adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,838 Commits 27 Branches 1,043 Tags
baae9db092a4eaa4e6f3df65d22eded18d5fd20c
Commit Graph

2023 Commits

Author SHA1 Message Date
William Vu a73a542399 Add a comment to appease the @gwillcox-r7 god 2020-04-14 23:10:28 -05:00
William Vu c02f74637f Update print and comments 2020-04-14 23:06:38 -05:00
William Vu 0dedf9225e s/for/of/ 2020-04-14 22:56:09 -05:00
William Vu c95823d71d Comment convenience method 2020-04-14 22:07:13 -05:00
William Vu 8f4aa7b761 Comment more comments 2020-04-14 22:04:25 -05:00
William Vu 99c5912cc7 Comment another comment and move stuff around 2020-04-14 21:59:43 -05:00
William Vu b9382230f6 Comment my comments to myself 2020-04-14 21:41:51 -05:00
William Vu c9c3f87203 Note tested version in module 2020-04-14 14:01:59 -05:00
William Vu 5fbaf87c96 Move ClassLoader to HTTP::ClassLoader 
Also note the SSL workaround.
 2020-04-14 14:01:18 -05:00
William Vu 9b59a8e194 Be more verbose and validate classloader server 2020-04-14 14:01:18 -05:00
William Vu 06f54765c3 Remove res.code == 200 check again 
It really isn't necessary when we're looking for just the header.
 2020-04-14 14:01:18 -05:00
William Vu 6f77f27ed5 Move deregister_options from module to mixin 
Whoops, forgot this.
 2020-04-14 14:01:18 -05:00
William Vu c21bb7e9dd Bump a CheckCode to Detected 
We get the Liferay-Portal header.
 2020-04-14 14:01:18 -05:00
William Vu 69e1714d9a Don't be lazy anymore and pack lengths as shorts 2020-04-14 14:01:18 -05:00
William Vu db15baa257 Rename to Msf::Exploit::Remote::Java::ClassLoader 2020-04-14 14:01:18 -05:00
William Vu 673e13d8cb Unzero the lengths I zeroed so it works 2020-04-14 14:01:18 -05:00
William Vu 950a0d57db Fix bad regex in Liferay module, too, duh 2020-04-14 14:01:18 -05:00
William Vu d7cf08d5f3 Convert Java classloading code into a mixin 2020-04-14 14:01:18 -05:00
William Vu d920bb4615 Fix bad regex on length of "Metasploit" string 
It won't match a char because it's a newline. While sticking "m" on the
end of the regex would work, there is zero reason we can't hardcode the
length, since the string is fixed.

irb(main):001:0> "\nhi" =~ /.hi/
=> nil
irb(main):002:0> "\nhi" =~ /.hi/m
=> 0
irb(main):003:0>
 2020-04-14 14:01:17 -05:00
William Vu 83d5a673ac Rename exploit_class to constructor_class 2020-04-14 14:01:17 -05:00
William Vu a98215d27e Relax regex in case of Enterprise Edition (EE) 
I don't know what the regex would be, since I don't have EE.
 2020-04-14 14:01:17 -05:00
William Vu 5e65bb2a6a Document remote classloading files 2020-04-14 14:01:17 -05:00
William Vu 96242a99a1 Document the magic 2020-04-14 14:01:17 -05:00
William Vu d220c1045e Refactor check for precision 2020-04-14 14:01:17 -05:00
William Vu 8297f77d0a Update vuln discoverer to Markus Wulftange 
Wasn't in the original blog post, but it's in the vendor advisory.
 2020-04-14 14:01:17 -05:00
William Vu c475ddac52 Add vendor advisory to references 2020-04-14 14:01:17 -05:00
William Vu 0c8ee27613 Add Liferay Portal Java Unmarshalling RCE 2020-04-14 14:01:17 -05:00
Spencer McIntyre bea42876ee Land #13067, PlaySMS template injection RCE 2020-04-03 10:22:35 -04:00
Spencer McIntyre bd835e8f2d Cleanup more status methods and move the module 2020-04-03 10:21:27 -04:00
bwatters-r7 859eda92bb Land #12759, Apache Solr Remote Code Execution via Velocity Template 
Merge branch 'land-12759' into upstream-master
 2020-04-02 11:23:33 -05:00
ide0x90 861b79bce7 Added new targets and made documentation consistent 2020-03-29 00:33:24 +08:00
h00die 0b4c047411 doc cleanup 2020-03-24 08:47:21 -04:00
Shelby Pace fd8ceb0db2 Land #13082, add Horde Groupware Webmail RCE 2020-03-23 07:32:53 -05:00
Shelby Pace 475c24361d randomize file name 2020-03-23 07:28:04 -05:00
Shelby Pace c6eebe4ca3 replace equality with include? 2020-03-20 21:19:29 -05:00
Andrea Cardaci 40d6dd14c4 Remove the check method 2020-03-18 20:29:49 +01:00
Andrea Cardaci 19e9848592 Remove trailing spaces 2020-03-17 19:06:57 +01:00
Andrea Cardaci bbb152a6d8 Update modules/exploits/multi/http/horde_csv_rce.rb 
Co-Authored-By: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2020-03-17 19:02:34 +01:00
Andrea Cardaci eccee07e8b Update modules/exploits/multi/http/horde_csv_rce.rb 
Co-Authored-By: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2020-03-17 19:02:07 +01:00
Andrea Cardaci a60652898f Update modules/exploits/multi/http/horde_csv_rce.rb 
Co-Authored-By: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2020-03-17 19:01:03 +01:00
Andrea Cardaci a4ff847170 Update modules/exploits/multi/http/horde_csv_rce.rb 
Co-Authored-By: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2020-03-17 18:57:06 +01:00
Andrea Cardaci 126f5ca05d Add 'Horde CSV import arbitrary PHP code execution' (CVE-2020-8518) 2020-03-14 16:07:51 +01:00
debifrank dfe70ca3fc Cisco DCNM Module upload directory location regex filter corrected to allow for paths such as C:\Cisco System\ 2020-03-12 17:08:33 -04:00
Adam Galway 0e163c69ab Land #12975, exploits RCE backdoor in PHPStudy 2020-03-10 11:56:26 +00:00
Spencer McIntyre c75780350e Land #13038, clean up the socket when checking 2020-03-06 13:00:42 -05:00
Christophe De La Fuente e5f2b48274 Ensure client is disconnected when leaving the check method 2020-03-06 17:38:37 +01:00
Spencer McIntyre eb90bee4a7 Land #12863, add exploit for PHP-FPM Underflow RCE 2020-03-05 11:43:43 -05:00
Christophe De La Fuente 8d6468e725 Fix comments 2020-03-05 13:28:28 +01:00
airevan 630add538f set default index.php 2020-03-05 10:24:22 +08:00
airevan 5a58fbb0e5 Remove space 2020-02-23 14:45:53 +08:00