f632cf34bf
add in a module and docs fo rteh EPMM exploit
2026-02-05 12:26:38 +00:00
c72d5128cb
Merge pull request #20931 from jheysel-r7/fix/docs/gsoc-2026-ideas-spacing
...
Fix spacing in GSoC 2026 ideas page
2026-02-04 14:20:14 -05:00
196dac6b6a
Fix spacing in GSoC 2026 ideas page
2026-02-04 09:17:40 -08:00
e69d72dcc1
Merge pull request #20680 from cdelafuente-r7/fix_rpc
...
A few fixes and enhancement for API RPC
2026-02-04 16:18:39 +00:00
9462fd87ff
automatic module_metadata_base.json update
2026-02-04 08:35:53 +00:00
533a12dc16
Land #20768 , adds Gladinet CentreStack/Trifox aux modules, updates Gladinet exploit module
...
Add Gladinet CentreStack/Triofox auxiliary modules and exploit
2026-02-04 09:26:55 +01:00
005fbb17a1
Address PR #20768 review feedback
...
- Fix machineKey extraction regex to handle decryption attribute
- Replace Base64.strict_encode64 with Rex::Text.encode_base64
- Add READ_FILE and EXTRACT_MACHINEKEY actions
- Add PRODUCT option for CentreStack/Triofox support
- Use different storage endpoints per product type
- Update documentation with new options and actions
2026-02-04 08:38:35 +01:00
7776588577
Address PR #20768 review feedback
...
- gladinet.rb: Fix machineKey regex to match decryptionKey then validationKey explicitly
- gladinet.rb: Remove DEFAULT_WEB_CONFIG_PATH constant, inline in each module's datastore option
- gladinet_storage_access_ticket_forge.rb: Inline version check
- gladinet_storage_access_ticket_forge.rb: Inline FILEPATH default value (with C:\ for absolute path)
- gladinet_storage_lfi_cve_2025_11371.rb: Inline version check
- gladinet_storage_lfi_cve_2025_11371.rb: Inline valid_response? method (removed)
- gladinet_storage_lfi_cve_2025_11371.rb: Inline FILEPATH default value (without C:\, stripped by build_lfi_path)
- gladinet_storage_lfi_cve_2025_11371.rb: Use vars_get with encode_params instead of manual URL building
- gladinet_viewstate_deserialization: Remove nil fallback (mandatory option with default)
- gladinet_viewstate_deserialization: Remove DEFAULT_MACHINE_KEY constant, inline in datastore option
- gladinet_viewstate_deserialization: Remove duplicate detect_app_type/extract_build_version (already in shared lib)
Note: Suggestion to rename gladinet? to is_gladinet? was NOT applied.
msftidy enforces Naming/PredicatePrefix convention which requires predicate
methods to NOT have 'is_' prefix (gladinet? is correct, is_gladinet? is not).
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2026-02-04 08:38:35 +01:00
b1adc514d1
Apply suggestions
...
Co-authored-by: jheysel-r7 <jheysel-r7@users.noreply.github.com >
2026-02-04 08:38:35 +01:00
232471ad46
Update modules/auxiliary/gather/gladinet_storage_access_ticket_forge.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2026-02-04 08:38:34 +01:00
3cffeda00e
Fix machineKey extraction regex and add reviewer credit
...
- Fix regex in gladinet mixin to handle machineKey with decryption attribute
- Add Julien Voisin as reviewer in auxiliary modules
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2026-02-04 08:38:34 +01:00
6d25006e8d
Update documentation/modules/auxiliary/gather/gladinet_storage_access_ticket_forge.md
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2026-02-04 08:38:33 +01:00
1c929ae5b6
Update lib/msf/core/auxiliary/gladinet.rb
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2026-02-04 08:38:33 +01:00
6773459759
Update documentation/modules/auxiliary/gather/gladinet_storage_access_ticket_forge.md
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2026-02-04 08:38:33 +01:00
38efe8264d
Improve Gladinet detection: check for y-glad cookies and branding in addition to ViewState
2026-02-04 08:38:32 +01:00
628c5ee7af
Update Gladinet modules: fix AutoCheck in auxiliary modules and update documentation with real outputs
2026-02-04 08:38:32 +01:00
180527876b
Fix Rubocop offenses in gladinet_storage_lfi_cve_2025_11371
2026-02-04 08:38:31 +01:00
478345506e
Add Gladinet CentreStack/Triofox auxiliary modules and exploit
2026-02-04 08:38:31 +01:00
7f5d4545ab
automatic module_metadata_base.json update
2026-02-04 07:18:40 +00:00
9f90da27c8
Land #20834 , fixes NoMethodError in teamviewer_password post module
...
Fix teamviewer_password module NoMethodError
2026-02-04 08:09:32 +01:00
ded7535c80
Merge pull request #20368 from isaac-app-dev/fix-issue-19384
...
Fixes MsfVenom not running outside framework dir
2026-02-04 00:22:52 +00:00
5e43beca60
Merge pull request #20920 from rudraditya21/fix/cracker-auto-action
...
Handle ACTION=auto with CRACKER_PATH in password crackers
2026-02-03 17:23:49 -05:00
967b43ee2e
automatic module_metadata_base.json update
2026-02-03 21:22:25 +00:00
e55d22a7cd
Merge pull request #20739 from cdelafuente-r7/add_mitre_tech_kerb_unconst_deleg
...
Add MITRE ATT&CK techniques to Kerberos and unconstrained delegation modules
2026-02-03 16:11:37 -05:00
36a240a07e
Merge pull request #20926 from cgranleese-r7/renames-windows-file-system-methods
...
Renames Windows File System namespaces
2026-02-03 21:03:07 +00:00
0c0e290cc2
Code review 2
2026-02-03 21:53:05 +01:00
71924e29ab
Merge pull request #20928 from adfoster-r7/fix-label-check-bug
...
Fix label check bug
2026-02-03 16:26:39 +00:00
9fde4e0a3e
Fix label check bug
2026-02-03 16:24:00 +00:00
b6e70417fe
Merge pull request #20927 from adfoster-r7/add-notice-about-extended-test-suite
...
Add notice about extended test suite
2026-02-03 16:10:32 +00:00
4c498a74f1
Add notice about extended test suite
2026-02-03 15:39:31 +00:00
89ebdeacef
Renames Windows file system namespaces
2026-02-03 11:23:04 +00:00
ef20db76b9
Merge pull request #20910 from jheysel-r7/docs/gsoc-2026-wiki-update
...
GSoC 2026 Wiki Updates
2026-02-02 14:44:00 -05:00
a65a013b2b
Apply suggestions from code review
2026-02-02 11:39:34 -08:00
a047ff9e79
Update docs
2026-02-02 08:25:25 -08:00
b85b2d4528
Add comments and remove T1077_WINDOWS_ADMIN_SHARES (deprecated)
2026-02-02 12:03:17 +01:00
f5829a7950
automatic module_metadata_base.json update
2026-02-01 20:25:20 +00:00
677fa6243e
Merge pull request #20883 from jheysel-r7/fix/impersonate_config_check
...
Add validate_options check for IMPERSONATE and IMPERSONATE_TYPE in get_ticket
2026-02-01 20:16:18 +00:00
a3dd697f6e
fixed: auto cracker selection with CRACKER_PATH
2026-02-01 21:59:31 +05:30
0b210b6f70
automatic module_metadata_base.json update
2026-02-01 00:00:09 +00:00
e2d4a5f5bd
Merge pull request #20916 from Chepycou/master
...
fix : updated printing to prevent crash in auxiliary/scanner/sap/sap_soap_rfc_system_info or sap_icf_public_info.rb
2026-01-31 23:50:48 +00:00
14f10c73e4
rm unused element from TeamViewer registry keys array
2026-01-31 18:33:04 +01:00
e7f8b07476
Merge pull request #20882 from karanabe/icpr_cert-rsa-keysize
...
Add RSAKeySize option to satisfy AD CS template minimums
2026-01-30 15:56:58 -06:00
343132b658
fix : Update sap_soap_rfc_system_info.rb result printing to fix crash
2026-01-30 18:44:02 +01:00
12a1467b7e
fix: Updated sap_icf_public_info.rb result printing to prevent crash
2026-01-30 18:43:07 +01:00
4674c86a65
automatic module_metadata_base.json update
2026-01-30 15:57:30 +00:00
adee4d223a
Merge pull request #20894 from jameskim200/issue-20893-fix-typos-in-icmp_exfil
...
[ISSUE-20893] fix typos in the options descriptions of the `auxiliary/server/icmp_exfil` module
2026-01-30 07:46:54 -08:00
bbc8f7d115
automatic module_metadata_base.json update
2026-01-30 14:56:39 +00:00
c31a606cb4
Merge pull request #20898 from raboof/exploit-continuum-add-cve-reference
...
add CVE reference to Continuum exploit
2026-01-30 06:47:30 -08:00
2a85783207
Update navigation.rb
2026-01-30 06:57:52 -07:00
3e630ac7b9
Bump version of framework to 6.4.112
2026-01-29 15:50:00 +00:00
sfewer-r7