adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
69,996 Commits 27 Branches 1,043 Tags
e2e8568860e381fc09e1ecedd5ddfc6fdfa3ce99
Commit Graph

4200 Commits

Author SHA1 Message Date
space-r7 67ac2dc584 Land #17771, add monitorr file upload rce 2023-03-22 13:00:38 -05:00
space-r7 3fe0801d92 use target_uri.path in requests 2023-03-22 12:50:11 -05:00
h00die-gr3y e3df74ee5b Updates addressing review points of space-r7 2023-03-20 21:04:58 +00:00
H00die.Gr3y 871a251c94 Apply suggestions from code review 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2023-03-20 21:44:11 +01:00
h00die-gr3y 5903addbd6 Updates adressing majority of review points 2023-03-19 15:13:09 +00:00
Christophe De La Fuente 0df12fd694 Land #17754, Open web analytics 1.7.3 remote code execution 2023-03-17 10:15:33 +01:00
H00die.Gr3y 04e0fc70bf Apply suggestions from code review 
Co-authored-by: dwelch-r7 <Dean_Welch@rapid7.com>
 2023-03-16 19:25:03 +01:00
Pflegusch 3baa894840 Add DefangedMode to warn the user 2023-03-16 18:07:28 +01:00
Christophe De La Fuente daadb4f523 Land #17775 - Add exploit for Bitbucket env var RCE (CVE-2022-43781) 2023-03-16 11:01:07 +01:00
Pflegusch 027793cce6 Remove unused variable res in check_connection 2023-03-15 19:00:26 +01:00
Pflegusch ac72c12734 Set timeout of 1s to make session available much quicker 2023-03-15 18:59:22 +01:00
Pflegusch d06e2d9e3d Remove nvd url 2023-03-15 18:56:23 +01:00
space-r7 22c05105d3 address review comments 
reduces some code duplication, sets privileged to true,
and modifies documentation to reflect lhost / rhost opts
 2023-03-15 11:18:03 -05:00
Pflegusch ee0334dd40 since file got deleted, one can not trigger the payload anymore by opening the php url 2023-03-15 01:05:10 +01:00
space-r7 fddcae3d93 don't always create repo 2023-03-14 19:03:58 -05:00
Pflegusch 0cbebc8a4c Remove malicious .php file at the end of the exploit 2023-03-15 01:03:20 +01:00
Pflegusch 103def70e4 More detailed error message for failed regex match 2023-03-15 00:07:20 +01:00
Pflegusch d72d47e502 Update Failure Codes and check for nil in the helper functions 2023-03-14 23:59:57 +01:00
Pflegusch 897aaf9572 Use Failure::UnexpectedReply when password cant be changed 2023-03-14 23:41:48 +01:00
Pflegusch 2310b0d942 Use Failure::NotFound when no valid cache file is found 2023-03-14 23:40:29 +01:00
Pflegusch 86f4a16cff Check if cache_request is not nil 2023-03-14 23:38:57 +01:00
Pflegusch e160e51711 Fix typos, update docs with advanced option SearchLimit, implement SearchLimit into module 2023-03-14 23:29:55 +01:00
Pflegusch 887551bf2c Use UnexptectedReply instead of Unknown 2023-03-14 22:29:38 +01:00
Pflegusch 8db10af8c0 check if res is not nil in addition to res.code 2023-03-14 22:28:52 +01:00
Pflegusch dff139d6d7 remove fail_with in check_connection as suggested 2023-03-14 22:24:08 +01:00
Pflegusch 2ce3aeed2b Add CONFIG_CHANGES to the side effects 2023-03-14 22:16:10 +01:00
Pflegusch c0ee250b6b Add some more URL references 2023-03-14 22:14:16 +01:00
Pflegusch cfaad7fb84 prepend AutoCheck 2023-03-14 22:10:44 +01:00
Pflegusch 9e64f02742 Use default values in option declaration instead of DefaultOptions 2023-03-14 22:08:05 +01:00
Pflegusch ac6e94770e use Failure::Unreachable and use unless instead of if/else 2023-03-14 22:03:31 +01:00
Pflegusch 311314984f Remove base64 requirement 2023-03-14 21:47:29 +01:00
Pflegusch cc4e455530 Remove directory datastore option and make username and password required 2023-03-14 21:46:45 +01:00
space-r7 1eeaff255e make username / password opts required 2023-03-13 16:45:48 -05:00
space-r7 4bb843fe70 add documentation, adjust method of getting ids 2023-03-13 15:31:41 -05:00
space-r7 4eef052fcd add usage of linux cmdstager, cleanup, description 2023-03-13 13:24:15 -05:00
h00die-gr3y 07d7248de8 initial module commit 2023-03-13 13:32:14 +00:00
Pflegusch 94e9504727 Use metasploit payload instead of hardcoded one 2023-03-11 14:47:32 +01:00
Pflegusch 3f7f28dd4f make use of full_uri and change regex 2023-03-11 14:25:04 +01:00
space-r7 2fbc80a44f add base cmdstager support for windows target 2023-03-09 16:24:12 -06:00
Pflegusch 38511f4d89 Rename establish_connection function 2023-03-09 17:06:07 +01:00
Pflegusch e66fd8f5ae Use rand_text_alphanumeric function 2023-03-09 17:03:48 +01:00
Pflegusch 69839d1924 Remove get_proxy_protocol function 2023-03-09 17:02:10 +01:00
Pflegusch 614f4b6d89 Make installation path of owa configurable 2023-03-09 16:32:28 +01:00
h00die-gr3y fc711131a2 added MIME, added break in mixin and added link with installation instructions 2023-03-09 09:28:46 -06:00
Grant Willcox deafceed00 Update documentation, library, and Gemspec from review 2023-03-09 09:28:27 -06:00
h00die-gr3y d3f84af790 Included mixin for PHP code injection at PNGs 2023-03-09 09:28:14 -06:00
h00die-gr3y dc8ebb722a Added support for native PHP payloads and reengineered webshells 2023-03-09 09:28:03 -06:00
Pflegusch 2de53712bd Use Rex::Version for version comparison 2023-03-09 15:59:42 +01:00
Pflegusch 94ceeb075a Redirect is not necessary - replace with simple send_request_cgi request 2023-03-09 15:41:15 +01:00
Pflegusch ee95eb2883 fix typo: establish_connection 2023-03-09 15:09:32 +01:00