d8942b27a2
first release module
2024-04-01 14:49:10 +00:00
9cc294dbaf
1. Remove unused modules
...
2. Prettify code
2024-03-30 17:56:49 +03:00
c8c7e74cba
Bad indentation
2024-03-30 17:06:25 +03:00
609d356083
Extra ',' is causing ruby issues
2024-03-30 17:02:13 +03:00
e75043f00e
Module indentation was wrong
2024-03-30 16:50:48 +03:00
3dc638909f
Land #18906 , Add template data files for ESC2 and ESC3
...
Merge branch 'land-18906' into upstream-master
2024-03-29 15:29:52 -05:00
43d1bd9a2e
Add docs and fix CSRF token for v7.0
2024-03-29 14:05:39 -04:00
c7976d204c
Add module metadata and clean things up
2024-03-29 10:40:43 -04:00
2292da9164
Add the UNC loading technique too
2024-03-29 09:33:47 -04:00
9dcd0e461f
Delete the file using the file manager too
2024-03-29 09:33:47 -04:00
8fa7aa6407
Initial exploit for CVE-2024-2044
2024-03-29 09:33:44 -04:00
e6e13e7b45
Fixes from code review
2024-03-29 12:18:16 +01:00
31cf0e2633
Land #18764 , Add unauth Jenkins file read module
...
This PR adds a new module to exploit CVE-2024-23897, an unauth arbitrary
(first 2 lines) file read on Jenkins.
2024-03-28 13:29:39 -07:00
155181fd92
Apply suggestions to fix the last code review
2024-03-28 15:54:58 -04:00
14938a2d77
Apply suggestions from code review
2024-03-28 14:41:25 -04:00
9f50f12e6e
update addressing cdelafuente-r7 comments
2024-03-28 18:16:11 +00:00
d7f3fd8cc0
Land #18915 , Add Watchguard RCE CVE-2022-26318
...
This PR adds a module for a buffer overflow at the administration
interface of WatchGuard Firebox and XTM appliances. The appliances are
built from a cherrypy python backend sending XML-RPC requests to a C
binary called wgagent using pre-authentication endpoint /agent/login.
This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before
12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. Successful
exploitation results in remote code execution as user nobody.
2024-03-28 10:24:32 -07:00
d6ecd9db70
Land #19021 , update admin/mysql/mysql_enum for newer versions of mysql
2024-03-28 16:34:49 +00:00
69660c329d
Land #19017 , add better logging for failed mssql logins
2024-03-28 12:21:28 +00:00
c5e98d954b
Updates to work with newer versions of MySQL
2024-03-28 12:11:35 +00:00
6e6f1beb92
update addressing jheysel-r7 comments
2024-03-28 08:43:08 +00:00
b5d96de192
add better logging for failed logins
2024-03-27 09:54:38 -05:00
abb2eb7ffd
Land #18891 , Add RCE module for wp bricks builder
...
This PR adds the wp_bricks_builder_rce exploit module that targets a
known vulnerability in the WordPress Bricks Builder Theme, versions
prior to 1.9.6.
2024-03-26 14:46:35 -07:00
b9b4a624d9
Fix typos
2024-03-26 21:05:35 +01:00
abc39e86f9
Update modules/exploits/multi/http/wp_bricks_builder_rce.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-03-26 20:40:04 +01:00
672036f53a
Update modules/exploits/multi/http/wp_bricks_builder_rce.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-03-26 20:39:33 +01:00
8a1290c8a6
Update modules/exploits/multi/http/wp_bricks_builder_rce.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-03-26 20:39:23 +01:00
85e27b0bc3
Update modules/exploits/multi/http/wp_bricks_builder_rce.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-03-26 20:39:04 +01:00
e58c6b9df2
Land #18721 , SharePoint Unauth RCE Exploit Chain (CVE-2023-29357 & CVE-2023-24955)
...
Merge branch 'land-18721' into upstream-master
2024-03-26 12:42:22 -05:00
e775c7c20a
Land #18967 , Artica Proxy unauthenticated RCE [CVE-2024-2054]
...
Merge branch 'land-18967' into upstream-master
2024-03-25 15:25:27 -05:00
c03e4c4ab0
Land #19009 , add missing Platform to osx/local/persistence module
2024-03-25 17:31:15 +00:00
38c5c6bb11
Add missing Platform to osx/local/persistence module
2024-03-25 16:00:25 +00:00
57a45a0b55
CrushFTP exploit module CVE-2023-43177 and documentation
2024-03-25 12:41:24 +01:00
9b4114eda0
Land #18961 , Adds session documentation
2024-03-25 11:23:05 +00:00
decba4350e
Additional changes to documentation
2024-03-25 10:53:08 +00:00
0262efee8b
first release module
2024-03-24 09:32:56 +00:00
3da170a43c
smcintyre-r7 recommendation for better payload handling
2024-03-22 17:04:06 -04:00
4f6903481c
remove screenshot functionality for time being
2024-03-22 16:37:22 -04:00
f6b65993ac
ipynb vscode exploit
2024-03-22 16:26:03 -04:00
eb26b0adcc
gitlens exploit module
2024-03-22 16:22:39 -04:00
83944f7070
vsix deployment module
2024-03-22 16:14:51 -04:00
a674310c22
Land #18992 , Fix postgres version logging
2024-03-22 17:33:43 +00:00
acf9745200
Fix postgres version logging
2024-03-22 16:50:01 +00:00
f9de96cc95
mongodb ops manager diagnostic archive info disclosure
2024-03-21 17:36:15 -04:00
f617ea6e96
Update modules/auxiliary/gather/mongodb_ops_manager_diagnostic_archive_info.rb
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2024-03-21 16:39:49 -04:00
f217312ad1
module and documentation updates based on review comments (bwatters-r7/cgranleese-r7)
2024-03-21 16:13:55 +00:00
d750ea19eb
Fixes store_valid_credential conditional logic for unix/webapp/wp_admin_shell_upload module
2024-03-21 12:22:11 +00:00
2b90d33aef
Land #18618 , Add OpenNMS privesc and auth RCE
...
This module exploits built-in functionality in OpenNMS Horizon in order
to execute arbitrary commands as the opennms user. For versions 32.0.2
and higher, this module requires valid credentials for a user with
ROLE_FILESYSTEM_EDITOR privileges and either ROLE_ADMIN or ROLE_REST.
For versions 32.0.1 and lower, credentials are required for a user with
ROLE_FILESYSTEM_EDITOR, ROLE_REST, and/or ROLE_ADMIN privileges.
2024-03-20 12:54:16 -07:00
6cd7f44197
rubocop
2024-03-20 11:39:19 -07:00
149dc15b21
Add check to see if notifications are enabled
2024-03-20 11:33:15 -07:00
h00die-gr3y