63115c9415
Land #17857 , add T3S support for weblogic modules
2023-04-27 11:37:37 -05:00
aef2b8d314
Land #17804 , Fix incorrect module metadata CI and add validation automation
2023-04-13 15:11:46 +01:00
67b98b5120
merge tested exploits
2023-04-06 15:42:39 +01:00
f0189cc886
revert another get_once
2023-04-06 11:43:50 +01:00
656c562816
Added notes, revert to get_once
2023-04-06 11:01:32 +01:00
cc79fe039a
Merge branch 'rapid7:master' into weblogic-t3s-support
2023-04-06 10:38:29 +01:00
c3a7da54d5
reduces code duplication
2023-04-04 10:27:11 +01:00
d04c8e1bce
Update broken secunia references
2023-03-23 10:43:57 +00:00
656ded4b86
Add module notes
2023-02-08 15:46:07 +00:00
25ee41df68
Run rubocop on exploit modules
2023-02-08 15:20:32 +00:00
b67f001e2a
post-testing typo fix
2023-01-12 20:02:20 +00:00
1afecd0884
force t3 over ssl option
2023-01-12 19:42:55 +00:00
990d5ccfad
Action linter warnings in changes
2023-01-09 21:17:22 +00:00
16c176dbe0
Accept protocol option change to optenum from optstring
...
Co-authored-by: bcoles <bcoles@gmail.com >
2023-01-10 12:54:28 +00:00
a368f76a2a
Update weblogic_deserialize_badattrval.rb
2023-01-10 10:47:31 +00:00
60bfa329fa
Add t3s protocol support to weblogic_deserialize_badattrval
2023-01-09 18:47:43 +00:00
330cb2944b
fix typo
...
OptString.new('FILENAME', [true, 'The OpoenOffice Text document name', 'msf.odt']) -> OpoenOffice changed to OpenOffice
2022-11-30 22:10:18 +01:00
52fd45b7ab
Land #16744 Jboss EAP/AS RCE module
...
This module exploits a Java deserialization vulnerability
in JBOSS EAP/AS Remoting Unified Invoker interface for
versions 6.1.0 and prior.
2022-07-12 10:49:22 -04:00
7df6d73741
Added new line to end of file
2022-07-12 09:08:19 -04:00
44abcfcb28
Added flavour to fix linux_dropper
2022-07-12 09:06:06 -04:00
2f7cf90b7f
mixin didn't work with linux_dropper payload
...
- Fixed exception handling variable attribution
- Tried to change JavaDeserialization Util to JavaDeserialization mixin
instead
- Changed the fail reason when the connection is unsuccessful
2022-07-08 02:30:26 +02:00
52ac281991
change wording in fail_with()
2022-07-07 18:05:56 -05:00
7d32338702
remove ARTIFACTS_ON_DISK from weblogic_deserialize_asyncresponseservice notes
2022-07-07 05:26:59 -07:00
50ca5f0ce2
Add description
2022-07-05 00:25:07 +02:00
0ea033be55
Add module for jboss remoting unified invoker RCE
2022-07-01 21:39:42 +02:00
48598b8c5b
correct CVE and add linting for weblogic_deserialize_asyncresponseservice
2022-07-01 10:27:51 -04:00
9087f86cce
exploit/multi/misc/nomad_exec: Fix notes for SideEffects and Reliability
2022-06-28 17:02:51 +10:00
1349a7c486
More redundant cleanup calls
2022-03-11 12:22:27 +11:00
c3465a8ad8
Fix whitespace EOL for msftidy
2022-03-10 11:16:01 +11:00
9761d68c19
Rename stop_service to cleanup_service for services that use reference counting
2022-03-10 10:28:25 +11:00
1494f804e7
Fix bug in java_rmi_server which would unilaterally close the HTTP server
2022-03-10 09:29:45 +11:00
5bbe934db9
Add QEMU Monitor HMP 'migrate' Command Execution module
2022-02-07 17:48:27 +00:00
28e358066b
Fixed typo
...
Extraneous `.`. Thanks, macOS!
2021-09-04 14:34:05 -07:00
2bfc8d35d0
Defined capability flags in comment
...
Added descriptive comment for included capability flags.
2021-09-04 14:32:30 -07:00
5742e1c20e
Add DFLAG_BIG_CREATION to capability flags
...
I have been having trouble with this module (and other projects) using the included set of capability flags (0x3499c) on a specific host. I took some time to analyze the problem and it appears to be with the included flag set. In my case (and I suspect others'), the target node was rejecting the client with "not_allowed". After testing I found that simply adding DFLAG_BIG_CREATION (0x40000) allowed this exploit to work, both on the host I was having trouble with, and an older one where this (unmodified) exploit was working. Breakdown of flags is below.
```
0x0007499c == 0b0000 0000 0111 0100 1001 1001 1100
| ||| | | | | | ||-- DFLAG_EXTENDED_REFERENCES
| ||| | | | | | |-- DFLAG_DIST_MONITOR
| ||| | | | | |-- DFLAG_FUN_TAGS
| ||| | | | |-- DFLAG_NEW_FUN_TAGS
| ||| | | |-- DFLAG_EXTENDED_PIDS_PORTS
| ||| | |-- DFLAG_NEW_FLOATS
| ||| |-- DFLAG_SMALL_ATOM_TAGS
| |||-- DFLAG__UTF8_ATOMS
| ||-- DFLAG_MAP_TAG
| |-- **DFLAG_BIG_CREATION**
|-- DFLAG_HANDSHAKE_23
```
2021-09-01 10:45:41 -07:00
4a9a15e638
Run Rubocop layout rules on modules
2021-08-27 17:19:43 +01:00
1789c7b070
Adding notes to Nomad Module
2021-06-14 10:39:23 -05:00
359b47a146
AutoCheck + JSON Parsing + WfsDelay
2021-05-19 13:42:59 -05:00
20415172a4
Support additional payload parameters
2021-05-18 09:39:46 -05:00
7427c68057
Add HashiCorp Nomad Job Exploit
2021-05-17 16:16:21 -05:00
dcf457f7e9
Fix a typo in Eclipse Equinox product name
...
The osgi_console_exec module docs had a few stray characters for the
product name and description. The product name confused me when
googling for this module.
2021-04-23 11:57:48 +01:00
8d2e644f4f
Add a new Java Deserialization mixin and use it to set the shell
2021-03-11 12:09:29 -06:00
319f15d938
Handle nil versions for rubygems 4
2021-02-25 16:47:49 +00:00
b06c5c12aa
Rubocop recently landed modules continued
2021-02-25 14:13:40 +00:00
5b3fde7735
Rubocop recently landed modules
2021-02-16 15:08:08 +00:00
bed7ae2c78
Add latest rubocop rules
2021-02-12 13:31:51 +00:00
85a9accbee
Land #14202 , Add initial zeitwerk autoloader approach for lib/msf/core
2020-12-08 12:53:02 +00:00
45ce738af7
add default payload for targets, run rubocop
2020-12-07 16:17:12 -06:00
1617b3ec9b
Use zeitwerk for lib/msf/core folder
2020-12-07 10:31:45 +00:00
4f7329d93d
Remove EOL spaces from consul_service_exec.rb
2020-11-18 09:09:55 +00:00
space-r7