adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
56,079 Commits 27 Branches 1,043 Tags
1116635477d8d168131048e52d055eeac7b0630a
Commit Graph

3372 Commits

Author SHA1 Message Date
L 1116635477 fixed 2020-04-27 10:50:09 -05:00
L 0516f6e5de Add shiro_rememberme_v124_deserialize Module 2020-04-27 10:50:09 -05:00
William Vu 823c29a127 Update post-RuboCop style in my recent modules 
Mostly 80 columns (yeah, I know) and additional whitespace to complement
the lack of alignment.
 2020-04-22 10:52:00 -05:00
William Vu 7fe0d4ddad Add another blank line 2020-04-17 11:05:01 -05:00
William Vu 4952ec3e5b Fix RuboCop's mistakes in recently landed modules 2020-04-17 10:21:17 -05:00
Alan Foster f2c3fc5f00 Rubocop recently landed modules 2020-04-17 11:55:04 +01:00
William Vu 287ce98155 Don't be lazy anymore and pack lengths as shorts 2020-04-15 15:47:51 -05:00
William Vu 3f8bff2b5a Fix bad regex on length of "Metasploit" string 
It won't match a char because it's a newline. While sticking "m" on the
end of the regex would work, there is zero reason we can't hardcode the
length, since the string is fixed.

irb(main):001:0> "\nhi" =~ /.hi/
=> nil
irb(main):002:0> "\nhi" =~ /.hi/m
=> 0
irb(main):003:0>
 2020-04-15 15:47:50 -05:00
William Vu 4bf2c5edf8 Rename exploit_class to constructor_class 2020-04-15 15:47:50 -05:00
William Vu 79501472ae Wrap jenkins_metaprogramming Base64 at 80 columns 
I think I chose Rex::Text::DefaultWrap (60 columns) before to offer a
consistent wrap regardless of indentation. Kind of a dumb waste of
space.
 2020-04-15 15:47:50 -05:00
William Vu 80817204c9 Improve jenkins_metaprogramming here docs 
Hat tip @adfoster-r7 for the indirect reminder!
 2020-04-15 15:47:50 -05:00
William Vu a73a542399 Add a comment to appease the @gwillcox-r7 god 2020-04-14 23:10:28 -05:00
William Vu c02f74637f Update print and comments 2020-04-14 23:06:38 -05:00
William Vu 0dedf9225e s/for/of/ 2020-04-14 22:56:09 -05:00
William Vu c95823d71d Comment convenience method 2020-04-14 22:07:13 -05:00
William Vu 8f4aa7b761 Comment more comments 2020-04-14 22:04:25 -05:00
William Vu 99c5912cc7 Comment another comment and move stuff around 2020-04-14 21:59:43 -05:00
William Vu b9382230f6 Comment my comments to myself 2020-04-14 21:41:51 -05:00
William Vu c9c3f87203 Note tested version in module 2020-04-14 14:01:59 -05:00
William Vu 5fbaf87c96 Move ClassLoader to HTTP::ClassLoader 
Also note the SSL workaround.
 2020-04-14 14:01:18 -05:00
William Vu 9b59a8e194 Be more verbose and validate classloader server 2020-04-14 14:01:18 -05:00
William Vu 06f54765c3 Remove res.code == 200 check again 
It really isn't necessary when we're looking for just the header.
 2020-04-14 14:01:18 -05:00
William Vu 6f77f27ed5 Move deregister_options from module to mixin 
Whoops, forgot this.
 2020-04-14 14:01:18 -05:00
William Vu c21bb7e9dd Bump a CheckCode to Detected 
We get the Liferay-Portal header.
 2020-04-14 14:01:18 -05:00
William Vu 69e1714d9a Don't be lazy anymore and pack lengths as shorts 2020-04-14 14:01:18 -05:00
William Vu db15baa257 Rename to Msf::Exploit::Remote::Java::ClassLoader 2020-04-14 14:01:18 -05:00
William Vu 673e13d8cb Unzero the lengths I zeroed so it works 2020-04-14 14:01:18 -05:00
William Vu 950a0d57db Fix bad regex in Liferay module, too, duh 2020-04-14 14:01:18 -05:00
William Vu d7cf08d5f3 Convert Java classloading code into a mixin 2020-04-14 14:01:18 -05:00
William Vu d920bb4615 Fix bad regex on length of "Metasploit" string 
It won't match a char because it's a newline. While sticking "m" on the
end of the regex would work, there is zero reason we can't hardcode the
length, since the string is fixed.

irb(main):001:0> "\nhi" =~ /.hi/
=> nil
irb(main):002:0> "\nhi" =~ /.hi/m
=> 0
irb(main):003:0>
 2020-04-14 14:01:17 -05:00
William Vu 83d5a673ac Rename exploit_class to constructor_class 2020-04-14 14:01:17 -05:00
William Vu a98215d27e Relax regex in case of Enterprise Edition (EE) 
I don't know what the regex would be, since I don't have EE.
 2020-04-14 14:01:17 -05:00
William Vu 5e65bb2a6a Document remote classloading files 2020-04-14 14:01:17 -05:00
William Vu 96242a99a1 Document the magic 2020-04-14 14:01:17 -05:00
William Vu d220c1045e Refactor check for precision 2020-04-14 14:01:17 -05:00
William Vu 8297f77d0a Update vuln discoverer to Markus Wulftange 
Wasn't in the original blog post, but it's in the vendor advisory.
 2020-04-14 14:01:17 -05:00
William Vu c475ddac52 Add vendor advisory to references 2020-04-14 14:01:17 -05:00
William Vu 0c8ee27613 Add Liferay Portal Java Unmarshalling RCE 2020-04-14 14:01:17 -05:00
Spencer McIntyre bea42876ee Land #13067, PlaySMS template injection RCE 2020-04-03 10:22:35 -04:00
Spencer McIntyre bd835e8f2d Cleanup more status methods and move the module 2020-04-03 10:21:27 -04:00
bwatters-r7 859eda92bb Land #12759, Apache Solr Remote Code Execution via Velocity Template 
Merge branch 'land-12759' into upstream-master
 2020-04-02 11:23:33 -05:00
Pedro Ribeiro d904eed010 add badchars for various targets 2020-03-30 12:49:58 +07:00
ide0x90 861b79bce7 Added new targets and made documentation consistent 2020-03-29 00:33:24 +08:00
Pedro Ribeiro 59c2079aa4 split AIX and Linux cmd targets 2020-03-28 14:35:24 +07:00
Pedro Ribeiro 46286f8981 change to payload.encoded 2020-03-28 14:30:20 +07:00
Pedro Ribeiro 2ac177cb39 make changes for ARCH_CMD, add multiple targets 2020-03-28 14:22:21 +07:00
Pedro Ribeiro 6a6b99885d Add ARCH_CMD, tested and working 2020-03-28 13:55:09 +07:00
Pedro Ribeiro 5ac0145bb4 Update modules/exploits/multi/misc/ibm_tm1_unauth_rce.rb 
Co-Authored-By: bcoles <bcoles@gmail.com>
 2020-03-28 11:04:31 +07:00
Pedro Ribeiro c4f05fb566 Update modules/exploits/multi/misc/ibm_tm1_unauth_rce.rb 
Co-Authored-By: bcoles <bcoles@gmail.com>
 2020-03-27 16:29:34 +07:00
Pedro Ribeiro 8139d0a1f1 change if to positive 2020-03-27 16:18:43 +07:00