d135e7677b
Fix a couple of bugs in the k8s/exec module
2021-10-01 10:32:12 -04:00
250e40762d
Add the ability to create a new pod
2021-10-01 10:32:06 -04:00
a7aa255389
Update gitea git hooks rce check method
2021-10-01 01:11:11 +01:00
7e62ab92ce
Allow configuration via an established session
2021-09-30 16:54:01 -04:00
ea6761a3fa
Module cleanup and error handling
2021-09-30 16:54:01 -04:00
eb1507660f
Add support for direct websocket sessions
2021-09-30 16:54:01 -04:00
7536db1702
Add an initial kubernetes exec module
2021-09-30 16:54:01 -04:00
c86f52a3ec
Land #15679 , bug fix for tomcat_mgr_upload module not undeploying app after exploit
2021-09-21 03:34:43 +01:00
4bccc0541f
Add a note about exploitable versions
2021-09-16 17:08:23 -04:00
fd0f565095
Add automatic targeting for the CVEs
2021-09-16 15:15:52 -04:00
9f971e8716
Update the module for CVE-2021-3287
2021-09-16 12:58:30 -04:00
d1da74d329
bug fix to undeploy app after exploit
2021-09-15 21:54:21 -04:00
fb74888a31
Correct the CVE reference
2021-09-15 08:42:55 -04:00
d82ed7d4a2
Write up the module docs
2021-09-14 09:10:44 -04:00
3986707895
Add and test the remaining targets
2021-09-14 09:10:44 -04:00
d640866b68
Apply rubocop changes and fix all targets
2021-09-14 09:10:44 -04:00
d4834631c3
Add the generated YSoSerial gadget chain
2021-09-14 09:10:44 -04:00
02fde3ac51
Initial work on CVE-2021-3287
2021-09-14 09:10:44 -04:00
46718e3390
Run Rubocop layout rules on modules
2021-09-10 12:53:39 +01:00
28e358066b
Fixed typo
...
Extraneous `.`. Thanks, macOS!
2021-09-04 14:34:05 -07:00
2bfc8d35d0
Defined capability flags in comment
...
Added descriptive comment for included capability flags.
2021-09-04 14:32:30 -07:00
65aae010ce
more libs for moodle and teacher priv esc to rce module
2021-09-04 13:31:11 -04:00
77dff0fc13
working admin shell
2021-09-01 17:49:17 -04:00
3580920dde
moving more to libs
2021-09-01 17:36:38 -04:00
5742e1c20e
Add DFLAG_BIG_CREATION to capability flags
...
I have been having trouble with this module (and other projects) using the included set of capability flags (0x3499c) on a specific host. I took some time to analyze the problem and it appears to be with the included flag set. In my case (and I suspect others'), the target node was rejecting the client with "not_allowed". After testing I found that simply adding DFLAG_BIG_CREATION (0x40000) allowed this exploit to work, both on the host I was having trouble with, and an older one where this (unmodified) exploit was working. Breakdown of flags is below.
```
0x0007499c == 0b0000 0000 0111 0100 1001 1001 1100
| ||| | | | | | ||-- DFLAG_EXTENDED_REFERENCES
| ||| | | | | | |-- DFLAG_DIST_MONITOR
| ||| | | | | |-- DFLAG_FUN_TAGS
| ||| | | | |-- DFLAG_NEW_FUN_TAGS
| ||| | | |-- DFLAG_EXTENDED_PIDS_PORTS
| ||| | |-- DFLAG_NEW_FLOATS
| ||| |-- DFLAG_SMALL_ATOM_TAGS
| |||-- DFLAG__UTF8_ATOMS
| ||-- DFLAG_MAP_TAG
| |-- **DFLAG_BIG_CREATION**
|-- DFLAG_HANDSHAKE_23
```
2021-09-01 10:45:41 -07:00
e3115ba9e9
rubocop this thing
2021-08-29 17:18:06 -04:00
5ea2cf9e5a
moodle_admin_shell_upload working and minor other fixes
2021-08-29 16:59:44 -04:00
b969d57f22
admin shell upload initial commit
2021-08-29 10:51:58 -04:00
176c1f0751
moodle lib and module
2021-08-29 10:50:25 -04:00
d3b00aa10a
Merge branch 'cleanup_moodle' into moodle_310_rce
2021-08-29 07:15:01 -04:00
a35be13958
moodle 3.8.0 tested
2021-08-28 08:10:28 -04:00
3801c525c3
cleanup moodle_cmd_exec
2021-08-27 20:03:27 -04:00
cd24ad1bdf
lint
2021-08-27 19:53:45 -04:00
b9c9ed243a
lint
2021-08-27 19:51:52 -04:00
c0a8535764
moodle spellcheck rce
2021-08-27 19:51:52 -04:00
4a9a15e638
Run Rubocop layout rules on modules
2021-08-27 17:19:43 +01:00
c9bdd96c76
remove GIT_HOOK option
...
post-checkout is the only hook that will work
with this exploit, so no option is needed. Also update
the documentation to reflect that.
2021-08-12 10:18:13 -05:00
31cbcb7774
add notes to updated modules
2021-08-12 10:18:13 -05:00
70f304a548
change modules to use hash in build_commit_object
2021-08-12 10:18:13 -05:00
d0c0372596
add request / response classes
2021-08-12 10:18:12 -05:00
a4cc95448f
remove namespace
2021-08-12 10:18:12 -05:00
0fe761b838
modify options and add documentation
2021-08-12 10:18:12 -05:00
98ef499351
add git lfs and smart http changes
2021-08-12 10:18:11 -05:00
53187648c1
add module
...
also includes packfile obj metadata changes
2021-08-12 10:18:11 -05:00
d7161d0b90
add packfile, pkt line, and module code
2021-08-12 10:18:11 -05:00
d89554e995
add git mixin changes and usage in git exploits
2021-08-12 10:18:11 -05:00
3fb225c9c6
add wrapper methods for creating git objects
...
use methods in git_submodule_command_exec
2021-08-12 10:18:11 -05:00
ade653f0bf
Final fixup edits to change the timeout value to be an advanced option and also to use send_req_cgi
2021-08-05 13:10:24 -05:00
00cfdc4f17
Use Faker to generate a fake app name, add in option to specify timeout to server, and also fix Alan's remaining review comments
2021-08-05 09:46:34 -05:00
0d7d5ab93f
Switch over to Rex::MIME::Message to use our built in mixins, and also fix last remaining review comments
2021-08-02 11:17:26 -05:00
Spencer McIntyre