0fab915abb
Update to use original aes_encrypt function
2024-07-24 12:14:16 +09:00
b48a2089cf
fix previous commit bug affecting original exploit
2024-07-24 11:55:05 +09:00
79ad046f56
Refactoring skywalker
2024-07-24 11:42:19 +09:00
eface45c5c
Refactoring skywalker
2024-07-24 10:19:03 +09:00
ab0433e95f
Update to target both vulnerabilities
2024-07-23 22:21:08 +09:00
61754f3c92
Add cve ref and update broken link
2024-07-23 08:43:45 +09:00
d7e50cb126
mySCADA MyPRO <= v8.28.0 Command Injection (CVE-2023-28384) exploit module
2024-07-22 16:49:40 -04:00
b65c7ecb08
added support for all openmediavault versions (0.1 - 7.4.2-2)
2024-07-20 20:55:33 +00:00
ad82481cce
Update empire_skywalker.rb
2024-07-20 21:55:39 +09:00
e6f2352248
WIP
2024-07-19 14:43:13 -07:00
636c72965c
Land #19084 , Add CVE-2022-1373 and CVE-2022-2334 exploit chain
...
Merge branch 'land-19084' into upstream-master
2024-07-19 12:22:25 -05:00
9b7b1fd16e
Land #19313 , Ghostscript Command Execution via Format String (CVE-2024-29510)
...
Merge branch 'land-19313' into upstream-master
2024-07-19 11:24:11 -05:00
4d485acb73
Remove Windows target since it doesn't work for now
2024-07-19 16:19:56 +02:00
117c2b9298
feat: Allow explicit SSL configuration in start_service method
...
The start_service method now allows users to specify their SSL preferences directly through the opts parameter. If the ssl option is not provided in opts, it will default to the value in datastore['SSL'].
This change enhances the flexibility and usability of the start_service method, preventing unintended behavior when users need to control the SSL setting explicitly.
Closes #19329
2024-07-19 12:33:13 +02:00
6ad5ba36fd
Land #19304 , Add Magento XXE File Read Exploit
...
This adds an auxiliary module for an XXE which results in an arbirary
file in Magento which is being tracked as CVE-2024-34102
2024-07-18 10:32:03 -07:00
d559a74c1d
Removed dead code
2024-07-18 11:56:22 +02:00
5d9232cc39
It must fails on SRVHOST default configuration.
...
If srvhost is set to 0.0.0.0 the framework will attempt to automatically
set it to your default LHOST although that isn't always accessible by your
target.
2024-07-18 11:15:04 +02:00
55e825bdca
Update modules/auxiliary/gather/magento_xxe_cve_2024_34102.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-07-18 07:36:48 +02:00
400e628226
Update modules/auxiliary/gather/magento_xxe_cve_2024_34102.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-07-18 07:36:24 +02:00
a5208e0c5f
Moved module to auxiliary/gather
2024-07-17 18:47:02 +02:00
236662ce37
Changed CheckCode returned value
...
As we're checking the version and not actually exploiting the vulnerability the check method should return CheckCode::Appears
2024-07-17 18:11:55 +02:00
8b9b8a2cf0
Gives the user a datastore option
...
The user can decide whether or not they want the loot to be stored on disk or printed to the console.
2024-07-17 18:09:46 +02:00
07c1d818a8
Cleaning dead code and addeding default case
2024-07-17 17:14:03 +02:00
16fefd9942
Turning off SSL datastore temporarily.
...
Briefly disable the SSL datastore option before starting the HTTP server to avoid spinning up an HTTPS server, which would cause the exploit to fail.
2024-07-17 16:44:50 +02:00
08de13fe01
Converting the version string
...
The version string needs to be converted to a Rex::Version object in order for the two values to be compared successfully.
2024-07-17 16:13:32 +02:00
5459503dc6
updated module reference of openmediavault_cmd_exec
2024-07-16 16:04:14 +00:00
a9f8475bf5
moved module + doc to exploit/unix/webapp
2024-07-16 15:50:20 +00:00
2dfe97673a
Bump metasploit_payloads-mettle to 1.0.31
2024-07-16 11:47:14 -04:00
e9c511c979
Add documentation and some updates
2024-07-16 16:34:28 +02:00
54a7ed1cfb
Added check method
...
Signed-off-by: redwaysecurity.com <heyder@redwaysecurity.com >
2024-07-16 13:31:24 +02:00
8a0c65e603
Update geoserver_unauth_rce_cve_2024_36401.rb
...
looks like a copy/paste typo from another exploit
2024-07-16 11:20:35 +02:00
882a283ea9
Land #19322 , Bump metasploit_payloads-mettle to 1.0.30
...
Bump metasploit_payloads-mettle to 1.0.30
2024-07-15 09:02:39 -04:00
f7449ea850
Land #19311 , Add GeoServer unauth RCE module
...
This adds an exploit module for CVE-2024-36401, an unauthenticated RCE
vulnerability in GeoServer versions prior to 2.23.6, between version
2.24.0 and 2.24.3 and in version 2.25.0, 2.25.1.
2024-07-12 11:07:36 -07:00
c5dad68322
Remove comma after the last item of a hash
2024-07-12 13:38:59 -04:00
292c177b74
Apply suggestions from code review
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-07-12 19:20:46 +02:00
07cc3bbf74
Further updates to x11
2024-07-12 13:57:24 +00:00
a93a6dddf9
Merge branch 'rapid7:master' into xspy
2024-07-12 06:49:52 -04:00
5d1ee84cb0
Bump metasploit_payloads-mettle to 1.0.30
2024-07-12 05:17:19 -04:00
5d210b548b
added windows support
2024-07-11 16:34:07 -07:00
4e76068cea
added armle architecture support
2024-07-11 21:42:45 +00:00
04f4990318
Further x11 updates
2024-07-11 18:28:50 +00:00
1ee2131d8d
update based on cgranleese-r7 review comments
2024-07-11 16:12:52 +00:00
05fb1d3eaa
x11 library update
2024-07-11 12:34:49 +00:00
f9bd079618
Apply suggestions from code review
2024-07-10 20:45:53 -04:00
28d6ef92dd
fourth release module
2024-07-10 21:44:28 +00:00
198f3f8d9b
update based on review comments of jvoisin
2024-07-10 11:05:22 +00:00
92637c4293
third release module
2024-07-09 21:54:55 +00:00
108e60ae4d
Peer review suggestion to swap out fail_with for print_error
...
If the response to the code execution request isn't a 200, the module should error instead of fail. All versions tested returned 200s, but it's a great point that some Confluence versions might return a different status code but still pop a shell.
2024-07-09 16:23:25 -05:00
abb02a91d5
Add suggested Appears/Safe change from peer review
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-07-09 16:16:41 -05:00
0852fbfeb8
Remove two whitespaces that snuck in
2024-07-09 14:34:33 -05:00
Takah1ro