adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
38,375 Commits 27 Branches 1,043 Tags
5361aaadbd043b3dffcc00fa35cd8a566b42e044
Commit Graph

9388 Commits

Author SHA1 Message Date
Brent Cook 21d74a64fe Land #6874, Improve exploit for CVE-2016-0854 2016-05-14 11:08:17 -05:00
Brent Cook 0d176f2c92 remove a couple of unnecessary ternary ops 2016-05-14 11:07:43 -05:00
Brent Cook a940481f62 Land #6834, Authorized FTP JCL exploit for z/OS 2016-05-13 21:29:45 -05:00
Brent Cook 5c494480e6 handle failure more gracefully 2016-05-13 21:29:25 -05:00
wchen-r7 3b5db26ff5 Fix #6872, change upload action for CVE-2016-0854 exploit 
This patch includes the following changes:

* Instead of the uploadFile action, this patch uses uploadImageCommon
  to be able to support both Advantech WebAccess builds: 2014 and
  2015.
* It uses an explicit check instead of the passive version check.
* It cleans up the malicious file after getting a session.
* Added module documentation to explain the differences between
  different builds of Advantech WebAccess 8.0s, and 8.1.

Fix #6872
 2016-05-13 19:47:18 -05:00
Bigendian Smalls 2d5cf6cfe4 Authorized FTP JCL exploit for z/OS 
This exploit module allows a user with credentials to execute JCL on a
vulnerable mainframe system running z/OS and an appropriately configured
FTP server.
 2016-05-12 14:46:31 -05:00
HD Moore 32e1a19875 Fix up the disclosure date 2016-05-11 00:18:22 -05:00
HD Moore ded79ce1ff Fix CVE syntax 2016-05-10 23:18:45 -05:00
HD Moore 4a5d150716 Fixups to continue supporting Rails 4.2.x 2016-05-10 23:12:48 -05:00
HD Moore 04bb493ccb Small typo fixed 2016-05-10 23:07:51 -05:00
HD Moore 7c6958bbd8 Rework rails_web_console_v2_code_exec to support CVE-2015-3224 2016-05-10 11:08:02 -05:00
wchen-r7 3db72e9b4b Land #6853, use send_request_cgi! for CVE-2016-0854 exploit 2016-05-09 16:10:04 -05:00
William Vu 2abb062070 Clean up module 2016-05-06 11:51:29 -05:00
David Maloney e4e6246692 Merge branch 'master' of github.com:rapid7/metasploit-framework 2016-05-06 10:55:52 -05:00
Louis Sato 8dc7de5b84 Land #6838, add Rails web-console module 2016-05-05 15:53:52 -05:00
William Vu 1bc2ec9c11 Update vulnerable versions to include 6.x (legacy) 2016-05-05 14:18:42 -05:00
William Vu 26b749ff5a Add default LHOST 
This is a massive workaround and probably shouldn't be done. :-)
 2016-05-05 14:18:42 -05:00
William Vu 5c713d9f75 Set default payload 
Land #6849 for this to be effective.
 2016-05-05 14:18:42 -05:00
William Vu 232cc114de Change placeholder text to something useful 
A la Shellshock. :)
 2016-05-05 14:18:42 -05:00
William Vu f32c7ba569 Add template generation details 2016-05-05 14:18:42 -05:00
William Vu 23a0517a01 Update description 2016-05-05 14:18:42 -05:00
William Vu d7b76c3ab4 Add more references 2016-05-05 14:18:42 -05:00
William Vu 5c04db7a09 Add ImageMagick exploit 2016-05-05 14:18:42 -05:00
Vex Woo 35a780c6a8 fix send_request_cgi redirection issues #6806 2016-05-05 09:55:32 -05:00
HD Moore 779a7c0f68 Switch to the default rails server port 2016-05-03 02:06:58 -05:00
HD Moore 8b04eaaa60 Clean up various whitespace 2016-05-03 02:06:37 -05:00
wchen-r7 df44dc9c1c Deprecate exploits/linux/http/struts_dmi_exec 
Please use exploits/multi/http/struts_dmi_exec, which supports
Windows and Java targets.
 2016-05-02 15:03:25 -05:00
HD Moore 3300bcc5cb Make msftidy happier 2016-05-02 02:33:06 -05:00
HD Moore 67c9f6a1cf Add rails_web_console_v2_code_exec, abuse of a debug feature 2016-05-02 02:31:14 -05:00
join-us 6a00f2fc5a mv exploits/linux/http/struts_dmi_exec.rb to exploits/multi/http/struts_dmi_exec.rb 2016-05-01 00:00:29 +08:00
join-us ec66410fab add java_stager / windows_stager | exploit with only one http request 2016-04-30 23:56:56 +08:00
wchen-r7 73ac6e6fef Land #6831, Add CVE-2016-3081 Apache struts s2_032 DMI Code Exec 2016-04-29 11:53:47 -05:00
wchen-r7 d6a6577c5c Default payload to linux/x86/meterpreter/reverse_tcp_uuid 
Default to linux/x86/meterpreter/reverse_tcp_uuid for now because
of issue #6833
 2016-04-29 11:52:50 -05:00
join-us 288975a9ce rm modules/exploits/multi/http/struts_dmi_exec.rb 2016-04-30 00:44:31 +08:00
Security Corporation 9d279d2a74 Merge pull request #15 from wchen-r7/pr6831 
Changes for Apache struts from @wchen-r7
 2016-04-30 00:37:53 +08:00
join-us 15ffae4ae8 rename module name 2016-04-30 00:17:26 +08:00
join-us 1d95a8a76d rename struts_code_exec_dynamic_method_invocation.rb to struts_dmi_exec.rb 2016-04-30 00:13:34 +08:00
wchen-r7 97061c1b90 Update struts_dmi_exec.rb 2016-04-29 11:13:25 -05:00
join-us 9e56bb8358 send http request (get -> post) 2016-04-30 00:08:00 +08:00
wchen-r7 e9535dbc5b Address all @FireFart's feedback 2016-04-29 11:03:15 -05:00
wchen-r7 6f6558923b Rename module as struts_dmi_exec.rb 2016-04-29 10:34:48 -05:00
join-us 643591546e struts s2_032 rce - linux_stager 2016-04-29 10:49:56 +08:00
William Vu 0cb555f28d Fix typo 2016-04-26 15:26:22 -05:00
wchen-r7 4a435e8d13 Bring hp_dataprotector_install_service up to date w/ upstream-master 2016-04-22 13:42:41 -05:00
wchen-r7 db1d973ef0 Cosmetic changes for hp_dataprotector_install_service 2016-04-22 13:41:18 -05:00
dmohanty-r7 67968e912c Land #6785 Add CVE-2016-0854 Advantech WebAccess Arbitrary File Upload 2016-04-21 12:02:04 -05:00
504137480 c08872144f Update advantech_webaccess_dashboard_file_upload.rb 2016-04-21 09:33:03 +08:00
504137480 dcb9c83f98 Update advantech_webaccess_dashboard_file_upload.rb 2016-04-21 09:28:42 +08:00
Brent Cook 57cb8e49a2 remove overwritten keys from hashes 2016-04-20 07:43:57 -04:00
504137480 2400345fff Merge pull request #2 from open-security/advantech_webaccess_dashboard_file_upload 
Advantech webaccess dashboard file upload
 2016-04-19 12:59:32 +08:00