8aef054dfd
SCTP Sessions
...
With the introduction of SCTP socket support in Rex::Socket via
https://github.com/rapid7/rex-socket/pull/56 , Framework can utilize
this protocol for session transports similarly to TCP as it is a
stream-wise transport.
Implement bind and reverse handlers for the new socket type.
Implement example bind and reverse payloads using socat copying
from the initial udp sessions implementation.
Testing:
Rudimentary bind session test against local Libvirt Linux VM
Next steps:
Implement the language-level payloads for the interpreters common
to POSIX environments supporting SCTP.
Implement meterpreter transports for SCTP in Python, PHP, Mettle,
and Java modalities (Windows doesn't support it without carrying
its own usermode protocol library).
2023-02-08 21:47:28 -05:00
01a78f972c
Land #17567 , ManageEngine Endpoint Central RCE (CVE-2022-47966)
...
Merge branch 'land-17567' into upstream-master
2023-02-08 13:06:53 -06:00
c997952d83
Land #17607 , Fortra RCE CVE-2023-0669
...
Fortra deserialization RCE CVE-2023-0669 (ETR)
2023-02-08 12:56:09 -05:00
a878403a3e
Land #17618 , Run rubocop on auxiliary admin http modules
2023-02-08 17:40:26 +00:00
2b008af097
Move the module to reflect it targets Windows too
2023-02-08 10:24:27 -05:00
75ceb7b670
Refactor option handling.
...
Use CamelCase names for advaned options and add validation.
2023-02-08 10:17:16 -05:00
fef7c85518
Add Windows target compatibility
2023-02-08 09:47:37 -05:00
6e9b33dc88
Run rubocop on auxiliary admin http modules
2023-02-08 14:30:08 +00:00
b56213b168
Update linting on post modules
2023-02-08 14:12:43 +00:00
11c886b30f
Land #17616 , Run rubocop on post modules
2023-02-08 14:09:16 +00:00
a81a71c5df
Run rubocop on post modules
2023-02-08 13:47:34 +00:00
10144a9f13
Land #17615 , Add missing module notes for stability reliability and side effects
2023-02-08 12:28:47 +00:00
433bafdccf
Add missing module notes for stability reliability and side effects
2023-02-08 11:45:17 +00:00
8ee67085c8
Land #17556 , ManageEngine ADSelfService Plus RCE (CVE-2022-47966)
...
Merge branch 'land-17556' into upstream-master
2023-02-07 16:57:22 -06:00
52fa2e5be6
Add example for version 5.5.6 with CVE-2021-25297
2023-02-07 14:18:53 -06:00
489ab24876
Add in additional case documentation for the various targets and CVEs and fix a bug in the code
2023-02-07 14:18:45 -06:00
7c30889784
Refactor code to handle unsigned licenses in one central function
2023-02-07 14:18:39 -06:00
b14bcd40a2
Fix incorrect match logic grabbing the wrong entry from results for NSP
2023-02-07 14:18:38 -06:00
425da60b15
Add in missing case 5 check
2023-02-07 14:18:38 -06:00
90e07ef5ed
Switch to match over scan and add troubleshooting steps
2023-02-07 14:18:37 -06:00
8cddf56238
Verify auth_cookies before use
2023-02-07 14:18:37 -06:00
a276659681
Use more encompassing single regex
2023-02-07 14:18:36 -06:00
7554b5e4fd
Add failure condition for nsp's that fail to match the regex
2023-02-07 14:18:36 -06:00
1cb06b11ac
Adjust exploit and docs to support versions 5.5.6-5.7.5
2023-02-07 14:18:09 -06:00
87176f9d7f
Address Review Comments and add CVE-2021-25297 coverage
2023-02-07 14:18:06 -06:00
c5914d8c99
Insert randomized strings to fix exploit with plugin_output_len
2023-02-07 14:18:05 -06:00
990db5372f
Remove extra payload details, add config check
2023-02-07 14:18:05 -06:00
b042e71b2a
Make Module work for both target url parameters
2023-02-07 14:18:04 -06:00
b606d1ff6b
Add Documentation for Module
...
Fix CVE format
Add Documentation
2023-02-07 14:18:04 -06:00
5846d95b25
Create nagios_xi_configwizards_authenticated_rce.rb
...
Add initial module
2023-02-07 14:18:03 -06:00
676bb2af02
Fix a couple requests from the PR
2023-02-07 09:05:44 -08:00
588bddc950
Fix a couple requests from the PR
2023-02-07 09:05:16 -08:00
53c67653f5
Land #17527 , ManageEngine ServiceDesk Plus RCE (CVE-2022-47966)
...
Merge branch 'land-17527' into upstream-master
2023-02-06 17:37:31 -06:00
f7fb611bcc
Add documentation
2023-02-06 14:35:42 -08:00
89485703dc
Make rubocop happy
2023-02-06 14:23:55 -08:00
9b90343480
Check in the module
2023-02-06 14:21:42 -08:00
4a2dc0d6b0
Land #17598 , modules/exploits/unix/local Add Notes and resolve RuboCop violations
2023-02-06 13:59:19 +00:00
215cfa27b0
Land #17483 , add tomcat 8 priv esc on ubuntu (cve-2016-1240)
2023-02-06 13:53:25 +00:00
a5a7d5dd10
correct cleanup and stabilization
2023-02-05 08:15:38 -05:00
adf5091c7a
modules/exploits/unix/local: Add Notes and resolve RuboCop violations
2023-02-05 15:45:30 +11:00
19b526d584
qubes_mirage_firewall_dos: Fix notes for SideEffects and Reliability
2023-02-05 12:04:59 +11:00
561b42f105
use exploit retry function
2023-02-04 18:17:42 -05:00
aff14e8e46
tocat to tomcat
2023-02-04 18:17:42 -05:00
e30cae2e40
uncomment needed code
2023-02-04 18:17:42 -05:00
34b1e66f90
tomcat 8 priv esc on ubuntu prebuilt so file
2023-02-04 18:17:41 -05:00
2b09af78e1
tomcat 8 priv esc on ubuntu
2023-02-04 18:17:41 -05:00
80dbbca020
Land #17371 , Lenovo Diagnostics Driver Privilege Escalation (CVE-2022-3699)
2023-02-03 13:43:04 +00:00
6ab7e177f4
Land #17392 , add F5 Big-IP priv esc module
...
Add a privilege escalation module for F5 that uses
the unsecured MCP socket to create a new root account
2023-02-02 15:10:33 -05:00
99e31c561a
Land #17585 , mac dirty cow add session types
...
Sets missing session types during module initialization
2023-02-02 13:36:43 -05:00
f4ad778bd0
Added missing session types
2023-02-02 13:29:43 -05:00
RageLtMan