fa1e7ae016
close all CMFL tags and chain the getRuntime and exec calls for berevity
2023-04-11 11:22:13 +01:00
43fe41bea5
RCE exploit for CVE-2023-26359 and an auxiliary module for arbitrary file read via the same vuln.
2023-04-06 14:02:01 +01:00
a6159ccda5
automatic module_metadata_base.json update
2023-04-03 06:17:46 -05:00
f7cee703ce
Land #17835 , cisco_dcnm_auth_bypass: Fix TARGETURI URL normalization
2023-04-03 11:47:56 +01:00
728e1f1ea2
Land #17836 , Add session.platform example to post module docs
2023-04-03 11:45:11 +01:00
2b90337947
Land #17844 , fix broken module references
2023-04-03 11:34:13 +01:00
ffea12fe2c
Land #17837 , AutoCheck documentation
2023-04-03 11:31:35 +01:00
a853efb05f
Land #17840 , Add notes section to exploit template
2023-04-03 11:28:48 +01:00
c12ef82d35
Land #17841 , Update Assigning-Labels doc
2023-04-03 10:49:46 +01:00
a54f3d4707
fix broken module references
...
doing these "by domain" now, piecemeal.
this PR fixes all broken references to the "insecurety" website, which is long dead.
2023-04-01 05:17:02 -07:00
18cfc42cb0
Update assigning labels doc
2023-03-31 16:21:12 -04:00
e112c9b610
Update docs/metasploit-framework.wiki/Get-Started-Writing-an-Exploit.md
...
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com >
2023-03-31 14:54:20 -04:00
51fb3335c7
Removed unnecessary changes
2023-03-31 14:40:30 -04:00
b82bb572ca
Add notes section to exploit template
2023-03-31 14:35:06 -04:00
6fdbc0b903
Add AutoCheck mixin doc
2023-03-31 18:25:57 +02:00
c41d44ac3c
Add session.platform example
2023-03-31 11:22:01 -04:00
2711ba4b3a
cisco_dcnm_auth_bypass: Fix TARGETURI URL normalization
2023-03-31 23:53:41 +11:00
eb12cfec05
Land #17778 , Update brocade tests to pass locally
2023-03-31 10:51:31 +01:00
3aabb738bf
Bump version of framework to 6.3.11
2023-03-30 12:10:12 -05:00
fd4be04e28
automatic module_metadata_base.json update
2023-03-30 11:58:43 -05:00
15d267a233
Land #17826 , post module for CVE-2023-21768
...
This adds an exploit module for CVE-2023-21768 that
achieves local privilege escalation on Windows 11 2H22.
2023-03-30 12:27:28 -04:00
f40e843b4e
Land #17833 , Add check metadata to rpc module info
2023-03-30 17:08:04 +01:00
152ef4a86b
Update modules/exploits/windows/local/cve_2023_21768_afd_lpe.rb
2023-03-30 11:28:46 -04:00
6f400052b1
Update modules/exploits/windows/local/cve_2023_21768_afd_lpe.rb
2023-03-30 11:00:55 -04:00
6111d55504
automatic module_metadata_base.json update
2023-03-30 08:29:58 -05:00
ab08cd2d1c
Land #17753 , Update get_ticket to support using forged golden tickets
2023-03-30 14:15:48 +01:00
c926f4961b
Add check metadata to rpc module info
2023-03-30 10:24:31 +01:00
6f89d94759
automatic module_metadata_base.json update
2023-03-29 12:46:31 -05:00
1f32004901
Land #17813 , ssh_enumusers set CHECK_FALSE to true
2023-03-29 12:31:31 -05:00
51ea787f69
automatic module_metadata_base.json update
2023-03-29 09:49:46 -05:00
9cd024a7a2
Land #17828 , add AMQP login scanner module
2023-03-29 09:24:48 -05:00
0a559bfded
Land #17704 , Apache Solr RCE via Velocity Template: Attempt fix for NoMethodError when exploiting
2023-03-29 15:12:04 +01:00
e1ecdac2a5
Land #17724 , Add ticket checksum to kerberos ticket creation
2023-03-29 09:01:39 +01:00
72ec93d27a
Land #17827 , add AMQP version scanner module
2023-03-28 16:00:42 -05:00
aaa36e2651
Land #17831 , Fix dead reference links in rpc_cmsd_opcode21.rb
2023-03-28 19:38:46 +01:00
f626b55831
Land #17825 , Update zimbra_slapper_priv_esc.rb
2023-03-28 18:36:18 +01:00
f6c4679435
Land #17830 , tools: modules: committer_count: Parse date argument with Time.parse
2023-03-28 18:34:24 +01:00
1330913e33
Fix dead reference links in rpc_cmsd_opcode21.rb
...
Both the reference links in this one are dead, replacing with archive.org links.
Much like https://github.com/rapid7/metasploit-framework/pull/17825 , I'll be doing these ad-hoc for a little bit until I figure out a reliable way to do a load of them in one batch.
2023-03-28 18:15:26 +01:00
865251b8aa
Land #17818 , fix crash in RPC job info
2023-03-28 12:02:56 -04:00
74bb908e56
tools: modules: committer_count: Parse date argument with Time.parse
2023-03-29 01:45:27 +11:00
fcb93fef58
Land #17806 , Optergy BMS Backdoor RCE module
...
This module exploits an undocumented backdoor vulnerability
(CVE-2019-7276) in the Optergy Proton and Enterprise Building
Management System (BMS) applications.
2023-03-28 10:27:35 -04:00
f3c12ba176
Land #17808 , Update broken secunia references
...
The Secunia links in the framework were dead. They have
now been restored using the wayback machine to grab
replacement links from the earliest date possible.
2023-03-27 17:20:13 -04:00
7a2643304e
Add a missing require line
2023-03-27 16:54:04 -04:00
97d67c6a79
Add an AMQP login scanner
2023-03-27 16:53:03 -04:00
5d0ae3e0c0
Add a missing require line
2023-03-27 16:48:40 -04:00
95e8a1c175
Initial AMQP version scanner
2023-03-27 16:44:11 -04:00
f9c6caa804
Land #17785 , add SolarWinds (SWIS) deser RCE
2023-03-27 15:25:17 -05:00
a36a475111
Bump rex-socket to 0.1.49
...
This includes the SSL fix from rapid7/rex-socket#58
2023-03-27 16:02:57 -04:00
6d4ee0c071
Add exploit for CVE-2023-21768
2023-03-27 20:08:22 +02:00
38f7cbdfc6
Update zimbra_slapper_priv_esc.rb
...
fixing reference to use an archive link as the sites down.
2023-03-27 16:46:07 +01:00
sfewer-r7