:00
7af22bfd41
Land #18077 , add Symmetricom unauth cmd injection
2023-06-13 17:07:16 -05:00
0d85c9e380
add module documentation
2023-06-13 13:14:51 -05:00
4479d94658
Updates based on review comments from space-r7 and jvoisin
2023-06-12 19:28:08 +00:00
7cd3854208
Removed Webshell upload and updated documentation
2023-06-12 13:58:59 +00:00
db8a49cc99
Updated documentation
2023-06-10 12:14:05 +00:00
417c9fa591
init commit module and documentation
2023-06-10 09:42:32 +00:00
c9af514be4
Land #18063 , add TerraMaster webshell upload
2023-06-09 17:55:32 -05:00
4c817ce1de
Land #17946 , CVE-2023-21839 - Oracle Weblogic RCE
...
CVE-2023-21839 - Oracle Weblogic PreAuth Remote Command Execution via ForeignOpaqueReference IIOP Deserialization
2023-06-09 14:55:43 -04:00
c8609d7983
Land #18070 , add TerraMaster chained exp module
2023-06-09 12:29:47 -05:00
27f5a789c9
rework the exploit to use the new MIPS64 fetch payload adapters. Removed the seperate command and dropper targets in favor of a single default target which can do both thanks to fetch payloads. Removed the redundant IO select() call which was bad copy pasta on my part.
2023-06-09 09:47:57 +01:00
a1528556e0
Merge branch 'rapid7:master' into CVE-2023-28771
2023-06-09 09:42:19 +01:00
a1e930397a
Land #18072 , Add CVE-2023-1133 - .NET Deserialization exploit for Delta Electronics InfraSuite Device Master
2023-06-08 08:42:07 -05:00
0bcd930f61
Updated NAS model and version check
2023-06-08 09:12:45 +00:00
b3b0cb4ccf
Updates based on space-r7 comments
2023-06-08 07:39:44 +00:00
74dd134783
add options in scenarios output
2023-06-07 17:15:28 -05:00
4465582fee
Add in link to archived version of the installer
2023-06-07 16:51:01 -05:00
2738906f87
Update documentation/modules/exploit/windows/misc/delta_electronics_infrasuite_deserialization.md
...
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com >
2023-06-07 16:41:44 -05:00
54649fb856
Update documentation/modules/exploit/windows/misc/delta_electronics_infrasuite_deserialization.md
...
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com >
2023-06-07 16:41:37 -05:00
4377ff037a
Update documentation/modules/exploit/windows/misc/delta_electronics_infrasuite_deserialization.md
...
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com >
2023-06-07 16:41:28 -05:00
60c642bcd0
Update documentation/modules/exploit/windows/misc/delta_electronics_infrasuite_deserialization.md
...
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com >
2023-06-07 16:41:19 -05:00
82c8b5418e
Land #17936 , PaperCutNG Authentication Bypass with RCE
2023-06-07 15:05:51 +02:00
991b9604e5
Add options to the documentation
2023-06-07 15:05:12 +02:00
46fcdb76d5
Updates based on jvoisin comments
2023-06-07 08:27:55 +00:00
3b53966caa
add installation steps
2023-06-06 12:14:14 -05:00
a03603d076
Documentation linting.
2023-06-06 15:35:20 +00:00
2e34d69133
Added documentation
2023-06-06 12:18:59 +00:00
5f7ae883f8
add documentation
2023-06-05 17:38:58 -05:00
52745a96d7
Added documentation
2023-06-05 17:18:57 +00:00
f7d2cdae56
Add in ability to restore settings n documentation changes.
...
Previously there was not the ability to restore the server proxy setting.
This updates the code to do so. Additionally this also updates the documentation
to note that Fetch payloads are incompatible with this module since they
use HTTP connections that will be impacted by this module changing the server's
HTTP proxy settings. There is no way around this.
2023-06-02 09:48:03 -05:00
965311d09e
Fix documentation and fix bug in creating PARMS value
2023-06-02 09:48:02 -05:00
8577f21e52
Add in documentation and updated code
2023-06-02 09:48:01 -05:00
e78cf054b8
Add in EITW notes
2023-05-24 13:17:49 -05:00
84961e6e09
Add in documentation
2023-05-24 13:17:49 -05:00
9e38ed4459
Land #17929 , Linux sudoedit LPE (CVE-2023-22809)
...
Linux sudoedit priv esc (CVE-2023-22809)
2023-05-23 09:30:18 -04:00
6b101b5a4d
make rubocop happy
2023-05-22 18:03:58 +01:00
6c88e85d02
Land #17993 , add invscout RPM privesc
2023-05-17 18:56:42 -05:00
0bc1fdf51d
Add invscout RPM Privilege Escalation
2023-05-17 20:17:55 +10:00
459cf871cb
Land #17979 , Add exploit for Ivanti Avalanche file upload - CVE-2023-28128
2023-05-16 09:19:33 -05:00
ea988f0c78
Add more documentation on how to set the target up based on my own experience and so that we have a backup in case the link to external documentation breaks
2023-05-12 14:27:39 -05:00
Jack Heysel