da9d04d32d
Land #18461 , CVE-2023-22515 - Atlassian Confluence unauthenticated RCE
2023-10-19 10:22:57 +02:00
c63aaba760
add in documentation for Options
2023-10-18 10:05:05 +01:00
1c027ac05c
add an RCE exploit for CVE-2023-22515
2023-10-16 20:50:18 +01:00
05dd2e1473
Land #18351 , Apache Superset RCE (CVE-2023-37941)
2023-10-12 17:10:10 -04:00
86b7ec4518
Address comments from the review
2023-10-12 09:50:19 -04:00
4f734379d3
Add module docs and print some messages
2023-10-12 09:27:26 -04:00
7ffc1ca491
undo some spelling fixes when upstream has those issues
2023-10-11 06:30:11 -04:00
557a15a115
spelling fixes on docs
2023-10-10 14:46:18 -04:00
fb834b235a
Land #18417 , Add Kibana Upgrade Assistant RCE
...
Kibana before version 7.6.3 suffers from a prototype
pollution bug within the Upgrade Assistant. This PR adds
an exploit module to exploit the bug. There is no CVE
for this issue at the moment.
2023-10-06 17:29:02 -04:00
fe9afc94c7
Update documentation/modules/exploit/linux/http/kibana_upgrade_assistant_telemetry_rce.md
2023-10-06 16:45:52 -04:00
931a67d290
kibana telemetry rce rewritten to use fetch payloads
2023-10-06 09:55:10 -04:00
5e0538a239
review comments round 1
2023-10-05 13:12:33 -04:00
623b589fb5
When I removed the PowerShell target I forgot to update the documentation, this commit updates the documentation to reflect the changes made to the exploit module.
2023-10-04 17:03:28 +01:00
88eb44be64
kibana telemetry rce
2023-10-02 16:53:20 -04:00
1695a12c9c
Explicitly state both the release name (e.g. 2022.0.2) and the version number (e.g. 8.8.2) in a more consistent way.
2023-10-02 17:40:11 +01:00
53ed4a632b
add in exploit module for CVE-2023-40044 - WS_FTP unauthenticated RCE via .NET deserialization.
2023-10-02 11:42:19 +01:00
50155e3d94
Land #18389 , Juniper Junos OS PHPRC Manipulation RCE (CVE-2023-36845)
2023-09-29 18:05:28 +02:00
2928d47312
Merge branch 'junos_phprc_auto_prepend_file' of github.com:jheysel-r7/metasploit-framework into junos_phprc_auto_prepend_file
2023-09-28 14:43:46 -04:00
58642c16c9
Changed WebSocket to SSH
2023-09-28 14:41:03 -04:00
4fecb4d2e2
Update documentation/modules/exploit/freebsd/http/junos_phprc_auto_prepend_file.md
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-09-28 14:37:36 -04:00
3f15de3995
Responded to Christophes suggestions
2023-09-28 14:26:37 -04:00
e7ab983279
Minor code changes
...
Changes include:
* Remove the PAYLOAD key which didn't do anything
* Add the missing payload size constraint
* Use #retry_until_truthy
2023-09-28 13:19:26 -04:00
89940e8b08
use the correct naming convention for normal options.
2023-09-28 16:36:18 +01:00
ad7ff705c7
add in a Linux target
2023-09-28 14:57:02 +01:00
fbd5e60cfc
add in coverage for CVE-2023-42793. Currently only a Windows target.
2023-09-28 12:31:59 +01:00
1058291af9
Land #18314 , Windows Error Reporting RCE (CVE-2023-36874)
2023-09-27 15:25:06 +02:00
2c9932b242
Update documentation - Options section
2023-09-27 15:17:04 +02:00
9a1881cbcf
jvoisin suggestions
2023-09-26 18:42:14 -04:00
09f3a98d13
Finished JAIL_BREAK addition
2023-09-26 16:45:28 -04:00
0b84feaf60
updates from code review
2023-09-26 14:03:31 -05:00
1e69086d24
Land #18365 , TOTOLINK X5000R Wireless GigaBit Router Unauthenticed RCE [CVE-2023-30013]
2023-09-21 11:27:19 +02:00
6e11f4353b
Updates addressing cdelafuente-r7 comments
2023-09-20 22:14:48 +00:00
da8c020d14
Junos OS SRX and EX PHPRC Manipulation RCE
2023-09-20 16:47:05 -04:00
b4a1bb8fa2
Add docs and support for shell sessions; update exe to work without runtime lib.
2023-09-19 17:50:18 -05:00
525c957af2
Land #18333 , Lexmark Device Embedded Web Server RCE (CVE-2023-26068)
2023-09-19 10:32:59 +02:00
bfa876c3a1
Land #18283 , Apache Airflow 1.10.10 - Example DAG Remote Code Execution
...
CVE-2020-11978 + CVE-2020-13927
Merge branch 'land-18283' into upstream-master
2023-09-18 17:00:19 -05:00
23dc1a487d
Land #18321 , Add Ivanti Avalanche MDM Buffer Overflow Exploit (CVE-2023-32560)
2023-09-18 10:43:45 +01:00
f9cdfef304
Move module and documentation from multi/http to linux/http
...
* Update documentation scenarios for Docker on Debian 10 and Kali Linux 6.4
* Slightly modify the documentation scenario for Docker on Windows 10
2023-09-17 22:42:26 +08:00
e34ed10eca
superset rce more stable
2023-09-15 16:29:05 -04:00
d12b1778e5
Merge branch 'rapid7:master' into apache_airflow_dag_rce
2023-09-15 22:06:43 +08:00
46832abd49
Land #18358 , Add a Thrift RPC client
...
This PR adds a Thrift RPC client and updates
two modules to make use of the new addition.
2023-09-14 19:01:13 -04:00
21cab0eccd
updated documentation
2023-09-14 18:38:34 +00:00
784f3118f0
third release module and documentation
2023-09-14 17:59:59 +00:00
619a46d450
working hashes for apache superset rce
2023-09-14 13:21:01 -04:00
cf4757a6cb
Update installation steps.
2023-09-14 18:51:48 +02:00
9fbfe63b2f
Update documentation/modules/exploit/windows/misc/ivanti_avalanche_mdm_bof.md
...
Co-authored-by: cgranleese-r7 <69522014+cgranleese-r7@users.noreply.github.com >
2023-09-14 16:39:15 +00:00
8b56dc0117
Land #18250 , CVE-2023-28252: Windows CLFS Driver Privilege Escalation
2023-09-14 10:18:29 +01:00
686d704b37
superset rce wip
2023-09-13 15:26:29 -04:00
930063fe91
Merge branch 'rapid7:master' into apache_airflow_dag_rce
2023-09-13 23:51:47 +08:00
e82bff37e1
Land #18330 , Ivanti Sentry MICSLogService Auth Bypass resulting in RCE (CVE-2023-38035)
2023-09-13 10:15:59 +01:00
Christophe De La Fuente