9bbb82ab55
Land #18998 , VSCode exploit for ipynb integration
...
VSCode allows users open a Jypiter notebook (.ipynb) file. Versions
v1.4.0 - v1.71.1 allow the Jypiter notebook to embed HTML and
javascript, which can then open new terminal windows within VSCode. Each
of these new windows can then execute arbitrary code at startup
2024-06-10 14:36:57 -07:00
bf9b3f1d2a
add documentation
2024-06-10 17:41:55 +01:00
12b1936e16
Fixed typo added Options section docs
2024-06-10 07:39:24 -07:00
55fa94995b
Updated check method
2024-06-06 22:23:35 +00:00
c8208704be
add in exploit module for CVE-2024-23692
2024-06-06 18:04:14 +01:00
120fa0f2fe
Land #19208 , Add exploit module for CVE-2024-5084: WordPress Hash Form Plugin RCE
2024-06-05 10:17:02 +02:00
67ec4baa66
PR-19208: Add DefaultTarget to the info hash
2024-06-05 10:14:48 +02:00
d7966104f2
touchup docs
2024-06-04 19:40:39 -04:00
6b127249fa
Add suggestions
2024-05-31 20:56:03 +02:00
80ee458410
Land #19151 , Add Flowmon Priv Esc Feature Module
...
Privilege escalation module for Progress Flowmon unpatched feature
2024-05-29 11:35:53 -04:00
72f332aba0
Land #19150 , Add Flowmon Command Injection Module
...
Unauthenticated Command Injection Module for Progress Flowmon
CVE-2024-2389
2024-05-29 08:28:37 -04:00
d60524d0b3
Started docs file
2024-05-28 15:54:47 -04:00
4fdf6df1e7
Fix doc
2024-05-28 20:16:33 +02:00
bea708d24c
Add exploit module for CVE-2024-5084: WordPress Hash Form Plugin RCE
2024-05-28 18:27:02 +02:00
2c6fc11639
Responded to comments, clean up /etc/sudoers file
2024-05-23 16:56:35 -04:00
a0597007e4
Minor fixes, respond to comments
2024-05-23 14:02:28 -04:00
c6c5f2bf7a
Add module, lib and documentation
2024-05-22 17:38:53 +02:00
0de89d3b2d
Update documentation/modules/exploit/linux/local/progress_flowmon_sudo_privesc_2024.md
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-05-21 13:42:52 -07:00
6e9e4a5aed
Land #19102 , Northstar C2 Stored XSS to Agent RCE
...
Add exploit module for CVE-2024-28741, Northstar C2 Stored XSS to Agent
RCE
2024-05-21 14:57:44 -04:00
10acd86390
Land #19071 , Add AVideo RCE module
...
Add module for CVE-2024-31819 which exploits an LFI in AVideo which uses
PHP Filter Chaining to turn the LFI into unauthenticated RCE
2024-05-21 14:27:15 -04:00
67154a12e0
Land #19104 , CHAOS rat xss to rce
2024-05-21 11:10:57 +01:00
575e223657
Added documentation
2024-05-19 14:09:58 +00:00
a89d418725
review of northstar c2
2024-05-16 15:17:28 -04:00
da31761336
Lint
2024-05-15 22:13:53 +02:00
3560860e33
Update documentation/modules/exploit/multi/http/avideo_wwbnindex_unauth_rce.md
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-05-15 22:07:29 +02:00
d1739f32c2
review of chaos rat
2024-05-13 16:55:43 -04:00
216ffec555
Add Linux compatibility
2024-05-13 10:11:56 -07:00
80fdde5fdc
Land #19100 , Add Loadmaster sudo priv esc
...
Add Kemp Progress Loadmaster sudo abuse priv esc
2024-05-10 10:21:38 -04:00
b28e263a2b
Update debug statements and add protection against bad die name
2024-05-10 08:54:23 -05:00
47c8d7252b
Land #18519 , Docker kernel module escape
2024-05-06 09:08:08 -04:00
b044bcab01
Add command payloads and checks for overwritten files
2024-05-03 13:06:16 -05:00
ca669d8f08
Update docs to reflect changes
2024-05-01 13:45:20 -04:00
c2a561630d
Add local privesc module for Flowmon
2024-05-01 09:07:34 -07:00
a7e97e50ad
Add module for flowmon cmd injection CVE-2024-2389
2024-05-01 08:42:55 -07:00
d94971598b
Add documentation and fix some debug prints
2024-04-29 15:28:34 -05:00
364d491af7
Land #18972 , Progress LoadMaster unauthenticated command injection module CVE-2024-1212
...
Merge branch 'land-18972' into upstream-master
2024-04-26 18:18:40 -05:00
19af4ae4e6
mermaid flow chart
2024-04-24 16:54:02 -04:00
9fb217fb59
northstar c2 exploit
2024-04-24 16:54:02 -04:00
512da4bc45
chaos rat xss to rce
2024-04-24 16:51:58 -04:00
1c8c91096f
Removed port being in documentation as it made no sense
2024-04-23 18:47:30 -04:00
26a108aadc
Land #19046 , Apache Solr Backup Restore RCE [CVE-2023-50386]
2024-04-23 14:08:33 -04:00
a36244073f
Merge pull request #1 from bwatters-r7/update-18972
...
Remove Priv Esc to add it to another module and update it to only run…
2024-04-22 17:53:48 -07:00
c10bde97ff
Merge branch 'rapid7:master' into module/progress_kemp_loadmaster_unauth_cmd_injection
2024-04-22 17:53:32 -07:00
b8675f0fd7
Land #19005 , Add Gambio Webshop Unauth RCE
...
A Remote Code Execution vulnerability in Gambio online webshop version
4.9.2.0 and lower allows remote attackers to run arbitrary commands via
unauthenticated HTTP POST request
2024-04-19 12:18:17 -07:00
488653d942
Land #19082 , FortiNet FortiClient EMS SQLi to RCE [CVE-2023-48788]
2024-04-19 15:03:22 -04:00
4733d1dc04
Land #19101 , Exploit module for CVE-2024-4300 - Palo Alto Networks PAN-OS
...
Merge branch 'land-19101' into upstream-master
2024-04-19 12:49:41 -05:00
2ad13ac836
Added note about shell from a different IP than RHOST IP
2024-04-19 11:45:56 -05:00
4f3ee3f78a
Incorporate documentation wording change from suggestion
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2024-04-19 08:50:20 -05:00
27f5ad8e05
Land #18996 , VSCode Malicious Ext module
...
This PR adds a new exploit that creates a malicious vsix file. a vsix
file is a VS and VSCode extension file. Once installed, the users
computer will call back with a shell. Its not a bug, its a feature!
2024-04-18 18:10:46 -07:00
bcaa5359da
Land #18997 , Add GitLens VSCode Extension Exploit
...
GitKraken GitLens before v.14.0.0 allows an untrusted workspace to
execute git commands. A repo may include its own .git folder including a
malicious config file to execute arbitrary code.
2024-04-18 17:19:41 -07:00
Jack Heysel