adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
48,210 Commits 27 Branches 1,043 Tags
34944ff5be0eec6cea29020fbf6fc4c19b55dbcb
Commit Graph

2705 Commits

Author SHA1 Message Date
William Vu 7c7f63df45 Fix missing normalize_uri in struts2_rest_xstream 
I missed this one previously. May not be necessary but nice to have.
 2018-08-30 15:56:43 -05:00
Jacob Robles 9d3e1c1942 Land #10540, weblogic_deserialize, add check method and linux target 2018-08-30 06:08:03 -05:00
Jacob Robles 3161beff69 Prefer opt hash 2018-08-29 14:56:31 -05:00
Jacob Robles bc4442694e Fix Windows target options, remove comspec 2018-08-29 14:23:00 -05:00
William Vu f6b868bac2 Prefer regex for target check in exploit method 
This is how I initially wrote it out, and I think I like it better.
Obviously we'll still check individual symbols in execute_command, since
some of the matching is disjoint.
 2018-08-28 15:56:45 -05:00
William Vu 3dec79da23 Add Windows ARCH_CMD target and refactor again 
Must have been an oversight that I didn't add the target.
 2018-08-28 15:03:41 -05:00
Jacob Robles 94e8cdac37 Move files to correct location 2018-08-28 12:38:54 -05:00
William Vu 7d21c2094e Improve PSH target and refactor check code 2018-08-27 20:18:35 -05:00
William Vu df5f4caaae Uncomment PSH target in struts2_rest_xstream 
I'm full of shit. It works.

msf5 exploit(multi/http/struts2_rest_xstream) > run

[*] Started reverse TCP handler on 192.168.56.1:4444
[*] Powershell command length: 2467
[*] Sending stage (206403 bytes) to 192.168.56.101
[*] Meterpreter session 1 opened (192.168.56.1:4444 -> 192.168.56.101:49691) at 2018-08-27 20:00:47 -0500

meterpreter > getuid
Server username: MSEDGEWIN10\IEUser
meterpreter > sysinfo
Computer        : MSEDGEWIN10
OS              : Windows 10 (Build 17134).
Architecture    : x64
System Language : en_US
Domain          : WORKGROUP
Logged On Users : 3
Meterpreter     : x64/windows
meterpreter >
 2018-08-27 20:01:00 -05:00
Brent Cook 47ca6c6a14 Land #10527, Fix msftdiy EDB link check, enable HTTPS 2018-08-27 10:49:20 -05:00
Jacob Robles 79b3e4564a Land #10487, add php5 session file target 2018-08-27 06:22:28 -05:00
Brendan Coles 9725e90ba7 Fix msftdiy EDB link check 2018-08-26 04:18:38 +00:00
William Vu 6df235062b Land #10505, post-auth and default creds info 2018-08-24 18:08:15 -05:00
Jacob Robles 7f3824b067 Additional path for Linux target 2018-08-24 07:18:24 -05:00
Wei Chen 3d0d8f7773 Update false negatives on post auth information 2018-08-20 15:43:07 -05:00
Chirag Jariwala b9809d9435 Added support for php5 as target 
location of the session file in php5 is /var/lib/php5/sess_file
 2018-08-20 03:47:04 +05:30
William Vu 60c0272270 Make style consistent 2018-08-15 21:27:40 -05:00
Kevin Kirsche cd01f11fd2 Remove verifying host keys for all exploits 2018-08-15 14:54:41 -07:00
Wei Chen d9fc99ec4a Correct false negative post_auth? status 2018-08-09 23:34:03 -05:00
Wei Chen 6223685c37 Update auth requirement for json metadata 2018-08-07 16:42:00 -05:00
Jacob Robles 6c11d5800f Register files on same line 2018-07-31 10:03:59 -05:00
Jacob Robles 569ddd9d59 Remove files from application 2018-07-31 09:47:39 -05:00
Jacob Robles 952ab801e8 Land #10060, vTiger CRM v6.3.0 Upload RCE 2018-07-30 12:32:24 -05:00
Jacob Robles 62f663207b Change option type 2018-07-30 12:15:59 -05:00
Jacob Robles fe9315dc89 Update module, Add documentation 2018-07-30 12:11:08 -05:00
Wei Chen 72d634b10b Update module and its documentation 2018-07-26 23:08:20 -05:00
Shelby Pace be1bf8b1fc modified status 2018-07-26 15:41:19 -05:00
Shelby Pace 6accca4181 added documentation and check method 2018-07-26 15:32:37 -05:00
Shelby Pace ed4c4046ba parsing for uploaded file, gets session 2018-07-26 14:23:24 -05:00
Shelby Pace c23ffcbf62 successfully uploads payload and gets a session 2018-07-26 11:09:01 -05:00
Shelby Pace 8f89275df8 authenticating to WordPress 2018-07-25 14:22:24 -05:00
Shelby Pace 668bcb38cb metadata setup 2018-07-25 11:29:47 -05:00
Brendan Coles 19239c72c0 Update cmsms_upload_rename_rce check and docs 2018-07-19 18:26:42 +00:00
Wei Chen 28e3f3a5f0 Land #10327, Add CMS Made Simple Upload/Rename Authenticated RCE 2018-07-19 12:18:12 -05:00
Wei Chen c5ac4c791f Make changes based on community feedback 2018-07-19 12:17:02 -05:00
Jacob Robles 08e33cad0c Spelling fix 2018-07-17 20:12:37 -05:00
Jacob Robles 20905d1ca1 Fix syntax error 2018-07-17 18:48:07 -05:00
Jacob Robles a24666a00a msftidy fixes 2018-07-17 18:28:33 -05:00
Jacob Robles 1e004769ca CMS Made Simple Upload/Rename Authenticated RCE 2018-07-17 09:00:39 -05:00
William Vu 9a7c34e6e9 Land #10064, Claymore Dual Miner API RCE 2018-07-16 18:02:20 -05:00
William Vu 2f37482535 Land #10278, gitlist_arg_injection fixes 2018-07-12 19:03:52 -05:00
asoto-r7 1a3a4ef5e4 Revised 88 aux and exploit modules to add CVEs / references 2018-07-12 17:34:52 -05:00
Shelby Pace 1ded8ffb29 Land #10260, Add phpMyAdmin v4.8.1/4.8.0 LFI RCE 2018-07-11 11:10:52 -05:00
Shelby Pace 10cd6c99d9 Land #10231, Monstra Fileupload Exec 2018-07-10 14:23:15 -05:00
Shelby Pace 07dca243ff changed grammar, removed redundant code 2018-07-10 14:13:57 -05:00
Shelby Pace 171fa562a3 added parsing for repos in Gitlist source 2018-07-10 11:32:46 -05:00
Shelby Pace 5776b64a1b modified exploit 2018-07-09 13:56:33 -05:00
Shelby Pace f5e40b14a3 removed double eval as suggested 2018-07-09 13:24:31 -05:00
Jacob Robles 4f039de2fc Fix CVE numbers 2018-07-09 13:22:08 -05:00
Shelby Pace 44b9798afb modified regex, id=filesmanager lines 2018-07-09 10:55:29 -05:00