adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
62,239 Commits 27 Branches 1,043 Tags
dfc226cf5f7d5de0e2672c34ea923403dc79c708
Commit Graph

3774 Commits

Author SHA1 Message Date
adfoster-r7 c86f52a3ec Land #15679, bug fix for tomcat_mgr_upload module not undeploying app after exploit 2021-09-21 03:34:43 +01:00
Spencer McIntyre 4bccc0541f Add a note about exploitable versions 2021-09-16 17:08:23 -04:00
Spencer McIntyre fd0f565095 Add automatic targeting for the CVEs 2021-09-16 15:15:52 -04:00
Spencer McIntyre 9f971e8716 Update the module for CVE-2021-3287 2021-09-16 12:58:30 -04:00
Naveen Sunkavally d1da74d329 bug fix to undeploy app after exploit 2021-09-15 21:54:21 -04:00
Spencer McIntyre fb74888a31 Correct the CVE reference 2021-09-15 08:42:55 -04:00
Spencer McIntyre d82ed7d4a2 Write up the module docs 2021-09-14 09:10:44 -04:00
Spencer McIntyre 3986707895 Add and test the remaining targets 2021-09-14 09:10:44 -04:00
Spencer McIntyre d640866b68 Apply rubocop changes and fix all targets 2021-09-14 09:10:44 -04:00
Spencer McIntyre d4834631c3 Add the generated YSoSerial gadget chain 2021-09-14 09:10:44 -04:00
Spencer McIntyre 02fde3ac51 Initial work on CVE-2021-3287 2021-09-14 09:10:44 -04:00
adfoster-r7 46718e3390 Run Rubocop layout rules on modules 2021-09-10 12:53:39 +01:00
Mike Brown 28e358066b Fixed typo 
Extraneous `.`. Thanks, macOS!
 2021-09-04 14:34:05 -07:00
Mike Brown 2bfc8d35d0 Defined capability flags in comment 
Added descriptive comment for included capability flags.
 2021-09-04 14:32:30 -07:00
Mike Brown 5742e1c20e Add DFLAG_BIG_CREATION to capability flags 
I have been having trouble with this module (and other projects) using the included set of capability flags (0x3499c) on a specific host. I took some time to analyze the problem and it appears to be with the included flag set. In my case (and I suspect others'), the target node was rejecting the client with "not_allowed". After testing I found that simply adding DFLAG_BIG_CREATION (0x40000) allowed this exploit to work, both on the host I was having trouble with, and an older one where this (unmodified) exploit was working. Breakdown of flags is below.

```
0x0007499c == 0b0000 0000 0111 0100 1001 1001 1100
                   |       |||  |   |  | |  | ||-- DFLAG_EXTENDED_REFERENCES
                   |       |||  |   |  | |  | |-- DFLAG_DIST_MONITOR
                   |       |||  |   |  | |  |-- DFLAG_FUN_TAGS
                   |       |||  |   |  | |-- DFLAG_NEW_FUN_TAGS 
                   |       |||  |   |  |-- DFLAG_EXTENDED_PIDS_PORTS 
                   |       |||  |   |-- DFLAG_NEW_FLOATS 
                   |       |||  |-- DFLAG_SMALL_ATOM_TAGS
                   |       |||-- DFLAG__UTF8_ATOMS
                   |       ||-- DFLAG_MAP_TAG 
                   |       |-- **DFLAG_BIG_CREATION**
                   |-- DFLAG_HANDSHAKE_23
```
 2021-09-01 10:45:41 -07:00
adfoster-r7 4a9a15e638 Run Rubocop layout rules on modules 2021-08-27 17:19:43 +01:00
space-r7 c9bdd96c76 remove GIT_HOOK option 
post-checkout is the only hook that will work
with this exploit, so no option is needed. Also update
the documentation to reflect that.
 2021-08-12 10:18:13 -05:00
space-r7 31cbcb7774 add notes to updated modules 2021-08-12 10:18:13 -05:00
space-r7 70f304a548 change modules to use hash in build_commit_object 2021-08-12 10:18:13 -05:00
Shelby Pace d0c0372596 add request / response classes 2021-08-12 10:18:12 -05:00
Shelby Pace a4cc95448f remove namespace 2021-08-12 10:18:12 -05:00
Shelby Pace 0fe761b838 modify options and add documentation 2021-08-12 10:18:12 -05:00
Shelby Pace 98ef499351 add git lfs and smart http changes 2021-08-12 10:18:11 -05:00
Shelby Pace 53187648c1 add module 
also includes packfile obj metadata changes
 2021-08-12 10:18:11 -05:00
Shelby Pace d7161d0b90 add packfile, pkt line, and module code 2021-08-12 10:18:11 -05:00
Shelby Pace d89554e995 add git mixin changes and usage in git exploits 2021-08-12 10:18:11 -05:00
Shelby Pace 3fb225c9c6 add wrapper methods for creating git objects 
use methods in git_submodule_command_exec
 2021-08-12 10:18:11 -05:00
Grant Willcox ade653f0bf Final fixup edits to change the timeout value to be an advanced option and also to use send_req_cgi 2021-08-05 13:10:24 -05:00
Grant Willcox 00cfdc4f17 Use Faker to generate a fake app name, add in option to specify timeout to server, and also fix Alan's remaining review comments 2021-08-05 09:46:34 -05:00
Grant Willcox 0d7d5ab93f Switch over to Rex::MIME::Message to use our built in mixins, and also fix last remaining review comments 2021-08-02 11:17:26 -05:00
Grant Willcox 27f70af1b3 Fix up some of the mistakes wvu pointed out 2021-07-30 15:28:10 -05:00
Grant Willcox 5b3bbf7f36 Fix up tabs formatting issue that was causing RuboCop to complain. Silly RuboCop :) 2021-07-30 12:17:46 -05:00
Grant Willcox 3427571887 Push up working CVE-2019-11580 exploit and associated documentation 2021-07-30 12:07:12 -05:00
Shelby Pace 183caff15c Land #15418, add modern events calendar rce 2021-07-26 09:45:05 -05:00
Shelby Pace 38ae82155e modify info, fix spacing 2021-07-26 09:43:34 -05:00
Shelby Pace 9e95eb7be1 Land #15408, add Wordpress sp doc file upload 2021-07-23 12:36:29 -05:00
Shelby Pace d207f994c0 modify doc description 
randomize form data, formatting
 2021-07-23 12:33:41 -05:00
Hakyac 0f8e256d52 Update modules/exploits/multi/http/wp_plugin_sp_project_document_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-07-23 10:12:57 +02:00
Hakyac 13678f5140 Update modules/exploits/multi/http/wp_plugin_sp_project_document_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-07-23 10:12:51 +02:00
Hakyac 9cdddac5cd Update modules/exploits/multi/http/wp_plugin_sp_project_document_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-07-23 10:11:26 +02:00
Hakyac 877ac006f8 Update modules/exploits/multi/http/wp_plugin_sp_project_document_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-07-23 10:11:21 +02:00
Hakyac 73995ac8d1 Update modules/exploits/multi/http/wp_plugin_modern_events_calendar_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-07-23 10:09:44 +02:00
Hakyac 5e2776411d Update modules/exploits/multi/http/wp_plugin_modern_events_calendar_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-07-23 10:09:25 +02:00
Hakyac 8a3f5affe8 Update modules/exploits/multi/http/wp_plugin_modern_events_calendar_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-07-23 10:09:13 +02:00
Yann Castel a3e5bd527b use of vars_get + delete payload after use 2021-07-21 09:59:05 +02:00
Hakyac 53214e8792 Update modules/exploits/multi/http/wp_plugin_modern_events_calendar_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-07-21 09:41:46 +02:00
Hakyac 09ca7751c0 Update modules/exploits/multi/http/wp_plugin_modern_events_calendar_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-07-21 09:41:38 +02:00
Hakyac 815a6d4d95 Update modules/exploits/multi/http/wp_plugin_modern_events_calendar_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-07-21 09:41:28 +02:00
Yann Castel c169c78f03 use of vars_get 2021-07-21 09:38:36 +02:00
Hakyac 7e3281dfcf Update modules/exploits/multi/http/wp_plugin_sp_project_document_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-07-21 09:08:30 +02:00