fc3b08fb8b
Apply suggestions from code review
...
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com >
2022-07-22 12:51:40 +00:00
e91beedc4a
Rubocop fixes
2022-07-21 17:01:56 -05:00
ebe61b50a7
Fixed parameter quotes
2022-07-21 12:25:29 +00:00
d23c175f28
Added AutoCheck and CmdStager
2022-07-21 11:39:58 +00:00
a7b379f292
Fix up check code segment that would never be reached due to if/else statement above
2022-07-19 16:03:44 -05:00
59ea337c6b
Fix up CVE format, add in Notes section
2022-07-19 15:58:11 -05:00
336a1feaf7
Fix up naming of module and documentation and fix most of the RuboCop and formatting errors
2022-07-19 15:44:52 -05:00
d2769ef82b
Add Roxy-WI exec
2022-07-19 21:08:45 +03:00
ebb15ee9e7
Land #16598 , Add in LDAP Query Module
2022-07-19 09:51:00 -04:00
e3e6afbaa3
Land #16753 , ms03_007_ntdll_webdav: Cleanup and add additional offsets
...
Merge branch 'land-16753' into upstream-master
2022-07-19 08:48:06 -05:00
2eaccd657f
Use an OptPath for QUERY_FILE_PATH
...
This adds tab completion and an extra check to make sure it exists.
2022-07-19 09:48:03 -04:00
dcd4caf977
Remove excess error handling that was causing issues
2022-07-19 08:10:53 -05:00
2af8042bfa
Land #16761 , clean up ms01_023_printer
...
Adds additional offsets for various Windows 2000 targets.
Replaces raw socket TCP with HttpClient. This works fine in testing.
Fixes default payload, adds docs and notes.
2022-07-16 17:56:59 -04:00
adecb0d94b
Merge branch 'master' into ms02_065_msadc
2022-07-16 17:26:23 -04:00
77be219bc2
Land #16754 , add offsets to ms02_065
...
Adds additional offsets for various Windows 2000
Professional targets, adds docs, fixes default
payload and resolves rubocop violations.
2022-07-16 16:43:47 -04:00
25f50e607c
Reduce code, be more permissive
...
This makes a few changes that should enable the module to function
better should it be dropped into a fresh MSF installation on its own.
2022-07-15 16:29:17 -05:00
2a8d95c121
Default to having a near empty custom file so that we can still update the default queries without issues vs preventing updates from occuring. If users want to override the defaults, then they accept the risk of not getting updates. Update documentation to also note this.
2022-07-15 16:29:12 -05:00
1e05630d26
Make sure that we load ACTIONs from the user's custom file at startup if they have changed anything or added any new ACTIONs
2022-07-15 16:29:12 -05:00
2d1acc0369
Refactor code and also add in proper fail_with error codes where needed. Also fix up module and documentation descriptions to be a bit clearer.
2022-07-15 16:29:01 -05:00
03ebbaf2d0
Add in RUN_SINGLE_QUERY and associated options, and then update the code and documentation accordingly. This will allow users to run single queries with associated attribute filters if they want to test out single queries at a time without changing YAML files
2022-07-15 16:29:00 -05:00
32e5884589
Update error description to be more helpful when debugging. Also update DefaultAction to default to first entry in the list or RUN_QUERY_FILE if no other action is available
2022-07-15 16:28:50 -05:00
c5f2507ee0
Fix up usage of the word columns where attributes was more appropriate. Also update the multi query logic to match new data format as it was broken before as a result of changes to file format. Finally remove extra parameters that are no longer needed.
2022-07-15 16:28:43 -05:00
8c236e789e
Rename files to follow proper format. Add in documentation for examples. Then update code so we use Msf::Config.get_config_root to store the config file that we parse to get the actions outside of a Git tracked location. We will still use the default file to populate this non-git tracked location if its not already populated though.
2022-07-15 16:28:43 -05:00
3c56e272a1
Remove default actions and move them to default.yaml, then update code accordingly. Also update the initialization code so it will now load the possible actions dynamically from default.yaml.
2022-07-15 16:28:37 -05:00
438b4b1bf8
Rework the logic for output and make it a lot neater. Also redo the query logic thanks to help from Alan David Foster so the query itself will specify what fields we need vs us having to manually filter this out later on. Makes it a lot quicker and easier to work with
2022-07-15 16:28:31 -05:00
2a1a8aa632
Add in CSV reporting formatting thanks to some help from Alan David Foster
2022-07-15 16:28:30 -05:00
d4809219b9
Add in JSON output option
2022-07-15 16:28:23 -05:00
515bfd296e
Add in YAML query file implementation
2022-07-15 16:28:23 -05:00
65b9e1cb13
Push initial copy of work up
2022-07-15 16:27:56 -05:00
59685f82f8
ms02_065_msadc: Cleanup and add additional offsets
2022-07-15 00:15:56 +10:00
662c8bbd87
Land #16742 , add NetScaler decrypt aux module
...
This aux module allows users to decrypt secrets
in Citrix NetScaler appliance configuration files
2022-07-13 14:00:43 -04:00
8f3a0e3856
Land #16742 , add NetScaler decrypt aux module
...
This aux module allows users to decrypt secrets
in Citrix NetScaler appliance configuration files
2022-07-13 12:11:02 -04:00
819d1fa2dd
Land #16762 , Sourcegraph RCE module
...
This module exploits a vuln in the gitserver
component of sourcegraph that results in OS
command execution in the context of gitserver.
2022-07-13 10:09:06 -04:00
9a6013b153
citrix_netscaler_config_decrypt refinements
...
Refactor error handling when composing KEK fragments to be more
streamlined.
Various tweaks and optimizations.
Updates to documentatation.
2022-07-13 08:36:18 -04:00
443920850c
Update modules/auxiliary/admin/citrix/citrix_netscaler_config_decrypt.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2022-07-13 07:56:41 -04:00
d227f0aaa2
Update modules/auxiliary/admin/citrix/citrix_netscaler_config_decrypt.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2022-07-13 07:56:12 -04:00
ccef129807
Land #16727 , set tftphost option
2022-07-12 15:29:42 -05:00
fdd7a863c8
Land #16736 , fix confluence_widget_connector crash
...
This change fixes a bug in the confluence_widget_connector
exploit module to prevent it from crashing when the HTTP
response body received in the get_java_property method is
empty or does not match expected regex.
2022-07-12 12:27:40 -04:00
52fd45b7ab
Land #16744 Jboss EAP/AS RCE module
...
This module exploits a Java deserialization vulnerability
in JBOSS EAP/AS Remoting Unified Invoker interface for
versions 6.1.0 and prior.
2022-07-12 10:49:22 -04:00
7df6d73741
Added new line to end of file
2022-07-12 09:08:19 -04:00
44abcfcb28
Added flavour to fix linux_dropper
2022-07-12 09:06:06 -04:00
439606b2ac
Use a more reliable check method
...
The check method will not work regardless of whether or not there is a
cloned repository. The response can be analyzed using a random,
non-existant repo.
2022-07-11 09:48:08 -04:00
48cefee585
Cleanup the module based on feedback
2022-07-11 09:09:25 -04:00
3e66fc8f4e
Fix crash in ms04-007-killbill
2022-07-10 00:07:26 +01:00
9d979fdf4f
Finish up the sourcegraph RCE module
2022-07-08 17:27:22 -04:00
27ad62c964
Add a decent check method
2022-07-08 16:40:42 -04:00
83bc954e9d
ms01_023_printer: cleanup; use HttpClient; add additional targets
2022-07-09 01:36:10 +10:00
781597bc0e
Land #16617 , fix race condition in short ranges
2022-07-08 09:56:51 -04:00
728cf97f6e
Land #16718 , Fix run_as module on x64 systems
2022-07-08 09:22:22 -04:00
2f7cf90b7f
mixin didn't work with linux_dropper payload
...
- Fixed exception handling variable attribution
- Tried to change JavaDeserialization Util to JavaDeserialization mixin
instead
- Changed the fail reason when the connection is unsuccessful
2022-07-08 02:30:26 +02:00
Nuri Çilengir