adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
36,769 Commits 27 Branches 1,043 Tags
4e99c873c80384cd0b577e818ce2aedcf6fed5ec
Commit Graph

9162 Commits

Author SHA1 Message Date
Jon Hart 283cf5b869 Update msftidy to catch more potential URL vs PACKETSTORM warnings 
Fix the affected modules
 2015-12-24 09:12:24 -08:00
Jon Hart 27a6aa0be1 Fix current msftidy warnings about PACKETSTORM vs URL 2015-12-24 09:05:02 -08:00
Jon Hart efdb6a8885 Land #6392, @wchen-r7's 'def peer' cleanup, fixing #6362 2015-12-24 08:53:32 -08:00
Jon Hart 0f2f2a3d08 Remove peer; included via Exploit::Remote::Tcp in lib/msf/core/exploit/mysql.rb 2015-12-24 07:46:55 -08:00
Brent Cook e4f9594646 Land #6331, ensure generic payloads raise correct exceptions on failure 2015-12-23 15:43:12 -06:00
Brent Cook 7444f24721 update whitespace / syntax for java_calendar_deserialize 2015-12-23 15:42:27 -06:00
wchen-r7 cea3bc27b9 Fix #6362, avoid overriding def peer repeatedly 
def peer is a method that gets repeated a lot in modules, so we
should have it in the tcp mixin. This commit also clears a few
modules that use the HttpClient mixin with def peer.
 2015-12-23 11:44:55 -06:00
Brent Cook 493700be3a remove duplicate key warning from Ruby 2.2.x 
This gets rid of the warning:

modules/exploits/multi/http/uptime_file_upload_2.rb:283: warning: duplicated key at line 284 ignored: "newuser"
 2015-12-23 10:39:35 -06:00
Christian Mehlmauer 424e7b6bfe Land #6384, more joomla rce references 2015-12-22 22:54:58 +01:00
JT 18398afb56 Update joomla_http_header_rce.rb 2015-12-23 05:48:26 +08:00
JT cc40c61848 Update joomla_http_header_rce.rb 2015-12-23 05:38:57 +08:00
Christian Mehlmauer f6eaff5d96 use the new and shiny joomla mixin 2015-12-22 21:36:42 +01:00
JT 314e902098 Add original exploit discoverer and exploit-db ref 
Adding Gary @ Sec-1 ltd for the original exploit and two exploit-db references. Marc-Alexandre Montpas modified Gary's exploit that uses "User-Agent" header. Marc-Alexandre Montpas used "X-FORWARDED-FOR" header to avoid default logged to access.log
 2015-12-22 22:44:59 +08:00
Louis Sato 3034cd22df Land #6372, fix psexec nil bug + missing return 2015-12-21 10:59:10 -06:00
William Vu f129c0363e Fix broken logic 
Forgot to set retval when I removed the ensure.
 2015-12-21 10:52:03 -06:00
Louis Sato 726578b189 Land #6370, add joomla reference 2015-12-18 17:05:07 -06:00
William Vu afe4861195 Fix nil bug and missing return 2015-12-18 15:54:51 -06:00
Christian Mehlmauer fb6ede80c9 add joomla reference 2015-12-18 18:27:48 +01:00
wchen-r7 485196af4e Remove modules/exploits/multi/http/uptime_file_upload.rb 
Please use exploit/multi/http/uptime_file_upload_1 for exploiting
post2file.php on an older version of uptime.

If you are exploiting uptime that is patched against
exploit/multi/http/uptime_file_upload_1, then you may want to try
exploit/multi/http/uptime_file_upload_2.
 2015-12-17 23:01:57 -06:00
wchen-r7 06f1949e2c Land #6355, Joomla HTTP Header Unauthenticated Remote Code Execution 
CVE-2015-8562
 2015-12-16 17:55:51 -06:00
Christian Mehlmauer 8c43ecbfaf add random terminator and clarify target 2015-12-17 00:08:52 +01:00
Christian Mehlmauer 08d0ffd709 implement @wvu-r7 's feedback 2015-12-16 22:44:01 +01:00
Christian Mehlmauer 76438dfb2f implement @wchen-r7 's suggestions 2015-12-16 20:31:43 +01:00
Christian Mehlmauer b43d580276 try to detect joomla version 2015-12-16 16:16:59 +01:00
Christian Mehlmauer 30f90f35e9 also check for debian version number 2015-12-16 15:19:33 +01:00
Christian Mehlmauer 67eba0d708 update description 2015-12-16 14:46:00 +01:00
Christian Mehlmauer fa3fb1affc better ubuntu version check 2015-12-16 14:18:44 +01:00
Christian Mehlmauer 60181feb51 more ubuntu checks 2015-12-16 14:02:26 +01:00
Christian Mehlmauer 934c6282a5 check for nil 2015-12-16 13:52:06 +01:00
Christian Mehlmauer 2661cc5899 check ubuntu specific version 2015-12-16 13:49:07 +01:00
Christian Mehlmauer 675dff3b6f use Gem::Version for version compare 2015-12-16 13:04:15 +01:00
Christian Mehlmauer 01b943ec93 fix check method 2015-12-16 07:26:25 +01:00
Christian Mehlmauer 595645bcd7 update description 2015-12-16 07:03:01 +01:00
Christian Mehlmauer d80a7e662f some formatting 2015-12-16 06:57:06 +01:00
Christian Mehlmauer c2795d58cb use target_uri.path 2015-12-16 06:55:23 +01:00
Christian Mehlmauer 2e54cd2ca7 update description 2015-12-16 06:42:41 +01:00
Christian Mehlmauer d4ade7a1fd update check method 2015-12-16 00:18:39 +01:00
Christian Mehlmauer c603430228 fix version check 2015-12-15 18:26:21 +01:00
wchen-r7 b9b280954b Add a check for joomla 2015-12-15 11:03:36 -06:00
Christian Mehlmauer e4309790f5 renamed module because X-FORWARDED-FOR header is also working 2015-12-15 17:37:45 +01:00
Christian Mehlmauer 84d5067abe add joomla RCE module 2015-12-15 17:20:49 +01:00
wchen-r7 ab3fe64b6e Add method peer for jenkins_java_deserialize.rb 2015-12-15 01:18:27 -06:00
Tod Beardsley 30c805d9c7 Land #6344, R7-2015-22 / CVE-2015-8249 2015-12-14 12:30:51 -06:00
Tod Beardsley b25aae3602 Add refs to module 
See rapid7#6344.
 2015-12-14 12:05:46 -06:00
wchen-r7 bd8aea2618 Fix check for jenkins_java_deserialize.rb 
This fixes the following:

* nil return value checks
* handle missing X-Jenkins-CLI-Port scenario more properly
* proper HTTP path normalization
 2015-12-14 11:25:59 -06:00
wchen-r7 5ffc80dc20 Add ManageEngine ConnectionId Arbitrary File Upload Vulnerability 2015-12-14 10:51:59 -06:00
dmohanty-r7 eb4611642d Add Jenkins CLI Java serialization exploit module 
CVE-2015-8103
 2015-12-11 14:57:10 -06:00
karllll a5c6e260f2 Update hp_vsa_login_bof.rb 
Updated reference URL to latest location
 2015-12-10 10:56:39 -05:00
William Vu 563be5c207 Land #6322, another Perl IRC bot exploit 2015-12-10 09:43:07 -06:00
William Vu a945350821 Land #6307, Perl IRC bot exploit 2015-12-10 09:42:35 -06:00