2cbd1a6be9
Land #14935 , add F5 iControl REST API SSRF RCE
2021-04-01 08:40:38 -05:00
9eacda5552
add wait time line to test output
2021-03-31 14:47:34 -05:00
69a0c9420b
Add module doc
2021-03-31 14:02:32 -05:00
9806026ab9
Update from code review
2021-03-31 17:48:35 +02:00
00698d20bf
Add waiting status message and update doc
2021-03-26 14:59:27 +01:00
b069fec866
Add module and doc for Saltstack Salt API wheel_async RCE
2021-03-26 13:54:06 +01:00
fb7a97077f
Land #14875,CVE-2021-21978 - VMWare View Planner Harness 4.6.x < 4.6 Security Patch 1 Arbitrary File Upload RCE
...
Merge branch 'land-14875' into upstream-master
2021-03-18 12:06:12 -05:00
b1c3c49eb5
Land #14757 , nagios_xi_magpie_debug: add writable paths, improvements, cleanup, fixes
2021-03-16 17:43:43 -05:00
e30d8db082
nagios_xi_magpie_debug: add writable paths, improvements, cleanup, fixes
...
Resolve Rubocop violations
Fix off-by-one in array index triggered when no file upload succeeds
Fix cleanup: ensure files are removed when upload succeeds but execution fails
Add AutoCheck
Add module notes
Add error handling and associated operator feedback
Add additional writable paths required for some old Nagios versions
Add fallback to session as `apache` if privlege escalation fails
Update documentation in line with above changes and fix software download links
2021-03-16 07:13:55 +00:00
4f2e299d8f
Update the exploit to use Python as its payload since this is a lot more flexible, allows Meterpreter, returns a shell faster, and we are already injecting into and executing a Python file
2021-03-14 00:00:06 -06:00
c2c5db95d8
Add in documentation and fix some mistakes in the description of the module
2021-03-14 00:00:05 -06:00
d580e7d122
Fix some documentation, remove unnecessary code and fix a filename typo
2021-03-11 12:09:29 -06:00
8d2e644f4f
Add a new Java Deserialization mixin and use it to set the shell
2021-03-11 12:09:29 -06:00
edea755096
Land #14740 , CVE-2021-3156 Sudo LPE (AKA: Baron Samedit) Improvements
2021-02-22 17:48:33 +00:00
bdc2041c83
Add Klog Server authenticate.php user Unauthenticated Command Injection
2021-02-12 17:07:52 +00:00
cb8cd89a90
Update the module docs for cve-2021-3156
2021-02-11 11:57:05 -05:00
7281d00938
Implement feedback from PR review
2021-02-04 09:25:40 -05:00
c33c08bae9
Add a check method using the version information
2021-02-03 18:16:13 -05:00
c590d7b1bb
Add module docs and be more permissive with Length formatting
2021-02-03 18:16:13 -05:00
00cbc33ebb
Add module doc
2021-01-22 01:06:14 -06:00
9b8b4621df
Land #14368 , Pulse Connect Secure gzip RCE: cve-2020-8260
2020-12-17 17:43:55 -05:00
d208e441ba
Update the documentation
2020-12-07 10:54:20 -05:00
6cdb484d7c
Add Aerospike Database UDF Lua Code Execution exploit
2020-12-05 14:15:22 +00:00
a99ce581dd
Update TP-Link AC1750 Pwn2Own 2019 module
2020-11-26 12:56:02 +00:00
f73a88a39c
Land #14396 , hadoop_unauth_exec clarification
2020-11-16 12:44:13 -06:00
0feff932f2
Change docs to reflect the truth of the "vuln"
2020-11-16 11:38:00 -06:00
fcb507e412
Fix AutoCheck
...
I'm a big dummy.
2020-11-11 15:57:38 -06:00
04bcbd0253
Update module doc
2020-11-11 15:57:29 -06:00
42bdae919b
Add SaltStack Salt REST API RCE (CVE-2020-16846)
...
Leveraging CVE-2020-25592.
2020-11-11 13:09:26 -06:00
da70b74954
fix version numbers
2020-11-08 22:38:53 -05:00
3c4962e9b0
working and clean
2020-11-08 22:31:26 -05:00
23c6c415eb
Added python alternative and check function
2020-10-09 03:58:55 -04:00
38fb644169
Architecture updates; base64 password; compliance
2020-09-25 23:58:48 -04:00
17483f838e
Bug fixes per requests
2020-09-25 00:01:52 -04:00
49a5dfc139
Spelling and grammer fixes
2020-09-24 03:29:07 -04:00
35dd9cb517
Add Login to User with Su on Linux / Unix Systems
2020-09-24 02:36:26 -04:00
2d1b378a18
Land #14122 , Jenkins Deserialization RCE (CVE-2017-1000353)
2020-09-22 12:32:09 +02:00
2ae50e9304
Land #14025 , add Artica Proxy auth bypass / rce
2020-09-21 15:27:53 -05:00
ee77cc8e78
Land #14123 , vyos restricted shell escape and priv escalation
2020-09-19 09:13:38 -04:00
6208f8795a
vyos_restricted_shell_privesc: support login as admin user
2020-09-18 15:49:25 +00:00
74669f4052
Land #14135 , add tp-link command injection
2020-09-18 09:47:02 -05:00
f4bfad0439
msftidy_docs changes
2020-09-18 09:42:14 -05:00
5f204257a5
Remove unnecessary comma, fix docs
2020-09-18 10:15:23 -04:00
d3f68d0fe4
Fix double shell issue
2020-09-18 09:23:02 -04:00
510d119579
add steps for producing serialized object
2020-09-17 13:58:48 -05:00
f5f010a1b0
Update documentation/modules/exploit/linux/http/jenkins_cli_deserialization.md
...
Co-authored-by: cdelafuente-r7 <56716719+cdelafuente-r7@users.noreply.github.com >
2020-09-17 09:11:43 -05:00
072f35c270
-Updated module to work using CmdStager
...
-Updated documentation accordingly
-Removed unnecessary includes and simplified code
2020-09-16 19:51:15 -04:00
0f0d6a233b
Land #14074 , add Mida eFramework command injection
2020-09-16 10:24:51 -05:00
b0f329a238
Update documentation/modules/exploit/linux/http/tp_link_ncxxx_bonjour_command_injection.md
...
improved documentation
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2020-09-15 21:00:06 +02:00
a987065eae
Update documentation/modules/exploit/linux/http/tp_link_ncxxx_bonjour_command_injection.md
...
improved documentation
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2020-09-15 20:59:31 +02:00
Shelby Pace