40ef9d496a
add docs for wd_mycloud_unauthenticated_cmd_injection
2023-07-28 10:16:50 +03:00
c7f8ce5acd
Land #18199 , VMWare vRealize Network Insight pre-authenticated RCE CVE-2023-20887
2023-07-25 17:45:30 +02:00
52b417b1af
Update documentation/modules/exploit/multi/http/wp_plugin_fma_shortcode_unauth_rce.md
2023-07-25 14:06:45 +01:00
c1d84e950c
Update based on bwatters-r7 comments
2023-07-25 14:06:44 +01:00
a3daab88e6
Added documentation and updated exploitable plugins list
2023-07-25 14:06:42 +01:00
586971c1fd
Fix incomplete copy pasta in docs
2023-07-21 14:38:07 -04:00
ee26e7f926
Rubocop fixes
2023-07-20 16:40:28 -04:00
421b06119f
Update docs
2023-07-20 14:55:27 -04:00
d03157fcc1
Installation instructions
2023-07-19 14:23:17 -04:00
530934f78a
review comments
2023-07-19 11:42:47 -04:00
297c484a1c
Land #18173 , Add Openfire Authentication Bypass RCE [CVE-2023-32315]
...
Merge branch 'land-18173' into upstream-master
2023-07-18 18:13:20 -05:00
10c1b79c37
Land #17861 , pfSense Config Data RCE as root
...
This module exploits a vulnerability in pfSense version
2.6.0 and below which allows for authenticated users to
execute arbitrary operating systems commands as root.
2023-07-12 14:32:06 -04:00
34f25fbb65
pfSense Config Data Remote Command Execution as root (CVE-2023-27253) Module
2023-07-12 13:27:02 -04:00
a3ea55f2a6
added documentation
2023-07-08 12:30:54 +00:00
1706812099
Implemented requested changes
...
* Small fixes in Description - removed backticks
* Implemented Windows Command target
* Removed PowerShell Stager, in Targets and in exploit method
* Implemented Rex::Socket::Tcp in place of TCPSocket
* Updated TARGET section in documentation
* Added TARGET 0 - Windows Command scenario
* Removed PowerShell Stager scenario
* Replaced 'Using configured payload' lines to use Windows Command payload
for the 2nd, 3rd, and 4th scenarios. Did not rerun the scenarios, however
2023-07-07 04:14:20 -04:00
24ef4e1b90
Update documentation/modules/exploit/windows/http/smartermail_rce.md
...
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com >
2023-07-06 18:49:49 +03:00
ad0d3e79a9
SmarterMail RCE module and documentation
2023-07-06 08:00:28 -04:00
f1b5cd46f4
Apache RocketMQ update config RCE
2023-07-05 12:38:51 -04:00
bf1e6bddd1
Land #18134 , Add exploit for CVE-2023-25194
...
This exploits a Java deserialization vulnerbility
in Apache Druid which arises from a JNDI injection
within Apache Kafka clients.
2023-06-23 16:52:04 -04:00
b026b38851
Apply suggestions from code review
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2023-06-23 09:36:50 +02:00
b5e028b47c
Land #18100 , Add MOVEit CVE-2023-34362
2023-06-22 14:23:44 -04:00
dfd450561e
Tweak some messages and cleanup markdown table
2023-06-22 14:23:25 -04:00
77bb6759a6
Review suggestions
2023-06-22 18:12:13 +02:00
5f667e1d79
Address code review
2023-06-22 10:22:43 -05:00
e298788a28
Land #18049 , Update jenkins login scanner to work with newer versions
2023-06-22 14:04:24 +01:00
e2fc3c5eff
Fixed documentation offenses
2023-06-22 14:48:16 +02:00
a8332e6064
Added exploit for CVE-2023-25194
2023-06-22 14:17:32 +02:00
2adea08f67
Add documentation & code cleanup
2023-06-21 15:41:50 -05:00
0609d246f3
adds more future proofing to implementation
2023-06-21 14:19:24 +01:00
7af22bfd41
Land #18077 , add Symmetricom unauth cmd injection
2023-06-13 17:07:16 -05:00
0d85c9e380
add module documentation
2023-06-13 13:14:51 -05:00
4479d94658
Updates based on review comments from space-r7 and jvoisin
2023-06-12 19:28:08 +00:00
7cd3854208
Removed Webshell upload and updated documentation
2023-06-12 13:58:59 +00:00
db8a49cc99
Updated documentation
2023-06-10 12:14:05 +00:00
417c9fa591
init commit module and documentation
2023-06-10 09:42:32 +00:00
c9af514be4
Land #18063 , add TerraMaster webshell upload
2023-06-09 17:55:32 -05:00
4c817ce1de
Land #17946 , CVE-2023-21839 - Oracle Weblogic RCE
...
CVE-2023-21839 - Oracle Weblogic PreAuth Remote Command Execution via ForeignOpaqueReference IIOP Deserialization
2023-06-09 14:55:43 -04:00
c8609d7983
Land #18070 , add TerraMaster chained exp module
2023-06-09 12:29:47 -05:00
27f5a789c9
rework the exploit to use the new MIPS64 fetch payload adapters. Removed the seperate command and dropper targets in favor of a single default target which can do both thanks to fetch payloads. Removed the redundant IO select() call which was bad copy pasta on my part.
2023-06-09 09:47:57 +01:00
a1528556e0
Merge branch 'rapid7:master' into CVE-2023-28771
2023-06-09 09:42:19 +01:00
a1e930397a
Land #18072 , Add CVE-2023-1133 - .NET Deserialization exploit for Delta Electronics InfraSuite Device Master
2023-06-08 08:42:07 -05:00
0bcd930f61
Updated NAS model and version check
2023-06-08 09:12:45 +00:00
b3b0cb4ccf
Updates based on space-r7 comments
2023-06-08 07:39:44 +00:00
74dd134783
add options in scenarios output
2023-06-07 17:15:28 -05:00
4465582fee
Add in link to archived version of the installer
2023-06-07 16:51:01 -05:00
2738906f87
Update documentation/modules/exploit/windows/misc/delta_electronics_infrasuite_deserialization.md
...
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com >
2023-06-07 16:41:44 -05:00
54649fb856
Update documentation/modules/exploit/windows/misc/delta_electronics_infrasuite_deserialization.md
...
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com >
2023-06-07 16:41:37 -05:00
4377ff037a
Update documentation/modules/exploit/windows/misc/delta_electronics_infrasuite_deserialization.md
...
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com >
2023-06-07 16:41:28 -05:00
60c642bcd0
Update documentation/modules/exploit/windows/misc/delta_electronics_infrasuite_deserialization.md
...
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com >
2023-06-07 16:41:19 -05:00
82c8b5418e
Land #17936 , PaperCutNG Authentication Bypass with RCE
2023-06-07 15:05:51 +02:00
ErikWynter