Grant Willcox

> @dwelch-r7 unfortunately that's not really possible... the target uses a custom encryption scheme which was too lazy to reverse, as that would take substantially more time than I have...

Removing assignment. @jheysel-r7 et al, feel free to grab this one since I'm on research now.

Unassigning myself temporarily. @bwatters-r7, @space-r7 feel free to pick this one up. Should just need to review what is done so far and make sure the changes look good, then...

@ErikWynter Sorry for the delay on this one, looks like it wasn't picked up. Assigning this back to myself since I'm on reviews these next two weeks and will try...

# Release Notes Two new auxiliary/gather modules have been added that take advantage of default Xnode credentials, aka CVE-2020–11532, in order to enumerate Active Directory information and other sensitive data...

Looks like the Docker instructions are incorrect as linking to version 8 is not the right version and will also install the latest version 8 available. Will update code to...

Doing some cookie reworking as looking at `sugar_user_theme=` it seems we can have multiple themes and so we shouldn't just be matching on the default here. See https://tools.digitalpoint.com/cookie-search?name=sugar_user_theme for some...

Got a lot of bugs during testing. This one was interesting: ``` msf6 auxiliary(scanner/http/suite_crm_export_sqli) > check [-] This module does not support check. ``` Also seems like we aren't bailing...

`return Exploit::CheckCode::Vulnerable if version >= Rex::Version.new('7.12.5')`

Seems like the request/response pattern here might not be working given we are going up into the 668 for the binary here? ``` #################### # Request: #################### POST /index.php?entryPoint=export HTTP/1.1...