e3e6afbaa3
Land #16753 , ms03_007_ntdll_webdav: Cleanup and add additional offsets
...
Merge branch 'land-16753' into upstream-master
2022-07-19 08:48:06 -05:00
2af8042bfa
Land #16761 , clean up ms01_023_printer
...
Adds additional offsets for various Windows 2000 targets.
Replaces raw socket TCP with HttpClient. This works fine in testing.
Fixes default payload, adds docs and notes.
2022-07-16 17:56:59 -04:00
adecb0d94b
Merge branch 'master' into ms02_065_msadc
2022-07-16 17:26:23 -04:00
77be219bc2
Land #16754 , add offsets to ms02_065
...
Adds additional offsets for various Windows 2000
Professional targets, adds docs, fixes default
payload and resolves rubocop violations.
2022-07-16 16:43:47 -04:00
59685f82f8
ms02_065_msadc: Cleanup and add additional offsets
2022-07-15 00:15:56 +10:00
ccef129807
Land #16727 , set tftphost option
2022-07-12 15:29:42 -05:00
3e66fc8f4e
Fix crash in ms04-007-killbill
2022-07-10 00:07:26 +01:00
83bc954e9d
ms01_023_printer: cleanup; use HttpClient; add additional targets
2022-07-09 01:36:10 +10:00
728cf97f6e
Land #16718 , Fix run_as module on x64 systems
2022-07-08 09:22:22 -04:00
3f63f9fcd1
ms02_065_msadc: Cleanup and add additional offsets
2022-07-08 00:26:02 +10:00
7d111938d5
ms03_007_ntdll_webdav: Cleanup and add additional offsets
2022-07-07 20:31:57 +10:00
04aa05faa2
ms01_026_dbldecode: Use HttpClient; remove meterpreter code; fix stager
2022-07-03 18:22:55 +10:00
0e3fdd0799
Fix from code review
2022-06-29 19:18:47 +02:00
bbbec267b6
exploits: Set tftphost option for modules which use Windows TFTP stager
2022-06-29 19:10:52 +10:00
a9d3e7c758
Fix run_as module on x64 systems
2022-06-27 13:21:58 +02:00
a075c676a6
Fix spacing issue
2022-06-10 08:47:41 -05:00
3f06e237b7
Correctly format the notes sections
2022-06-10 14:01:57 +01:00
c751ef46c9
Land #16635 , Add 0-day MSWord RCE #Follina CVE-2022-30190
...
Merge branch 'land-16635' into upstream-master
2022-06-06 14:41:31 -05:00
3ab06461af
fix. second review
2022-06-02 00:58:20 +04:00
dd1814903c
fix. SRVHOST default value
2022-06-02 00:07:15 +04:00
8c19a02835
fix. first review
2022-06-01 20:15:08 +04:00
7f89e92da3
add more informations about
2022-05-31 00:12:30 +04:00
97921b4ed9
fix chmod 644
2022-05-30 22:11:35 +04:00
dfc226cf5f
add. Supposed 0day MSWord RCE
2022-05-30 21:23:18 +04:00
5f5444936f
Land #16488 , Windows Task Scheduler Mixin
2022-05-25 12:37:03 -04:00
52a8191821
Fix vss_persistence module and remove Windows 7 target
2022-05-25 13:11:34 +02:00
1524020643
Use moved_from to deprecate the module
2022-05-24 09:16:30 -04:00
5fd18ef864
Fixes from review
2022-05-19 14:54:07 +02:00
7992cb2072
Update vss_persistenceand persistence_exe modules to includes
...
changes in `TaskScheduler` mixin
2022-05-17 14:52:47 +02:00
14cd7bc335
Add task scheduler mixin and update persistence_exe and vss_persistence modules
2022-05-17 14:52:47 +02:00
02e7a65b93
Just move the auxiliary module into an exploit
2022-05-16 17:44:31 -04:00
d278ad9be1
Add the printnightmare exploit
2022-05-16 14:56:46 -04:00
19a9ff1198
Update a couple of modules for the new SMB server
2022-05-16 14:39:45 -04:00
b79b550d6c
Centralize the log adapter
...
This should eventually be updated to map the levels to the framework
logger and appropriate module-print_* function.
2022-05-16 14:39:45 -04:00
475f6eee8c
Capture hash when serving files over SMB
2022-05-16 14:39:44 -04:00
b920c04b75
Land #16548 , Add Powershell Command Adapter
2022-05-10 16:47:57 -05:00
dd5aee4956
Increase the size of psexec commands
2022-05-09 11:55:57 -04:00
d1034c8b57
s4u_persistence.rb: Allow all post-Vista builds
...
Currently this module doesn't account for Server builds 2016 and above, nor Windows 10 builds. This PR fixes the `sysinfo` comparison to allow later builds.
Note: Many other modules have this problem, and it's probably worth Rapid7 staff time to standardize the usage of build comparisons inside modules.
2022-04-21 15:33:42 -07:00
8e2bd3c5a9
Land #16475 , ManageEngine ADSelfService Plus RCE
2022-04-20 15:22:36 -04:00
bf1f786813
Title case the target name
2022-04-20 15:22:07 -04:00
aba48a6905
Improve JSON cleanup, fix jjs specific wording, and moved JJS_PATH to defaultoptions
2022-04-20 06:27:43 -07:00
4417a335ff
Land #16379 , Make SSH defaults widely used
...
Refactored a number of modules to use ssh_client_defaults
2022-04-19 22:08:45 -07:00
94ed9ae28b
Modules: Prefer CVE references over cve.mitre.org URL references
2022-04-19 20:42:23 +00:00
ae54c8c3d9
Initial implementation of authenticated RCE against ManageEngine ADSelfService Plus (CVE-2022-28810)
2022-04-19 10:33:54 -07:00
37e334f95d
Rubocop
2022-04-18 09:36:52 -07:00
a4a9bc033a
Fix building the SessionSetup request for MS17-010
...
RubySMB commit 8035d9c2 broke the exploit's SessionSetup request.
2022-04-12 10:45:17 -04:00
5de966cfb1
Land #16382 , CVE-2022-26904 SuperProfile LPE
2022-04-07 12:52:39 -04:00
51e37bbe42
Add in process kill off code for Meterpreter sessions, seems I forgot to include this
2022-04-07 10:48:08 -05:00
4638067723
Fix RuboCop errors
2022-04-06 09:18:05 -05:00
c8c91fcaf3
Add in fix to ensure that we can spawn sessions automatically on Windows 10 20H2 and other systems were we hit a bug with UAC prompts from the exploit DLL itself not triggering the payload
2022-04-05 19:16:48 -05:00
bwatters