adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
77,971 Commits 27 Branches 1,043 Tags
6d9d9a70d410cc94de4d3d9afd7a75cd426d43be
Commit Graph

358 Commits

Author SHA1 Message Date
m0t 9a0789f839 Exploit for pmmasterd Buffer Overflow (CVE-2017-6553) 2017-04-05 17:59:54 +01:00
notivan 6764bdb36f Fix Jenkins Ldap Deserialization Remote Use 
It appears the original exploit had been deliberately sabotaged to not work remotely. We have fixed this egregious error.
 2017-02-14 17:05:25 +00:00
Brent Cook 836da6177f Cipher::Cipher is deprecated 2017-01-22 10:20:03 -06:00
notivan 6c0450fe95 add check for jenkins ldap exploit 
we just check for X-Jenkins <= 2.31. this is not completely correct because the exploit probably doesn't work on some earlier versions.
 2017-01-13 12:40:33 +00:00
notivan 036328df5c Fix msftidy issue 2017-01-12 13:26:41 +00:00
notivan e09b7a96f1 Add YSOSerial command options 2017-01-12 13:21:58 +00:00
notivan 0b32af8d43 Remove duplicate validation 2017-01-12 09:59:55 +00:00
notivan 0a30e775d1 Fix msftidy issues 2017-01-11 23:43:01 +00:00
notivan 08690e5e11 Exploit for CVE-2016-9299 (Jenkins CLI Ldap Deser) 
This is based on Matthias Kaiser's presentation at deepsec. We build a chain that connects back to our LDAP server and trigger it over the CLI HTTP interface. The LDAP server then serves a second chain based on YSOSerial commons-collection which triggers Runtime.exec. The second chain doesn't run with Jenkin's class filtering so succeeds.
 2017-01-11 23:23:02 +00:00
William Vu cfca4b121c Clean up module 2016-12-28 06:10:46 -06:00
joernchen of Phenoelit 679ebf31bd Minor fix to make dRuby great again 2016-12-23 15:12:22 +01:00
joernchen of Phenoelit d69acd116d Make dRuby great again 2016-12-22 15:37:16 +01:00
Prateep Bandharangshi 8869ebfe9b Fix incorrect disclosure date for OpenNMS exploit 
Disclosure date was Nov 2015, not Nov 2014
 2016-11-21 16:44:36 +00:00
Brent Cook 005d34991b update architecture 2016-11-20 19:09:33 -06:00
William Vu da356e7d62 Remove Compat hash to allow more payloads 2016-11-04 13:57:05 -05:00
William Vu f0c89ffb56 Refactor module and use FileDropper 2016-11-04 13:57:05 -05:00
William Vu 6d7cf81429 Update references 2016-11-04 13:57:05 -05:00
William Vu 009d6a45aa Update description 2016-11-04 13:57:05 -05:00
William Vu bf7936adf5 Add instance_eval and syscall targets 2016-11-04 13:57:05 -05:00
Brent Cook f8912486df fix typos 2016-11-01 05:43:03 -05:00
William Webb 5e7d546fa2 Land #7094, OpenNMS Java Object Deserialization RCE Module 2016-10-14 13:19:11 -05:00
wchen-r7 8654baf3dd Land #6880, add a module for netcore/netdis udp 53413 backdoor 2016-08-08 15:43:34 -05:00
wchen-r7 f98efb1345 Fix typos 2016-08-08 15:41:03 -05:00
Vex Woo 864989cf6c For echo command 2016-07-26 20:27:23 -05:00
Brent Cook b08d1ad8d8 Revert "Land #6812, remove broken OSVDB references" 
This reverts commit 2b016e0216, reversing
changes made to 7b1d9596c7.
 2016-07-15 12:00:31 -05:00
Brent Cook 2b016e0216 Land #6812, remove broken OSVDB references 2016-07-11 22:59:11 -05:00
Brent Cook a530aa4cf1 restrict perms a bit more 2016-07-11 22:22:34 -05:00
Brent Cook a107a0f955 remove unneeded rport/rhost defines 2016-07-11 22:22:34 -05:00
Brent Cook 6bf51fe064 streamline payload generation 2016-07-11 22:22:34 -05:00
Brent Cook 7ef6c8bf9e ruby style updates 2016-07-11 22:22:33 -05:00
Brent Cook c1f51e7ddf Update and fixup module against OpenNMS-16 2016-07-11 22:22:33 -05:00
benpturner 50746eec29 Fixes comments in regards to #{peer} 2016-07-11 22:22:33 -05:00
benpturner ce8317294f New module to exploit the OpenNMS Java Object Unserialization RCE vulnerability. This now gets flagged inside Nessus and there was no Metasploit module to exploit this. 
This module exploits the vulnerability to a full session.
 2016-07-11 22:22:32 -05:00
sho-luv 25f49c0091 Fixed Description 
Just cleaned up Description.
 2016-07-08 16:17:39 -07:00
Vex Woo 4a4904149b ruby conditional operator -> expression 2016-05-16 10:45:04 -05:00
Vex Woo 4a3ab9d464 add a module for netcore/netdis udp 53413 backdoor 2016-05-16 02:11:53 -05:00
wchen-r7 816bc91e45 Resolve #6807, remove all OSVDB references. 
OSVDB is no longer a vulnerability database, therefore all the
references linked to it are invalid.

Resolve #6807
 2016-04-23 12:32:34 -05:00
Christian Mehlmauer 3123175ac7 use MetasploitModule as a class name 2016-03-08 14:02:44 +01:00
Brent Cook f703fa21d6 Revert "change Metasploit3 class names" 
This reverts commit 666ae14259.
 2016-03-07 13:19:55 -06:00
Brent Cook 44990e9721 Revert "change Metasploit4 class names" 
This reverts commit 3da9535e22.
 2016-03-07 13:19:48 -06:00
Christian Mehlmauer 3da9535e22 change Metasploit4 class names 2016-03-07 09:57:22 +01:00
Christian Mehlmauer 666ae14259 change Metasploit3 class names 2016-03-07 09:56:58 +01:00
Brent Cook 3d1861b3f4 Land #6526, integrate {peer} string into logging by default 2016-02-15 15:19:26 -06:00
William Vu c67360f436 Remove extraneous whitespace 2016-02-10 09:44:01 -06:00
wchen-r7 1d6b782cc8 Change logic 
I just can't deal with this "unless" syntax...
 2016-02-08 18:40:48 -06:00
wchen-r7 d60dcf72f9 Resolve #6546, support manual config for X-Jenkins-CLI-Port 
Resolve #6546
 2016-02-08 18:16:48 -06:00
James Lee 12256a6423 Remove now-redundant peer 
These all include either Msf::Exploit::Remote:Tcp or Msf::Exploit::Remote:HttpClient
 2016-02-01 15:12:03 -06:00
wchen-r7 cea3bc27b9 Fix #6362, avoid overriding def peer repeatedly 
def peer is a method that gets repeated a lot in modules, so we
should have it in the tcp mixin. This commit also clears a few
modules that use the HttpClient mixin with def peer.
 2015-12-23 11:44:55 -06:00
wchen-r7 ab3fe64b6e Add method peer for jenkins_java_deserialize.rb 2015-12-15 01:18:27 -06:00
wchen-r7 bd8aea2618 Fix check for jenkins_java_deserialize.rb 
This fixes the following:

* nil return value checks
* handle missing X-Jenkins-CLI-Port scenario more properly
* proper HTTP path normalization
 2015-12-14 11:25:59 -06:00