3bf4bd7d7d
Land #17162 , add RCE module for CVE-2022-35914
...
This PR adds an RCE module for the php code injection
present in GLPI versions 10.0.2 and below
2022-10-24 12:18:34 -04:00
3bbd05a11a
Update modules/exploits/linux/http/glpi_htmlawed_php_injection.rb
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2022-10-24 11:48:33 -04:00
4cfbae63ac
Land #17114 , Add exploit for CVE-2022-41352 (zimbra cpio)
2022-10-20 15:10:42 +02:00
6039e54b75
For real, this time
2022-10-19 17:23:16 -05:00
78e8de826b
Sure; I can spell
2022-10-19 17:22:29 -05:00
238aa9058f
Fix Cmdstager flavor, complete info hash
2022-10-19 17:18:20 -05:00
56b8bf6302
Working draft for CVE-2022-35914
2022-10-19 14:33:33 -05:00
56d6f7747b
Remove some old code and update documentation with version info
2022-10-19 10:02:29 -07:00
9a35a5c8dd
Post patch info
2022-10-18 10:12:54 -07:00
6bdf0da994
Add a sanity check before generating the payload - prevents a confusing error if the server is down
2022-10-18 10:09:51 -07:00
1804e5ab60
Update modules/exploits/linux/http/fortinet_authentication_bypass_cve_2022_40684.rb
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2022-10-18 00:51:28 +02:00
67bd118dd5
Update modules/exploits/linux/http/fortinet_authentication_bypass_cve_2022_40684.rb
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2022-10-17 22:49:48 +02:00
7cdf8e181f
Update modules/exploits/linux/http/fortinet_authentication_bypass_cve_2022_40684.rb
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2022-10-17 22:49:34 +02:00
b3a0d70688
Added prefer admin
...
- One can now say whether the auto-detect user method should prefer to return the admin or other random one.
2022-10-17 15:16:16 +02:00
5d99428c1d
Changed SSH key algorithm and fix bug on cleanup
...
- Prefer to use EC over RSA, only because it is smaller
- When there was no previous ssh key for such user the cleanup method was trying to overwrite the one on the index 0
2022-10-17 14:40:51 +02:00
71a1c60d49
Sticking to the striced needed
...
The port in the Forwarded HTTP header can be random.
2022-10-17 13:01:13 +02:00
422675a0c0
Fixed code-style offenses
2022-10-17 01:08:57 +02:00
6140f0bc4d
Added method to auto-detect target user
2022-10-17 00:44:46 +02:00
9241c515d7
Try to cleanup only if there was ssh connection
2022-10-16 18:50:39 +02:00
6cfb277c90
Added cleanup method
2022-10-16 15:09:45 +02:00
45149c144c
Code cleanup and ssh key password
...
- cleaned up some unecessary code
- add option to the user set an encrypted custom ssh key
2022-10-16 13:32:25 +02:00
95b1bffdea
Do not overwrite the first two keys
2022-10-15 19:04:53 +02:00
47f6971651
It is working but need some improvements
2022-10-15 04:10:12 +02:00
31404116a5
Rename module
2022-10-14 22:19:43 +02:00
f643bba09a
Added module for CVE-2022-40684
2022-10-14 18:36:18 +02:00
487a26ee0f
Add in some missing info to examples, set default port, and update IOCs to note we include some IOCs in the logs
2022-10-12 11:19:47 -05:00
e75438d0b2
Documentation fix and minor fixes
...
Fixed the documentation according to msftidy's suggestion and removed a few unessary parts of code
2022-10-11 18:17:52 -04:00
45aa09411e
First round of edits from review
2022-10-11 15:46:04 -05:00
f67a7f395f
Modified unix_cmd payload as per suggestion
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2022-10-08 02:26:11 +05:30
ec57260c66
Adding suggested code
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2022-10-08 02:25:35 +05:30
32db330ff6
Fixing the rubocop issue
2022-10-07 11:08:01 -04:00
910ee931c2
Fixing the description of the module
2022-10-06 15:55:32 -04:00
c8cd6a7864
Adding CVE-2022-22947 Spring Cloud Gateway RCE Exploit
...
CVE-2022-22947 exploits Spring Cloud Gateway. The module has been tested with Spring Cloud gateway version 3.1.0 on Linux kali 5.18.0-kali5-amd64
2022-10-06 15:48:36 -04:00
48dd4693df
Add docs for CVE-2022-41352 (zimbra cpio), and fix some text
2022-10-06 10:46:48 -07:00
08c29f7f28
Add exploit for CVE-2022-41352 (zimbra cpio)
2022-10-06 10:23:53 -07:00
06aefb630a
string true to bool true
2022-10-03 19:50:04 -04:00
5f92d9418d
Modules: Fix Stability/SideEffects/Reliability notes for several modules
2022-10-01 17:54:59 +10:00
dd11156922
add new reference to bitbucket module
2022-09-22 16:14:18 -05:00
8d2b182c7b
add cmd stager flavors and bad characters
2022-09-21 10:54:32 -05:00
77d1328c43
add module description
2022-09-21 08:38:18 -05:00
34a6671c2d
update module to support auth & additional target
2022-09-20 18:45:14 -05:00
9738f23b51
add cmdstager
2022-09-20 10:37:10 -05:00
391e5cc891
add check method, repo search
2022-09-19 17:28:17 -05:00
52ff168c5e
Land #16914 , Add PAN-OS auth command injection module (CVE-2020-2038)
2022-09-15 17:58:07 +02:00
b37b91c233
Responded to comments
2022-09-15 10:45:11 -04:00
49cc431660
Update modules/exploits/linux/http/panos_op_cmd_exec.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2022-09-15 10:29:28 -04:00
2fcea3763f
Update modules/exploits/linux/http/panos_op_cmd_exec.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2022-09-14 12:59:56 -04:00
9b6b70cbf3
Update modules/exploits/linux/http/panos_op_cmd_exec.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2022-09-14 12:50:07 -04:00
d001bf079e
Update modules/exploits/linux/http/panos_op_cmd_exec.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2022-09-14 12:49:52 -04:00
89fadf69a7
Remove require pry
2022-09-13 13:42:26 -04:00
Jack Heysel