9e6f425427
Move exploit/linux/http/citrix_dir_traversal_rce
...
To exploit/freebsd/http/citrix_dir_traversal_rce. It's actually FreeBSD.
2021-04-15 19:13:25 -05:00
832ca92f42
Land #14700 , Add Nagios XI Plugins Filename Authenticate RCE module and docs (CVE-2020-35578)
2021-04-14 16:58:55 -05:00
61395f3cb1
Update scenarios in documentation and also update the module to handle cases where the version number may not be in a format that Rex::Text can immediately handle.
2021-04-14 16:32:53 -05:00
154e237edd
Add in fixes to documentation and module that were covered in the review process
2021-04-14 15:33:42 -05:00
a59e7e196d
Land #14701 , Rename Nagios XI authenticated RCE module and integrate Nagios XI mixin
2021-04-13 18:58:29 -05:00
9379f0356b
Add in 5.6.5 exploitation scenario to documentation
2021-04-13 17:42:47 -05:00
0aada27128
Update the documentation to account for the fact that the plugin name has to be check_ping and also update the module to randomize some of the fields where possible.
2021-04-13 17:15:34 -05:00
cdd589f592
Update documentation to wrap some overly long lines to meet msftidy_docs.rb requirements.
2021-04-13 16:36:38 -05:00
ead9d73dc5
Add in fixes from review to documentation and module
2021-04-13 16:34:13 -05:00
e2532ab01b
Land #14994 , Update session_spy.rb to have a PID option for session migration.
2021-04-12 16:18:26 -05:00
c4f88e35ba
Land #14622 , add the sp_oacreate technique to the mssql_exec module
2021-04-12 15:00:15 -04:00
9e43a34599
Add in scenario to documentation for when database is connected and loot is being stored.
2021-04-12 13:52:41 -05:00
ef82219235
Update the mssql_exec docs and some verbiage
2021-04-12 14:52:13 -04:00
045367cff7
Apply RuboCop formatting to documentation and module
2021-04-12 13:52:00 -05:00
0b06904dd0
Update module with more checks and replace the Process migration strategy with a PID migration strategy. Also update documentation accordingly
2021-04-12 13:05:26 -05:00
75aba6707b
modify original module, add technique option
2021-04-11 22:16:15 +02:00
64dcf49311
Land #15017 , Update tomcat ghost module with default ports
2021-04-09 16:30:23 -05:00
7c23f7f546
Fix a minor issue where one command wasn't properly documented in a manner that allowed for easy copy and pasting
2021-04-09 16:29:24 -05:00
608ac3a0b7
Update module description to clean it up and also add documentation for uncommon options
2021-04-09 16:09:02 -05:00
e48ebe6659
Update haserl_read module documentation (again)
...
- Add CVE and Ref.
- Add fixed version
2021-04-09 13:24:49 +02:00
586d033909
Land #14833 , haserl-based exploit for Alpine linux
2021-04-09 13:07:47 +02:00
a2d6ba4b59
Update haserl_read module documentation
2021-04-09 13:04:16 +02:00
7c575cd38f
Land #15007 , add a chrome renderer exploit (CVE-2020-16040)
2021-04-08 22:18:20 +01:00
8814218f20
Update tomcat ghost module with default ports
2021-04-08 10:29:09 +01:00
926f051377
Land #14978 , add Gitea and Gogs exploit modules
2021-04-07 13:44:43 -05:00
258b9d3e28
Land #14998 , Change CVE references from CVE Details to NVD
2021-04-07 10:10:55 +01:00
6a5529c7cc
Land #14965 , Solman post module for CVE-2019-0307 and new action for cve_2020_6207_solman_rce auxiliary module
2021-04-07 09:46:56 +02:00
690e687e7e
Updates from code review
...
Update modules/post/multi/sap/smdagent_get_properties.rb
Update modules/auxiliary/admin/sap/cve_2020_6207_solman_rce.rb
Update documentation for auxiliary module cve_2020_6207_solman_rce.md
Update documentation for post module smdagent_get_properties.md
Move setup_xml_and_variables to `run` method in auxiliary module cve_2020_6207_solman_rce.rb
Delete list_dir, read_file, file_exist in post module smdagent_get_properties.rb
2021-04-06 21:23:39 +02:00
c863c324ae
Add exploit for CVE-2020-16040
2021-04-06 17:25:27 +05:30
4020813b42
Correct broken or redundant CVE references
2021-04-05 13:06:50 -05:00
cfc6b0a8ba
Land #14971 , add Apache OFBiz SOAP Deser rce
2021-04-05 11:44:40 -05:00
a803e1e932
remove spare comma
2021-04-05 09:33:20 -05:00
943698ef19
Add an haserl-based exploit for Alpine linux
2021-04-02 13:43:52 +02:00
71914a1ddb
Land #14813 , additional dup scout bof targets
2021-04-01 13:03:57 -05:00
02b9e5c939
rebase, use latest mixin code, correct vulnerable versions, update docs
2021-04-01 12:18:46 -04:00
3b7e612541
Add Nagios XI Plugins Filename Authenticate RCE module and docs
2021-04-01 11:23:52 -04:00
2df90d8d23
Rebase, rename module to nagios_xi_plugins_check_plugin_authenticated_rce, update check to take advantage of mixin, minor improvements
2021-04-01 11:07:49 -04:00
2cbd1a6be9
Land #14935 , add F5 iControl REST API SSRF RCE
2021-04-01 08:40:38 -05:00
0e7c11ada3
Rename module and modify it to use the Nagios XI mixin, add autocheck, fix syntax and linting, also update docs
2021-04-01 09:26:16 -04:00
8cdaf9791d
Land #14950 , add saltstack salt api rce
2021-03-31 14:50:30 -05:00
9eacda5552
add wait time line to test output
2021-03-31 14:47:34 -05:00
69a0c9420b
Add module doc
2021-03-31 14:02:32 -05:00
9806026ab9
Update from code review
2021-03-31 17:48:35 +02:00
73a8b7aa5f
Add Gitea and Gogs RCE modules and documentations
2021-03-31 16:47:29 +02:00
151b8f2f92
Update vmware_vcenter_uploadova_rce module doc
2021-03-30 21:08:21 -05:00
a0a4bc079a
Add the exploit module for CVE-2021-26295
2021-03-30 18:18:16 -04:00
eeed98d93e
CVE-2019-0307
...
Add documentation for post module smdagent_get_properties.md
Update documentation for auxiliary module cve_2020_6207_solman_rce.md
2021-03-29 21:11:16 +03:00
9d85af51cb
Land #14945 , Proxylogon RCE (Praetorian update)
2021-03-29 12:04:19 -04:00
11f4946817
Tweak some ProxyLogon verbiage for clarity
2021-03-29 10:07:43 -04:00
02b240b22a
code review
2021-03-29 14:23:39 +04:00
William Vu