adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,317 Commits 27 Branches 1,043 Tags
ed5dd4dd20d22decbef21937f91ef121bb6f93fb
Commit Graph

3287 Commits

Author SHA1 Message Date
Spencer McIntyre 71f2e4c26c Land #13035, update PHP web_delivery to SSL context 
Update the PHP command from web_delivery to ignore invalid SSL
certificates which is required for newer versions of PHP when a
self-signed certificate is used.
 2020-03-12 16:35:12 -04:00
Adam Galway 0e163c69ab Land #12975, exploits RCE backdoor in PHPStudy 2020-03-10 11:56:26 +00:00
Spencer McIntyre c75780350e Land #13038, clean up the socket when checking 2020-03-06 13:00:42 -05:00
Christophe De La Fuente e5f2b48274 Ensure client is disconnected when leaving the check method 2020-03-06 17:38:37 +01:00
Tim W 63f2da278d fix #7366, ignore the ssl cert on PHP web_delivery 2020-03-06 12:32:57 +08:00
William Vu 9840951f0d Land #12574, Chrome CVE-2019-5825 exploit 2020-03-05 13:44:40 -06:00
William Vu 87b8182131 Land #12384, Chrome CVE-2018-17463 exploit 2020-03-05 13:44:27 -06:00
Spencer McIntyre eb90bee4a7 Land #12863, add exploit for PHP-FPM Underflow RCE 2020-03-05 11:43:43 -05:00
Christophe De La Fuente 8d6468e725 Fix comments 2020-03-05 13:28:28 +01:00
airevan 630add538f set default index.php 2020-03-05 10:24:22 +08:00
Tim W 9f55e4163f add documentation 2020-03-04 21:31:14 +08:00
Tim W 7f6f7fea3e add osx as a target 2020-03-04 13:37:19 +08:00
Tim 9f56867f6c Apply suggestions from code review 
Co-Authored-By: adamgalway-r7 <54621924+adamgalway-r7@users.noreply.github.com>
 2020-03-04 11:55:33 +07:00
Tim W 196c354ede chrome 80 jscreate rce 2020-02-29 18:41:04 +08:00
airevan 5a58fbb0e5 Remove space 2020-02-23 14:45:53 +08:00
airevan d102f3e48f Remove space 2020-02-23 13:03:13 +08:00
airevan adaa9e239a Add phpstudy backdoor exploit module 2020-02-23 10:23:32 +08:00
airevan bb7ed355f0 Add phpstudy backdoor exploit module 2020-02-22 22:55:45 +08:00
airevan 6a07160bd5 Add phpstudy backdoor exploit module 2020-02-22 19:53:06 +08:00
William Vu 7dc1315dac Update logic for ForceExploit in my modules 
This lets the user opt out of running check completely.
 2020-02-19 01:06:50 -06:00
Tim W aa1fdb2075 Land #12724, server AMSI and SBL separately from psh stager in web_delivery 2020-02-19 09:33:25 +08:00
Brent Cook 8489bcdfd9 This fixes broken links to the community.rapid7.com blog 
Performed mechanically with sed, spot-checked that the new blog can consume these links.
 2020-02-18 09:06:11 -06:00
Christophe De La Fuente 1b54d27301 Update code #2 
- Make error message more descriptive
- Use `Rex.sleep` in stead of `sleep`
- Update `detect_qsl` logic
- Change the first `Exploit::CheckCode` to `Unknown` for the `Check` method
 2020-02-17 19:04:32 +01:00
Christophe De La Fuente 828d974db5 Update code and documentation 
- Add `OperationMaxRetries` option documentation
- Add default value to `TARGETURI` and update the documentation
- Remove `PosOffset` advanced option and hardcode the value
- Update `Description`
- Move URI encoding logic to `send_crafted_request`
- Refactor `send_crafted_request` to handle the HTTP parameter and final & (%26)
 2020-02-17 18:25:10 +01:00
Christophe De La Fuente 0e9c637364 Randomize filename and HTTP parameter 2020-02-17 15:58:21 +01:00
Christophe De La Fuente 226f4b0a53 Line wrap to 80 columns and small fix 
- Line wrap documentation to 80 columns
- Line wrap `Description` field to 80 columns
- Remove unnecessary unless statement
 2020-02-17 13:06:32 +01:00
Tim W f630990b3b use random amsi resource url 2020-02-17 10:07:18 +08:00
Tim W 3a89bef6c4 improve description 2020-02-15 10:37:15 +08:00
Christophe De La Fuente 351c0d1651 Small improvements 2020-02-14 17:16:27 -06:00
Tim W d95391b7f4 minor refactor 2020-02-15 06:10:52 +08:00
Tim W 55d5e55c5e use simpler wasm code 2020-02-15 06:10:52 +08:00
Tim W 4b92403bba fix? 2020-02-15 06:10:52 +08:00
Tim W 5420007dff add support for osx and windows using wasm rwx region 2020-02-15 06:10:52 +08:00
Tim W f6343f35aa attempt to speed up pop_r9 gadget search 2020-02-15 06:10:52 +08:00
Tim W bb4007747b fix 2020-02-15 06:10:52 +08:00
Tim W 35dac6ea5f no offsets 2020-02-15 06:10:52 +08:00
Tim W 59ed3e5948 dynamic offsets 2020-02-15 06:10:52 +08:00
Tim W 2efc381115 strcmp 2020-02-15 06:10:52 +08:00
Tim W 6fa086a0ab add debugging option 2020-02-15 06:10:52 +08:00
Tim W bbbb9565a4 fix win7 2020-02-15 06:10:52 +08:00
Tim W d644f2d9c7 chrome 69.0.3497.100 --no-sandbox calc.exe 2020-02-15 06:10:52 +08:00
Tim W d6c3e4ad56 fix wasm finder to match pr description 2020-02-15 01:09:27 +08:00
Tim W 94287c94ff fix discovery and references 2020-02-15 00:39:48 +08:00
Christophe De La Fuente dab4291016 Update header name 2020-01-23 18:50:10 +01:00
Christophe De La Fuente daaa8cf857 Add PHP-FPM Underflow RCE module 2020-01-20 20:07:34 +01:00
Dave York 7b14442ab0 replace strings with bools 2020-01-14 20:47:27 -05:00
Francesco Soncina abb95ef465 feat(web_delivery): use disown on linux too 2020-01-09 15:02:04 +01:00
Francesco Soncina 1f191bc73e feat: support osx in web_delivery 2020-01-09 14:59:47 +01:00
Francesco Soncina 542f582fed fix: ignore SSL cert in python web_delivery 2020-01-08 13:22:03 +01:00
Tim W 58bf71d555 simplify amsi resource url 2019-12-17 17:35:29 +08:00