2a28af208d
Land #16992 , Syncovery For Linux - Auth. RCE (CVE-2022-36534)
2022-12-14 13:43:00 +01:00
1f1b04e009
finalization
2022-12-14 08:38:20 +01:00
0ae824e169
Update modules/exploits/unix/http/syncovery_linux_rce_2022_36534.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2022-12-14 08:07:55 +01:00
e16e689308
Update modules/exploits/unix/http/syncovery_linux_rce_2022_36534.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2022-12-14 08:07:45 +01:00
d6ba30adcf
Update modules/exploits/unix/http/syncovery_linux_rce_2022_36534.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2022-12-14 08:07:35 +01:00
911431c63b
Update modules/exploits/unix/http/syncovery_linux_rce_2022_36534.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2022-12-14 08:07:24 +01:00
d6a5590c06
Land #17265 , Add Exploit for CVE-2020-25736
2022-12-13 18:49:56 +01:00
0596620de7
Update modules/exploits/osx/local/acronis_trueimage_xpc_privesc.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2022-12-13 09:49:59 -06:00
f158cfaadd
Update modules/exploits/unix/http/syncovery_linux_rce_2022_36534.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2022-12-13 16:05:56 +01:00
c8e301224b
Update modules/exploits/unix/http/syncovery_linux_rce_2022_36534.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2022-12-13 16:05:45 +01:00
53cde6d2ef
Update modules/exploits/unix/http/syncovery_linux_rce_2022_36534.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2022-12-13 16:04:45 +01:00
d09aef7dc5
Land #17350 , Remove unnecesary sleep
...
Remove unnecesary sleep in several bypassuac modules
2022-12-12 17:45:10 -05:00
13a557013c
support 2021 version of software
...
specifically, the exploit will now search
for com.acronis.helpertool in addtion to the
2020 helper tool name. This also updates the
check() method to return CheckCode::Detected
for when we find the vulnerable service but
can't detect the build number
2022-12-12 15:53:35 -06:00
5a66666b4d
Fix check methods by using #present?
2022-12-12 16:53:34 -05:00
c1d090334c
apply suggestions
2022-12-09 09:31:20 +01:00
8d097e0fd0
Fixes bug in s4u_persistence module
2022-12-09 11:24:16 +11:00
c54109586c
Remove unnecesary sleep in several bypassuac modules
2022-12-09 11:09:19 +11:00
9c7355388c
add attackerkb link
2022-12-06 11:19:05 -06:00
e7e2849f6d
Land #17183 , Zimbra fixes
2022-12-06 15:38:37 +01:00
ddaf5a3f0d
Remove unecessary return statement
2022-12-06 15:07:28 +01:00
aaef7726db
Land #17330 , Fix enumerating emails via ProxyShell
2022-12-06 14:02:53 +01:00
54cd055276
Land #17286 , CVE-2021-22015 vCenter priv esc
...
Merge branch 'land-17286' into upstream-master
2022-12-05 09:31:01 -06:00
8e9e8468f2
Land #17338 , Lint modules
2022-12-05 13:17:40 +00:00
14d05c9c6c
Lint modules
2022-12-05 10:41:31 +00:00
c1ff9337c8
dnn_cookie_deserialization_rce: Remove empty 'Payload' Hash key
2022-12-04 17:50:24 +11:00
431804ef15
Fix typos: Replace 'the the' with 'the'
2022-12-04 17:41:24 +11:00
96da805014
Fix enumerating emails via ProxyShell
...
The ResolveNames endpoint used to gather emails addresses for targeting
only returns 100 at a time. This updates the module to check if the
search result contains all entries and when it does, it recurses into
itself with a refined search prefix. All results are returned to match
the original functionality instead of enumerating and halting once one
that's suitable for exploitation has been found.
2022-12-02 15:58:50 -05:00
04e5aa3033
apply suggestions
2022-12-02 16:05:01 +01:00
4207449382
Land #17323 , fix enlightenment check method
2022-12-01 20:26:16 +00:00
867059efe5
add super to cleanup command
2022-12-01 14:55:43 -05:00
62b484fdc7
blank over empty
2022-12-01 14:34:09 -05:00
dcff4d37b6
Land #17163 , Pfsense PfBlockerNG RCE module check method improvement
...
Merge branch 'land-17163' into upstream-master
2022-12-01 09:25:18 -06:00
039b611fae
fix enlightenment check method
2022-11-30 17:06:50 -05:00
330cb2944b
fix typo
...
OptString.new('FILENAME', [true, 'The OpoenOffice Text document name', 'msf.odt']) -> OpoenOffice changed to OpenOffice
2022-11-30 22:10:18 +01:00
d3057f15b2
Land #17275 , Add Exploit For CVE-2022-41082 (ProxyNotShell)
2022-11-30 18:16:19 +01:00
8ea8e2410d
Land #17299 , Fixes #17227
...
Fixes #17227 - polkit_dbus_auth_bypass module when run from a command…
2022-11-28 16:22:52 -05:00
3462dc6bf4
Land #17087 , remote control collection rce
...
Merge branch 'land-17087' into upstream-master
2022-11-28 14:29:52 -06:00
264d45e04a
Appease rubocop
2022-11-28 10:16:55 -05:00
f24df8a051
Change an exception class and drop DOMAIN passing
2022-11-28 10:06:14 -05:00
25a0d0ff0e
Fixes #17227 - polkit_dbus_auth_bypass module when run from a command shell
2022-11-25 15:13:57 +11:00
6350daf2d8
Land #17273 , F5 exploit module CVE-2022-41800
...
F5 exploit module CVE-2022-41800 (authenticated RCE in RPM code)
2022-11-23 17:57:18 -05:00
b7cf112d42
Fix an issue where the session handler would close too early on Zimbra modules
2022-11-23 13:09:47 -08:00
ffbf8b303a
Change a 'return 0' to 'fail_with', per Christophe's request
2022-11-23 12:51:51 -08:00
28a68ede8c
Merge branch 'master' into zimbra-fixes
2022-11-23 12:50:56 -08:00
cbb50ed902
Remove non-functioning Arch'es
2022-11-23 10:42:07 -08:00
3f58bfe11e
Check that the target is Exchange Server 2019
2022-11-23 10:47:10 -05:00
7227bec259
set autocheck false
2022-11-21 15:53:37 -05:00
8c9e2c9fc7
Add check method, update hosting IP/port
2022-11-21 15:53:37 -05:00
d141efcbfe
screen effects
2022-11-21 15:53:37 -05:00
181b8e4eea
review comments
2022-11-21 15:53:37 -05:00
Christophe De La Fuente