a1e930397a
Land #18072 , Add CVE-2023-1133 - .NET Deserialization exploit for Delta Electronics InfraSuite Device Master
2023-06-08 08:42:07 -05:00
74dd134783
add options in scenarios output
2023-06-07 17:15:28 -05:00
4465582fee
Add in link to archived version of the installer
2023-06-07 16:51:01 -05:00
2738906f87
Update documentation/modules/exploit/windows/misc/delta_electronics_infrasuite_deserialization.md
...
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com >
2023-06-07 16:41:44 -05:00
54649fb856
Update documentation/modules/exploit/windows/misc/delta_electronics_infrasuite_deserialization.md
...
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com >
2023-06-07 16:41:37 -05:00
4377ff037a
Update documentation/modules/exploit/windows/misc/delta_electronics_infrasuite_deserialization.md
...
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com >
2023-06-07 16:41:28 -05:00
60c642bcd0
Update documentation/modules/exploit/windows/misc/delta_electronics_infrasuite_deserialization.md
...
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com >
2023-06-07 16:41:19 -05:00
3b53966caa
add installation steps
2023-06-06 12:14:14 -05:00
5f7ae883f8
add documentation
2023-06-05 17:38:58 -05:00
f7d2cdae56
Add in ability to restore settings n documentation changes.
...
Previously there was not the ability to restore the server proxy setting.
This updates the code to do so. Additionally this also updates the documentation
to note that Fetch payloads are incompatible with this module since they
use HTTP connections that will be impacted by this module changing the server's
HTTP proxy settings. There is no way around this.
2023-06-02 09:48:03 -05:00
965311d09e
Fix documentation and fix bug in creating PARMS value
2023-06-02 09:48:02 -05:00
8577f21e52
Add in documentation and updated code
2023-06-02 09:48:01 -05:00
459cf871cb
Land #17979 , Add exploit for Ivanti Avalanche file upload - CVE-2023-28128
2023-05-16 09:19:33 -05:00
ea988f0c78
Add more documentation on how to set the target up based on my own experience and so that we have a backup in case the link to external documentation breaks
2023-05-12 14:27:39 -05:00
cf5f90ac4f
Minor updates to documentation to tidy things up a bit
2023-05-11 16:48:16 -05:00
722de33b6f
address feedback, use cleanup to restore path
...
fix bug where if config restore failed, module would
output that it was both a failure and a success
add akb topic as reference
2023-05-11 13:20:25 -05:00
9f6a1c18a1
Minor updates to fix URLs, disclosure date, description, and minor gramatical things
2023-05-10 18:22:00 -05:00
d60843f0eb
name versions that are vulnerable
2023-05-09 09:16:42 -05:00
08a79a2f4e
add documentation
2023-05-08 17:42:23 -05:00
f773d348e1
Add in notes about reliability of the module, and also add documentation on 7005 test on Windows 2022
2023-05-08 12:11:01 -05:00
c221edb1ec
Add in ADAudit Plus build 6077 testing examples
2023-05-08 11:45:44 -05:00
19651633c4
Update the installation instructions to resolve some issues encountered during testing
2023-05-04 18:26:54 -05:00
f27fc28411
Perform review updates
2023-05-04 15:12:31 -05:00
aede036b02
additional changes from code review
2023-05-04 15:12:30 -05:00
0fd743d851
Add in fixes from code review
2023-05-04 15:12:29 -05:00
d5032f0a5d
Minor touchups on documentation for review
2023-05-04 15:12:28 -05:00
32796b429b
add note about payload limitations for builds 7004 and 7005
2023-05-04 15:12:27 -05:00
3b0d8b850b
Fix up some issues identified during review
2023-05-04 15:12:26 -05:00
9f68a5f8d1
add manageengine_adaudit_plus_authenticated_rce exploit module and docs
2023-05-04 15:12:09 -05:00
4b176c8ef5
fix unified_remote_rce docs
2023-04-16 10:11:01 -04:00
15d267a233
Land #17826 , post module for CVE-2023-21768
...
This adds an exploit module for CVE-2023-21768 that
achieves local privilege escalation on Windows 11 2H22.
2023-03-30 12:27:28 -04:00
6d4ee0c071
Add exploit for CVE-2023-21768
2023-03-27 20:08:22 +02:00
3ca177eb1f
Add the exploit for CVE-2022-38108
2023-03-23 17:28:58 -04:00
01a78f972c
Land #17567 , ManageEngine Endpoint Central RCE (CVE-2022-47966)
...
Merge branch 'land-17567' into upstream-master
2023-02-08 13:06:53 -06:00
d763faf245
sync documentation
2023-02-06 06:56:59 +00:00
80dbbca020
Land #17371 , Lenovo Diagnostics Driver Privilege Escalation (CVE-2022-3699)
2023-02-03 13:43:04 +00:00
a2f4a27614
updated module and added documentation
2023-01-29 10:06:14 +00:00
6043d0ffba
Update all links from Wiki site to new docs site.
2023-01-27 09:58:53 -06:00
672fb9ce9f
Land #17460 , add support for feature kerberos authentication
2023-01-26 17:47:27 +00:00
4da94325f3
Rubocop
2023-01-19 13:52:58 -05:00
63d9445911
Fix for Win Server 2022 and 2019
2023-01-19 00:52:38 -05:00
2c2bfec4a0
Tested on Windows Build 19044, 19045 and 22000
2023-01-18 01:41:30 -05:00
0ac4d3d2e6
doc how to set permissions on service
2023-01-13 17:07:17 -05:00
3ddcf73c2b
Remove the QUICK option altogether
...
Use blocks to check whether each service is exploitable as they are
enumerated. With this change, it is the service and path enumeration
halts once an exploitable one is found that yields a session.
Also all files are registered for cleanup.
2023-01-13 17:06:42 -05:00
90a12cf3b0
unquoted service path tweaks
2023-01-13 17:06:42 -05:00
c52eb09cbb
unquoted service path tweaks
2023-01-13 17:06:42 -05:00
868072e6c8
Land #17317 , Fix various WinRM modules
2023-01-03 19:57:07 +01:00
2fa7e7b2d5
Lenovo Diagnostics Driver Privilege Escaltion (CVE-2022-3699)
2022-12-12 21:53:53 -05:00
e7e2849f6d
Land #17183 , Zimbra fixes
2022-12-06 15:38:37 +01:00
d3057f15b2
Land #17275 , Add Exploit For CVE-2022-41082 (ProxyNotShell)
2022-11-30 18:16:19 +01:00
Grant Willcox