d810267f8d
Pull in Dean's changes from #17443 to fix LDAP failure references.
2023-01-17 16:31:08 -06:00
e03fd42a29
Update to fix some warnings in YARD, fix review comments, and also replace @see with proper links for easier navigation
2023-01-05 17:44:24 -06:00
e218210feb
Update ldap_connect documentation to set Object as the return type
2023-01-05 10:51:18 -06:00
c71ba23a10
Fix up incorrectly indented documentation, remove excess lines, and add in correct type return information from debugging sessions
2023-01-04 11:09:23 -06:00
bfb80db9db
Add in missing YARD documentation for lib/msf/core/exploit/remote/ldap.rb
2022-12-30 16:07:08 -06:00
431804ef15
Fix typos: Replace 'the the' with 'the'
2022-12-04 17:41:24 +11:00
d3057f15b2
Land #17275 , Add Exploit For CVE-2022-41082 (ProxyNotShell)
2022-11-30 18:16:19 +01:00
f24df8a051
Change an exception class and drop DOMAIN passing
2022-11-28 10:06:14 -05:00
009c6c5350
Add the MaxBackendRetries datastore option
2022-11-28 09:45:04 -05:00
3805a79079
Add support for Exchange Data Access Group (DAG)
...
This updates the HttpSsrf class to retry requests to the Powershell
backend when they fail because they were routed to a new server. Now
when the transport is initialized, it will store the backend used by the
first successful request.
2022-11-23 15:37:58 -05:00
29d57dde66
Consolidate into ProxyMaybeShell
2022-11-18 17:01:01 -05:00
d1a7170020
Land #17021 , Gitea Git fetch RCE module - CVE-2022-30781
2022-11-17 12:28:29 +01:00
645a1c25a3
Update method documentation and indentation
2022-11-09 16:27:31 +07:00
13bb31feeb
Update module
...
- move repository migration to execute_command.
NOTE: the stageless payload is still unsuccessfull but keep this anyway for christophe to review.
2022-11-09 04:52:18 +07:00
a50cca27e6
remove cookie_jar manipulation
2022-11-09 00:48:23 +07:00
52d867bbc7
follow Ruby coding convetions
...
- combine gitea_version into get_gitea_version for the check method
- validate empty username
2022-11-09 00:41:30 +07:00
c980f4f9ee
add more custom error exception
2022-11-09 00:27:12 +07:00
540984804d
Apply suggestions from code review
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2022-11-08 14:09:31 +07:00
c1d092b70d
Minor tweaks
...
Filter out enrollable certs by default and print the warning higher. Add
periods to all messages for consistency. Drop the message from
vprint_good to vprint_status when the query works.
2022-11-07 10:37:12 -05:00
79ac775443
Perform updates from code review.
2022-11-04 15:44:28 -05:00
8922e5b203
Add in first initial implementation of ESC module and updates to associated libraries.
2022-11-04 15:43:34 -05:00
45ddcf02c9
Remove unused mix in, add low bound to check
2022-11-01 10:42:43 -05:00
af9175325b
Update lib/msf/core/exploit/remote/http/webmin/login.rb
...
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2022-11-01 10:42:42 -05:00
ad5b03ed96
Finished TODOs and added docs
2022-11-01 10:40:00 -05:00
fa7d677d45
Consolidate and improve LDAP error handling
2022-10-31 10:56:17 -04:00
1e50ba3415
Move to Hashes module, address requested changes
...
Fix rubocop
Move identify to hashes module up one layer, use full reference to identify_hash instead of full include
Fix SMTP require
Remove hashes require statement
Remove hashes require statement
Remove hashes require statement
Remove hashes require statement
Address remaining requested changes, reference constants directly
Add all the missing direct references
Co-Authored-By: Jeffrey Martin <jeffrey_martin@rapid7.com >
2022-10-17 17:28:31 -04:00
06aefb630a
string true to bool true
2022-10-03 19:50:04 -04:00
aa0dc86bd8
get csrf from the html body instead
2022-10-01 19:59:23 +07:00
02b5f8678c
add repository error class
2022-10-01 17:43:42 +07:00
e9d8068078
update and tidy the lib comments
2022-10-01 16:22:21 +07:00
cc2db82886
add repository create and migrate helpers
2022-10-01 01:13:28 +07:00
29944a0a1b
add repository create and migrate url
2022-10-01 01:12:54 +07:00
c5d3867980
add migration error class
2022-10-01 01:11:58 +07:00
88e4261a88
Add common lib for Gitea repository
2022-10-01 01:10:55 +07:00
cbff63958c
Move version check and login to common library
2022-09-30 22:09:01 +07:00
3a281234df
Add feature flagged datastore rewrite, with support for option fallback lookups
2022-09-16 12:59:02 +01:00
c45262cd46
Land #16800 , Add support for OpenSSL 3
2022-08-05 14:20:51 -05:00
9c6a198453
Land #16796 , Path traversal vulnerability in RARLAB UnRAR < 6.12 with Zimbra RCE module
2022-08-04 19:44:57 +02:00
a314423e81
Some changes requested by @cdelafuente-r7
2022-08-03 14:51:51 -07:00
f65119b353
Support OpenSSL3 and run Ubuntu 22.04 in test matrix
2022-08-03 15:49:53 +01:00
c66f98bae6
Make lint happy
2022-08-01 10:03:35 -07:00
e7edafbcfb
Throw errors in the rar-generator library rather than returning nil
2022-08-01 09:54:31 -07:00
d36bee8755
A few simple feedback changes
2022-07-29 10:48:07 -07:00
f279e8d6ca
Split the CVE-2022-30333 unrar module into two different modules with a shared mixin to generate the file
2022-07-27 12:45:47 -07:00
f9a951d034
Land #16737 , Remove initial code duplication between mssql clients
2022-07-20 19:44:25 +02:00
1dcfc3406a
Add Rex::Exploitation::CmdStagerFtpHttp to Msf::Exploit::CmdStager
2022-07-16 18:10:28 +10:00
39f288bfe3
Rex::Proto::Http: Add evasion options to shuffle GET / POST parameters
2022-07-11 01:37:41 +10:00
5bc618e642
Remove initial code duplication between mssql clients
2022-07-01 14:26:04 +01:00
66009ca5e5
Exploit::CmdStager: Expose CMDSTAGER::URIPATH option for HTTP stagers
2022-06-25 23:49:47 +10:00
b10386ba08
Land #16650 , Add #read_from_file for MSSQL and PostgreSQL, fix the MySQL implementation
2022-06-17 14:58:22 -05:00
Spencer McIntyre