6f813f9b7a
Report services using the new style
2026-04-10 11:43:37 -04:00
b7e7de2fa4
Update the specs so they pass again
2026-04-09 10:37:05 -04:00
57bb3bbce7
Refactor code to use #with_adcs_certificate_request
2026-04-09 10:37:05 -04:00
8a748d4954
Standardize printed messages a bit more
2026-04-09 10:37:05 -04:00
4d02f92fab
Consolidate the attribute creation
2026-04-09 10:37:05 -04:00
f177b98bfb
Consolidate more into #create_csr
2026-04-09 10:37:05 -04:00
94ccd8bd20
Merge pull request #20948 from ArkaprabhaChakraborty/osticket
...
Add initial osticket arbitraray file read auxiliary module
2026-04-07 09:39:01 -07:00
a0852387fc
Merge pull request #20752 from bwatters-r7/feature/certificate-web-enrollment
...
Add Authenticating Web Enrollment module for AD/CS
2026-04-06 15:27:28 -04:00
d10341befd
Fixes for different paths to create_csr and build_csr
2026-04-02 16:23:34 -05:00
26a73b060d
Resolve rubocop errors and warnings. Address copilot comments on docs and code quality.
...
Signed-off-by: arkaprabhachakraborty <chakrabortyarkaprabha998@gmail.com >
2026-03-27 00:43:23 +05:30
b743296f48
Reapply "This adjusts module options that need a routable address"
...
This reverts commit 628275ef59
2026-03-26 14:43:31 -04:00
1faa27f7e6
Fix encoding issues in files
2026-03-25 19:01:57 +00:00
b3aa45fb09
Land #20719 , adds module for authenticated command injection in FreePBX filestore (CVE-2025-64328)
...
Add authenticated RCE module for FreePBX filestore (CVE-2025-64328)
2026-03-13 11:00:43 +01:00
c882d91155
Merge pull request #21025 from Hemang360/cookie-jar-doc-fix
...
Fix HttpCookie integer conversion and cookie jar docs
2026-03-13 00:08:13 +00:00
16b55848b4
Fix: Remove duplicate Content-Type header from FreePBX requests
...
send_request_cgi already sets Content-Type when vars_post is used.
Setting it manually in headers causes a duplicate header.
2026-03-11 20:09:52 +01:00
2b0f1c3c21
Fix: Omit default port from Referer header in FreePBX mixin
...
FreePBX rejects ajax requests when the Referer includes :80 for HTTP
or :443 for HTTPS. Only include the port when it differs from the
protocol default.
2026-03-11 20:06:08 +01:00
c42e44e349
Optimize FreePBX module: cache auth/version, reduce verbosity, inline single-use functions
2026-03-11 19:43:29 +01:00
c266e687c2
Add authenticated RCE module for FreePBX filestore (CVE-2025-64328)
2026-03-11 19:43:28 +01:00
e6ee6a7c94
Land #20961 , adds service reporting to Wordpress mixin
...
Update Wordpress Mixin to log services
2026-03-10 09:05:05 +01:00
c6aabc1c75
Land #21001 , adds module for SPIP Saisies plugin (CVE-2025-71243)
...
Add SPIP Saisies plugin RCE module (CVE-2025-71243)
2026-03-09 10:34:52 +01:00
628275ef59
Revert "This adjusts module options that need a routable address"
2026-03-08 17:37:49 +00:00
3f2a07bdca
Update #make_steal_credentials_payload to just take url
2026-03-03 09:37:27 -05:00
bfbc425469
Remove type check
...
Co-authored-by: gardnerapp <70026825+gardnerapp@users.noreply.github.com >
2026-03-01 15:12:44 +05:30
05f431717e
Remove duplicated php filter chains and remove comments from documentation
...
Signed-off-by: ArkaprabhaChakraborty <chakrabortyarkaprabha998@gmail.com >
2026-02-28 12:37:13 +00:00
a6eb33b657
Fix httpcookie constructor to handle non string value
2026-02-27 14:58:37 +05:30
7e937b3d5a
Land #21010 , adds reporting the service to Gitlab mixin
...
Update Gitlab mixin logs
2026-02-26 16:14:35 +01:00
0e60332411
Minor code changes
2026-02-25 14:46:34 +01:00
98b3357e2a
Adds beyondtrust lib, moves functionality into library, shares those functions to two modules
2026-02-24 16:16:05 +01:00
ae24f73a73
more simplification for gitlab_version function
2026-02-24 02:42:10 +02:00
8df17c6c50
Simplifying version handling in GitLab exploit module
2026-02-24 02:26:14 +02:00
dd6a2f97e9
Apply suggestion from @msutovsky-r7
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2026-02-24 02:19:32 +02:00
b227635c7b
Fix service name reporting for WordPress exploit
2026-02-23 13:31:32 +01:00
9aa58fcb52
Refactor WordPress service reporting
2026-02-23 13:31:32 +01:00
d069cba900
Update Wordpress Mixin to log services
2026-02-23 13:31:32 +01:00
a8dcc9616c
update gitlab mixin logs
2026-02-23 05:40:59 +02:00
14ac2aec4f
Add Administrator Panel login and file extrcation support. Refactor CNEXT functions.
...
Signed-off-by: arkaprabhachakraborty <chakrabortyarkaprabha998@gmail.com >
2026-02-22 04:14:48 +05:30
a8f66a23d9
Feat: Add SPIP Saisies plugin RCE module (CVE-2025-71243)
2026-02-21 09:32:53 +01:00
81e54d42e4
Merge pull request #20856 from msutovsky-r7/exploit/cve-2026-21858
...
Adds module for Ni8mare (CVE-2026-21858)
2026-02-16 10:06:14 -05:00
5172475006
Move the policy id datastore optio use #fetch
2026-02-12 17:31:40 -05:00
e15aeffed8
Use the PFX option and rename to AdCs
2026-02-12 17:09:55 -05:00
c26acee9d6
Undo esc options, add new library
2026-02-09 18:04:04 -06:00
08aaad3b1f
Move options to ugly adcs_escx mixins, move csr to x509 library
2026-02-05 17:22:26 -06:00
0a5eb04be1
Removes puts
2026-02-04 11:59:41 -05:00
6a1babf6c3
Updates docs, fixes JWT, module cleanup
2026-02-04 12:40:41 +01:00
dbe8b5574f
Updates JWT
2026-02-04 07:52:21 +01:00
41defeea8d
Add catch for invalid credentials to prevent stacktrace
2026-02-02 17:00:10 -06:00
9a18fcf49b
Fixes JWT payload and base64 encoding
2026-02-02 14:13:51 +01:00
a6e750518d
Fixes basic JWT encoding, code refactors, add better failure codes and messages
2026-02-02 11:17:26 +01:00
32eaa4e80b
Adds base for JWT signing
2026-02-02 08:05:32 +01:00
79eaded0f3
Rebase and steal great ideas from karanabe in #20882
2026-01-30 17:07:32 -06:00
Spencer McIntyre