17c393f101
Land #14046 , Adding juicypotato-like privilege escalation exploit for windows
2021-01-06 16:02:05 +01:00
54f5e565fa
Land #14330 , SpamTitan Gateway Remote Code Execution
...
Merge branch 'land-14330' into upstream-master
2021-01-04 12:14:12 -06:00
7de662c807
Land #14521 , Struts2 Multi Eval OGNL RCE
2020-12-23 11:40:16 -06:00
70f8ff31f8
Update documentation to include missing extra options I forgot to document, edit the wording on the module to match the documentation, and do final touch ups.
2020-12-23 10:50:22 -06:00
799b451324
Add in updates to documentation to fix spelling mistakes and to also add in missing documentation for some options, plus to make some explanations a bit clearer.
2020-12-22 17:33:40 -06:00
4a449f97d3
Land #14522 , Replace hard-coded Shiro default key with ENC_KEY
2020-12-22 09:26:49 -06:00
24e8aeffe5
Incorporate review feedback and update the associated documentation.
2020-12-21 17:29:21 -06:00
39110d04f0
Add note about needing an Oracle account
2020-12-18 21:20:29 -06:00
4d85602fae
Fix incorrect scenario header in module doc
...
I retested in VirtualBox and updated the output but not the header.
2020-12-18 21:15:05 -06:00
57c57a398d
Adding new check to filter out Windows 7 and Windows XP. Indeed, lab experiments has shown that BITS does not attempt to connect to WinRM port, making those systems not vulnerable.
2020-12-19 02:51:48 +01:00
dc6b67f4c6
Land #14509 , Fixes for Solr RCE
2020-12-18 21:51:06 +01:00
9b8b4621df
Land #14368 , Pulse Connect Secure gzip RCE: cve-2020-8260
2020-12-17 17:43:55 -05:00
87dacce2cd
Land #14446 , Add Oracle Solaris SunSSH PAM parse_user_name() exploit (CVE-2020-14871)
2020-12-16 16:01:32 -05:00
c586bde50d
Update documentation to add SNMPPORT option description
2020-12-16 15:20:10 +01:00
60bcc95edc
Fix documentation
2020-12-16 15:15:27 +01:00
298deae709
Add documentation
2020-12-16 15:15:27 +01:00
3d7ed70cec
Tweak the check method and add module docs
2020-12-15 19:49:29 -05:00
246c455c96
Reformat the struts2_namespace_ognl module docs
2020-12-15 09:13:06 -05:00
a30cdfc892
Fix #14254 , Add CVE-2020-1054, win32k DrawIconEx OOB Write LPE
2020-12-14 14:54:54 +00:00
98d6364248
Land #14482 , Use CVE-2020-5752 path traversal bypass for CVE-2019-3999
2020-12-14 15:10:09 +01:00
f255724e01
Changes to support older Solr (tested 5.3.0)
...
Use a new parameter instead of a header because older versions don't
have access to the request object.
There was an issue where the exploit would fail if the exec returned -1
despite the payload otherwise working, fixed by not trying to return
output in that case.
Also updates the documentation to reflect that we have a Java target now
and quoting is no longer a concern.
2020-12-13 19:05:47 -06:00
ba125c1c64
Merge remote-tracking branch 'upstream/master' into feature/solaris
2020-12-11 14:25:05 -06:00
e02451fe13
Fixing mistake in doc.
2020-12-11 04:53:37 -05:00
9c9e8929af
Adding a scenario.
2020-12-11 04:50:53 -05:00
53a12a7984
Updating doc.
2020-12-11 03:53:25 -05:00
83943adf8b
Land #14466 , add Aerospike UDF rce
2020-12-10 11:07:56 -06:00
a9e231ad0a
Use CVE-2020-5752 path traversal bypass for CVE-2019-3999
2020-12-10 12:14:47 +00:00
c005492ee9
Updating doc.
2020-12-10 00:58:53 -05:00
9452c1dcfa
Fix merge conflict from #14202 , in linear history
2020-12-09 17:24:29 -06:00
d337d832b8
Land #14422 , add GitLab file read/rce
2020-12-09 11:34:14 -06:00
fb9b1c5de4
Land #14409 , add weak services technique to the service permissions LPE
2020-12-09 17:16:53 +00:00
6d7c6c054a
Update the module docs with more details for the registry technique
2020-12-08 17:39:34 -05:00
c86f93b9c0
Updating list of tested machines.
2020-12-07 21:38:42 -05:00
8e1cab0131
Land #14339 , add flexdotnetcms rce
2020-12-07 14:28:01 -06:00
d208e441ba
Update the documentation
2020-12-07 10:54:20 -05:00
a69269a101
Update module doc
2020-12-07 01:35:59 -06:00
af27d91eea
Fix download link
...
I was logged in.
2020-12-07 01:35:13 -06:00
9ac5725ce3
Show how to find libc base
2020-12-07 01:35:13 -06:00
0211c2c6e8
Add module doc
2020-12-07 01:35:13 -06:00
835059f00c
[CVE-2020-10977] Gitlab arbitrary file read to RCE
2020-12-07 01:26:54 +00:00
6cdb484d7c
Add Aerospike Database UDF Lua Code Execution exploit
2020-12-05 14:15:22 +00:00
f901e91d70
Fixing markdown content and formatting issues. Markdown is not yet complete and will need additional modification when other changes will be brought to ruby module and C dll.
2020-11-30 14:12:57 +00:00
87eba681e0
Land #14365 , Update TP-Link AC1750 Pwn2Own 2019 module
2020-11-26 19:55:00 +00:00
a99ce581dd
Update TP-Link AC1750 Pwn2Own 2019 module
2020-11-26 12:56:02 +00:00
8e534ffc22
Split scenarios to separate blocks for each target
...
As suggested in https://github.com/rapid7/metasploit-framework/pull/14216#discussion_r512868894 .
2020-11-26 13:46:01 +01:00
536e1a1a02
Fix typo in documentation
2020-11-26 13:46:01 +01:00
c280bb67e7
Wrap at 140 characters to appease msftidy_docs.rb.
2020-11-26 13:46:01 +01:00
4dc564e62b
Added documentation for module.
2020-11-26 13:46:01 +01:00
95665e916c
Land #14416 , wordpress plugin 'simple file list' rce
2020-11-25 09:58:26 -05:00
94c157bc95
Tweak the documentation and module output just a little for clarity
2020-11-25 09:58:07 -05:00
Christophe De La Fuente