6350daf2d8
Land #17273 , F5 exploit module CVE-2022-41800
...
F5 exploit module CVE-2022-41800 (authenticated RCE in RPM code)
2022-11-23 17:57:18 -05:00
cbb50ed902
Remove non-functioning Arch'es
2022-11-23 10:42:07 -08:00
8ca7550062
Land #17257 , Adding exploit for ChurchInfo 1.2.13-1.3.0 RCE (CVE-2021-43258)
2022-11-18 19:27:10 -06:00
237eb904d4
Add in fixes for documentation examples and then update the code to fix some bugs
2022-11-18 18:30:07 -06:00
85a6770973
Add additional checks, a check method, and fix up some doc errors
2022-11-18 18:22:06 -06:00
b9ecdb3bc2
Use TARGETURI, registered cleanup, implment cookie_jar, and perform response checks and documentation
2022-11-18 18:21:27 -06:00
a33a313544
Adding exploit for ChurchInfo 1.3.0
2022-11-18 18:21:08 -06:00
3d5708e3e6
Land #17271 , add f5 big-ip csrf exploit
2022-11-18 16:19:09 -06:00
8b30ff3dce
remove CmdStager inclusion
2022-11-18 16:18:25 -06:00
d1a7170020
Land #17021 , Gitea Git fetch RCE module - CVE-2022-30781
2022-11-17 12:28:29 +01:00
11541a5774
Add comment for details about the string substitutions on Windows
2022-11-17 12:25:52 +01:00
7ebf84c66b
Add URLs
2022-11-16 12:20:37 -08:00
20e6c1b55e
Add URLs
2022-11-16 12:19:16 -08:00
d0e109b842
Check in exploit module for CVE-2022-41800
2022-11-16 12:04:18 -08:00
99e661cfcf
Check in exploit script for CVE-2022-41622 (CSRF into SOAP)
2022-11-16 11:58:15 -08:00
1ddc137f1a
Update module
...
- adjust execute_command method and add logic for :win_dropper target
- move cmdstager uripath setting into target case statement
- add more cmdstagerflavour for :linux_dropper target
- fix lint msftidy
2022-11-15 22:30:45 +07:00
cbca2a5604
Update modules/exploits/multi/http/gitea_git_fetch_rce.rb
...
apply suggestion
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2022-11-15 22:17:59 +07:00
494c9601ca
Land #17222 , Pre-authenticated Remote Code Execution in VMware NSX Manager using XStream [CVE-2021-39144]
2022-11-15 14:16:14 +01:00
59535b6799
remove 'is'
2022-11-12 16:19:50 -05:00
70669f3fea
addressed code improvement suggestions
2022-11-12 10:21:43 +00:00
72080910e7
Update modules/exploits/linux/http/vmware_nsxmgr_xstream_rce_cve_2021_39144.rb
...
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com >
2022-11-12 09:22:06 +01:00
85b4512292
Update modules/exploits/linux/http/vmware_nsxmgr_xstream_rce_cve_2021_39144.rb
...
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com >
2022-11-12 09:21:55 +01:00
5d314e5799
Update modules/exploits/linux/http/vmware_nsxmgr_xstream_rce_cve_2021_39144.rb
...
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com >
2022-11-12 09:21:42 +01:00
04d6a310af
Update modules/exploits/linux/http/vmware_nsxmgr_xstream_rce_cve_2021_39144.rb
...
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com >
2022-11-12 09:16:46 +01:00
1ce8695401
Update modules/exploits/linux/http/vmware_nsxmgr_xstream_rce_cve_2021_39144.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2022-11-12 09:16:30 +01:00
e38138d69e
Update modules/exploits/linux/http/vmware_nsxmgr_xstream_rce_cve_2021_39144.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2022-11-12 09:16:17 +01:00
967388eba7
Update modules/exploits/linux/http/vmware_nsxmgr_xstream_rce_cve_2021_39144.rb
...
Agreed !
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2022-11-12 09:15:42 +01:00
639afebe1e
Update module
...
- handle cleanup method on manual `check`
- adjust targets flavour option
- add :win_dropper target and handle the payload delivery
NOTE: the Windows dropper target is still unsuccessfull but keep this for further review
2022-11-09 16:12:20 +07:00
13bb31feeb
Update module
...
- move repository migration to execute_command.
NOTE: the stageless payload is still unsuccessfull but keep this anyway for christophe to review.
2022-11-09 04:52:18 +07:00
bca5138fc8
Update module
...
- move cleanup process to its own method and handle the response
- remove timeout and http delay option
- adjust target type location as code review suggestion
2022-11-09 01:42:27 +07:00
a50cca27e6
remove cookie_jar manipulation
2022-11-09 00:48:23 +07:00
52d867bbc7
follow Ruby coding convetions
...
- combine gitea_version into get_gitea_version for the check method
- validate empty username
2022-11-09 00:41:30 +07:00
f0b67c8812
fix msftidy
2022-11-08 14:14:45 +07:00
540984804d
Apply suggestions from code review
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2022-11-08 14:09:31 +07:00
da189041b4
randomized endpoint url
2022-11-07 08:16:54 +00:00
bf0ed5b513
fixed some typos in documentation
2022-11-05 15:36:42 +00:00
642a83bd0d
Updated module and added documentation
2022-11-05 15:14:31 +00:00
71d1c971a7
init commit module
2022-11-04 13:31:27 +00:00
197b37751b
Land #17174 , add FLIR AX8 command injection module
2022-11-01 12:41:01 -05:00
c4c4e736d9
Land #17142 , Apache CouchDB Erlang RCE module CVE-2022-24706
2022-11-01 12:26:49 -05:00
f61136dd6d
Fixed powershell taget
2022-11-01 10:55:50 -05:00
757c0da639
Review updates
...
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com >
2022-11-01 10:55:20 -05:00
b31c0f6987
Added check method, refactored, updated docs
2022-11-01 10:54:27 -05:00
a0babb354a
Apache CouchDB Erlang module initial commit
2022-11-01 10:54:19 -05:00
c4c2c7c0c1
Beta commit, injection working
2022-11-01 10:54:12 -05:00
45ddcf02c9
Remove unused mix in, add low bound to check
2022-11-01 10:42:43 -05:00
2ed8dbc08d
Rubocop
2022-11-01 10:42:43 -05:00
4587691d64
Fixed module to work over SSL
2022-11-01 10:42:42 -05:00
3b645ad9f4
Moved get variables from uri to vars_get
2022-11-01 10:42:42 -05:00
c810a1f5aa
Update modules/exploits/linux/http/webmin_file_manager_rce.rb
...
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2022-11-01 10:42:42 -05:00
Spencer McIntyre