f06a2d47f8
Code refactor, merging classes into one
2025-02-03 06:34:49 +01:00
f3eefc0d7e
Merge pull request #19849 from zeroSteiner/feat/mod/ldap/esc-finder-updates
...
AD CS Workflow Related Changes
2025-01-31 15:00:14 -08:00
373ea48838
Merge pull request #19847 from TheBigStonk/argus_dvr_4_lfi_cve_2018_15745
...
Argus LFI Auxiliary Module with Associated Doc (CVE-2018-15745)
2025-01-31 13:59:27 -08:00
917196b8a1
Update modules/auxiliary/gather/argus_dvr_4_lfi_cve_2018_15745.rb
2025-01-31 12:49:35 -08:00
7259548cb9
Update modules/auxiliary/gather/argus_dvr_4_lfi_cve_2018_15745.rb
2025-01-31 11:52:00 -08:00
0013db1822
Fix a regression in the loop logic
2025-01-31 14:48:57 -05:00
f8dfaae599
Guard FQDN lookup logic a bit more
...
Use DNS first, then fail back to LDAP
2025-01-31 09:42:22 -05:00
c6d03069a9
add in the documentation
2025-01-31 11:02:01 +00:00
d887ab5fac
add in module option to leverage CVE-2024-12356. This option is disabled by default, and we hit the SQLi directly.
2025-01-31 10:01:02 +00:00
2003ed7fd0
Fixed changes from rubocop linting
2025-01-31 22:55:32 +13:00
528409ba87
add in the exploit for cve-2024-12356
2025-01-31 09:20:54 +00:00
3170849147
Update modules/auxiliary/gather/argus_dvr_4_lfi_cve_2018_15745.rb
...
Adding in RPORT default option
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2025-01-31 11:21:48 +13:00
6f2ff5110e
Update modules/auxiliary/gather/argus_dvr_4_lfi_cve_2018_15745.rb
...
awesome cutting this one out then :)
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2025-01-31 11:20:22 +13:00
7adff997d2
Update modules/auxiliary/gather/argus_dvr_4_lfi_cve_2018_15745.rb
...
TIL, thanks
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2025-01-31 11:19:00 +13:00
cf9e80aa1e
Update modules/auxiliary/gather/argus_dvr_4_lfi_cve_2018_15745.rb
...
Good spot
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2025-01-31 11:15:53 +13:00
48921cadb6
Update modules/auxiliary/gather/argus_dvr_4_lfi_cve_2018_15745.rb
...
Apologies for that this is my first module. Yeah want to make sure John Page is given appropriate kudos.
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2025-01-31 11:14:51 +13:00
22818f07fa
Update modules/auxiliary/gather/argus_dvr_4_lfi_cve_2018_15745.rb
...
Oh cool, I'm new-ish to Ruby. Prefer this :)
Co-authored-by: cgranleese-r7 <69522014+cgranleese-r7@users.noreply.github.com >
2025-01-31 11:11:34 +13:00
cf5f518590
Add fetch payloads for aarch64, armbe, armle, mipsbe, mipsle, ppc, ppc64
2025-01-30 13:51:05 -06:00
37bfe9368b
Addressing comments from pull request
2025-01-30 13:01:40 +01:00
d67dcda2c6
Added Argus LFI Module and Docs
2025-01-31 00:23:34 +13:00
5c2056b2e1
Update kerberos/get_ticket to return values
2025-01-29 16:34:25 -05:00
441b671edd
Update to include return values
2025-01-29 16:34:25 -05:00
210b780f83
Refactor reporting template permissions
2025-01-29 16:34:25 -05:00
e072468042
Some adjustments for ESC4 compatibility with MSP
2025-01-29 16:34:25 -05:00
7b03844312
Consolidate the report details
2025-01-29 16:34:25 -05:00
1aa4a1f8c8
Resolve the CA address via DNS records in LDAP
2025-01-29 16:34:25 -05:00
3fb94b46c4
Update the ESC finder module's reporting
2025-01-29 16:34:25 -05:00
21b3315229
updated
...
updated
2025-01-29 20:18:05 +00:00
7ebd4f34ef
Adding Ivanti Connect Secure HTTP Login Scaner Module
2025-01-29 15:29:47 +01:00
1885b650ba
Fix ldap_login and smb_login
2025-01-29 11:10:30 +01:00
936e0dfb75
Merge pull request #19833 from cdelafuente-r7/fix/mod/petitpotam
...
Fix PetitPotam UUID when using EsfRPC with `lsarpc` named pipe
2025-01-27 13:09:14 -05:00
b3c2ae4f51
Move EfsrpcOverLsarpc module under the MetasploitModule class
2025-01-27 08:35:00 +01:00
ddf07a3d60
Link fix for exploit/multi/http/nibbleblog_file_upload
2025-01-26 19:20:12 +05:30
4a8ad46249
Merge pull request #19816 from jheysel-r7/esc_4_detection
...
Add ESC4 detection to ldap_esc_vulnerable_cert_finder module
2025-01-24 15:37:10 -05:00
bd45ae36a8
Merge pull request #19826 from zeroSteiner/fix/mod/ldap-query/run-single-base
...
Update ldap_query datastore option usage
2025-01-24 09:50:57 -08:00
f667179515
Removing execution of LINQPad file due to module recategorisation to persistence
2025-01-24 16:54:27 +01:00
712b47b0bf
Merge branch 'rapid7:master' into linqpad_deserialization
2025-01-24 16:52:29 +01:00
105559e771
Remove typo
2025-01-24 07:35:12 -08:00
45e6daea7d
Use the correct UUID when using EsfRPC with lsarpc namedpipe
2025-01-24 11:01:15 +01:00
b8f82e0fe4
Add ESC4 detection to ldap_esc_vulnerable_cert_finder module
2025-01-23 19:13:13 -08:00
378ac00c7d
Merge pull request #19750 from dledda-r7/feat/prepend-multi-arch
...
Fix Prepends in Linux Payloads
2025-01-23 14:26:44 -06:00
34f3957aea
Land #19772 , adding module for CraftCMS FTP template exploit
2025-01-23 20:21:17 +01:00
92ebabf168
Ivanti scanner template
2025-01-23 11:38:49 +01:00
af12460274
wrap tomcat dpkg command and rex version
2025-01-22 17:06:48 -05:00
a6ec468063
Use the BASE_DN and don't require QUERY_ATTRIBUTES
2025-01-22 16:15:52 -05:00
159b2bb6dc
Land #19805 , new module for LibreNMS Authenticated RCE
2025-01-20 15:33:37 +01:00
393b2167cd
Fix after applied suggestion
2025-01-20 21:24:16 +09:00
39351486e9
Update modules/exploits/linux/http/librenms_authenticated_rce_cve_2024_51092.rb
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2025-01-20 21:07:34 +09:00
b0d5cf1f6a
Stage the command to a file if failed to limit
2025-01-19 10:43:20 +09:00
22523badab
Update login check
2025-01-19 08:11:44 +09:00
Martin Sutovsky