fa1e7ae016
close all CMFL tags and chain the getRuntime and exec calls for berevity
2023-04-11 11:22:13 +01:00
43fe41bea5
RCE exploit for CVE-2023-26359 and an auxiliary module for arbitrary file read via the same vuln.
2023-04-06 14:02:01 +01:00
a54f3d4707
fix broken module references
...
doing these "by domain" now, piecemeal.
this PR fixes all broken references to the "insecurety" website, which is long dead.
2023-04-01 05:17:02 -07:00
15d267a233
Land #17826 , post module for CVE-2023-21768
...
This adds an exploit module for CVE-2023-21768 that
achieves local privilege escalation on Windows 11 2H22.
2023-03-30 12:27:28 -04:00
152ef4a86b
Update modules/exploits/windows/local/cve_2023_21768_afd_lpe.rb
2023-03-30 11:28:46 -04:00
6f400052b1
Update modules/exploits/windows/local/cve_2023_21768_afd_lpe.rb
2023-03-30 11:00:55 -04:00
0a559bfded
Land #17704 , Apache Solr RCE via Velocity Template: Attempt fix for NoMethodError when exploiting
2023-03-29 15:12:04 +01:00
aaa36e2651
Land #17831 , Fix dead reference links in rpc_cmsd_opcode21.rb
2023-03-28 19:38:46 +01:00
f626b55831
Land #17825 , Update zimbra_slapper_priv_esc.rb
2023-03-28 18:36:18 +01:00
1330913e33
Fix dead reference links in rpc_cmsd_opcode21.rb
...
Both the reference links in this one are dead, replacing with archive.org links.
Much like https://github.com/rapid7/metasploit-framework/pull/17825 , I'll be doing these ad-hoc for a little bit until I figure out a reliable way to do a load of them in one batch.
2023-03-28 18:15:26 +01:00
fcb93fef58
Land #17806 , Optergy BMS Backdoor RCE module
...
This module exploits an undocumented backdoor vulnerability
(CVE-2019-7276) in the Optergy Proton and Enterprise Building
Management System (BMS) applications.
2023-03-28 10:27:35 -04:00
f3c12ba176
Land #17808 , Update broken secunia references
...
The Secunia links in the framework were dead. They have
now been restored using the wayback machine to grab
replacement links from the earliest date possible.
2023-03-27 17:20:13 -04:00
f9c6caa804
Land #17785 , add SolarWinds (SWIS) deser RCE
2023-03-27 15:25:17 -05:00
6d4ee0c071
Add exploit for CVE-2023-21768
2023-03-27 20:08:22 +02:00
38f7cbdfc6
Update zimbra_slapper_priv_esc.rb
...
fixing reference to use an archive link as the sites down.
2023-03-27 16:46:07 +01:00
bcef7ee357
updated module and documentation with SUDO option
2023-03-26 18:31:25 +00:00
b7ac6d45d5
Land #17789 , proftpd_modcopy_exec enhancements
...
This PR add documentation, notes, a reference URL, and a few
general code improvements to the check and exploit methods.
2023-03-24 21:08:28 -04:00
3ca177eb1f
Add the exploit for CVE-2022-38108
2023-03-23 17:28:58 -04:00
d04c8e1bce
Update broken secunia references
2023-03-23 10:43:57 +00:00
28459c286a
init commit module and documentation
2023-03-22 18:40:50 +00:00
67ac2dc584
Land #17771 , add monitorr file upload rce
2023-03-22 13:00:38 -05:00
3fe0801d92
use target_uri.path in requests
2023-03-22 12:50:11 -05:00
1f2a889d0c
Land #17388 , Zyxel router RCE
...
This module adds a new exploit module for a buffer
overflow in roughly 45 different Zyxel router and VPN models.
2023-03-21 15:07:04 -04:00
f5d1aab01a
Changed send_request_cgi to raw
2023-03-21 14:26:05 -04:00
e3df74ee5b
Updates addressing review points of space-r7
2023-03-20 21:04:58 +00:00
871a251c94
Apply suggestions from code review
...
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2023-03-20 21:44:11 +01:00
5903addbd6
Updates adressing majority of review points
2023-03-19 15:13:09 +00:00
1b7cee4589
exploit/unix/ftp/proftpd_modcopy_exec: Add docs and resolve RuboCop violations
2023-03-19 15:35:36 +11:00
31a32ccd9b
linting and srvhost check fix
2023-03-17 14:39:02 -04:00
56761a2f6d
Update modules/exploits/linux/misc/zyxel_multiple_devices_zhttp_lan_rce.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-03-17 13:01:02 -04:00
6b853b57c6
Update modules/exploits/linux/misc/zyxel_multiple_devices_zhttp_lan_rce.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-03-17 13:00:15 -04:00
df365b55a4
Update modules/exploits/linux/misc/zyxel_multiple_devices_zhttp_lan_rce.rb
...
Co-authored-by: Jeffrey Martin <jeffrey_martin@rapid7.com >
2023-03-17 12:57:06 -04:00
0df12fd694
Land #17754 , Open web analytics 1.7.3 remote code execution
2023-03-17 10:15:33 +01:00
04e0fc70bf
Apply suggestions from code review
...
Co-authored-by: dwelch-r7 <Dean_Welch@rapid7.com >
2023-03-16 19:25:03 +01:00
3baa894840
Add DefangedMode to warn the user
2023-03-16 18:07:28 +01:00
daadb4f523
Land #17775 - Add exploit for Bitbucket env var RCE (CVE-2022-43781)
2023-03-16 11:01:07 +01:00
027793cce6
Remove unused variable res in check_connection
2023-03-15 19:00:26 +01:00
ac72c12734
Set timeout of 1s to make session available much quicker
2023-03-15 18:59:22 +01:00
d06e2d9e3d
Remove nvd url
2023-03-15 18:56:23 +01:00
22c05105d3
address review comments
...
reduces some code duplication, sets privileged to true,
and modifies documentation to reflect lhost / rhost opts
2023-03-15 11:18:03 -05:00
ee0334dd40
since file got deleted, one can not trigger the payload anymore by opening the php url
2023-03-15 01:05:10 +01:00
fddcae3d93
don't always create repo
2023-03-14 19:03:58 -05:00
0cbebc8a4c
Remove malicious .php file at the end of the exploit
2023-03-15 01:03:20 +01:00
103def70e4
More detailed error message for failed regex match
2023-03-15 00:07:20 +01:00
d72d47e502
Update Failure Codes and check for nil in the helper functions
2023-03-14 23:59:57 +01:00
897aaf9572
Use Failure::UnexpectedReply when password cant be changed
2023-03-14 23:41:48 +01:00
2310b0d942
Use Failure::NotFound when no valid cache file is found
2023-03-14 23:40:29 +01:00
86f4a16cff
Check if cache_request is not nil
2023-03-14 23:38:57 +01:00
e160e51711
Fix typos, update docs with advanced option SearchLimit, implement SearchLimit into module
2023-03-14 23:29:55 +01:00
887551bf2c
Use UnexptectedReply instead of Unknown
2023-03-14 22:29:38 +01:00
sfewer-r7