a4af80d3e1
Land #15005 , add VMware vRealize SSRF RCE
2021-04-27 09:19:55 -05:00
a640443cab
Land #15014 , Added string PKey support for ssh module
...
Able to specify an individual private key as a string parameter into the module
2021-04-27 15:42:37 +10:00
363db0e271
Land #14977 , add Apache Druid js rce
2021-04-26 12:01:19 -05:00
6b4e5a7e4d
Land PR #15088 , Fix a typo in Eclipse Equinox product name
2021-04-23 17:07:37 -05:00
6cc800e0fc
Updated logging and documentation
2021-04-23 10:26:46 -05:00
95e59f514c
Land #15021 , add KOFFEE exploit for CVE-2020-8539
2021-04-23 09:25:16 -04:00
50873d3d88
Fix some typos and markdown formatting
2021-04-23 09:24:38 -04:00
dcf457f7e9
Fix a typo in Eclipse Equinox product name
...
The osgi_console_exec module docs had a few stray characters for the
product name and description. The product name confused me when
googling for this module.
2021-04-23 11:57:48 +01:00
9bfcbc8a2e
Added string PKey support for ssh module
...
* Implemented command shell session reporting
* Updated ssh login pubkey module documentation
2021-04-22 14:49:45 -05:00
3c64475da9
Adding new actions on the module and updated documentation
2021-04-22 04:34:22 -04:00
a62d1dfbcd
Add some details back in
2021-04-21 16:02:21 -05:00
5111caf536
Address @gwillcox-r7 review
...
New words from @gwillcox-r7.
2021-04-21 13:10:21 -05:00
d4041cb5f4
Add module doc
2021-04-21 10:42:10 -05:00
93c7727622
Land #15058 , Cockpit CMS RCE
2021-04-21 13:21:55 +01:00
e0f13e44d1
Land #14699 , Add Nagios XI snmptrap RCE and docs (CVE-2020-5792)
2021-04-20 14:30:45 -05:00
13d3e4ae89
Add in CentOS 7 with NagiosXI 5.6.5 scenario
2021-04-20 14:12:56 -05:00
f241a050b8
Apply review comments and fixes to documentation and the module
2021-04-20 12:38:34 -05:00
deaa241ca5
Land #15065 , fix post/linux/gather/checkvm
2021-04-20 17:02:45 +01:00
43f4ec921d
update docs and remove lscpu check
2021-04-20 21:12:27 +05:30
51f9e1ae73
cockpit cms rce
2021-04-18 18:52:04 -04:00
4ac9304ca2
Land #14968 - Add Nagios XI Mibs.php Authenticated RCE module and docs (CVE-2020-5791)
2021-04-16 14:37:15 -05:00
496e074ec8
Add in fixes to documentation and module from review
2021-04-16 13:14:17 -05:00
97425602e9
fix typo and docs in chrome_simplifiedlowering_overflow
2021-04-16 14:59:43 +01:00
c4956ce19b
Updatied the module with the full set of actions
2021-04-16 04:54:29 -04:00
9e6f425427
Move exploit/linux/http/citrix_dir_traversal_rce
...
To exploit/freebsd/http/citrix_dir_traversal_rce. It's actually FreeBSD.
2021-04-15 19:13:25 -05:00
832ca92f42
Land #14700 , Add Nagios XI Plugins Filename Authenticate RCE module and docs (CVE-2020-35578)
2021-04-14 16:58:55 -05:00
61395f3cb1
Update scenarios in documentation and also update the module to handle cases where the version number may not be in a format that Rex::Text can immediately handle.
2021-04-14 16:32:53 -05:00
154e237edd
Add in fixes to documentation and module that were covered in the review process
2021-04-14 15:33:42 -05:00
a59e7e196d
Land #14701 , Rename Nagios XI authenticated RCE module and integrate Nagios XI mixin
2021-04-13 18:58:29 -05:00
9379f0356b
Add in 5.6.5 exploitation scenario to documentation
2021-04-13 17:42:47 -05:00
0aada27128
Update the documentation to account for the fact that the plugin name has to be check_ping and also update the module to randomize some of the fields where possible.
2021-04-13 17:15:34 -05:00
cdd589f592
Update documentation to wrap some overly long lines to meet msftidy_docs.rb requirements.
2021-04-13 16:36:38 -05:00
ead9d73dc5
Add in fixes from review to documentation and module
2021-04-13 16:34:13 -05:00
e2532ab01b
Land #14994 , Update session_spy.rb to have a PID option for session migration.
2021-04-12 16:18:26 -05:00
c4f88e35ba
Land #14622 , add the sp_oacreate technique to the mssql_exec module
2021-04-12 15:00:15 -04:00
9e43a34599
Add in scenario to documentation for when database is connected and loot is being stored.
2021-04-12 13:52:41 -05:00
ef82219235
Update the mssql_exec docs and some verbiage
2021-04-12 14:52:13 -04:00
045367cff7
Apply RuboCop formatting to documentation and module
2021-04-12 13:52:00 -05:00
0b06904dd0
Update module with more checks and replace the Process migration strategy with a PID migration strategy. Also update documentation accordingly
2021-04-12 13:05:26 -05:00
e9088cfc12
Run rubocop and msftidy_docs, both on the module and documentation
2021-04-12 04:13:03 -04:00
75aba6707b
modify original module, add technique option
2021-04-11 22:16:15 +02:00
942d9e6bf2
Update apache_druid_js_rce.md
2021-04-10 10:43:00 +08:00
64dcf49311
Land #15017 , Update tomcat ghost module with default ports
2021-04-09 16:30:23 -05:00
7c23f7f546
Fix a minor issue where one command wasn't properly documented in a manner that allowed for easy copy and pasting
2021-04-09 16:29:24 -05:00
608ac3a0b7
Update module description to clean it up and also add documentation for uncommon options
2021-04-09 16:09:02 -05:00
a36030bcb7
add AutoCheck and usage of TARGETURI option
...
remove CheckCmd from docs
2021-04-09 12:08:25 -05:00
84babda37d
Adding documentation for KOFFEE exploit
2021-04-09 10:45:35 -04:00
2d1b73f1f2
Update apache_druid_js_rce.md
2021-04-09 19:48:45 +08:00
e48ebe6659
Update haserl_read module documentation (again)
...
- Add CVE and Ref.
- Add fixed version
2021-04-09 13:24:49 +02:00
586d033909
Land #14833 , haserl-based exploit for Alpine linux
2021-04-09 13:07:47 +02:00
Shelby Pace