a1630c0b81
Improve login summary for ldap schannel scanner
2025-08-11 16:47:02 +01:00
2734daec0f
Merge pull request #20459 from adfoster-r7/consolidate-pkcs12-cert-file-reads
...
Consolidate pkcs12 cert file reads
2025-08-11 15:53:38 +01:00
ced20bf15a
Consolidate pkcs12 cert file reads
2025-08-11 14:28:47 +01:00
e8b441a5d3
Land #20012 , MeterpreterOptions break-up and default extension loading removal
...
MeterpreterOptions break-up and default extension loading removal
2025-08-07 15:28:56 +02:00
9caa2be9a2
Land #20399 , adds module for Pandora ITSM authenticated RCE (CVE-2025-4653)
...
Pandora ITSM auth RCE [CVE-2025-4653]
2025-08-07 08:37:45 +02:00
b6dc0860e7
Merge pull request #20409 from sfewer-r7/sharepoint-hax
...
Exploit module for Microsoft SharePoint ToolPane Unauthenticated RCE (CVE-2025-53770 and CVE-2025-53771)
2025-08-06 14:24:28 -05:00
0a923a611d
reword the language around our usage of CVE-2025-53770 to make it clear that this module is leveraging the authentication bypass for both CVE-2025-49706 and CVE-2025-53771, and the unsafe deserialization for CVE-2025-49704.
2025-08-06 15:33:57 +01:00
70f2cbe055
simplified cleaning procedure
2025-08-06 08:22:06 +00:00
8914520139
Land #20418 , adds auto selection feature for password crackers
...
Adds auto selection of cracker for password crackers
2025-08-05 15:39:50 +02:00
c99702c8bf
Land #20446 , adds module for ICTBroadcast Unauthenticated RCE (CVE-2025-2611)
...
Add ICTBroadcast Unauthenticated Remote Code Execution (CVE-2025-2611)
2025-08-05 09:29:36 +02:00
a81884fb9e
Update metadata
2025-08-04 17:53:29 +02:00
2c9053c45e
Refactor fingerprint detection, cookie handling and per-cookie injection
...
- Centralize JS fingerprint checks in `check`
- Memoize `get_valid_cookies` correctly and reuse a single `cookie_jar`
- Update `inject_command` to test payload on each cookie separately
2025-08-04 17:49:34 +02:00
26099da7a2
Update modules/exploits/linux/http/ictbroadcast_unauth_cookie.rb
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2025-08-04 17:03:04 +02:00
46b3012cda
Update modules/exploits/linux/http/ictbroadcast_unauth_cookie.rb
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2025-08-04 17:02:47 +02:00
a6d86fbe59
Update modules/exploits/linux/http/ictbroadcast_unauth_cookie.rb
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2025-08-04 17:02:35 +02:00
6d60db195b
feat: bump metasploit_payloads-mettle gem to 1.0.45
2025-08-04 10:14:38 -04:00
5fd6184494
Land #20423 , adds malicious XDG Desktop fileformat module
...
Add Malicious XDG Desktop File module
2025-08-04 11:44:02 +02:00
a7ab23d083
Add Malicious XDG Desktop File module
2025-08-04 19:23:02 +10:00
da7ee9d9f8
Update modules/payloads/stages/php/meterpreter.rb
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2025-08-04 11:19:57 +02:00
50ef5edd90
Add Unauthenticated ICTBroadcast Remote Code Execution (CVE-2025-2611)
2025-08-02 19:46:14 +02:00
3e47e4a08b
Fixed "]}" -> "}]"
2025-08-02 14:18:28 +02:00
8d3a35f332
Fixing issue #20436
...
The module did not initialize the variable uri
2025-08-01 10:48:54 +01:00
540e8b91d0
Merge pull request #20433 from msutovsky-r7/module/fix/disclosure_date
...
Fixes disclosure date in exploit/linux/http/pandora_fms_auth_netflow_rce.rb
2025-07-31 12:01:01 +01:00
d2175c372f
Fixes disclosure date
2025-07-31 12:58:28 +02:00
333b5278ac
Land #20428 , fixes available payload space in exploits/windows/misc/achat_bof
...
Fix achat_bof by increasing the available payload space
2025-07-31 07:42:32 +02:00
ff724d0b5c
Deregister SMBUser
2025-07-30 15:28:56 -07:00
e88883c82b
ESC9, ESC10 ESC16 exploit support
2025-07-30 15:08:14 -07:00
3fb2477fbf
Increase payload space
2025-07-30 16:13:19 -04:00
13df676863
Update validate method fix failed test
2025-07-30 12:13:33 -07:00
8179de6cea
ESC9 ESC10 and ESC16 detection
2025-07-30 11:46:57 -07:00
1161954677
correcting a double assignment: tbl = tbl = cracker_results_table
2025-07-30 14:11:06 +02:00
18b611f199
correcting a double assignment: tbl = tbl = cracker_results_table
2025-07-30 14:10:49 +02:00
dc787b1947
correcting a double assignment: tbl = tbl = cracker_results_table
2025-07-30 14:10:31 +02:00
e44f54fda0
correcting a double assignment: tbl = tbl = cracker_results_table
2025-07-30 14:10:03 +02:00
2a70b78316
correcting a double assignment: tbl = tbl = cracker_results_table
2025-07-30 14:09:45 +02:00
6ccc49523c
correcting a double assignment: tbl = tbl = cracker_results_table
2025-07-30 14:09:13 +02:00
4b52708357
update module + documentation based on review comments
2025-07-30 11:39:20 +00:00
16a5fa2881
Fixing typos
2025-07-30 07:23:50 +02:00
d3f6faa99d
Adjust cracker modules
2025-07-29 17:07:03 +02:00
cf243b5d5c
Adds auto option support, updates crack_database.rb accordingly
2025-07-29 15:44:48 +02:00
f454954b0a
requested change resolved, PR #20418
2025-07-29 14:22:02 +02:00
9c03306100
requested change resolved, PR #20418
2025-07-29 14:21:46 +02:00
c38cc4444f
Update crack_osx.rb
2025-07-29 14:21:20 +02:00
99ac3691f6
requested change resolved, PR #20418
2025-07-29 14:21:00 +02:00
424e4fbd48
Update crack_databases.rb
2025-07-29 14:20:34 +02:00
87d7decdca
requested change resolved, PR #20418
2025-07-29 14:20:09 +02:00
541e8d6191
Update modules/auxiliary/scanner/http/wp_ultimate_member_sorting_sqli.rb
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2025-07-29 11:36:48 +02:00
e095c793c7
Fix get_nonce in auxiliary/scanner/http/wp_ultimate_member_sorting_sqli
2025-07-29 07:59:06 +02:00
eb8e7cec27
Merge pull request #20420 from dwelch-r7/rails-7.2-upgrade
...
Bump rails to 7.2
2025-07-28 15:59:31 +01:00
f4622d802e
Land #20406 , adds malicious Windows Script Host VBScript fileformat module
...
Add Malicious Windows Script Host VBScript (.vbs) File module
2025-07-28 13:58:07 +02:00
adfoster-r7