adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
46,182 Commits 27 Branches 1,043 Tags
ee2ad8affeff0806c8dab4842e007efe17c6f765
Commit Graph

2566 Commits

Author SHA1 Message Date
Brent Cook 81c78a51c2 Land #9794, Added support for regional dialects 2018-04-05 12:56:07 -05:00
Chris Higgins 1fa40bfe3b Land #8539, ProcessMaker Plugin Upload exploit 2018-04-03 20:52:17 -05:00
Brent Cook 8f7d9f3ac8 rename module 2018-04-03 13:44:55 -05:00
Brent Cook 19eef59f23 add disclosure date, fix target 2018-04-03 13:39:11 -05:00
Brent Cook cd7831a2a3 An unforgettable luncheon 2018-04-03 13:39:11 -05:00
Brendan Coles dfb3a421fe Remove require statement 2018-04-03 12:56:06 +00:00
Brendan Coles d860d7af5b require 'rex/tar' 2018-04-03 06:34:30 +00:00
William Vu c19fc4c18f Land #9423, PSH for jenkins_xstream_deserialize 2018-03-26 17:09:16 -05:00
h00die 0028e2c5ba documentation update 2018-03-24 19:25:59 -04:00
Brendan Coles ac9f506b45 Update tested versions 2018-03-20 02:49:56 +00:00
Touhid M Shaikh ea3378753b syntax error fixed on 70 line 
improve check payload was uploaded or not condition using AND condition on line 121
 2018-03-13 14:15:03 +05:30
Touhid M Shaikh 5e30982184 check fucktion and some words fixed 
all changes done which is bcoles suggested
 2018-03-12 21:03:34 +05:30
Touhid M Shaikh 9b0ba4a6fa clipbucket_fileupload_exec 2018-03-12 14:17:13 +05:30
Jacob Robles 86dd382e6a Land #9554, Eclipse Equinoxe OSGi console RCE 2018-03-07 08:41:31 -06:00
Sonny Gonzalez 883654f0ea Land #9653, fix Y2k38 issue (until Jan 1, 2038) 2018-03-01 09:13:41 -06:00
Brent Cook 27bd2a4a9f workaround Y2k38 issues in java certificate generation 2018-03-01 08:41:28 -06:00
Brent Cook 325ad7256e if multi/handler is disabled, exit 2018-02-27 04:30:09 -06:00
attackdebris 2939695991 Add ARCH_CMD and general fixup 2018-02-26 16:59:36 -05:00
Brendan Coles f98b4b0540 require 'rubygems/package' 2018-02-22 04:28:56 +00:00
Quentin Kaiser 9e3f12665e Plaintext for console type to see what's going on. 2018-02-17 20:11:05 +01:00
Quentin Kaiser e877151895 Attempt at clarifying network exchange using Telnet class IAC related constants. 2018-02-17 14:00:57 +01:00
Quentin Kaiser e86169c217 Clean up Telnet IAC negotation and xplain obscure hex bytes. 2018-02-15 23:08:17 +01:00
Quentin Kaiser 5fbeb74f0c Remove osx platform and fix date. 2018-02-13 23:57:53 +01:00
Quentin Kaiser 0259e794ba OSGi console remote command execution. 2018-02-13 23:38:18 +01:00
Brendan Coles 1177efef89 Update tested versions 2018-02-10 16:32:20 +00:00
Brendan Coles 41dbae29a6 Add MagniComp SysInfo mcsiwrapper Privilege Escalation exploit 2018-02-05 13:47:09 +00:00
bwatters-r7 8be2b1f59e Land # 9407, Add BMC Server Automation RSCD Agent RCE exploit module 
Merge branch 'land-9407' into upstream-master
 2018-01-31 13:35:29 -06:00
Aaron Soto c390696ddf Land #9379, Oracle Weblogic RCE exploit and documentation 2018-01-25 21:47:18 -06:00
Brent Cook d1569f8280 Land #9413, Expand the number of class names searched when checking for an exploitable JMX server 2018-01-22 16:49:01 -06:00
Brent Cook 682c915a09 Land #9267, Add targets to sshexec 2018-01-22 09:59:48 -06:00
Kevin Kirsche c7d3b5dfbb Update payload and disable check functionality 
The check functionality is broken as MSF cannot handle HttpServer and HttpClient at this time.

The payloads were updated to ensure CVE-2017-10271 is being exploited instead of CVE-2017-3506 as explained on https://blog.nsfocusglobal.com/threats/vulnerability-analysis/technical-analysis-and-solution-of-weblogic-server-wls-component-vulnerability/
 2018-01-18 13:26:44 -05:00
bwatters-r7 4c11eae774 Maybe that timeout is needed..... 2018-01-17 13:21:36 -06:00
Philippe Tranca 35bec8d3cd Fixed classes names and added RMI interfaces 2018-01-17 17:10:36 +01:00
Philippe Tranca d345008b20 Added all the classes that implement RMI server 2018-01-17 17:03:32 +01:00
bwatters-r7 f439edfa1a Fixes by the fabled wvu 2018-01-17 08:20:52 -06:00
attackdebris 1c156c3d3c Add powershell payload to module 2018-01-16 14:30:02 +00:00
Philippe Tranca dfb9941e95 Fix java_jmx_server exploit 
Add test case when discovering RMI endpoint as the previous one was not complete
 2018-01-15 12:13:09 +01:00
Nicky Bloor 333ee893d3 Tidied up platform detection, check method, and minor typos. 2018-01-14 18:28:40 +00:00
Nicky Bloor 6568d29b67 Add BMC Server Automation RSCD Agent RCE exploit module. 2018-01-14 01:12:55 +00:00
Kevin Kirsche 04e4ff6b3c Use stop_service to avoid cleanup overload 2018-01-11 19:14:26 -05:00
Kevin Kirsche 40f54df129 Feedback updates 2018-01-11 18:54:58 -05:00
Kevin Kirsche 172ffdfea1 Use geturi instead of building it ourselves 2018-01-11 18:27:56 -05:00
Kevin Kirsche d4056e72da Lower the default timeout for CHECK 2018-01-11 17:38:30 -05:00
Kevin Kirsche 3617a30e34 Add URIPATH random URI 2018-01-11 17:33:14 -05:00
Kevin Kirsche a28d4a4b5b Add check and update for some style considerations 2018-01-11 17:28:09 -05:00
Kevin Kirsche 0d9a40d2e5 Use target['Platform'] instead of target_platform 2018-01-11 15:44:07 -05:00
Kevin Kirsche c490d642e2 Was missing a comma 2018-01-11 09:42:24 -05:00
Kevin Kirsche 3132566d8f Fix OptFloat error 2018-01-11 09:22:16 -05:00
Kevin Kirsche c05b440f26 Fix additional feedback 
This
* uses ternary operators
* uses an `RPORT` option shortcut
* removes the `xml_payload` variable and instead more explicitly uses the method directly
* Uses `OptFloat` for the timeout option to allow partial seconds
 2018-01-11 08:17:13 -05:00
Kevin Kirsche ab89e552ed Remove accidental trailing space 2018-01-08 14:42:03 -05:00