82c8b5418e
Land #17936 , PaperCutNG Authentication Bypass with RCE
2023-06-07 15:05:51 +02:00
f88cb3b847
Land #18039 , gitlab file read CVE-2023-2825
2023-06-07 13:07:54 +02:00
4950cb3424
review adjustments
2023-06-06 16:24:38 -04:00
0d094f8645
Land #17917 , shell_to_meterpreter: Support using bind payloads with PAYLOAD_OVERRIDE
2023-06-05 13:36:30 -05:00
d029b26b4f
Land #18062 , Created mixin to retrieve the architecture of the current shell.
2023-06-05 12:58:57 -05:00
4e91a4e93d
refactor archer_c7_traversal as gather module
...
* Update modules landed as a scanner into a more appropriate category.
* Adds a check method based on TP-link default `TITLE` html.
* Rename module consistent with existing exploit.
2023-06-05 09:07:11 -05:00
795980260b
Created mixin to retrieve the architecture of the current shell.
...
Currently only supports Windows, but does work on Win2000 upwards.
2023-06-05 11:10:53 +10:00
8f3325bcf8
move gitlab_auth_subgroups to gahter instead of scanner
2023-06-02 18:06:44 -04:00
734e0b099e
Land #18018 , Add in CVE-2023-29084
...
Add in CVE-2023-29084 - Zoho ManageEngine ADManager Plus ChangePasswordAction
Authenticated Command Injection
2023-06-02 12:14:43 -04:00
1e9d286c77
Land #18044 , Add MIPS64 Linux Fetch Payloads
...
Merge branch 'land-18044' into upstream-master
2023-06-02 10:53:43 -05:00
7728e1e2fb
Add in new library function for escaping PowerShell literals
2023-06-02 10:22:56 -05:00
617aff5a43
Fix up supported payloads and remove nonused parameter
2023-06-02 09:48:03 -05:00
f7d2cdae56
Add in ability to restore settings n documentation changes.
...
Previously there was not the ability to restore the server proxy setting.
This updates the code to do so. Additionally this also updates the documentation
to note that Fetch payloads are incompatible with this module since they
use HTTP connections that will be impacted by this module changing the server's
HTTP proxy settings. There is no way around this.
2023-06-02 09:48:03 -05:00
965311d09e
Fix documentation and fix bug in creating PARMS value
2023-06-02 09:48:02 -05:00
6e89f9b275
Address review comments
2023-06-02 09:48:02 -05:00
3ab4173d6c
Fix up base64 encoder to properly quote strings - credit to @smcintyre-r7 for the fix
2023-06-02 09:48:02 -05:00
8577f21e52
Add in documentation and updated code
2023-06-02 09:48:01 -05:00
05bb3cd182
Update again
2023-06-02 09:48:01 -05:00
c78a9bac1d
Remove dropper target and try expand potential BadChars and limit payload size???
2023-06-02 09:48:01 -05:00
6d066dc649
Add in initial copy of exploit
2023-06-02 09:47:49 -05:00
8b641c4c97
Land #18055 , Update aws_keys to run against linux
...
Update post/multi/gather/aws_keys to run against linux sessions
2023-06-02 09:28:13 -04:00
4661e9721e
Land #18002 , Added cmd useradd payload
2023-06-02 12:53:49 +02:00
da2e339ae8
review adjustments
2023-06-02 05:15:44 -04:00
f6dc2c007a
Fix up messages to more closely match check code messages and fix typos
2023-06-01 12:38:20 -05:00
c6816fceec
Update post agther aws keys to run against linux
2023-06-01 18:19:11 +01:00
d535bb87ad
Fix up logic to handle check_host return codes
2023-06-01 12:17:59 -05:00
4183cd444d
Added unixcrypt to payload
2023-06-01 12:30:26 -04:00
8ed981e575
Land #18003 , Archer c7 traversal
2023-06-01 17:37:13 +02:00
8378435051
Land #17430 , Add AWS SSM Sessions
2023-06-01 11:34:40 -04:00
c336f179d6
Gave rootmethod option better description
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-06-01 11:32:39 -04:00
d868d0ec14
Fixed double checking of sudoers
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-06-01 11:32:03 -04:00
1267d067b3
move gitlab_subgroup to gitlab_authenticated_subgroup
2023-05-31 15:29:00 -04:00
3875947f7d
Removing unnecessary assignment
2023-05-31 19:17:30 +00:00
0e477bdc9a
Used unixcrypt to create encrypted password
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-05-31 13:47:29 -04:00
2fab56f905
Made cachesize dynamic
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-05-31 13:46:05 -04:00
6756047f1f
Land #18028 , Add Apache NiFi login scanner module
2023-05-31 12:25:18 -05:00
6351c66b1e
Update modules/exploits/multi/http/papercut_ng_auth_bypass.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-05-31 08:56:13 -07:00
6ad9ebb5c0
Update modules/exploits/multi/http/papercut_ng_auth_bypass.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-05-31 08:48:53 -07:00
1fd2d41835
Fix typos and add dig for safe navigation
2023-05-31 10:34:10 -05:00
cf9f9905e3
Fix more typos
2023-05-30 17:30:57 -05:00
d7098aa06d
Add MIPS64 fetch adapters
2023-05-30 15:03:06 -04:00
8a0dfa57a0
Drop size requirement and fix descriptions
...
The size requriement is used when the adapted payload is executed from
the command line but that's not the case for the fetch payloads which
execute a command to fetch the payload from a URL. The payload size
doesn't matter because it's included in the executable file hosted at
the URL.
2023-05-30 15:03:06 -04:00
530ed911f4
Fixing ZDI ID
2023-05-30 19:03:01 +00:00
b376dac34b
okay linter
2023-05-30 18:40:59 +00:00
cbf850b2b7
Apparently the comment after the rescue squelchs the linter.
2023-05-30 18:38:48 +00:00
d194cf28eb
Land #18032 , Escape braces after all in cmd/brace encoder
2023-05-30 11:18:34 -05:00
002c575ee1
Land #18036 , Fix incorrect error handling in IBM sametime enumerate users module
2023-05-30 09:53:54 -05:00
ef89219715
Land #17899 , Dolibarr 16 unauthenticated contact database dump
2023-05-30 16:41:28 +02:00
0b9aff0661
Land #18004 , VSFTPD Dos Module
...
This PR adds a dos module for cve-2011-0762
which exploits the vsftpd server
2023-05-29 17:39:02 -04:00
01359e77a7
gitlab file read CVE-2023-2825
2023-05-29 00:52:07 -04:00
Christophe De La Fuente