adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
46,254 Commits 27 Branches 1,043 Tags
94de5a4e42cfb1dc0fdfc1233707f71b6d9a628b
Commit Graph

1226 Commits

Author SHA1 Message Date
Aaron Soto 82fc4aba64 Land #9918, XDebug Unauthenticated OS command execution 2018-04-27 17:08:58 -05:00
William Vu 873cbcee27 Fix #9876, minor updates to Drupalgeddon 2 
1. Tested versions are already listed in the module doc, and we've
tested more than just 7.57 and 8.4.5 now. Removing a source of potential
inconsistency in the future.
2. No problem with ivars anymore. No idea what happened, but maybe I was
just too tired to code. Removing cleanup method.
 2018-04-25 18:09:54 -05:00
William Vu b8eb7f2a86 Set target type instead of regexing names 
We're no longer matching multiple targets like /In-Memory/ or /Dropper/,
so it makes sense to match on a specific value now.

Old matching in this commit: 1900aa2708.
 2018-04-25 11:53:26 -05:00
William Vu 910e9337fb Use print_good for patch level check, oops 2018-04-24 23:21:22 -05:00
William Vu b7ac16038b Correct comment about PHP CLI (it's not our last!) 2018-04-24 23:18:51 -05:00
William Vu ec43801564 Add check for patch level in CHANGELOG.txt 
Looks like 8.x has core/CHANGELOG.txt instead.
 2018-04-24 23:12:33 -05:00
William Vu 2ff0e597a0 Add SA-CORE-2018-002 as an AKA ref 
Makes sense to me. Even though it's technically the advisory.
 2018-04-24 22:51:33 -05:00
William Vu 8bc1417c8c Use PHP_FUNC as a fallback in case assert() fails 
Additionally drop a file in a writable directory in case CWD fails.
 2018-04-24 22:29:27 -05:00
William Vu 8ff4407ca6 Clarify version detection error message 
This was supposed to imply that we couldn't configure the exploit for a
targetable version. Instead, it just read weirdly. I think it was
missing "to target" at the end. "Determine" is a much better word,
though, since we may be doing detection instead of mere configuration.
 2018-04-24 20:51:51 -05:00
William Vu cfaca5baa3 Restore a return lost in the refactor :( 
Also spiff up comments.
 2018-04-24 11:25:55 -05:00
William Vu b507391f1b Change back to vprint_status for the nth time 
I really couldn't decide, especially once I got rid of CmdStager.

Also fully document the module options.
 2018-04-24 04:23:52 -05:00
William Vu c8b6482ab0 Rewrite PHP targets to work with 7.x and 8.x 
Win some, lose some. php -r spawns a new (obvious) command. :/

Check method and version detection also rewritten. :)
 2018-04-24 03:38:05 -05:00
William Vu 8be58d315c Stop being lazy about badchar analysis 
Badchars apply to all targets.
 2018-04-20 19:30:38 -05:00
William Vu fcfe927b7a Add PHP dropper functionality and targets 2018-04-19 05:11:21 -05:00
William Vu 62aca93d8b Cache version detection and print only once 
Oops. This is the problem with overloading methods.
 2018-04-19 04:59:07 -05:00
William Vu 2670d06f99 Add in-memory PHP execution using assert() 2018-04-19 02:18:56 -05:00
William Vu 7a2cc991ff Refactor once more with feeling 
Nested conditionals are the devil. Printing should be consistent now.
 2018-04-18 23:59:14 -05:00
William Vu 3d116d721d Add version detection and automatic targeting 
I also refactored error handling. Should be cleaner now.
 2018-04-18 21:40:22 -05:00
William Vu 86ffbc753e Refactor clean URL handling and remove dead code 2018-04-18 19:56:42 -05:00
William Vu 1900aa2708 Refactor module and address review comments 2018-04-17 19:05:45 -05:00
William Vu d8508b8d7d Add Drupal Drupalgeddon 2 2018-04-14 00:22:30 -05:00
Brent Cook 8c2138f13b Land #9742, QNX exploit improvements 2018-04-03 07:50:29 -05:00
Jacob Robles 0fa63ae7b3 Update documentation and module 
Included Super User in the documentation.
Implemented changes h00die suggested.
Modified sqli to generate strings used in regex.
 2018-03-28 10:57:28 -05:00
Brendan Coles fdd2af2d2a Update tested versions 2018-03-24 00:23:12 +00:00
Brendan Coles 9d28549e84 Update qnx_qconn_exec 2018-03-22 06:25:44 +00:00
Luis Hernandez dddad415a5 add Msf::Exploit::Remote::HTTP::Joomla 2018-03-11 07:59:26 -05:00
Luis Hernandez 37bf4d118a Changes suggested by h00die 0803 2018-03-09 09:55:50 -05:00
Luis Hernandez 048d0d1fe4 Changes suggested by h00die 2018-03-08 20:13:01 -05:00
Luis Hernandez d945734f43 Add 2017-8917 RCE for Joomla 3.0.7 2018-03-04 22:17:49 -05:00
Brent Cook b1d0529161 prefer 'shell' channels over 'exec' channels for ssh 
If a command is not specified to CommandStream, request a "shell"
session rather than running exec. This allows targets that do not have a
true "shell" which supports exec to instead return a raw shell session.
 2018-02-08 02:21:16 -06:00
William Vu 5684b9ed7c Readd dropped return during refactoring 2018-01-23 10:12:15 -06:00
William Vu d3b3946669 Use Msf::Post::File#setuid? in setuid_nmap 2018-01-23 02:05:26 -06:00
Christian Mehlmauer 2f9eebe28b remove plugin dir 2018-01-15 14:48:59 +01:00
Wei Chen 7e2c7837e5 Land #9325, Add CVE-2017-6090 phpCollab 2.5.1 file upload exploit module 
Land #9325
 2018-01-10 17:39:50 -06:00
Wei Chen b1f3f471f3 Update phpcollab_upload_exec code (also module documentation) 2018-01-10 17:38:52 -06:00
Wei Chen dd737c3bc8 Land #9317, remove multiple deprecated modules 
Land #9317

The following modules are replaced by the following:

auxiliary/scanner/discovery/udp_probe
is replaced by:
auxiliary/scanner/discovery/udp_sweep

exploit/unix/webapp/wp_ninja_forms_unauthenticated_file_upload
is replaced by:
exploit/multi/http/wp_ninja_forms_unauthenticated_file_upload

exploit/windows/misc/regsvr32_applocker_bypass_server
is replaced by:
exploits/multi/script/web_delivery
 2018-01-10 15:47:20 -06:00
wetw0rk c9d6d0a7a7 -51 2018-01-04 12:25:31 -06:00
wetw0rk 16d709f180 changes+filedropper 2018-01-03 14:09:30 -06:00
wetw0rk 8f0e41e159 requested changes 2018-01-01 17:30:43 -06:00
wetw0rk c47d09717d pfsense graph sploit 2018-01-01 03:18:51 -06:00
Tod Beardsley e6de25d63b Land #9316 Cambium modules and mixins, tx @juushya 
These cover several of the CVEs mentioned in

https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/
 2017-12-26 12:39:51 -06:00
juushya 8b0f2214b1 few more updates 2017-12-23 03:04:11 +05:30
juushya 038119d9df Use of get_cookies_parsed, changing dirs, marking deprecated in 2 mods, more 2017-12-23 00:14:27 +05:30
Jon Hart b29948412e Correct permissions, fixing warning 2017-12-22 07:27:11 -08:00
juushya a86abb0297 Implemented get_cookies_parsed 2017-12-22 05:36:36 +05:30
Nick Marcoccio 86ce3c8781 Made suggested changes and added documentation 2017-12-20 15:54:16 -05:00
Nick Marcoccio ce457db1e3 fixed spaces at EOL 2017-12-20 09:24:30 -05:00
Nick Marcoccio d6024277fc fixed missing quote 2017-12-20 09:03:32 -05:00
Nick Marcoccio 139afe45a9 Add phpCollab 2.5.1 exploit module 2017-12-20 08:36:58 -05:00
EgiX a4098803b3 Remove OSVDB reference 2017-12-20 13:10:42 +01:00