20d70799a7
Land #17298 , Add opentsdb_yrange_cmd_injection module and docs
2022-12-23 13:38:58 +01:00
6758c8313f
Land #17258 , Update sharphound
2022-12-21 14:04:09 +01:00
a6605d36a3
Land #17334 , enum_commands: Cleanup
2022-12-20 22:52:00 +00:00
fa5e4df3f5
Land #17278 , Add solarwinds_orion_dump post module
2022-12-20 15:42:25 +01:00
e3c6aa7820
solarwinds_orion_dump attribution update
...
Updated original research attribution to align with reality.
2022-12-20 08:55:19 -05:00
78906a8217
enum_commands: Cleanup
2022-12-20 23:42:51 +11:00
2a28af208d
Land #16992 , Syncovery For Linux - Auth. RCE (CVE-2022-36534)
2022-12-14 13:43:00 +01:00
9582411554
Land #16991 , Syncovery For Linux - Insecure Session Token Generation (CVE-2022-36536)
2022-12-14 11:30:47 +01:00
d6a5590c06
Land #17265 , Add Exploit for CVE-2020-25736
2022-12-13 18:49:56 +01:00
6885e576ed
add note about uninstalling the helper tool
2022-12-12 16:35:44 -06:00
024fc87b4c
Land #17272 , Add F5 MCP post module
...
Add F5 MCP post module
2022-12-12 14:20:31 -05:00
d04111ad6f
solarwinds_orion_dump markdown update
...
Nuked the last embarrassing typo in the module description.
Updated the documentation to include detail on sqlcmd / CSV export
process when manually exporting the data.
2022-12-12 10:54:41 -05:00
8075654f10
Revise solarwinds_orion_dump MKII
...
Fixed humiliating typos in the markdown doc.
Updated the Author section of the module per guidelines.
Changed credential type for AES key loot storage.
Updated database config code to include the case where the SQL password
is not encrypted (needs testing).
Additional tweaks and fixes.
2022-12-09 14:47:18 -05:00
771b7c58f9
change brute-forcer
2022-12-09 12:33:13 +01:00
005d43f7d1
Merge branch 'rapid7:master' into syncovery_craftable_token
2022-12-09 09:34:42 +01:00
293a203a03
Added path option to cmd payloads
2022-12-08 12:19:31 -06:00
2f3fd6c917
Revise solarwinds_orion_dump
...
Made modifications to documentation to add further detail for each
action.
Significant refactor of error handling, now with (hopefully) proper use
of exceptions.
Various suggested code improvements and optimization.
Fixed some redundant and buggy code.
2022-12-07 07:55:43 -05:00
97a9fb6650
Update docs for Acronis module
...
Note that uninstalling the module doesn't necessarily uninstall the vulnerable service, so call that out to people who are testing this module so they have a chance to do more thorough cleanup after testing.
2022-12-06 11:08:31 -06:00
e7e2849f6d
Land #17183 , Zimbra fixes
2022-12-06 15:38:37 +01:00
d48319a867
Land #17242 , Add Gather Module for WP BookingPress Plugin unauth SQLi (CVE-2022-0739)
2022-12-05 15:04:31 -06:00
cb68c255bb
Fix up issues from review
2022-12-05 14:17:43 -06:00
1fec75621c
Fix up documentation from review
2022-12-05 14:04:22 -06:00
f29b4fad75
Add Gather Module for WP BookingPress Plugin SQLi (CVE-2022-0739)
2022-12-05 14:04:03 -06:00
37540572e0
Land #17214 , add database functionality to vcenter post module
...
Merge branch 'land-17214' into upstream-master
2022-12-05 12:50:14 -06:00
54cd055276
Land #17286 , CVE-2021-22015 vCenter priv esc
...
Merge branch 'land-17286' into upstream-master
2022-12-05 09:31:01 -06:00
6e7d4edf02
Land #16990 , Syncovery for Linux - Login brute-force utility
2022-12-05 14:39:29 +01:00
d90dee8235
enum_proxy: Cleanup and support non-Meterpreter sessions
2022-12-04 15:10:47 +11:00
04e5aa3033
apply suggestions
2022-12-02 16:05:01 +01:00
b32ec581d8
apply suggestions
2022-12-02 10:33:25 +01:00
d3057f15b2
Land #17275 , Add Exploit For CVE-2022-41082 (ProxyNotShell)
2022-11-30 18:16:19 +01:00
d491c10d22
Store service credentials in the database
2022-11-30 11:59:10 -05:00
3462dc6bf4
Land #17087 , remote control collection rce
...
Merge branch 'land-17087' into upstream-master
2022-11-28 14:29:52 -06:00
009c6c5350
Add the MaxBackendRetries datastore option
2022-11-28 09:45:04 -05:00
78dfaa12ef
add opentsdb_yrange_cmd_injection module and docs
2022-11-24 21:37:24 +02:00
0aa0884e26
Land #17296 , add warning about external links
2022-11-24 10:30:44 +00:00
6350daf2d8
Land #17273 , F5 exploit module CVE-2022-41800
...
F5 exploit module CVE-2022-41800 (authenticated RCE in RPM code)
2022-11-23 17:57:18 -05:00
28a68ede8c
Merge branch 'master' into zimbra-fixes
2022-11-23 12:50:56 -08:00
453cfc5939
spelling change per review
...
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com >
2022-11-23 13:26:19 -06:00
4fd22226fe
Combine into one module with options to turn features on/off
2022-11-23 11:10:34 -08:00
cb8e023734
add warning about external links
...
Links to external resources not controlled by the project maintainers
are subject to bitrot and malicious take over. Warnings seem appropriate.
2022-11-23 12:08:05 -06:00
3f58bfe11e
Check that the target is Exchange Server 2019
2022-11-23 10:47:10 -05:00
181b8e4eea
review comments
2022-11-21 15:53:37 -05:00
d4536b24a6
remote control collection rce
2022-11-21 15:53:37 -05:00
ed99f2f67f
Bypass EEMS M1
2022-11-21 11:13:16 -05:00
6877304bac
exploit for cve-2021-22015 vcenter priv esc
2022-11-20 11:29:49 -05:00
ad36f28ec1
enum_psk: Cleanup
2022-11-21 00:28:34 +11:00
7a795c5adb
docs
2022-11-19 10:37:36 -05:00
9a19c4411d
wrap up module additions
2022-11-19 10:37:36 -05:00
8ca7550062
Land #17257 , Adding exploit for ChurchInfo 1.2.13-1.3.0 RCE (CVE-2021-43258)
2022-11-18 19:27:10 -06:00
237eb904d4
Add in fixes for documentation examples and then update the code to fix some bugs
2022-11-18 18:30:07 -06:00
Christophe De La Fuente