f2c3fc5f00
Rubocop recently landed modules
2020-04-17 11:55:04 +01:00
d759fbaed3
Land #13259 , Miscellaneous fixes for @wvu's modules and documentation
2020-04-16 22:10:10 -05:00
966194d2b7
Remove tested admin password from default PASSWORD
2020-04-16 21:45:44 -05:00
b5df7e8147
Land #13102 , Add UnRAID 6.8.0 Authentication bypass to RCE
...
Merge branch 'land-13102' into upstream-master
2020-04-16 17:18:55 -05:00
f0f403b48e
Automated Rubocop fixes
2020-04-16 17:17:02 -05:00
cd9e5260f7
Note post-auth requirements in Nexus exploit
2020-04-15 20:25:05 -05:00
4401e3654f
Merge remote-tracking branch 'upstream/master' into bug/misc
...
So we can grab the Nexus files from master.
2020-04-15 20:24:44 -05:00
0684966dcb
Make better comments for the comment god
2020-04-15 18:24:28 -05:00
b7501c1f0c
Add my standard print for CmdStager
...
And comment some methods used by it.
2020-04-15 18:06:48 -05:00
6db312636d
Add Nexus Repository Manager Java EL Injection RCE
2020-04-15 15:49:33 -05:00
66d5f51e51
Remove Nexus content from this branch
...
So the remaining changes can be PR'd separately.
2020-04-15 15:48:09 -05:00
e8840563be
Comment comments
2020-04-15 15:47:51 -05:00
65d338d00e
Note tested version in module
2020-04-15 15:47:51 -05:00
5a91a1e54f
Remove res.code == 200 check again
...
It really isn't necessary when we're looking for just the header.
2020-04-15 15:47:51 -05:00
7dd3be507f
Add wget CmdStager
2020-04-15 15:47:51 -05:00
e248e2ed43
Consolidate CmdStager flavors to symbols
...
As per the API. Strings are fine, but they're supposed to be symbols.
2020-04-15 15:47:51 -05:00
99336f6bd3
Add ARTIFACTS_ON_DISK, since it uses CmdStager
...
Whoops, forgot this when I changed it from ARCH_CMD.
2020-04-15 15:47:51 -05:00
d9aa80268d
Rearrange methods a bit
2020-04-15 15:47:50 -05:00
e6c42448b2
Add res.code check to match prior commit
2020-04-15 15:47:50 -05:00
df992bf94b
Note compromised user less specifically
...
This is just what was configured in the Docker container.
2020-04-15 15:47:50 -05:00
ae4af1a4f0
Format Java EL expression nicely
2020-04-15 15:47:50 -05:00
baae9db092
Fix some more things
2020-04-15 15:47:50 -05:00
6275b16b04
Fix some things
2020-04-15 15:47:50 -05:00
1ce6c310ba
Escape double quotes in EL payload
2020-04-15 15:47:50 -05:00
143d8463ec
Prefer include? for NXSESSIONID=
...
Co-Authored-By: bcoles <bcoles@gmail.com >
2020-04-15 15:47:50 -05:00
45263b8aa5
Add Nexus Repository Manager Java EL Injection RCE
2020-04-15 15:47:50 -05:00
0858178c09
Add cleanup support and update description
2020-04-14 13:27:25 -05:00
c151b93ba4
Fix up clarity and spelling issues in module and documentation
2020-04-13 16:28:39 -05:00
b7a1fbdde2
Fixed documentation and login method
2020-04-13 18:55:56 +03:00
706a395bc0
Fixed 2nd round of suggested changes
2020-04-13 11:22:02 +03:00
d906c3dc77
Fixed reviews suggestions
2020-04-11 14:38:19 +03:00
eb7d2f821d
Adding CVE number
...
Signed-off-by: Mehmet İnce <mehmet@mehmetince.net >
2020-04-11 12:22:17 +03:00
5d04c2b4a5
Adding documentation and module description
...
Signed-off-by: Mehmet İnce <mehmet@mehmetince.net >
2020-04-11 12:22:17 +03:00
7c2f65da36
Adding vestacp exec
...
Signed-off-by: Mehmet İnce <mehmet@mehmetince.net >
2020-04-11 12:22:17 +03:00
7934d1de09
Land #13098 , add Pandora FMS module
2020-04-06 11:42:24 -05:00
a3c07b7cc1
use nospace opt, fix regex, iterate id_agente
2020-04-06 11:34:13 -05:00
5f0c9942d2
Land #12756 , add dlink dwl2600 exploit
2020-03-27 12:38:35 -05:00
8aa4d7a944
remove mixins, add CVE
2020-03-27 12:37:40 -05:00
bb21c8f6d8
Finishing Touches on DLINK DWL 2600 Module
...
These last finishing touches complete the DLINK DWL 2600 Module. The
fixes include making renaming token to @token and adding the noconcat
CmdStager option.
2020-03-26 20:13:55 -05:00
dc9e215318
remove unused code / add option
2020-03-26 16:05:56 -05:00
f191eb00c9
add command stager
2020-03-26 16:05:56 -05:00
9954fae7ff
Update pandora_ping_cmd_exec.rb
2020-03-23 21:44:33 +03:00
b1fb946533
Update modules/exploits/linux/http/pandora_ping_cmd_exec.rb
...
Co-Authored-By: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2020-03-23 17:29:23 +03:00
8ba7b05eb7
Update modules/exploits/linux/http/pandora_ping_cmd_exec.rb
...
Co-Authored-By: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2020-03-23 17:27:00 +03:00
98fdcedf40
Apply suggestions from space-r7 code review
...
Co-Authored-By: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2020-03-23 14:08:12 +01:00
88ea6b527a
Apply suggestions from code review
...
Co-Authored-By: bcoles <bcoles@gmail.com >
2020-03-23 09:48:00 +01:00
4e81b7b969
Fix indent
2020-03-21 16:12:23 +01:00
58780c6db9
Update Unraid 6.8.0 exploit module
...
- Changed exploit name
- Set Privileged to true
- Better error handling
- Typo fixes
2020-03-21 11:44:35 +01:00
401e000892
Add Unraid auth bypass to RCE exploit
...
Unraid is an operating system for personal and small business use that
brings enterprise-class features letting you configure your computer
systems to maximize performance and capacity using any combination of
applications, VMs, storage devices, and hardware.
This module exploits an authentication bypass vulnerability that leads
to remote code execution as root.
2020-03-20 15:13:54 +01:00
5ccda4b567
Added Pandora FMS 7.0NG exploit
...
Pandora FMS (for Pandora Flexible Monitoring System) is software for
monitoring computer networks. Pandora FMS allows monitoring in a visual
way the status and performance of several parameters from different
operating systems, servers, applications and hardware systems such
as firewalls, proxies, databases, web servers or routers.
This module exploits a vulnerability found in Pandora FMS 7.0 NG and lower.
The vulnerability exists on the `net_tools.php` component, due to the insecure
usage of the `system()` PHP function.
2020-03-19 22:50:00 +03:00
Alan Foster