0081811c52
Land #16185 , Firefox CVE-2020-26950 use after free browser exploit
...
Merge branch 'land-16185' into upstream-master
2022-02-28 14:38:23 -06:00
579811418f
update documentation with note about Firefox 82.0.1
2022-02-26 12:35:38 +00:00
d5ba1afbec
fix URLs not resolving
...
fix URLs not resolving
add csv export to references
fix URLs not resolving
pdf not pd
missed a url change
remove extra recirectedfrom fields
remove extra file
fix ovftool url accidental replacement
2022-02-16 17:22:40 -06:00
4e5cd8693d
add notes section to placate msftidy
2022-02-16 11:48:55 +00:00
480c44e9cb
refactor DEBUG_EXPLOIT code into mixin
2022-02-16 11:38:04 +00:00
35d122e16d
msftidy
2022-02-16 08:35:04 +00:00
fb53ca0ac2
actually add support for Windows
2022-02-16 08:33:24 +00:00
1086926b2e
Land #16159 , Add module for CVE-2021-3129
...
Merge branch 'land-16159' into upstream-master
2022-02-15 17:14:01 -06:00
0239ef1cc6
Land #16117 , Updates for Log4Shell
2022-02-15 16:39:00 -06:00
891387885b
Fixed typos
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2022-02-15 08:47:50 +01:00
bbb66eba55
Fixed typos
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2022-02-15 08:47:26 +01:00
acfc7348c3
Fixed typos
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2022-02-15 08:47:10 +01:00
c935bc6388
Update modules/exploits/multi/php/ignition_laravel_debug_rce.rb
...
Fix typos
Co-authored-by: Brendan <bwatters@rapid7.com >
2022-02-15 08:46:25 +01:00
2e73469b6b
Update modules/exploits/multi/php/ignition_laravel_debug_rce.rb
...
Fix typos
Co-authored-by: Brendan <bwatters@rapid7.com >
2022-02-15 08:46:02 +01:00
ca62a05ce1
Clenup and check strategy
...
- Removed else statements from check in favor of implicit return
- Added comment explaining the check strategy (to be less intrusive)
2022-02-11 00:30:31 +01:00
d1764b2e75
Update option name
...
Update option name from LOGPATH to LOGFILE to become more intuitive.
2022-02-11 00:00:19 +01:00
df53a62cc9
Making reason from failures more descriptives
...
Cases
[x] User defined wrong log file
[-] Exploit aborted due to failure: unexpected-reply: Log file
/var/www/log.log seems doesn't exit
[x] module doesnt detect the log file
[-] Log file does not exist /var/www/storage/logs/laravel.log
[-] Exploit aborted due to failure: bad-config: Log file is
required, however it was defined nor it was not automatically detecte
[x] site doesnt respond with error, module unable to find the log
directoy
[-] Unable to automatically find the log file. To continue set
LOGPATH manually
[-] Exploit aborted due to failure: bad-config: Log file is
required, however it was defined nor it was not automatically detected
[x] site with debug mode false
[-] Exploit aborted due to failure: not-vulnerable: The target is
not exploitable. "set ForceExploit true" to override check result
2022-02-10 23:40:49 +01:00
719e71648c
Change Vulnerable to Appear in the check method
...
As we can't determine with certainly whether the target is vulnerable the check method should return appear instead of vulnerable.
Co-authored-by: Simon Janusz <85949464+sjanusz-r7@users.noreply.github.com >
2022-02-10 20:08:36 +01:00
cc52850ff0
Fix coding style offenses.
2022-02-09 21:30:17 +01:00
da1bc1f6d1
Change exploit Rank. Add AutoCheck. Remove custom timeout on request cgi.
2022-02-09 21:19:10 +01:00
c7092861e0
Fix the CVE format based on failed tests
2022-02-08 14:38:54 +01:00
f1fe6b7c89
Add module to CVE-2021-3129
2022-02-08 14:21:10 +01:00
5bbe934db9
Add QEMU Monitor HMP 'migrate' Command Execution module
2022-02-07 17:48:27 +00:00
e2c91ebf30
Land #16010 , zabbix_script_exec improvements
...
This updates the zabbix_script_exec module to work with versions 5.0 and
newer as well as adds a new item-based execution technique.
2022-02-04 15:13:13 -05:00
ae278d0568
Cleanup some minor typos
2022-02-04 15:12:57 -05:00
8838d9cb66
Added timeout system, fixed a bug with TLS_PSK, linted
2022-02-04 04:01:23 -08:00
965493191f
Add and use a Log4Shell mixin
2022-02-03 16:09:49 -05:00
645ef5e71f
Fixed few bugs
2022-02-02 14:30:02 -08:00
7bf08a28ea
Modified default stager
2022-02-02 12:34:07 -08:00
de32cc0e97
Linted with Rubocop, factorized API call, fixed some grammmar
2022-02-01 13:29:30 -08:00
d46822184f
Updates for Log4Shell
2022-01-28 14:56:44 -05:00
458d584f83
Add details to check codes and PR feedback
2022-01-21 09:40:23 -05:00
579627f5c7
Update docs, note OS X support
2022-01-20 10:47:11 -05:00
ba469a4b2c
Add version detection to the Unifi exploit
2022-01-20 09:26:48 -05:00
3d80a46e67
Check the HTTP response from the trigger
2022-01-19 17:51:31 -05:00
ef344d9d12
Add the Unifi Log4Shell RCE exploit
2022-01-19 17:51:31 -05:00
4cf3ae352c
Land #16050 , Log4Shell: vCenter RCE
...
Merge branch 'land-16050' into upstream-master
2022-01-19 16:30:33 -06:00
96a5d656bd
Final cleanups and reference updates
2022-01-14 08:41:37 -05:00
3f04b80d8b
Add vCenter Log4Shell docs
2022-01-13 14:50:28 -05:00
053fbe2a28
fix cisco advisory links
2022-01-13 18:55:39 +00:00
d5c83b41f9
Cleanup the vCenter Log4Shell exploit
2022-01-13 11:57:00 -05:00
7b1398f0ae
Allow overriding check module datastore options
2022-01-13 11:51:39 -05:00
62a814fa59
Refactor Log4shell exploit code into reusable bits
2022-01-13 09:45:02 -05:00
e093154865
Refactor the BeanFactory gadget code
2022-01-12 16:58:31 -05:00
e873907d13
Initial vCenter exploit via Log4Shell
2022-01-12 15:34:45 -05:00
877bab6f2a
Land #15969 , Log4j2 HTTP Header Injection Exploit
2022-01-11 16:52:08 -05:00
7b64383040
Preemptively tweak references to ysoserial
2022-01-11 16:25:21 -05:00
cb616b94c7
Removed some useless parameter + fixed a few bugs
2022-01-09 13:08:25 -08:00
6a7c81e1ba
Update authors
2022-01-08 21:56:15 -05:00
53c2400be9
Added cleaning procedure + fixed few mistakes/error mesage, removed unused docs
2022-01-08 10:56:31 -08:00
bwatters