adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

515 Commits

Author SHA1 Message Date
h00die 3da170a43c smcintyre-r7 recommendation for better payload handling 2024-03-22 17:04:06 -04:00
h00die f6b65993ac ipynb vscode exploit 2024-03-22 16:26:03 -04:00
Spencer McIntyre b31abcc9b2 Mark unix encoders as compatible with linux 
Fixes #18572
 2024-01-19 13:40:43 -05:00
sfewer-r7 ea21036995 reduce nesting in the check routine 2023-11-06 09:42:59 +00:00
sfewer-r7 4272678938 reduce the indentation in on_request_uri 2023-11-06 09:36:20 +00:00
sfewer-r7 fa8c40072c ensure the payload doesnt contain a CDATA closing tag, if found then fail before we attempt exploitation 2023-11-06 09:36:20 +00:00
sfewer-r7 24810183ca add in a unix target as ActiveMQ can run on OSX 2023-11-02 10:25:45 +00:00
sfewer-r7 94b5211525 set exploit Stance to Agressive 2023-11-02 09:32:36 +00:00
sfewer-r7 df040b30aa typos and improve comments 2023-11-01 17:59:00 +00:00
sfewer-r7 a408181def Add initial work on exploit module for CVE-2023-46604 2023-11-01 17:34:30 +00:00
sjanusz-r7 1140efc8b4 Support adding encrypted files to archives & jars 2023-10-13 14:42:10 +01:00
space-r7 63115c9415 Land #17857, add T3S support for weblogic modules 2023-04-27 11:37:37 -05:00
adfoster-r7 aef2b8d314 Land #17804, Fix incorrect module metadata CI and add validation automation 2023-04-13 15:11:46 +01:00
Steve E 67b98b5120 merge tested exploits 2023-04-06 15:42:39 +01:00
Steve E f0189cc886 revert another get_once 2023-04-06 11:43:50 +01:00
Steve E 656c562816 Added notes, revert to get_once 2023-04-06 11:01:32 +01:00
Steve Embling cc79fe039a Merge branch 'rapid7:master' into weblogic-t3s-support 2023-04-06 10:38:29 +01:00
cgranleese-r7 c3a7da54d5 reduces code duplication 2023-04-04 10:27:11 +01:00
adfoster-r7 d04c8e1bce Update broken secunia references 2023-03-23 10:43:57 +00:00
adfoster-r7 656ded4b86 Add module notes 2023-02-08 15:46:07 +00:00
adfoster-r7 25ee41df68 Run rubocop on exploit modules 2023-02-08 15:20:32 +00:00
Steve E b67f001e2a post-testing typo fix 2023-01-12 20:02:20 +00:00
Steve E 1afecd0884 force t3 over ssl option 2023-01-12 19:42:55 +00:00
Steve E 990d5ccfad Action linter warnings in changes 2023-01-09 21:17:22 +00:00
Steve Embling 16c176dbe0 Accept protocol option change to optenum from optstring 
Co-authored-by: bcoles <bcoles@gmail.com>
 2023-01-10 12:54:28 +00:00
Steve Embling a368f76a2a Update weblogic_deserialize_badattrval.rb 2023-01-10 10:47:31 +00:00
Steve E 60bfa329fa Add t3s protocol support to weblogic_deserialize_badattrval 2023-01-09 18:47:43 +00:00
Maik Ro 330cb2944b fix typo 
OptString.new('FILENAME', [true, 'The OpoenOffice Text document name', 'msf.odt']) -> OpoenOffice changed to OpenOffice
 2022-11-30 22:10:18 +01:00
Jack Heysel 52fd45b7ab Land #16744 Jboss EAP/AS RCE module 
This module exploits a Java deserialization vulnerability
in JBOSS EAP/AS Remoting Unified Invoker interface for
versions 6.1.0 and prior.
 2022-07-12 10:49:22 -04:00
Jack Heysel 7df6d73741 Added new line to end of file 2022-07-12 09:08:19 -04:00
Jack Heysel 44abcfcb28 Added flavour to fix linux_dropper 2022-07-12 09:06:06 -04:00
Heyder Andrade 2f7cf90b7f mixin didn't work with linux_dropper payload 
- Fixed exception handling variable attribution
- Tried to change JavaDeserialization Util to JavaDeserialization mixin
instead
- Changed the fail reason when the connection is unsuccessful
 2022-07-08 02:30:26 +02:00
space-r7 52ac281991 change wording in fail_with() 2022-07-07 18:05:56 -05:00
kalba-security 7d32338702 remove ARTIFACTS_ON_DISK from weblogic_deserialize_asyncresponseservice notes 2022-07-07 05:26:59 -07:00
Heyder Andrade 50ca5f0ce2 Add description 2022-07-05 00:25:07 +02:00
Heyder Andrade 0ea033be55 Add module for jboss remoting unified invoker RCE 2022-07-01 21:39:42 +02:00
kalba-security 48598b8c5b correct CVE and add linting for weblogic_deserialize_asyncresponseservice 2022-07-01 10:27:51 -04:00
bcoles 9087f86cce exploit/multi/misc/nomad_exec: Fix notes for SideEffects and Reliability 2022-06-28 17:02:51 +10:00
Ashley Donaldson 1349a7c486 More redundant cleanup calls 2022-03-11 12:22:27 +11:00
Ashley Donaldson c3465a8ad8 Fix whitespace EOL for msftidy 2022-03-10 11:16:01 +11:00
Ashley Donaldson 9761d68c19 Rename stop_service to cleanup_service for services that use reference counting 2022-03-10 10:28:25 +11:00
Ashley Donaldson 1494f804e7 Fix bug in java_rmi_server which would unilaterally close the HTTP server 2022-03-10 09:29:45 +11:00
Brendan Coles 5bbe934db9 Add QEMU Monitor HMP 'migrate' Command Execution module 2022-02-07 17:48:27 +00:00
Mike Brown 28e358066b Fixed typo 
Extraneous `.`. Thanks, macOS!
 2021-09-04 14:34:05 -07:00
Mike Brown 2bfc8d35d0 Defined capability flags in comment 
Added descriptive comment for included capability flags.
 2021-09-04 14:32:30 -07:00
Mike Brown 5742e1c20e Add DFLAG_BIG_CREATION to capability flags 
I have been having trouble with this module (and other projects) using the included set of capability flags (0x3499c) on a specific host. I took some time to analyze the problem and it appears to be with the included flag set. In my case (and I suspect others'), the target node was rejecting the client with "not_allowed". After testing I found that simply adding DFLAG_BIG_CREATION (0x40000) allowed this exploit to work, both on the host I was having trouble with, and an older one where this (unmodified) exploit was working. Breakdown of flags is below.

```
0x0007499c == 0b0000 0000 0111 0100 1001 1001 1100
                   |       |||  |   |  | |  | ||-- DFLAG_EXTENDED_REFERENCES
                   |       |||  |   |  | |  | |-- DFLAG_DIST_MONITOR
                   |       |||  |   |  | |  |-- DFLAG_FUN_TAGS
                   |       |||  |   |  | |-- DFLAG_NEW_FUN_TAGS 
                   |       |||  |   |  |-- DFLAG_EXTENDED_PIDS_PORTS 
                   |       |||  |   |-- DFLAG_NEW_FLOATS 
                   |       |||  |-- DFLAG_SMALL_ATOM_TAGS
                   |       |||-- DFLAG__UTF8_ATOMS
                   |       ||-- DFLAG_MAP_TAG 
                   |       |-- **DFLAG_BIG_CREATION**
                   |-- DFLAG_HANDSHAKE_23
```
 2021-09-01 10:45:41 -07:00
adfoster-r7 4a9a15e638 Run Rubocop layout rules on modules 2021-08-27 17:19:43 +01:00
Wyatt Dahlenburg 1789c7b070 Adding notes to Nomad Module 2021-06-14 10:39:23 -05:00
Wyatt Dahlenburg 359b47a146 AutoCheck + JSON Parsing + WfsDelay 2021-05-19 13:42:59 -05:00
Wyatt Dahlenburg 20415172a4 Support additional payload parameters 2021-05-18 09:39:46 -05:00