adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
53,199 Commits 27 Branches 1,043 Tags
e21b25b20f2fe7796a97502bc38ba767c34c8102
Commit Graph

993 Commits

Author SHA1 Message Date
William Vu 32334c2386 Update all module splats from http:// to https:// 2019-08-15 18:10:44 -05:00
Adam Cammack cf9b94a964 Set needs_cleanup flag for exploits that need it 
The `needs_cleanup` flag needs to be set per-module when an exploit
needs an interactive session to clean up. Some `FileDropper` exploits
need additional cleanup to what the mixin provides, but since all
`FileDropper`s already mark themselves as needing cleanup those are not
covered here. A few of these could potentially be refactored to use the
original exploitation method to clean up or to compile the list of
files/commands to clean up ahead of time, but that is out of the scope
of this fix.
 2019-08-02 10:23:53 -05:00
Adam Cammack 5e64f8560a Fix whitespace 2019-08-02 10:23:41 -05:00
Jacob Robles bbf0cb4d9d Land #11653, Apache Tika CVE-2018-1335 RCE 2019-08-01 17:43:57 -05:00
h00die 060183c034 tika 1.15-1.17 2019-07-30 16:55:06 -04:00
h00die f053768801 restrict tika versions 2019-07-30 07:32:30 -04:00
Jacob Robles efc61a4934 Use cmdstager 2019-06-26 10:15:25 -05:00
Jacob Robles 7c3e566a23 Update check 
Handle nil error code and fix version extraction based
on both of the possible Apache Tika return pages.
 2019-06-26 10:15:25 -05:00
Wei Chen 2fb129ad41 Allow check in exploit to be optional 2019-06-25 17:13:55 -05:00
Wei Chen 16cfd3f4ac Fix typos 2019-06-18 15:49:40 -05:00
Wei Chen 585a4340b2 Add exploit for CVE-2019-0232: Apache Tomcat CGIServlet RCE 2019-06-18 15:28:11 -05:00
Wei Chen fcd360891f Check #attributes for nil, and make sure target is oats console 2019-05-24 10:06:47 -05:00
Wei Chen 388a391b9a Update oats_weblogic_console and its doc 2019-05-22 15:14:17 -05:00
Wei Chen 6cd943e0ce Sometimes attributes could be nil if hitting an unexpected page 2019-05-20 10:48:29 -05:00
Wei Chen 5a46fdf535 Find frsc value from hidden input instead of using rkelly (js) 2019-05-18 19:25:44 -05:00
Wei Chen 592b8302ab Make sure to calls super for setup, also update doc for output 2019-05-18 18:08:25 -05:00
Wei Chen c2567f2ee3 Fix bug on cleanup ready status & more verbose 2019-05-18 17:50:29 -05:00
Wei Chen 40d4b3dfd3 Add doc and update the module title 2019-05-16 16:31:25 -05:00
Wei Chen 39b8dce342 Update the description 2019-05-16 16:25:23 -05:00
Wei Chen 27554cf19a Add the completed version of oats_weblogic_console.rb 2019-05-16 16:24:31 -05:00
Wei Chen 03dbb2fc2c Work in progress for oats_weblogic_console 2019-05-10 13:27:08 -05:00
William Vu 496f270b30 Update use_single_quotes to wrap_double_quotes 2019-03-29 18:14:56 -05:00
h00die ff5b790028 apache tika exploit msftidy 2019-03-28 22:07:01 -04:00
h00die dc33998374 apache tika exploit 2019-03-28 22:05:05 -04:00
William Vu b7bc52d20b Fix HTTP/SMB mixin order to restore SSL option 
Mixin order matters. Mixins kinda suck.
 2019-01-29 11:09:34 -06:00
Wei Chen 27d6fffdad Land #11125, Import/generate ysoserial Java serialization objects 2019-01-15 17:09:56 -06:00
William Vu e9a8d5708a Land #11234, @bcoles revisionism 2019-01-11 20:15:34 -06:00
Brendan Coles 24f807490f revisionism 2019-01-10 19:19:14 +00:00
Jacob Robles 0c984fa232 Fix messages /successfuly/successfully 2019-01-09 06:32:22 -06:00
asoto-r7 60f3cfbb79 ysoserial: Cleaned up ysoserial payload in hp_imc_java_deserialize 2018-12-18 15:17:51 -06:00
asoto-r7 cd2dbf0edf ysoserial: Modified hp_imc_java_deserialize to use the library 2018-12-14 16:13:17 -06:00
asoto-r7 0f82b207c4 hp_imc_java_deserialize: Repro steps for JSONSS ysoserial payload sections 2018-12-03 17:03:04 -06:00
asoto-r7 3f930ff141 hp_imc_java_deserialize: Default WfsDelay to 10 seconds to increase reliability 2018-12-03 16:36:37 -06:00
Carsten Maartmann-Moe cbdcd367ee Minor print out mod 2018-11-16 20:31:34 +01:00
Brendan Coles 6f094799b6 Update modules/exploits/windows/http/hp_imc_java_deserialize.rb 
Print payload length

Co-Authored-By: carmaa <carsten@carmaa.com>
 2018-11-16 20:20:52 +01:00
Brendan Coles 709befea5c Update modules/exploits/windows/http/hp_imc_java_deserialize.rb 
Fixed if/else block return

Co-Authored-By: carmaa <carsten@carmaa.com>
 2018-11-16 20:19:23 +01:00
Carsten Maartmann-Moe 680393d4d6 Refined check method to actually verify vulnerability 2018-11-15 22:31:31 +01:00
Carsten Maartmann-Moe 541283a4dd Tidied up set_payload 2018-11-12 20:45:49 +01:00
Brendan Coles 0bdab320f7 Remove useless variable declaration 
Co-Authored-By: carmaa <carsten@carmaa.com>
 2018-11-12 12:04:22 +01:00
Carsten Maartmann-Moe e06af184c8 Tidy check method 2018-11-11 22:53:13 +01:00
Carsten Maartmann-Moe 8894af58de serialized, not deserialized... 2018-11-11 22:47:57 +01:00
Carsten Maartmann-Moe 1e8fbc3a1b Fixed indentation and added a status message printout when exploiting 2018-11-11 22:37:42 +01:00
Carsten Maartmann-Moe cf5ca78350 Added YSOSerial payload generating string 2018-11-11 22:15:30 +01:00
Brendan Coles 3770f121fe Changing result parsing style 
Co-Authored-By: carmaa <carsten@carmaa.com>
 2018-11-11 08:07:37 +01:00
Brendan Coles 951d3e1117 Changing result parsing style 
Co-Authored-By: carmaa <carsten@carmaa.com>
 2018-11-11 08:07:32 +01:00
Brendan Coles 446eec00b3 Remove disconnect 
Co-Authored-By: carmaa <carsten@carmaa.com>
 2018-11-11 08:04:43 +01:00
Brendan Coles 189c203e3d Remove handler 
Co-Authored-By: carmaa <carsten@carmaa.com>
 2018-11-11 08:04:34 +01:00
Brendan Coles e5df5494d9 Remove connect 
Co-Authored-By: carmaa <carsten@carmaa.com>
 2018-11-11 08:04:22 +01:00
Carsten Maartmann-Moe 5a978dca2e Removed architecture to make payload selection work 2018-11-10 23:00:54 +01:00
Carsten Maartmann-Moe cbaacf696a Add exploit module for CVE-2017-12557 
HP Intelligent Management Java Deserialization RCE (Windows)
 2018-11-10 22:36:43 +01:00