3e66fc8f4e
Fix crash in ms04-007-killbill
2022-07-10 00:07:26 +01:00
728cf97f6e
Land #16718 , Fix run_as module on x64 systems
2022-07-08 09:22:22 -04:00
04aa05faa2
ms01_026_dbldecode: Use HttpClient; remove meterpreter code; fix stager
2022-07-03 18:22:55 +10:00
0e3fdd0799
Fix from code review
2022-06-29 19:18:47 +02:00
a9d3e7c758
Fix run_as module on x64 systems
2022-06-27 13:21:58 +02:00
a075c676a6
Fix spacing issue
2022-06-10 08:47:41 -05:00
3f06e237b7
Correctly format the notes sections
2022-06-10 14:01:57 +01:00
c751ef46c9
Land #16635 , Add 0-day MSWord RCE #Follina CVE-2022-30190
...
Merge branch 'land-16635' into upstream-master
2022-06-06 14:41:31 -05:00
3ab06461af
fix. second review
2022-06-02 00:58:20 +04:00
dd1814903c
fix. SRVHOST default value
2022-06-02 00:07:15 +04:00
8c19a02835
fix. first review
2022-06-01 20:15:08 +04:00
7f89e92da3
add more informations about
2022-05-31 00:12:30 +04:00
97921b4ed9
fix chmod 644
2022-05-30 22:11:35 +04:00
dfc226cf5f
add. Supposed 0day MSWord RCE
2022-05-30 21:23:18 +04:00
5f5444936f
Land #16488 , Windows Task Scheduler Mixin
2022-05-25 12:37:03 -04:00
52a8191821
Fix vss_persistence module and remove Windows 7 target
2022-05-25 13:11:34 +02:00
1524020643
Use moved_from to deprecate the module
2022-05-24 09:16:30 -04:00
5fd18ef864
Fixes from review
2022-05-19 14:54:07 +02:00
7992cb2072
Update vss_persistenceand persistence_exe modules to includes
...
changes in `TaskScheduler` mixin
2022-05-17 14:52:47 +02:00
14cd7bc335
Add task scheduler mixin and update persistence_exe and vss_persistence modules
2022-05-17 14:52:47 +02:00
02e7a65b93
Just move the auxiliary module into an exploit
2022-05-16 17:44:31 -04:00
d278ad9be1
Add the printnightmare exploit
2022-05-16 14:56:46 -04:00
19a9ff1198
Update a couple of modules for the new SMB server
2022-05-16 14:39:45 -04:00
b79b550d6c
Centralize the log adapter
...
This should eventually be updated to map the levels to the framework
logger and appropriate module-print_* function.
2022-05-16 14:39:45 -04:00
475f6eee8c
Capture hash when serving files over SMB
2022-05-16 14:39:44 -04:00
b920c04b75
Land #16548 , Add Powershell Command Adapter
2022-05-10 16:47:57 -05:00
dd5aee4956
Increase the size of psexec commands
2022-05-09 11:55:57 -04:00
d1034c8b57
s4u_persistence.rb: Allow all post-Vista builds
...
Currently this module doesn't account for Server builds 2016 and above, nor Windows 10 builds. This PR fixes the `sysinfo` comparison to allow later builds.
Note: Many other modules have this problem, and it's probably worth Rapid7 staff time to standardize the usage of build comparisons inside modules.
2022-04-21 15:33:42 -07:00
8e2bd3c5a9
Land #16475 , ManageEngine ADSelfService Plus RCE
2022-04-20 15:22:36 -04:00
bf1f786813
Title case the target name
2022-04-20 15:22:07 -04:00
aba48a6905
Improve JSON cleanup, fix jjs specific wording, and moved JJS_PATH to defaultoptions
2022-04-20 06:27:43 -07:00
4417a335ff
Land #16379 , Make SSH defaults widely used
...
Refactored a number of modules to use ssh_client_defaults
2022-04-19 22:08:45 -07:00
94ed9ae28b
Modules: Prefer CVE references over cve.mitre.org URL references
2022-04-19 20:42:23 +00:00
ae54c8c3d9
Initial implementation of authenticated RCE against ManageEngine ADSelfService Plus (CVE-2022-28810)
2022-04-19 10:33:54 -07:00
37e334f95d
Rubocop
2022-04-18 09:36:52 -07:00
a4a9bc033a
Fix building the SessionSetup request for MS17-010
...
RubySMB commit 8035d9c2 broke the exploit's SessionSetup request.
2022-04-12 10:45:17 -04:00
5de966cfb1
Land #16382 , CVE-2022-26904 SuperProfile LPE
2022-04-07 12:52:39 -04:00
51e37bbe42
Add in process kill off code for Meterpreter sessions, seems I forgot to include this
2022-04-07 10:48:08 -05:00
4638067723
Fix RuboCop errors
2022-04-06 09:18:05 -05:00
c8c91fcaf3
Add in fix to ensure that we can spawn sessions automatically on Windows 10 20H2 and other systems were we hit a bug with UAC prompts from the exploit DLL itself not triggering the payload
2022-04-05 19:16:48 -05:00
27c8210b27
Update smb_shadow module to fix rubocop errors
...
Use msftidy to fix the rubocop errors.
2022-04-06 07:12:46 +09:00
8495bff61c
Merge master and update the smb_shadow module
...
Add comments detailing the technique used to attack SMBv3. Remove some
comments that are no longer needed. Fix Gemfile.lock conflict.
2022-04-06 07:06:45 +09:00
09ae52fecd
Update smb_shadow and shadow_mitm_dispatcher
...
Remove duplicated print_status messages. Use respond_to? instead of
methods.include?. Simplify payload generation. Fix naming for the rst
capture thread.
2022-04-05 20:03:14 +09:00
db4b22df5e
Update the exploit code to output errors in a better format, and fix a potential issue when trying to delete folders recursively. Also update exploit module to try kill msiexec.exe if its still running to prevent it holding onto handles when it shouldn't be.
2022-04-04 17:58:52 -05:00
bba40bcd21
Add in fixes from code review
2022-04-04 12:05:21 -05:00
7e5123cd24
Add initial code from Hajap Zairy Al-Sharif
2022-04-04 11:56:14 -05:00
7e010cbde2
Merge master and update smb_shadow + dispatcher
...
The smb_shadow module can confirm the server smb version supported with
the ConfirmServerDialect option. The shadow_mitm_dispatcher closes each
stream before opening a new one to prevent leaking file descriptors.
2022-04-02 10:39:02 +09:00
57473850c1
Fix up RuboCop errors as last change made it so that we had an unless elsif statement which isn't valid in Ruby
2022-03-31 12:52:16 -05:00
743138abed
Add in initial fixes from review and remove extra BREAKAWAY_FROM_JOB code changes not directly related to this PR as we'll raise a separate PR for those
2022-03-31 12:13:29 -05:00
51df37de87
Add in documentation and also update the module to handle NarratorQuickstart.exe which sometimes comes up and can lead to visual indicators
2022-03-28 17:53:53 -05:00
adfoster-r7