5c56d6a4fc
typo
2024-03-05 14:47:04 +00:00
b925f798e5
typo and clarify description
2024-03-05 14:39:17 +00:00
aac4ef09cc
add in disclosure date and blogs
2024-03-05 11:09:22 +00:00
a5fb83d0e1
add in 2023.11.2 as tested on
2024-03-01 17:03:38 +00:00
9988117cca
rename with cve number
2024-03-01 16:42:59 +00:00
b7200b52e1
typo
2024-02-27 14:58:56 +00:00
f52543b4a6
Older version of TeamCity (circa 2018) do not support access tokens, so we can fall back on creating an admin user accoutn before we upload the plugin. Creating an access token is better as we can delete the token, unlike the user account.
2024-02-27 12:01:57 +00:00
47596c6a0c
add in docs
2024-02-23 14:30:53 +00:00
747d328bcb
Land #18786 , Fix option collision in service_persistence
2024-02-14 17:25:15 +01:00
d546db6055
Land #18780 , runc cwd priv esc (docker) (cve-2024-21626)
2024-02-05 13:12:02 +01:00
29524fa7f8
Fix option collision in service_persistence
...
The option `SHELLPATH` collide with `cmd/unix/reverse_netcat`,
resulting in abnormal backdoors. This commit rename it to BACKDOOR_PATH
2024-02-03 23:18:45 +08:00
cf2f76e6a2
cve-2024-21626 review
2024-02-02 16:27:02 -05:00
85974d16c2
Land #18769 , Add Cacti RCE via SQLi Module
...
This exploit module leverages a SQLi (CVE-2023-49085) and
a LFI (CVE-2023-49084) vulnerability in Cacti versions prior
to 1.2.26 to achieve RCE
2024-02-02 11:46:10 -05:00
b91648f065
Fix typos
2024-02-02 11:45:51 +01:00
be2d2d61ca
Land #18762 , Add exploit module for CVE-2024-0204
...
This pull request adds an exploit module for CVE-2024-0204
in Fortra GoAnywhere MFT. GoAnywhere MFT versions 6.x from
6.0.1, and 7.x before 7.4.1 are vulnerable.
2024-02-01 22:36:32 -05:00
1c73cf938f
cve-2024-21626
2024-02-01 15:28:04 -05:00
f10619d870
Add module and documentation
2024-01-30 12:52:02 +01:00
577898d91b
Check the response when exploiting
2024-01-29 14:38:49 -05:00
c70092a2c7
bugfix a copy pasta whereby a path seperator was not being added as expected
2024-01-29 17:52:37 +00:00
08a19959fe
add an RCE exploit module for CVE-2024-0204 in Fortra GoAnywhere MFT
2024-01-29 17:17:45 +00:00
8a793dd1b0
Use the correct exploit and use sh instead of bash
2024-01-29 09:03:25 -05:00
9e41825e51
Finish up the exploit
...
Tested on Linux (versions 4.1.1, 4.3.0, and 4.4.0) and Windows (version
4.4.0).
2024-01-26 17:20:54 -05:00
fe84c0dff7
Land #18734 , Add exploit for CVE-2023-22527
...
This adds an exploit for CVE-2023-22527 which is an
unauthenticated RCE in Atlassian Confluence. The
vulnerability is due to an SSTI flaw that allows an
OGNL expression to be evaluated.
2024-01-25 14:15:10 -05:00
deabf9b1d8
Add module docs
2024-01-24 12:49:27 -05:00
c278ef9b73
Land #18648 , Add Module for GL.iNet products
...
This PR adds an exploit module for a number of
different GL.iNet network products. The module combines
an auth by-pass CVE-2023-50919 with an RCE CVE-2023-50445.
2024-01-23 14:57:29 -05:00
13d2968fad
Capitalize remaining references to Meterpreter
2024-01-23 13:11:03 -05:00
904e34434e
Land #18626 , SaltStack Minion Deployer
...
This PR adds an exploit module which allows for
a user who has compromised a host acting as a
SaltStack Master to deploy payloads to the Minions
attached to that Master.
2024-01-23 11:58:38 -05:00
46a0052286
Land #18568 , added exploit for CVE-2023-32781 - PRTG authenticated RCE
...
Merge branch 'land-18568' into upstream-master
2024-01-22 11:35:38 -06:00
06dcc82ced
Land #18630 , Add CVE-2023-50917: MajorDoMo RCE
...
Add CVE-2023-50917: MajorDoMo Command Injection Module
2024-01-19 17:10:40 -05:00
fadb0f45dd
Land #18708 , Ivanti Connect Secure RCE exploit module (CVE-2023-46805 and CVE-2024-21887)
...
Merge branch 'land-18708' into upstream-master
2024-01-19 15:47:43 -06:00
847a72c417
Land #18638 , add exploit for CVE-2022-42889 Apache Commons Text RCE
2024-01-19 13:02:53 +01:00
5ba4aba912
Update documentation/modules/exploit/linux/http/ivanti_connect_secure_rce_cve_2023_46805.md
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2024-01-18 09:18:28 +00:00
b8aa55c322
Land #18633 , WordPress Backup Migration Plugin PHP Filter Chain RCE (CVE-2023-6553)
2024-01-17 18:42:52 +01:00
a8d46b3e7a
Land #18627 , Ansible: post gather module, payload deployer, and file reader
2024-01-17 15:26:25 +01:00
2919b36f2b
add in docs
2024-01-17 10:25:04 +00:00
e7f2abbf9e
Small typo update
2024-01-14 19:26:10 +00:00
225ef6847f
Add output from test run on windows target
2024-01-15 00:26:47 +05:30
6d8666e35b
Fixed spacing and removed unused method
2024-01-11 13:13:57 -05:00
cdc66dd91f
Last minute fix
2024-01-11 12:56:01 -05:00
5c7061cc0c
Remove OS dependant payload
2024-01-11 12:30:04 -05:00
e711c9ea43
ansible review
2024-01-10 17:16:57 -05:00
2cfcb74303
saltstack review
2024-01-10 17:09:02 -05:00
e9296d1add
saltstack review
2024-01-10 17:04:03 -05:00
85897a2596
update adding aarch64 architecture and some new targets
2024-01-06 17:26:38 +00:00
80e9f1b97d
saltstack salt-master review
2024-01-06 06:38:59 -05:00
98667edf76
Add suggested changes
2024-01-05 22:31:51 +05:30
2028fbd226
Land #18404 , Working Module for CVE-2023-38146
2024-01-04 12:20:26 -05:00
9bb7e0e379
small update to documentation
2024-01-04 14:04:34 +00:00
adf455e8cb
Third release of module and documentation
2024-01-04 14:01:37 +00:00
b2312c97d3
Second release of module and documentation
2024-01-04 09:26:16 +00:00
sfewer-r7