27f5a789c9
rework the exploit to use the new MIPS64 fetch payload adapters. Removed the seperate command and dropper targets in favor of a single default target which can do both thanks to fetch payloads. Removed the redundant IO select() call which was bad copy pasta on my part.
2023-06-09 09:47:57 +01:00
a1528556e0
Merge branch 'rapid7:master' into CVE-2023-28771
2023-06-09 09:42:19 +01:00
a1e930397a
Land #18072 , Add CVE-2023-1133 - .NET Deserialization exploit for Delta Electronics InfraSuite Device Master
2023-06-08 08:42:07 -05:00
3bc145c02c
Update modules/exploits/windows/misc/delta_electronics_infrasuite_deserialization.rb
...
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com >
2023-06-07 16:42:01 -05:00
5b39eaafc1
Land #18074 , Fix exception handling in gitlab_github_import_rce_cve_2022_2992 module
2023-06-07 14:52:21 -05:00
8f6b421dc1
add non-capture group
2023-06-07 10:52:58 -05:00
82c8b5418e
Land #17936 , PaperCutNG Authentication Bypass with RCE
2023-06-07 15:05:51 +02:00
2fcd97f5ef
close socket
2023-06-06 14:37:58 -05:00
102a32c87b
add SCREEN_EFFECTS and akb assessment
2023-06-06 14:12:21 -05:00
451735ad15
Fix exception handler & add doc
2023-06-06 17:43:22 +02:00
a12b58df22
add cmdstager usage, description, and metadata
2023-06-05 17:38:27 -05:00
1c5f8e09c8
add check method and new options
2023-06-02 17:59:04 -05:00
617aff5a43
Fix up supported payloads and remove nonused parameter
2023-06-02 09:48:03 -05:00
f7d2cdae56
Add in ability to restore settings n documentation changes.
...
Previously there was not the ability to restore the server proxy setting.
This updates the code to do so. Additionally this also updates the documentation
to note that Fetch payloads are incompatible with this module since they
use HTTP connections that will be impacted by this module changing the server's
HTTP proxy settings. There is no way around this.
2023-06-02 09:48:03 -05:00
965311d09e
Fix documentation and fix bug in creating PARMS value
2023-06-02 09:48:02 -05:00
6e89f9b275
Address review comments
2023-06-02 09:48:02 -05:00
8577f21e52
Add in documentation and updated code
2023-06-02 09:48:01 -05:00
05bb3cd182
Update again
2023-06-02 09:48:01 -05:00
c78a9bac1d
Remove dropper target and try expand potential BadChars and limit payload size???
2023-06-02 09:48:01 -05:00
6d066dc649
Add in initial copy of exploit
2023-06-02 09:47:49 -05:00
a66641da55
add delta electronics infrasuite deserialization
2023-06-01 17:57:57 -05:00
3875947f7d
Removing unnecessary assignment
2023-05-31 19:17:30 +00:00
6351c66b1e
Update modules/exploits/multi/http/papercut_ng_auth_bypass.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-05-31 08:56:13 -07:00
6ad9ebb5c0
Update modules/exploits/multi/http/papercut_ng_auth_bypass.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-05-31 08:48:53 -07:00
530ed911f4
Fixing ZDI ID
2023-05-30 19:03:01 +00:00
b376dac34b
okay linter
2023-05-30 18:40:59 +00:00
cbf850b2b7
Apparently the comment after the rescue squelchs the linter.
2023-05-30 18:38:48 +00:00
9e38ed4459
Land #17929 , Linux sudoedit LPE (CVE-2023-22809)
...
Linux sudoedit priv esc (CVE-2023-22809)
2023-05-23 09:30:18 -04:00
0205bb36d3
change ranking to GreatRanking as stability is CRASH_SERVICE_RESTARTS
2023-05-22 20:09:11 +01:00
6b101b5a4d
make rubocop happy
2023-05-22 18:03:58 +01:00
f464401dde
Land #17782 , Add fetch payloads
...
Add http wget cmd based fetch payload for Linux and Windows
2023-05-18 12:18:27 -04:00
548a2d7ab4
Add fetch payloads for Windows and Linux x64
2023-05-18 10:47:29 -05:00
6c88e85d02
Land #17993 , add invscout RPM privesc
2023-05-17 18:56:42 -05:00
0bc1fdf51d
Add invscout RPM Privilege Escalation
2023-05-17 20:17:55 +10:00
2ca5ca1f63
stronger grep
2023-05-16 16:18:14 -04:00
459cf871cb
Land #17979 , Add exploit for Ivanti Avalanche file upload - CVE-2023-28128
2023-05-16 09:19:33 -05:00
6bee4f56d9
updates from review
2023-05-13 15:49:11 -04:00
560fc9000b
Fix up checks on responses to make sure they are more robust checks
2023-05-12 16:08:47 -05:00
3b2d23eeae
Fix up check method, unduplicate fail_with messages to make them unique, and add @cleanup_needed so we can check if cleanup is needed to avoid unnecessary messages when just checking if the target is vulnerable or not
2023-05-12 14:14:40 -05:00
004a72c32e
ibstat_path: Use AutoCheck, add Notes, resolve Rubocop violations
2023-05-13 01:27:53 +10:00
722de33b6f
address feedback, use cleanup to restore path
...
fix bug where if config restore failed, module would
output that it was both a failure and a success
add akb topic as reference
2023-05-11 13:20:25 -05:00
a445b07233
removing unnecessary call to payload_uri
2023-05-11 16:35:53 +00:00
131f2519bc
Update modules/exploits/windows/http/ivanti_avalanche_filestoreconfig_upload.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-05-11 10:48:48 -05:00
020ee7ca5c
Land #17964 - Pentaho Business Server Auth Bypass and SSTI - CVE-2022-43769 and CVE-2022-43939
2023-05-11 09:28:55 -05:00
d50bd24c2f
Adding config cleanup.
2023-05-11 04:57:57 +00:00
cb2c6a7d80
Prevent bypass_auth from being called twice when AutoCheck is true
2023-05-11 00:34:47 +00:00
9f6a1c18a1
Minor updates to fix URLs, disclosure date, description, and minor gramatical things
2023-05-10 18:22:00 -05:00
9f0a6503b7
require.js is not the only way, account for this new discovery in code
2023-05-10 13:02:02 -05:00
5d4e68d36c
Add Metasploit payload example and remove message that may suggest successful exploitation occurred even when it didn't
2023-05-10 10:36:29 -05:00
1b8f1de7c8
Add in fixes from review, add archive of software, and use uri_encode_mode for encoding parameters.
2023-05-10 10:16:08 -05:00
sfewer-r7