a99fae420a
Capitalize TeamCity correctly
2024-12-17 14:27:41 +00:00
60f26f7062
fix: removing reverse_hop_http
2024-12-17 08:53:06 -05:00
f5329a71df
Added the DELETE_FILES option to delete leftover files by the exploit with the FileDropper mixin
2024-12-17 17:00:06 +05:30
4c51165ec6
Made necessary changes as mentioned by the reviewer
2024-12-17 16:07:58 +05:30
b2ab69ea51
fix: removing reverse_https_proxy payload
2024-12-17 05:03:36 -05:00
c6e3df85bb
Report creds to DB
2024-12-17 17:01:27 +11:00
4c7d1d8079
Changes from code review
2024-12-17 17:01:27 +11:00
ad44afee01
Rubocop fixes
2024-12-17 17:01:27 +11:00
a11616d189
Add support for older encryptions
2024-12-17 17:01:27 +11:00
335825a020
Search for all policies with secrets, rather than just NAAConfig
2024-12-17 17:01:27 +11:00
c2495aff58
Properly support there being no NAA creds
2024-12-17 17:01:27 +11:00
0a45480c49
Properly support multiple NAA creds
2024-12-17 17:01:27 +11:00
6054d7c5ce
Better error handling for NAA
2024-12-17 17:01:26 +11:00
d52874ac46
Allow sessions to be not required. Added documentation.
2024-12-17 17:01:26 +11:00
6ec6909850
MsfTidy fixes
2024-12-17 17:01:26 +11:00
a8a782eb2e
Get working without autodiscovery
...
Added proper credits for the original research.
2024-12-17 17:01:26 +11:00
fd3f313c64
Report multiple NAA creds, if present
2024-12-17 17:01:26 +11:00
03a4acf7d0
Rubocop fixes
2024-12-17 17:01:26 +11:00
76c29831fa
Working NAA retrieval on recent SCCM
2024-12-17 17:01:26 +11:00
2d7985b511
Add crypto structures
2024-12-17 17:01:26 +11:00
5dd55f0af4
Add initial NAA-cred-snarfing code.
2024-12-17 17:01:26 +11:00
065cee8698
Merge pull request #19739 from sjanusz-r7/add-ignorelist-to-local-exploit-suggester-datastore-options
...
Add ignorelist to local exploit suggester datastore options
2024-12-16 18:40:41 +00:00
70d5430ba8
Add ignorelist to local exploit suggester datastore options
2024-12-16 17:51:38 +00:00
09ceb48705
init commit module
2024-12-16 16:22:53 +00:00
6f9982db54
Land #19647 Added module for WSO2 API Manager RCE
...
Adds an exploit module for a vulnerability in the 'Add API Documentation' feature of WSO2 API Manager and allows malicious users with specific permissions to upload arbitrary files to a user-controlled server location. This flaw allows for RCE on the target system.
2024-12-16 07:27:23 -08:00
b33b01e0d8
Update the CachedSize for reverse_http and reverse_http payloads
2024-12-16 12:48:57 +01:00
af462f7dcf
arch linux compatibility for runc priv esc
2024-12-16 05:52:29 -05:00
eb5385a23d
msftidy & Rubocop Fixes
2024-12-16 14:45:04 +05:30
40f2eaaab1
Recognise broken SMB sessions and close them
2024-12-16 19:52:19 +11:00
08519defc7
RuboCop Fixes
2024-12-16 11:36:23 +05:30
77d0292be3
additional review for obsidian plugin
2024-12-14 17:38:29 -05:00
ab55286e0b
Land #19721 , Fix version in CVE-2020-0668 module
...
Fix version check for cve-2020-0668 Service Tracing
2024-12-13 20:47:17 +01:00
afd3d0b66c
Land #19713 , Add exploit module for WP Time Capsule RCE
...
This exploits a Remote Code Execution (RCE) vulnerability identified as CVE-2024-8856 in the WordPress WP Time Capsule plugin (versions ≤ 1.22.21). This vulnerability allows unauthenticated attackers to upload and execute arbitrary files due to improper validation within the plugin.
2024-12-12 18:19:09 -08:00
add7c7b177
Remove potential NoMethodError in fail_with call
2024-12-12 18:04:10 -08:00
48ed31f323
Fix version check
2024-12-12 17:11:53 -06:00
9c8db05dc6
Update modules/exploits/multi/http/wp_time_capsule_file_upload_rce.rb
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2024-12-12 22:06:04 +01:00
c7f7cfd848
Land #19656 Close ssh session on error
2024-12-11 17:00:17 -08:00
7cf942ca30
peer review
2024-12-11 17:49:43 -05:00
136599a29a
Merge pull request #19714 from bwatters-r7/update/projectsend-cveinfo
...
Add CVE info to projectsend module
2024-12-11 13:54:06 +00:00
5311b7014e
Add CVE info to projectsend module
2024-12-11 07:37:43 -06:00
41e7bf8812
Enhance: Rollback to register_file_for_cleanup
...
- Verified that the CWD is the WSO2_SERVER_HOME, allowing the uploaded payload file to be registered for cleanup using register_file_for_cleanup.
- Improved feedback by including the payload filename in the success message.
- Removed redundant on_new_session cleanup logic, as file management is now handled by FileDropper.
2024-12-11 11:58:53 +01:00
7b918b24c9
Add platform
2024-12-11 02:17:11 +01:00
7d559e0b34
Add exploit module for CVE-2024-8856 - WP Time Capsule RCE
2024-12-11 01:14:17 +01:00
f36d786736
Merge pull request #19696 from smashery/add_user_module
...
Add user module
2024-12-10 11:26:49 -05:00
4c0a403b64
Land #19701 , Auxiliary Module for CVE-2021-24762: WordPress Plugin Perfect Survey - 1.5.1 - SQLi (Unauthenticated)
...
Land #19701 , Auxiliary Module for CVE-2021-24762: WordPress Plugin Perfect Survey - 1.5.1 - SQLi (Unauthenticated)
2024-12-10 15:44:50 +01:00
ccf7e6942a
chore: fix rubocop
2024-12-10 14:48:18 +01:00
299f3027a8
Added SQLi mixin, Implemented check method & removed SHOW_FULL_RESPONSE option
2024-12-10 18:56:54 +05:30
b09d3033f3
Removed store_loot
2024-12-10 10:17:21 +05:30
0b5e221620
Land #19533 , Update werkzeug rce module
2024-12-09 12:56:35 -08:00
db7f05dd76
Made all the changes as requested by the reviewer dledda-r7
2024-12-09 23:44:04 +05:30
sjanusz-r7