c3bd4792ec
rename SSLClientCert and SSLClientKey to ClientCert and ClientKey. This then matcheds up with ClientSerialNumber and ClientPlatform, which is clearer IMHO. Also, we explicitly create a Rex TCP socket, so these param names no longer collide with what a mixin would use
2024-11-15 09:44:50 +00:00
6eb15d5b66
add a helper method get_cert_subject_item
2024-11-15 09:42:59 +00:00
91587ce30b
this message can be on a single line
2024-11-15 09:42:06 +00:00
e89c27fa3b
fix some typos. Make msftidy happy. Add comments to the external references.
2024-11-15 08:54:32 +00:00
47f924bb8f
add in the initial work on the FortiManager exploit.
2024-11-14 18:53:12 +00:00
19e182ce65
Land #19557 , Add Palo Alto Expedition RCE (CVE-2024-5910 & CVE-2024-9464) Module
...
Palo Alto Expedition RCE (CVE-2024-5910 & CVE-2024-9464) Module
2024-11-12 16:42:06 -06:00
6f6f92823a
fixed typo
...
fixed typo
2024-11-12 15:15:15 +00:00
fb102ec409
Update modules/exploits/linux/http/paloalto_expedition_rce.rb
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2024-11-12 09:03:22 -06:00
03928a56bd
Add staging file delete and code cleanup
2024-11-11 14:42:19 -06:00
0308f46f74
Stage cmd payloads to a file before executing
2024-11-08 19:27:58 -06:00
661075a45c
handling additional case
...
handling additional case when autocheck is disabled and no credentials are provided
2024-10-22 03:42:39 +01:00
4d7d7f2c06
updated
...
using instance variables instead of updating the datastores
2024-10-21 22:07:43 +01:00
7028b807ed
linting
...
linting
2024-10-21 21:45:04 +01:00
b6d3a0ef36
safety flag
...
added a safety flag for the password reset in case no credentials are provided
2024-10-21 21:43:48 +01:00
202e5e55ac
Added exception handling
...
Added exception handling
2024-10-20 19:50:43 +01:00
59d026acd3
Land #19544 , Magento Arbitrary File Read (CVE-2024-34102) + PHP Buffer Overflow iconv() of GLIBC (CVE-2024-2961)
2024-10-18 14:39:54 +02:00
7b400f18fe
Fix metabase rce to support older versions
2024-10-17 10:10:50 +01:00
ee68e47521
Added http_server cleanup
2024-10-15 10:28:39 -07:00
7a89db5080
Updated print statements
2024-10-15 09:21:07 -07:00
3635dd1c23
Merge branch 'magento_xxe_to_rce'
2024-10-15 09:17:40 -07:00
3f6f060933
Updated check method
2024-10-15 09:17:02 -07:00
7929df2bfd
improved reliability
...
improved reliability
2024-10-15 06:26:46 +01:00
5716b6c799
linting
...
linting
2024-10-14 15:56:00 +01:00
ea74802a5a
cleanup
...
cleanup
2024-10-14 15:53:07 +01:00
bd7cd8b3ba
cleanup
...
cleanup
2024-10-14 15:36:45 +01:00
34538df83c
PoC and Documentation
...
PoC and Documentation
2024-10-14 05:09:29 +01:00
d28a098398
CVE-2024-9464
...
CVE-2024-9464
2024-10-11 19:31:56 +01:00
3be4eae2f5
Update modules/exploits/linux/http/magento_xxe_to_glibc_buf_overflow.rb
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2024-10-10 15:20:06 -04:00
44b33b8010
Fixed multiple sessions and instability
2024-10-10 11:36:16 -07:00
65936d181e
Update libc region on sucess print
2024-10-09 23:04:44 -07:00
dab5d66e37
Test and respond to comments
2024-10-09 22:52:55 -07:00
b72f70cbac
Apply suggestions from code review
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2024-10-10 00:40:54 -04:00
7a78c0d724
Updated authors
2024-10-09 13:14:09 -07:00
b94b2f3c72
Merge conflicts and rubocop
2024-10-09 12:59:59 -07:00
e8711c5b20
Magento XXE to GLIBC buffer overflow
2024-10-09 12:53:29 -07:00
9536eaae2d
Magento XXE to GLIBC buffer overflow
2024-10-09 12:36:53 -07:00
8d6972081f
Land #19480 update service_persistence for openrc
...
This updates exploits/linux/local/service_persistence.rb to work on systems that are running OpenRC
2024-10-02 17:48:18 -04:00
1cdaeac843
Land #19463 Add Acronis Cyber Default Password RCE
...
This adds an RCE module Acronis Cyber Infrastructure Default Password [CVE-2023-45249]
2024-10-02 16:02:50 -04:00
811678a793
Add openrc to exploits/linux/local/service_persistence.rb
...
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com >
2024-10-02 12:54:33 +02:00
c43a4f4b0b
Fixed cluster ID issue
2024-09-26 21:53:27 +00:00
dbc020a745
Merge pull request #19441 from Takahiro-Yoko/cve_2023_0386_priv_esc
...
Land #19441 , Add module: Linux Priv Esc (OverlayFS copying bug) CVE-2023-0386
2024-09-26 14:07:17 -05:00
6d541b625f
Remove unnecessary shell_path
2024-09-24 08:18:30 +09:00
130f146819
Apply suggestions from code review
...
Change to call setgid and setuid in the exploit before executing the payload
Co-authored-by: Brendan <bwatters@rapid7.com >
2024-09-24 08:06:26 +09:00
8e2dbbbd56
Land #19416 , Add Traccar RCE module
...
This module exploits two vulnerabilities in Traccar v5.1 - v5.12 to
obtain remote code execution: A path traversal vulnerability
CVE-2024-24809 and an unrestricted file upload vulnerability
CVE-2024-31214.
2024-09-23 15:25:02 -07:00
e0e7c67ff7
Remove jsessionid parsing now that keep_cookies is being used
2024-09-23 18:12:01 -04:00
8e62f22315
fifth release with the option to use your own SSH private key
2024-09-20 09:50:13 +00:00
8b197a60f9
fourth release addressing review comments of jheysel-r7
2024-09-19 20:54:55 +00:00
9971aed96f
third release addressing majority of the review comments
2024-09-17 19:23:38 +00:00
d7fa23f30f
Apply suggestions from code review
...
Co-authored-by: bcoles <bcoles@gmail.com >
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2024-09-17 19:00:48 +02:00
455c5b2391
second release module
2024-09-15 20:01:27 +00:00
sfewer-r7