Spencer McIntyre
0cbac03f91
Update ruby_smb gem to 3.2.5
2023-03-09 11:58:49 -05:00
Spencer McIntyre
6dbf22a5e7
Automatically rebind on STATUS_PIPE_DISCONNECTED
2023-02-21 15:51:10 -05:00
Spencer McIntyre
fa3baa40e6
Add three new petitpotam methods
2023-02-21 14:38:52 -05:00
Metasploit
71cecfb1d4
Bump version of framework to 6.3.4
2023-02-16 12:12:20 -06:00
Grant Willcox
e7da4c4612
Land #17594 , Add larger DLL templates
2023-02-15 19:35:37 -06:00
Metasploit
5a2ab6edd4
automatic module_metadata_base.json update
2023-02-15 15:32:23 -06:00
Grant Willcox
a8d2073eee
Land #17646 , Link Hadoop YARN exploit to documentation
2023-02-15 15:09:05 -06:00
Arnout Engelen
5d8b1dc4a6
Link Hadoop YARN exploit to documentation
...
This exploit scans for misconfigured installations, link to the documentation
that describes how to properly secure it.
2023-02-15 21:17:26 +01:00
Grant Willcox
b89602bb7b
Land #17645 , Fix bootup git warnings on arch
2023-02-15 11:49:57 -06:00
Spencer McIntyre
301d25ddfa
Raise more explicit errors for invalid arguments
2023-02-15 09:07:01 -05:00
adfoster-r7
a98368cfc5
Fix bootup git warnings on arch
2023-02-15 11:18:02 +00:00
Spencer McIntyre
5725dd2ded
Fix an off by one size error
2023-02-14 18:01:14 -05:00
Metasploit
165b0f8d61
automatic module_metadata_base.json update
2023-02-14 16:23:51 -06:00
Spencer McIntyre
ac9d60ce9e
Land #17281 , Added module for CVE-2022-2992
...
Added module for CVE-2022-2992 - Gitlab Remote Command Execution via Github import
2023-02-14 16:57:29 -05:00
Spencer McIntyre
5d254cc36b
Land heyder#2, Refactor namespaces
2023-02-14 16:44:29 -05:00
space-r7
78ae5f49ce
add gitlab prefix back to methods
2023-02-14 15:26:01 -06:00
space-r7
304b90ecc8
split mixins between forms and v4 api used
2023-02-14 12:37:43 -06:00
Metasploit
0e86cfa6c7
automatic module_metadata_base.json update
2023-02-13 18:13:40 -06:00
Grant Willcox
d012145726
Land #17599 , Cisco RV LAN Exploit - CVE-2022-20705 and CVE-2022-20707
2023-02-13 17:50:06 -06:00
Stephen Wildow
96fecb6048
Modified BadChars and FailWith codes
2023-02-13 17:49:09 -05:00
Grant Willcox
45e453d687
Fix up remaining review comments
2023-02-13 15:07:25 -06:00
space-r7
9605b4bb91
Merge branch 'heyder-pr-1' into heyder-cve-2022-2992
2023-02-13 14:59:45 -06:00
Spencer McIntyre
c3fa924cfa
Remove the NGROK_URL option
2023-02-13 14:31:44 -05:00
Spencer McIntyre
210b7a3254
Use #get_json_document instead of JSON.parse
...
Also fix typos
2023-02-13 14:00:13 -05:00
Stephen Wildow
79b1801a4f
Rewrote check method to only abuse authentication bypass. Added additional status checks.
2023-02-11 17:43:33 -05:00
Stephen Wildow
036ed7f467
Removed /etc/password. Modified check code and fail_with. Added proper checking for non-vulnerable versions of firmware.
2023-02-09 21:55:40 -05:00
Metasploit
86fc617259
automatic module_metadata_base.json update
2023-02-09 17:53:04 -06:00
Grant Willcox
0cf7dd850f
Land #17626 , Fix Frycos author name in fortra_goanywhere_rce_cve_2023_0669.rb
2023-02-09 17:38:34 -06:00
Frycos
e963582e18
Update fortra_goanywhere_rce_cve_2023_0669.rb
...
Name typo
2023-02-09 23:06:59 +01:00
Grant Willcox
f2a86327d0
Minor fixes from review
2023-02-09 15:34:25 -06:00
Metasploit
6343fc8f7c
automatic module_metadata_base.json update
2023-02-09 14:27:19 -06:00
Spencer McIntyre
fd6cd82f30
Upgrade DLL template size automatically
2023-02-09 15:09:50 -05:00
Spencer McIntyre
025ba6775d
Add a README file with some basic information
2023-02-09 15:09:50 -05:00
Spencer McIntyre
126e3a9c9a
Add larger 256KiB DLL templates
2023-02-09 15:09:50 -05:00
Spencer McIntyre
2608852d8c
Consolidate gdiplus build code
...
This references the main dll/template.c code as the mixed-mode variant
already does. This will make future changes easier as we won't need to
copy them from the main to this one.
See https://github.com/rapid7/metasploit-framework/pull/8509 for the
origin of these files.
2023-02-09 15:09:50 -05:00
Grant Willcox
aa9b3df6b3
Land #17625 , Add credit for CVE-2023-0669; fix path in docs
2023-02-09 14:02:52 -06:00
Metasploit
e420dc123d
Bump version of framework to 6.3.3
2023-02-09 12:10:37 -06:00
Spencer McIntyre
c7279e9a0a
Add credit for CVE-2023-0669; fix path in docs
2023-02-09 13:02:40 -05:00
Metasploit
73567cfbf6
automatic module_metadata_base.json update
2023-02-09 11:57:08 -06:00
Grant Willcox
43b4ee268c
Land #17592 , Fix bypassuac_injection_winsxs for x64
2023-02-09 11:41:51 -06:00
Spencer McIntyre
e6f4e96544
Close hFindFile
2023-02-09 11:43:20 -05:00
adfoster-r7
139ad4a4be
Land #17623 , Move fortra_goanywhere_rce_cve_2023_0669 module documentation to documentation directory
2023-02-09 13:21:10 +00:00
bcoles
de8a6e1445
Move fortra_goanywhere_rce_cve_2023_0669 module documentation to documentation directory
2023-02-09 23:12:45 +11:00
Metasploit
2f20c9836f
automatic module_metadata_base.json update
2023-02-09 04:25:48 -06:00
cgranleese-r7
508f5c7e52
Land #17619 , Run rubocop on exploit modules
2023-02-09 10:11:53 +00:00
Stephen Wildow
4b05ba6189
Update description and vulnerability listings. Cleaned up references. More randomization. Removed first unnecessary request in exploit portion of code. Added rescue section around json grabbing.
2023-02-08 21:26:18 -05:00
Stephen Wildow
427c181e9a
Utilized msftidy_docs.rb to clean up missing sections, excessively long lines, spaces at EOL, and space end of file. Removed credit section. Expanded on installation procedure. Modified steps procedure to include Verify options and removed failure status. Removed Targets section. Scenarios have device, target, and architecture.
2023-02-08 19:18:14 -05:00
Metasploit
a9bd7e9f46
automatic module_metadata_base.json update
2023-02-08 13:31:52 -06:00
bwatters
01a78f972c
Land #17567 , ManageEngine Endpoint Central RCE (CVE-2022-47966)
...
Merge branch 'land-17567' into upstream-master
2023-02-08 13:06:53 -06:00
Metasploit
79a5481d9c
automatic module_metadata_base.json update
2023-02-08 12:10:30 -06:00