89f4d3e2d7
Fix for issue #14678
...
Stops the printing of a rogue nil when exploit completes.
See https://github.com/rapid7/metasploit-framework/issues/14678
2021-01-29 11:17:38 +00:00
9174958489
Land #14627 , Add PRTG Network Monitor RCE (CVE-2018-9276)
...
Merge branch 'land-14627' into upstream-master
2021-01-27 15:48:27 -06:00
74898461b4
Land #14654 , Add exploit for Micro Focus UCMDB unauthenticated RCE
2021-01-27 10:00:22 -05:00
191e772f06
fix issues highlighted by smcintyre-r7
2021-01-25 22:25:07 +07:00
ba730d5c3c
Land #14618 , Add exploit for CVE-2020-28949: Archive_Tar PEAR plugin arbitrary file write
2021-01-25 12:12:12 +00:00
ffd59c3254
Land #14651 , msftidy: Add check for module description
2021-01-25 11:17:39 +00:00
fc0e221f5a
add comment for self removal
2021-01-24 22:47:47 +07:00
7220dc3ff6
add new note on broken payloads
2021-01-24 22:39:01 +07:00
12157163f7
Merge branch 'obm_deser' into ucmdb
2021-01-24 22:25:57 +07:00
bf4ac7b1a8
add UCMDB sploit
2021-01-24 22:25:45 +07:00
b5d746cc44
msftidy: Add check for module description
2021-01-22 23:29:16 +00:00
17b99983d9
Land #14645 , Add MobileIron CVE-2020-15505 exploit
2021-01-22 17:56:35 -05:00
39b7ba584e
Randomize strings
...
Spencer tells me not to signature-bait, at least not so obviously. ;)
2021-01-22 16:15:16 -06:00
72ef81d8aa
Land #14640 , rubocop -a modules/exploits/unix/local/
2021-01-22 15:13:58 -06:00
57bb3fbc1c
Land #14383 , Add exploit and auxiliary Python module examples and update executable loader accordingly
2021-01-22 13:03:57 -06:00
7473d0ca56
Add in missing command parameter to exploit.py, should be good to land now
2021-01-22 12:33:03 -06:00
ff6a1f135c
Land #14629 , migrate msf folder to Zeitwerk
2021-01-22 14:21:26 +00:00
0d410f32c3
Add MobileIron CVE-2020-15505 exploit
2021-01-22 00:37:07 -06:00
70bb693660
rubocop -a modules/exploits/unix/local/
2021-01-21 19:59:29 +00:00
b9800b087f
Change notification name
...
From "Exploit" to a random alphanumeric String in order to make it less fingerprintable.
Co-authored-by: acammack-r7 <adam_cammack@rapid7.com >
2021-01-21 18:32:05 +01:00
7ce10f68ae
RuboCop for great justice
...
And update docs.
2021-01-21 10:44:18 -06:00
131bf632bd
Update the OpenSMTPD target versions and add the EDB reference
2021-01-21 09:09:42 -05:00
a336ee483a
Update exploit/unix/smtp/opensmtpd_mail_from_rce
...
Failure was caused by POSIX read requiring an argument.
2021-01-21 03:56:19 -06:00
6e326d6a60
Fix up confusing variable name and a typo as pointed out during review
2021-01-19 09:25:56 -06:00
364591069c
Fix payload failing to trigger
...
For whatever reason, `;for #{rand_text_alpha(1)} in #{iter};do read;done;sh;exit 0;` causes an issue with the payload triggering.
Editing `do read` to `do read r`, as taken from the PoC script at https://www.exploit-db.com/exploits/48051 , causes the `MAIL_FROM` field to exceed 64 characters.
However, this seems to make 0 difference to the payload, so I commented out the length check.
Reliably working on OpenSMTPd 6.6.0 on an Ubuntu 20.04 host.
2021-01-19 18:31:35 +10:00
d6896dadc0
remove msf folder requires
2021-01-18 14:21:54 +00:00
d437a32374
remove msf/util requires
2021-01-18 14:21:54 +00:00
14f24b258d
Add PRTG Network Monitor RCE (CVE-2018-9276)
2021-01-18 12:01:44 +01:00
95d3bd98ac
Do msftidy_docs and rubocop changes
2021-01-15 18:10:23 -06:00
2f0abe4900
Add in documentation and fix up small issues with module
2021-01-15 18:06:07 -06:00
65370a6b47
Initial module code
2021-01-15 16:20:06 -06:00
c8819259ae
Land #14414 , CVE-2020-1337 - patch bypass for CVE-2020-1048
2021-01-15 19:13:14 +01:00
9beb570ca3
Remove unnecessary require that broke things
2021-01-15 08:32:05 -06:00
ea154717aa
Use an absolute assembly path for the CVE-2020-17136 exploit
2021-01-14 08:53:11 -05:00
6fc4518625
Land #14600 , Refactor and document some of the FileSystem mixin methods
2021-01-12 16:10:23 -06:00
d8e68e6487
Specify you must be SYSTEM for dll removal in docs and removed unused variable in the module
2021-01-12 11:45:53 -06:00
33bd712e0a
Land #14585 , Create module for CVE-2020-17136: Cloud Filter Arbitrary File Creation EoP
2021-01-11 17:16:40 -05:00
50e115b414
Cleanup and edits per review from Christophe
...
Removed unused method from ps script
Cleaned up some code in the module
Added removal instructions to the documentation
2021-01-11 16:02:58 -06:00
7aef731267
Land #14572 , add AIT CSV import rce
2021-01-11 15:37:05 -06:00
7d7263cf1f
spelling
2021-01-09 08:13:19 -05:00
829bacbef6
Refactor and document some of the FileSystem mixin methods
2021-01-08 16:10:36 -05:00
3072391d00
Make second round of review edits to fix Spencer's comments
2021-01-08 12:50:52 -06:00
d5bb36c530
Fix up code to use built in cd() and mkdir() commands, and adjust code to not overwrite datastore hash. Also use service_hash over manually starting the service.
2021-01-07 17:39:30 -06:00
7d81b4826d
Update credits
2021-01-07 16:30:19 -06:00
2465c6ca0f
Update webmin_show_cgi_exec.rb
...
Fixed some typos.
2021-01-07 15:05:53 +05:30
5e5d7b1abb
Update to execute_string to avoid the issue where an arbitrary
...
length comment is required for the exploit to work.
2021-01-06 17:08:22 -06:00
3e52debd8b
Update the exploit a bit more to remove excess options and also update the documentation accordingly.
2021-01-06 12:16:06 -06:00
5262e16694
Make adjustments since the exploit can currently only target x64 systems
2021-01-06 11:40:02 -06:00
17c393f101
Land #14046 , Adding juicypotato-like privilege escalation exploit for windows
2021-01-06 16:02:05 +01:00
863417fca7
Second round of updates and some rubocop changes to conform to standards.
2021-01-06 01:30:40 -06:00
Robin Wood