9884634d0b
Land #15744 , update description, refs, and rubocop on tomcat_jsp_upload_bypass
2021-10-05 10:25:47 +01:00
d9d3204e1c
update description, ref, rubocop
2021-10-04 22:14:51 -04:00
a7aa255389
Update gitea git hooks rce check method
2021-10-01 01:11:11 +01:00
64f7581c97
Land #15686 , OptRegexp default should be string
2021-09-23 09:22:45 -05:00
b24b6d8063
Land #15695 , fix crash / add logging nmap module
2021-09-21 14:13:11 -05:00
c86f52a3ec
Land #15679 , bug fix for tomcat_mgr_upload module not undeploying app after exploit
2021-09-21 03:34:43 +01:00
ed72ca217a
Improve setuid nmap module
2021-09-21 01:47:59 +01:00
fee037ac18
Land #15670 , add opmanager sumpdu deser module
2021-09-20 12:15:26 -05:00
731b3d5ffe
OptRegExp default value as string representation
...
OptRegExp default should be string to utilize in a Regex.
This allows for the object to serialize in metadata and via
rpc bridge when transimiteed using msgpack.
2021-09-17 16:34:46 -05:00
4bccc0541f
Add a note about exploitable versions
2021-09-16 17:08:23 -04:00
fd0f565095
Add automatic targeting for the CVEs
2021-09-16 15:15:52 -04:00
12af64c4d8
Land #15604 , add buffer overflow G-Cam module
2021-09-16 13:02:57 -05:00
9f971e8716
Update the module for CVE-2021-3287
2021-09-16 12:58:30 -04:00
a2f83c22ba
Add Pattern Create
2021-09-16 08:22:57 +01:00
d1da74d329
bug fix to undeploy app after exploit
2021-09-15 21:54:21 -04:00
56cd43a8b8
Land #15624 , Add module for CVE-2020-27955
2021-09-15 14:54:19 -04:00
fb74888a31
Correct the CVE reference
2021-09-15 08:42:55 -04:00
1bd3a764a6
Fixup issues from testing
2021-09-14 16:32:25 -04:00
480dec9a1e
Land #15658 , Add module for CVE-2021-32682
2021-09-14 14:09:27 -04:00
278807be98
check contents of json after attempted upload
2021-09-14 11:36:28 -05:00
d82ed7d4a2
Write up the module docs
2021-09-14 09:10:44 -04:00
3986707895
Add and test the remaining targets
2021-09-14 09:10:44 -04:00
d640866b68
Apply rubocop changes and fix all targets
2021-09-14 09:10:44 -04:00
d4834631c3
Add the generated YSoSerial gadget chain
2021-09-14 09:10:44 -04:00
02fde3ac51
Initial work on CVE-2021-3287
2021-09-14 09:10:44 -04:00
1499b1988e
Land #15609 , Add Meterpreter compatibility commands
2021-09-13 15:21:03 +01:00
46718e3390
Run Rubocop layout rules on modules
2021-09-10 12:53:39 +01:00
91ae50eb27
escapeshellcmd -> escapeshellarg
2021-09-09 17:28:05 -05:00
0095613a94
add completed module and documentation
2021-09-09 16:58:40 -05:00
059e39a6f0
Specify meterpreter compatibility command requirements
2021-09-08 22:59:25 +01:00
8c4e5d262c
Add Atlassian Confluence CVE-2021-26084 exploit
2021-09-08 06:57:31 -05:00
cfc3930405
Land #15634 , Add DFLAG_BIG_CREATION to capability flags for erlang_cookie_rce.rb
...
Merge branch 'land-15634' into upstream-master
2021-09-07 14:00:49 -05:00
e30ccafd86
Refeactor lfs.rb, revert rubocop changes on library files
2021-09-07 13:43:10 -04:00
a7d99ebbfc
Land # 15611, ProxyShell Improvements
...
Merge branch 'land-15611' into upstream-master
2021-09-07 11:47:13 -05:00
28e358066b
Fixed typo
...
Extraneous `.`. Thanks, macOS!
2021-09-04 14:34:05 -07:00
2bfc8d35d0
Defined capability flags in comment
...
Added descriptive comment for included capability flags.
2021-09-04 14:32:30 -07:00
80dc8b9502
add elfinder module
2021-09-03 18:26:18 -05:00
99352ad107
Move methods from lfs.rb, fix fail_with types
2021-09-03 16:17:35 -05:00
93aea73939
Update modules/exploits/windows/http/git_lfs_rce.rb
...
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2021-09-03 16:17:35 -05:00
5294c714aa
Fix spacing
2021-09-03 16:17:35 -05:00
f9c4c35431
Update the target_suitable? method
2021-09-03 16:17:35 -05:00
ba64dce5b7
Rubocop offenses
2021-09-03 16:17:30 -05:00
3c43bd409d
Added docs an Git User-Agent FP
2021-09-03 16:15:39 -05:00
514a37ef2f
Removed unecessary gem file + rubocop
2021-09-03 16:15:39 -05:00
21d99a74fb
beta commit
2021-09-03 16:15:38 -05:00
41690d6e1d
Linting again
2021-09-02 17:33:57 +01:00
f336f7a4d6
Removed global vars & Fixed linting
2021-09-02 17:30:18 +01:00
112f43f798
Consolidate module argument parsing for ensuring consistency
2021-09-02 13:00:02 +01:00
134fef21c4
Improve validation rhosts validation
2021-09-02 13:00:01 +01:00
5742e1c20e
Add DFLAG_BIG_CREATION to capability flags
...
I have been having trouble with this module (and other projects) using the included set of capability flags (0x3499c) on a specific host. I took some time to analyze the problem and it appears to be with the included flag set. In my case (and I suspect others'), the target node was rejecting the client with "not_allowed". After testing I found that simply adding DFLAG_BIG_CREATION (0x40000) allowed this exploit to work, both on the host I was having trouble with, and an older one where this (unmodified) exploit was working. Breakdown of flags is below.
```
0x0007499c == 0b0000 0000 0111 0100 1001 1001 1100
| ||| | | | | | ||-- DFLAG_EXTENDED_REFERENCES
| ||| | | | | | |-- DFLAG_DIST_MONITOR
| ||| | | | | |-- DFLAG_FUN_TAGS
| ||| | | | |-- DFLAG_NEW_FUN_TAGS
| ||| | | |-- DFLAG_EXTENDED_PIDS_PORTS
| ||| | |-- DFLAG_NEW_FLOATS
| ||| |-- DFLAG_SMALL_ATOM_TAGS
| |||-- DFLAG__UTF8_ATOMS
| ||-- DFLAG_MAP_TAG
| |-- **DFLAG_BIG_CREATION**
|-- DFLAG_HANDSHAKE_23
```
2021-09-01 10:45:41 -07:00
adfoster-r7