adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,054 Commits 27 Branches 1,043 Tags
94de45d856b7d4ea32456bbdc7531af67bfbcaa1
Commit Graph

1951 Commits

Author SHA1 Message Date
Kevin Kirsche 40f54df129 Feedback updates 2018-01-11 18:54:58 -05:00
Kevin Kirsche 172ffdfea1 Use geturi instead of building it ourselves 2018-01-11 18:27:56 -05:00
Kevin Kirsche d4056e72da Lower the default timeout for CHECK 2018-01-11 17:38:30 -05:00
Kevin Kirsche 3617a30e34 Add URIPATH random URI 2018-01-11 17:33:14 -05:00
Kevin Kirsche a28d4a4b5b Add check and update for some style considerations 2018-01-11 17:28:09 -05:00
Kevin Kirsche 0d9a40d2e5 Use target['Platform'] instead of target_platform 2018-01-11 15:44:07 -05:00
Kevin Kirsche c490d642e2 Was missing a comma 2018-01-11 09:42:24 -05:00
Kevin Kirsche 3132566d8f Fix OptFloat error 2018-01-11 09:22:16 -05:00
Kevin Kirsche c05b440f26 Fix additional feedback 
This
* uses ternary operators
* uses an `RPORT` option shortcut
* removes the `xml_payload` variable and instead more explicitly uses the method directly
* Uses `OptFloat` for the timeout option to allow partial seconds
 2018-01-11 08:17:13 -05:00
Kevin Kirsche ab89e552ed Remove accidental trailing space 2018-01-08 14:42:03 -05:00
Kevin Kirsche 2252490e62 Fix using arbitrary keys to instead use "URL" 2018-01-08 14:30:03 -05:00
Kevin Kirsche e80ca348cf Add Exploit-DB ID 2018-01-08 10:55:46 -05:00
Kevin Kirsche 6beeece708 Re-add timeout value 2018-01-07 20:21:29 -05:00
Kevin Kirsche eefd432161 Make sure Platforms match our actual target list 2018-01-06 08:31:30 -05:00
Kevin Kirsche 4bd196f8b2 Fix missing single quotes and remove comma 2018-01-06 08:30:48 -05:00
Kevin Kirsche 867b32415d Fix feedback from wvu-r7 
Fixes feedback from wvu-r7

- Consolidates payload to single method
- Replaces gsub! with standard encode method
- Note exploit discovery and proof of concept code used in authors (still seems weird to include the discovery as an author...)
- Change link
- Use `ARCH_CMD` instead of `[ARCH_CMD]`
- Remove Linux target as it's only Windows or Unix
- Remove timeout as I don't know how to pass it to `send_request_cgi`
 2018-01-06 08:12:43 -05:00
Brendan Coles 6665a4f735 Use register_dir_for_cleanup 2018-01-06 10:55:29 +00:00
Kevin Kirsche 744f20304c Remove hardcoded user-agent from the headers 
Remove hardcoded user-agent from the headers allowing for `send_request_cgi` to control this
 2018-01-05 18:22:27 -05:00
Kevin Kirsche 2478de934b Add CVE-2017-10271 / Oracle WebLogic wls-wsat RCE 2018-01-05 15:05:21 -05:00
William Vu 366a20a4a4 Fix #9215, minor style nitpick 2018-01-03 23:11:51 -06:00
William Vu a1d43c8f33 Land #9215, new Drupageddon vector 2018-01-03 14:45:32 -06:00
William Vu e9b9c80841 Fix #9307, credit to @r0610205 2017-12-18 03:55:01 -06:00
William Vu 76823e9fe6 Land #9183, Jenkins Groovy XStream RCE 2017-12-18 03:38:27 -06:00
WhiteWinterWolf bfd5c2d330 Keep the initial option name 'ADMIN_ROLE' 2017-11-22 22:03:56 +01:00
WhiteWinterWolf 2be3433bdb Update references URLs 2017-11-17 13:27:35 +01:00
WhiteWinterWolf a636380e4b Merge the new method into drupal_drupageddon.rb 2017-11-17 13:00:15 +01:00
WhiteWinterWolf 704514a420 New exploit method for Drupageddon (CVE-2014-3704) 
This new script exploits the same vulnerability as
 *exploits/multi/http/drupal_drupageddon.rb*, but in a more efficient way.
 2017-11-16 20:47:44 +01:00
Adam Cammack 4219959c6d Bump ranking to Excellent 2017-11-15 15:00:47 -06:00
Steven Patterson df2b62dc27 Add Mako Server CMD injection Linux support, update docs, move to multi 2017-11-10 16:28:39 -05:00
attackdebris 500bde1150 get_vars tweak 2017-11-09 04:16:34 -05:00
attackdebris a04bc0a25b Add get_vars, remove a https instance 2017-11-08 16:30:59 -05:00
attackdebris 7173e7f4b4 Add CVE to module description 2017-11-07 11:05:14 -05:00
attackdebris 371f3c333a This commit adds the jenkins_xstream_deserialize module 2017-11-07 09:46:42 -05:00
Jeffrey Martin cfaa34d2a4 more style cleanup for tomcat_jsp_upload_bypass 2017-10-11 15:53:35 -05:00
Jeffrey Martin 9885dc07f7 updates for style 2017-10-11 15:29:47 -05:00
root 03e7797d6c fixed msftidy errors and added documentation 2017-10-11 07:57:01 -04:00
peewpw facc38cde1 set timeout for DELETE request 2017-10-09 21:53:31 -04:00
peewpw be8680ba3d Create tomcat_jsp_upload_bypass.rb 
Created a module for CVE-2017-12617 which uploads a jsp payload and executes it.
 2017-10-08 21:48:47 -04:00
h00die 7535fe255f land #8736 RCE for orientdb 2017-10-06 14:35:42 -04:00
Tod Beardsley 5f66b7eb1a Land #8940, @h00die's second round of desc fixes 
One ninja edit along the way as well.
 2017-09-11 13:05:13 -05:00
Brent Cook 54a62976f8 update versions and add quick module docs 2017-09-08 13:59:29 -05:00
William Vu 978fdb07b0 Comment out PSH target and explain why 
I hope we can fix the PSH target in the future, but the Windows dropper
works today, and you can specify a custom EXE if you really want.
 2017-09-08 13:41:06 -05:00
Pearce Barry 2ebf53b647 Minor tweaks... 2017-09-08 10:04:47 -05:00
h00die 00c593e0a2 55 pages of spelling done 2017-09-07 21:18:50 -04:00
William Vu a9a307540f Assign cmd to entire case and use encode for XML 
Hat tip @acammack-r7. Forgot about that first syntax!
 2017-09-07 19:36:08 -05:00
William Vu 8f1e353b6e Add Apache Struts 2 REST Plugin XStream RCE 2017-09-07 19:30:48 -05:00
xfer0 4abac4854a Update struts2_code_exec_showcase.rb 
Update module to properly display command output
 2017-09-07 12:19:53 -04:00
Tod Beardsley 86db2a5771 Land #8888 from @h00die, with two extra fixes 
Fixes spelling and grammar in a bunch of modules. More to come!
 2017-08-31 14:37:02 -05:00
Brent Cook 202c936868 Land #8826, git submodule remote command execution 2017-08-29 18:11:32 -05:00
Brent Cook 46eeb1bee0 update style 2017-08-29 17:44:39 -05:00