adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

1489 Commits

Author SHA1 Message Date
holdonasec 1064aa3f55 Suggested changes 
- Remove unused `test` variable

 - Update `print` to `print_line`

 - Use `Rex` for base64 encoding
 2019-07-17 14:29:57 -04:00
holdonasec b9c2ec60f5 Add DNN Cookie Deserialization RCE Exploit 2019-07-16 12:16:53 -04:00
Jacob Robles efc61a4934 Use cmdstager 2019-06-26 10:15:25 -05:00
Jacob Robles 7c3e566a23 Update check 
Handle nil error code and fix version extraction based
on both of the possible Apache Tika return pages.
 2019-06-26 10:15:25 -05:00
Wei Chen 2fb129ad41 Allow check in exploit to be optional 2019-06-25 17:13:55 -05:00
Wei Chen 16cfd3f4ac Fix typos 2019-06-18 15:49:40 -05:00
Wei Chen 585a4340b2 Add exploit for CVE-2019-0232: Apache Tomcat CGIServlet RCE 2019-06-18 15:28:11 -05:00
Wei Chen fcd360891f Check #attributes for nil, and make sure target is oats console 2019-05-24 10:06:47 -05:00
Wei Chen 388a391b9a Update oats_weblogic_console and its doc 2019-05-22 15:14:17 -05:00
Wei Chen 6cd943e0ce Sometimes attributes could be nil if hitting an unexpected page 2019-05-20 10:48:29 -05:00
Wei Chen 5a46fdf535 Find frsc value from hidden input instead of using rkelly (js) 2019-05-18 19:25:44 -05:00
Wei Chen 592b8302ab Make sure to calls super for setup, also update doc for output 2019-05-18 18:08:25 -05:00
Wei Chen c2567f2ee3 Fix bug on cleanup ready status & more verbose 2019-05-18 17:50:29 -05:00
Wei Chen 40d4b3dfd3 Add doc and update the module title 2019-05-16 16:31:25 -05:00
Wei Chen 39b8dce342 Update the description 2019-05-16 16:25:23 -05:00
Wei Chen 27554cf19a Add the completed version of oats_weblogic_console.rb 2019-05-16 16:24:31 -05:00
Wei Chen 03dbb2fc2c Work in progress for oats_weblogic_console 2019-05-10 13:27:08 -05:00
William Vu 496f270b30 Update use_single_quotes to wrap_double_quotes 2019-03-29 18:14:56 -05:00
h00die ff5b790028 apache tika exploit msftidy 2019-03-28 22:07:01 -04:00
h00die dc33998374 apache tika exploit 2019-03-28 22:05:05 -04:00
William Vu b7bc52d20b Fix HTTP/SMB mixin order to restore SSL option 
Mixin order matters. Mixins kinda suck.
 2019-01-29 11:09:34 -06:00
Wei Chen 27d6fffdad Land #11125, Import/generate ysoserial Java serialization objects 2019-01-15 17:09:56 -06:00
William Vu e9a8d5708a Land #11234, @bcoles revisionism 2019-01-11 20:15:34 -06:00
Brendan Coles 24f807490f revisionism 2019-01-10 19:19:14 +00:00
Jacob Robles 0c984fa232 Fix messages /successfuly/successfully 2019-01-09 06:32:22 -06:00
asoto-r7 60f3cfbb79 ysoserial: Cleaned up ysoserial payload in hp_imc_java_deserialize 2018-12-18 15:17:51 -06:00
asoto-r7 cd2dbf0edf ysoserial: Modified hp_imc_java_deserialize to use the library 2018-12-14 16:13:17 -06:00
asoto-r7 0f82b207c4 hp_imc_java_deserialize: Repro steps for JSONSS ysoserial payload sections 2018-12-03 17:03:04 -06:00
asoto-r7 3f930ff141 hp_imc_java_deserialize: Default WfsDelay to 10 seconds to increase reliability 2018-12-03 16:36:37 -06:00
Carsten Maartmann-Moe cbdcd367ee Minor print out mod 2018-11-16 20:31:34 +01:00
Brendan Coles 6f094799b6 Update modules/exploits/windows/http/hp_imc_java_deserialize.rb 
Print payload length

Co-Authored-By: carmaa <carsten@carmaa.com>
 2018-11-16 20:20:52 +01:00
Brendan Coles 709befea5c Update modules/exploits/windows/http/hp_imc_java_deserialize.rb 
Fixed if/else block return

Co-Authored-By: carmaa <carsten@carmaa.com>
 2018-11-16 20:19:23 +01:00
Carsten Maartmann-Moe 680393d4d6 Refined check method to actually verify vulnerability 2018-11-15 22:31:31 +01:00
Carsten Maartmann-Moe 541283a4dd Tidied up set_payload 2018-11-12 20:45:49 +01:00
Brendan Coles 0bdab320f7 Remove useless variable declaration 
Co-Authored-By: carmaa <carsten@carmaa.com>
 2018-11-12 12:04:22 +01:00
Carsten Maartmann-Moe e06af184c8 Tidy check method 2018-11-11 22:53:13 +01:00
Carsten Maartmann-Moe 8894af58de serialized, not deserialized... 2018-11-11 22:47:57 +01:00
Carsten Maartmann-Moe 1e8fbc3a1b Fixed indentation and added a status message printout when exploiting 2018-11-11 22:37:42 +01:00
Carsten Maartmann-Moe cf5ca78350 Added YSOSerial payload generating string 2018-11-11 22:15:30 +01:00
Brendan Coles 3770f121fe Changing result parsing style 
Co-Authored-By: carmaa <carsten@carmaa.com>
 2018-11-11 08:07:37 +01:00
Brendan Coles 951d3e1117 Changing result parsing style 
Co-Authored-By: carmaa <carsten@carmaa.com>
 2018-11-11 08:07:32 +01:00
Brendan Coles 446eec00b3 Remove disconnect 
Co-Authored-By: carmaa <carsten@carmaa.com>
 2018-11-11 08:04:43 +01:00
Brendan Coles 189c203e3d Remove handler 
Co-Authored-By: carmaa <carsten@carmaa.com>
 2018-11-11 08:04:34 +01:00
Brendan Coles e5df5494d9 Remove connect 
Co-Authored-By: carmaa <carsten@carmaa.com>
 2018-11-11 08:04:22 +01:00
Carsten Maartmann-Moe 5a978dca2e Removed architecture to make payload selection work 2018-11-10 23:00:54 +01:00
Carsten Maartmann-Moe cbaacf696a Add exploit module for CVE-2017-12557 
HP Intelligent Management Java Deserialization RCE (Windows)
 2018-11-10 22:36:43 +01:00
William Vu 4c036e70c1 Fix http://seclists.org links to https:// 
I have no idea how this happened in my own code. I was seeing https://.
 2018-09-15 18:54:45 -05:00
Wei Chen ad0291e552 Update false negatives 2018-08-20 18:08:19 -05:00
Wei Chen 01ad152067 Update false negatives on post auth information 2018-08-20 16:05:58 -05:00
Brendan Coles a020d48caf Move module documentation to documentation directory 2018-07-13 04:46:25 +00:00