0334beada2
Land #16758 , add ManageEngine ADAudit Plus exploit
2022-08-05 12:19:42 -05:00
4202502992
make some prints vprints, add steps
2022-08-05 11:34:46 -05:00
7c21c57564
Merge branch 'master' into manageengine-adauditplus-cve-2022-28219
2022-08-04 14:07:50 -07:00
9c6a198453
Land #16796 , Path traversal vulnerability in RARLAB UnRAR < 6.12 with Zimbra RCE module
2022-08-04 19:44:57 +02:00
163d4d5b11
Land #16854 , Add CVE-2022-31660 VMware Workspace ONE Access LPE
...
Merge branch 'land-16854' into upstream-master
2022-08-03 16:50:12 -05:00
82182f7815
Land #16852 , Zoho PMP XML-RPC Unauth RCE module
...
Add in exploit module for CVE-2022-35405 aka Zoho
Password Manager Pro XML-RPC Unauthenticated RCE
2022-08-02 17:18:28 -04:00
8ed4293e9c
Add module docs for CVE-2022-31660
2022-08-02 16:42:08 -04:00
ada3be8f7b
Update options section in documentation
2022-08-02 14:13:25 -05:00
f0e62de46a
Add CVE-2022-35405 docs and module
2022-08-02 11:57:56 -05:00
b00cadfbeb
Initial commit of MobileIron Core Log4Shell exploitation (CVE-2021-44228)
2022-07-29 10:31:15 -07:00
4e4a1da4e4
Add module docs for the split-up unrar modules
2022-07-27 13:24:29 -07:00
b4b5f31c3d
Add documentation
2022-07-26 10:48:18 -07:00
860cd38bbb
Add documentation
2022-07-26 10:23:24 -07:00
74496c1a29
Add in updated scenario documentation
2022-07-25 14:14:52 -05:00
72b1dbfeee
Remove code that could cause check method to fail, fix up some documentation errors and add in scenario, and generally address some review comments
2022-07-25 13:05:04 -05:00
1094ce95c0
Update roxy_wi_exec.md
2022-07-25 17:14:02 +00:00
bdf8defe53
Apply suggestions from code review
2022-07-25 16:03:09 +00:00
bc0b27e1e2
Apply suggestions from code review
...
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com >
2022-07-22 12:58:46 +00:00
fc3b08fb8b
Apply suggestions from code review
...
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com >
2022-07-22 12:51:40 +00:00
420e67aca9
Apply suggestions from code review
...
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com >
2022-07-22 12:24:43 +00:00
628f5970b1
Apply suggestions from code review
...
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com >
2022-07-22 12:24:26 +00:00
135a25be4d
Tested and fixed problems
2022-07-21 11:42:18 +00:00
336a1feaf7
Fix up naming of module and documentation and fix most of the RuboCop and formatting errors
2022-07-19 15:44:52 -05:00
d2769ef82b
Add Roxy-WI exec
2022-07-19 21:08:45 +03:00
e3e6afbaa3
Land #16753 , ms03_007_ntdll_webdav: Cleanup and add additional offsets
...
Merge branch 'land-16753' into upstream-master
2022-07-19 08:48:06 -05:00
2af8042bfa
Land #16761 , clean up ms01_023_printer
...
Adds additional offsets for various Windows 2000 targets.
Replaces raw socket TCP with HttpClient. This works fine in testing.
Fixes default payload, adds docs and notes.
2022-07-16 17:56:59 -04:00
77be219bc2
Land #16754 , add offsets to ms02_065
...
Adds additional offsets for various Windows 2000
Professional targets, adds docs, fixes default
payload and resolves rubocop violations.
2022-07-16 16:43:47 -04:00
819d1fa2dd
Land #16762 , Sourcegraph RCE module
...
This module exploits a vuln in the gitserver
component of sourcegraph that results in OS
command execution in the context of gitserver.
2022-07-13 10:09:06 -04:00
52fd45b7ab
Land #16744 Jboss EAP/AS RCE module
...
This module exploits a Java deserialization vulnerability
in JBOSS EAP/AS Remoting Unified Invoker interface for
versions 6.1.0 and prior.
2022-07-12 10:49:22 -04:00
63734832b2
Add sourcegraph RCE module docs
2022-07-08 17:27:27 -04:00
27ad62c964
Add a decent check method
2022-07-08 16:40:42 -04:00
83bc954e9d
ms01_023_printer: cleanup; use HttpClient; add additional targets
2022-07-09 01:36:10 +10:00
d6b6f47b09
change doc file
2022-07-08 02:36:18 +02:00
f958b0a053
Land #16738 , correct CVE/lint for weblogic module
2022-07-07 18:08:13 -05:00
4da72a9b01
Land #16735 , Fix defaults for aerohive module
...
This change sets the MeterpreterTryToFork advanced
payload option to true by default for the Linux target
in the aerohive_netconfig_lfi_log_poison_rce module.
2022-07-07 16:21:56 -04:00
3ad42dd153
change option names to H3 for weblogic_deserialize_asyncresponseservice docs
...
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com >
2022-07-07 19:04:26 +03:00
3f63f9fcd1
ms02_065_msadc: Cleanup and add additional offsets
2022-07-08 00:26:02 +10:00
7d111938d5
ms03_007_ntdll_webdav: Cleanup and add additional offsets
2022-07-07 20:31:57 +10:00
f7209bfc75
Land #16724 , Modernize ms01_026_dbldecode
...
Use HttpClient; remove meterpreter code; fix stager
2022-07-05 09:36:58 -04:00
bbf56c7f4c
Delete jboss_remoting_unified_invoker.md
2022-07-05 00:33:30 +02:00
1ccc91d23c
Rename doc file
2022-07-05 00:25:56 +02:00
b8834e1534
Added documentation
2022-07-05 00:19:17 +02:00
04aa05faa2
ms01_026_dbldecode: Use HttpClient; remove meterpreter code; fix stager
2022-07-03 18:22:55 +10:00
12522d1407
fix cve in weblogic_deserialize_asyncresponseservice docs and run msftidy_docs
2022-07-01 10:34:27 -04:00
b56242c7a2
enable MeterpreterTryToFork by default for aerohive_netconfig_lfi_log_poison_rce
2022-07-01 06:15:13 -04:00
1b7d8f1e74
Fix a whitespace issue, restore option naming
2022-06-29 12:24:29 -04:00
e9b2fc6ecf
Merge branch 'rapid7:master' into master
2022-06-23 12:52:09 -10:00
84aa9ceeb9
Update phpmailer_arg_injection.md
...
Added options to the module docs for the new options
2022-06-23 12:50:33 -10:00
a96bc36d9c
Update the docs with the Windows target
2022-06-15 17:24:44 -04:00
3875db78ae
Land #16644 , Add Exploit for CVE-2022-26134 (Confluence RCE)
...
Merge branch 'land-16644' into upstream-master
2022-06-07 16:00:37 -05:00
space-r7