adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,054 Commits 27 Branches 1,043 Tags
94de45d856b7d4ea32456bbdc7531af67bfbcaa1
Commit Graph

1951 Commits

Author SHA1 Message Date
Brent Cook 1733d3e1f1 remove obsolete tested-on comment 2016-08-12 17:26:43 -05:00
wchen-r7 f4e4a5dcf3 Fix struts_default_action_mapper payload request delay 
MS-1609
 2016-08-12 15:29:00 -05:00
Brendan 1a7286f625 Land #7062, Create exploit for WebNMS 5.2 RCE 2016-08-12 07:11:48 -07:00
Pedro Ribeiro 07e210c143 Add changes requested to target.uri 2016-08-04 17:50:16 +01:00
William Vu 3b13adba70 Hint about incorrect RAILSVERSION 
If the secret doesn't match, you might have set the wrong RAILSVERSION.
The difference is secret_token (Rails 3) vs. secret_key_base (Rails 4).
 2016-08-01 09:36:25 -07:00
Pedro Ribeiro c93e88f3a3 Make changes requested by wvu-r7 2016-07-20 14:21:04 +02:00
Brent Cook b08d1ad8d8 Revert "Land #6812, remove broken OSVDB references" 
This reverts commit 2b016e0216, reversing
changes made to 7b1d9596c7.
 2016-07-15 12:00:31 -05:00
Brendan 8968a6603e Syntax cleanup 2016-07-14 13:25:31 -07:00
Brendan 927b3a88a1 Changed to one delete 2016-07-14 13:11:59 -07:00
Brent Cook 2b016e0216 Land #6812, remove broken OSVDB references 2016-07-11 22:59:11 -05:00
Brendan 47f2cef22e Syntax changes to humor rubocop and ruby style 2016-07-11 12:50:58 -07:00
wchen-r7 2cc6565cc9 Update rails_actionpack_inline_exec 2016-07-07 15:56:50 -05:00
Pedro Ribeiro eeba35f87a Create file for WebNMS 5.2 remote code execution 2016-07-04 21:07:03 +01:00
RageLtMan fcf8cda22f Add basic module for CVE-2016-2098 
ActionPack versions prior to 3.2.22.2, 4.1.14.2, and 4.2.5.2
implement unsafe dynamic rendering of inline content such that
passing ERB wrapped Ruby code leads to remote execution.

This module only implements the Ruby payloads, but can easily
be extended to use system calls to execute native/alternate
payload types as well.

Test Procedures:
  Clone https://github.com/hderms/dh-CVE_2016_2098
  Run bundle install to match gem versions to those in lockfile
  Run the rails server and configure the metasploit module:
    Set TARGETURI to /exploits
    Configure payload and handler options
  Execute the module, move on to post-exp
 2016-06-28 03:28:16 -04:00
wchen-r7 7cdadca79b Land #6945, Add struts_dmi_rest_exec exploit 2016-06-08 23:16:46 -05:00
Vex Woo e4c55f97db Fix module desc 2016-06-06 10:40:36 -05:00
Vex Woo 9f19d2c210 add apache struts2 S2-033 rce module 2016-06-06 05:07:48 -05:00
wchen-r7 f333481fb8 Add vendor patch info 2016-06-02 16:41:06 -05:00
wchen-r7 7c9227f70b Cosmetic changes for magento_unserialize to pass msftidy & guidelines 2016-06-02 16:34:41 -05:00
mr_me 4f42cc8c08 Added module 2016-06-02 09:24:10 -05:00
wchen-r7 14adcce8bf Missed the HTTPUSERNAME fix 2016-05-27 18:37:04 -05:00
wchen-r7 61f9cc360b Correct casing - should be HttpUsername and HttpPassword 2016-05-27 18:31:54 -05:00
wchen-r7 4dcddb2399 Fix #4885, Support basic and form auth at the same time 
When a module uses the HttpClient mixin but registers the USERNAME
and PASSWORD datastore options in order to perform a form auth,
it ruins the ability to also perform a basic auth (sometimes it's
possible to see both). To avoid option naming conflicts, basic auth
options are now HTTPUSERNAME and HTTPPASSWORD.

Fix #4885
 2016-05-27 16:25:42 -05:00
William Webb 028b1ac251 Land #6816 Oracle Application Testing Suite File Upload 2016-05-24 18:27:10 -05:00
Brent Cook 5bf8891c54 Land #6882, fix moodle_cmd_exec HTML parsing to use REX 2016-05-23 23:25:22 -05:00
wchen-r7 506356e15d Land #6889, check #nil? and #empty? instead of #empty? 2016-05-19 19:23:04 -05:00
wchen-r7 99a573a013 Do unless instead "if !" to follow the Ruby guideline 2016-05-19 19:21:45 -05:00
Vex Woo 41bcdcce61 fix struts_code_exec_exception_delegator - NoMethodError undefined method 'empty?' for nil:NilClass 2016-05-18 00:11:57 -05:00
Vex Woo bc257ea628 fix struts_code_exec - NoMethodError undefined method 'empty?' for nil:NilClass 2016-05-18 00:10:32 -05:00
wchen-r7 e8ac568352 doesn't look like we're using the tcp mixin 2016-05-17 03:15:26 -05:00
wchen-r7 08394765df Fix #6879, REXML::ParseException No close tag for /div 2016-05-17 03:14:00 -05:00
Brent Cook cf0176e68b Land #6867, Add Dell SonicWALL Scrutinizer 11.0.1 MethodDetail SQL Injection 2016-05-16 19:00:10 -05:00
wchen-r7 8f9762a3e5 Fix some comments 2016-05-12 00:19:18 -05:00
wchen-r7 da293081a9 Fix a typo 2016-05-11 22:48:23 -05:00
wchen-r7 9d128cfd9f Add Dell SonicWALL Scrutinizer 11.0.1 MethodDetail SQL Injection 2016-05-11 22:27:18 -05:00
HD Moore 32e1a19875 Fix up the disclosure date 2016-05-11 00:18:22 -05:00
HD Moore ded79ce1ff Fix CVE syntax 2016-05-10 23:18:45 -05:00
HD Moore 4a5d150716 Fixups to continue supporting Rails 4.2.x 2016-05-10 23:12:48 -05:00
HD Moore 04bb493ccb Small typo fixed 2016-05-10 23:07:51 -05:00
HD Moore 7c6958bbd8 Rework rails_web_console_v2_code_exec to support CVE-2015-3224 2016-05-10 11:08:02 -05:00
William Vu 2abb062070 Clean up module 2016-05-06 11:51:29 -05:00
Louis Sato 8dc7de5b84 Land #6838, add Rails web-console module 2016-05-05 15:53:52 -05:00
HD Moore 779a7c0f68 Switch to the default rails server port 2016-05-03 02:06:58 -05:00
HD Moore 8b04eaaa60 Clean up various whitespace 2016-05-03 02:06:37 -05:00
wchen-r7 df44dc9c1c Deprecate exploits/linux/http/struts_dmi_exec 
Please use exploits/multi/http/struts_dmi_exec, which supports
Windows and Java targets.
 2016-05-02 15:03:25 -05:00
HD Moore 3300bcc5cb Make msftidy happier 2016-05-02 02:33:06 -05:00
HD Moore 67c9f6a1cf Add rails_web_console_v2_code_exec, abuse of a debug feature 2016-05-02 02:31:14 -05:00
join-us 6a00f2fc5a mv exploits/linux/http/struts_dmi_exec.rb to exploits/multi/http/struts_dmi_exec.rb 2016-05-01 00:00:29 +08:00
William Vu c16a02638c Add Oracle Application Testing Suite exploit 2016-04-26 15:41:27 -05:00
William Vu 0cb555f28d Fix typo 2016-04-26 15:26:22 -05:00