adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
48,129 Commits 27 Branches 1,043 Tags
562fc09d5d9974dbffa5b60663c3c842e600af18
Commit Graph

1660 Commits

Author SHA1 Message Date
William Vu 7d21c2094e Improve PSH target and refactor check code 2018-08-27 20:18:35 -05:00
William Vu df5f4caaae Uncomment PSH target in struts2_rest_xstream 
I'm full of shit. It works.

msf5 exploit(multi/http/struts2_rest_xstream) > run

[*] Started reverse TCP handler on 192.168.56.1:4444
[*] Powershell command length: 2467
[*] Sending stage (206403 bytes) to 192.168.56.101
[*] Meterpreter session 1 opened (192.168.56.1:4444 -> 192.168.56.101:49691) at 2018-08-27 20:00:47 -0500

meterpreter > getuid
Server username: MSEDGEWIN10\IEUser
meterpreter > sysinfo
Computer        : MSEDGEWIN10
OS              : Windows 10 (Build 17134).
Architecture    : x64
System Language : en_US
Domain          : WORKGROUP
Logged On Users : 3
Meterpreter     : x64/windows
meterpreter >
 2018-08-27 20:01:00 -05:00
Brent Cook 47ca6c6a14 Land #10527, Fix msftdiy EDB link check, enable HTTPS 2018-08-27 10:49:20 -05:00
Jacob Robles 79b3e4564a Land #10487, add php5 session file target 2018-08-27 06:22:28 -05:00
Brendan Coles 9725e90ba7 Fix msftdiy EDB link check 2018-08-26 04:18:38 +00:00
Jacob Robles 7f3824b067 Additional path for Linux target 2018-08-24 07:18:24 -05:00
Wei Chen 3d0d8f7773 Update false negatives on post auth information 2018-08-20 15:43:07 -05:00
Chirag Jariwala b9809d9435 Added support for php5 as target 
location of the session file in php5 is /var/lib/php5/sess_file
 2018-08-20 03:47:04 +05:30
Wei Chen d9fc99ec4a Correct false negative post_auth? status 2018-08-09 23:34:03 -05:00
Wei Chen 6223685c37 Update auth requirement for json metadata 2018-08-07 16:42:00 -05:00
Jacob Robles 6c11d5800f Register files on same line 2018-07-31 10:03:59 -05:00
Jacob Robles 569ddd9d59 Remove files from application 2018-07-31 09:47:39 -05:00
Jacob Robles 952ab801e8 Land #10060, vTiger CRM v6.3.0 Upload RCE 2018-07-30 12:32:24 -05:00
Jacob Robles 62f663207b Change option type 2018-07-30 12:15:59 -05:00
Jacob Robles fe9315dc89 Update module, Add documentation 2018-07-30 12:11:08 -05:00
Wei Chen 72d634b10b Update module and its documentation 2018-07-26 23:08:20 -05:00
Shelby Pace be1bf8b1fc modified status 2018-07-26 15:41:19 -05:00
Shelby Pace 6accca4181 added documentation and check method 2018-07-26 15:32:37 -05:00
Shelby Pace ed4c4046ba parsing for uploaded file, gets session 2018-07-26 14:23:24 -05:00
Shelby Pace c23ffcbf62 successfully uploads payload and gets a session 2018-07-26 11:09:01 -05:00
Shelby Pace 8f89275df8 authenticating to WordPress 2018-07-25 14:22:24 -05:00
Shelby Pace 668bcb38cb metadata setup 2018-07-25 11:29:47 -05:00
Brendan Coles 19239c72c0 Update cmsms_upload_rename_rce check and docs 2018-07-19 18:26:42 +00:00
Wei Chen c5ac4c791f Make changes based on community feedback 2018-07-19 12:17:02 -05:00
Jacob Robles 08e33cad0c Spelling fix 2018-07-17 20:12:37 -05:00
Jacob Robles 20905d1ca1 Fix syntax error 2018-07-17 18:48:07 -05:00
Jacob Robles a24666a00a msftidy fixes 2018-07-17 18:28:33 -05:00
Jacob Robles 1e004769ca CMS Made Simple Upload/Rename Authenticated RCE 2018-07-17 09:00:39 -05:00
William Vu 2f37482535 Land #10278, gitlist_arg_injection fixes 2018-07-12 19:03:52 -05:00
asoto-r7 1a3a4ef5e4 Revised 88 aux and exploit modules to add CVEs / references 2018-07-12 17:34:52 -05:00
Shelby Pace 1ded8ffb29 Land #10260, Add phpMyAdmin v4.8.1/4.8.0 LFI RCE 2018-07-11 11:10:52 -05:00
Shelby Pace 10cd6c99d9 Land #10231, Monstra Fileupload Exec 2018-07-10 14:23:15 -05:00
Shelby Pace 07dca243ff changed grammar, removed redundant code 2018-07-10 14:13:57 -05:00
Shelby Pace 171fa562a3 added parsing for repos in Gitlist source 2018-07-10 11:32:46 -05:00
Shelby Pace 5776b64a1b modified exploit 2018-07-09 13:56:33 -05:00
Shelby Pace f5e40b14a3 removed double eval as suggested 2018-07-09 13:24:31 -05:00
Jacob Robles 4f039de2fc Fix CVE numbers 2018-07-09 13:22:08 -05:00
Shelby Pace 44b9798afb modified regex, id=filesmanager lines 2018-07-09 10:55:29 -05:00
Jacob Robles bf24ce847a Fix token issues 2018-07-09 09:29:11 -05:00
Touhid M Shaikh bc33078e01 fixed comma 
fixed comma
 2018-07-09 12:27:58 +05:30
Touhid M Shaikh 6f6ad86e2c fix tab 
fix tab and space.
 2018-07-09 11:49:11 +05:30
Wei Chen 5fc5a47cd2 Update CVE references for exploit modules 
These are based on cross references by EDB, OSVDB, module short
name, blog post and BID.
 2018-07-08 18:46:04 -05:00
Touhid M Shaikh 4a835b2493 fix warning, and version 
fix warning, and version and indentation
 2018-07-07 17:27:09 +05:30
Wei Chen 82c74eb765 Small changes 2018-07-06 14:25:58 -05:00
Shelby Pace b1456df757 made suggested changes 2018-07-06 12:48:38 -05:00
Jacob Robles fe1b17684a Add Targets and Session file inclusion 2018-07-06 12:17:26 -05:00
Shelby Pace 5d0652fab1 changed inconsistent capitalization 2018-07-05 15:56:41 -05:00
Shelby Pace 2b452d5681 added documentation and check 2018-07-05 15:47:21 -05:00
Jacob Robles cb078b9586 Drop database 2018-07-05 14:58:30 -05:00
Jacob Robles 43096d9d78 Add phpMyAdmin v4.8.1/4.8.0 LFI RCE 
Module and Doc
 2018-07-05 13:33:35 -05:00