cfc3930405
Land #15634 , Add DFLAG_BIG_CREATION to capability flags for erlang_cookie_rce.rb
...
Merge branch 'land-15634' into upstream-master
2021-09-07 14:00:49 -05:00
e30ccafd86
Refeactor lfs.rb, revert rubocop changes on library files
2021-09-07 13:43:10 -04:00
a7d99ebbfc
Land # 15611, ProxyShell Improvements
...
Merge branch 'land-15611' into upstream-master
2021-09-07 11:47:13 -05:00
28e358066b
Fixed typo
...
Extraneous `.`. Thanks, macOS!
2021-09-04 14:34:05 -07:00
2bfc8d35d0
Defined capability flags in comment
...
Added descriptive comment for included capability flags.
2021-09-04 14:32:30 -07:00
65aae010ce
more libs for moodle and teacher priv esc to rce module
2021-09-04 13:31:11 -04:00
80dc8b9502
add elfinder module
2021-09-03 18:26:18 -05:00
99352ad107
Move methods from lfs.rb, fix fail_with types
2021-09-03 16:17:35 -05:00
93aea73939
Update modules/exploits/windows/http/git_lfs_rce.rb
...
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2021-09-03 16:17:35 -05:00
5294c714aa
Fix spacing
2021-09-03 16:17:35 -05:00
f9c4c35431
Update the target_suitable? method
2021-09-03 16:17:35 -05:00
ba64dce5b7
Rubocop offenses
2021-09-03 16:17:30 -05:00
3c43bd409d
Added docs an Git User-Agent FP
2021-09-03 16:15:39 -05:00
514a37ef2f
Removed unecessary gem file + rubocop
2021-09-03 16:15:39 -05:00
21d99a74fb
beta commit
2021-09-03 16:15:38 -05:00
41690d6e1d
Linting again
2021-09-02 17:33:57 +01:00
f336f7a4d6
Removed global vars & Fixed linting
2021-09-02 17:30:18 +01:00
112f43f798
Consolidate module argument parsing for ensuring consistency
2021-09-02 13:00:02 +01:00
134fef21c4
Improve validation rhosts validation
2021-09-02 13:00:01 +01:00
77dff0fc13
working admin shell
2021-09-01 17:49:17 -04:00
3580920dde
moving more to libs
2021-09-01 17:36:38 -04:00
5742e1c20e
Add DFLAG_BIG_CREATION to capability flags
...
I have been having trouble with this module (and other projects) using the included set of capability flags (0x3499c) on a specific host. I took some time to analyze the problem and it appears to be with the included flag set. In my case (and I suspect others'), the target node was rejecting the client with "not_allowed". After testing I found that simply adding DFLAG_BIG_CREATION (0x40000) allowed this exploit to work, both on the host I was having trouble with, and an older one where this (unmodified) exploit was working. Breakdown of flags is below.
```
0x0007499c == 0b0000 0000 0111 0100 1001 1001 1100
| ||| | | | | | ||-- DFLAG_EXTENDED_REFERENCES
| ||| | | | | | |-- DFLAG_DIST_MONITOR
| ||| | | | | |-- DFLAG_FUN_TAGS
| ||| | | | |-- DFLAG_NEW_FUN_TAGS
| ||| | | |-- DFLAG_EXTENDED_PIDS_PORTS
| ||| | |-- DFLAG_NEW_FLOATS
| ||| |-- DFLAG_SMALL_ATOM_TAGS
| |||-- DFLAG__UTF8_ATOMS
| ||-- DFLAG_MAP_TAG
| |-- **DFLAG_BIG_CREATION**
|-- DFLAG_HANDSHAKE_23
```
2021-09-01 10:45:41 -07:00
0e0e3bbcfb
Land #15603 , Add Geutebruck CVE_2021_335XX command injection module
2021-09-01 10:59:22 -05:00
ded8200396
Land #15537 , Add support for ruby 3
2021-09-01 10:30:54 +01:00
ff50a94348
Land #15567 , Add in Exploit for CVE-2021-3490
...
Merge branch 'land-15567' into upstream-master
2021-08-31 18:46:25 -05:00
d83ede6306
Fix up some check method issues and some XML data validation issues identified during review
2021-08-31 18:25:01 -05:00
5599929b6a
Fixed Randomization
2021-08-31 18:25:00 -05:00
0a57641aa4
Add in documentation and module code cleanness improvements and also make the output easier for readers to understand should something fail midway through.
2021-08-31 18:24:57 -05:00
cd74e34e3c
Fixed Authors
2021-08-31 18:24:51 -05:00
b5b0b3087a
Fixed References and Description
2021-08-31 18:24:50 -05:00
56cde3eaba
Add Geutebruck CVE_2021_335XX command injections module
2021-08-31 18:24:14 -05:00
488f58a068
Attempt to fix RuboCop errors
2021-08-31 15:36:00 -05:00
3bca3b0bcb
Update exploit code to use & after the command to execute as root so it executes in the background and doesn't hang Metasploit. Also update the logic of the code to check the response from executing the exploit and respond accordingly and update the documentation to match
2021-08-31 15:07:37 -05:00
33da289a9c
Print stderr when it's not blank
2021-08-31 09:18:11 -04:00
690af9f956
Fixed CVE Number
2021-08-30 08:18:19 +01:00
e3115ba9e9
rubocop this thing
2021-08-29 17:18:06 -04:00
5ea2cf9e5a
moodle_admin_shell_upload working and minor other fixes
2021-08-29 16:59:44 -04:00
b969d57f22
admin shell upload initial commit
2021-08-29 10:51:58 -04:00
176c1f0751
moodle lib and module
2021-08-29 10:50:25 -04:00
d3b00aa10a
Merge branch 'cleanup_moodle' into moodle_310_rce
2021-08-29 07:15:01 -04:00
a35be13958
moodle 3.8.0 tested
2021-08-28 08:10:28 -04:00
70f3f9d731
Fixed CVE Number
2021-08-28 11:33:42 +01:00
a5674683f0
remove duplicate autocheck
2021-08-27 20:08:58 -04:00
3801c525c3
cleanup moodle_cmd_exec
2021-08-27 20:03:27 -04:00
cd24ad1bdf
lint
2021-08-27 19:53:45 -04:00
b9c9ed243a
lint
2021-08-27 19:51:52 -04:00
c0a8535764
moodle spellcheck rce
2021-08-27 19:51:52 -04:00
95015f0c2b
Update the ProxyShell module docs
2021-08-27 17:50:28 -04:00
425dcf1f81
Cleanup and refactor the exploit logic
2021-08-27 17:26:40 -04:00
965dec43ae
Delete the draft email
2021-08-27 16:59:17 -04:00
bwatters