9b4114eda0
Land #18961 , Adds session documentation
2024-03-25 11:23:05 +00:00
decba4350e
Additional changes to documentation
2024-03-25 10:53:08 +00:00
a674310c22
Land #18992 , Fix postgres version logging
2024-03-22 17:33:43 +00:00
acf9745200
Fix postgres version logging
2024-03-22 16:50:01 +00:00
d750ea19eb
Fixes `store_valid_credential` conditional logic for `unix/webapp/wp_admin_shell_upload` module
2024-03-21 12:22:11 +00:00
2b90d33aef
Land #18618 , Add OpenNMS privesc and auth RCE
...
This module exploits built-in functionality in OpenNMS Horizon in order
to execute arbitrary commands as the opennms user. For versions 32.0.2
and higher, this module requires valid credentials for a user with
ROLE_FILESYSTEM_EDITOR privileges and either ROLE_ADMIN or ROLE_REST.
For versions 32.0.1 and lower, credentials are required for a user with
ROLE_FILESYSTEM_EDITOR, ROLE_REST, and/or ROLE_ADMIN privileges.
2024-03-20 12:54:16 -07:00
6cd7f44197
rubocop
2024-03-20 11:39:19 -07:00
149dc15b21
Add check to see if notifications are enabled
2024-03-20 11:33:15 -07:00
2a63d0d1f0
Land #18978 , Add user affordance for scanner modules that can create a new session
2024-03-20 16:50:29 +00:00
7e3048d2f7
Grammar
2024-03-20 15:45:07 +00:00
686acb4c7b
Correctly format CreateSession option in output
2024-03-20 15:06:20 +00:00
4946fc297f
Add user affordance for scanner modules that can create a new session
2024-03-20 12:14:49 +00:00
0f9986c787
Land #18947 , Fix inconsistent casing
...
Fix inconsistent casing in windows/local/wmi_persistence
2024-03-19 12:40:34 -04:00
bf0d81db03
Land #18838 , Improve Runc Priv Esc Check
...
This PR adds support for Debian and number of fixes and improvements for
the runc_cwd_priv_esc. Proir to this fix the module would report
vulnerable for a number of versions that the patch had been back ported
to.
2024-03-18 13:31:09 -07:00
44c5422e07
Land #18922 , JetBrains TeamCity Unauthenticated RCE exploit module (CVE-2024-27198)
2024-03-13 20:16:27 +01:00
6d84f0e898
reduce the size of teh exploit method by spinngin out two new methods create_payload_plugin and auth_new_admin_user. several if/unless blocks were flattened to be inline if/unless
2024-03-13 09:58:51 +00:00
4bd105202a
improve the readability of the XML
2024-03-13 09:29:43 +00:00
b04e84ed99
clarify we must call this a second time
2024-03-13 09:17:18 +00:00
df2c94f873
anther typo
2024-03-13 09:14:23 +00:00
b9e82375c1
typo
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
2024-03-13 09:13:11 +00:00
d7bf7bc2ea
Use Failure::NoAccess as a better failure error, as we are trying to login
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
2024-03-13 09:12:56 +00:00
46dd21d69d
use ||= to assign new hash if needed
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
2024-03-13 09:11:42 +00:00
a33e7a72b0
Updates Postgres hashdump module to now work with newer versions of Postgres
2024-03-12 16:13:04 +00:00
4e0e3da74c
Land #18835 , clean up code duplication
2024-03-12 14:09:22 +00:00
2007e6d8fb
Fix inconsistent casing in windows/local/wmi_persistence
2024-03-12 12:17:46 +02:00
1e371d0e4a
resolve teh Java payload issue on Linux by leveraging PayloadServlet, runnign teh payload in a thread, and forcing teh default optiosn for Spawn to be 0
2024-03-11 18:06:44 +00:00
67fcd57a1f
Merge branch 'runc_priv_esc' of github.com:SickMcNugget/metasploit-framework into runc_priv_esc
2024-03-11 22:23:55 +08:00
6c1b4c1421
Update check to account for backports
2024-03-11 22:19:18 +08:00
7ce91df66e
clean up code duplication
2024-03-11 09:09:46 -05:00
0252429715
Land #18775 , Adding new module for MinIO (CVE-2023-28432)
2024-03-11 14:46:59 +01:00
0513654f10
Fix edge case for java payloads when Spawn is set to 0, all access to the plugin will block. We can still get a session if we fall through here. We cant delete the plugin as access will block because we did not spawn.
2024-03-08 17:09:14 +00:00
ab0327fb33
clarify we are using SpEL not OGNL here
2024-03-08 15:57:46 +00:00
980c5053f4
Peer Review
2024-03-08 08:54:38 -05:00
ba75b3bb3f
Land #18716 , gitlab password reset account takeover (CVE-2023-7028)
2024-03-07 14:40:29 +01:00
e20558ec35
Land #18821 , Gitlab public email disclosure CVE-2023-5612
2024-03-06 17:39:24 +01:00
f872535c68
Small missing updates before it land
2024-03-06 17:37:33 +01:00
23e0abe2f6
Land #18686 , ssh_version module
2024-03-06 10:32:01 -05:00
936b311a1b
Don't close smb client when it comes from the session
2024-03-06 14:20:34 +00:00
8b6f7594e4
ssh_version module
2024-03-05 17:18:24 -05:00
c4837d09e9
ssh_version module
2024-03-05 17:15:43 -05:00
9b8b7045ff
Land #18715 , Add Splunk library
2024-03-05 16:17:30 -05:00
1667da7b07
Use HTTPS link for postgres_sql reference
2024-03-05 17:49:13 +00:00
5c56d6a4fc
typo
2024-03-05 14:47:04 +00:00
b925f798e5
typo and clarify description
2024-03-05 14:39:17 +00:00
aac4ef09cc
add in disclosure date and blogs
2024-03-05 11:09:22 +00:00
1124e347df
Fix rubocop error
2024-03-04 18:39:58 -05:00
bf59f58661
Update modules/auxiliary/gather/gitlab_tags_rss_feed_email_disclosure.rb
2024-03-04 18:34:35 -05:00
1e8e6d3bc4
Land #18796 , Enhance ManageEngine Endpoint Central and ServiceDesk Plus CVE-2022-47966
2024-03-04 20:35:22 +01:00
39af0bf535
Set Java target default paylaod to `java/meterpreter/reverse_tcp`
2024-03-04 20:33:27 +01:00
d748adcf80
check the expected response from a patched server
2024-03-04 14:32:39 +00:00
cgranleese-r7