f7d2cdae56
Add in ability to restore settings n documentation changes.
...
Previously there was not the ability to restore the server proxy setting.
This updates the code to do so. Additionally this also updates the documentation
to note that Fetch payloads are incompatible with this module since they
use HTTP connections that will be impacted by this module changing the server's
HTTP proxy settings. There is no way around this.
2023-06-02 09:48:03 -05:00
965311d09e
Fix documentation and fix bug in creating PARMS value
2023-06-02 09:48:02 -05:00
6e89f9b275
Address review comments
2023-06-02 09:48:02 -05:00
3ab4173d6c
Fix up base64 encoder to properly quote strings - credit to @smcintyre-r7 for the fix
2023-06-02 09:48:02 -05:00
8577f21e52
Add in documentation and updated code
2023-06-02 09:48:01 -05:00
05bb3cd182
Update again
2023-06-02 09:48:01 -05:00
c78a9bac1d
Remove dropper target and try expand potential BadChars and limit payload size???
2023-06-02 09:48:01 -05:00
6d066dc649
Add in initial copy of exploit
2023-06-02 09:47:49 -05:00
f6dc2c007a
Fix up messages to more closely match check code messages and fix typos
2023-06-01 12:38:20 -05:00
d535bb87ad
Fix up logic to handle check_host return codes
2023-06-01 12:17:59 -05:00
8ed981e575
Land #18003 , Archer c7 traversal
2023-06-01 17:37:13 +02:00
8378435051
Land #17430 , Add AWS SSM Sessions
2023-06-01 11:34:40 -04:00
6756047f1f
Land #18028 , Add Apache NiFi login scanner module
2023-05-31 12:25:18 -05:00
1fd2d41835
Fix typos and add dig for safe navigation
2023-05-31 10:34:10 -05:00
d194cf28eb
Land #18032 , Escape braces after all in cmd/brace encoder
2023-05-30 11:18:34 -05:00
002c575ee1
Land #18036 , Fix incorrect error handling in IBM sametime enumerate users module
2023-05-30 09:53:54 -05:00
ef89219715
Land #17899 , Dolibarr 16 unauthenticated contact database dump
2023-05-30 16:41:28 +02:00
0b9aff0661
Land #18004 , VSFTPD Dos Module
...
This PR adds a dos module for cve-2011-0762
which exploits the vsftpd server
2023-05-29 17:39:02 -04:00
489421f6be
Fix incorrect error handling in ibm sametime enumerate users
2023-05-28 00:29:17 +01:00
93479be5e6
review comments
2023-05-26 15:47:22 -04:00
573eb4bda4
Merge branch 'master' into archer_c7_traversal
2023-05-26 01:48:43 -04:00
f5bec517a0
Escape braces after all in cmd/brace encoder
...
Previously escaped only commas.
2023-05-25 23:46:18 -05:00
61c4ba7503
Renamed module to correct name
2023-05-25 21:21:49 -04:00
48207dd9f1
apache nifi login module
2023-05-25 16:57:32 -04:00
72ef6537ef
Added tested versions to description
2023-05-25 14:21:52 -04:00
7c2790513d
apache nifi version scanner
2023-05-24 20:05:34 -04:00
1c57019096
Merge branch 'master' into vsftpd_232
2023-05-24 10:58:22 -04:00
0aee634d67
Put authors on separate lines
2023-05-24 10:48:31 -04:00
b327809450
Changes regarding auxiliary modules
...
Changed back some modifications of includes and functions definitions that were related to exploit modules.
2023-05-24 09:28:41 +02:00
e542c50154
Merge branch 'rapid7:master' into dolibarr_16_contact_dump
2023-05-24 09:26:03 +02:00
9e38ed4459
Land #17929 , Linux sudoedit LPE (CVE-2023-22809)
...
Linux sudoedit priv esc (CVE-2023-22809)
2023-05-23 09:30:18 -04:00
120dc877ad
Pr/collab/17430 ( #41 )
...
* Prevent using post modules with the session
It doesn't work reliably because of winpty and how the output is
mangled.
* Set the limit correctly
* Fix Linux PTY downgrade issues
* Remove filtering
The filtering implementation is incomplete and unnecessary.
Filtering is unnecessary because Linux sessions execute a stub on
session start up that uses a combiantion of stty and a fifo to emulate a
PTY-less session. Windows sessions do not need filtering because they
have been explictly marked as being incompatible with the Post API which
is confused by the extra characters.
The filtering implementation is incomplete because it does not account for
echo fragments that are split across lines. It also does not account for
all of the ANSI escape codes.
* Add module docs for enum_ssm
2023-05-22 17:11:16 -04:00
60f6574bf3
Land #17965 , add module for AD CS cert management
2023-05-22 09:50:53 -05:00
e3823691a1
Add module for AD CS template CRUD operations
2023-05-22 10:28:58 -04:00
f464401dde
Land #17782 , Add fetch payloads
...
Add http wget cmd based fetch payload for Linux and Windows
2023-05-18 12:18:27 -04:00
548a2d7ab4
Add fetch payloads for Windows and Linux x64
2023-05-18 10:47:29 -05:00
6c88e85d02
Land #17993 , add invscout RPM privesc
2023-05-17 18:56:42 -05:00
21273648a4
Fixed response using double quotes
2023-05-17 12:39:02 -04:00
6882a7cc60
Shortened payload to be readable
2023-05-17 12:05:40 -04:00
ab0b8b8274
Ran msftidy on module
2023-05-17 11:48:09 -04:00
775173381c
Made progress show in dots rather than status
2023-05-17 11:44:37 -04:00
9c888da5cb
Reverted from threading as payload finally works
2023-05-17 11:43:50 -04:00
49e7c2459f
Fixed payload to properly function
2023-05-17 11:40:29 -04:00
9a732a881b
Improve module description
...
Co-authored-by: bcoles <bcoles@gmail.com >
2023-05-17 08:09:25 -04:00
789646dd65
Use better failwith lines
...
Co-authored-by: bcoles <bcoles@gmail.com >
2023-05-17 08:08:59 -04:00
0bc1fdf51d
Add invscout RPM Privilege Escalation
2023-05-17 20:17:55 +10:00
6a846c2c94
Added stub since stopping doesnt exist
2023-05-17 00:44:18 -04:00
2ca5ca1f63
stronger grep
2023-05-16 16:18:14 -04:00
713ec6ae76
Merge branch 'master' into feature/aws_ssm_sessions
2023-05-16 14:39:37 -04:00
459cf871cb
Land #17979 , Add exploit for Ivanti Avalanche file upload - CVE-2023-28128
2023-05-16 09:19:33 -05:00
Grant Willcox