eca8af4e2a
Update roxy_wi_exec.rb
2022-07-25 16:13:14 +00:00
b16da0fe92
Update roxy_wi_exec.rb
2022-07-25 16:05:20 +00:00
88d069a77d
Add option for compiling the exploit on the target
2022-07-25 01:08:53 +02:00
9d3a57c2c5
Update the check method
...
Co-authored-by: bcoles <bcoles@gmail.com >
2022-07-23 02:44:26 +02:00
bc0b27e1e2
Apply suggestions from code review
...
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com >
2022-07-22 12:58:46 +00:00
fc3b08fb8b
Apply suggestions from code review
...
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com >
2022-07-22 12:51:40 +00:00
37f1fdd47b
Add module docs, add Ubuntu 22.04 offsets, update check method
2022-07-22 03:30:03 +02:00
e91beedc4a
Rubocop fixes
2022-07-21 17:01:56 -05:00
ebe61b50a7
Fixed parameter quotes
2022-07-21 12:25:29 +00:00
d23c175f28
Added AutoCheck and CmdStager
2022-07-21 11:39:58 +00:00
73db035e57
Add more offsets to the exploit, clean up the exploit C source, add check method
2022-07-21 01:22:20 +02:00
e316693bdc
Lint
2022-07-20 13:39:20 -07:00
09c1cf4308
Fix the CRC32 errors in the RAR file
2022-07-20 12:34:10 -07:00
fe2e413426
Add exploit for CVE-2022-34918
2022-07-20 13:51:22 +02:00
2974f55126
Better description and more random
2022-07-19 14:18:11 -07:00
3401752fa7
Check in the unrar module for cve-2022-30333
2022-07-19 14:05:15 -07:00
a7b379f292
Fix up check code segment that would never be reached due to if/else statement above
2022-07-19 16:03:44 -05:00
59ea337c6b
Fix up CVE format, add in Notes section
2022-07-19 15:58:11 -05:00
336a1feaf7
Fix up naming of module and documentation and fix most of the RuboCop and formatting errors
2022-07-19 15:44:52 -05:00
d2769ef82b
Add Roxy-WI exec
2022-07-19 21:08:45 +03:00
cf54762191
Initial commit of CVE-2022-30526 LPE
2022-07-19 03:29:11 -07:00
439606b2ac
Use a more reliable check method
...
The check method will not work regardless of whether or not there is a
cloned repository. The response can be analyzed using a random,
non-existant repo.
2022-07-11 09:48:08 -04:00
48cefee585
Cleanup the module based on feedback
2022-07-11 09:09:25 -04:00
9d979fdf4f
Finish up the sourcegraph RCE module
2022-07-08 17:27:22 -04:00
27ad62c964
Add a decent check method
2022-07-08 16:40:42 -04:00
a8c2b3bdff
Initial exploit for CVE-2022-23642
2022-07-05 16:58:22 -04:00
8c3d7ff42f
Rename Thrift related definitions
...
These definitions are only used by one exploit. BinData registers the
class name globally meaning that the Header and Data types were being
defined here which conflicted with those needed for Kerberos.
2022-07-01 11:56:55 -04:00
e4ce1c53dd
Fix reference URL link
2022-06-22 15:49:43 -05:00
3f06e237b7
Correctly format the notes sections
2022-06-10 14:01:57 +01:00
133b9e307a
Land #16563 , Zyxel Firewall Unauthenticated Command Injection (CVE-2022-30525)
2022-05-13 18:55:30 -05:00
2eb31cf765
Add in edits from review
2022-05-13 15:32:12 -05:00
6a1fe27406
Land #16442 , add vars_form_data to the HTTP client
2022-05-13 10:53:16 +01:00
23f8a0b915
Added Zyxel advisory. Added AKB reference. Used xpath as requested.
2022-05-12 07:17:37 -07:00
f3b23c072f
Added a reference to Rapid7 disclosure
2022-05-12 06:33:27 -07:00
24fa9aabe0
Fixed privilege flag. Swapped 'exploit' for 'command' in a couple of places
2022-05-12 06:24:33 -07:00
4af93ecfe2
Updated affected
2022-05-12 03:22:21 -07:00
617b4ae044
Initial commit of Zyxel unauth command injection (CVE=2022-30525)
2022-05-12 01:43:59 -07:00
93334b56ef
Properly credit Azeria and also include blog post at her request
2022-05-11 18:43:27 -05:00
8dbd6f3334
Change default target to 1 so we get benefit of avoiding some timeout issues since Unix Command may still cause server's REST API to time out at times.
2022-05-11 16:43:37 -05:00
196aac6b42
Add in PrependFork and MeterpreterTryToFork options as default to fix timeout issues and potential failure cases due to server not responding
2022-05-11 16:43:36 -05:00
27169c4ae1
Add in missing CmdStager library, add some more attribution, and add in PoC link
2022-05-11 16:43:36 -05:00
6354d7a055
Redo explanation of exploit in documentation to appropriately account for various nuances. Also update exploit title and description accordingly.
2022-05-11 16:43:36 -05:00
1bc2616c19
Update modules/exploits/linux/http/f5_icontrol_rce.rb
...
Co-authored-by: wvu <4551878+wvu@users.noreply.github.com >
2022-05-11 16:43:13 -05:00
208367d735
Improved check method reliability
...
Extra modifications:
- Promote advanced options HttpUsername and HttpPassword
- password is not really necessary, but if one have credential, can
use this module as an exec
- Fixed print statement on check
- Splitted execute_command in two, because we also send a command on the check
methods, however we don't need the checks that are in the execute_command
2022-05-11 16:43:12 -05:00
55163b86d6
Improvements
...
- Change module name and description
- Added author from the PoC
- Added reference
- Added payloads, targets and notes
- Removed headers used during the tests
2022-05-11 16:43:11 -05:00
77f60eb21e
Added module and documentation for f5 icontrol RCE (CVE-2022-1388)
2022-05-11 16:43:00 -05:00
1c934b87b4
Land #16169 , Add sploit for Cisco RV340 SSL VPN - CVE-2022-20699
2022-05-11 10:15:08 -05:00
68fdb103fe
Add in final touch ups to documentation to fix a typo or two for formatting. Also update exploit ranking since this exploit doesn't retrieve version information before exploiting and is not 100% reliable so Excellent ranking isn't appropriate
2022-05-11 09:39:47 -05:00
94e1ad3fe5
Update form data api defaults
2022-05-10 14:12:17 +01:00
4ad4ca32e8
Fix test alignment
2022-05-09 16:51:20 +01:00
Nuri Çilengir