862194d63f
Documentation and rubocop changes
2023-12-11 19:01:35 -05:00
04361e1005
Land #18524 , Update reverse_tcp.md, improper switches
2023-11-13 12:08:00 +00:00
1da4333611
Land #18434 , Add module for Zoneminder RCE
...
This PR adds an RCE module for the Zoneminder video
surveillance software system (CVE-2023-26035).
2023-11-10 15:15:01 -05:00
fec66b5bbe
Update reverse_tcp.md, improper switches
...
Improper usage of switches presented in documentation
2023-11-09 19:36:28 -05:00
5d5f711dcd
updated documentation
2023-11-09 22:40:36 +00:00
b5aeab0c9f
Merge #18491 , Add Module for PL/SQL Developer to gather credentials
...
Merge branch 'land-18491' into upstream-master
2023-11-09 11:18:52 -06:00
893da00c6a
Modify Table DisplayName and password matching regex
2023-11-09 13:58:14 +08:00
9c23f86d83
Add support for v15 new encryption algorithm
2023-11-09 05:08:27 +08:00
77a93e452f
Land #18507 , Exploit & Auxiliary modules for CVE-2023-20198 and CVE-2023-20273 (Cisco IOS XE)
...
Merge branch 'land-18507' into upstream-master
2023-11-08 09:05:40 -06:00
64c9968328
Update cisco_ios_xe_os_exec_cve_2023_20273.md, which was missing CISCO_ADMINUSERNAME and CISCO_ADMIN_PASSWORD in the show options command output
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2023-11-08 09:16:12 +00:00
06369281b9
Land #18503 , Apache Nifi Cred Stealer Post Module
...
This PR adds a post module to steal config and credential
information for Apache NiFi.
2023-11-07 20:05:10 -05:00
d4166098a8
Update to be compatible for PL/SQL 14
2023-11-08 01:15:22 +08:00
f1317fa050
review comments
2023-11-06 18:34:36 -05:00
0ce7b03397
update nifi credentials post module
2023-11-06 14:50:02 -05:00
25ef7d1272
add the RCE exploit
2023-11-06 17:12:40 +00:00
8364ae896b
add the CLI command to sue to enable testing the WebUI
2023-11-06 17:11:39 +00:00
e8d45b00ba
Land #18501 , Exploit module for CVE-2023-46604 - Apache ActiveMQ
...
Merge branch 'land-18501' into upstream-master
2023-11-06 09:30:48 -06:00
b28668790d
allow user to explicitly specify a CLI mode. Valid modes are 'user', 'privileged', and 'global'.
2023-11-06 11:40:22 +00:00
10ee87c712
Add an optional CISCO_ADMIN_USERNAME and CISCO_ADMIN_PASSWORD options. If set these admin creds are used to leverage CVE-2023-20273. If not set, then CVE-2023-20198 is used to create a new temp admin account before leveraging CVE-2023-20273
2023-11-06 10:20:07 +00:00
be1229747f
fix another typo on documentation
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2023-11-06 09:47:38 +00:00
22cb55b36b
fix type on documentation
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2023-11-06 09:47:23 +00:00
1cde6198b5
Land #18481 , MagnusBilling unauthenticated RCE [CVE-2023-30258]
2023-11-03 20:42:27 +01:00
a55132b36f
strip out "**CLI Line # " from the results and use print_line instead of print_status for cleaner output.
2023-11-03 17:09:08 +00:00
c8121ebd8e
mention dropping to User EXEC mode via two exit keywords
2023-11-03 16:43:21 +00:00
17420289dc
Add two auxiliary modules for the recent Cisco IOS XE exploit chain bugs (CVE-2023-20198 and CVE-2023-20273). This allows for unauthenticated remote CLI or OS command execution.
2023-11-03 15:38:35 +00:00
c27412a1ac
Land #18494 , Add AjaxPro Deserialization RCE
...
This PR adds a module which leverages an insecure
deserialization of data to get remote code execution
on the target OS in the context of the user running
the website which utilized AjaxPro.
2023-11-02 13:54:17 -04:00
00104ce467
Update documentation to specify bin directory
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2023-11-02 17:41:21 +00:00
8b70c3ec77
Update documentation/modules/exploit/multi/misc/apache_activemq_rce_cve_2023_46604.md
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2023-11-02 17:40:54 +00:00
17f7d5c253
Land #18497 , Add Exploit For F5 CVE-2023-46747
...
This module exploits a flaw in F5s BIG-IP Traffic Management User
Interface (TMUI) that enables an external, unauthenticated
attacker to create an administrative user. The attacker can then use
the admin user to execute arbitrary code in the context of the root user.
2023-11-02 11:46:15 -04:00
d26742a266
Add check code annotations, update AJP link
2023-11-02 08:53:56 -04:00
42cf28dbbe
nifi creds stealer
2023-11-02 06:56:33 -04:00
05f0b6a70c
change the verification stesp to be for alinux target, as the testing steps above are for linux
2023-11-02 10:28:21 +00:00
58d03a3dab
add in documentation
2023-11-02 10:26:02 +00:00
9f9f18c73f
Apply suggestions from code review
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2023-11-02 10:10:26 +08:00
9c67b92a4d
Rename the other TMUI RCE module
2023-11-01 16:55:42 -04:00
7b53592b4f
Add module docs
2023-11-01 16:55:41 -04:00
ad6e4618df
third release module with minor text changes
2023-10-31 09:29:13 +00:00
bfff35eb63
second release module with php fix
2023-10-31 09:05:51 +00:00
00ccebe8ce
Upadte documentation for AjaxPro Deserializaion RCE
2023-10-31 13:31:10 +08:00
df47814029
Land #18454 , add AppleTV and Axis Login Doc files.
2023-10-30 16:38:14 -04:00
ec3cf74ff3
Land #18492 , Add module for Citrix Bleed (CVE-2023-4966)
2023-10-30 17:25:53 +01:00
40683ff591
Add document for AjaxPro Deserialization RCE Module
2023-10-28 01:37:34 +08:00
1dc4e35134
Fix typos and log vulnerable servers
...
Log servers that are vulnerable but don't leak any cookies
2023-10-27 11:47:01 -04:00
93c13ad6a7
Apply document suggestions from code review
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2023-10-27 02:02:00 +08:00
d960aa522c
Land #18348 , Splunk account take over (CVE-2023-32707) leading to RCE
2023-10-26 11:34:02 -04:00
94ede61a99
Add module docs
2023-10-26 09:52:59 -04:00
d07ad325b2
Add document for PL/SQL Developer gather credential module
2023-10-26 19:38:52 +08:00
9e5e57390f
Land #18194 , Useradd post module
2023-10-25 19:29:59 +02:00
5c89df694c
added documentation
2023-10-24 18:34:29 +00:00
ff9639e6a6
Land #18460 , VMWare Aria Operations for Networks (vRealize Network Insight) Static SSH key RCE
2023-10-24 17:32:28 +02:00
Jack Heysel