3346ddec2c
Land #17155 , Remote mouse version updates
...
Also add a vulnerable download link to the docs
2022-10-27 16:32:23 -04:00
9e7c887347
Land #17187 , update aerohive_netconfig_lfi_log_poison_rce to support 10.0r8
2022-10-27 15:53:03 +01:00
0e72307d36
aerohive_version_fix
2022-10-27 13:33:18 +03:00
9c5d82e00f
Land #17147 , add Vargrant Breakout module
...
This PR adds a module that exploits a default
Vagrant shared folder to append a Ruby payload
to the Vagrant project Vagrantfile config file.
2022-10-26 17:11:03 -04:00
01fa2e1041
Add Vagrant Synced Folder Vagrantfile Breakout module
2022-10-26 17:33:44 +11:00
35e4d829d8
Land #17164 , add THEME_DIR option to wp_crop_rce
2022-10-25 12:23:50 -05:00
7c64b0ba93
add option in documentation and add notes
2022-10-25 12:22:00 -05:00
982cfb97c2
Refactor: check for THEME_DIR as ternary
...
Suggested by @space-r7
2022-10-25 17:38:30 +02:00
9902e9a1e4
Land #17110 , check files exist before doing other things
...
Merge branch 'land-17110' into upstream-master
2022-10-24 14:20:16 -05:00
3bf4bd7d7d
Land #17162 , add RCE module for CVE-2022-35914
...
This PR adds an RCE module for the php code injection
present in GLPI versions 10.0.2 and below
2022-10-24 12:18:34 -04:00
3bbd05a11a
Update modules/exploits/linux/http/glpi_htmlawed_php_injection.rb
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2022-10-24 11:48:33 -04:00
08721ccf73
Adding THEME_DIR option to wp_crop_rce exploit
2022-10-20 16:37:21 +02:00
4cfbae63ac
Land #17114 , Add exploit for CVE-2022-41352 (zimbra cpio)
2022-10-20 15:10:42 +02:00
6039e54b75
For real, this time
2022-10-19 17:23:16 -05:00
78e8de826b
Sure; I can spell
2022-10-19 17:22:29 -05:00
238aa9058f
Fix Cmdstager flavor, complete info hash
2022-10-19 17:18:20 -05:00
56b8bf6302
Working draft for CVE-2022-35914
2022-10-19 14:33:33 -05:00
56d6f7747b
Remove some old code and update documentation with version info
2022-10-19 10:02:29 -07:00
15d81ca04c
Land #17135 , Add namespace to identify.rb
2022-10-19 10:48:25 +02:00
c43272985e
Land #17141 , Zimbra Postfix priv esc
2022-10-19 10:33:37 +02:00
9a35a5c8dd
Post patch info
2022-10-18 10:12:54 -07:00
6bdf0da994
Add a sanity check before generating the payload - prevents a confusing error if the server is down
2022-10-18 10:09:51 -07:00
1804e5ab60
Update modules/exploits/linux/http/fortinet_authentication_bypass_cve_2022_40684.rb
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2022-10-18 00:51:28 +02:00
dea3f72f6b
Resolve feedback - get rid of unnecessary directory, add CVE number, let the user choose the path
2022-10-17 15:00:56 -07:00
1e50ba3415
Move to Hashes module, address requested changes
...
Fix rubocop
Move identify to hashes module up one layer, use full reference to identify_hash instead of full include
Fix SMTP require
Remove hashes require statement
Remove hashes require statement
Remove hashes require statement
Remove hashes require statement
Address remaining requested changes, reference constants directly
Add all the missing direct references
Co-Authored-By: Jeffrey Martin <jeffrey_martin@rapid7.com >
2022-10-17 17:28:31 -04:00
8b5223f53b
Modularize Identify, Update referenced use cases
...
Modularize Identity.rb
Include new module style Identify
Update juniper.rb
Fix inadvertent change
Add new module to identify spec
Put the require back
Put back require line for juniper
2022-10-17 17:28:30 -04:00
67bd118dd5
Update modules/exploits/linux/http/fortinet_authentication_bypass_cve_2022_40684.rb
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2022-10-17 22:49:48 +02:00
7cdf8e181f
Update modules/exploits/linux/http/fortinet_authentication_bypass_cve_2022_40684.rb
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2022-10-17 22:49:34 +02:00
05b80631f3
update remote mouse version checks
2022-10-17 15:30:17 -04:00
08deb21ae3
update remote mouse version checks
2022-10-17 15:29:10 -04:00
b3a0d70688
Added prefer admin
...
- One can now say whether the auto-detect user method should prefer to return the admin or other random one.
2022-10-17 15:16:16 +02:00
5d99428c1d
Changed SSH key algorithm and fix bug on cleanup
...
- Prefer to use EC over RSA, only because it is smaller
- When there was no previous ssh key for such user the cleanup method was trying to overwrite the one on the index 0
2022-10-17 14:40:51 +02:00
71a1c60d49
Sticking to the striced needed
...
The port in the Forwarded HTTP header can be random.
2022-10-17 13:01:13 +02:00
422675a0c0
Fixed code-style offenses
2022-10-17 01:08:57 +02:00
6140f0bc4d
Added method to auto-detect target user
2022-10-17 00:44:46 +02:00
9241c515d7
Try to cleanup only if there was ssh connection
2022-10-16 18:50:39 +02:00
6cfb277c90
Added cleanup method
2022-10-16 15:09:45 +02:00
45149c144c
Code cleanup and ssh key password
...
- cleaned up some unecessary code
- add option to the user set an encrypted custom ssh key
2022-10-16 13:32:25 +02:00
95b1bffdea
Do not overwrite the first two keys
2022-10-15 19:04:53 +02:00
47f6971651
It is working but need some improvements
2022-10-15 04:10:12 +02:00
a2a2dcbf6f
Check in zimbra_postfix_priv_esc.rb
2022-10-14 13:21:41 -07:00
31404116a5
Rename module
2022-10-14 22:19:43 +02:00
f643bba09a
Added module for CVE-2022-40684
2022-10-14 18:36:18 +02:00
a3e32ffafa
Add TARGET 0 to documentation
2022-10-12 20:00:33 -05:00
e9f54aa5b8
Update documentation with better wording, and add randomization of parameter name to module along with cleanup code for deleting uploaded files
2022-10-12 19:16:52 -05:00
44271c529f
Update code to include defaults that work with standard application
2022-10-12 19:16:52 -05:00
9652823393
Reverted check method to upload shell
2022-10-12 19:16:44 -05:00
f6a36a432c
Shortened shellcode
2022-10-12 19:16:43 -05:00
ffd1d00991
Updated WEBSHELL_NAME option description
2022-10-12 19:16:36 -05:00
b256a521c8
Changed payload to POST
2022-10-12 19:16:29 -05:00
Jack Heysel