Shelby Pace

> @space-r7 Is the staged payload crashing every time on your machine? It's crashing about 1/5 times on mine. I am working on a fix, but it's not pretty. :-P...

> @space-r7 Does the most recent commit fix your issue? If not, would you please send me a crash report from Console.app? Sorry, I should have worded myself better. It's...

Sorry for the delay! Here's my output from executing a staged payload: ``` sherbs@nostromo -> Desktop ./payload main! hello world! good symbol! gDyld found, using dual hijack technique. apis: %lld...

Thanks! The payload managed to get much further this time; however, I'm now getting a bus error: ``` sherbs@nostromo -> Desktop ./payload zsh: bus error ./payload sherbs@nostromo -> Desktop ./payload...

Yep, here's the message: ``` Sending event: com.apple.stability.crash {"coalitionName":"com.apple.Terminal","exceptionCodes":"0x0000000000000002, 0x00000001047b44d0(\n 2,\n 4370154704\n)EXC_BAD_ACCESSSIGBUSKERN_PROTECTION_FAILURE at 0x00000001047b44d0","incidentID":"0C94A929-FE0E-4AC0-B231-8BA024F547E3","logwritten":1,"process":"payload_staged.macho","responsibleApp":"Terminal","terminationReasonExceptionCode":"0xa","terminationReasonNamespace":"SIGNAL"} ``` And the full crash report: ``` sherbs@nostromo -> Desktop cat /Users/sherbs/Library/Logs/DiagnosticReports/payload_staged.macho-2023-03-21-140831.ips {"app_name":"payload_staged.macho","timestamp":"2023-03-21 14:08:31.00 -0500","app_version":"","slice_uuid":"66f0bdc4-e561-3f11-a616-f4817bcbbdd3","build_version":"","platform":1,"share_with_app_devs":0,"is_first_party":1,"bug_type":"309","os_version":"macOS 13.2...

Just submitted a [PR](https://github.com/npm-cesium137-io/metasploit-framework/pull/2) to your branch for the suggested changes

Tested the changes, and it works great! Thanks, will get this landed soon! Test output ``` msf6 post(windows/gather/credentials/whatsupgold_credential_dump) > run [*] Hostname DESKTOP-5JSUGC8 IPv4 192.168.140.150 [*] WhatsUp Gold Build 22.1.39...

## Release Notes This adds a post module that collects and decrypts credentials from WhatsUp Gold installs.

I'm not sure that writing a module for these two vulnerabilities will be trivial. It looks like the `/cgi-bin/wapopen` path that's referenced for CVE-2017-9833 is part of IP CCTV Camera...