41ebb3aa29
Land #15903 , SMB Shadow Module: Direct SMB Session Takeover
2022-01-07 16:57:17 +01:00
3051c5d9f5
Add mutex to cleanup in smb_shadow
...
The mutex will prevent multiple calls to cleanup when the module is
stopped with Ctrl-C. Add a Notes section to the documentation which
describes arpspoof usage and such.
2022-01-07 14:18:15 +09:00
3ef9afb0fc
Land #15988 , add wp catch themes file upload
2022-01-04 14:44:06 -06:00
c6372ecdf1
more wp catch themes doc and error handling
2022-01-04 04:34:42 -05:00
d8255978ac
Wordpress Plugin Catch Themes Demo Import cve-2021-39352
2021-12-24 11:56:51 -05:00
d55af3aa00
Add module doc
2021-12-23 12:27:57 -06:00
4e0fc5a4e5
Wordpress Plugin Catch Themes Demo Import cve-2021-39352
2021-12-21 20:04:09 -05:00
2705d6ae94
Land #15948 , Wordpress wp_popular_posts rce
...
Merge branch 'land-15948' into upstream-master
2021-12-20 09:28:23 -06:00
1915b1395e
Land #15742 , Added module for CVE-2021-40444
2021-12-08 17:46:02 -05:00
2f6710e02e
Remove the Not_Hosted target
...
It's not currently working and Metasploit should just handle everything
2021-12-08 17:22:44 -05:00
75deb69eab
Reformat the CVE-2021-40444 module docs
2021-12-08 16:45:22 -05:00
22ecedf135
wp_popular_posts_rce
2021-12-08 16:45:19 -05:00
852230c739
Fix bug brought in by importing Msf::Post::File
...
Split out javascript to a file and deobfuscate it
Update documentation for new targets
Fix other small suggestions
2021-12-08 10:36:27 -06:00
609bf4be3c
Update smb_shadow module to clean unnecessary code
...
Remove the return statement after fail_with which will never be reached.
Add documentation for the module options. Reset the packet forwarding
settings during the module cleanup.
2021-12-07 08:41:52 +09:00
260ea0725c
Update smb_shadow module and docs for review
...
Add mutex to module to prevent race condition. Add sleep to after arp
query to prevent arp cache restoration. Add DefangedMode to indicate
system network changes. Change module INTERFACE option to be explicit.
Remove unnecessary module payload parameters. Add module Notes.
2021-12-03 14:33:40 +09:00
77812ae4c4
Update documentation for multiple binaries, add targeting data,
...
other bcoles improvements
2021-12-02 09:57:48 -06:00
1f33305ce1
Add documentation
2021-12-01 14:54:48 -06:00
14064ff3f9
Update module description and remove extra module.
2021-11-29 15:23:02 -06:00
5fab1da09b
ms03_026_dcom: cleanup
2021-11-28 08:25:31 +00:00
e19511a31c
Update documentation for the smb_shadow module.
...
Add additional clarity and details to the existing documentation for the
smb_shadow module. Remove some outdated comments and fix some spelling
errors.
2021-11-25 08:12:13 +09:00
344bdacae4
Remove preferred payload
...
We'll add it back to Framework later.
2021-11-24 10:44:59 -06:00
e2734293e1
Add SMB Shadow Module: Direct SMB Session Takeover
...
This module intercepts direct SMB connections on the LAN.
Both the SMB Server and Client must be on the LAN.
The SMB Client must be authenticating to the Server as an Administrator.
This module is dependent on an external ARP spoofer.
2021-11-24 20:05:30 +09:00
d2c322e875
Revert option name styling in module doc
...
Bug in our local renderer's styling. GitHub renders it just fine.
2021-11-23 19:05:26 -06:00
053dc70782
Add words to module doc
2021-11-23 19:05:09 -06:00
a8daed1e79
Add module doc
2021-11-23 19:05:09 -06:00
7f6d661ff7
Land #15866 , Add Exploit For CVE-2021-38294 (Apache Storm Nimbus getTopologyHistory RCE)
2021-11-18 17:02:50 -06:00
725c5f8d8c
Add in another scenario into documentation and add additional detail to one setup step
2021-11-18 17:01:25 -06:00
a915c3ce5c
Add fixes for some of the issues raised during the review process on both the documentation and module side of things
2021-11-17 17:25:50 -06:00
a100cd77ae
Land #15858 , Add exploit for CVE-2021-42237
2021-11-15 14:24:47 -05:00
0b3f95abca
Writeup the module docs and move the protocol code
2021-11-12 15:15:51 -05:00
4505d7e834
Land #15700 , Add Aerohive NetConfig <= 10.0r8a RCE (CVE-2020-16152) module
...
Merge branch 'land-15700' into upstream-master
2021-11-11 17:03:54 -06:00
5e670638f3
Add a line suggesting TryToFork on Meterpreter might prevent the hang after exploitation
2021-11-11 16:59:09 -06:00
8d55b16ade
Fix one more mistake and rename document and module to a more easy to find name
2021-11-11 16:42:58 -06:00
27310dc002
Add in exploit and documentation for CVE-2021-42237
2021-11-10 15:52:22 -06:00
3af93cbacc
Fix up changes from timwr's review so long
2021-11-09 10:36:50 -06:00
780a9370a2
First draft of code, documentation, and exploit DLL plus exploit code
2021-11-09 10:36:40 -06:00
1dd26bca03
Land #15802 , add OMIGOD LPE
2021-11-09 10:30:50 -06:00
38973510f7
update modules (auxiliary and exploit)
2021-11-09 15:18:58 +04:00
6f4aa55022
Land #15816 , GitLab Unauth Command Injection
2021-11-03 16:57:57 -04:00
4b7c5acc5b
Changed qx delimiter to # and added it to badchars. Defaulted to a staged payload
2021-11-03 10:51:37 -07:00
68cae90f45
Fix spelling error
2021-11-03 08:51:07 -07:00
116e2b0c1d
Enabled use of cmdstager::flavor printf. Tested against a CentOS install. Updated docs. Default to MeterpreterTryToFork and enabled autocheck
2021-11-03 08:49:09 -07:00
728965b3c6
fix typos in docs
2021-11-02 20:04:06 -04:00
f778f5f00a
add cleanup, add new info and warning messages, update docs, small improvements
2021-11-02 19:58:16 -04:00
beb30f2b6a
Expanded cmdstager flavors. Removed bad variable name
2021-11-02 12:01:36 -07:00
10bb77ea4b
Addressed a wide variety of spelling and formatting issues. Added a reference. Registered TARGETURI. Randomized the image payload in check. Added additional options information to documentation.
2021-11-02 09:50:06 -07:00
b3a6d09b86
Fix wrong extension for documentation
2021-11-02 08:07:56 -07:00
0681c8780e
Land #15761 , add pie-register code exec
2021-11-02 09:17:50 -05:00
8185b26a12
change should to must in referring to id option
2021-11-02 09:15:59 -05:00
3aadb6000b
Initial version of CVE-2021-22205 GitLab Unauth RCE
2021-11-02 01:46:51 -07:00
Christophe De La Fuente