adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,054 Commits 27 Branches 1,043 Tags
94de45d856b7d4ea32456bbdc7531af67bfbcaa1
Commit Graph

13654 Commits

Author SHA1 Message Date
asoto-r7 cb16f812ec struts2_namespace_ognl updates from code review 
Thanks to @wvu, @firefart, and @wchen!
 2018-09-06 11:50:57 -05:00
Wei Chen d23b252393 Land #10592, support ERB for foxit_reader_uaf.rb 2018-09-05 21:48:52 -05:00
Wei Chen 254e8b9fd0 Cleanup for foxit_reader_uaf 2018-09-05 21:47:57 -05:00
William Vu 243267b2f5 Add Linux dropper target 2018-09-05 19:57:12 -05:00
William Vu 61044e8bca Refactor targets to align with current style 2018-09-05 19:56:32 -05:00
William Vu 692ddc8b8b Eschew updating imagemagick_delegate 
The hype is over, and the target was provided as a bonus. Now update the
module language to reflect that.
 2018-09-05 19:56:32 -05:00
William Vu 1491f13bd5 Add Ghostscript failed restore exploit 2018-09-05 19:56:32 -05:00
William Vu 13ff71b879 Clean up previous modules 
Missed in 35670713ff.
 2018-09-05 19:56:32 -05:00
Shelby Pace 55bf6e5dd4 removed require in erb file 2018-09-05 18:09:29 -05:00
Shelby Pace 6a3a4de289 included path to erb, removed multiline pdf string 2018-09-05 14:09:10 -05:00
Erin Bleiweiss e243ce9eee Update AKA for ghostscript_type_confusion 2018-08-31 16:56:35 -05:00
Erin Bleiweiss 5092d561f9 Update AKA values for ms17_010_psexec 2018-08-31 16:56:28 -05:00
Erin Bleiweiss 69a785ff46 Update json for python modules 2018-08-31 16:56:22 -05:00
Erin Bleiweiss eb17d9b198 Refactor AKA references for modules 2018-08-31 16:56:05 -05:00
asoto-r7 8fe8bf62e3 Renamed to match existing struts2_content_type_ognl and improved comments 2018-08-31 13:48:22 -05:00
asoto-r7 35022d8332 Added payload upload+execution and OGNL-specific URI encoding 2018-08-31 13:39:42 -05:00
William Vu 7c7f63df45 Fix missing normalize_uri in struts2_rest_xstream 
I missed this one previously. May not be necessary but nice to have.
 2018-08-30 15:56:43 -05:00
Shelby Pace 6ec8522786 Land #10482, Add Network Manager VPNC Privesc 2018-08-30 10:46:54 -05:00
Jacob Robles 9d3e1c1942 Land #10540, weblogic_deserialize, add check method and linux target 2018-08-30 06:08:03 -05:00
Jacob Robles 953bafc7e7 Land #10545, foxit fix generated strings, update doc 2018-08-30 05:55:44 -05:00
Austin 0887236f5e Fix spaces issue 2018-08-29 19:28:48 -04:00
Clément Notin d489cd7248 ms17_010_eternalblue: use SMBDomain value when provided instead of ignoring it 2018-08-29 23:53:58 +02:00
Jacob Robles 3161beff69 Prefer opt hash 2018-08-29 14:56:31 -05:00
Adam Cammack a57e5ac5c0 Land #10594, Remove trailing space from CVE number 2018-08-29 14:31:21 -05:00
Jacob Robles bc4442694e Fix Windows target options, remove comspec 2018-08-29 14:23:00 -05:00
Ben Schmeckpeper c4d697a629 Remove trailing space from CVE identifier 
ASUS Net4Switch ipswcom exploit mistakenly included a trailing space at the end of its CVE reference.
 2018-08-29 14:12:49 -05:00
William Vu 468613f688 Land #10536, https:// reference check for msftidy 2018-08-29 11:14:42 -05:00
Jacob Robles d5ad683ba6 More doc updates 2018-08-29 10:59:36 -05:00
Jacob Robles 086ec5bdfb Fix generated strings in pdf 2018-08-29 06:24:20 -05:00
William Vu 326f006146 Land #10542, CVE ref for office_ms17_11882 exploit 2018-08-29 00:42:53 -05:00
Christian Mehlmauer 14fa41a376 merge changes 2018-08-29 06:09:40 +02:00
asoto-r7 b373dcc5d4 First draft of module and documentation for struts_namespace_rce against CVE-2018-11776 2018-08-28 16:53:26 -05:00
William Vu f6b868bac2 Prefer regex for target check in exploit method 
This is how I initially wrote it out, and I think I like it better.
Obviously we'll still check individual symbols in execute_command, since
some of the matching is disjoint.
 2018-08-28 15:56:45 -05:00
William Vu 3dec79da23 Add Windows ARCH_CMD target and refactor again 
Must have been an oversight that I didn't add the target.
 2018-08-28 15:03:41 -05:00
Ben Schmeckpeper 6335d867ec Add CVE reference to office_ms17_11882 exploit 
The CVE identifier appears in a  GitHub URI but is not referenced separately.
 2018-08-28 13:44:01 -05:00
Jacob Robles 94e8cdac37 Move files to correct location 2018-08-28 12:38:54 -05:00
Jacob Robles 2986a9538d Whitespace fix 2018-08-28 11:53:08 -05:00
Jacob Robles 49c5a91fa7 Add linux target to weblogic_deserialize module 2018-08-28 11:51:04 -05:00
Jacob Robles 12e9cf6af7 Version output 2018-08-28 08:20:02 -05:00
Jacob Robles f92d2263d0 Add check to weblogic_deserialize module 2018-08-28 08:09:30 -05:00
Christian Mehlmauer a66556b436 fix msftidy errors 2018-08-28 13:12:43 +02:00
William Vu 7d21c2094e Improve PSH target and refactor check code 2018-08-27 20:18:35 -05:00
William Vu df5f4caaae Uncomment PSH target in struts2_rest_xstream 
I'm full of shit. It works.

msf5 exploit(multi/http/struts2_rest_xstream) > run

[*] Started reverse TCP handler on 192.168.56.1:4444
[*] Powershell command length: 2467
[*] Sending stage (206403 bytes) to 192.168.56.101
[*] Meterpreter session 1 opened (192.168.56.1:4444 -> 192.168.56.101:49691) at 2018-08-27 20:00:47 -0500

meterpreter > getuid
Server username: MSEDGEWIN10\IEUser
meterpreter > sysinfo
Computer        : MSEDGEWIN10
OS              : Windows 10 (Build 17134).
Architecture    : x64
System Language : en_US
Domain          : WORKGROUP
Logged On Users : 3
Meterpreter     : x64/windows
meterpreter >
 2018-08-27 20:01:00 -05:00
Brent Cook 47ca6c6a14 Land #10527, Fix msftdiy EDB link check, enable HTTPS 2018-08-27 10:49:20 -05:00
Jacob Robles 79b3e4564a Land #10487, add php5 session file target 2018-08-27 06:22:28 -05:00
Brendan Coles 9725e90ba7 Fix msftdiy EDB link check 2018-08-26 04:18:38 +00:00
William Vu 6df235062b Land #10505, post-auth and default creds info 2018-08-24 18:08:15 -05:00
Jacob Robles f6674a96d9 Update poc link 2018-08-24 10:52:01 -05:00
Jacob Robles 7f3824b067 Additional path for Linux target 2018-08-24 07:18:24 -05:00
William Vu 672dbb7acb Land #9364, HP PJL/SNMP CVE-2017-2741 exploit 
Finally!
 2018-08-23 22:47:09 -05:00