fdd7a863c8
Land #16736 , fix confluence_widget_connector crash
...
This change fixes a bug in the confluence_widget_connector
exploit module to prevent it from crashing when the HTTP
response body received in the get_java_property method is
empty or does not match expected regex.
2022-07-12 12:27:40 -04:00
a75a99de89
automatic module_metadata_base.json update
2022-07-12 10:13:27 -05:00
52fd45b7ab
Land #16744 Jboss EAP/AS RCE module
...
This module exploits a Java deserialization vulnerability
in JBOSS EAP/AS Remoting Unified Invoker interface for
versions 6.1.0 and prior.
2022-07-12 10:49:22 -04:00
7df6d73741
Added new line to end of file
2022-07-12 09:08:19 -04:00
44abcfcb28
Added flavour to fix linux_dropper
2022-07-12 09:06:06 -04:00
d297adcebb
Land #16766 , update docs for Pro links
2022-07-11 16:35:16 +01:00
5337571bff
update docs for Pro links
...
Updates to provide links to previous semantic version of Metasploit Pro.
2022-07-11 10:09:24 -05:00
171f81803a
Land #16747 , add lotus domino hash extraction spec
2022-07-11 14:20:22 +01:00
44e4714b9b
Land #16764 , Rex::Proto::Http: Add evasion options to shuffle GET / POST parameters
2022-07-11 14:17:07 +01:00
1416b5776d
automatic module_metadata_base.json update
2022-07-10 23:01:03 -05:00
57e66296ef
Land #16762 , ms04-007-killbill: Use protocol version 1 for connections
2022-07-11 13:39:10 +10:00
39f288bfe3
Rex::Proto::Http: Add evasion options to shuffle GET / POST parameters
2022-07-11 01:37:41 +10:00
3e66fc8f4e
Fix crash in ms04-007-killbill
2022-07-10 00:07:26 +01:00
172ee9a73b
automatic module_metadata_base.json update
2022-07-08 09:24:28 -05:00
781597bc0e
Land #16617 , fix race condition in short ranges
2022-07-08 09:56:51 -04:00
489d5e023d
automatic module_metadata_base.json update
2022-07-08 08:42:50 -05:00
728cf97f6e
Land #16718 , Fix run_as module on x64 systems
2022-07-08 09:22:22 -04:00
d6b6f47b09
change doc file
2022-07-08 02:36:18 +02:00
2f7cf90b7f
mixin didn't work with linux_dropper payload
...
- Fixed exception handling variable attribution
- Tried to change JavaDeserialization Util to JavaDeserialization mixin
instead
- Changed the fail reason when the connection is unsuccessful
2022-07-08 02:30:26 +02:00
234a83401b
automatic module_metadata_base.json update
2022-07-07 18:28:57 -05:00
f958b0a053
Land #16738 , correct CVE/lint for weblogic module
2022-07-07 18:08:13 -05:00
52ac281991
change wording in fail_with()
2022-07-07 18:05:56 -05:00
43983b6cb6
automatic module_metadata_base.json update
2022-07-07 15:45:02 -05:00
4da72a9b01
Land #16735 , Fix defaults for aerohive module
...
This change sets the MeterpreterTryToFork advanced
payload option to true by default for the Linux target
in the aerohive_netconfig_lfi_log_poison_rce module.
2022-07-07 16:21:56 -04:00
2296db8ee3
Merge pull request #16755 from zeroSteiner/fix/wiki/typo
...
It's CommonsBeanutils1 not CommonBeanutils1
2022-07-07 14:01:20 -04:00
bec15d18bc
It's CommonsBeanutils1 not CommonBeanutils1
2022-07-07 13:44:11 -04:00
87f32cbf54
automatic module_metadata_base.json update
2022-07-07 12:32:47 -05:00
6db340508f
Land #16703 , add Censys API v2 functionality
...
This PR updates the censys_search.rb module to also
make use of the v2 API functionality
2022-07-07 13:09:31 -04:00
887db0b76e
Bump version of framework to 6.2.7
2022-07-07 12:04:37 -05:00
3ad42dd153
change option names to H3 for weblogic_deserialize_asyncresponseservice docs
...
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com >
2022-07-07 19:04:26 +03:00
cdd12b3b11
expand proof verification string
2022-07-07 09:05:16 -05:00
f319d6e509
more explicitly cross platform file location
2022-07-07 08:41:55 -05:00
e7134d5244
code review adjusments for double and context
2022-07-07 08:26:46 -05:00
7d32338702
remove ARTIFACTS_ON_DISK from weblogic_deserialize_asyncresponseservice notes
2022-07-07 05:26:59 -07:00
eb6535009f
automatic module_metadata_base.json update
2022-07-06 18:38:41 -05:00
debf619968
Land #16733 , add dfscoerce scanner module
2022-07-06 18:18:00 -05:00
c092291236
Bump ruby_smb to 3.1.6
2022-07-06 15:34:25 -04:00
bc5a8f6fc9
Merge pull request #1 from cdelafuente-r7/censys_improvements
...
Rework `censys_search` module to use Censys Search API v2
2022-07-06 11:56:01 +02:00
a41f655060
add lotus domino hash extraction spec
...
Adds a spec targeting a single method in the `lotus_domino_hashes` module. This is a start on
offering example on how a spec can be written to test part of the code in a module using example
responses from a unit testing perspective.
2022-07-05 11:38:25 -05:00
20fb1e5690
automatic module_metadata_base.json update
2022-07-05 09:00:07 -05:00
f7209bfc75
Land #16724 , Modernize ms01_026_dbldecode
...
Use HttpClient; remove meterpreter code; fix stager
2022-07-05 09:36:58 -04:00
5b8680ee91
Land #16567 from h00die/juniper_enhancements
...
Juniper config processor enhancements
2022-07-05 12:06:34 +01:00
3a4276ad33
Land #16716 Expose URIPATH option for HTTP stagers
...
This fix exposes the CMDSTAGER::URIPATH option
for HTTP stagers
2022-07-04 21:11:01 -04:00
bbf56c7f4c
Delete jboss_remoting_unified_invoker.md
2022-07-05 00:33:30 +02:00
1ccc91d23c
Rename doc file
2022-07-05 00:25:56 +02:00
50ca5f0ce2
Add description
2022-07-05 00:25:07 +02:00
b8834e1534
Added documentation
2022-07-05 00:19:17 +02:00
066d01b7b2
Rework censys_search module to use Censys Search API v2
2022-07-04 17:19:16 +02:00
ec2445751f
Bump rex-exploitation gem from 0.1.30 to 0.1.31
2022-07-03 19:18:21 +10:00
04aa05faa2
ms01_026_dbldecode: Use HttpClient; remove meterpreter code; fix stager
2022-07-03 18:22:55 +10:00
Jack Heysel