adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
59,802 Commits 27 Branches 1,043 Tags
3da8fce9cfc19dd5cea218d73b9859fa7a5a6bbf
Commit Graph

2211 Commits

Author SHA1 Message Date
dwelch-r7 319f15d938 Handle nil versions for rubygems 4 2021-02-25 16:47:49 +00:00
Alan Foster b06c5c12aa Rubocop recently landed modules continued 2021-02-25 14:13:40 +00:00
Spencer McIntyre 1d5a6e4a0b Land #14771, Add Apache Flink JAR Upload Java Code Execution 2021-02-23 09:19:56 -05:00
Brendan Coles 69031fa91f Add Apache Flink JAR Upload Java Code Execution 2021-02-22 23:00:57 +00:00
agalway-r7 8a339f54c1 Land #14734, updates and runs rubocop against recent modules 
Rubocop recently landed modules
 2021-02-19 13:48:47 +00:00
agalway-r7 275e9c5454 Land #14696, Further Zeitwerk lands to improve boot speed 
Zeitwerk rex folder
 2021-02-19 10:33:37 +00:00
Alan Foster 5b3fde7735 Rubocop recently landed modules 2021-02-16 15:08:08 +00:00
dwelch-r7 f6c3de5732 Land #14733, Add latest Rubocop rules 2021-02-12 16:18:13 +00:00
Alan Foster bed7ae2c78 Add latest rubocop rules 2021-02-12 13:31:51 +00:00
Christophe De La Fuente 85b7e85d0b Land #14671, Micro Focus Multiple Products Authenticated RCE (CVE-2020-11853) 2021-02-09 18:24:57 +01:00
Pedro Ribeiro 9881512833 Update modules/exploits/multi/http/microfocus_obm_auth_rce.rb 
Co-authored-by: cdelafuente-r7 <56716719+cdelafuente-r7@users.noreply.github.com>
 2021-02-09 14:18:47 +07:00
dwelch-r7 b95be3ed10 Zeitwerk rex folder 2021-02-08 12:24:12 +00:00
cgranleese-r7 3a2932b798 Migrate old uses of manual autocheck to use the new prepend autocheck 2021-02-02 10:15:46 +00:00
Pedro Ribeiro 7d9eb1e88b fix typo on LWSSO_COOKIE_KEY 2021-01-28 22:45:04 +07:00
Pedro Ribeiro c73fa70543 do the rubocop thing and add docs 2021-01-28 18:21:51 +07:00
Pedro Ribeiro a5725b823a add sploit 2021-01-28 17:41:06 +07:00
Pedro Ribeiro 191e772f06 fix issues highlighted by smcintyre-r7 2021-01-25 22:25:07 +07:00
Pedro Ribeiro fc0e221f5a add comment for self removal 2021-01-24 22:47:47 +07:00
Pedro Ribeiro 7220dc3ff6 add new note on broken payloads 2021-01-24 22:39:01 +07:00
Pedro Ribeiro 12157163f7 Merge branch 'obm_deser' into ucmdb 2021-01-24 22:25:57 +07:00
Pedro Ribeiro bf4ac7b1a8 add UCMDB sploit 2021-01-24 22:25:45 +07:00
h00die 7d7263cf1f spelling 2021-01-09 08:13:19 -05:00
h00die d8c55501a5 ait csv improter exploit 2021-01-01 12:14:52 -05:00
Grant Willcox 7de662c807 Land #14521, Struts2 Multi Eval OGNL RCE 2020-12-23 11:40:16 -06:00
Grant Willcox 70f8ff31f8 Update documentation to include missing extra options I forgot to document, edit the wording on the module to match the documentation, and do final touch ups. 2020-12-23 10:50:22 -06:00
Grant Willcox 8a932b847a Apply RuboCop edits 2020-12-22 17:57:38 -06:00
Grant Willcox 4a449f97d3 Land #14522, Replace hard-coded Shiro default key with ENC_KEY 2020-12-22 09:26:49 -06:00
Grant Willcox 7d0cb771a5 Apply RuboCop updates to module. 2020-12-21 17:31:24 -06:00
Grant Willcox 24e8aeffe5 Incorporate review feedback and update the associated documentation. 2020-12-21 17:29:21 -06:00
Christophe De La Fuente dc6b67f4c6 Land #14509, Fixes for Solr RCE 2020-12-18 21:51:06 +01:00
James Lee be3a1eb9d6 Guard against empty response 2020-12-16 18:25:17 -06:00
kai 9be1e8c295 replace hard-coded shiro default key with SHIROKEY 2020-12-16 11:03:30 +08:00
Spencer McIntyre 941ba923f7 Add missing module notes 2020-12-15 19:58:04 -05:00
Spencer McIntyre 3d7ed70cec Tweak the check method and add module docs 2020-12-15 19:49:29 -05:00
Spencer McIntyre 289605f532 Require that the user know the CVE since the check is questionable 2020-12-15 19:17:35 -05:00
Spencer McIntyre 9bdf591a98 Add a working command stager for CVE-2020-17530 2020-12-15 09:13:06 -05:00
Spencer McIntyre 7826cbb8de Initial addition of the Struts2 Double Eval exploit 2020-12-15 09:13:06 -05:00
James Lee f255724e01 Changes to support older Solr (tested 5.3.0) 
Use a new parameter instead of a header because older versions don't
have access to the request object.

There was an issue where the exploit would fail if the exec returned -1
despite the payload otherwise working, fixed by not trying to return
output in that case.

Also updates the documentation to reflect that we have a Java target now
and quoting is no longer a concern.
 2020-12-13 19:05:47 -06:00
William Vu 9696e709ae Remove unused vprint_status conditional 2020-12-09 22:48:16 -06:00
William Vu a33a6e6c55 Don't be lazy about checking the redirect 
And don't be lazy about sending the request.

To trigger UnexpectedExceptionPage, we can send bogus data instead of
telegraphing our payload-less gadget chain.

God, I'm so lazy. This took like five extra minutes. :|
 2020-12-09 21:09:49 -06:00
Shelby Pace d337d832b8 Land #14422, add GitLab file read/rce 2020-12-09 11:34:14 -06:00
Shelby Pace 941762b3c5 remove trailing commas 2020-12-09 11:29:00 -06:00
dwelch-r7 1617b3ec9b Use zeitwerk for lib/msf/core folder 2020-12-07 10:31:45 +00:00
alanfoster 835059f00c [CVE-2020-10977] Gitlab arbitrary file read to RCE 2020-12-07 01:26:54 +00:00
James Lee bc3d41bbe8 Request json response 
For compatibility with older versions of Solr (I tested 5.3.0) where the
default is XML.
 2020-11-29 17:57:36 -06:00
James Lee 4b5dd7389c Cleanup debug prints 2020-11-29 13:15:14 -06:00
James Lee 4496fe0d82 Randomize the header name for commands 2020-11-29 11:32:35 -06:00
James Lee 1be51ded25 Use HTTP ClassLoader instead 2020-11-29 10:53:33 -06:00
Graeme Robinson f6f78d4710 Make changes suggested in code review 2020-11-26 13:46:02 +01:00
Graeme Robinson 7fa10a0684 Update modules/exploits/multi/http/apache_nifi_processor_rce.rb 
Co-authored-by: cdelafuente-r7 <56716719+cdelafuente-r7@users.noreply.github.com>
 2020-11-26 13:46:02 +01:00