603e5b2bff
Land #18569 , Add a module to perform ASREP-roasts
...
This adds a module to gather credential material from accounts
with Requires Pre-Authentication disabled. The module supports two
mechanisms, Brute Forcing using a list of usernames or using a LDAP
query to request the relevant usernames, followed by requesting TGTs.
2023-12-11 19:58:06 -05:00
daa6d5363f
Land #18577 , Added RCE Module for Splunk Enterprise (CVE-2023-46214)
...
Merge branch 'land-18577' into upstream-master
2023-12-11 15:52:05 -06:00
3bad98afc6
Land #18488 , add kerberos_tickets post module
...
Adds a module to manage kerberos tickets from a compromised
host. This PR also includes rail gun enhancements.
2023-12-07 19:12:48 -05:00
f794268020
Land #18578 , Docker cgroup escape (CVE-2022-0492)
2023-12-06 16:07:08 +00:00
eca611aaac
review
2023-12-05 16:18:39 -05:00
509ec2c9b5
Land #18591 , add ownCloud auxiliary module
...
This module can extract sensitive environment variables from
the ownCloud target including ownCloud, DB, Redis, SMTP and
S3 credentials.
2023-12-05 10:50:57 -05:00
76657c8f14
`Update documentation/modules/auxiliary/gather/owncloud_phpinfo_reader.md
2023-12-05 10:20:51 -05:00
10d4b9233b
Land #18463 , D-Link Router UPnP unauthenticed LAN RCE via a crafted M-SEARCH packet
2023-12-05 10:58:15 +01:00
3d6ddf769e
Land #17667 , Update password crackers
2023-12-04 10:45:53 -05:00
befc87f9f0
owncloud exploit
2023-12-03 15:45:44 -05:00
ea803063b1
owncloud phpinfo reader
2023-12-03 11:04:38 -05:00
ab9576f83d
Add changes
2023-12-01 10:55:04 +01:00
11bcd43562
Apply suggestions from code review
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com >
2023-11-30 17:30:59 +11:00
22242732d9
working cve-2022-0492
2023-11-28 15:25:53 -05:00
b171b5e77c
working cve-2022-0492
2023-11-28 15:16:18 -05:00
4ae62a431b
not-working docker escape
2023-11-28 13:44:08 -05:00
c5075ade2a
Land #18567 , Add exploit module for CVE-2023-5360.
...
This pull request adds a new exploit module for
an unauth file upload vulnerability in the
WordPress Royal Elementor Addons and Templates
plugin, versions before 1.3.79, tracked as CVE-2023-5360.
2023-11-28 13:28:53 -05:00
708c795890
Land #18560 , Forging diamond and sapphire tickets
2023-11-28 11:14:15 -05:00
b2fa201a7d
Implement check
2023-11-28 16:45:44 +01:00
0146527e55
Add splunk_xslt_authenticated_rce
2023-11-28 15:40:05 +01:00
402434bbf2
Add module output
2023-11-28 08:41:35 +01:00
bfd22f8f01
Update documentation/modules/exploit/multi/http/wp_royal_elementor_addons_rce.md
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2023-11-28 08:15:14 +01:00
c293c273ba
Attempt to decrypt pre-auth kerberos response
2023-11-27 13:09:59 +11:00
3ca13d9358
Changes from code review.
...
Added in the stability/IOC notes, since diamond/sapphire do make requests.
2023-11-27 10:30:54 +11:00
622277e960
Added documentation for ASREP module
2023-11-24 08:45:26 +11:00
31daaf58fe
Add wp_royal_elementor_addons_rce
2023-11-23 05:15:28 +01:00
bba178e87f
crack windows
2023-11-21 17:11:15 -05:00
4bca269e01
doc overhaul
2023-11-21 17:11:15 -05:00
5c09c86349
Land #18448 , corrected options confict between module and ldap mixin
2023-11-21 13:33:21 +00:00
6e1580e5f5
added target DIR-845L
2023-11-13 14:48:59 +00:00
51523e0971
release updating dlink_upnp_msearch_exec exploit module
2023-11-13 12:15:04 +00:00
04361e1005
Land #18524 , Update reverse_tcp.md, improper switches
2023-11-13 12:08:00 +00:00
1da4333611
Land #18434 , Add module for Zoneminder RCE
...
This PR adds an RCE module for the Zoneminder video
surveillance software system (CVE-2023-26035).
2023-11-10 15:15:01 -05:00
fec66b5bbe
Update reverse_tcp.md, improper switches
...
Improper usage of switches presented in documentation
2023-11-09 19:36:28 -05:00
5d5f711dcd
updated documentation
2023-11-09 22:40:36 +00:00
b5aeab0c9f
Merge #18491 , Add Module for PL/SQL Developer to gather credentials
...
Merge branch 'land-18491' into upstream-master
2023-11-09 11:18:52 -06:00
893da00c6a
Modify Table DisplayName and password matching regex
2023-11-09 13:58:14 +08:00
9c23f86d83
Add support for v15 new encryption algorithm
2023-11-09 05:08:27 +08:00
77a93e452f
Land #18507 , Exploit & Auxiliary modules for CVE-2023-20198 and CVE-2023-20273 (Cisco IOS XE)
...
Merge branch 'land-18507' into upstream-master
2023-11-08 09:05:40 -06:00
64c9968328
Update cisco_ios_xe_os_exec_cve_2023_20273.md, which was missing CISCO_ADMINUSERNAME and CISCO_ADMIN_PASSWORD in the show options command output
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2023-11-08 09:16:12 +00:00
06369281b9
Land #18503 , Apache Nifi Cred Stealer Post Module
...
This PR adds a post module to steal config and credential
information for Apache NiFi.
2023-11-07 20:05:10 -05:00
d4166098a8
Update to be compatible for PL/SQL 14
2023-11-08 01:15:22 +08:00
f1317fa050
review comments
2023-11-06 18:34:36 -05:00
0ce7b03397
update nifi credentials post module
2023-11-06 14:50:02 -05:00
25ef7d1272
add the RCE exploit
2023-11-06 17:12:40 +00:00
8364ae896b
add the CLI command to sue to enable testing the WebUI
2023-11-06 17:11:39 +00:00
e8d45b00ba
Land #18501 , Exploit module for CVE-2023-46604 - Apache ActiveMQ
...
Merge branch 'land-18501' into upstream-master
2023-11-06 09:30:48 -06:00
b28668790d
allow user to explicitly specify a CLI mode. Valid modes are 'user', 'privileged', and 'global'.
2023-11-06 11:40:22 +00:00
10ee87c712
Add an optional CISCO_ADMIN_USERNAME and CISCO_ADMIN_PASSWORD options. If set these admin creds are used to leverage CVE-2023-20273. If not set, then CVE-2023-20198 is used to create a new temp admin account before leveraging CVE-2023-20273
2023-11-06 10:20:07 +00:00
be1229747f
fix another typo on documentation
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2023-11-06 09:47:38 +00:00
Jack Heysel