4eecb8ee96
Moodle::Login.moodle_login: fix login success verification regex
2024-06-03 01:49:04 +10:00
aea95c052e
Land #18723 , Improve Gitlab fingerprinting
...
A webpage exists that can be reached without authentication that
contains a hash that can be used to determine the approximate version of
gitlab running on the endpoint. This PR adds enhances our current GitLab
fingerprinting capabilities to include the aforementioned technique.
2024-04-24 12:13:15 -07:00
bc4a532cd7
Changed format of GITLAB_CSS_MAP
2024-04-24 11:38:22 -07:00
f018295509
Ensure range of Rex::Version objects are always returned
2024-04-24 10:00:16 -07:00
5ff05b7cec
Add more fingerprints
2024-04-24 00:12:01 +02:00
26a108aadc
Land #19046 , Apache Solr Backup Restore RCE [CVE-2023-50386]
2024-04-23 14:08:33 -04:00
0b1a4e2a99
Apply suggestions from code review
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-04-23 01:05:57 +02:00
e5bb593607
Improve how we fingerprint Gitlab versions
...
Since I was the one suggesting it in #18716 , I kinda volunteered to implement
it. This improvement is based on [Censys's blogpost](https://censys.com/cve-2021-22205-it-was-a-gitlab-smash/ )
on the topic, making use of the `/assets/application-….css` files that have
a unique name per gitlab versions.
The fingerprints were acquired with this bash script:
```bash
assetdir="/opt/gitlab/embedded/service/gitlab-rails/public/assets"
tags=$(curl "https://hub.docker.com/v2/repositories/gitlab/gitlab-ce/tags?page_size=100 " | jq -r '.results[].name')
for tag in $tags; do
filename=$(docker run --quiet --rm -it --entrypoint "" gitlab/gitlab-ce:$tag ls $assetdir|egrep '^application-.*\.css' | grep -v \.gz | cut -d' ' -f1)
echo $tag,$filename
done
```
Co-authored-by: cgranleese-r7 <69522014+cgranleese-r7@users.noreply.github.com >
2024-04-23 01:05:57 +02:00
6b2bdc893b
chore: remove repetitive words
...
Signed-off-by: fanqiaojun <fanqiaojun@yeah.net >
2024-04-15 11:06:50 +08:00
7f62dd2143
Responded to comments
2024-04-04 13:39:22 -07:00
03fced404a
Apache Solr Backup Restore RCE
...
Writing file to disk working
working on linux
wip authentcaiton
Consolodated conf folders into one
Renamed conf1 to conf in msf data dir
Randomize the configuration name
Docs plus finishing touches
rubocop
Updated exploit file location
Removed unused external dir
Reduced conf folder
2024-04-02 11:33:52 -07:00
31cf0e2633
Land #18764 , Add unauth Jenkins file read module
...
This PR adds a new module to exploit CVE-2024-23897, an unauth arbitrary
(first 2 lines) file read on Jenkins.
2024-03-28 13:29:39 -07:00
14938a2d77
Apply suggestions from code review
2024-03-28 14:41:25 -04:00
9b8b7045ff
Land #18715 , Add Splunk library
2024-03-05 16:17:30 -05:00
985b0ba47f
Add reviewed changes to splunk library
2024-03-06 01:32:57 +05:30
1e6cf524b9
rubocop on jenkins lib
2024-02-02 16:35:56 -05:00
c37984edb2
jenkins cli ampersand exploit review
2024-02-02 16:35:11 -05:00
38c9185564
Add reviewed changes
2024-01-26 22:58:00 +05:30
97ef243d2e
Add Splunk library
2024-01-18 22:47:13 +05:30
b8aa55c322
Land #18633 , WordPress Backup Migration Plugin PHP Filter Chain RCE (CVE-2023-6553)
2024-01-17 18:42:52 +01:00
5e25a99700
Responded to comments
2024-01-12 13:08:32 -05:00
43f4705e60
Apply suggestions from code review
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2024-01-09 12:37:59 -05:00
e3062d45e0
Module working docs updated
2023-12-20 16:41:52 -05:00
5d5ccd25e1
Removed unnecssary files
2023-12-15 10:46:23 -05:00
ef178298b2
Update lib/msf/core/exploit/remote/http/atlassian/confluence/version.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-12-14 11:55:30 -05:00
862194d63f
Documentation and rubocop changes
2023-12-11 19:01:35 -05:00
16dd06bbac
Added payload plugin mixin
2023-12-11 18:24:13 -05:00
397b9971a3
Clean up started
2023-11-22 21:06:55 -05:00
7024d4ecac
remove redundant unless expression
2023-11-07 09:06:58 +00:00
4dec6640c0
fix typo in cisco_ios_xe.rb
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2023-11-07 09:02:12 +00:00
b28668790d
allow user to explicitly specify a CLI mode. Valid modes are 'user', 'privileged', and 'global'.
2023-11-06 11:40:22 +00:00
a55132b36f
strip out "**CLI Line # " from the results and use print_line instead of print_status for cleaner output.
2023-11-03 17:09:08 +00:00
17420289dc
Add two auxiliary modules for the recent Cisco IOS XE exploit chain bugs (CVE-2023-20198 and CVE-2023-20273). This allows for unauthenticated remote CLI or OS command execution.
2023-11-03 15:38:35 +00:00
d64ed33cdf
code spell for a bunch of modules
2023-09-24 17:42:00 -04:00
235c142274
Merge remote-tracking branch 'origin/flask_unsign' into flask_unsign
2023-09-11 10:27:00 -04:00
40716cb28b
Make the separator configurable
2023-09-08 08:56:45 -04:00
143e1c82b5
Add validation functionality to FlaskUnsign
2023-09-07 16:19:58 -04:00
213b9f9589
Merge remote-tracking branch 'upstream/master' into flask_unsign
2023-09-06 15:39:37 -04:00
f467e0747a
review comments
2023-08-28 17:39:02 -04:00
1bd14dd8f4
error handling for apache modules
2023-08-21 18:12:26 -04:00
ceb46cc2ef
lib and spec updates
2023-08-20 20:07:42 -04:00
a45792877a
lib and spec updates
2023-08-20 19:37:22 -04:00
d84c15cf21
lib and spec updates
2023-08-17 15:29:20 -04:00
f125ad8870
review comments
2023-08-08 17:44:35 -04:00
7b024f21bd
apache nifi h2 rce
2023-08-08 17:44:35 -04:00
5cdac38ac0
apache nifi h2 rce
2023-08-08 17:44:35 -04:00
2c2f855e20
working cookies for superset
2023-07-06 07:12:39 -04:00
c9249fd9b7
basics
2023-07-02 12:37:58 -04:00
e298788a28
Land #18049 , Update jenkins login scanner to work with newer versions
2023-06-22 14:04:24 +01:00
0609d246f3
adds more future proofing to implementation
2023-06-21 14:19:24 +01:00
bcoles