1f2a889d0c
Land #17388 , Zyxel router RCE
...
This module adds a new exploit module for a buffer
overflow in roughly 45 different Zyxel router and VPN models.
2023-03-21 15:07:04 -04:00
f5d1aab01a
Changed send_request_cgi to raw
2023-03-21 14:26:05 -04:00
31a32ccd9b
linting and srvhost check fix
2023-03-17 14:39:02 -04:00
56761a2f6d
Update modules/exploits/linux/misc/zyxel_multiple_devices_zhttp_lan_rce.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-03-17 13:01:02 -04:00
6b853b57c6
Update modules/exploits/linux/misc/zyxel_multiple_devices_zhttp_lan_rce.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-03-17 13:00:15 -04:00
df365b55a4
Update modules/exploits/linux/misc/zyxel_multiple_devices_zhttp_lan_rce.rb
...
Co-authored-by: Jeffrey Martin <jeffrey_martin@rapid7.com >
2023-03-17 12:57:06 -04:00
656ded4b86
Add module notes
2023-02-08 15:46:07 +00:00
25ee41df68
Run rubocop on exploit modules
2023-02-08 15:20:32 +00:00
cc5c405941
Unauthenticated RCE for multiple Zyxel Router changes
2022-12-15 21:44:57 +01:00
1b690283db
Unauthenticated RCE for multiple Zyxel Router
2022-12-15 11:50:48 +01:00
5d345e6689
Merge branch 'upstream-master' into feature-kerberos-authentication
2022-09-29 16:42:58 +01:00
8c3d7ff42f
Rename Thrift related definitions
...
These definitions are only used by one exploit. BinData registers the
class name globally meaning that the Header and Data types were being
defined here which conflicted with those needed for Kerberos.
2022-07-01 11:56:55 -04:00
e4ce1c53dd
Fix reference URL link
2022-06-22 15:49:43 -05:00
3f06e237b7
Correctly format the notes sections
2022-06-10 14:01:57 +01:00
93334b56ef
Properly credit Azeria and also include blog post at her request
2022-05-11 18:43:27 -05:00
1c934b87b4
Land #16169 , Add sploit for Cisco RV340 SSL VPN - CVE-2022-20699
2022-05-11 10:15:08 -05:00
68fdb103fe
Add in final touch ups to documentation to fix a typo or two for formatting. Also update exploit ranking since this exploit doesn't retrieve version information before exploiting and is not 100% reliable so Excellent ranking isn't appropriate
2022-05-11 09:39:47 -05:00
e1079a587d
remove cache flush from shellcode, dont need it
2022-03-06 23:02:02 +00:00
92856e739b
Fix shellcode so that it works with "0" octets in LHOST IP
2022-02-17 23:06:53 +07:00
d5ba1afbec
fix URLs not resolving
...
fix URLs not resolving
add csv export to references
fix URLs not resolving
pdf not pd
missed a url change
remove extra recirectedfrom fields
remove extra file
fix ovftool url accidental replacement
2022-02-16 17:22:40 -06:00
5e738309f9
add shellcode comment
2022-02-14 02:24:59 +07:00
99e2cfdab4
correct CVE number
2022-02-13 01:15:10 +07:00
963a8e7b0d
add sploit for Cisco RV340 SSL VPN
2022-02-11 16:42:08 +07:00
d7cb7804e6
Implement some changes from PR feedback
2021-11-18 16:35:13 -05:00
a915c3ce5c
Add fixes for some of the issues raised during the review process on both the documentation and module side of things
2021-11-17 17:25:50 -06:00
9fa65092d1
Switch to the new Rex stopwatch function
2021-11-16 10:12:57 -05:00
0b3f95abca
Writeup the module docs and move the protocol code
2021-11-12 15:15:51 -05:00
1f1e0fc2cc
Write and use a check method
2021-11-12 14:08:19 -05:00
7284f14fd8
Define custom Thrift types, improve syncing
2021-11-12 10:30:48 -05:00
21ff65994c
Initial commit of the Storm Nimbus cmd exec
2021-11-12 10:30:15 -05:00
21c45b3733
Update module metadata
2021-10-27 11:58:53 -04:00
60b17b5c6f
Add the module docs for OMIGOD
2021-10-26 12:08:48 -04:00
33bacd2b20
Update references and add a check method
2021-10-26 10:35:13 -04:00
e9582d1ddb
Initial commit for CVE-2021-38647
2021-10-25 17:36:55 -04:00
731b3d5ffe
OptRegExp default value as string representation
...
OptRegExp default should be string to utilize in a Regex.
This allows for the object to serialize in metadata and via
rpc bridge when transimiteed using msgpack.
2021-09-17 16:34:46 -05:00
4a9a15e638
Run Rubocop layout rules on modules
2021-08-27 17:19:43 +01:00
de22236902
add AutoCheck and update docs output
2021-04-30 15:38:57 -05:00
41fe16463d
switching to CmdStager
...
- had to switch away from python payload to appease CmdStager
- removed systemd service adjustments preferring to use sleep to avoid rate limits
- updated check function to accomodate more current vulnerable version information in vendor advisory
2021-04-30 12:53:33 -04:00
1ba22f9b0c
leveraging Udp mixin for version check
2021-04-09 15:21:38 -04:00
3ecd97f8bc
using Rex::Version over more manual process
2021-04-09 14:39:32 -04:00
ffcec1f3b4
adding comment header
2021-04-09 14:16:20 -04:00
85176f4385
style change using unless instead of if not
...
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2021-04-09 09:17:58 -05:00
c913762077
move privileged from false to true
...
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2021-04-09 09:16:49 -05:00
748ff19ef4
attempt to please linting
2021-03-25 16:11:43 -04:00
63ce27f4ca
adding IGEL OS RCE module
2021-03-25 14:39:23 -04:00
319f15d938
Handle nil versions for rubygems 4
2021-02-25 16:47:49 +00:00
b06c5c12aa
Rubocop recently landed modules continued
2021-02-25 14:13:40 +00:00
5b3fde7735
Rubocop recently landed modules
2021-02-16 15:08:08 +00:00
6cdb484d7c
Add Aerospike Database UDF Lua Code Execution exploit
2020-12-05 14:15:22 +00:00
a99ce581dd
Update TP-Link AC1750 Pwn2Own 2019 module
2020-11-26 12:56:02 +00:00
Jack Heysel