8cddffa3d1
Land #18700 , Add Kafka-ui Unauth RCE module
...
This PR adds an exploit module for CVE-2023-52251 which
is an unauthenticated rce vulnerability in Kafka's UI.
2024-02-16 15:38:52 -05:00
a1b0ff0fcf
Land #18681 , Update Apache Ofbiz w. Auth-Bypass
...
This PR updates the pre-existing apache_ofbiz_deserialization
module to include functionality that will bypass authentication by
using the newly discovered CVE-2023-51467.
2024-02-16 15:02:34 -05:00
e49c6a792a
Land #18770 , Extract SMB, PostgreSQL, MySQL and MSSQL optional sessions into their own mixins
2024-02-15 13:19:37 +00:00
d716e60cf2
added base64 encoder module of zerosteiner
2024-02-14 21:33:50 +00:00
f5c71d09c2
using data/kafka_ui_versions.json for the version check
2024-02-14 20:57:46 +00:00
8b70cefd83
Update modules/exploits/linux/http/kafka_ui_unauth_rce_cve_2023_52251.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-02-14 20:57:46 +00:00
f75722ecf2
Small updates to module and documentation
2024-02-14 20:57:46 +00:00
dde7e3c5d3
Small tweaks to verbose messages
2024-02-14 20:57:46 +00:00
d5f30befbb
Second release of module
2024-02-14 20:57:46 +00:00
3db32da70f
First release of module.
2024-02-14 20:57:45 +00:00
747d328bcb
Land #18786 , Fix option collision in service_persistence
2024-02-14 17:25:15 +01:00
fa5c4c0193
lowercase session types
2024-02-14 15:45:34 +00:00
587a8690a1
Use individual session mixins
2024-02-14 15:37:11 +00:00
30fc29e0f5
Use PostgreSQL session type for modules
2024-02-09 15:38:06 +00:00
84278b8e0e
fix ofbiz auto detection
2024-02-06 16:45:02 -05:00
29524fa7f8
Fix option collision in service_persistence
...
The option `SHELLPATH` collide with `cmd/unix/reverse_netcat`,
resulting in abnormal backdoors. This commit rename it to BACKDOOR_PATH
2024-02-03 23:18:45 +08:00
cf2f76e6a2
cve-2024-21626 review
2024-02-02 16:27:02 -05:00
1c73cf938f
cve-2024-21626
2024-02-01 15:28:04 -05:00
2efbf6e2f5
review comments
2024-01-29 17:21:06 -05:00
4c525dad66
Land #18648 , Add enhancement to Asan check method
...
Before this PR when running asan_suid_executable_priv_esc
if the user did not set the SUID_EXECUTABLE option the
module would fail with an undescriptive error message.
This PR removes the default value of an empty string from
SUID_EXECUTABLE so now if it's not set the user is informed.
2024-01-23 15:22:33 -05:00
c278ef9b73
Land #18648 , Add Module for GL.iNet products
...
This PR adds an exploit module for a number of
different GL.iNet network products. The module combines
an auth by-pass CVE-2023-50919 with an RCE CVE-2023-50445.
2024-01-23 14:57:29 -05:00
08f6da7b33
Removed default empty string for SUID_EXECUTABLE
2024-01-23 14:21:58 -05:00
13d2968fad
Capitalize remaining references to Meterpreter
2024-01-23 13:11:03 -05:00
904e34434e
Land #18626 , SaltStack Minion Deployer
...
This PR adds an exploit module which allows for
a user who has compromised a host acting as a
SaltStack Master to deploy payloads to the Minions
attached to that Master.
2024-01-23 11:58:38 -05:00
8d7907edee
Update based on @jheysel-r7 comments
2024-01-23 10:10:21 +00:00
7411dc1b1b
Land #17634 , Add additional reliability and stability notes to modules
2024-01-23 09:42:15 +00:00
953382731e
Land #18645 , improve glibc tunables exploit
...
This PR adds a way to get the Build ID from ld.so by
using the perf command. Before this the module depended
on file and readelf being installed to get the Build ID.
2024-01-22 22:00:28 -05:00
094d6ee36b
Add additional reliability and stability notes to modules
2024-01-22 23:29:57 +00:00
919c846064
Final small updates (removed UDP and corrected typo in release date
2024-01-20 11:27:10 +00:00
06dcc82ced
Land #18630 , Add CVE-2023-50917: MajorDoMo RCE
...
Add CVE-2023-50917: MajorDoMo Command Injection Module
2024-01-19 17:10:40 -05:00
fadb0f45dd
Land #18708 , Ivanti Connect Secure RCE exploit module (CVE-2023-46805 and CVE-2024-21887)
...
Merge branch 'land-18708' into upstream-master
2024-01-19 15:47:43 -06:00
de6ed9e1d6
use get_json_document instead of JSON.parse
2024-01-18 15:35:43 +00:00
4ff399844f
By replacing the trailing ';' with a '#' we comment out the remaining portion of the command string (Thank you @jvoisin). We must also include a space character for this to work as expected, doing so also removes the need to bootstrap the Linux payloads with a separate file.
2024-01-18 10:04:38 +00:00
c74fd86961
Update modules/exploits/linux/http/ivanti_connect_secure_rce_cve_2023_46805.rb
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2024-01-18 09:18:46 +00:00
3bb1d2bc02
Update modules/exploits/linux/http/ivanti_connect_secure_rce_cve_2023_46805.rb
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2024-01-18 09:18:35 +00:00
a8d46b3e7a
Land #18627 , Ansible: post gather module, payload deployer, and file reader
2024-01-17 15:26:25 +01:00
70ef0dcb0d
improve the check logic to fall through when the json doesnt have the key we expect it to have
2024-01-17 10:02:59 +00:00
518c1e5d3c
mention Pull Connect as well as the CVEs in the description
2024-01-17 10:02:11 +00:00
ad7e348eaa
remove a copy pasta link
2024-01-17 09:16:18 +00:00
d7cf9155a6
ofbiz working for 18.12.09
2024-01-16 20:06:11 -05:00
f9419c4839
seperate commands into an array instead of one bog long string
2024-01-16 17:19:13 +00:00
ea1dafa353
this is a slightly nicer way to write this
2024-01-16 17:08:09 +00:00
4060e069ed
first commit of the ICS exploit
2024-01-16 14:32:48 +00:00
56a9beb39d
ansible review
2024-01-15 17:18:49 -05:00
e7f2abbf9e
Small typo update
2024-01-14 19:26:10 +00:00
381b840f11
salt review
2024-01-10 17:19:58 -05:00
e711c9ea43
ansible review
2024-01-10 17:16:57 -05:00
e9296d1add
saltstack review
2024-01-10 17:04:03 -05:00
077cad34ab
non-working module
2024-01-08 19:47:24 -05:00
85897a2596
update adding aarch64 architecture and some new targets
2024-01-06 17:26:38 +00:00
Jack Heysel