005fbb17a1
Address PR #20768 review feedback
...
- Fix machineKey extraction regex to handle decryption attribute
- Replace Base64.strict_encode64 with Rex::Text.encode_base64
- Add READ_FILE and EXTRACT_MACHINEKEY actions
- Add PRODUCT option for CentreStack/Triofox support
- Use different storage endpoints per product type
- Update documentation with new options and actions
2026-02-04 08:38:35 +01:00
7776588577
Address PR #20768 review feedback
...
- gladinet.rb: Fix machineKey regex to match decryptionKey then validationKey explicitly
- gladinet.rb: Remove DEFAULT_WEB_CONFIG_PATH constant, inline in each module's datastore option
- gladinet_storage_access_ticket_forge.rb: Inline version check
- gladinet_storage_access_ticket_forge.rb: Inline FILEPATH default value (with C:\ for absolute path)
- gladinet_storage_lfi_cve_2025_11371.rb: Inline version check
- gladinet_storage_lfi_cve_2025_11371.rb: Inline valid_response? method (removed)
- gladinet_storage_lfi_cve_2025_11371.rb: Inline FILEPATH default value (without C:\, stripped by build_lfi_path)
- gladinet_storage_lfi_cve_2025_11371.rb: Use vars_get with encode_params instead of manual URL building
- gladinet_viewstate_deserialization: Remove nil fallback (mandatory option with default)
- gladinet_viewstate_deserialization: Remove DEFAULT_MACHINE_KEY constant, inline in datastore option
- gladinet_viewstate_deserialization: Remove duplicate detect_app_type/extract_build_version (already in shared lib)
Note: Suggestion to rename gladinet? to is_gladinet? was NOT applied.
msftidy enforces Naming/PredicatePrefix convention which requires predicate
methods to NOT have 'is_' prefix (gladinet? is correct, is_gladinet? is not).
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2026-02-04 08:38:35 +01:00
b1adc514d1
Apply suggestions
...
Co-authored-by: jheysel-r7 <jheysel-r7@users.noreply.github.com >
2026-02-04 08:38:35 +01:00
6d25006e8d
Update documentation/modules/auxiliary/gather/gladinet_storage_access_ticket_forge.md
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2026-02-04 08:38:33 +01:00
6773459759
Update documentation/modules/auxiliary/gather/gladinet_storage_access_ticket_forge.md
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2026-02-04 08:38:33 +01:00
628c5ee7af
Update Gladinet modules: fix AutoCheck in auxiliary modules and update documentation with real outputs
2026-02-04 08:38:32 +01:00
478345506e
Add Gladinet CentreStack/Triofox auxiliary modules and exploit
2026-02-04 08:38:31 +01:00
641ab527aa
Merge pull request #20857 from msutovsky-r7/exploit/freepbx/sql_to_rce_chain
...
Adds exploit module for FreePBX (CVE-2025-66039, CVE-2025-61675)
2026-01-28 20:03:17 -08:00
63a66ee162
Improved CVE version range info in description
2026-01-28 20:15:25 -07:00
be4a69ab1d
Merge pull request #20846 from msutovsky-r7/exploit/freepbx/injections_rce
...
Adds auxiliary module for FreePBX (CVE-2025-66039, CVE-2025-61675)
2026-01-28 06:39:47 -08:00
7d931c960c
Merge pull request #20858 from msutovsky-r7/exploit/freepbx/unrestricted_file_upload
...
Adds exploit module for FreePBX (CVE-2025-66039, CVE-2025-61678)
2026-01-28 06:23:43 -08:00
e6b97a79a4
Addresses comments
2026-01-28 11:33:54 +01:00
7e92ef4811
Addresses comments
2026-01-28 11:14:24 +01:00
f31776caf0
Merge pull request #20778 from h00die/ssh_keys
...
Update and combine ssh key persistence with mixin
2026-01-27 06:39:10 -08:00
c5ffa557a7
Adds UID in documentation
2026-01-26 13:44:09 +01:00
c0e9288ac5
Merge pull request #20799 from jheysel-r7/feat/cacti_graph_template_rce
...
Cacti Graph Template Authenticated RCE [CVE-2025-24367]
2026-01-22 14:26:38 -05:00
2e484d552e
Finishing touches
2026-01-22 15:03:31 +01:00
99e032f4af
SmarterTools SmarterMail Unauth File Upload RCE [CVE-2025-52691]
2026-01-22 15:03:30 +01:00
537a1c5395
Land #19821 , adds Burpsuite persistence module
...
Burp extension persistence
2026-01-22 11:03:08 +01:00
719874a7f4
Merge pull request #20750 from MatDupas/add-exploit-oracle-ebs-cve-2025-61882-module
...
Add exploit oracle ebs CVE 2025 61882 module
2026-01-21 16:08:09 -08:00
b6da204725
Apply suggestions from code review
...
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com >
2026-01-21 10:09:12 -08:00
99636be776
Updated mongobleed
2026-01-21 11:27:02 +01:00
c47a74d0dd
Merge pull request #20770 from vognik/Splunk_2022-43571_CVE-2024-36985
...
Add Splunk RCE Exploits (CVE-2022-43571 & CVE-2024-36985)
2026-01-20 12:36:51 -08:00
d2af23a4a6
Adds additional installation step
2026-01-19 11:25:39 +01:00
4e36ff99ac
Adds additional installation step
2026-01-19 11:24:45 +01:00
3672e2ba45
Adds additional installation step
2026-01-19 11:23:09 +01:00
54c6e18505
Update documentation/modules/exploit/multi/http/oracle_ebs_cve_2025_61882_exploit_rce.md
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2026-01-17 12:26:18 +01:00
7ccf574e99
burp extension all working
2026-01-16 08:44:27 -05:00
666c7ce362
Merge pull request #20865 from rajyavardhan01/docs/dect-scanner-documentation
...
Add documentation for auxiliary/scanner/dect modules
2026-01-16 00:00:22 +00:00
ade984aead
Merge pull request #20793 from Chocapikk/avideo-v2
...
Add AVideo notify.ffmpeg.json.php unauthenticated RCE exploit (CVE-2025-34433)
2026-01-15 17:36:07 -06:00
b466371b46
Update DECT reference link to archive.org (dedected.org is offline)
2026-01-15 14:13:00 -08:00
b01353cc07
Code cleanup, removes line from documentation
2026-01-15 15:26:30 +01:00
85221800a4
Removes line from documentation, code cleanup
2026-01-15 15:23:54 +01:00
c56f9d2ee2
Removes line from documentation
2026-01-15 15:20:44 +01:00
e114ecdfd5
Splitting the modules into separate PRs
2026-01-15 15:20:43 +01:00
5ee1a15b7d
Addressing comments
2026-01-15 15:20:43 +01:00
b4f4078956
Updates documentation
2026-01-15 15:20:42 +01:00
744b366c58
Msftidy documentation
2026-01-15 15:20:41 +01:00
8e8c61b9c1
Fixes typo in documentation
2026-01-15 15:20:41 +01:00
7bbf49112f
Updates documentation
2026-01-15 15:20:39 +01:00
de856db75a
Adds check methods, docs init
2026-01-15 15:20:38 +01:00
bb473b6019
Merge pull request #20797 from h00die/remove_persistence_exe
...
persistence modules cleanup
2026-01-14 14:43:33 -08:00
658c251b66
Merge pull request #20472 from jheysel-r7/feat/mod/badsuccessor
...
Add BadSuccessor dMSA Privilege Escalation in Windows 2025
2026-01-14 15:43:35 -05:00
c1023fd62a
Add BadSuccessor dMSA Privilege Escalation in Windows 2025
2026-01-14 12:34:45 -08:00
f4a195b88a
persistence modules cleanup
2026-01-14 13:49:29 -05:00
7b092aeedb
Land #20806 , adds module for unauthenticated command injection in Control Web Panel API (CVE-2025-67888)
...
Adds module for Control Web Panel API Command Injection (CVE-2025-67888)
2026-01-14 15:44:25 +01:00
e4f8d4fb13
Merge pull request #20706 from h00die/windows_wmi_persistence
...
Update windows wmi to persistence mixin
2026-01-14 09:37:20 -05:00
42b50b759f
Add documentation for auxiliary/scanner/dect modules
...
Add module documentation (KB articles) for the DECT scanner modules:
- station_scanner.md: Documents the DECT base station scanner
- call_scanner.md: Documents the DECT active call scanner
Both documents include hardware requirements (COM-ON-AIR cards),
verification steps, options descriptions, and usage scenarios.
2026-01-13 18:40:47 -08:00
b2abdb21de
Fix AVideo lab documentation: update file editing instructions
...
Updated the note to provide a working method to edit configuration.php. Users can enter the container shell or copy the file out for editing.
2026-01-14 00:35:39 +01:00
ae4babbcf1
Fix AVideo lab documentation: remove broken sed command
...
Removed the broken sed command that doesn't work correctly. Updated note to specify editing /var/www/html/AVideo/videos/configuration.php manually with an editor instead.
2026-01-14 00:34:35 +01:00
Valentin Lobstein