cgranleese-r7
db3b2de3f3
Land #18855 , Use database_name for SQL sessions
2024-02-19 11:10:02 +00:00
dwelch-r7
0108f1f214
Land #18861 , Removes SessionType values from modules with OptionalSession mixin
2024-02-19 10:57:41 +00:00
cgranleese-r7
de17261926
Removes session types from module with session type mixin
2024-02-19 10:34:16 +00:00
sjanusz-r7
64ab62f2c3
Use database_name for SQL sessions
2024-02-17 03:31:58 +00:00
Metasploit
19c1a35592
automatic module_metadata_base.json update
2024-02-16 14:55:39 -06:00
Jack Heysel
8cddffa3d1
Land #18700 , Add Kafka-ui Unauth RCE module
...
This PR adds an exploit module for CVE-2023-52251 which
is an unauthenticated rce vulnerability in Kafka's UI.
2024-02-16 15:38:52 -05:00
Metasploit
eef29a5100
automatic module_metadata_base.json update
2024-02-16 14:31:32 -06:00
Jack Heysel
a1b0ff0fcf
Land #18681 , Update Apache Ofbiz w. Auth-Bypass
...
This PR updates the pre-existing apache_ofbiz_deserialization
module to include functionality that will bypass authentication by
using the newly discovered CVE-2023-51467.
2024-02-16 15:02:34 -05:00
adfoster-r7
94f0d243c7
Land #18846 , msftidy_docs.rb add TARGETURI to universal option list
2024-02-16 14:23:33 +00:00
Christophe De La Fuente
da9164fcc6
Add targeturi to universal option list
2024-02-16 12:58:49 +01:00
adfoster-r7
bbe1098b13
Land #18842 , update docker image bundler args
2024-02-15 23:22:57 +00:00
Metasploit
e15fd1a782
automatic module_metadata_base.json update
2024-02-15 16:35:11 -06:00
adfoster-r7
7b56d012e8
Land #18678 , add LDAP capture capabilities
2024-02-15 22:11:04 +00:00
adfoster-r7
40701bf59a
Fix auhtentication typo in lib/rex/proto/ldap/auth.rb
2024-02-15 21:26:45 +00:00
upsidedwn
8dcb409d25
Fix BUNDLER_CONFIG_ARGS variable mismatch in Dockerfile
...
Previous version of Dockerfile used `set clean 'true'`. However, this no longer works with "newer" versions of Ruby gems (rubygems/rubygems#3271 ), which now requires a force option when cleaning system gems.
Since there is no way to set the force flag through config, a new ARG (BUNDLER_FORCE_CLEAN) is used to provide the option of whether to run bundle clean --force on system gems.
2024-02-16 02:16:42 +08:00
Metasploit
1d9a08f405
automatic module_metadata_base.json update
2024-02-15 07:43:02 -06:00
adfoster-r7
e49c6a792a
Land #18770 , Extract SMB, PostgreSQL, MySQL and MSSQL optional sessions into their own mixins
2024-02-15 13:19:37 +00:00
Metasploit
8e3daa5179
Bump version of framework to 6.3.57
2024-02-15 03:37:54 -06:00
adfoster-r7
1d406cfc2a
Land #18809 , DNS command improvements
2024-02-14 22:12:30 +00:00
h00die-gr3y
d716e60cf2
added base64 encoder module of zerosteiner
2024-02-14 21:33:50 +00:00
h00die-gr3y
f5c71d09c2
using data/kafka_ui_versions.json for the version check
2024-02-14 20:57:46 +00:00
H00die.Gr3y
8b70cefd83
Update modules/exploits/linux/http/kafka_ui_unauth_rce_cve_2023_52251.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
2024-02-14 20:57:46 +00:00
H00die.Gr3y
996ca8a7c9
Update documentation/modules/exploit/linux/http/kafka_ui_unauth_rce_cve_2023_52251.md
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
2024-02-14 20:57:46 +00:00
h00die-gr3y
f75722ecf2
Small updates to module and documentation
2024-02-14 20:57:46 +00:00
h00die-gr3y
dde7e3c5d3
Small tweaks to verbose messages
2024-02-14 20:57:46 +00:00
h00die-gr3y
eafdb8495b
Added documentation
2024-02-14 20:57:46 +00:00
h00die-gr3y
d5f30befbb
Second release of module
2024-02-14 20:57:46 +00:00
h00die-gr3y
3db32da70f
First release of module.
2024-02-14 20:57:45 +00:00
h00die-gr3y
5f703b2e28
First draft. Not ready for review
2024-02-14 20:57:45 +00:00
Spencer McIntyre
eca99e2c77
Refactor resolver types
2024-02-14 14:40:22 -05:00
Spencer McIntyre
27ccb26de1
Adjust the confirmation logic before resetting
2024-02-14 14:27:05 -05:00
Spencer McIntyre
a75013e51a
Land #18616 , Fix aarch64 elf shared SIGBUS error
...
Fix aarch64 elf shared object bus error
2024-02-14 13:30:29 -05:00
Metasploit
7228a2ad20
automatic module_metadata_base.json update
2024-02-14 10:52:51 -06:00
Christophe De La Fuente
747d328bcb
Land #18786 , Fix option collision in `service_persistence`
2024-02-14 17:25:15 +01:00
Dean Welch
fa5c4c0193
lowercase session types
2024-02-14 15:45:34 +00:00
Dean Welch
0d4e1ed755
Use mssql option session mixin with mssql modules
2024-02-14 15:37:11 +00:00
Dean Welch
587a8690a1
Use individual session mixins
2024-02-14 15:37:11 +00:00
Dean Welch
08872d0211
Add session type to info hash in the mixin
2024-02-14 15:37:11 +00:00
Dean Welch
0f319bdfb9
Extract SMB and PostgreSQL optional sessions into their own mixins
2024-02-14 15:37:11 +00:00
Spencer McIntyre
df81cda304
Bump rex-socket to pull in validation changes
2024-02-14 09:39:51 -05:00
Metasploit
3447ca37ea
automatic module_metadata_base.json update
2024-02-14 08:38:46 -06:00
Christophe De La Fuente
fc5a12431c
Land #18664 , Add an SMB-based fetch payload for Windows
2024-02-14 14:57:32 +01:00
dwelch-r7
bd78f03c98
Land #18834 , Remove redundant require statements in tests
2024-02-14 12:33:33 +00:00
adfoster-r7
0d250c49fa
Remove redundant require statements in tests
2024-02-14 12:26:08 +00:00
Metasploit
2409d132ae
automatic module_metadata_base.json update
2024-02-14 05:09:43 -06:00
adfoster-r7
1794a5fbee
Land #18763 , Mssql session modules
2024-02-14 10:54:04 +00:00
Zach Goldman
d18520adc6
update rhost and rport calls
2024-02-13 13:00:38 -06:00
Metasploit
9b4d6f1219
automatic module_metadata_base.json update
2024-02-13 12:35:36 -06:00
Christophe De La Fuente
cb290d8032
Land #18807 , Add a base64 ARCH_CMD encoder
2024-02-13 19:11:57 +01:00
Zach Goldman
c05c6773df
adjust session logic in modules
2024-02-13 11:59:09 -06:00