472016b753
Land #20796 , moves udev module into persistence category
...
update udev to persistence mixin
2026-01-09 16:14:08 +01:00
ae4a5ac986
Merge pull request #20786 from zeroSteiner/feat/lib/mod-merge-target-info
...
Merge target info into the module info
2026-01-08 18:01:14 -08:00
2030d19438
Update modules/exploits/linux/http/prison_management_rce.rb
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2026-01-07 14:45:03 +02:00
2ef1b9fbae
Update modules/exploits/linux/http/prison_management_rce.rb
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2026-01-07 14:44:51 +02:00
a676b05928
Update modules/exploits/linux/http/prison_management_rce.rb
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2026-01-06 12:35:32 +02:00
236d94ee54
Update modules/exploits/linux/http/prison_management_rce.rb
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2026-01-06 12:35:17 +02:00
b35d74b305
Update modules/exploits/linux/http/prison_management_rce.rb
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2026-01-06 12:35:01 +02:00
2448429502
Add Prison Management System 1.0 auth RCE (CVE-2024-48594)
2025-12-26 08:08:49 +02:00
3ea866c41d
udev persistence
2025-12-21 07:50:48 -05:00
0c947d05ab
add in the AKB analysis
2025-12-19 15:38:43 +00:00
5c6c8a3956
better check result given we have the version string
2025-12-19 15:38:27 +00:00
a4dba96712
add in the HPE OneView exploit
2025-12-19 15:30:53 +00:00
602adeb4c5
Mass rubocop changes
2025-12-18 10:08:31 -05:00
d4b196b309
Update exploits to note target authors
...
Target authors were selected based on comments that indicated that the
author was only responsible for a set of descrete targets. Authors that
were noted as assisting with target testing, check module development,
etc. were left at the module level.
2025-12-17 17:30:16 -05:00
8945267db6
Remove redundant Platform and Arch definitions
2025-12-17 16:12:31 -05:00
2103e1b5f6
Fix a bug in the platform definition
2025-12-17 15:57:58 -05:00
795c38c524
Combine the 7.x and 6.x targets together, as Linux payloads work on 7.x also, so this target is Unix and Linux. This leaves the 8.x target Unix only due to IMA appraisal.
2025-11-28 10:12:02 +00:00
014312873c
get both unix and linux payloads working on 6.x. Add a note to the docs about setting a gateway.
2025-11-27 20:28:44 +00:00
f5e8aa83be
add in exploit support for FortiWeb versions 6.x which are vulnerable, but no longer under support from the vendor.
2025-11-27 12:43:19 +00:00
e998b91aee
Merge pull request #20717 from sfewer-r7/fortiweb-exploit-rce
...
Add exploit module for Fortinet FortiWeb (CVE-2025-64446 + CVE-2025-58034)
2025-11-25 14:14:31 -06:00
1912fe2a95
Merge pull request #20702 from Zedeldi/igel-os-modules
...
IGEL OS modules
2025-11-25 13:59:44 -06:00
fa03ac8b66
on 7.4.8 the command nohup is not available. we must execute our payload in a new session, so we use a python stub to essentially call setsid. This has been tested to work on both 8.0.1 and 7.4.8. Teh payload cmd/unix/reverse_python isnot working as it previously was, so I am removing from the list of confirmed paylaods. The other two, cmd/unix/reverse_bash and cmd/unix/reverse_openssl work fine on both versions
2025-11-25 11:25:41 +00:00
8a054b74db
improve check logic to actualy parse JSON result for expected reply, tested against 8.0.1 and 7.4.8
2025-11-25 11:22:43 +00:00
d1fe17747c
Add check methods and update DisclosureDate
2025-11-24 17:12:56 +00:00
ffaf43af2f
Add writable? and file? checks to write_payload
2025-11-24 11:45:34 +00:00
0c4d1e70d1
Add support for ARCH_CMD payload
2025-11-24 11:16:22 +00:00
b8cefb1af9
add nohup when bootstraping the payload to avoid the scenario when the parent dies it tears down our payload child process
2025-11-21 15:54:41 +00:00
da33eed842
Use fail_with instead of a check method
2025-11-21 14:02:05 +00:00
c0a756a751
Verify registry has been written successfully
2025-11-21 13:52:41 +00:00
425adfa9bf
Prefer create_process over cmd_exec for commands with arguments
2025-11-21 13:40:25 +00:00
aff76622fa
add in the unauth RCE exploit module for CVE-2025-64446 + CVE-2025-58034
2025-11-21 12:22:25 +00:00
ba702d40ea
Remove x86 target and redundant DefaultOptions
2025-11-21 12:04:49 +00:00
bb728c44d7
Merge pull request #20560 from cdelafuente-r7/feat/mitre/T1021
...
Add T1021 "Remote Services" MITRE technique and sub-technique references
2025-11-20 11:19:31 -06:00
8d28ce611a
Revert to cmd_exec for modify_service and improve code style
2025-11-19 20:33:46 +00:00
bc2c397b8c
Add check for root access to igel_persistence
2025-11-19 20:01:57 +00:00
beed317573
Use create_process instead of cmd_exec
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2025-11-19 18:02:08 +00:00
22aead0db1
Use vprint_status for modify_service and restart_service
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2025-11-19 18:01:05 +00:00
179a545312
Remove false positive references
2025-11-19 17:34:15 +01:00
c6db0d4285
Move IGEL OS persistence module to linux/persistence
2025-11-17 18:42:28 +00:00
f29505d0d0
Add IGEL OS modules
2025-11-17 15:18:09 +00:00
110cb837aa
Merge pull request #20672 from h00die-gr3y/centreon_auth_rce
...
Centreon authenticated command injection leading to RCE via broker engine "reload" parameter [CVE-2025-5946]
2025-11-05 16:29:29 +01:00
34c424f473
update based on dledda-r7 comments
2025-11-05 09:20:13 +00:00
61dfc293d9
update based on dledda-r7 comments
2025-11-03 14:37:23 +00:00
85b4233345
updated module based on review comments and added documentation
2025-11-03 10:21:31 +00:00
83e7fc2667
update attackerkb reference
2025-11-02 18:26:34 +00:00
e01456bcf4
init commit module
2025-11-02 17:45:22 +00:00
13dc61e2e8
Merge pull request #20523 from h00die/modern_persistence_upstart
...
update upstart to persistence mixin
2025-10-31 12:28:59 +01:00
676a2ed4b1
Add Rootkit Privilege Escalation Signal Hunter
2025-10-31 17:22:19 +11:00
c0b3f40b3e
upstart review
2025-10-27 19:45:38 -04:00
52b7f1ff25
Deprecate exploit/linux/local/diamorphine_rootkit_signal_priv_esc
2025-10-24 17:05:10 +11:00
msutovsky-r7