27f5a789c9
rework the exploit to use the new MIPS64 fetch payload adapters. Removed the seperate command and dropper targets in favor of a single default target which can do both thanks to fetch payloads. Removed the redundant IO select() call which was bad copy pasta on my part.
2023-06-09 09:47:57 +01:00
a1528556e0
Merge branch 'rapid7:master' into CVE-2023-28771
2023-06-09 09:42:19 +01:00
039f238dd4
Land #18068 , Fix VBS stager in shell_to_meterpreter
...
Merge branch 'land-18068' into upstream-master
2023-06-08 19:16:54 -05:00
5b5c29842c
Land #18022 , Add post/windows/manage/make_token
...
Add update_token to MSF + make_token post-ex module
2023-06-08 14:53:22 -04:00
c08f1971cc
Land #18040 , Fix Python's payload issue with Windows
2023-06-08 18:28:07 +02:00
a1e930397a
Land #18072 , Add CVE-2023-1133 - .NET Deserialization exploit for Delta Electronics InfraSuite Device Master
2023-06-08 08:42:07 -05:00
6030f75b1a
fixing indentation for shell reverse tcp payload
2023-06-08 06:52:33 +05:30
d454e23aa0
decoding bytes from all python payloads
2023-06-08 06:44:37 +05:30
3bc145c02c
Update modules/exploits/windows/misc/delta_electronics_infrasuite_deserialization.rb
...
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com >
2023-06-07 16:42:01 -05:00
5b39eaafc1
Land #18074 , Fix exception handling in gitlab_github_import_rce_cve_2022_2992 module
2023-06-07 14:52:21 -05:00
23451260af
Land #18064 , Add support for beta and prerelease versions to grafana_plugin_traversal
2023-06-07 14:33:31 -05:00
b923b0c8c3
Add in a typo fix
2023-06-07 11:34:00 -05:00
ffbd690a33
Add in ability to support detecting preview versions
2023-06-07 11:25:51 -05:00
8f6b421dc1
add non-capture group
2023-06-07 10:52:58 -05:00
82c8b5418e
Land #17936 , PaperCutNG Authentication Bypass with RCE
2023-06-07 15:05:51 +02:00
f88cb3b847
Land #18039 , gitlab file read CVE-2023-2825
2023-06-07 13:07:54 +02:00
4950cb3424
review adjustments
2023-06-06 16:24:38 -04:00
2fcd97f5ef
close socket
2023-06-06 14:37:58 -05:00
102a32c87b
add SCREEN_EFFECTS and akb assessment
2023-06-06 14:12:21 -05:00
451735ad15
Fix exception handler & add doc
2023-06-06 17:43:22 +02:00
a34c3cf055
linted - all offenses addressed
2023-06-06 09:07:57 +02:00
a12b58df22
add cmdstager usage, description, and metadata
2023-06-05 17:38:27 -05:00
61539ac260
Fix VBS stager in shell_to_meterpreter.
2023-06-06 07:23:58 +10:00
0d094f8645
Land #17917 , shell_to_meterpreter: Support using bind payloads with PAYLOAD_OVERRIDE
2023-06-05 13:36:30 -05:00
d029b26b4f
Land #18062 , Created mixin to retrieve the architecture of the current shell.
2023-06-05 12:58:57 -05:00
4e91a4e93d
refactor archer_c7_traversal as gather module
...
* Update modules landed as a scanner into a more appropriate category.
* Adds a check method based on TP-link default `TITLE` html.
* Rename module consistent with existing exploit.
2023-06-05 09:07:11 -05:00
ba3d6dc0f9
fix typo in print statement from original module
2023-06-05 16:21:00 +03:00
12f59d54df
print the full version to the console
2023-06-05 15:49:06 +03:00
c5ff96fdfe
grafana_plugin_traversal bugfix
2023-06-05 15:40:27 +03:00
795980260b
Created mixin to retrieve the architecture of the current shell.
...
Currently only supports Windows, but does work on Win2000 upwards.
2023-06-05 11:10:53 +10:00
1c5f8e09c8
add check method and new options
2023-06-02 17:59:04 -05:00
8f3325bcf8
move gitlab_auth_subgroups to gahter instead of scanner
2023-06-02 18:06:44 -04:00
734e0b099e
Land #18018 , Add in CVE-2023-29084
...
Add in CVE-2023-29084 - Zoho ManageEngine ADManager Plus ChangePasswordAction
Authenticated Command Injection
2023-06-02 12:14:43 -04:00
1e9d286c77
Land #18044 , Add MIPS64 Linux Fetch Payloads
...
Merge branch 'land-18044' into upstream-master
2023-06-02 10:53:43 -05:00
7728e1e2fb
Add in new library function for escaping PowerShell literals
2023-06-02 10:22:56 -05:00
617aff5a43
Fix up supported payloads and remove nonused parameter
2023-06-02 09:48:03 -05:00
f7d2cdae56
Add in ability to restore settings n documentation changes.
...
Previously there was not the ability to restore the server proxy setting.
This updates the code to do so. Additionally this also updates the documentation
to note that Fetch payloads are incompatible with this module since they
use HTTP connections that will be impacted by this module changing the server's
HTTP proxy settings. There is no way around this.
2023-06-02 09:48:03 -05:00
965311d09e
Fix documentation and fix bug in creating PARMS value
2023-06-02 09:48:02 -05:00
6e89f9b275
Address review comments
2023-06-02 09:48:02 -05:00
3ab4173d6c
Fix up base64 encoder to properly quote strings - credit to @smcintyre-r7 for the fix
2023-06-02 09:48:02 -05:00
8577f21e52
Add in documentation and updated code
2023-06-02 09:48:01 -05:00
05bb3cd182
Update again
2023-06-02 09:48:01 -05:00
c78a9bac1d
Remove dropper target and try expand potential BadChars and limit payload size???
2023-06-02 09:48:01 -05:00
6d066dc649
Add in initial copy of exploit
2023-06-02 09:47:49 -05:00
8b641c4c97
Land #18055 , Update aws_keys to run against linux
...
Update post/multi/gather/aws_keys to run against linux sessions
2023-06-02 09:28:13 -04:00
4661e9721e
Land #18002 , Added cmd useradd payload
2023-06-02 12:53:49 +02:00
f8460dcdd2
PR Review changes for removing platform specific code
2023-06-02 14:50:46 +05:30
da2e339ae8
review adjustments
2023-06-02 05:15:44 -04:00
a66641da55
add delta electronics infrasuite deserialization
2023-06-01 17:57:57 -05:00
f6dc2c007a
Fix up messages to more closely match check code messages and fix typos
2023-06-01 12:38:20 -05:00
sfewer-r7