e92b9ef97c
Use AutoCheck mixin in OpenSMTPD CVE-2020-7247
...
Also updates the check to be more precise. I had originally copied the
check method from the Morris worm Sendmail exploit:
220 simh Sendmail 5.51/5.17 ready at Wed, 18 Dec 85 11:14:07 PST
Note that there was no "ESMTP" string in 1985's Sendmail.
2020-02-28 10:42:02 -06:00
5ee7fcaf4a
Add simple changes suggested in code review.
2020-02-28 12:14:38 +02:00
a4ded39d62
Remove unnecessary empty lines in docs. Mostly to restart the Travis CI build check because it got stuck.
2020-02-28 10:34:14 +02:00
99ed3afab3
Change filenames for consistency with existing modules
2020-02-27 17:08:23 +02:00
280d1767b4
Add Nagios XI < 5.6.6. exploit module and documentation
2020-02-27 16:58:15 +02:00
8820944696
Fix exploit/unix/smtp/opensmtpd_mail_from_rce
2020-02-27 02:11:08 -06:00
f59ec03c42
Land #12465 , add Android Binder UAF (CVE-2019-2215)
2020-02-23 01:06:33 -08:00
ef8ec13c88
added module docs and testing notes
2020-02-23 01:04:30 -08:00
adaa9e239a
Add phpstudy backdoor exploit module
2020-02-23 10:23:32 +08:00
f9077bcd8d
Land #12704 , OpenNetAdmin 18.1.1 Remote Code Execution exploit
2020-02-21 15:49:26 +01:00
c9e4ca34c3
Land #12921 , Updating regex in ms16_075_reflection_juicy exploit windows version check
...
Merge branch 'land-12921' into upstream-master
2020-02-20 21:10:37 -06:00
e4456c9006
Update opennetadmin_ping_cmd_injection.md
2020-02-21 04:14:21 +03:00
1fe1506b42
Update documentation/modules/exploit/unix/webapp/opennetadmin_ping_cmd_injection.md
...
Co-Authored-By: cdelafuente-r7 <56716719+cdelafuente-r7@users.noreply.github.com >
2020-02-21 03:06:56 +03:00
de6306fa35
Fix message, once more with feeling
2020-02-20 11:26:21 -06:00
9c69059a24
Fix DisablePayloadHandler warning once and for all
2020-02-20 10:35:47 -06:00
f484e6c83c
Land #12862 , Apache James 2.3.2 arbitrary file write exploit module
2020-02-20 10:41:13 +01:00
739928b56a
Added line break to docs
2020-02-19 17:56:13 -08:00
db8555e007
Land #12942 , add Diamorphine privilege escalation
2020-02-19 10:36:39 -06:00
ac482a0d31
Typo in documentation
2020-02-19 23:32:07 +08:00
9980a96917
Move documentation to correct directory
2020-02-19 16:57:38 +02:00
0264802756
Reformat module doc
2020-02-18 23:28:08 -06:00
a34ffb3694
Fix typos in module doc
2020-02-18 23:27:15 -06:00
6ad9956af8
Correct module doc filename
2020-02-18 23:24:46 -06:00
8489bcdfd9
This fixes broken links to the community.rapid7.com blog
...
Performed mechanically with sed, spot-checked that the new blog can consume these links.
2020-02-18 09:06:11 -06:00
828d974db5
Update code and documentation
...
- Add `OperationMaxRetries` option documentation
- Add default value to `TARGETURI` and update the documentation
- Remove `PosOffset` advanced option and hardcode the value
- Update `Description`
- Move URI encoding logic to `send_crafted_request`
- Refactor `send_crafted_request` to handle the HTTP parameter and final & (%26)
2020-02-17 18:25:10 +01:00
226f4b0a53
Line wrap to 80 columns and small fix
...
- Line wrap documentation to 80 columns
- Line wrap `Description` field to 80 columns
- Remove unnecessary unless statement
2020-02-17 13:06:32 +01:00
ac6d0e4391
Add Diamorphine Rootkit Signal Privilege Escalation module
2020-02-16 14:53:16 +00:00
9193ace50b
Add documentation
2020-02-14 17:17:45 -06:00
27effc1b56
typo. cmdstager command
2020-02-14 12:25:56 +04:00
0e55e20c9c
Land #12902 , Add exploit module for crosschex buffer overflow
2020-02-13 15:43:38 +00:00
9e46926a0f
Update documentation/modules/exploit/windows/local/ms16_075_reflection_juicy.md
...
Co-Authored-By: bcoles <bcoles@gmail.com >
2020-02-12 08:18:49 +09:00
785dbb6ba3
Update documentation/modules/exploit/windows/local/ms16_075_reflection_juicy.md
...
Co-Authored-By: bcoles <bcoles@gmail.com >
2020-02-12 08:18:27 +09:00
946e244c8c
Updates docs and adds basic options
2020-02-11 13:40:51 +00:00
a7a80e08a8
Updated docs with platform info
2020-02-11 12:55:07 +00:00
65521270ea
Land #12853 , InfiniteWP exploit & mixin upgrades
2020-02-10 11:33:49 +00:00
9c30250161
Updating documentation for juicy potato exploit.
...
Added a link to information on the expiry of the bug, and explicitly
listing which versions of Microsoft Windows were and were not
vulnerable.
2020-02-10 16:33:45 +09:00
90503b2c61
Documentation cosmetic updates
2020-02-07 18:28:24 -08:00
a05611d756
Improve cleanup functionality
2020-02-07 16:13:25 -08:00
eab1245eef
Update module doc
2020-02-07 12:30:00 -06:00
4dcb2fbd96
Land #12889 , Add OpenSMTPD MAIL FROM RCE
2020-02-07 11:43:18 +00:00
7a0bf69eb0
Major refactor, and more complete testing with cmd/unix payloads
2020-02-07 19:34:18 +08:00
763dbf5d5d
Check WordPress version
2020-02-07 03:14:17 -06:00
6c59d7c37c
Refactor module
2020-02-07 01:38:11 -06:00
8c07e17912
Update module docs
2020-02-06 15:57:54 -06:00
7f3c0c9314
Land #12906 , Add module for CVE-2019-19363
...
Merge branch 'land-12906' into upstream-master
2020-02-06 15:22:17 -06:00
68565f575f
Update module doc
2020-02-06 14:55:41 -06:00
e736588795
change method of exploitation for reliability
...
This commit changes a few things:
1. The module first writes the dll to a
temp location.
2. The module writes a batch file to a
temp location.
3. The batch file copies the dll until
the copy command fails (presumably
because the dll is now in use by
PrintIsolationHost.exe).
4. The dropped files are deleted.
5. Docs updated to reflect changes.
2020-02-06 12:51:36 -06:00
62c98710ad
Reword vulnerable commit range
2020-02-06 11:03:20 -06:00
95fa8602bc
Refactor modules that use Expect
2020-02-05 21:16:21 -06:00
b98c0c6876
Add module doc
2020-02-05 17:01:58 -06:00
William Vu