a59e7e196d
Land #14701 , Rename Nagios XI authenticated RCE module and integrate Nagios XI mixin
2021-04-13 18:58:29 -05:00
9379f0356b
Add in 5.6.5 exploitation scenario to documentation
2021-04-13 17:42:47 -05:00
0aada27128
Update the documentation to account for the fact that the plugin name has to be check_ping and also update the module to randomize some of the fields where possible.
2021-04-13 17:15:34 -05:00
cdd589f592
Update documentation to wrap some overly long lines to meet msftidy_docs.rb requirements.
2021-04-13 16:36:38 -05:00
ead9d73dc5
Add in fixes from review to documentation and module
2021-04-13 16:34:13 -05:00
7c575cd38f
Land #15007 , add a chrome renderer exploit (CVE-2020-16040)
2021-04-08 22:18:20 +01:00
926f051377
Land #14978 , add Gitea and Gogs exploit modules
2021-04-07 13:44:43 -05:00
258b9d3e28
Land #14998 , Change CVE references from CVE Details to NVD
2021-04-07 10:10:55 +01:00
c863c324ae
Add exploit for CVE-2020-16040
2021-04-06 17:25:27 +05:30
4020813b42
Correct broken or redundant CVE references
2021-04-05 13:06:50 -05:00
cfc6b0a8ba
Land #14971 , add Apache OFBiz SOAP Deser rce
2021-04-05 11:44:40 -05:00
a803e1e932
remove spare comma
2021-04-05 09:33:20 -05:00
71914a1ddb
Land #14813 , additional dup scout bof targets
2021-04-01 13:03:57 -05:00
2df90d8d23
Rebase, rename module to nagios_xi_plugins_check_plugin_authenticated_rce, update check to take advantage of mixin, minor improvements
2021-04-01 11:07:49 -04:00
2cbd1a6be9
Land #14935 , add F5 iControl REST API SSRF RCE
2021-04-01 08:40:38 -05:00
0e7c11ada3
Rename module and modify it to use the Nagios XI mixin, add autocheck, fix syntax and linting, also update docs
2021-04-01 09:26:16 -04:00
8cdaf9791d
Land #14950 , add saltstack salt api rce
2021-03-31 14:50:30 -05:00
9eacda5552
add wait time line to test output
2021-03-31 14:47:34 -05:00
69a0c9420b
Add module doc
2021-03-31 14:02:32 -05:00
9806026ab9
Update from code review
2021-03-31 17:48:35 +02:00
73a8b7aa5f
Add Gitea and Gogs RCE modules and documentations
2021-03-31 16:47:29 +02:00
151b8f2f92
Update vmware_vcenter_uploadova_rce module doc
2021-03-30 21:08:21 -05:00
a0a4bc079a
Add the exploit module for CVE-2021-26295
2021-03-30 18:18:16 -04:00
9d85af51cb
Land #14945 , Proxylogon RCE (Praetorian update)
2021-03-29 12:04:19 -04:00
11f4946817
Tweak some ProxyLogon verbiage for clarity
2021-03-29 10:07:43 -04:00
02b240b22a
code review
2021-03-29 14:23:39 +04:00
00698d20bf
Add waiting status message and update doc
2021-03-26 14:59:27 +01:00
b069fec866
Add module and doc for Saltstack Salt API wheel_async RCE
2021-03-26 13:54:06 +01:00
006faaab9a
Land #14924 , Add auxiliary and exploit modules for CVE-2020-6207 in SAP Solution Manager
2021-03-25 17:48:56 -04:00
b066145cf1
Minor updates
...
Updated documentation auxiliary module cve_2020_6207_solman_rce.md
Updated documentation in exploit module cve_2020_6207_solman_rs.md
2021-03-25 17:07:20 +03:00
6505f9ccbd
Land #14830 , Adding FortiLogger 4.4.2.2 - Unauthenticated Arbitrary File Upload (CVE-2021-3378)
...
Merge branch 'land-14830' into upstream-master
2021-03-24 17:41:10 -05:00
e2dfca86f9
Add warning for failures after rebooting to the documentation.
2021-03-24 17:32:08 -05:00
f01b434160
Land #14896 , Fix apache_activemq_upload_jsp exploit module for Java 8
2021-03-24 10:22:03 -05:00
9d7e9990f4
Update documentation wording a bit to be more appropriate
2021-03-24 09:17:22 -05:00
2dcd0fad04
Land #14860 , Auxiliary/Exploit Scanner/Gather/RCE for Exchange ProxyLogon (CVE-2021-26855)
2021-03-23 13:10:15 +01:00
d76224066f
Rename option URIPATH to TARGETURI
2021-03-23 13:33:39 +03:00
37b0552803
last code review before land
2021-03-22 23:20:40 +04:00
d4d9001c84
Fix typos
2021-03-22 14:16:45 -05:00
8605fe4529
Use POST for the check method and write the module docs
2021-03-22 15:04:21 -04:00
6e13a26fd3
Delete links to launchpad.support.sap.com in doc files
2021-03-22 11:03:53 +03:00
c543b44fc2
fix: CmdStagerFlavor, add: Powershell target, ...
2021-03-21 22:47:27 +04:00
42726a70c0
client.rb - library for auxiliary and exploit modules
...
cve_2020_6207_solman_rce.rb - auxiliary module
cve_2020_6207_solman_rce.md - documentation for auxiliary module
cve_2020_6207_solman_rs.rb - exploit module
cve_2020_6207_solman_rs.md - documentation for exploit module
2021-03-21 16:51:21 +03:00
308a42e95b
Fix apache_activemq_upload_jsp exploit module for Java 8
2021-03-20 15:26:34 +00:00
f5c807590c
a last round of review + rubocop
2021-03-20 01:23:43 +04:00
6e34a80693
fix. OAB + code review
2021-03-19 10:19:57 +04:00
2c1869f9df
Land #14907 , Add exploit for CVE-2021-1732
...
Merge branch 'land-14907' into upstream-master
2021-03-18 14:29:59 -05:00
fb7a97077f
Land #14875,CVE-2021-21978 - VMWare View Planner Harness 4.6.x < 4.6 Security Patch 1 Arbitrary File Upload RCE
...
Merge branch 'land-14875' into upstream-master
2021-03-18 12:06:12 -05:00
b1c3c49eb5
Land #14757 , nagios_xi_magpie_debug: add writable paths, improvements, cleanup, fixes
2021-03-16 17:43:43 -05:00
0bff88c0c0
Update the module metadata and add module docs
2021-03-16 10:40:34 -04:00
e30d8db082
nagios_xi_magpie_debug: add writable paths, improvements, cleanup, fixes
...
Resolve Rubocop violations
Fix off-by-one in array index triggered when no file upload succeeds
Fix cleanup: ensure files are removed when upload succeeds but execution fails
Add AutoCheck
Add module notes
Add error handling and associated operator feedback
Add additional writable paths required for some old Nagios versions
Add fallback to session as `apache` if privlege escalation fails
Update documentation in line with above changes and fix software download links
2021-03-16 07:13:55 +00:00
Grant Willcox