8a1f5de8f1
Fix msftidy issue and update file delete
2024-02-15 10:00:44 -06:00
20563b64b2
add check method
2024-02-15 09:05:54 -06:00
843c64d2f6
Code cleaned up
2024-02-14 19:08:11 -06:00
67cd9b425b
Working, but ugly
2024-02-14 15:42:50 -06:00
cc0fc56874
Draft nonworking start
2024-02-12 17:44:24 -06:00
30fc29e0f5
Use PostgreSQL session type for modules
2024-02-09 15:38:06 +00:00
8b71afdd53
Land #18759 , Updates MySQL modules to now support the new MySQL session type
2024-02-08 12:39:51 +00:00
e80f0ef8cd
Removes session logic from mixins and uses client instead of datastore for rhost and rport
2024-02-06 14:11:16 +00:00
d546db6055
Land #18780 , runc cwd priv esc (docker) (cve-2024-21626)
2024-02-05 13:12:02 +01:00
cf2f76e6a2
cve-2024-21626 review
2024-02-02 16:27:02 -05:00
85974d16c2
Land #18769 , Add Cacti RCE via SQLi Module
...
This exploit module leverages a SQLi (CVE-2023-49085) and
a LFI (CVE-2023-49084) vulnerability in Cacti versions prior
to 1.2.26 to achieve RCE
2024-02-02 11:46:10 -05:00
577304cf7c
Updates more modules
2024-02-02 14:59:56 +00:00
7ac4387d35
Land #18696 , Convert MSSQL mixin to class
2024-02-02 14:14:34 +00:00
b91648f065
Fix typos
2024-02-02 11:45:51 +01:00
1ff1302df7
Use exceptions instead of returning a boolean in do_login
2024-02-02 11:39:13 +01:00
372b792b8c
Land #18761 , Add alert to show user the new session options available in Metasploit 6.4
2024-02-02 10:25:32 +00:00
be2d2d61ca
Land #18762 , Add exploit module for CVE-2024-0204
...
This pull request adds an exploit module for CVE-2024-0204
in Fortra GoAnywhere MFT. GoAnywhere MFT versions 6.x from
6.0.1, and 7.x before 7.4.1 are vulnerable.
2024-02-01 22:36:32 -05:00
35778e92b2
client consolidation
...
convert first module from remote to client
move client to rex
remove metasploit mixin
2024-02-01 17:23:55 -06:00
1c73cf938f
cve-2024-21626
2024-02-01 15:28:04 -05:00
b259c5d6a7
store the credentials we create in the DB
2024-02-01 19:48:01 +00:00
612feac5f1
add in vendor advisory URL
2024-02-01 19:47:23 +00:00
81eba7a6e7
Use FileDropper mixin and fix typo
2024-02-01 17:23:05 +01:00
5054b3bfd0
Add methods to get the version and the CSRF token
2024-02-01 12:31:01 +01:00
a867793870
Update modules/exploits/multi/http/fortra_goanywhere_mft_rce_cve_2024_0204.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-02-01 09:05:02 +00:00
546de49bec
Update modules/exploits/multi/http/fortra_goanywhere_mft_rce_cve_2024_0204.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-02-01 09:04:49 +00:00
6e4294c013
Update modules/exploits/multi/http/fortra_goanywhere_mft_rce_cve_2024_0204.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-02-01 09:04:26 +00:00
1abaef4945
Move new session information alerts behind a feature flag
2024-01-30 16:38:00 +00:00
f10619d870
Add module and documentation
2024-01-30 12:52:02 +01:00
577898d91b
Check the response when exploiting
2024-01-29 14:38:49 -05:00
c70092a2c7
bugfix a copy pasta whereby a path seperator was not being added as expected
2024-01-29 17:52:37 +00:00
08a19959fe
add an RCE exploit module for CVE-2024-0204 in Fortra GoAnywhere MFT
2024-01-29 17:17:45 +00:00
b5de25a2b6
Fingerprint the target as Mirth Connect first
2024-01-29 12:11:38 -05:00
9a2ec90c16
Add alert to show user the new session options available in Metasploit 6.4
2024-01-29 17:06:21 +00:00
8a793dd1b0
Use the correct exploit and use sh instead of bash
2024-01-29 09:03:25 -05:00
9e41825e51
Finish up the exploit
...
Tested on Linux (versions 4.1.1, 4.3.0, and 4.4.0) and Windows (version
4.4.0).
2024-01-26 17:20:54 -05:00
530d58de49
Initial commit of NextGen Connect RCEs
2024-01-26 14:50:33 -05:00
fe84c0dff7
Land #18734 , Add exploit for CVE-2023-22527
...
This adds an exploit for CVE-2023-22527 which is an
unauthenticated RCE in Atlassian Confluence. The
vulnerability is due to an SSTI flaw that allows an
OGNL expression to be evaluated.
2024-01-25 14:15:10 -05:00
96241b3a6e
Keep version detection consistent
2024-01-25 13:50:34 -05:00
49532613e5
Implement some feedback from the review
2024-01-25 09:20:17 -05:00
deabf9b1d8
Add module docs
2024-01-24 12:49:27 -05:00
4c525dad66
Land #18648 , Add enhancement to Asan check method
...
Before this PR when running asan_suid_executable_priv_esc
if the user did not set the SUID_EXECUTABLE option the
module would fail with an undescriptive error message.
This PR removes the default value of an empty string from
SUID_EXECUTABLE so now if it's not set the user is informed.
2024-01-23 15:22:33 -05:00
c278ef9b73
Land #18648 , Add Module for GL.iNet products
...
This PR adds an exploit module for a number of
different GL.iNet network products. The module combines
an auth by-pass CVE-2023-50919 with an RCE CVE-2023-50445.
2024-01-23 14:57:29 -05:00
08f6da7b33
Removed default empty string for SUID_EXECUTABLE
2024-01-23 14:21:58 -05:00
13d2968fad
Capitalize remaining references to Meterpreter
2024-01-23 13:11:03 -05:00
904e34434e
Land #18626 , SaltStack Minion Deployer
...
This PR adds an exploit module which allows for
a user who has compromised a host acting as a
SaltStack Master to deploy payloads to the Minions
attached to that Master.
2024-01-23 11:58:38 -05:00
8c5628826f
Land #18735 , update iis_webdav_scstoragepathfromurl module metadata
2024-01-23 15:56:01 +00:00
583d39b038
Land #18720 , Mark unix encoders as compatible with linux
...
Merge branch 'land-18720' into upstream-master
2024-01-23 09:45:42 -06:00
8d7907edee
Update based on @jheysel-r7 comments
2024-01-23 10:10:21 +00:00
7411dc1b1b
Land #17634 , Add additional reliability and stability notes to modules
2024-01-23 09:42:15 +00:00
953382731e
Land #18645 , improve glibc tunables exploit
...
This PR adds a way to get the Build ID from ld.so by
using the perf command. Before this the module depended
on file and readelf being installed to get the Build ID.
2024-01-22 22:00:28 -05:00
bwatters