c42e44e349
Optimize FreePBX module: cache auth/version, reduce verbosity, inline single-use functions
2026-03-11 19:43:29 +01:00
c266e687c2
Add authenticated RCE module for FreePBX filestore (CVE-2025-64328)
2026-03-11 19:43:28 +01:00
31665e1b88
Land #20730 , Allow toggling the SACL in LDAP queries
...
# Release Notes
This update modifies the ldap_query module to skip querying the SACL (System Access Control List) on security descriptors by default. This behavior is now controlled by a new option, LDAP::QuerySacl. This change is necessary when using a non-privileged user to query security descriptors via LDAP; otherwise, querying the SACL will cause the entire query to be blocked, resulting in no security descriptors being returned.
2026-03-11 16:36:35 +01:00
e6ee6a7c94
Land #20961 , adds service reporting to Wordpress mixin
...
Update Wordpress Mixin to log services
2026-03-10 09:05:05 +01:00
c6aabc1c75
Land #21001 , adds module for SPIP Saisies plugin (CVE-2025-71243)
...
Add SPIP Saisies plugin RCE module (CVE-2025-71243)
2026-03-09 10:34:52 +01:00
628275ef59
Revert "This adjusts module options that need a routable address"
2026-03-08 17:37:49 +00:00
821e3c28f1
Replace old patterns with srvhost_addr
2026-03-03 09:37:27 -05:00
3f2a07bdca
Update #make_steal_credentials_payload to just take url
2026-03-03 09:37:27 -05:00
1b528c78f0
Swap usages to #bindhost and #srvhost_addr
2026-03-03 09:37:26 -05:00
18bdbfa402
Update instances of #backend_url to use #get_uri
2026-03-03 09:37:26 -05:00
83a82ed043
Remove the extra argument
2026-03-03 09:37:26 -05:00
9df6879a95
Update modules to use srvhost method
2026-03-03 09:37:25 -05:00
a0fb02bd45
Default the address in the SMB share mixin
2026-03-03 09:34:49 -05:00
92e77de800
Update to use OptAddressRourtable for SRVHOST
2026-03-03 09:34:48 -05:00
ccc8367db5
Working Kerberoast and AS-REP modules with LDAP sessions
2026-03-02 15:33:36 +00:00
6a20b24d9c
Land #20740 , Separate SSL and SRVSSL options for client and server connections
2026-02-26 18:11:02 +01:00
44806b805f
Fix: Add http_server_ssl alias to resolve HttpClient/HttpServer mixin conflict
2026-02-26 17:23:39 +01:00
f2856c28b3
Update lib/msf/core/exploit/remote/socket_server.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2026-02-26 17:21:17 +01:00
3720803cdc
Update lib/msf/core/exploit/remote/http_server.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2026-02-26 17:21:03 +01:00
a26036ca7b
Update lib/msf/core/exploit/remote/http_server.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2026-02-26 17:20:37 +01:00
7e937b3d5a
Land #21010 , adds reporting the service to Gitlab mixin
...
Update Gitlab mixin logs
2026-02-26 16:14:35 +01:00
0e60332411
Minor code changes
2026-02-25 14:46:34 +01:00
98b3357e2a
Adds beyondtrust lib, moves functionality into library, shares those functions to two modules
2026-02-24 16:16:05 +01:00
ae24f73a73
more simplification for gitlab_version function
2026-02-24 02:42:10 +02:00
8df17c6c50
Simplifying version handling in GitLab exploit module
2026-02-24 02:26:14 +02:00
dd6a2f97e9
Apply suggestion from @msutovsky-r7
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2026-02-24 02:19:32 +02:00
b227635c7b
Fix service name reporting for WordPress exploit
2026-02-23 13:31:32 +01:00
9aa58fcb52
Refactor WordPress service reporting
2026-02-23 13:31:32 +01:00
d069cba900
Update Wordpress Mixin to log services
2026-02-23 13:31:32 +01:00
a8dcc9616c
update gitlab mixin logs
2026-02-23 05:40:59 +02:00
a8f66a23d9
Feat: Add SPIP Saisies plugin RCE module (CVE-2025-71243)
2026-02-21 09:32:53 +01:00
fc9b342a2f
Fix: Separate SSL and SRVSSL using datastore fallback for backwards compatibility
...
Add SRVSSL option with fallbacks: ['SSL'] so modules that use both
HttpClient and HttpServer can control server SSL independently from
client SSL. Old scripts that set SSL continue to work via the fallback.
2026-02-21 08:46:57 +01:00
ea51c45bf5
Land #20859 , breaks up utils/exe.rb into separated files
...
utils/exe.rb break-up
2026-02-20 12:41:15 +01:00
81e54d42e4
Merge pull request #20856 from msutovsky-r7/exploit/cve-2026-21858
...
Adds module for Ni8mare (CVE-2026-21858)
2026-02-16 10:06:14 -05:00
7e03a89304
Land #20798 , adds module for FreeBSD rtsold/rtsol command injection (CVE-2025-14558)
...
Add module for rtsold/rtsol DNSSL Command Injection (CVE-2025-14558)
2026-02-13 10:57:03 +01:00
4adf87ac18
Merge pull request #20929 from jheysel-r7/feat/mod/cve-2026-24061
...
GNU Inetutils Telnet Auth Bypass (CVE-2026-24061)
2026-02-11 11:12:29 -08:00
9512135c84
Merge branch 'master' into rtsold_dnssl_cmdinject
2026-02-10 16:19:53 -05:00
53b4f2921d
chore: lint
2026-02-10 14:58:33 -05:00
b59dfdf352
Refactor rtsold: move RA methods to ipv6.rb
...
. Move packet building to library, fix link-local address usage, and add CheckCode message.
2026-02-10 14:41:12 -05:00
fc0257bcad
Adds default fmt argument to to_executable in msf/core/exploit/exe, comments refactor, adds to_win32pe_dll
2026-02-10 11:52:43 +01:00
c02ac3920d
Reapply "Vulnerability Report Enhancement"
...
This reverts commit c35537252f
2026-02-10 09:46:37 +00:00
db064a4f49
Merge pull request #20895 from rudraditya21/fixed/ldap-entry-cache-misses
...
added: negative caching for LDAP lookup misses
2026-02-06 13:15:57 +00:00
0a5eb04be1
Removes puts
2026-02-04 11:59:41 -05:00
6a1babf6c3
Updates docs, fixes JWT, module cleanup
2026-02-04 12:40:41 +01:00
dbe8b5574f
Updates JWT
2026-02-04 07:52:21 +01:00
366bc5335b
updated: ldap_entry_cache var with max_size argument
2026-02-04 11:22:36 +05:30
a868bc95b2
GNU Inetutils Telnet Auth Bypass
2026-02-03 17:45:59 -08:00
5ae18d1307
Allow toggling the SACL in queries
2026-02-03 17:31:03 -05:00
9a18fcf49b
Fixes JWT payload and base64 encoding
2026-02-02 14:13:51 +01:00
a6e750518d
Fixes basic JWT encoding, code refactors, add better failure codes and messages
2026-02-02 11:17:26 +01:00
Valentin Lobstein