0196b6fa75
Land #16555 , move duplicated retry_until_truthy code into centralized location
2022-05-16 18:31:57 +01:00
133b9e307a
Land #16563 , Zyxel Firewall Unauthenticated Command Injection (CVE-2022-30525)
2022-05-13 18:55:30 -05:00
2eb31cf765
Add in edits from review
2022-05-13 15:32:12 -05:00
1aceb71971
Rename the function to emphasize truthy
2022-05-13 09:16:01 -04:00
6a1fe27406
Land #16442 , add vars_form_data to the HTTP client
2022-05-13 10:53:16 +01:00
23f8a0b915
Added Zyxel advisory. Added AKB reference. Used xpath as requested.
2022-05-12 07:17:37 -07:00
f3b23c072f
Added a reference to Rapid7 disclosure
2022-05-12 06:33:27 -07:00
24fa9aabe0
Fixed privilege flag. Swapped 'exploit' for 'command' in a couple of places
2022-05-12 06:24:33 -07:00
4af93ecfe2
Updated affected
2022-05-12 03:22:21 -07:00
617b4ae044
Initial commit of Zyxel unauth command injection (CVE=2022-30525)
2022-05-12 01:43:59 -07:00
93334b56ef
Properly credit Azeria and also include blog post at her request
2022-05-11 18:43:27 -05:00
8dbd6f3334
Change default target to 1 so we get benefit of avoiding some timeout issues since Unix Command may still cause server's REST API to time out at times.
2022-05-11 16:43:37 -05:00
196aac6b42
Add in PrependFork and MeterpreterTryToFork options as default to fix timeout issues and potential failure cases due to server not responding
2022-05-11 16:43:36 -05:00
27169c4ae1
Add in missing CmdStager library, add some more attribution, and add in PoC link
2022-05-11 16:43:36 -05:00
6354d7a055
Redo explanation of exploit in documentation to appropriately account for various nuances. Also update exploit title and description accordingly.
2022-05-11 16:43:36 -05:00
1bc2616c19
Update modules/exploits/linux/http/f5_icontrol_rce.rb
...
Co-authored-by: wvu <4551878+wvu@users.noreply.github.com >
2022-05-11 16:43:13 -05:00
208367d735
Improved check method reliability
...
Extra modifications:
- Promote advanced options HttpUsername and HttpPassword
- password is not really necessary, but if one have credential, can
use this module as an exec
- Fixed print statement on check
- Splitted execute_command in two, because we also send a command on the check
methods, however we don't need the checks that are in the execute_command
2022-05-11 16:43:12 -05:00
55163b86d6
Improvements
...
- Change module name and description
- Added author from the PoC
- Added reference
- Added payloads, targets and notes
- Removed headers used during the tests
2022-05-11 16:43:11 -05:00
77f60eb21e
Added module and documentation for f5 icontrol RCE (CVE-2022-1388)
2022-05-11 16:43:00 -05:00
05fcbd803e
Add a new Retry mixin
2022-05-11 15:41:37 -04:00
e4f42d7eaa
Update more modules to use the vars_form_data api
2022-05-11 18:18:21 +01:00
1c934b87b4
Land #16169 , Add sploit for Cisco RV340 SSL VPN - CVE-2022-20699
2022-05-11 10:15:08 -05:00
68fdb103fe
Add in final touch ups to documentation to fix a typo or two for formatting. Also update exploit ranking since this exploit doesn't retrieve version information before exploiting and is not 100% reliable so Excellent ranking isn't appropriate
2022-05-11 09:39:47 -05:00
b920c04b75
Land #16548 , Add Powershell Command Adapter
2022-05-10 16:47:57 -05:00
d5fb559e05
Land #16485 , Allow all post-Vista builds
2022-05-10 10:32:09 -04:00
92715c883f
Land #16423 , Add module for exploit CVE-2022-22965
...
Merge branch 'land-16423' into upstream-master
2022-05-10 08:44:06 -05:00
94e1ad3fe5
Update form data api defaults
2022-05-10 14:12:17 +01:00
dd5aee4956
Increase the size of psexec commands
2022-05-09 11:55:57 -04:00
4ad4ca32e8
Fix test alignment
2022-05-09 16:51:20 +01:00
51f255127e
Land #16531 , Fix login crash for pihole modules
...
Fixes a crash in various Pi-hole modules when login
authentication is required
2022-05-06 14:08:22 -06:00
2e59f17439
Rename files to form_data
2022-05-06 16:41:19 +01:00
ece5e2699a
Automatically identify the HTTP method
2022-05-05 10:24:04 -04:00
e2cefe0750
Land #16514 , add ZoneMinder exploit module
2022-05-04 17:37:08 -05:00
dd0b124e84
fix typo in docs, check some responses
2022-05-04 17:28:37 -05:00
481699ed8f
Land #16530 , PiHole module to not wait for sudo
...
Update PiHole pihole_remove_commands_lpe module
to no wait for sudo input
2022-05-04 14:57:29 -07:00
53052af988
Fix login crash for pihole modules
2022-05-04 19:42:39 +01:00
bc489fef91
Update PiHole module to not wait for sudo input
2022-05-04 17:24:43 +01:00
115dad7193
Why do i keep forgeting that res can be nil
2022-05-04 20:23:42 +07:00
10c1c75337
Fail the exploit when the target is not Zoneminder but the user enable the ForceExploit
2022-05-04 20:13:40 +07:00
54f6e270fe
Make sure the target is a Zoneminder before parse the version, and check if the version is not nil
2022-05-04 20:02:37 +07:00
4c231ba226
Apply suggestions from code review
...
Remove unnecessary check for content-type response
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2022-05-04 16:37:20 +07:00
6532365dc8
Deregister VHOST
2022-05-03 11:52:50 -05:00
8c0cd40a19
Fix VMware Workspace ONE Access CVE-2022-22954
2022-05-03 10:39:58 -05:00
a76600f4a9
Land #16462 , add support for armle/aarch64 architectures
2022-05-03 15:48:50 +01:00
8408f28967
checking status code response for successful exploitation
2022-05-03 20:47:36 +07:00
c582f4277f
res can be nil due to a timeout or other reason
2022-05-03 20:09:58 +07:00
4e6dddd735
Fail if the response is nil or the body is blank
2022-05-03 19:41:06 +07:00
a1dcbb8004
Make sure the response content-type is json before parsing
2022-05-03 19:31:38 +07:00
b4733afe2c
Modify cookie jar, login and responses
...
- use keep_cookies instead of grabbing and set manually
- separate login code to its own method
- check response is not nil before calling get_html_document method
- clear cookie jar in exploit method and authenticate if user disable AutoCheck option
2022-05-03 17:54:59 +07:00
b2994aa8d8
Add words
2022-05-03 01:13:45 -05:00
adfoster-r7