7e23c34e6c
Apply fixes per code review
2023-01-17 12:44:22 -06:00
541dab9365
simplified messaging
2023-01-17 12:44:20 -06:00
77687bff3f
init module
2023-01-17 12:44:20 -06:00
3ddcf73c2b
Remove the QUICK option altogether
...
Use blocks to check whether each service is exploitable as they are
enumerated. With this change, it is the service and path enumeration
halts once an exploitable one is found that yields a session.
Also all files are registered for cleanup.
2023-01-13 17:06:42 -05:00
f98d1d838b
unquoted service path tweaks to check
2023-01-13 17:06:42 -05:00
90a12cf3b0
unquoted service path tweaks
2023-01-13 17:06:42 -05:00
a6ec7762ea
unquoted service path tweaks
2023-01-13 17:06:42 -05:00
c52eb09cbb
unquoted service path tweaks
2023-01-13 17:06:42 -05:00
98b3b29cc2
Land #17439 , Removing Rex::ConnectionError exception handler from module template
2023-01-05 14:24:58 -06:00
25f4c023b4
Removing Rex::ConnectionError exception handler
2023-01-05 20:26:11 +01:00
725f83601f
Land #17435 , Restore raw_send_recv for module using SMTP mixin
2023-01-05 11:29:53 -06:00
f39973de86
Fix up missing option in documentation and also add some additional validation on server response.
2023-01-04 17:02:05 -06:00
11b95b2094
added additional response check
2023-01-04 17:02:04 -06:00
c7b59b4815
updates based on gwillcox-r7 review comments
2023-01-04 17:02:04 -06:00
f9ecaa92ae
updated references section
2023-01-04 17:02:03 -06:00
4db15346e1
init commit module
2023-01-04 17:01:58 -06:00
6b5948a69d
restore raw_send_recv for module using SMTP mixin
...
changes in #16153 adjusted modules that were not utilizing
`Exploit::Remote::SMTPDeliver` in error restore calls to `raw_send_recv`
that is no longer shadowed by in `SMTPDeliver`.
2023-01-04 14:45:58 -06:00
20d70799a7
Land #17298 , Add opentsdb_yrange_cmd_injection module and docs
2022-12-23 13:38:58 +01:00
83b11a69a8
Make rubocop happy
2022-12-23 13:38:16 +01:00
7fa557805e
add final code review suggestions
2022-12-23 11:29:29 +02:00
63583af153
Land #17389 , Log4shell_header_injection bug fix
...
prevent .keys call on nil
2022-12-21 16:26:55 -05:00
3c219c8a77
prevent .keys call on nil in log4shell_header_injection
2022-12-15 12:51:30 +02:00
2a28af208d
Land #16992 , Syncovery For Linux - Auth. RCE (CVE-2022-36534)
2022-12-14 13:43:00 +01:00
1f1b04e009
finalization
2022-12-14 08:38:20 +01:00
0ae824e169
Update modules/exploits/unix/http/syncovery_linux_rce_2022_36534.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2022-12-14 08:07:55 +01:00
e16e689308
Update modules/exploits/unix/http/syncovery_linux_rce_2022_36534.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2022-12-14 08:07:45 +01:00
d6ba30adcf
Update modules/exploits/unix/http/syncovery_linux_rce_2022_36534.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2022-12-14 08:07:35 +01:00
911431c63b
Update modules/exploits/unix/http/syncovery_linux_rce_2022_36534.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2022-12-14 08:07:24 +01:00
d6a5590c06
Land #17265 , Add Exploit for CVE-2020-25736
2022-12-13 18:49:56 +01:00
0596620de7
Update modules/exploits/osx/local/acronis_trueimage_xpc_privesc.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2022-12-13 09:49:59 -06:00
f158cfaadd
Update modules/exploits/unix/http/syncovery_linux_rce_2022_36534.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2022-12-13 16:05:56 +01:00
c8e301224b
Update modules/exploits/unix/http/syncovery_linux_rce_2022_36534.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2022-12-13 16:05:45 +01:00
53cde6d2ef
Update modules/exploits/unix/http/syncovery_linux_rce_2022_36534.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2022-12-13 16:04:45 +01:00
d09aef7dc5
Land #17350 , Remove unnecesary sleep
...
Remove unnecesary sleep in several bypassuac modules
2022-12-12 17:45:10 -05:00
13a557013c
support 2021 version of software
...
specifically, the exploit will now search
for com.acronis.helpertool in addtion to the
2020 helper tool name. This also updates the
check() method to return CheckCode::Detected
for when we find the vulnerable service but
can't detect the build number
2022-12-12 15:53:35 -06:00
5a66666b4d
Fix check methods by using #present?
2022-12-12 16:53:34 -05:00
c1d090334c
apply suggestions
2022-12-09 09:31:20 +01:00
8d097e0fd0
Fixes bug in s4u_persistence module
2022-12-09 11:24:16 +11:00
c54109586c
Remove unnecesary sleep in several bypassuac modules
2022-12-09 11:09:19 +11:00
9c7355388c
add attackerkb link
2022-12-06 11:19:05 -06:00
e7e2849f6d
Land #17183 , Zimbra fixes
2022-12-06 15:38:37 +01:00
ddaf5a3f0d
Remove unecessary return statement
2022-12-06 15:07:28 +01:00
aaef7726db
Land #17330 , Fix enumerating emails via ProxyShell
2022-12-06 14:02:53 +01:00
54cd055276
Land #17286 , CVE-2021-22015 vCenter priv esc
...
Merge branch 'land-17286' into upstream-master
2022-12-05 09:31:01 -06:00
8e9e8468f2
Land #17338 , Lint modules
2022-12-05 13:17:40 +00:00
14d05c9c6c
Lint modules
2022-12-05 10:41:31 +00:00
c1ff9337c8
dnn_cookie_deserialization_rce: Remove empty 'Payload' Hash key
2022-12-04 17:50:24 +11:00
431804ef15
Fix typos: Replace 'the the' with 'the'
2022-12-04 17:41:24 +11:00
96da805014
Fix enumerating emails via ProxyShell
...
The ResolveNames endpoint used to gather emails addresses for targeting
only returns 100 at a time. This updates the module to check if the
search result contains all entries and when it does, it recurses into
itself with a refined search prefix. All results are returned to match
the original functionality instead of enumerating and halting once one
that's suitable for exploitation has been found.
2022-12-02 15:58:50 -05:00
04e5aa3033
apply suggestions
2022-12-02 16:05:01 +01:00
Grant Willcox