8cddffa3d1
Land #18700 , Add Kafka-ui Unauth RCE module
...
This PR adds an exploit module for CVE-2023-52251 which
is an unauthenticated rce vulnerability in Kafka's UI.
2024-02-16 15:38:52 -05:00
a1b0ff0fcf
Land #18681 , Update Apache Ofbiz w. Auth-Bypass
...
This PR updates the pre-existing apache_ofbiz_deserialization
module to include functionality that will bypass authentication by
using the newly discovered CVE-2023-51467.
2024-02-16 15:02:34 -05:00
d716e60cf2
added base64 encoder module of zerosteiner
2024-02-14 21:33:50 +00:00
996ca8a7c9
Update documentation/modules/exploit/linux/http/kafka_ui_unauth_rce_cve_2023_52251.md
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-02-14 20:57:46 +00:00
f75722ecf2
Small updates to module and documentation
2024-02-14 20:57:46 +00:00
eafdb8495b
Added documentation
2024-02-14 20:57:46 +00:00
747d328bcb
Land #18786 , Fix option collision in service_persistence
2024-02-14 17:25:15 +01:00
84278b8e0e
fix ofbiz auto detection
2024-02-06 16:45:02 -05:00
d546db6055
Land #18780 , runc cwd priv esc (docker) (cve-2024-21626)
2024-02-05 13:12:02 +01:00
29524fa7f8
Fix option collision in service_persistence
...
The option `SHELLPATH` collide with `cmd/unix/reverse_netcat`,
resulting in abnormal backdoors. This commit rename it to BACKDOOR_PATH
2024-02-03 23:18:45 +08:00
cf2f76e6a2
cve-2024-21626 review
2024-02-02 16:27:02 -05:00
85974d16c2
Land #18769 , Add Cacti RCE via SQLi Module
...
This exploit module leverages a SQLi (CVE-2023-49085) and
a LFI (CVE-2023-49084) vulnerability in Cacti versions prior
to 1.2.26 to achieve RCE
2024-02-02 11:46:10 -05:00
b91648f065
Fix typos
2024-02-02 11:45:51 +01:00
be2d2d61ca
Land #18762 , Add exploit module for CVE-2024-0204
...
This pull request adds an exploit module for CVE-2024-0204
in Fortra GoAnywhere MFT. GoAnywhere MFT versions 6.x from
6.0.1, and 7.x before 7.4.1 are vulnerable.
2024-02-01 22:36:32 -05:00
1c73cf938f
cve-2024-21626
2024-02-01 15:28:04 -05:00
f10619d870
Add module and documentation
2024-01-30 12:52:02 +01:00
577898d91b
Check the response when exploiting
2024-01-29 14:38:49 -05:00
c70092a2c7
bugfix a copy pasta whereby a path seperator was not being added as expected
2024-01-29 17:52:37 +00:00
08a19959fe
add an RCE exploit module for CVE-2024-0204 in Fortra GoAnywhere MFT
2024-01-29 17:17:45 +00:00
8a793dd1b0
Use the correct exploit and use sh instead of bash
2024-01-29 09:03:25 -05:00
9e41825e51
Finish up the exploit
...
Tested on Linux (versions 4.1.1, 4.3.0, and 4.4.0) and Windows (version
4.4.0).
2024-01-26 17:20:54 -05:00
fe84c0dff7
Land #18734 , Add exploit for CVE-2023-22527
...
This adds an exploit for CVE-2023-22527 which is an
unauthenticated RCE in Atlassian Confluence. The
vulnerability is due to an SSTI flaw that allows an
OGNL expression to be evaluated.
2024-01-25 14:15:10 -05:00
deabf9b1d8
Add module docs
2024-01-24 12:49:27 -05:00
c278ef9b73
Land #18648 , Add Module for GL.iNet products
...
This PR adds an exploit module for a number of
different GL.iNet network products. The module combines
an auth by-pass CVE-2023-50919 with an RCE CVE-2023-50445.
2024-01-23 14:57:29 -05:00
13d2968fad
Capitalize remaining references to Meterpreter
2024-01-23 13:11:03 -05:00
904e34434e
Land #18626 , SaltStack Minion Deployer
...
This PR adds an exploit module which allows for
a user who has compromised a host acting as a
SaltStack Master to deploy payloads to the Minions
attached to that Master.
2024-01-23 11:58:38 -05:00
46a0052286
Land #18568 , added exploit for CVE-2023-32781 - PRTG authenticated RCE
...
Merge branch 'land-18568' into upstream-master
2024-01-22 11:35:38 -06:00
06dcc82ced
Land #18630 , Add CVE-2023-50917: MajorDoMo RCE
...
Add CVE-2023-50917: MajorDoMo Command Injection Module
2024-01-19 17:10:40 -05:00
fadb0f45dd
Land #18708 , Ivanti Connect Secure RCE exploit module (CVE-2023-46805 and CVE-2024-21887)
...
Merge branch 'land-18708' into upstream-master
2024-01-19 15:47:43 -06:00
847a72c417
Land #18638 , add exploit for CVE-2022-42889 Apache Commons Text RCE
2024-01-19 13:02:53 +01:00
5ba4aba912
Update documentation/modules/exploit/linux/http/ivanti_connect_secure_rce_cve_2023_46805.md
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2024-01-18 09:18:28 +00:00
b8aa55c322
Land #18633 , WordPress Backup Migration Plugin PHP Filter Chain RCE (CVE-2023-6553)
2024-01-17 18:42:52 +01:00
a8d46b3e7a
Land #18627 , Ansible: post gather module, payload deployer, and file reader
2024-01-17 15:26:25 +01:00
2919b36f2b
add in docs
2024-01-17 10:25:04 +00:00
d7cf9155a6
ofbiz working for 18.12.09
2024-01-16 20:06:11 -05:00
e7f2abbf9e
Small typo update
2024-01-14 19:26:10 +00:00
225ef6847f
Add output from test run on windows target
2024-01-15 00:26:47 +05:30
6d8666e35b
Fixed spacing and removed unused method
2024-01-11 13:13:57 -05:00
cdc66dd91f
Last minute fix
2024-01-11 12:56:01 -05:00
5c7061cc0c
Remove OS dependant payload
2024-01-11 12:30:04 -05:00
e711c9ea43
ansible review
2024-01-10 17:16:57 -05:00
2cfcb74303
saltstack review
2024-01-10 17:09:02 -05:00
e9296d1add
saltstack review
2024-01-10 17:04:03 -05:00
6de51a5047
non-working module
2024-01-08 19:49:47 -05:00
077cad34ab
non-working module
2024-01-08 19:47:24 -05:00
85897a2596
update adding aarch64 architecture and some new targets
2024-01-06 17:26:38 +00:00
80e9f1b97d
saltstack salt-master review
2024-01-06 06:38:59 -05:00
98667edf76
Add suggested changes
2024-01-05 22:31:51 +05:30
2028fbd226
Land #18404 , Working Module for CVE-2023-38146
2024-01-04 12:20:26 -05:00
9bb7e0e379
small update to documentation
2024-01-04 14:04:34 +00:00
Jack Heysel