sfewer-r7
a5fb83d0e1
add in 2023.11.2 as tested on
2024-03-01 17:03:38 +00:00
sfewer-r7
9988117cca
rename with cve number
2024-03-01 16:42:59 +00:00
sfewer-r7
fa4a16df5e
add in cve number
2024-03-01 16:39:38 +00:00
sjanusz-r7
8184035d57
Show query help on empty query call
2024-03-01 11:33:13 +00:00
sjanusz-r7
82486e712c
Early return on nil query result
2024-03-01 11:28:28 +00:00
sjanusz-r7
6b11cd4332
Fix tests broken by updating SQL prompt on DB change
2024-03-01 11:27:52 +00:00
sjanusz-r7
1b73044203
Correctly handle changing of databases and the query return values for SQL sessions
2024-03-01 11:27:52 +00:00
Metasploit
401cdca09b
automatic module_metadata_base.json update
2024-02-29 23:48:56 -06:00
Jack Heysel
a73a7531a9
Land #18827 , Add module for BoidCMS CVE-2023-38836
...
This is an authenticated RCE against BoidCMS versions 2.0.0 and earlier.
The underlying issue is that the file upload check allows a php file to
be uploaded and executes as a media file if the GIF header is present in
the PHP file.
2024-02-29 21:31:44 -08:00
Metasploit
ee681cdb79
automatic module_metadata_base.json update
2024-02-29 17:20:20 -06:00
adfoster-r7
d4791f966b
Land #18904 , change bloodhound OutputDirectory to OptString
2024-02-29 23:03:13 +00:00
adfoster-r7
d10909c961
Land #18887 , Adds support for searching by session types
2024-02-29 22:38:20 +00:00
adfoster-r7
4d85a8dff9
Land #18902 , Update github action libraries
2024-02-29 22:29:16 +00:00
adfoster-r7
703e9ba68d
Land #18896 , Resolve deprecation warnings from setup-python in Github actions
2024-02-29 22:28:53 +00:00
Spencer McIntyre
bcb4e3aa9d
Update the help output in the docs page too
2024-02-29 16:56:06 -05:00
Spencer McIntyre
d09053cde5
Add the viewstate generator as an option
2024-02-29 16:56:06 -05:00
Spencer McIntyre
3e80e04b34
Adjust option validation
2024-02-29 16:56:06 -05:00
Spencer McIntyre
f1a9d9988a
Update the dot_net.rb tool help output
2024-02-29 16:56:06 -05:00
Spencer McIntyre
0975f99305
Add viewstate options
2024-02-29 16:55:59 -05:00
Spencer McIntyre
87f91f284a
Add unit tests for the new rex viewstate library
2024-02-29 16:55:54 -05:00
bwatters
550c6f030a
Updates based on jheysel-r7's suggestions
2024-02-29 12:42:22 -06:00
adfoster-r7
fcbb3bddfa
Update github action libraries
2024-02-29 15:51:23 +00:00
cgranleese-r7
0c1bcbf275
Adds support for searching by session types
2024-02-29 15:15:40 +00:00
cgranleese-r7
fcba49d23a
Update pwd output to be inline with smb client output
2024-02-29 15:11:40 +00:00
Patrick Double
8b1ff6d44e
change bloodhound OutputDirectory to OptString
...
OptPath is intended for a local path and performs validation. Attempting to set it to a target path that doesn't exist on the local fails.
2024-02-29 07:12:37 -06:00
sjanusz-r7
6fe9ef5f8c
Align SQL clients to use current_database
2024-02-29 12:34:54 +00:00
cgranleese-r7
17315653a5
Land #18901 , Fix Rex MySQL wrapper test to have correct method symbol
2024-02-29 11:48:16 +00:00
sjanusz-r7
bc4362d07d
Fix Rex MySQL wrapper test to have correct method symbol
2024-02-29 11:16:18 +00:00
Metasploit
a0dc757cb8
automatic module_metadata_base.json update
2024-02-29 05:06:39 -06:00
adfoster-r7
b0123eab2e
Land #18890 , rename shell to query_interactive for sql session types, add -i flag
2024-02-29 10:41:06 +00:00
adfoster-r7
d8abd2bcc2
Land #18898 , Add rex proto mysql client wrapper
2024-02-29 10:13:47 +00:00
dwelch-r7
a4543b0f41
Land #18897 , Update smb login to support additional configuration
2024-02-29 10:07:02 +00:00
Metasploit
435759bb47
Bump version of framework to 6.3.59
2024-02-29 03:39:23 -06:00
sfewer-r7
f0ca5c10dc
we can shuffle thequery params so teh jsp param is not first. we can optionally add soem charachters before the trailing .jsp
2024-02-29 09:13:44 +00:00
Jack Heysel
4fe861c653
Land #18878 , Update rspec gems
...
This PR updates a number of rspec gems which help improve test suite
error messages when string encodings are different.
2024-02-28 20:37:11 -08:00
adfoster-r7
131585235b
Update SMB Login to support additional configuration
2024-02-28 20:24:06 +00:00
Jack Heysel
8ce95003fe
Rubocop
2024-02-28 11:09:34 -08:00
Jack Heysel
6589b86a4c
Updated check method to account for backports
2024-02-28 11:04:38 -08:00
sjanusz-r7
b423241e6b
Use Rex Post MySQL Client for lib, specs & modules
2024-02-28 18:19:50 +00:00
sjanusz-r7
55a8d6732f
Add Rex Proto MySQL Client
2024-02-28 18:19:46 +00:00
Metasploit
42255a27a6
automatic module_metadata_base.json update
2024-02-28 10:13:56 -06:00
adfoster-r7
26214cbfd2
Land #18889 , Fresh SQL prompt when pressing enter if no input was provided
2024-02-28 15:40:43 +00:00
Jack Heysel
4b54d43db5
Land #18892 , Add AD CS Updates for ESC13
...
This PR adds functionality to enable Metasploit users
to be able to exploit the latest ESC technique, ESC13.
2024-02-28 07:28:16 -08:00
Spencer McIntyre
1726767fdf
Update the workflow docs for ESC13
2024-02-28 08:48:30 -05:00
Spencer McIntyre
8bc6705557
Move viewstate signing logic into Rex
2024-02-27 14:37:55 -05:00
KanchiMoe
a887682e0f
Upversion setup-python to v5
2024-02-27 19:20:22 +00:00
Zach Goldman
17d8fa2335
rename shell to query_interactive for sql session types, add -i flag
2024-02-27 11:38:04 -06:00
adfoster-r7
334f9e5ff9
Land #18893 , updates the help command to consistently format columns
2024-02-27 17:04:00 +00:00
sjanusz-r7
efba30031d
Fix early returns in Reline prompt
2024-02-27 16:59:38 +00:00
sfewer-r7
b7200b52e1
typo
2024-02-27 14:58:56 +00:00