2f2fea7f6b
add CVE reference to Continuum exploit
2026-01-26 12:36:12 +01:00
c47a74d0dd
Merge pull request #20770 from vognik/Splunk_2022-43571_CVE-2024-36985
...
Add Splunk RCE Exploits (CVE-2022-43571 & CVE-2024-36985)
2026-01-20 12:36:51 -08:00
9e320dd168
add suggestions from @jheysel-r7
2026-01-19 18:45:01 -08:00
7b092aeedb
Land #20806 , adds module for unauthenticated command injection in Control Web Panel API (CVE-2025-67888)
...
Adds module for Control Web Panel API Command Injection (CVE-2025-67888)
2026-01-14 15:44:25 +01:00
2809ff8235
Fix archs
2026-01-13 14:24:04 +01:00
4678d82c6d
fix: architecture specification
2026-01-12 17:03:08 +01:00
19f5970c61
add udev mitre ref
2026-01-09 16:22:24 -05:00
52ad17690f
add arch to windows modules and triggered execution attck to most persistence
2026-01-09 16:21:07 -05:00
472016b753
Land #20796 , moves udev module into persistence category
...
update udev to persistence mixin
2026-01-09 16:14:08 +01:00
ae4a5ac986
Merge pull request #20786 from zeroSteiner/feat/lib/mod-merge-target-info
...
Merge target info into the module info
2026-01-08 18:01:14 -08:00
8bd24f4ecf
Fix:n- Use Rex::Stopwatch for time-based checkn- Change CheckCode::Appears to CheckCode::Vulnerable - Add cmd/base64 encoder in Payload hash for Unix Command target - Simplify execute_command by removing manual base64 encoding
2026-01-08 12:38:20 -05:00
c859f18557
fix: - Hardcode endpoint path in send_request_cgi - Use idiomatic Ruby single-line conditional - Remove unnecessary return keyword
2026-01-08 15:34:11 +01:00
2030d19438
Update modules/exploits/linux/http/prison_management_rce.rb
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2026-01-07 14:45:03 +02:00
2ef1b9fbae
Update modules/exploits/linux/http/prison_management_rce.rb
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2026-01-07 14:44:51 +02:00
a676b05928
Update modules/exploits/linux/http/prison_management_rce.rb
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2026-01-06 12:35:32 +02:00
236d94ee54
Update modules/exploits/linux/http/prison_management_rce.rb
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2026-01-06 12:35:17 +02:00
b35d74b305
Update modules/exploits/linux/http/prison_management_rce.rb
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2026-01-06 12:35:01 +02:00
982f5e0e28
control_web_panel_api_cmd_exec.rb aktualisieren
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2025-12-26 16:04:42 +01:00
0bfb77d74f
control_web_panel_api_cmd_exec.rb aktualisieren
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2025-12-26 16:04:12 +01:00
2448429502
Add Prison Management System 1.0 auth RCE (CVE-2024-48594)
2025-12-26 08:08:49 +02:00
5329e1472e
fix: PR and Lint
2025-12-24 06:39:13 -05:00
455275d087
add module for CVE-2025-67888
2025-12-23 19:21:34 -05:00
3ea866c41d
udev persistence
2025-12-21 07:50:48 -05:00
0c947d05ab
add in the AKB analysis
2025-12-19 15:38:43 +00:00
5c6c8a3956
better check result given we have the version string
2025-12-19 15:38:27 +00:00
a4dba96712
add in the HPE OneView exploit
2025-12-19 15:30:53 +00:00
cd8f1593e4
fix version check
2025-12-18 09:12:36 -08:00
8fdb4ab43a
add delay to sudobash drop file
2025-12-18 08:49:24 -08:00
602adeb4c5
Mass rubocop changes
2025-12-18 10:08:31 -05:00
d4b196b309
Update exploits to note target authors
...
Target authors were selected based on comments that indicated that the
author was only responsible for a set of descrete targets. Authors that
were noted as assisting with target testing, check module development,
etc. were left at the module level.
2025-12-17 17:30:16 -05:00
8945267db6
Remove redundant Platform and Arch definitions
2025-12-17 16:12:31 -05:00
2103e1b5f6
Fix a bug in the platform definition
2025-12-17 15:57:58 -05:00
055d243d05
add create_sudobash payload option
2025-12-13 12:00:08 -08:00
7149b9a960
randomize provider name in payload
2025-12-13 11:46:47 -08:00
ebd736272f
fix variables naming
2025-12-13 11:21:08 -08:00
4ff2f35154
fix credits
2025-12-12 20:59:29 -08:00
b35c8b3926
remove unused function calls
2025-12-12 20:31:14 -08:00
0f96f2f3fd
fix cve format in references
2025-12-12 13:45:52 -08:00
ee404d9453
add splunk modules (cve-2022-43571 and cve-2024-36985)
2025-12-12 13:16:57 -08:00
795c38c524
Combine the 7.x and 6.x targets together, as Linux payloads work on 7.x also, so this target is Unix and Linux. This leaves the 8.x target Unix only due to IMA appraisal.
2025-11-28 10:12:02 +00:00
014312873c
get both unix and linux payloads working on 6.x. Add a note to the docs about setting a gateway.
2025-11-27 20:28:44 +00:00
f5e8aa83be
add in exploit support for FortiWeb versions 6.x which are vulnerable, but no longer under support from the vendor.
2025-11-27 12:43:19 +00:00
e998b91aee
Merge pull request #20717 from sfewer-r7/fortiweb-exploit-rce
...
Add exploit module for Fortinet FortiWeb (CVE-2025-64446 + CVE-2025-58034)
2025-11-25 14:14:31 -06:00
1912fe2a95
Merge pull request #20702 from Zedeldi/igel-os-modules
...
IGEL OS modules
2025-11-25 13:59:44 -06:00
fa03ac8b66
on 7.4.8 the command nohup is not available. we must execute our payload in a new session, so we use a python stub to essentially call setsid. This has been tested to work on both 8.0.1 and 7.4.8. Teh payload cmd/unix/reverse_python isnot working as it previously was, so I am removing from the list of confirmed paylaods. The other two, cmd/unix/reverse_bash and cmd/unix/reverse_openssl work fine on both versions
2025-11-25 11:25:41 +00:00
8a054b74db
improve check logic to actualy parse JSON result for expected reply, tested against 8.0.1 and 7.4.8
2025-11-25 11:22:43 +00:00
d1fe17747c
Add check methods and update DisclosureDate
2025-11-24 17:12:56 +00:00
ffaf43af2f
Add writable? and file? checks to write_payload
2025-11-24 11:45:34 +00:00
0c4d1e70d1
Add support for ARCH_CMD payload
2025-11-24 11:16:22 +00:00
b8cefb1af9
add nohup when bootstraping the payload to avoid the scenario when the parent dies it tears down our payload child process
2025-11-21 15:54:41 +00:00
Arnout Engelen