adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
48,366 Commits 27 Branches 1,043 Tags
42ccc37bcad1c19fa2019e2bf00366db423bbb5e
Commit Graph

24695 Commits

Author SHA1 Message Date
Jacob Robles 42ccc37bca Added description to module 2018-09-19 10:22:51 -05:00
Jacob Robles 8a20e0e702 Specific target, add process option 2018-09-19 08:49:54 -05:00
Jacob Robles 83af598e6a Updated VS solution and module 2018-09-17 17:38:19 -05:00
bwatters-r7 f38e6f45ce Redo dllinjection 2018-09-14 17:47:53 -05:00
asoto-r7 4cf344dd83 WIP: Initial CVE-2018-8440 / ALPC-TaskSched-LPE 2018-09-13 18:00:20 -05:00
bwatters-r7 2fbbf88ea9 Land #10560, ms17_010_eternalblue: use SMBDomain value when provided 
instead of ignoring it

Merge branch 'land-10560' into upstream-master
 2018-09-13 10:08:54 -05:00
Shelby Pace 5b81ebd81b Land #10589, multidrop support for word xml docs 2018-09-12 11:00:11 -05:00
Brent Cook a3d74d926c Land #9897, Fix #8404 ListenerComm Support For Exploit::Remote::TcpServer 2018-09-10 16:25:55 -05:00
Brent Cook ea2fcb6fc4 Land #10593, Refactor SSH mixins and update modules 2018-09-10 15:38:53 -05:00
William Vu 87eb600510 Land #10611, mRemote creds gather module fixes 
Also update #10612 to align with these changes.
 2018-09-10 15:25:09 -05:00
William Vu 93a73f5e71 Fix store_loot OID 
It's supposed to be a loot type, not the filename (now stored).
 2018-09-10 15:19:28 -05:00
William Vu 8b4820004d Land #10612, store_loot text/xml ctype fixes 2018-09-10 15:07:06 -05:00
William Vu 3ec4d2f22b Normalize loot type OID 
1. Include the vendor, product, and technology
2. Content type is already reported, extension changed
3. Original filename including extension is also reported

Can we get some sort of standard on the OID?
 2018-09-10 15:06:07 -05:00
Jacob Robles 3d5da50b12 Land #10598, Store Credentials Found with PhpMyAdmin Password Extractor 2018-09-10 11:49:52 -05:00
h00die 39a2d9d2a8 save xml files as xml 2018-09-09 21:24:39 -04:00
h00die 0072d9b9b1 save as xml since it is 2018-09-09 21:22:15 -04:00
h00die 70e22707c0 vi loves tabs but i dont 2018-09-09 21:19:17 -04:00
h00die f926f6e9af fix pathing in mremoteng 2018-09-09 21:07:47 -04:00
Wei Chen 718aaca0f4 Land #10546, Add Apache Struts exploit: CVE-2018-11776 2018-09-07 14:54:23 -05:00
Wei Chen bd50e00ccc Make some small changes: 
Changes made:

* DisclosureDate
* Privileged to false
* Remove gsub for ';'
* Set cmd/unix/generic as the default payload for ARCH_CMD (linux)
 2018-09-07 14:48:33 -05:00
William Vu b3cd4a89ad Move CVE ref to top as per ~standard~ 2018-09-07 14:33:25 -05:00
Adam Cammack 68ca771764 Add CVE reference to ghostscript_failed_restore.rb 2018-09-07 14:24:15 -05:00
asoto-r7 99ca6cef49 Quote-block cleanup and improved error handling 2018-09-07 11:43:04 -05:00
Shelby Pace dbace01015 modified regex lines 2018-09-07 11:13:09 -05:00
Shelby Pace 18ffd36409 storing config file, changed regex 2018-09-07 08:13:10 -05:00
asoto-r7 3671f8f6b0 Handling for Tomcat namespace issues, 'allowStaticMethodAccess' settings, and payload output 
Depending on the configuration of the Tomcat server, `allowStaticMethodAccess` may already be set.  We now try to detect this as part of `profile_target`.  But that check might fail.  If so, we'll try our best and let the user control whether we prepend OGNL to enable `allowStaticMethodAccess` via the 'ENABLE_OGNL' option.

Additionally, sometimes enabling `allowStaticMethodAccess` will cause the OGNL query to fail.

Additionally additionally, some Tomcat configurations won't provide output from the payload.  We'll detect that the payload ran successfully, but tell the user there was no output.
 2018-09-06 17:56:42 -05:00
asoto-r7 7eb06b4592 Address travis errors: Updated metadata and target OS logic 2018-09-06 12:43:56 -05:00
Shelby Pace 6c3b1081ea added function to grab and store user and passwd 2018-09-06 12:03:00 -05:00
asoto-r7 cb16f812ec struts2_namespace_ognl updates from code review 
Thanks to @wvu, @firefart, and @wchen!
 2018-09-06 11:50:57 -05:00
Brent Cook dd476066cf Land #10584, fix session upgrade HANDLE_TIMEOUT and upgrading osx shells 2018-09-06 05:52:40 -05:00
William Vu 35fb0d19ab Refactor SSH mixins and update modules 2018-09-05 23:53:11 -05:00
Wei Chen d23b252393 Land #10592, support ERB for foxit_reader_uaf.rb 2018-09-05 21:48:52 -05:00
Wei Chen 254e8b9fd0 Cleanup for foxit_reader_uaf 2018-09-05 21:47:57 -05:00
William Vu 243267b2f5 Add Linux dropper target 2018-09-05 19:57:12 -05:00
William Vu 61044e8bca Refactor targets to align with current style 2018-09-05 19:56:32 -05:00
William Vu 692ddc8b8b Eschew updating imagemagick_delegate 
The hype is over, and the target was provided as a bonus. Now update the
module language to reflect that.
 2018-09-05 19:56:32 -05:00
William Vu 1491f13bd5 Add Ghostscript failed restore exploit 2018-09-05 19:56:32 -05:00
William Vu 13ff71b879 Clean up previous modules 
Missed in 35670713ff.
 2018-09-05 19:56:32 -05:00
Shelby Pace 55bf6e5dd4 removed require in erb file 2018-09-05 18:09:29 -05:00
Shelby Pace 6a3a4de289 included path to erb, removed multiline pdf string 2018-09-05 14:09:10 -05:00
asoto-r7 14aee3a822 Added auxiliary/fileformat/multidrop support for Word XML documents 2018-09-05 11:51:48 -05:00
Tim W b7da75d860 fix #10576, fix session upgrade HANDLE_TIMEOUT 2018-09-04 16:46:33 +08:00
asoto-r7 8fe8bf62e3 Renamed to match existing struts2_content_type_ognl and improved comments 2018-08-31 13:48:22 -05:00
Wei Chen 0dea5fcfd9 Land #10565, Add Dolibarr ERP/CRM Auxiliary Module 2018-08-31 13:47:46 -05:00
asoto-r7 35022d8332 Added payload upload+execution and OGNL-specific URI encoding 2018-08-31 13:39:42 -05:00
Shelby Pace aa9d0d7c6c using uri_encode 2018-08-31 08:41:25 -05:00
Shelby Pace b1151b9d12 modified login_uri 2018-08-31 08:08:46 -05:00
William Vu 7c7f63df45 Fix missing normalize_uri in struts2_rest_xstream 
I missed this one previously. May not be necessary but nice to have.
 2018-08-30 15:56:43 -05:00
Shelby Pace 42af28a86a printing and storing credentials 2018-08-30 14:17:37 -05:00
Shelby Pace 85c4abac99 storing credentials 2018-08-30 13:59:00 -05:00