5bbe934db9
Add QEMU Monitor HMP 'migrate' Command Execution module
2022-02-07 17:48:27 +00:00
28e358066b
Fixed typo
...
Extraneous `.`. Thanks, macOS!
2021-09-04 14:34:05 -07:00
2bfc8d35d0
Defined capability flags in comment
...
Added descriptive comment for included capability flags.
2021-09-04 14:32:30 -07:00
5742e1c20e
Add DFLAG_BIG_CREATION to capability flags
...
I have been having trouble with this module (and other projects) using the included set of capability flags (0x3499c) on a specific host. I took some time to analyze the problem and it appears to be with the included flag set. In my case (and I suspect others'), the target node was rejecting the client with "not_allowed". After testing I found that simply adding DFLAG_BIG_CREATION (0x40000) allowed this exploit to work, both on the host I was having trouble with, and an older one where this (unmodified) exploit was working. Breakdown of flags is below.
```
0x0007499c == 0b0000 0000 0111 0100 1001 1001 1100
| ||| | | | | | ||-- DFLAG_EXTENDED_REFERENCES
| ||| | | | | | |-- DFLAG_DIST_MONITOR
| ||| | | | | |-- DFLAG_FUN_TAGS
| ||| | | | |-- DFLAG_NEW_FUN_TAGS
| ||| | | |-- DFLAG_EXTENDED_PIDS_PORTS
| ||| | |-- DFLAG_NEW_FLOATS
| ||| |-- DFLAG_SMALL_ATOM_TAGS
| |||-- DFLAG__UTF8_ATOMS
| ||-- DFLAG_MAP_TAG
| |-- **DFLAG_BIG_CREATION**
|-- DFLAG_HANDSHAKE_23
```
2021-09-01 10:45:41 -07:00
4a9a15e638
Run Rubocop layout rules on modules
2021-08-27 17:19:43 +01:00
1789c7b070
Adding notes to Nomad Module
2021-06-14 10:39:23 -05:00
359b47a146
AutoCheck + JSON Parsing + WfsDelay
2021-05-19 13:42:59 -05:00
20415172a4
Support additional payload parameters
2021-05-18 09:39:46 -05:00
7427c68057
Add HashiCorp Nomad Job Exploit
2021-05-17 16:16:21 -05:00
dcf457f7e9
Fix a typo in Eclipse Equinox product name
...
The osgi_console_exec module docs had a few stray characters for the
product name and description. The product name confused me when
googling for this module.
2021-04-23 11:57:48 +01:00
8d2e644f4f
Add a new Java Deserialization mixin and use it to set the shell
2021-03-11 12:09:29 -06:00
319f15d938
Handle nil versions for rubygems 4
2021-02-25 16:47:49 +00:00
b06c5c12aa
Rubocop recently landed modules continued
2021-02-25 14:13:40 +00:00
5b3fde7735
Rubocop recently landed modules
2021-02-16 15:08:08 +00:00
bed7ae2c78
Add latest rubocop rules
2021-02-12 13:31:51 +00:00
85a9accbee
Land #14202 , Add initial zeitwerk autoloader approach for lib/msf/core
2020-12-08 12:53:02 +00:00
45ce738af7
add default payload for targets, run rubocop
2020-12-07 16:17:12 -06:00
1617b3ec9b
Use zeitwerk for lib/msf/core folder
2020-12-07 10:31:45 +00:00
4f7329d93d
Remove EOL spaces from consul_service_exec.rb
2020-11-18 09:09:55 +00:00
6f1365b75d
Add Windows support to consul_service_exec.rb
...
Added Windows to the 'Targets' list with CmdStagerFlavor psh_invokewebrequest. Generalised the payload delivery to allow for both Windows and the existing Linux payloads.
2020-11-17 15:37:55 +00:00
30809787c4
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
26ff912291
Fix invalid disclosure date formats
2020-10-02 12:20:05 +01:00
f08349982d
Use CheckModule scanner in java_rmi_server exploit
2020-08-24 10:11:03 -05:00
b841246536
Update autocheck to use prepend instead of include, add ForceExploit functionality
2020-06-30 11:40:46 +01:00
1a2bf98222
creates standard elog & updates exisiting usages
2020-06-22 12:48:39 +01:00
b7dd7b3f7a
remove old version, rubocop
2020-06-02 14:24:18 -05:00
ffd79ff8cc
add exploit for most versions
2020-06-01 09:41:56 -05:00
8473662e32
Land #13463 , Oracle WebLogic CVE-2020-2555 exploit
2020-05-20 23:21:07 -05:00
abff1cd731
change true to false
2020-05-19 14:59:47 -05:00
378fe767b5
randomize class name
2020-05-19 14:35:36 -05:00
8f43ffa8e3
change title
2020-05-19 13:59:27 -05:00
6657d3480e
remove returns, add autocheck
2020-05-19 13:47:39 -05:00
837f307740
rubocop fixes
2020-05-19 13:12:23 -05:00
d86e008914
Update modules/exploits/multi/misc/weblogic_deserialize_badattrval.rb
...
Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com >
2020-05-19 12:29:56 -05:00
c51a32eaf2
Update modules/exploits/multi/misc/weblogic_deserialize_badattrval.rb
...
Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com >
2020-05-19 12:29:41 -05:00
5857c80f47
Update modules/exploits/multi/misc/weblogic_deserialize_badattrval.rb
...
Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com >
2020-05-19 12:29:17 -05:00
4ff4676ab9
Update modules/exploits/multi/misc/weblogic_deserialize_badattrval.rb
...
Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com >
2020-05-19 12:28:42 -05:00
32386e0947
Update modules/exploits/multi/misc/weblogic_deserialize_badattrval.rb
...
Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com >
2020-05-19 12:27:38 -05:00
9e813b7e1e
add archs
2020-05-15 10:22:08 -05:00
91e4328198
add documentation, remove some leftover comments
2020-05-15 09:44:45 -05:00
302b7134a3
add code for v12.1.3
2020-05-14 19:06:03 -05:00
f7c6699843
add code for v12.2.1.3
2020-05-14 14:08:05 -05:00
aaeb5ad5ee
mixin madness
2020-05-13 08:37:53 -05:00
76d48281d0
add check method
2020-05-12 16:12:51 -05:00
8dde3b6fca
add Windows-related code, fix alignment
2020-05-12 12:23:55 -05:00
5e0469ce4f
add t3_send comment and cmdstager code
2020-05-11 13:18:01 -05:00
cf25629510
Fix advisory link in TM1 module
2020-05-09 14:58:46 +07:00
1851f4bc3c
add documented object
2020-05-04 10:34:15 -05:00
d904eed010
add badchars for various targets
2020-03-30 12:49:58 +07:00
59c2079aa4
split AIX and Linux cmd targets
2020-03-28 14:35:24 +07:00
Brendan Coles