e155bb64cd
Improved check method for PrintNightmare
2021-07-09 12:15:39 -04:00
dc9c0035ab
Land #15371 , check if apport-cli is in $PATH
...
Fixes #15370
2021-07-08 09:28:35 -04:00
636b790acb
Update to using the AutoCheck mixin
2021-07-08 09:03:42 -04:00
fc1a34d7b1
Improve here doc formatting
2021-07-08 01:19:21 -05:00
e9c748cccc
Land #15385 , Add Module For CVE-2021-1675 / CVE-2021-34527 AKA PrintNightmare
2021-07-07 17:05:40 -05:00
70fd9376e3
Final documentation improvements to explain SMB setup and improvements to module to fix one minor error output
2021-07-07 17:05:22 -05:00
f42aa3742c
Automatically reconnect to the named pipe
2021-07-07 13:25:51 -04:00
af986380d3
Fix CheckCode
...
It's closer to CheckCode::Appears than CheckCode::Vulnerable.
2021-07-06 22:22:27 -05:00
f74903178e
Add a check method that detects the service
2021-07-06 17:29:08 -04:00
d5d48949b2
Update PrintNightmare module docs
2021-07-06 16:30:51 -04:00
410493f729
Land #15318 , NSClient priv esc post module
2021-07-06 16:07:30 +01:00
0f9b913b0f
Remove the RPORT redefinition
2021-07-06 09:29:01 -04:00
8b0c4a1042
Update modules/exploits/windows/local/nscp_pe.rb
...
Co-authored-by: agalway-r7 <agalway@rapid7.com >
2021-07-06 11:18:56 +02:00
1a057d321b
rhost is working
2021-07-05 10:24:49 +02:00
9c6b023b0d
Add PrintNightmare module docs
2021-07-02 16:00:39 -04:00
dfa91961f7
Use enumeration to find target directories
2021-07-02 15:39:00 -04:00
d9ecfb823f
Add DCERPC plumbing for EnumPrinterDrivers
2021-07-02 12:10:00 -04:00
b9830487de
Add targets for older versions of Windows
2021-07-01 17:48:21 -04:00
9dea8b5f99
Define necessary flags and print target info
2021-07-01 16:01:07 -04:00
f6279ee9bc
Randomize the name and catch some errors
2021-07-01 14:00:51 -04:00
e44eb0005e
Initial PrintNightmare PoC
2021-07-01 12:32:43 -04:00
2085c2db13
Update modules/exploits/windows/local/nscp_pe.rb
...
Co-authored-by: agalway-r7 <agalway@rapid7.com >
2021-06-30 20:28:35 +02:00
daa5b32393
Update from review
...
- Remove `MeterpreterTryToFork` option logic
- Add `Prepend` code directly under `Payload` info
- Rebase to use the updated `PrependFork`
- Add logic to verify that shells specified in the options really exist
on the remote host
2021-06-30 18:13:35 +02:00
eca20bec92
Update from code review
...
- Fix documentation typos
- Rename `MeterpreterBackground` Mettle option to `MeterpreterTryToFork`
2021-06-30 11:02:11 +02:00
ccaedd6c9a
Last additions and improvements
...
- add binaries
- add documentation
- backup `runc` binary in the exploit C file
- add `MeterpreterBackground` options to set Mettle `background` option
- add `WsfDelay` logic
- refactor code
- add cleanup logic
- add restore `runc` binary logic
2021-06-30 11:02:11 +02:00
1b59b8c83e
Rebase and fix conflicts in lib/msf/core/post/common.rb
2021-06-30 11:02:11 +02:00
2067e1177e
Land #15363 , Fix ipmi_dumphashes - session refused after few failed attempts
2021-06-28 10:50:41 +01:00
059189d4a4
fix ipmi disconnects after few failed attemts
2021-06-27 22:53:27 +02:00
a2a1b91a69
Land #15341 , add wpdiscuz exploit
2021-06-25 16:22:02 -05:00
f24a01945c
fix rubocop error
2021-06-25 15:33:45 -05:00
167e33dac0
safe navigation operator on res
2021-06-25 17:09:20 +02:00
6d13f0627e
formatting changes
2021-06-25 16:20:42 +02:00
1194e7d0f3
add guards, adjust formatting, add docs
2021-06-25 16:20:42 +02:00
d40656b852
apport_abrt_chroot_priv_esc: check if apport-cli is in $PATH
2021-06-25 11:48:16 +00:00
9cc17095d4
Land #15282 , CVE-2019-15975 Cisco DCNM auth bypass
2021-06-24 11:59:21 -04:00
3c7d96695e
Land #15349 , add rConfig vendors auth rce
2021-06-24 10:43:18 -05:00
fe6b725d3f
Update the documentation and fix a couple of bugs
2021-06-24 11:19:26 -04:00
5ac025477a
parent e7983c3b6f
...
author Yann Castel <yann.castel@orange.com > 1622466490 +0200
committer Spencer McIntyre <Spencer_McIntyre@rapid7.com > 1624547674 -0400
Add an exploit for CVE-2019-15975 (Cisco DCNM)
add documentation
passed rubocop
edit documentation
set ssl to true by default
edit documentation
rubocop again
int return code was replaced by symbols
Update modules/auxiliary/admin/networking/cisco_dcnm_auth_bypass.rb
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com >
rubocop ok
various changes
Update modules/auxiliary/admin/networking/cisco_dcnm_auth_bypass.rb
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com >
Update modules/auxiliary/admin/networking/cisco_dcnm_auth_bypass.rb
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com >
various changes 2
various changes
Update modules/auxiliary/admin/networking/cisco_dcnm_auth_bypass.rb
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com >
adding some guards + module notes
2021-06-24 11:19:25 -04:00
9f864df5f1
use Rex::Version instead of Gem::Version
2021-06-24 10:14:17 -05:00
df1faf85ff
rename files, change version check, use cookie jar
2021-06-24 09:47:38 -05:00
c3d4bb42bd
Land #15358 , use valid python binary in sshexec
2021-06-22 16:15:36 -05:00
fe41a6b518
Land #15350 , fix shellcode_inject module
2021-06-21 09:03:26 +01:00
27954cc4ae
update checkvm module to include system specific mixin
2021-06-20 10:34:18 +05:30
b85031ff6a
Fallback to Python3 in sshexec when it's available
2021-06-18 13:35:23 -04:00
211bf4351d
adding delay option
2021-06-18 11:32:15 +02:00
1d2e3212d3
using MIME + added some guards
2021-06-18 10:43:30 +02:00
7781d9ff1e
Update modules/exploits/linux/http/rconfig_authenticated_rce.rb
...
Co-authored-by: Jeffrey Martin <jeffrey_martin@rapid7.com >
2021-06-18 10:22:11 +02:00
1e7737f8b4
Update modules/exploits/linux/http/rconfig_authenticated_rce.rb
...
Co-authored-by: Jeffrey Martin <jeffrey_martin@rapid7.com >
2021-06-18 10:17:52 +02:00
f4bd18c5a3
Update modules/exploits/linux/http/rconfig_authenticated_rce.rb
...
Co-authored-by: Jeffrey Martin <jeffrey_martin@rapid7.com >
2021-06-18 09:21:00 +02:00
397c9ef140
Land #15333 , Cisco HyperFlex File Upload RCE
2021-06-17 13:40:39 -04:00
Spencer McIntyre