adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
59,982 Commits 27 Branches 1,043 Tags
2a48dd265d8bb200ed6d2ead53700a52bbccee32
Commit Graph

2217 Commits

Author SHA1 Message Date
Spencer McIntyre aaf7e21def Update the microfocus_ucmdb_unauth_deser module to use the new mixin 
This updates the microfocus_ucmdb_unauth_deser module to use the new
Java Deserialization mixin. Unfortunately we do not have access to the
software for testing so these changes can not be verified.
 2021-03-11 12:09:29 -06:00
Spencer McIntyre d580e7d122 Fix some documentation, remove unnecessary code and fix a filename typo 2021-03-11 12:09:29 -06:00
Spencer McIntyre 8d2e644f4f Add a new Java Deserialization mixin and use it to set the shell 2021-03-11 12:09:29 -06:00
William Vu bcf7ad000b Add CheckModule to fingerprint VMware product 2021-03-05 17:25:37 -06:00
William Vu 33e52b0fb2 Update and refactor check 
Now with more science!
 2021-03-05 17:25:37 -06:00
William Vu 26f1c209b2 Add VMware vCenter Server CVE-2021-21972 exploit 2021-03-05 17:25:37 -06:00
dwelch-r7 319f15d938 Handle nil versions for rubygems 4 2021-02-25 16:47:49 +00:00
Alan Foster b06c5c12aa Rubocop recently landed modules continued 2021-02-25 14:13:40 +00:00
Spencer McIntyre 1d5a6e4a0b Land #14771, Add Apache Flink JAR Upload Java Code Execution 2021-02-23 09:19:56 -05:00
Brendan Coles 69031fa91f Add Apache Flink JAR Upload Java Code Execution 2021-02-22 23:00:57 +00:00
agalway-r7 8a339f54c1 Land #14734, updates and runs rubocop against recent modules 
Rubocop recently landed modules
 2021-02-19 13:48:47 +00:00
agalway-r7 275e9c5454 Land #14696, Further Zeitwerk lands to improve boot speed 
Zeitwerk rex folder
 2021-02-19 10:33:37 +00:00
Alan Foster 5b3fde7735 Rubocop recently landed modules 2021-02-16 15:08:08 +00:00
dwelch-r7 f6c3de5732 Land #14733, Add latest Rubocop rules 2021-02-12 16:18:13 +00:00
Alan Foster bed7ae2c78 Add latest rubocop rules 2021-02-12 13:31:51 +00:00
Christophe De La Fuente 85b7e85d0b Land #14671, Micro Focus Multiple Products Authenticated RCE (CVE-2020-11853) 2021-02-09 18:24:57 +01:00
Pedro Ribeiro 9881512833 Update modules/exploits/multi/http/microfocus_obm_auth_rce.rb 
Co-authored-by: cdelafuente-r7 <56716719+cdelafuente-r7@users.noreply.github.com>
 2021-02-09 14:18:47 +07:00
dwelch-r7 b95be3ed10 Zeitwerk rex folder 2021-02-08 12:24:12 +00:00
cgranleese-r7 3a2932b798 Migrate old uses of manual autocheck to use the new prepend autocheck 2021-02-02 10:15:46 +00:00
Pedro Ribeiro 7d9eb1e88b fix typo on LWSSO_COOKIE_KEY 2021-01-28 22:45:04 +07:00
Pedro Ribeiro c73fa70543 do the rubocop thing and add docs 2021-01-28 18:21:51 +07:00
Pedro Ribeiro a5725b823a add sploit 2021-01-28 17:41:06 +07:00
Pedro Ribeiro 191e772f06 fix issues highlighted by smcintyre-r7 2021-01-25 22:25:07 +07:00
Pedro Ribeiro fc0e221f5a add comment for self removal 2021-01-24 22:47:47 +07:00
Pedro Ribeiro 7220dc3ff6 add new note on broken payloads 2021-01-24 22:39:01 +07:00
Pedro Ribeiro 12157163f7 Merge branch 'obm_deser' into ucmdb 2021-01-24 22:25:57 +07:00
Pedro Ribeiro bf4ac7b1a8 add UCMDB sploit 2021-01-24 22:25:45 +07:00
h00die 7d7263cf1f spelling 2021-01-09 08:13:19 -05:00
h00die d8c55501a5 ait csv improter exploit 2021-01-01 12:14:52 -05:00
Grant Willcox 7de662c807 Land #14521, Struts2 Multi Eval OGNL RCE 2020-12-23 11:40:16 -06:00
Grant Willcox 70f8ff31f8 Update documentation to include missing extra options I forgot to document, edit the wording on the module to match the documentation, and do final touch ups. 2020-12-23 10:50:22 -06:00
Grant Willcox 8a932b847a Apply RuboCop edits 2020-12-22 17:57:38 -06:00
Grant Willcox 4a449f97d3 Land #14522, Replace hard-coded Shiro default key with ENC_KEY 2020-12-22 09:26:49 -06:00
Grant Willcox 7d0cb771a5 Apply RuboCop updates to module. 2020-12-21 17:31:24 -06:00
Grant Willcox 24e8aeffe5 Incorporate review feedback and update the associated documentation. 2020-12-21 17:29:21 -06:00
Christophe De La Fuente dc6b67f4c6 Land #14509, Fixes for Solr RCE 2020-12-18 21:51:06 +01:00
James Lee be3a1eb9d6 Guard against empty response 2020-12-16 18:25:17 -06:00
kai 9be1e8c295 replace hard-coded shiro default key with SHIROKEY 2020-12-16 11:03:30 +08:00
Spencer McIntyre 941ba923f7 Add missing module notes 2020-12-15 19:58:04 -05:00
Spencer McIntyre 3d7ed70cec Tweak the check method and add module docs 2020-12-15 19:49:29 -05:00
Spencer McIntyre 289605f532 Require that the user know the CVE since the check is questionable 2020-12-15 19:17:35 -05:00
Spencer McIntyre 9bdf591a98 Add a working command stager for CVE-2020-17530 2020-12-15 09:13:06 -05:00
Spencer McIntyre 7826cbb8de Initial addition of the Struts2 Double Eval exploit 2020-12-15 09:13:06 -05:00
James Lee f255724e01 Changes to support older Solr (tested 5.3.0) 
Use a new parameter instead of a header because older versions don't
have access to the request object.

There was an issue where the exploit would fail if the exec returned -1
despite the payload otherwise working, fixed by not trying to return
output in that case.

Also updates the documentation to reflect that we have a Java target now
and quoting is no longer a concern.
 2020-12-13 19:05:47 -06:00
William Vu 9696e709ae Remove unused vprint_status conditional 2020-12-09 22:48:16 -06:00
William Vu a33a6e6c55 Don't be lazy about checking the redirect 
And don't be lazy about sending the request.

To trigger UnexpectedExceptionPage, we can send bogus data instead of
telegraphing our payload-less gadget chain.

God, I'm so lazy. This took like five extra minutes. :|
 2020-12-09 21:09:49 -06:00
Shelby Pace d337d832b8 Land #14422, add GitLab file read/rce 2020-12-09 11:34:14 -06:00
Shelby Pace 941762b3c5 remove trailing commas 2020-12-09 11:29:00 -06:00
dwelch-r7 1617b3ec9b Use zeitwerk for lib/msf/core folder 2020-12-07 10:31:45 +00:00
alanfoster 835059f00c [CVE-2020-10977] Gitlab arbitrary file read to RCE 2020-12-07 01:26:54 +00:00