adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
44,325 Commits 27 Branches 1,043 Tags
3cd287ddd640fb22bcce80c66c13c8636b980310
Commit Graph

2485 Commits

Author SHA1 Message Date
Adam Cammack 4219959c6d Bump ranking to Excellent 2017-11-15 15:00:47 -06:00
Steven Patterson df2b62dc27 Add Mako Server CMD injection Linux support, update docs, move to multi 2017-11-10 16:28:39 -05:00
Patrick Webster 2f6da89674 Change author name to nick. 2017-11-09 03:00:24 +11:00
Brent Cook cfeb0b7bda prefer threadsafe sleep here 2017-11-06 01:37:09 -06:00
Brent Cook 897b5b5dd1 revert passive handler stance 2017-11-06 01:37:09 -06:00
Jeffrey Martin 43b67fe80b remove errant bracket, formatting update 2017-10-26 15:01:53 -05:00
Jeffrey Martin f2cba8d920 Land #8933, Web_Delivery - Merge regsvr32_applocker_bypass_server & Add PSH(Binary) 
This restores the original PR
 2017-10-25 16:29:11 -05:00
Jeffrey Martin ca28abf2a2 Revert "Land #8933, Web_Delivery - Merge regsvr32_applocker_bypass_server & Add PSH(Binary)" 
This reverts commit 4999606b61, reversing
changes made to 4274b76473.
 2017-10-25 16:19:14 -05:00
Jeffrey Martin 0a858cdaa9 Revert "fix my comments from #8933" 
This reverts commit 02a2839577.
 2017-10-25 16:13:00 -05:00
Jeffrey Martin 02a2839577 fix my comments from #8933 2017-10-25 14:46:41 -05:00
Jeffrey Martin 4999606b61 Land #8933, Web_Delivery - Merge regsvr32_applocker_bypass_server & Add PSH(Binary) 2017-10-25 12:44:04 -05:00
Jeffrey Martin cfaa34d2a4 more style cleanup for tomcat_jsp_upload_bypass 2017-10-11 15:53:35 -05:00
Jeffrey Martin 9885dc07f7 updates for style 2017-10-11 15:29:47 -05:00
root 03e7797d6c fixed msftidy errors and added documentation 2017-10-11 07:57:01 -04:00
peewpw facc38cde1 set timeout for DELETE request 2017-10-09 21:53:31 -04:00
peewpw be8680ba3d Create tomcat_jsp_upload_bypass.rb 
Created a module for CVE-2017-12617 which uploads a jsp payload and executes it.
 2017-10-08 21:48:47 -04:00
h00die 7535fe255f land #8736 RCE for orientdb 2017-10-06 14:35:42 -04:00
William Vu 98ae054b06 Land #8931, Node.js debugger exploit 2017-09-25 14:00:13 -05:00
g0tmi1k 1ee590ac07 Move over to rex-powershell and version bump 
Version bump for:
- https://github.com/rapid7/rex-powershell/pull/10
- https://github.com/rapid7/rex-powershell/pull/11
 2017-09-25 13:45:06 +01:00
Tod Beardsley 5f66b7eb1a Land #8940, @h00die's second round of desc fixes 
One ninja edit along the way as well.
 2017-09-11 13:05:13 -05:00
Patrick Thomas 2966fb7c8c Accept @shawizard suggestion for formatting msg_body 2017-09-10 11:23:52 -07:00
Brent Cook 54a62976f8 update versions and add quick module docs 2017-09-08 13:59:29 -05:00
William Vu 978fdb07b0 Comment out PSH target and explain why 
I hope we can fix the PSH target in the future, but the Windows dropper
works today, and you can specify a custom EXE if you really want.
 2017-09-08 13:41:06 -05:00
Pearce Barry 2ebf53b647 Minor tweaks... 2017-09-08 10:04:47 -05:00
h00die 00c593e0a2 55 pages of spelling done 2017-09-07 21:18:50 -04:00
William Vu a9a307540f Assign cmd to entire case and use encode for XML 
Hat tip @acammack-r7. Forgot about that first syntax!
 2017-09-07 19:36:08 -05:00
William Vu 8f1e353b6e Add Apache Struts 2 REST Plugin XStream RCE 2017-09-07 19:30:48 -05:00
g0tmi1k accb77d268 Add PSH (Binary) as a target to web_delivery 2017-09-07 10:55:29 +01:00
Patrick Thomas 5d009c8d0b remove dead code 2017-09-06 23:21:56 -07:00
Patrick Thomas 048316864c remove redundant return 2017-09-06 23:01:13 -07:00
Patrick Thomas 97d08e0da4 fix reviewer comments 2017-09-06 22:53:02 -07:00
Patrick Thomas d71f7876b8 initial commit of nodejs debugger eval exploit 2017-09-06 22:29:24 -07:00
g0tmi1k 96f7012fe7 Code clean up (URLs, ordering and printing) 2017-09-06 13:17:28 +01:00
g0tmi1k b884705a93 regsvr32_applocker_bypass_server -> web_delivery 2017-09-06 12:35:52 +01:00
g0tmi1k e7b4cb71b1 Add PSH-Proxy to multi/script/web_delivery 2017-09-06 12:27:04 +01:00
Pearce Barry 6051a1a1c1 Land #8910, Use meta redirect instead of JS redirect in 2 modules 2017-09-01 13:50:02 -05:00
Tod Beardsley 86db2a5771 Land #8888 from @h00die, with two extra fixes 
Fixes spelling and grammar in a bunch of modules. More to come!
 2017-08-31 14:37:02 -05:00
james 49173818fd Addresses #8674 
This type of redirection will work without javascript being enabled.

Modules:
multi/browser/firefox_xpi_bootstrapped_addon
multi/browser/itms_overflow

More info on the meta element:
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/meta
 2017-08-30 23:16:46 -05:00
Brent Cook 202c936868 Land #8826, git submodule remote command execution 2017-08-29 18:11:32 -05:00
Brent Cook 46eeb1bee0 update style 2017-08-29 17:44:39 -05:00
Tim 39299c0fb8 randomize submodule path 2017-08-29 16:54:08 +08:00
h00die a40429158f 40% done 2017-08-28 20:17:58 -04:00
n00py 8f17d536a7 Update phpmailer_arg_injection.rb 
Removed second parameter as it was not necessary.  Only changed needed was to change "send_request_cgi" to "send_request_cgi!"
 2017-08-24 00:29:28 -06:00
n00py c49b72a470 Follow 301 re-direct 
I found that in some cases, the trigger URL cannot be accessed directly.  For example, if the uploaded file was example.php, browsing to "example.php" would hit a 301 re-direct to "/example".  It isn't until hitting "/example" that the php is executed.  This small change will just allow the trigger to follow one 301 redirect.
 2017-08-23 18:53:54 -06:00
Brent Cook 821121d40b Land #8871, improve compatibility and speed of JDWP exploit 2017-08-23 18:53:47 -05:00
Brent Cook 128949217e more osx 2017-08-22 16:48:09 -05:00
Brent Cook bb120962aa more osx support 2017-08-22 14:01:48 -05:00
Brent Cook 7263c7a66e add 64-bit, osx support 2017-08-22 13:51:28 -05:00
Louis Sato e01caac9ed removing slice operators from jdwp_debugger 2017-08-21 16:36:54 -05:00
Brent Cook edbe8d73c2 Revert "Revert passive stance for multi/handler" 
This reverts commit 66a4ea4f0b.
 2017-08-21 16:14:23 -05:00