adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
50,629 Commits 27 Branches 1,043 Tags
c48a6ddbdfc02bf92b8d4e247dbe89bdfba4e821
Commit Graph

969 Commits

Author SHA1 Message Date
William Vu b7bc52d20b Fix HTTP/SMB mixin order to restore SSL option 
Mixin order matters. Mixins kinda suck.
 2019-01-29 11:09:34 -06:00
Wei Chen 27d6fffdad Land #11125, Import/generate ysoserial Java serialization objects 2019-01-15 17:09:56 -06:00
William Vu e9a8d5708a Land #11234, @bcoles revisionism 2019-01-11 20:15:34 -06:00
Brendan Coles 24f807490f revisionism 2019-01-10 19:19:14 +00:00
Jacob Robles 0c984fa232 Fix messages /successfuly/successfully 2019-01-09 06:32:22 -06:00
asoto-r7 60f3cfbb79 ysoserial: Cleaned up ysoserial payload in hp_imc_java_deserialize 2018-12-18 15:17:51 -06:00
asoto-r7 cd2dbf0edf ysoserial: Modified hp_imc_java_deserialize to use the library 2018-12-14 16:13:17 -06:00
asoto-r7 0f82b207c4 hp_imc_java_deserialize: Repro steps for JSONSS ysoserial payload sections 2018-12-03 17:03:04 -06:00
asoto-r7 3f930ff141 hp_imc_java_deserialize: Default WfsDelay to 10 seconds to increase reliability 2018-12-03 16:36:37 -06:00
Carsten Maartmann-Moe cbdcd367ee Minor print out mod 2018-11-16 20:31:34 +01:00
Brendan Coles 6f094799b6 Update modules/exploits/windows/http/hp_imc_java_deserialize.rb 
Print payload length

Co-Authored-By: carmaa <carsten@carmaa.com>
 2018-11-16 20:20:52 +01:00
Brendan Coles 709befea5c Update modules/exploits/windows/http/hp_imc_java_deserialize.rb 
Fixed if/else block return

Co-Authored-By: carmaa <carsten@carmaa.com>
 2018-11-16 20:19:23 +01:00
Carsten Maartmann-Moe 680393d4d6 Refined check method to actually verify vulnerability 2018-11-15 22:31:31 +01:00
Carsten Maartmann-Moe 541283a4dd Tidied up set_payload 2018-11-12 20:45:49 +01:00
Brendan Coles 0bdab320f7 Remove useless variable declaration 
Co-Authored-By: carmaa <carsten@carmaa.com>
 2018-11-12 12:04:22 +01:00
Carsten Maartmann-Moe e06af184c8 Tidy check method 2018-11-11 22:53:13 +01:00
Carsten Maartmann-Moe 8894af58de serialized, not deserialized... 2018-11-11 22:47:57 +01:00
Carsten Maartmann-Moe 1e8fbc3a1b Fixed indentation and added a status message printout when exploiting 2018-11-11 22:37:42 +01:00
Carsten Maartmann-Moe cf5ca78350 Added YSOSerial payload generating string 2018-11-11 22:15:30 +01:00
Brendan Coles 3770f121fe Changing result parsing style 
Co-Authored-By: carmaa <carsten@carmaa.com>
 2018-11-11 08:07:37 +01:00
Brendan Coles 951d3e1117 Changing result parsing style 
Co-Authored-By: carmaa <carsten@carmaa.com>
 2018-11-11 08:07:32 +01:00
Brendan Coles 446eec00b3 Remove disconnect 
Co-Authored-By: carmaa <carsten@carmaa.com>
 2018-11-11 08:04:43 +01:00
Brendan Coles 189c203e3d Remove handler 
Co-Authored-By: carmaa <carsten@carmaa.com>
 2018-11-11 08:04:34 +01:00
Brendan Coles e5df5494d9 Remove connect 
Co-Authored-By: carmaa <carsten@carmaa.com>
 2018-11-11 08:04:22 +01:00
Carsten Maartmann-Moe 5a978dca2e Removed architecture to make payload selection work 2018-11-10 23:00:54 +01:00
Carsten Maartmann-Moe cbaacf696a Add exploit module for CVE-2017-12557 
HP Intelligent Management Java Deserialization RCE (Windows)
 2018-11-10 22:36:43 +01:00
William Vu 4c036e70c1 Fix http://seclists.org links to https:// 
I have no idea how this happened in my own code. I was seeing https://.
 2018-09-15 18:54:45 -05:00
Wei Chen ad0291e552 Update false negatives 2018-08-20 18:08:19 -05:00
Wei Chen 01ad152067 Update false negatives on post auth information 2018-08-20 16:05:58 -05:00
Brendan Coles a020d48caf Move module documentation to documentation directory 2018-07-13 04:46:25 +00:00
asoto-r7 1a3a4ef5e4 Revised 88 aux and exploit modules to add CVEs / references 2018-07-12 17:34:52 -05:00
Brendan Coles 904de2dd09 Land #10238, Add ManageEngine Exchange Reporter Plus RCE exploit 2018-07-12 16:07:32 +00:00
Kacper Szurek 486225c2a8 Code review changes 
Use target_uri, split url inside normalize function, replace print with vprint, return CheckCode::Appears
 2018-07-12 14:27:28 +02:00
Jacob Robles 4f039de2fc Fix CVE numbers 2018-07-09 13:22:08 -05:00
Wei Chen 5fc5a47cd2 Update CVE references for exploit modules 
These are based on cross references by EDB, OSVDB, module short
name, blog post and BID.
 2018-07-08 18:46:04 -05:00
Kacper Szurek 2196640de4 Add manageengine_adshacluster_rce 
Manage Engine Exchange Reporter Plus <= 5310 Unauthenticated RCE
 2018-07-02 19:11:08 +02:00
Wei Chen 94fd599756 Land #9684, Adding ManageEngine Application Manager RCE 
Land #9684
 2018-03-27 15:17:20 -05:00
Mehmet İnce 53eabfc1df Update documentation and add check before exploit 2018-03-19 23:27:18 +03:00
Mehmet İnce b55a750fa9 Fix typo and couple tiny nitpicks 2018-03-14 11:51:21 +03:00
Mehmet İnce 889c914b3d Updating documentation and minor code changes 2018-03-13 12:05:27 +03:00
Mehmet İnce ec10a82c56 Make the rubocop happy 2018-03-13 09:44:13 +03:00
Mehmet İnce 2fd9b0b77b Fixing rubocop errors 2018-03-13 01:40:01 +03:00
Jacob Robles 2735ae57cb Documentation accuracy 2018-03-09 07:31:55 -06:00
Mehmet İnce 4b483e079b Adding assigned CVE number 2018-03-09 12:25:19 +03:00
Jacob Robles 24079c345d Style guide and grammar fixes 2018-03-08 07:30:02 -06:00
Mehmet İnce 611b208267 Adding ManageEngine Application Manager RCE 2018-03-07 23:54:01 +03:00
Jacob Robles 9ce6c2ae32 Remove redundant RPORT 2018-03-07 14:31:58 -06:00
Jacob Robles 4ace73a3f9 Added references, fixed code 2018-03-05 22:00:28 -06:00
Jacob Robles 57118e1265 msftidy fix 2018-03-05 13:37:32 -06:00
Jacob Robles a4f48eb80f Add GitStack v2.3.10 RCE 2018-03-05 13:25:41 -06:00