862194d63f
Documentation and rubocop changes
2023-12-11 19:01:35 -05:00
61414fab27
Refactored module to use mixin
2023-12-11 18:24:37 -05:00
397b9971a3
Clean up started
2023-11-22 21:06:55 -05:00
c0be4c2f72
working end to end unix confluence 7.18
2023-11-22 19:49:38 -05:00
e6e2106140
Auth bypass, auth, shell upload, working
2023-11-21 22:14:27 -05:00
1da4333611
Land #18434 , Add module for Zoneminder RCE
...
This PR adds an RCE module for the Zoneminder video
surveillance software system (CVE-2023-26035).
2023-11-10 15:15:01 -05:00
9ce3fdc557
added empty line after guard clause
2023-11-09 22:23:27 +00:00
4919291ec8
Update modules/exploits/unix/webapp/zoneminder_snapshots.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2023-11-09 23:21:39 +01:00
21340d0fd8
Update modules/exploits/unix/webapp/zoneminder_snapshots.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2023-11-09 23:21:26 +01:00
87cb12731e
Update modules/exploits/unix/webapp/zoneminder_snapshots.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2023-11-09 23:20:57 +01:00
e4005feb30
Update modules/exploits/unix/webapp/zoneminder_snapshots.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2023-11-09 23:20:33 +01:00
110cea8cc9
Update modules/exploits/unix/webapp/zoneminder_snapshots.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2023-11-09 23:20:17 +01:00
77a93e452f
Land #18507 , Exploit & Auxiliary modules for CVE-2023-20198 and CVE-2023-20273 (Cisco IOS XE)
...
Merge branch 'land-18507' into upstream-master
2023-11-08 09:05:40 -06:00
2a56c3f28b
remove redundant \d in check regex
2023-11-07 09:21:04 +00:00
25ef7d1272
add the RCE exploit
2023-11-06 17:12:40 +00:00
e8d45b00ba
Land #18501 , Exploit module for CVE-2023-46604 - Apache ActiveMQ
...
Merge branch 'land-18501' into upstream-master
2023-11-06 09:30:48 -06:00
ea21036995
reduce nesting in the check routine
2023-11-06 09:42:59 +00:00
4272678938
reduce the indentation in on_request_uri
2023-11-06 09:36:20 +00:00
fa8c40072c
ensure the payload doesnt contain a CDATA closing tag, if found then fail before we attempt exploitation
2023-11-06 09:36:20 +00:00
1cde6198b5
Land #18481 , MagnusBilling unauthenticated RCE [CVE-2023-30258]
2023-11-03 20:42:27 +01:00
8bb7b98ce9
Land #18506 , Fix stability issue for f5 2023-46747
...
This PR fixes a statbility issue with the
f5_bigip_tmui_rce_cve_2023_46747 module. Prior to this fix
occasionally the module would fail on login as things were
running too quickly, the module now retrys loging in.
2023-11-03 10:51:04 -04:00
e5790f8d6e
Fix a stability issue with the module
...
Occassionally the module will fail on login if things are running too
quickly. Fix it by retrying like update_user_password does.
2023-11-02 17:10:20 -04:00
c27412a1ac
Land #18494 , Add AjaxPro Deserialization RCE
...
This PR adds a module which leverages an insecure
deserialization of data to get remote code execution
on the target OS in the context of the user running
the website which utilized AjaxPro.
2023-11-02 13:54:17 -04:00
f83f183fe2
Apply Code Suggestions from review
2023-11-03 00:04:20 +08:00
27d86be456
Remove the REPEATABLE_SESSION tag
...
The module is generally reliable, but may fail after it's been run multiple
times.
2023-11-02 11:11:36 -04:00
cea4c1f326
Feedback from module review
2023-11-02 10:17:45 -04:00
d26742a266
Add check code annotations, update AJP link
2023-11-02 08:53:56 -04:00
24810183ca
add in a unix target as ActiveMQ can run on OSX
2023-11-02 10:25:45 +00:00
94b5211525
set exploit Stance to Agressive
2023-11-02 09:32:36 +00:00
a7e8be4860
Fix code styling to pass msftidy
2023-11-02 10:35:49 +08:00
9f9f18c73f
Apply suggestions from code review
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2023-11-02 10:10:26 +08:00
9c67b92a4d
Rename the other TMUI RCE module
2023-11-01 16:55:42 -04:00
7b53592b4f
Add module docs
2023-11-01 16:55:41 -04:00
03252913a1
Add the check method
2023-11-01 16:55:41 -04:00
714eeaaa3a
Finish cleaning the exploit up
2023-11-01 16:55:36 -04:00
df040b30aa
typos and improve comments
2023-11-01 17:59:00 +00:00
a408181def
Add initial work on exploit module for CVE-2023-46604
2023-11-01 17:34:30 +00:00
c803d6ef7e
Fetch the admin hash as a bonus
2023-10-31 15:27:31 -04:00
04388d9e25
Initial commit of CVE-2023-46747
2023-10-31 09:55:18 -04:00
ad6e4618df
third release module with minor text changes
2023-10-31 09:29:13 +00:00
bfff35eb63
second release module with php fix
2023-10-31 09:05:51 +00:00
00ccebe8ce
Upadte documentation for AjaxPro Deserializaion RCE
2023-10-31 13:31:10 +08:00
62f3dafd91
Apply CheckCode message suggestions from code review
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2023-10-31 10:45:58 +08:00
cd3556dd71
Add Exploit for AjaxPro Deserialization RCE (CVE2021-23758)
2023-10-28 00:48:52 +08:00
3b4302d902
Land #18441 , Add at rest encryption to Meterpreter payloads
2023-10-27 12:18:19 +01:00
d960aa522c
Land #18348 , Splunk account take over (CVE-2023-32707) leading to RCE
2023-10-26 11:34:02 -04:00
e5e58bc0be
Update modules/exploits/multi/http/splunk_privilege_escalation_cve_2023_32707.rb
...
Co-authored-by: Zach Goldman <106169455+zgoldman-r7@users.noreply.github.com >
2023-10-26 14:03:06 +02:00
c0af43c10b
Update modules/exploits/multi/http/splunk_privilege_escalation_cve_2023_32707.rb
...
Co-authored-by: Zach Goldman <106169455+zgoldman-r7@users.noreply.github.com >
2023-10-25 11:02:30 +02:00
ff9639e6a6
Land #18460 , VMWare Aria Operations for Networks (vRealize Network Insight) Static SSH key RCE
2023-10-24 17:32:28 +02:00
50b7e0305e
first release module
2023-10-24 15:29:18 +00:00
Jack Heysel