8ee90bf2c7
Adding module for CVE-2024-21683
...
This adds a module to exploit an authenticated admin-level Rhino script engine injection vulnerability for RCE in Atlassian Confluence.
2024-07-09 14:19:15 -05:00
1abc42a873
Add module
2024-07-09 18:34:27 +02:00
aabd9febb2
Land #19274 , Ivanti EPM SQLi to RCE
...
This adds an exploit for CVE-2024-29824, an unauthenticated SQLi
which can be used to obtain RCE in Ivanti Endpoint Manager 2022 SU5 and
prior
2024-07-08 12:52:34 -07:00
702aff81ce
second release module
2024-07-08 19:35:34 +00:00
8e598acaeb
first draft release
2024-07-08 06:53:16 +00:00
2e1dfa62c1
One small change in check method
2024-07-05 06:55:37 +00:00
7ad152694a
Addressed two more review comments
2024-07-04 20:49:17 +00:00
594de4681f
Second release module addressing cdelafuente-r7 comments and added documentation
2024-07-04 20:31:02 +00:00
d89df446bf
WIP - added module for CVE-2024-34102
...
on-behalf-of: @redwaysecurity info@redwaysecurity.com
2024-07-04 16:24:39 +02:00
f7902c2826
Land #19295 , MOVEit Transfer SFTP auth bypass
2024-07-04 04:27:50 -04:00
df8f281d18
Land #19204 , Zyxel VPN Series Pre-auth Command Injection
2024-07-03 20:14:39 +02:00
b67f05f50d
Apply suggestions from code review
2024-07-03 13:51:50 -04:00
7e4c6ca028
Added code to print stdout of payloads without reverse connections
2024-07-03 09:36:36 -07:00
cb3966da7f
reduce the nesting in read_file by 2 levels
2024-07-03 17:12:03 +01:00
4ca2ce35eb
use synchronous calls to open, read and close (as the async calls were not being waited on, so moving to the sync implmentations of these avoids that problem), thanks @cdelafuente-r7 :)
2024-07-03 16:38:31 +01:00
0b6d3057ca
fix typos in comments
2024-07-03 16:36:15 +01:00
1e0db9ec83
Land #10113 , Azure CLI steal tokens post module.
2024-07-03 11:32:04 -04:00
1d602da6b5
Added space between command and stderr/stout redirection
2024-07-03 08:23:38 -07:00
9d5ea1f2b7
call sftp.close in an ensure block in case seomthing throws an excpetion. we probably dont *have* to do this (as teh SFTP session will be torn down either way), but it seems like best practise *to* so this.
2024-07-03 16:21:42 +01:00
e1916974a1
we can use glob rather than foreach to recursivly list the contents of a folder
2024-07-03 16:20:27 +01:00
840da8d181
explicitly register an Opt::Proxies option
...
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com >
2024-07-03 10:45:45 +01:00
8422b4cf39
add in support to net/sftp for Metasploits pivot system, by using a new Rex::Socket::Tcp socket when creating the underlying SSH protocols socket.
2024-07-02 16:09:25 +01:00
ec32b76904
The RPORT we register as an option should be 22, not 80. We can also remove the DefaultOptions, RPORT is covered and SSL does not make sense here.
2024-07-02 15:55:09 +01:00
562e93fe3b
First release module
2024-07-02 14:54:04 +00:00
eb81a786d1
replace uri unescape with new proper methods
2024-07-01 15:52:01 -05:00
0d7efcaabc
add in AKB analysis link and fix some typos
2024-07-01 09:25:19 +01:00
90ef017cfb
Land #19289 , Update apache_nifi_credentials algo regex
2024-06-28 15:59:24 +01:00
eb0933fc9a
Update apache_nifi_credentials algo regex
2024-06-28 10:36:35 -04:00
52142f280f
MS-9454 Redis Scanner: Support versions
...
Updating the Redis Login Scanner to properly support all versions of Redis and their implementations to handle the `AUTH` command.
2024-06-28 15:25:49 +02:00
6dc1b6a6e4
fix slashes for linux on azure_cli
2024-06-27 10:45:05 -04:00
aff9e07f1f
add in the aux gather module for CVE-2024-5806
2024-06-27 09:32:47 +01:00
a5afdd6e04
Land #19205 , Add MS-NRPC users enumeration module
2024-06-24 18:52:47 -04:00
858a2f8400
Fix rubocop issues
2024-06-24 18:21:49 -04:00
b4975f6a23
updates to azure cli creds
2024-06-24 17:06:04 -04:00
9cfaa2e69f
Lowered rank and explained mock testing
2024-06-24 09:13:46 -07:00
dc2adc0798
Land #19259 , warn on weak meterpreter keys
...
Fixing meterpreter to support is_weak_key byte flag from mettle
2024-06-24 08:58:40 -04:00
24fa34e7b9
Land #19188 , Netis MW5360 unauthenticated RCE [CVE-2024-22729]
2024-06-24 13:40:51 +02:00
09debbb93f
fix: fixed rubocop issue
2024-06-24 05:33:30 -04:00
2de112891c
fix: fixed payload cached size
2024-06-24 05:21:07 -04:00
2f238fcd24
Code review
2024-06-21 10:13:08 +02:00
ecb628eaab
Add module and documentation
2024-06-20 15:30:54 +02:00
2e51b37f1c
Land #19267 , Escape LDAP query string filters
2024-06-20 10:42:19 +01:00
bae70a4b98
Land #19255 , Add SolarWinds Serv-U aux module
...
This module exploits an unauthenticated file read vulnerability, due to
directory traversal, affecting SolarWinds Serv-U FTP Server 15.4, Serv-U
Gateway 15.4, and Serv-U MFT Server 15.4. All versions prior to the
vendor supplied hotfix "15.4.2 Hotfix 2" (version 15.4.2.157) are
affected.
2024-06-19 10:54:45 -07:00
06c0c7392f
Rubocop add space after comma
2024-06-19 13:20:52 -04:00
fd9c74766d
Update Windows TARGETFILE matching
2024-06-19 13:15:35 -04:00
a6fd6defcb
Escape LDAP query strings
2024-06-18 17:47:56 -04:00
08575d0895
Land #19176 , Add missing Arch parameter
...
Adding Arch parameter to dnn_cookie_deserialization_rce module
2024-06-18 17:07:08 -04:00
0110ed2b2a
Land #19253 , Corrected a mistaken CVE
...
Corrected a mistaken CVE-ID in exploit references.
2024-06-18 15:52:55 -04:00
c1826cd2f3
Land #18829 , Allow multiple HttpServers in module
...
Adding multiple HttpServer services in a module is sometimes complex
since they share the same methods. This usually this causes issues where
on_request_uri needs to be overridden to handle requests coming from
each service. This updates the cmdstager and the Java HTTP ClassLoader
mixins, since these are commonly used in the same module. This also
updates the manageengine_servicedesk_plus_saml_rce_cve_2022_47966 module
to make use of these new changes
2024-06-18 09:51:38 -07:00
5ec4f25e95
Class variable changed back to an instance variable
2024-06-18 17:57:54 +03:00
remmons-r7