adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,838 Commits 27 Branches 1,043 Tags
baae9db092a4eaa4e6f3df65d22eded18d5fd20c
Commit Graph

28395 Commits

Author SHA1 Message Date
William Vu baae9db092 Fix some more things 2020-04-15 15:47:50 -05:00
William Vu 6275b16b04 Fix some things 2020-04-15 15:47:50 -05:00
wvu-r7 1ce6c310ba Escape double quotes in EL payload 2020-04-15 15:47:50 -05:00
wvu-r7 143d8463ec Prefer include? for NXSESSIONID= 
Co-Authored-By: bcoles <bcoles@gmail.com>
 2020-04-15 15:47:50 -05:00
William Vu 45263b8aa5 Add Nexus Repository Manager Java EL Injection RCE 2020-04-15 15:47:50 -05:00
bwatters-r7 77ddf2b761 Land #13208, Archer a7 c7 lan 
Merge branch 'land-13208' into upstream-master
 2020-04-15 11:15:02 -05:00
gwillcox-r7 be4c66d04c Land #13213, Liferay Portal Unmarshalling RCE 2020-04-14 23:35:29 -05:00
William Vu a73a542399 Add a comment to appease the @gwillcox-r7 god 2020-04-14 23:10:28 -05:00
William Vu c02f74637f Update print and comments 2020-04-14 23:06:38 -05:00
William Vu 0dedf9225e s/for/of/ 2020-04-14 22:56:09 -05:00
William Vu c95823d71d Comment convenience method 2020-04-14 22:07:13 -05:00
William Vu 8f4aa7b761 Comment more comments 2020-04-14 22:04:25 -05:00
William Vu 99c5912cc7 Comment another comment and move stuff around 2020-04-14 21:59:43 -05:00
William Vu b9382230f6 Comment my comments to myself 2020-04-14 21:41:51 -05:00
Spencer McIntyre 5ca934bbad Land #13249, add a note and cleanup files for the VestaCP RCE 2020-04-14 16:01:28 -04:00
William Vu c9c3f87203 Note tested version in module 2020-04-14 14:01:59 -05:00
William Vu 5fbaf87c96 Move ClassLoader to HTTP::ClassLoader 
Also note the SSL workaround.
 2020-04-14 14:01:18 -05:00
William Vu 9b59a8e194 Be more verbose and validate classloader server 2020-04-14 14:01:18 -05:00
William Vu 06f54765c3 Remove res.code == 200 check again 
It really isn't necessary when we're looking for just the header.
 2020-04-14 14:01:18 -05:00
William Vu 6f77f27ed5 Move deregister_options from module to mixin 
Whoops, forgot this.
 2020-04-14 14:01:18 -05:00
William Vu c21bb7e9dd Bump a CheckCode to Detected 
We get the Liferay-Portal header.
 2020-04-14 14:01:18 -05:00
William Vu 69e1714d9a Don't be lazy anymore and pack lengths as shorts 2020-04-14 14:01:18 -05:00
William Vu db15baa257 Rename to Msf::Exploit::Remote::Java::ClassLoader 2020-04-14 14:01:18 -05:00
William Vu 673e13d8cb Unzero the lengths I zeroed so it works 2020-04-14 14:01:18 -05:00
William Vu 950a0d57db Fix bad regex in Liferay module, too, duh 2020-04-14 14:01:18 -05:00
William Vu d7cf08d5f3 Convert Java classloading code into a mixin 2020-04-14 14:01:18 -05:00
William Vu d920bb4615 Fix bad regex on length of "Metasploit" string 
It won't match a char because it's a newline. While sticking "m" on the
end of the regex would work, there is zero reason we can't hardcode the
length, since the string is fixed.

irb(main):001:0> "\nhi" =~ /.hi/
=> nil
irb(main):002:0> "\nhi" =~ /.hi/m
=> 0
irb(main):003:0>
 2020-04-14 14:01:17 -05:00
William Vu 83d5a673ac Rename exploit_class to constructor_class 2020-04-14 14:01:17 -05:00
William Vu a98215d27e Relax regex in case of Enterprise Edition (EE) 
I don't know what the regex would be, since I don't have EE.
 2020-04-14 14:01:17 -05:00
William Vu 5e65bb2a6a Document remote classloading files 2020-04-14 14:01:17 -05:00
William Vu 96242a99a1 Document the magic 2020-04-14 14:01:17 -05:00
William Vu d220c1045e Refactor check for precision 2020-04-14 14:01:17 -05:00
William Vu 8297f77d0a Update vuln discoverer to Markus Wulftange 
Wasn't in the original blog post, but it's in the vendor advisory.
 2020-04-14 14:01:17 -05:00
William Vu c475ddac52 Add vendor advisory to references 2020-04-14 14:01:17 -05:00
William Vu 0c8ee27613 Add Liferay Portal Java Unmarshalling RCE 2020-04-14 14:01:17 -05:00
gwillcox-r7 0858178c09 Add cleanup support and update description 2020-04-14 13:27:25 -05:00
Shelby Pace 1bc40f88ac Land #13215, add LimeSurvey directory traversals 2020-04-14 12:03:10 -05:00
h00die 7884d1be34 space comments 2020-04-14 10:04:17 -04:00
bwatters-r7 2a0095f5b7 Land #12405, Add execute_assembly post module 
Merge branch 'land-12405' into upstream-master
 2020-04-13 18:21:38 -05:00
bwatters-r7 b9e83bd055 Update VS build destination 2020-04-13 18:20:20 -05:00
gwillcox-r7 3c64b8fde9 Land #13094, Vesta Control Panel v-list-user-backups RCE 2020-04-13 16:56:08 -05:00
gwillcox-r7 c151b93ba4 Fix up clarity and spelling issues in module and documentation 2020-04-13 16:28:39 -05:00
Mehmet İnce b7a1fbdde2 Fixed documentation and login method 2020-04-13 18:55:56 +03:00
William Vu 51f4383ffb Explain CVEs and "fix" CMDSTAGER::FLAVOR 2020-04-13 10:37:19 -05:00
Spencer McIntyre a87eb8a153 Uncomment CVE references 2020-04-13 10:25:38 -04:00
Mehmet İnce 706a395bc0 Fixed 2nd round of suggested changes 2020-04-13 11:22:02 +03:00
William Vu 0c3080c318 Add ThinkPHP Multiple PHP Injection RCEs 2020-04-13 02:21:01 -05:00
Mehmet İnce d906c3dc77 Fixed reviews suggestions 2020-04-11 14:38:19 +03:00
Mehmet İnce eb7d2f821d Adding CVE number 
Signed-off-by: Mehmet İnce <mehmet@mehmetince.net>
 2020-04-11 12:22:17 +03:00
Mehmet İnce 5d04c2b4a5 Adding documentation and module description 
Signed-off-by: Mehmet İnce <mehmet@mehmetince.net>
 2020-04-11 12:22:17 +03:00