b461f08ba3
Land #18980 , improves basic shell help command
2024-03-20 21:27:12 +00:00
a0d162bc9f
automatic module_metadata_base.json update
2024-03-20 15:10:21 -05:00
2b90d33aef
Land #18618 , Add OpenNMS privesc and auth RCE
...
This module exploits built-in functionality in OpenNMS Horizon in order
to execute arbitrary commands as the opennms user. For versions 32.0.2
and higher, this module requires valid credentials for a user with
ROLE_FILESYSTEM_EDITOR privileges and either ROLE_ADMIN or ROLE_REST.
For versions 32.0.1 and lower, credentials are required for a user with
ROLE_FILESYSTEM_EDITOR, ROLE_REST, and/or ROLE_ADMIN privileges.
2024-03-20 12:54:16 -07:00
c16b8e6e64
adds help command to basic shells
2024-03-20 14:18:36 -05:00
fd8354340b
Land #18973 , improves the help menu for sessions
2024-03-20 19:11:18 +00:00
298e03b1cd
Land #18885 , update the sessions command to be consistent
2024-03-20 18:49:33 +00:00
6cd7f44197
rubocop
2024-03-20 11:39:19 -07:00
149dc15b21
Add check to see if notifications are enabled
2024-03-20 11:33:15 -07:00
2c9ade955e
make session query/shares help menu more explicit
2024-03-20 13:18:10 -05:00
1f1e6b2dbb
automatic module_metadata_base.json update
2024-03-20 12:55:38 -05:00
321e0730e0
Land #18957 , Bump Metasploit version to 6.4.0
2024-03-20 13:24:44 -04:00
1216bf1904
Land #18979 , Remove empty () when no DB selected for sql session prompts
2024-03-20 12:52:02 -04:00
2a63d0d1f0
Land #18978 , Add user affordance for scanner modules that can create a new session
2024-03-20 16:50:29 +00:00
ff5811e96b
Remove empty () when no DB selected for sql session prompts
2024-03-20 16:13:48 +00:00
d4cb976aa7
Land #18960 , improves handling of dying SMB and SQL sessions
2024-03-20 16:06:04 +00:00
7e3048d2f7
Grammar
2024-03-20 15:45:07 +00:00
0399768f39
Land #18974 , Consistently refer to black hole as two words
2024-03-20 15:42:26 +00:00
686acb4c7b
Correctly format CreateSession option in output
2024-03-20 15:06:20 +00:00
b363f6f87d
Alias blackhole to black-hole in the UI
2024-03-20 10:57:04 -04:00
961a072de4
Improves handling of dying SMB and SQL sessions
2024-03-20 14:16:01 +00:00
c9fe98b522
Bump Metasploit version to 6.4.0
2024-03-20 13:46:08 +00:00
4946fc297f
Add user affordance for scanner modules that can create a new session
2024-03-20 12:14:49 +00:00
2b3a723557
Consistently refer to black hole as two words
2024-03-19 20:49:28 -04:00
d03dfe8991
Land #18841 , Update sap_icm_paths.txt wordlist
...
This PR updates the sap_icm_paths.txt wordlist with the newest enteries.
2024-03-19 16:40:09 -07:00
1e47b33857
Land #18971 , Adjust multiple DNS related things
...
Merge branch 'land-18971' into upstream-master
2024-03-19 12:34:51 -05:00
7f761d074d
automatic module_metadata_base.json update
2024-03-19 11:56:36 -05:00
b3b6f79594
Update the presentation of static entries
...
Keep the first line blank for consistency with rules and sort hostnames
and addresses.
2024-03-19 12:48:13 -04:00
0cf4737317
Add specs for resolver spell checking
2024-03-19 12:48:13 -04:00
5b1d0100d2
Add spell checking for resolvers
2024-03-19 12:48:07 -04:00
0f9986c787
Land #18947 , Fix inconsistent casing
...
Fix inconsistent casing in windows/local/wmi_persistence
2024-03-19 12:40:34 -04:00
ca97d5d9eb
Land #18965 , Remove stale documentation link
2024-03-19 16:06:55 +00:00
ff775b7b23
Remove stale documentation link
2024-03-19 13:46:35 +00:00
e8b99343a6
Add static entries examples and fix black hole
2024-03-19 09:13:21 -04:00
7c7fa36685
automatic module_metadata_base.json update
2024-03-18 15:56:27 -05:00
bf0d81db03
Land #18838 , Improve Runc Priv Esc Check
...
This PR adds support for Debian and number of fixes and improvements for
the runc_cwd_priv_esc. Proir to this fix the module would report
vulnerable for a number of versions that the patch had been back ported
to.
2024-03-18 13:31:09 -07:00
287b07281d
Use Rex Parser to parse options for sessions command
2024-03-15 18:50:19 +05:30
02713fcadb
Update tests for sessions command
2024-03-15 01:26:18 +05:30
15c56a870e
Land #18895 , Add upload/download/delete/mkdir/rmdir to smb session
2024-03-14 10:51:48 +00:00
7cabfd7855
Bump version of framework to 6.3.61
2024-03-14 03:35:21 -05:00
d2c19efeac
automatic module_metadata_base.json update
2024-03-13 19:28:29 -05:00
55dd5aa9c0
Land #18899 , update ysoserial viewstate tool
2024-03-14 00:12:38 +00:00
44c5422e07
Land #18922 , JetBrains TeamCity Unauthenticated RCE exploit module (CVE-2024-27198)
2024-03-13 20:16:27 +01:00
d2c599eaf4
Land #18954 , Ensure modules honor spooler settings
2024-03-13 16:48:30 +00:00
6d84f0e898
reduce the size of teh exploit method by spinngin out two new methods create_payload_plugin and auth_new_admin_user. several if/unless blocks were flattened to be inline if/unless
2024-03-13 09:58:51 +00:00
4bd105202a
improve the readability of the XML
2024-03-13 09:29:43 +00:00
b04e84ed99
clarify we must call this a second time
2024-03-13 09:17:18 +00:00
df2c94f873
anther typo
2024-03-13 09:14:23 +00:00
b9e82375c1
typo
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
2024-03-13 09:13:11 +00:00
d7bf7bc2ea
Use Failure::NoAccess as a better failure error, as we are trying to login
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
2024-03-13 09:12:56 +00:00
46dd21d69d
use ||= to assign new hash if needed
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
2024-03-13 09:11:42 +00:00
adfoster-r7