52fd45b7ab
Land #16744 Jboss EAP/AS RCE module
...
This module exploits a Java deserialization vulnerability
in JBOSS EAP/AS Remoting Unified Invoker interface for
versions 6.1.0 and prior.
2022-07-12 10:49:22 -04:00
7df6d73741
Added new line to end of file
2022-07-12 09:08:19 -04:00
44abcfcb28
Added flavour to fix linux_dropper
2022-07-12 09:06:06 -04:00
2f7cf90b7f
mixin didn't work with linux_dropper payload
...
- Fixed exception handling variable attribution
- Tried to change JavaDeserialization Util to JavaDeserialization mixin
instead
- Changed the fail reason when the connection is unsuccessful
2022-07-08 02:30:26 +02:00
52ac281991
change wording in fail_with()
2022-07-07 18:05:56 -05:00
7d32338702
remove ARTIFACTS_ON_DISK from weblogic_deserialize_asyncresponseservice notes
2022-07-07 05:26:59 -07:00
50ca5f0ce2
Add description
2022-07-05 00:25:07 +02:00
0ea033be55
Add module for jboss remoting unified invoker RCE
2022-07-01 21:39:42 +02:00
48598b8c5b
correct CVE and add linting for weblogic_deserialize_asyncresponseservice
2022-07-01 10:27:51 -04:00
9087f86cce
exploit/multi/misc/nomad_exec: Fix notes for SideEffects and Reliability
2022-06-28 17:02:51 +10:00
1349a7c486
More redundant cleanup calls
2022-03-11 12:22:27 +11:00
c3465a8ad8
Fix whitespace EOL for msftidy
2022-03-10 11:16:01 +11:00
9761d68c19
Rename stop_service to cleanup_service for services that use reference counting
2022-03-10 10:28:25 +11:00
1494f804e7
Fix bug in java_rmi_server which would unilaterally close the HTTP server
2022-03-10 09:29:45 +11:00
5bbe934db9
Add QEMU Monitor HMP 'migrate' Command Execution module
2022-02-07 17:48:27 +00:00
28e358066b
Fixed typo
...
Extraneous `.`. Thanks, macOS!
2021-09-04 14:34:05 -07:00
2bfc8d35d0
Defined capability flags in comment
...
Added descriptive comment for included capability flags.
2021-09-04 14:32:30 -07:00
5742e1c20e
Add DFLAG_BIG_CREATION to capability flags
...
I have been having trouble with this module (and other projects) using the included set of capability flags (0x3499c) on a specific host. I took some time to analyze the problem and it appears to be with the included flag set. In my case (and I suspect others'), the target node was rejecting the client with "not_allowed". After testing I found that simply adding DFLAG_BIG_CREATION (0x40000) allowed this exploit to work, both on the host I was having trouble with, and an older one where this (unmodified) exploit was working. Breakdown of flags is below.
```
0x0007499c == 0b0000 0000 0111 0100 1001 1001 1100
| ||| | | | | | ||-- DFLAG_EXTENDED_REFERENCES
| ||| | | | | | |-- DFLAG_DIST_MONITOR
| ||| | | | | |-- DFLAG_FUN_TAGS
| ||| | | | |-- DFLAG_NEW_FUN_TAGS
| ||| | | |-- DFLAG_EXTENDED_PIDS_PORTS
| ||| | |-- DFLAG_NEW_FLOATS
| ||| |-- DFLAG_SMALL_ATOM_TAGS
| |||-- DFLAG__UTF8_ATOMS
| ||-- DFLAG_MAP_TAG
| |-- **DFLAG_BIG_CREATION**
|-- DFLAG_HANDSHAKE_23
```
2021-09-01 10:45:41 -07:00
4a9a15e638
Run Rubocop layout rules on modules
2021-08-27 17:19:43 +01:00
1789c7b070
Adding notes to Nomad Module
2021-06-14 10:39:23 -05:00
359b47a146
AutoCheck + JSON Parsing + WfsDelay
2021-05-19 13:42:59 -05:00
20415172a4
Support additional payload parameters
2021-05-18 09:39:46 -05:00
7427c68057
Add HashiCorp Nomad Job Exploit
2021-05-17 16:16:21 -05:00
dcf457f7e9
Fix a typo in Eclipse Equinox product name
...
The osgi_console_exec module docs had a few stray characters for the
product name and description. The product name confused me when
googling for this module.
2021-04-23 11:57:48 +01:00
8d2e644f4f
Add a new Java Deserialization mixin and use it to set the shell
2021-03-11 12:09:29 -06:00
319f15d938
Handle nil versions for rubygems 4
2021-02-25 16:47:49 +00:00
b06c5c12aa
Rubocop recently landed modules continued
2021-02-25 14:13:40 +00:00
5b3fde7735
Rubocop recently landed modules
2021-02-16 15:08:08 +00:00
bed7ae2c78
Add latest rubocop rules
2021-02-12 13:31:51 +00:00
85a9accbee
Land #14202 , Add initial zeitwerk autoloader approach for lib/msf/core
2020-12-08 12:53:02 +00:00
45ce738af7
add default payload for targets, run rubocop
2020-12-07 16:17:12 -06:00
1617b3ec9b
Use zeitwerk for lib/msf/core folder
2020-12-07 10:31:45 +00:00
4f7329d93d
Remove EOL spaces from consul_service_exec.rb
2020-11-18 09:09:55 +00:00
6f1365b75d
Add Windows support to consul_service_exec.rb
...
Added Windows to the 'Targets' list with CmdStagerFlavor psh_invokewebrequest. Generalised the payload delivery to allow for both Windows and the existing Linux payloads.
2020-11-17 15:37:55 +00:00
30809787c4
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
26ff912291
Fix invalid disclosure date formats
2020-10-02 12:20:05 +01:00
f08349982d
Use CheckModule scanner in java_rmi_server exploit
2020-08-24 10:11:03 -05:00
b841246536
Update autocheck to use prepend instead of include, add ForceExploit functionality
2020-06-30 11:40:46 +01:00
1a2bf98222
creates standard elog & updates exisiting usages
2020-06-22 12:48:39 +01:00
b7dd7b3f7a
remove old version, rubocop
2020-06-02 14:24:18 -05:00
ffd79ff8cc
add exploit for most versions
2020-06-01 09:41:56 -05:00
8473662e32
Land #13463 , Oracle WebLogic CVE-2020-2555 exploit
2020-05-20 23:21:07 -05:00
abff1cd731
change true to false
2020-05-19 14:59:47 -05:00
378fe767b5
randomize class name
2020-05-19 14:35:36 -05:00
8f43ffa8e3
change title
2020-05-19 13:59:27 -05:00
6657d3480e
remove returns, add autocheck
2020-05-19 13:47:39 -05:00
837f307740
rubocop fixes
2020-05-19 13:12:23 -05:00
d86e008914
Update modules/exploits/multi/misc/weblogic_deserialize_badattrval.rb
...
Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com >
2020-05-19 12:29:56 -05:00
c51a32eaf2
Update modules/exploits/multi/misc/weblogic_deserialize_badattrval.rb
...
Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com >
2020-05-19 12:29:41 -05:00
5857c80f47
Update modules/exploits/multi/misc/weblogic_deserialize_badattrval.rb
...
Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com >
2020-05-19 12:29:17 -05:00
Jack Heysel