adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,054 Commits 27 Branches 1,043 Tags
94de45d856b7d4ea32456bbdc7531af67bfbcaa1
Commit Graph

33 Commits

Author SHA1 Message Date
William Vu 7dc1315dac Update logic for ForceExploit in my modules 
This lets the user opt out of running check completely.
 2020-02-19 01:06:50 -06:00
William Vu 84376c30c4 Refactor check methods once again 2019-03-05 19:47:41 -06:00
William Vu d30bfe2cbf Update drupal_drupalgeddon2 2019-03-05 13:26:05 -06:00
William Vu c769555557 Clarify why WfsDelay was repurposed 2019-02-25 12:19:03 -06:00
William Vu 5c84330c18 Clarify DUMP_OUTPUT description once more 2019-02-25 12:06:20 -06:00
William Vu b5368ed2e4 Add sleep(wfs_delay) back to drupal_drupalgeddon2 
And drop WfsDelay back down to 2. I see why I did it in the first place.
 2019-02-25 12:02:31 -06:00
William Vu cb962a22ef Add WfsDelay back to drupal_drupalgeddon2 
And bump it to 10, though 2 worked in testing.
 2019-02-25 11:44:02 -06:00
William Vu 6ecb4bc4a7 Fix exploit/unix/webapp/drupal_drupalgeddon2 2019-02-25 11:18:20 -06:00
William Vu 90b9204703 Update DisclosureDate to ISO 8601 in my modules 
Basic msftidy fixer:

diff --git a/tools/dev/msftidy.rb b/tools/dev/msftidy.rb
index 9a21b9e398..e9ff2b21e5 100755
--- a/tools/dev/msftidy.rb
+++ b/tools/dev/msftidy.rb
@@ -442,6 +442,8 @@ class Msftidy
     # Check disclosure date format
     if @source =~ /["']DisclosureDate["'].*\=\>[\x0d\x20]*['\"](.+?)['\"]/
       d = $1  #Captured date
+      File.write(@full_filepath, @source.sub(d, Date.parse(d).to_s))
+      fixed('Probably updated traditional DisclosureDate to ISO 8601')
       # Flag if overall format is wrong
       if d =~ /^... (?:\d{1,2},? )?\d{4}$/
         # Flag if month format is wrong
 2018-11-16 12:18:28 -06:00
William Vu 7bc98e0ea8 Fix formatting and convert a missed AKA reference 2018-10-05 03:22:08 -05:00
Erin Bleiweiss eb17d9b198 Refactor AKA references for modules 2018-08-31 16:56:05 -05:00
William Vu 88f09dc302 Update a few stragglers in Drupalgeddon 2 
1. I added a missed header and YARD to the Drupal mixin.
2. I decided to match discovered versions more liberally.
 2018-05-03 18:35:25 -05:00
William Vu 728d7bc065 Fix #9876, second round of Drupalgeddon 2 updates 
Thanks to a reviewer for noticing my drupal_unpatched? method was
tri-state because of an unrefactored return. Oops! :)
 2018-05-03 17:38:32 -05:00
William Vu 873cbcee27 Fix #9876, minor updates to Drupalgeddon 2 
1. Tested versions are already listed in the module doc, and we've
tested more than just 7.57 and 8.4.5 now. Removing a source of potential
inconsistency in the future.
2. No problem with ivars anymore. No idea what happened, but maybe I was
just too tired to code. Removing cleanup method.
 2018-04-25 18:09:54 -05:00
William Vu b8eb7f2a86 Set target type instead of regexing names 
We're no longer matching multiple targets like /In-Memory/ or /Dropper/,
so it makes sense to match on a specific value now.

Old matching in this commit: 1900aa2708.
 2018-04-25 11:53:26 -05:00
William Vu 910e9337fb Use print_good for patch level check, oops 2018-04-24 23:21:22 -05:00
William Vu b7ac16038b Correct comment about PHP CLI (it's not our last!) 2018-04-24 23:18:51 -05:00
William Vu ec43801564 Add check for patch level in CHANGELOG.txt 
Looks like 8.x has core/CHANGELOG.txt instead.
 2018-04-24 23:12:33 -05:00
William Vu 2ff0e597a0 Add SA-CORE-2018-002 as an AKA ref 
Makes sense to me. Even though it's technically the advisory.
 2018-04-24 22:51:33 -05:00
William Vu 8bc1417c8c Use PHP_FUNC as a fallback in case assert() fails 
Additionally drop a file in a writable directory in case CWD fails.
 2018-04-24 22:29:27 -05:00
William Vu 8ff4407ca6 Clarify version detection error message 
This was supposed to imply that we couldn't configure the exploit for a
targetable version. Instead, it just read weirdly. I think it was
missing "to target" at the end. "Determine" is a much better word,
though, since we may be doing detection instead of mere configuration.
 2018-04-24 20:51:51 -05:00
William Vu cfaca5baa3 Restore a return lost in the refactor :( 
Also spiff up comments.
 2018-04-24 11:25:55 -05:00
William Vu b507391f1b Change back to vprint_status for the nth time 
I really couldn't decide, especially once I got rid of CmdStager.

Also fully document the module options.
 2018-04-24 04:23:52 -05:00
William Vu c8b6482ab0 Rewrite PHP targets to work with 7.x and 8.x 
Win some, lose some. php -r spawns a new (obvious) command. :/

Check method and version detection also rewritten. :)
 2018-04-24 03:38:05 -05:00
William Vu 8be58d315c Stop being lazy about badchar analysis 
Badchars apply to all targets.
 2018-04-20 19:30:38 -05:00
William Vu fcfe927b7a Add PHP dropper functionality and targets 2018-04-19 05:11:21 -05:00
William Vu 62aca93d8b Cache version detection and print only once 
Oops. This is the problem with overloading methods.
 2018-04-19 04:59:07 -05:00
William Vu 2670d06f99 Add in-memory PHP execution using assert() 2018-04-19 02:18:56 -05:00
William Vu 7a2cc991ff Refactor once more with feeling 
Nested conditionals are the devil. Printing should be consistent now.
 2018-04-18 23:59:14 -05:00
William Vu 3d116d721d Add version detection and automatic targeting 
I also refactored error handling. Should be cleaner now.
 2018-04-18 21:40:22 -05:00
William Vu 86ffbc753e Refactor clean URL handling and remove dead code 2018-04-18 19:56:42 -05:00
William Vu 1900aa2708 Refactor module and address review comments 2018-04-17 19:05:45 -05:00
William Vu d8508b8d7d Add Drupal Drupalgeddon 2 2018-04-14 00:22:30 -05:00