Matthew Mathur

This PR adds two things to the wmiexec module, as requested in [Issue 16218](https://github.com/rapid7/metasploit-framework/issues/16218): 1. Ability to use hashes for authentication 2. Better error handling for failed SMB connections. The...

I found myself needing these for some projects I'm using sleeper data with, so thought I would help contribute to the base library. I also added tests for the functions,...

Add NagiosXI authenticated RCE (CVE-2021-25296, CVE-2021-25297,CVE-2021-25298) exploit module

6

This PR adds an exploit module for three CVEs (CVE-2021-25296, CVE-2021-25297, CVE-2021-25298) that perform command injection against NagiosXI 5.7.5. It utilizes the Nagios login mixin for target verification and authentication....

Improve NagiosXI authenticated exploit modules to increase resilience and for use with Autocheck disabled

15

## Summary During the course of https://github.com/rapid7/metasploit-framework/pull/17494 there were several concerns with how the NagiosXI login mixin was being used in the check method, which prevents the module from working...

Open to suggestions on this as to how the Runelite team actually wants to handle security or vulnerability reports, but started a basic security policy to work off of.