Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[pull] master from rapid7:master #315

Open
wants to merge 3,892 commits into
base: master
Choose a base branch
from
Open

[pull] master from rapid7:master #315

wants to merge 3,892 commits into from

Conversation

pull[bot]
Copy link

@pull pull bot commented Aug 8, 2023
edited
Loading

See Commits and Changes for more details.

Created by pull[bot]

Can you help keep this open source service alive? 💖 Please sponsor : )

@pull pull bot added the ⤵️ pull label Aug 8, 2023
h00die-gr3y and others added 29 commits September 20, 2024 09:50
@h00die-gr3y
fifth release with the option to use your own SSH private key
8e62f22
@h00die-gr3y
updated documentation
589b0f8
@dshafranskiy-r7
Update .snyk
5f1918c
@adfoster-r7
Merge pull request #19397 from sjanusz-r7/replace-readline-with-reline
ab7e02d 
Replace Readline with Reline
@cgranleese-r7
Drys out some code
cbd763f
@adfoster-r7
Land #19413, Add automated acceptance tests for cmd_exec API
43db34c
@adfoster-r7
Temp removal of mssql acceptance tests
e5c1334
@cgranleese-r7
Land #19484, Temp removal of mssql acceptance tests
73a6f09
@Chocapikk
Add BYOB Unauthenticated RCE module exploiting arbitrary file write a…
9e6adea 
…nd command injection (CVE-2024-45256, CVE-2024-45257)
@bcoles
Post::Linux::Kernel.kernel_arch: Add support for RISC-V and LoongArch
9de029e
@jvoisin
Fix a crash in lib/msf/core/payload/php.rb
1647d3a 
As it seems that shuffle is a method
(https://ruby-doc.org/core-2.7.0/Array.html#method-i-shuffle)
and not a function.

As spotted by @Chocapikk in
#19445 (review)
@cgranleese-r7
Land #19491, Fix a crash in lib/msf/core/payload/php.rb
a27d491
@h4x-x0r
Refactoring
322188a 
Refactored code to remove duplicate requests
@bcoles
Bump rex-arch to 0.1.16
a6ccce8
@adfoster-r7
Land #19478, Post::Linux::Kernel.kernel_arch: Add support for RISC-V …
feb9ebd 
…and LoongArch
@sfewer-r7 @smcintyre-r7
Instead of only setting a single domain name via self.domain, set sel…
ad98d74 
…f.searchlist which already supports an array of items (thanks Spencer!).

Co-authored-by: Spencer McIntyre <[email protected]>
@jheysel-r7
Land #19448, Improve screensaver management
b475f0d 
Add a number of improvements to modules/post/multi/manage/screensaver.rb
@smcintyre-r7
Merge pull request #19474 from sfewer-r7/bugfix-dns-windows
73bd3fb 
Bugfix for DNS resolver on Windows throwing NoMethodError
@Chocapikk
Update documentation/modules/exploit/unix/webapp/byob_unauth_rce.md
b18cb3e
@Chocapikk
Update documentation/modules/exploit/unix/webapp/byob_unauth_rce.md
5408d0b
@jheysel-r7
Added error handling
f254eeb
@jheysel-r7
Remove jsessionid parsing now that keep_cookies is being used
e0e7c67
@jheysel-r7
Land #19416, Add Traccar RCE module
8e2dbbb 
This module exploits two vulnerabilities in Traccar v5.1 - v5.12 to
obtain remote code execution: A path traversal vulnerability
CVE-2024-24809 and an unrestricted file upload vulnerability
CVE-2024-31214.
@Takahiro-Yoko @bwatters-r7
Update external/source/exploits/CVE-2023-0386/cve_2023_0386.c
33152bf 
Add setuid(0) and setgid(0)

Co-authored-by: Brendan <[email protected]>
@Takahiro-Yoko @bwatters-r7
Apply suggestions from code review
130f146 
Change to call setgid and setuid in the exploit before executing the payload

Co-authored-by: Brendan <[email protected]>
@Takahiro-Yoko
Formatting exploit
a10459e
@Takahiro-Yoko
Remove unnecessary shell_path
6d541b6
@Takahiro-Yoko
Add ;
75329cc
@Takahiro-Yoko
Update exploit binary and remove unnecessary
7558300
zeroSteiner and others added 30 commits October 17, 2024 11:23
@zeroSteiner
Add the x509 definitions for ESC15
fd1f14e
@zeroSteiner
Add an ESC15 template
8e38010
@zeroSteiner
Add support for finding ESC15
94535bb
@zeroSteiner
Add the ldapwhoami command support
8d943ef 
See RFC4532 and ruby-ldap/ruby-net-ldap#425
@zeroSteiner
Add support to icpr_cert for ESC15
2e4315b
@zeroSteiner
Add workflow docs
6ca0bb7
@zeroSteiner
Report ESC vulns found in LDAP
98f9112
@cdelafuente-r7
Land #19538, Add Support for ESC15
f636a9e
@msjenkins-r7
automatic module_metadata_base.json update
a6ba890
@msjenkins-r7
Bump version of framework to 6.4.33
4422322
@cgranleese-r7
Adds a resuable pipeline for acceptance testing
6aea173
@dledda-r7
Land #19544, Magento Arbitrary File Read (CVE-2024-34102) + PHP Buffe…
59d026a 
…r Overflow iconv() of GLIBC (CVE-2024-2961)
@cgranleese-r7
Label and input logic adjustments
d614d59
@msjenkins-r7
automatic module_metadata_base.json update
11531af
@adfoster-r7
Merge pull request #19564 from cgranleese-r7/adds-acceptance-testing-…
afa7fd7 
…reusable-pipeline

Adds a resuable pipeline for acceptance testing
@bcoles
data/wordlists: Add default passwords for common single-board computers
e50767b
@cgranleese-r7
Adds SMB reusable pipeline for acceptance testing
a753dc1
@adfoster-r7
Merge pull request #19568 from cgranleese-r7/adds-smb-acceptance-test…
e96d9b2 
…ing-reusable-pipeline

Adds SMB reusable pipeline for acceptance testing
@cgranleese-r7
Fixes resuable pipeline report generation
3da061e
@sjanusz-r7
Monkey-patch Readline to fix unresponsiveness on Windows 11
02dd5ac
@adfoster-r7
Apply suggestions from code review
bb26b73
@adfoster-r7
Update .github/workflows/shared_meterpreter_acceptance.yml
501713f
@cdelafuente-r7
Add the msPKI-Template-Schema-Version attribute to ESC1, ESC2 and E…
43f13c7 
…SC3 templates
@adfoster-r7
Merge pull request #19570 from cgranleese-r7/fix-reusable-pipeline-re…
b60a70b 
…port-generation

Fixes reusable pipeline allure report generation
@sjanusz-r7
Don't monkey patch RbReadline multiple times
7dc918f
@adfoster-r7
Merge pull request #19571 from sjanusz-r7/fix-readline-unresponsive-o…
27fa707 
…n-windows-11

Monkey-patch Readline to fix unresponsiveness on Windows 11
@adfoster-r7
Merge pull request #19567 from bcoles/wordlists
9c0efc6 
data/wordlists: Add default passwords for common single-board computers
@cdelafuente-r7
Updates from code review
ae21381
@smcintyre-r7
Merge pull request #19572 from cdelafuente-r7/fix/mod/ldap/ad_cs_cert…
05a149d 
…_template

Fix UPDATE certificate templates with `admin/ldap/ad_cs_cert_template`
@msjenkins-r7
automatic module_metadata_base.json update
b03d666
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
⤵️ pull
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.