fc3b08fb8b
Apply suggestions from code review
...
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com >
2022-07-22 12:51:40 +00:00
e91beedc4a
Rubocop fixes
2022-07-21 17:01:56 -05:00
ebe61b50a7
Fixed parameter quotes
2022-07-21 12:25:29 +00:00
d23c175f28
Added AutoCheck and CmdStager
2022-07-21 11:39:58 +00:00
a7b379f292
Fix up check code segment that would never be reached due to if/else statement above
2022-07-19 16:03:44 -05:00
59ea337c6b
Fix up CVE format, add in Notes section
2022-07-19 15:58:11 -05:00
336a1feaf7
Fix up naming of module and documentation and fix most of the RuboCop and formatting errors
2022-07-19 15:44:52 -05:00
d2769ef82b
Add Roxy-WI exec
2022-07-19 21:08:45 +03:00
e3e6afbaa3
Land #16753 , ms03_007_ntdll_webdav: Cleanup and add additional offsets
...
Merge branch 'land-16753' into upstream-master
2022-07-19 08:48:06 -05:00
2af8042bfa
Land #16761 , clean up ms01_023_printer
...
Adds additional offsets for various Windows 2000 targets.
Replaces raw socket TCP with HttpClient. This works fine in testing.
Fixes default payload, adds docs and notes.
2022-07-16 17:56:59 -04:00
adecb0d94b
Merge branch 'master' into ms02_065_msadc
2022-07-16 17:26:23 -04:00
77be219bc2
Land #16754 , add offsets to ms02_065
...
Adds additional offsets for various Windows 2000
Professional targets, adds docs, fixes default
payload and resolves rubocop violations.
2022-07-16 16:43:47 -04:00
59685f82f8
ms02_065_msadc: Cleanup and add additional offsets
2022-07-15 00:15:56 +10:00
819d1fa2dd
Land #16762 , Sourcegraph RCE module
...
This module exploits a vuln in the gitserver
component of sourcegraph that results in OS
command execution in the context of gitserver.
2022-07-13 10:09:06 -04:00
ccef129807
Land #16727 , set tftphost option
2022-07-12 15:29:42 -05:00
fdd7a863c8
Land #16736 , fix confluence_widget_connector crash
...
This change fixes a bug in the confluence_widget_connector
exploit module to prevent it from crashing when the HTTP
response body received in the get_java_property method is
empty or does not match expected regex.
2022-07-12 12:27:40 -04:00
52fd45b7ab
Land #16744 Jboss EAP/AS RCE module
...
This module exploits a Java deserialization vulnerability
in JBOSS EAP/AS Remoting Unified Invoker interface for
versions 6.1.0 and prior.
2022-07-12 10:49:22 -04:00
7df6d73741
Added new line to end of file
2022-07-12 09:08:19 -04:00
44abcfcb28
Added flavour to fix linux_dropper
2022-07-12 09:06:06 -04:00
439606b2ac
Use a more reliable check method
...
The check method will not work regardless of whether or not there is a
cloned repository. The response can be analyzed using a random,
non-existant repo.
2022-07-11 09:48:08 -04:00
48cefee585
Cleanup the module based on feedback
2022-07-11 09:09:25 -04:00
3e66fc8f4e
Fix crash in ms04-007-killbill
2022-07-10 00:07:26 +01:00
9d979fdf4f
Finish up the sourcegraph RCE module
2022-07-08 17:27:22 -04:00
27ad62c964
Add a decent check method
2022-07-08 16:40:42 -04:00
83bc954e9d
ms01_023_printer: cleanup; use HttpClient; add additional targets
2022-07-09 01:36:10 +10:00
728cf97f6e
Land #16718 , Fix run_as module on x64 systems
2022-07-08 09:22:22 -04:00
2f7cf90b7f
mixin didn't work with linux_dropper payload
...
- Fixed exception handling variable attribution
- Tried to change JavaDeserialization Util to JavaDeserialization mixin
instead
- Changed the fail reason when the connection is unsuccessful
2022-07-08 02:30:26 +02:00
f958b0a053
Land #16738 , correct CVE/lint for weblogic module
2022-07-07 18:08:13 -05:00
52ac281991
change wording in fail_with()
2022-07-07 18:05:56 -05:00
4da72a9b01
Land #16735 , Fix defaults for aerohive module
...
This change sets the MeterpreterTryToFork advanced
payload option to true by default for the Linux target
in the aerohive_netconfig_lfi_log_poison_rce module.
2022-07-07 16:21:56 -04:00
3f63f9fcd1
ms02_065_msadc: Cleanup and add additional offsets
2022-07-08 00:26:02 +10:00
7d32338702
remove ARTIFACTS_ON_DISK from weblogic_deserialize_asyncresponseservice notes
2022-07-07 05:26:59 -07:00
7d111938d5
ms03_007_ntdll_webdav: Cleanup and add additional offsets
2022-07-07 20:31:57 +10:00
a8c2b3bdff
Initial exploit for CVE-2022-23642
2022-07-05 16:58:22 -04:00
f7209bfc75
Land #16724 , Modernize ms01_026_dbldecode
...
Use HttpClient; remove meterpreter code; fix stager
2022-07-05 09:36:58 -04:00
50ca5f0ce2
Add description
2022-07-05 00:25:07 +02:00
04aa05faa2
ms01_026_dbldecode: Use HttpClient; remove meterpreter code; fix stager
2022-07-03 18:22:55 +10:00
0ea033be55
Add module for jboss remoting unified invoker RCE
2022-07-01 21:39:42 +02:00
48598b8c5b
correct CVE and add linting for weblogic_deserialize_asyncresponseservice
2022-07-01 10:27:51 -04:00
17f82a900e
linting for confluence_widget_connecter and add catch for all scenarios where clear_response returns nil
2022-07-01 08:43:47 -04:00
f6b6ad4bf1
prevent confluence_widget_connector from crashing when the response body in get_java_property is empty
2022-07-01 07:37:54 -04:00
b56242c7a2
enable MeterpreterTryToFork by default for aerohive_netconfig_lfi_log_poison_rce
2022-07-01 06:15:13 -04:00
0e3fdd0799
Fix from code review
2022-06-29 19:18:47 +02:00
2d6e910078
Land #16721 , Phpmailer arg injection update
2022-06-29 13:00:48 -04:00
1b7d8f1e74
Fix a whitespace issue, restore option naming
2022-06-29 12:24:29 -04:00
bbbec267b6
exploits: Set tftphost option for modules which use Windows TFTP stager
2022-06-29 19:10:52 +10:00
695e1243b8
Update modules/exploits/multi/http/phpmailer_arg_injection.rb
...
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com >
2022-06-28 23:08:20 -10:00
6b17905790
Land #16722 , Fix notes for SideEffects and Reliability
2022-06-28 10:15:04 +01:00
9087f86cce
exploit/multi/misc/nomad_exec: Fix notes for SideEffects and Reliability
2022-06-28 17:02:51 +10:00
a89e88c462
Merge branch 'rapid7:master' into phpmailer_arg_injection_update
2022-06-27 11:05:41 -10:00
Nuri Çilengir