adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
64,195 Commits 27 Branches 1,043 Tags
6ba2b15ab2bbed8421a04bfb0792c19d0c8d1bc5
Commit Graph

2461 Commits

Author SHA1 Message Date
Spencer McIntyre 05fcbd803e Add a new Retry mixin 2022-05-11 15:41:37 -04:00
bwatters 92715c883f Land #16423, Add module for exploit CVE-2022-22965 
Merge branch 'land-16423' into upstream-master
 2022-05-10 08:44:06 -05:00
Spencer McIntyre ece5e2699a Automatically identify the HTTP method 2022-05-05 10:24:04 -04:00
Spencer McIntyre 7faac7faa4 Update the JSP file to delete itself 2022-05-02 14:34:51 -04:00
Spencer McIntyre 3bdb8e02e2 Use an exponential backoff to retry 2022-05-02 12:30:43 -04:00
Spencer McIntyre 0f8a35e4d3 Whitespace, grammar and timing changes 2022-05-02 10:45:21 -04:00
Jack Heysel 2b8ea72e51 Added autocheck fixed execute_payload method 2022-04-28 08:55:17 -07:00
vleminator 1185cfd99f Add support for payload dropper with windows path (backslash) 2022-04-28 00:02:19 +02:00
vleminator 6c75b7efcb Add WriteableDir as an advanced module option 2022-04-27 23:38:51 +02:00
vleminator 868d35a1ed bugfix encoding of the jsp payload dropper 2022-04-27 23:35:31 +02:00
vleminator 71eb6e6fb6 Refactor code to improve readability and remove unused code 2022-04-27 23:32:36 +02:00
Jack Heysel 5b82a978ea Added reference removed default payload 2022-04-27 09:48:21 -07:00
Jack Heysel 253cb8580a Responded to comments added retry_until_true 2022-04-27 09:45:18 -07:00
vleminator f57bdabb41 Refine the check method to perform less-invasive exploit validation 2022-04-27 14:05:47 +02:00
Jack Heysel a941fea26a Removed unused import added target_uri 2022-04-26 14:11:10 -07:00
Jack Heysel a8ae08d138 Updated authors 2022-04-26 13:55:59 -07:00
Jack Heysel 86ff080d31 Merge branch 'wso2-file-upload-rce' of github.com:jheysel-r7/metasploit-framework into wso2-file-upload-rce 2022-04-26 13:53:17 -07:00
Jack Heysel 1879a7568f Updated authors 2022-04-26 13:52:59 -07:00
jheysel-r7 266d3bb9ca Apply suggestions from @bcoles code review 
Co-authored-by: bcoles <bcoles@gmail.com>
 2022-04-26 13:40:25 -07:00
Jack Heysel 691d9fe001 Added Reliability section to Notes 2022-04-26 13:19:34 -07:00
Jack Heysel 76c8e0b65f Added Notes section to module 2022-04-26 13:01:38 -07:00
Jack Heysel 37c8fff523 Rubocop offenses 2022-04-26 12:51:12 -07:00
Jack Heysel ca0be9c145 Add WSO2 file upload RCE module 2022-04-26 12:29:12 -07:00
Brendan Coles 94ed9ae28b Modules: Prefer CVE references over cve.mitre.org URL references 2022-04-19 20:42:23 +00:00
vleminator 2fdcc143c0 Improve usability by turning the payload path into custimizablea module option 2022-04-08 11:10:16 +02:00
vleminator cf5bca9166 Improve exploit reliability 2022-04-08 10:47:23 +02:00
vleminator 6c96fd9ab9 Apply rubocop suggestions 2022-04-08 09:48:41 +02:00
vleminator 7b2e8cf37f Apply suggestions from code review 
Co-authored-by: bcoles <bcoles@gmail.com>
 2022-04-07 16:57:00 +02:00
vleminator 3bba17bc56 fail_with should not be used in check 2022-04-07 16:53:17 +02:00
vleminator b60dd43405 Add modules notes, with Spring4Shell 2022-04-07 16:46:49 +02:00
vleminator 53adf24c86 Apply suggestions from code review 
Co-authored-by: bcoles <bcoles@gmail.com>
 2022-04-07 16:40:03 +02:00
vleminator 4e6176d9ca Finish exploit CVE-2022-22965 2022-04-07 15:22:18 +02:00
Spencer McIntyre 211626e7ce Fix the check method, add docs 2022-03-31 09:01:08 -04:00
Spencer McIntyre 94cf23e4cf Finish the Spring Cloud Function exploit 2022-03-30 18:38:41 -04:00
Grant Willcox bf88b7f618 Land #16325 - Replace IO read on binary files with File binread 2022-03-24 10:08:40 -05:00
adfoster-r7 03d645016c Land #16250, Update service mixins for NAT options 2022-03-23 00:13:20 +00:00
Spencer McIntyre 86aed4928e Add the HttpListenerBindPort to the log4shell exploit 2022-03-22 09:06:22 -04:00
Spencer McIntyre 6ec530a5ee Improve some error handling 2022-03-21 15:22:00 -04:00
Spencer McIntyre 49aff227c5 Fix character escaping in the apisix exploit 2022-03-21 15:06:03 -04:00
sjanusz bbf9e3163a Fix file reads on Windows for binary files 2022-03-21 12:47:39 +00:00
Ashley Donaldson 1349a7c486 More redundant cleanup calls 2022-03-11 12:22:27 +11:00
Ashley Donaldson d5373a7278 Removed redundant cleanup calls which exploit_driver will call anyway 2022-03-11 12:08:51 +11:00
Ashley Donaldson 9761d68c19 Rename stop_service to cleanup_service for services that use reference counting 2022-03-10 10:28:25 +11:00
Spencer McIntyre 42e0c027ab Land #16248, Added Apache APISIX RCE module 2022-03-07 09:47:04 -05:00
Spencer McIntyre 422f96fbbe Fix a plugin name reference 
The plugin is actually "batch-requests", change the reference to be more
clear.
 2022-03-07 09:46:15 -05:00
Heyder Andrade d7c992f402 Need to use POST to check whether the batch request is enabled or not 2022-03-04 21:00:32 +01:00
Spencer McIntyre 9ef50a2d23 Fixup typos 2022-03-04 12:34:14 -05:00
Heyder Andrade ca4ed9affe Added logic to treat the two ways of execute command 
If we have the API token we can execute command using the parameter
`filter_func` or `script`, and if there is an IP restriction
enabled by the plugin ip-restriction we can bypass this restiction if
the plugin batch-request is also enabled.
 2022-03-04 02:13:09 +01:00
Heyder Andrade 460584b079 Improved server header validation 2022-03-03 12:48:37 +01:00
Heyder Andrade a0afba45aa Remove unnecessary stuffs 2022-03-03 02:00:51 +01:00