adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,933 Commits 27 Branches 1,043 Tags
e1f1ad45bcbe34ba01f6a8dde2da275abaedc63a
Commit Graph

28459 Commits

Author SHA1 Message Date
h00die e1f1ad45bc working exploit 2020-04-19 15:19:19 -04:00
h00die 58074dc6bb waiting on metasm question 2020-04-18 20:26:45 -04:00
William Vu a58200641f Add extra indentation as per GitHub discussion 2020-04-17 11:22:51 -05:00
William Vu 7fe0d4ddad Add another blank line 2020-04-17 11:05:01 -05:00
William Vu 4952ec3e5b Fix RuboCop's mistakes in recently landed modules 2020-04-17 10:21:17 -05:00
Alan Foster f2c3fc5f00 Rubocop recently landed modules 2020-04-17 11:55:04 +01:00
gwillcox-r7 d759fbaed3 Land #13259, Miscellaneous fixes for @wvu's modules and documentation 2020-04-16 22:10:10 -05:00
William Vu 966194d2b7 Remove tested admin password from default PASSWORD 2020-04-16 21:45:44 -05:00
bwatters-r7 b5df7e8147 Land #13102, Add UnRAID 6.8.0 Authentication bypass to RCE 
Merge branch 'land-13102' into upstream-master
 2020-04-16 17:18:55 -05:00
bwatters-r7 f0f403b48e Automated Rubocop fixes 2020-04-16 17:17:02 -05:00
bwatters-r7 15f4f7ea95 Land #13049, Add fileformat exploit for libnotify plugin 
Merge branch 'land-13049' into upstream-master
 2020-04-16 16:03:14 -05:00
bwatters-r7 a18a5fab68 Rubocop autocorrect and update docs to use ascending numbers 2020-04-16 16:00:56 -05:00
Spencer McIntyre a13580bfd2 Fix the payload size tests for real this time 2020-04-16 15:35:38 -04:00
Spencer McIntyre 286a83afee Add module documentation and fix the payload CachedSize value 2020-04-16 15:00:18 -04:00
Spencer McIntyre 59e31ed3c0 Use the Python mixin to create the exec stub 2020-04-16 13:36:14 -04:00
Spencer McIntyre 50cfb07cff Add the CVE reference and use Rex for base32 encoding 2020-04-16 13:21:10 -04:00
pasta 065e091384 add exploit for libnotify plugin 2020-04-16 12:28:17 -04:00
pasta a83155d5e5 added reverse meterpreter stager cmd python 2020-04-16 12:14:21 -04:00
Shelby Pace 4685af116c Land #13235, add Zen Load Balancer dir traversal 2020-04-16 11:03:59 -05:00
Shelby Pace 1ef1142ca2 add mixin, modify traversal, etc. 2020-04-16 10:52:10 -05:00
Spencer McIntyre 62a000fe32 Land #13193, add updates to the trusted service path LPE 2020-04-16 11:41:02 -04:00
William Vu cd9e5260f7 Note post-auth requirements in Nexus exploit 2020-04-15 20:25:05 -05:00
William Vu 4401e3654f Merge remote-tracking branch 'upstream/master' into bug/misc 
So we can grab the Nexus files from master.
 2020-04-15 20:24:44 -05:00
William Vu 0684966dcb Make better comments for the comment god 2020-04-15 18:24:28 -05:00
William Vu b7501c1f0c Add my standard print for CmdStager 
And comment some methods used by it.
 2020-04-15 18:06:48 -05:00
William Vu 6db312636d Add Nexus Repository Manager Java EL Injection RCE 2020-04-15 15:49:33 -05:00
William Vu 66d5f51e51 Remove Nexus content from this branch 
So the remaining changes can be PR'd separately.
 2020-04-15 15:48:09 -05:00
William Vu 07e77ef815 Update comments, once more with feeling 2020-04-15 15:47:51 -05:00
William Vu 57c13ca8b1 Clarify ThinkPHP exploit's PoC block comments 2020-04-15 15:47:51 -05:00
William Vu e8840563be Comment comments 2020-04-15 15:47:51 -05:00
William Vu 65d338d00e Note tested version in module 2020-04-15 15:47:51 -05:00
William Vu 5a91a1e54f Remove res.code == 200 check again 
It really isn't necessary when we're looking for just the header.
 2020-04-15 15:47:51 -05:00
William Vu 7dd3be507f Add wget CmdStager 2020-04-15 15:47:51 -05:00
William Vu e248e2ed43 Consolidate CmdStager flavors to symbols 
As per the API. Strings are fine, but they're supposed to be symbols.
 2020-04-15 15:47:51 -05:00
William Vu 99336f6bd3 Add ARTIFACTS_ON_DISK, since it uses CmdStager 
Whoops, forgot this when I changed it from ARCH_CMD.
 2020-04-15 15:47:51 -05:00
William Vu 6523dd81c9 Add comment clarifying build number 2020-04-15 15:47:51 -05:00
William Vu 3aa95f98eb Move RPORT back to where I prefer it 
It was next to SSL before because I wanted to indicate the port was SSL.
 2020-04-15 15:47:51 -05:00
William Vu 7cf7211b46 Refactor desktopcentral_deserialization check 2020-04-15 15:47:51 -05:00
William Vu 5cf0f888ee Remove notes-level version information 
Not sure I like this. Don't want people ot copypasta it.
 2020-04-15 15:47:51 -05:00
William Vu 287ce98155 Don't be lazy anymore and pack lengths as shorts 2020-04-15 15:47:51 -05:00
William Vu d9aa80268d Rearrange methods a bit 2020-04-15 15:47:50 -05:00
William Vu 3f8bff2b5a Fix bad regex on length of "Metasploit" string 
It won't match a char because it's a newline. While sticking "m" on the
end of the regex would work, there is zero reason we can't hardcode the
length, since the string is fixed.

irb(main):001:0> "\nhi" =~ /.hi/
=> nil
irb(main):002:0> "\nhi" =~ /.hi/m
=> 0
irb(main):003:0>
 2020-04-15 15:47:50 -05:00
William Vu 4bf2c5edf8 Rename exploit_class to constructor_class 2020-04-15 15:47:50 -05:00
William Vu 6276247bf8 Move Expect mixin to Msf::Exploit::Remote 
I don't think we'll ever see it used beyond remote exploits.
 2020-04-15 15:47:50 -05:00
William Vu 79501472ae Wrap jenkins_metaprogramming Base64 at 80 columns 
I think I chose Rex::Text::DefaultWrap (60 columns) before to offer a
consistent wrap regardless of indentation. Kind of a dumb waste of
space.
 2020-04-15 15:47:50 -05:00
William Vu e6c42448b2 Add res.code check to match prior commit 2020-04-15 15:47:50 -05:00
William Vu 02ba071b84 Punctuate check prints to match CheckCodes 2020-04-15 15:47:50 -05:00
William Vu df992bf94b Note compromised user less specifically 
This is just what was configured in the Docker container.
 2020-04-15 15:47:50 -05:00
William Vu 1fdafc5104 "Correct" Windows platform in ManageEngine exploit 2020-04-15 15:47:50 -05:00
William Vu 80817204c9 Improve jenkins_metaprogramming here docs 
Hat tip @adfoster-r7 for the indirect reminder!
 2020-04-15 15:47:50 -05:00