Unauthenticated RCE exploit module for ConnectWise ScreenConnect (CVE-2024-1709) by sfewer-r7 · Pull Request #18870 · rapid7/metasploit-framework (original) (raw)
fix tabs Unauthenticated RCE exploit module for ConnectWise ScreenConnect (No CVE at this time)
Unauthenticated RCE exploit module for ConnectWise ScreenConnect (No CVE at this time) Unauthenticated RCE exploit module for ConnectWise ScreenConnect (CVE-2024-1709)
… we dont drop the Metasploit payload to disk.
…and not accidentaly copy the full stop charachter)
…leverage the path traversal CVE-2023-1708 to ensure the dropped ASHX file can be reached. This was blocking the Linux target from working. Also works fine on Windows. We leverage FileDropper mixin to delete this file.
… we try to inject an x86 payload in-memory we crash the target x64 service.
… the version number (we can determine this with a single request, so there is no major change here). This is usefull so you know what platform to set the exploits target to (so you can select an appropriate payload). Thanks @iagox86 for the idea!
…default to a random value. Also use Faker::Internet.email to gen an email address
…ded a second link, so adding that to the docs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
[ Show hidden characters]({{ revealButtonHref }})