d6a5590c06
Land #17265 , Add Exploit for CVE-2020-25736
2022-12-13 18:49:56 +01:00
0596620de7
Update modules/exploits/osx/local/acronis_trueimage_xpc_privesc.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2022-12-13 09:49:59 -06:00
d09aef7dc5
Land #17350 , Remove unnecesary sleep
...
Remove unnecesary sleep in several bypassuac modules
2022-12-12 17:45:10 -05:00
13a557013c
support 2021 version of software
...
specifically, the exploit will now search
for com.acronis.helpertool in addtion to the
2020 helper tool name. This also updates the
check() method to return CheckCode::Detected
for when we find the vulnerable service but
can't detect the build number
2022-12-12 15:53:35 -06:00
5a66666b4d
Fix check methods by using #present?
2022-12-12 16:53:34 -05:00
024fc87b4c
Land #17272 , Add F5 MCP post module
...
Add F5 MCP post module
2022-12-12 14:20:31 -05:00
8d097e0fd0
Fixes bug in s4u_persistence module
2022-12-09 11:24:16 +11:00
c54109586c
Remove unnecesary sleep in several bypassuac modules
2022-12-09 11:09:19 +11:00
293a203a03
Added path option to cmd payloads
2022-12-08 12:19:31 -06:00
77bda68932
Add in more constants for the SCAL flags and use them to make the code easier to read
2022-12-07 10:48:07 -06:00
e7d72e0ecf
Allow multiple controls to be specified
2022-12-06 23:21:48 -06:00
fd8bdf4daf
Make sure we use the LDAP_SERVER_SD_FLAGS_OID flag and set it to 7 when retrieving entries so that we don't retrieve the SACL, which cannot be retrieved by nonadmin users.
2022-12-06 22:54:03 -06:00
9c7355388c
add attackerkb link
2022-12-06 11:19:05 -06:00
e7e2849f6d
Land #17183 , Zimbra fixes
2022-12-06 15:38:37 +01:00
ddaf5a3f0d
Remove unecessary return statement
2022-12-06 15:07:28 +01:00
aaef7726db
Land #17330 , Fix enumerating emails via ProxyShell
2022-12-06 14:02:53 +01:00
d48319a867
Land #17242 , Add Gather Module for WP BookingPress Plugin unauth SQLi (CVE-2022-0739)
2022-12-05 15:04:31 -06:00
cb68c255bb
Fix up issues from review
2022-12-05 14:17:43 -06:00
4b008d6ea8
revert the identify_hash line
2022-12-05 14:17:39 -06:00
41edc92d5d
Update wp_bookingpress_category_services_sqli to use the SQLi library
2022-12-05 14:17:31 -06:00
1fec75621c
Fix up documentation from review
2022-12-05 14:04:22 -06:00
f29b4fad75
Add Gather Module for WP BookingPress Plugin SQLi (CVE-2022-0739)
2022-12-05 14:04:03 -06:00
37540572e0
Land #17214 , add database functionality to vcenter post module
...
Merge branch 'land-17214' into upstream-master
2022-12-05 12:50:14 -06:00
54cd055276
Land #17286 , CVE-2021-22015 vCenter priv esc
...
Merge branch 'land-17286' into upstream-master
2022-12-05 09:31:01 -06:00
6e7d4edf02
Land #16990 , Syncovery for Linux - Login brute-force utility
2022-12-05 14:39:29 +01:00
8e9e8468f2
Land #17338 , Lint modules
2022-12-05 13:17:40 +00:00
0d3c1dc122
Land #17333 , Fix typos: Replace 'the the' with 'the'
2022-12-05 11:46:27 +00:00
14d05c9c6c
Lint modules
2022-12-05 10:41:31 +00:00
c1ff9337c8
dnn_cookie_deserialization_rce: Remove empty 'Payload' Hash key
2022-12-04 17:50:24 +11:00
431804ef15
Fix typos: Replace 'the the' with 'the'
2022-12-04 17:41:24 +11:00
d90dee8235
enum_proxy: Cleanup and support non-Meterpreter sessions
2022-12-04 15:10:47 +11:00
96da805014
Fix enumerating emails via ProxyShell
...
The ResolveNames endpoint used to gather emails addresses for targeting
only returns 100 at a time. This updates the module to check if the
search result contains all entries and when it does, it recurses into
itself with a refined search prefix. All results are returned to match
the original functionality instead of enumerating and halting once one
that's suitable for exploitation has been found.
2022-12-02 15:58:50 -05:00
04dc8e8455
Land #17310 , update checkvm post module
...
Add notes and add powershell to supported SessionTypes
2022-12-01 17:05:09 -05:00
4207449382
Land #17323 , fix enlightenment check method
2022-12-01 20:26:16 +00:00
867059efe5
add super to cleanup command
2022-12-01 14:55:43 -05:00
62b484fdc7
blank over empty
2022-12-01 14:34:09 -05:00
dcff4d37b6
Land #17163 , Pfsense PfBlockerNG RCE module check method improvement
...
Merge branch 'land-17163' into upstream-master
2022-12-01 09:25:18 -06:00
039b611fae
fix enlightenment check method
2022-11-30 17:06:50 -05:00
330cb2944b
fix typo
...
OptString.new('FILENAME', [true, 'The OpoenOffice Text document name', 'msf.odt']) -> OpoenOffice changed to OpenOffice
2022-11-30 22:10:18 +01:00
d3057f15b2
Land #17275 , Add Exploit For CVE-2022-41082 (ProxyNotShell)
2022-11-30 18:16:19 +01:00
d491c10d22
Store service credentials in the database
2022-11-30 11:59:10 -05:00
60180a4442
checkvm: Add notes and add powershell to supported SessionTypes
2022-11-29 21:28:15 +11:00
8ea8e2410d
Land #17299 , Fixes #17227
...
Fixes #17227 - polkit_dbus_auth_bypass module when run from a command…
2022-11-28 16:22:52 -05:00
5d3cfa69b8
Land #17210 , add ParseError rescue to snmp modules
...
snmp_enum, snmp_enumshares and snmp_enumusers now rescue
SNMP ParseErrors
2022-11-28 15:37:02 -05:00
3462dc6bf4
Land #17087 , remote control collection rce
...
Merge branch 'land-17087' into upstream-master
2022-11-28 14:29:52 -06:00
264d45e04a
Appease rubocop
2022-11-28 10:16:55 -05:00
f24df8a051
Change an exception class and drop DOMAIN passing
2022-11-28 10:06:14 -05:00
9aa1a84b3a
added target uri in to "Authorization not requested" error message
2022-11-27 15:35:34 +03:00
25a0d0ff0e
Fixes #17227 - polkit_dbus_auth_bypass module when run from a command shell
2022-11-25 15:13:57 +11:00
6350daf2d8
Land #17273 , F5 exploit module CVE-2022-41800
...
F5 exploit module CVE-2022-41800 (authenticated RCE in RPM code)
2022-11-23 17:57:18 -05:00
Christophe De La Fuente