b3a0d70688
Added prefer admin
...
- One can now say whether the auto-detect user method should prefer to return the admin or other random one.
2022-10-17 15:16:16 +02:00
5d99428c1d
Changed SSH key algorithm and fix bug on cleanup
...
- Prefer to use EC over RSA, only because it is smaller
- When there was no previous ssh key for such user the cleanup method was trying to overwrite the one on the index 0
2022-10-17 14:40:51 +02:00
71a1c60d49
Sticking to the striced needed
...
The port in the Forwarded HTTP header can be random.
2022-10-17 13:01:13 +02:00
422675a0c0
Fixed code-style offenses
2022-10-17 01:08:57 +02:00
6140f0bc4d
Added method to auto-detect target user
2022-10-17 00:44:46 +02:00
9241c515d7
Try to cleanup only if there was ssh connection
2022-10-16 18:50:39 +02:00
6cfb277c90
Added cleanup method
2022-10-16 15:09:45 +02:00
45149c144c
Code cleanup and ssh key password
...
- cleaned up some unecessary code
- add option to the user set an encrypted custom ssh key
2022-10-16 13:32:25 +02:00
95b1bffdea
Do not overwrite the first two keys
2022-10-15 19:04:53 +02:00
47f6971651
It is working but need some improvements
2022-10-15 04:10:12 +02:00
31404116a5
Rename module
2022-10-14 22:19:43 +02:00
f643bba09a
Added module for CVE-2022-40684
2022-10-14 18:36:18 +02:00
487a26ee0f
Add in some missing info to examples, set default port, and update IOCs to note we include some IOCs in the logs
2022-10-12 11:19:47 -05:00
e75438d0b2
Documentation fix and minor fixes
...
Fixed the documentation according to msftidy's suggestion and removed a few unessary parts of code
2022-10-11 18:17:52 -04:00
45aa09411e
First round of edits from review
2022-10-11 15:46:04 -05:00
f67a7f395f
Modified unix_cmd payload as per suggestion
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2022-10-08 02:26:11 +05:30
ec57260c66
Adding suggested code
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2022-10-08 02:25:35 +05:30
32db330ff6
Fixing the rubocop issue
2022-10-07 11:08:01 -04:00
910ee931c2
Fixing the description of the module
2022-10-06 15:55:32 -04:00
c8cd6a7864
Adding CVE-2022-22947 Spring Cloud Gateway RCE Exploit
...
CVE-2022-22947 exploits Spring Cloud Gateway. The module has been tested with Spring Cloud gateway version 3.1.0 on Linux kali 5.18.0-kali5-amd64
2022-10-06 15:48:36 -04:00
48dd4693df
Add docs for CVE-2022-41352 (zimbra cpio), and fix some text
2022-10-06 10:46:48 -07:00
08c29f7f28
Add exploit for CVE-2022-41352 (zimbra cpio)
2022-10-06 10:23:53 -07:00
06aefb630a
string true to bool true
2022-10-03 19:50:04 -04:00
5f92d9418d
Modules: Fix Stability/SideEffects/Reliability notes for several modules
2022-10-01 17:54:59 +10:00
dd11156922
add new reference to bitbucket module
2022-09-22 16:14:18 -05:00
8d2b182c7b
add cmd stager flavors and bad characters
2022-09-21 10:54:32 -05:00
77d1328c43
add module description
2022-09-21 08:38:18 -05:00
34a6671c2d
update module to support auth & additional target
2022-09-20 18:45:14 -05:00
9738f23b51
add cmdstager
2022-09-20 10:37:10 -05:00
391e5cc891
add check method, repo search
2022-09-19 17:28:17 -05:00
52ff168c5e
Land #16914 , Add PAN-OS auth command injection module (CVE-2020-2038)
2022-09-15 17:58:07 +02:00
b37b91c233
Responded to comments
2022-09-15 10:45:11 -04:00
49cc431660
Update modules/exploits/linux/http/panos_op_cmd_exec.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2022-09-15 10:29:28 -04:00
2fcea3763f
Update modules/exploits/linux/http/panos_op_cmd_exec.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2022-09-14 12:59:56 -04:00
9b6b70cbf3
Update modules/exploits/linux/http/panos_op_cmd_exec.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2022-09-14 12:50:07 -04:00
d001bf079e
Update modules/exploits/linux/http/panos_op_cmd_exec.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2022-09-14 12:49:52 -04:00
89fadf69a7
Remove require pry
2022-09-13 13:42:26 -04:00
f11e5c162b
Rubocop
2022-09-13 13:21:18 -04:00
1c99daa836
Updated error handling
2022-09-13 12:40:59 -04:00
8a6c2dc896
Update modules/exploits/linux/http/panos_op_cmd_exec.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2022-09-12 17:35:25 -04:00
92068e3c02
Update modules/exploits/linux/http/panos_op_cmd_exec.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2022-09-12 17:34:57 -04:00
a11569fc53
Land #16944 , add Apach Spark RCE
2022-09-07 13:02:27 -05:00
65906bbb87
add curl cmd stager flavor
2022-09-07 12:45:13 -05:00
1a9e33265a
fix typos
2022-09-07 11:27:56 -05:00
6c1f7c2d8c
removed unnecessary code
2022-09-07 09:40:11 +00:00
797e450f4a
updated timer code
2022-09-06 19:08:27 +00:00
19a396304d
Update modules/exploits/linux/http/apache_spark_rce_cve_2022_33891.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2022-09-03 20:28:49 +04:00
8ba621a291
Land #16923 , Cisco ASA-X with FirePOWER Services Authenticated Command Injection (CVE-2022-20828)
2022-09-02 18:37:37 +02:00
320bd944f0
Updated default creds. Properly used fail_with. Set meterpreter to fork. Some wording and code cleanup.
2022-09-02 08:44:04 -07:00
d38494498a
added linux dropper and code review suggestions
2022-08-27 17:45:47 +00:00
Heyder Andrade