56f6a65e21
Update lib/msf/core/exploit/remote/http/xorcom_complete_pbx.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2025-07-19 04:04:25 +02:00
4a1f9e541e
Update lib/msf/core/exploit/remote/http/xorcom_complete_pbx.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2025-07-19 04:04:14 +02:00
4e70dfe70d
Rename mixin
2025-07-16 22:40:27 +02:00
1863eddcd4
chore: add magic encoding comment to Ruby files
2025-07-16 22:32:20 +02:00
1fb6d488a8
Rename file
2025-07-16 22:30:28 +02:00
7ddae3ec3f
refactor(xorcom): rename helper to completepbx? + pass creds to completepbx_login
2025-07-16 21:48:34 +02:00
b06903810c
feat(xorcom): add shared CompletePBX mixin, refactor modules, update docs
2025-07-16 21:25:17 +02:00
f3b650a409
Major refactoring of PHP payloads and related exploits
2025-05-30 09:06:38 -04:00
5aa91bd57c
Rubocop: Resolve Rubocop Style/RedundantRegexpArgument violations
2025-05-24 13:34:32 +10:00
13d18f2c83
Update lib/msf/core/exploit/remote/http/wordpress/login.rb
...
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com >
2025-05-13 17:32:48 -05:00
ce8ceaddbc
Change check for redirect to be less specific
2025-05-13 10:59:16 -05:00
d95146e315
Use retry to speed things up but also wait longer
2025-05-05 11:06:09 -04:00
6ab275a120
Remove a couple of debug prints
2025-05-05 10:58:41 -04:00
4a746a3963
Relocate find_management_point method
2025-05-01 20:35:41 -07:00
ca3c4a1362
Merge branch 'master' into get_naa_creds_via_relay
2025-04-01 09:34:35 -07:00
87a17424af
Suggestions from code review
2025-03-21 10:34:08 -07:00
fdf4531c10
Add SMB to HTTP relay support for get_naa_creds
2025-03-13 10:59:59 -07:00
60a496eec9
bugfix the URI to work as expected for both HTTP and HTTPS, also some appliences (C8000v) need the _http portion of this URI path to be cchanges from all lowercase for CVE-2023-20198 to work as expected.
2025-03-03 20:20:26 +00:00
c4b7954f15
Land #19596 , Wordpress Plugin Post SMTP Account Takeover
2024-11-29 09:05:03 -08:00
18c4e9c2f6
moved get_machine_info to the acronis_cyber mixin
2024-11-26 16:10:14 +00:00
b6595eeaf0
added acronis cyber mixin
2024-11-26 15:49:57 +00:00
2b593bcf54
wp_post_smtp_acct_takeover peer review
2024-11-03 13:52:55 -05:00
41ed44864f
wp_post_smtp_acct_takeover
2024-10-29 16:44:20 -04:00
4feb12ab4a
untested code
2024-10-29 16:44:20 -04:00
d2b4175f49
Land #19497 , add Wordpress SQLi Mixin
...
Land #19497 , add Wordpress SQLi Mixin
2024-10-14 13:13:52 +02:00
c259ce090a
Update lib/msf/core/exploit/remote/http/wordpress/sqli.rb
...
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com >
2024-10-09 17:22:33 +02:00
c15f186311
Update lib/msf/core/exploit/remote/http/wordpress/sqli.rb
...
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com >
2024-10-09 00:04:54 +02:00
fb35f6709a
Update lib/msf/core/exploit/remote/http/wordpress/sqli.rb
...
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com >
2024-10-09 00:04:44 +02:00
94145eafe9
Update lib/msf/core/exploit/remote/http/wordpress/sqli.rb
...
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com >
2024-10-09 00:04:32 +02:00
6c048df53f
Update lib/msf/core/exploit/remote/http/wordpress/sqli.rb
...
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com >
2024-10-09 00:04:23 +02:00
de5324e160
Update lib/msf/core/exploit/remote/http/wordpress/sqli.rb
...
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com >
2024-10-09 00:04:13 +02:00
3987a761e7
Update lib/msf/core/exploit/remote/http/wordpress/sqli.rb
...
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com >
2024-10-09 00:04:01 +02:00
31a66d537b
Update lib/msf/core/exploit/remote/http/wordpress/sqli.rb
...
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com >
2024-10-09 00:03:52 +02:00
c1521633f4
Update lib/msf/core/exploit/remote/http/wordpress/sqli.rb
...
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com >
2024-10-09 00:03:42 +02:00
8cbe572f49
Update lib/msf/core/exploit/remote/http/wordpress/sqli.rb
...
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com >
2024-10-09 00:03:32 +02:00
d01e8d4dd5
Update lib/msf/core/exploit/remote/http/wordpress/sqli.rb
...
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com >
2024-10-09 00:03:23 +02:00
05c579fd65
Add report_host, report_service and report_vuln
2024-10-03 16:12:37 +02:00
f52cd8ba57
Add coding: binary header
2024-09-30 13:01:25 +02:00
1e95cba5f2
Randomize values
2024-09-25 18:55:26 +02:00
22443b53d6
Update lib/msf/core/exploit/remote/http/wordpress/sqli.rb
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2024-09-25 16:39:09 +02:00
0409d4ec9c
Update lib/msf/core/exploit/remote/http/wordpress/sqli.rb
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2024-09-25 16:38:36 +02:00
a5d9a06b9a
Fix with datastore['RHOST']
2024-09-25 04:43:27 +02:00
2d6862ccd4
Add recommendations
2024-09-25 03:57:17 +02:00
a1b4106260
Fix wordpress_sqli_get_users_credentials and rename wordpress_sqli_initialize
2024-09-25 01:57:46 +02:00
fa0d54eaf2
Add Metasploit::Credential::Creation to use create_credential
2024-09-25 01:00:48 +02:00
3da638e37e
Using dynamic prefix in table
2024-09-25 00:58:09 +02:00
14f1d6a786
Add Msf::Exploit::Remote::HTTP::Wordpress::SQLi
2024-09-25 00:33:19 +02:00
9f4fa3ba67
Make lib/msf/core/exploit/remote/http/wordpress/admin.rb a tad more portable
...
- Randomize the license header, based on examples from
https://developer.wordpress.org/plugins/plugin-basics/header-requirements/ ,
as plugins developers are likely copy-pasting them in their own plugins.
- Use the php_preamble/php_system_block combo instead of hardcoding
system/base64, as `system` might not be available on some WordPress
deployments, and the combo has some low-hanging evasions for this case.
2024-09-17 21:53:27 +02:00
6e696e24e5
Land #19457 , WP Plugin LiteSpeed Cache Account Take Over Module
2024-09-17 06:30:33 -04:00
84a8eb7273
Respond to comments
2024-09-16 09:46:57 -07:00
Valentin Lobstein