adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
63,472 Commits 27 Branches 1,043 Tags
ef4e7b2165ec317aceca4e58f2a2dee87f9918a5
Commit Graph

76 Commits

Author SHA1 Message Date
Heyder Andrade 891387885b Fixed typos 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2022-02-15 08:47:50 +01:00
Heyder Andrade bbb66eba55 Fixed typos 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2022-02-15 08:47:26 +01:00
Heyder Andrade acfc7348c3 Fixed typos 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2022-02-15 08:47:10 +01:00
Heyder Andrade c935bc6388 Update modules/exploits/multi/php/ignition_laravel_debug_rce.rb 
Fix typos

Co-authored-by: Brendan <bwatters@rapid7.com>
 2022-02-15 08:46:25 +01:00
Heyder Andrade 2e73469b6b Update modules/exploits/multi/php/ignition_laravel_debug_rce.rb 
Fix typos

Co-authored-by: Brendan <bwatters@rapid7.com>
 2022-02-15 08:46:02 +01:00
Heyder Andrade ca62a05ce1 Clenup and check strategy 
- Removed else statements from check in favor of implicit return
- Added comment explaining the check strategy (to be less intrusive)
 2022-02-11 00:30:31 +01:00
Heyder Andrade d1764b2e75 Update option name 
Update option name from LOGPATH to LOGFILE to become more intuitive.
 2022-02-11 00:00:19 +01:00
Heyder Andrade df53a62cc9 Making reason from failures more descriptives 
Cases
[x] User defined wrong log file
    [-] Exploit aborted due to failure: unexpected-reply: Log file
/var/www/log.log seems doesn't exit
[x] module doesnt detect the log file
    [-] Log file does not exist /var/www/storage/logs/laravel.log
    [-] Exploit aborted due to failure: bad-config: Log file is
required, however it was defined nor it was not automatically detecte
[x] site doesnt respond with error, module unable to find the log
directoy
    [-] Unable to automatically find the log file. To continue set
LOGPATH manually
    [-] Exploit aborted due to failure: bad-config: Log file is
required, however it was defined nor it was not automatically detected
[x] site with debug mode false
    [-] Exploit aborted due to failure: not-vulnerable: The target is
not exploitable. "set ForceExploit true" to override check result
 2022-02-10 23:40:49 +01:00
Heyder Andrade 719e71648c Change Vulnerable to Appear in the check method 
As we can't determine with certainly whether the target is vulnerable the check method should return appear instead of vulnerable.

Co-authored-by: Simon Janusz <85949464+sjanusz-r7@users.noreply.github.com>
 2022-02-10 20:08:36 +01:00
Heyder Andrade cc52850ff0 Fix coding style offenses. 2022-02-09 21:30:17 +01:00
Heyder Andrade da1bc1f6d1 Change exploit Rank. Add AutoCheck. Remove custom timeout on request cgi. 2022-02-09 21:19:10 +01:00
Heyder Andrade c7092861e0 Fix the CVE format based on failed tests 2022-02-08 14:38:54 +01:00
Heyder Andrade f1fe6b7c89 Add module to CVE-2021-3129 2022-02-08 14:21:10 +01:00
h00die 46c2d343bd duplicator add check_plugin line 2021-10-29 17:22:12 -04:00
adfoster-r7 28eab4d871 Add Meterpreter compatibility metadata 2021-10-06 13:54:51 +01:00
adfoster-r7 46718e3390 Run Rubocop layout rules on modules 2021-09-10 12:53:39 +01:00
dwelch-r7 319f15d938 Handle nil versions for rubygems 4 2021-02-25 16:47:49 +00:00
Alan Foster 30809787c4 Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
Adam Cammack cf9b94a964 Set needs_cleanup flag for exploits that need it 
The `needs_cleanup` flag needs to be set per-module when an exploit
needs an interactive session to clean up. Some `FileDropper` exploits
need additional cleanup to what the mixin provides, but since all
`FileDropper`s already mark themselves as needing cleanup those are not
covered here. A few of these could potentially be refactored to use the
original exploitation method to clean up or to compile the list of
files/commands to clean up ahead of time, but that is out of the scope
of this fix.
 2019-08-02 10:23:53 -05:00
Shelby Pace b82e3469a2 renamed module and doc 2018-12-11 11:59:19 -06:00
Julien Legras 7e953e34b9 Added the clean_up function 2018-12-11 18:13:46 +01:00
Julien Legras 224e782772 Cleaned the create_wp_config_file function 2018-12-05 10:56:22 +01:00
Julien Legras 2774c17ca1 Replaced print_error and return with a fail_with 2018-12-05 10:11:09 +01:00
Julien Legras 2735c71bda Fixed typos, removed not working cleaning 2018-12-04 18:42:54 +01:00
Julien Legras b58342843b Refactored check 2018-12-04 12:03:49 +01:00
Julien Legras 6874dddc55 Fix space at EOL and sed replace 2018-11-30 15:26:14 +01:00
Julien Legras a4ee221333 Fixed the timeout for web requests 2018-11-30 14:47:41 +01:00
Julien Legras 160015d3a7 Check the HTTP response first 2018-11-29 18:54:07 +01:00
Julien Legras 984354194f Check the HTTP response first 2018-11-29 18:49:41 +01:00
Julien Legras 2b61c4e118 Fixes for PR 2018-11-29 15:02:03 +01:00
Julien Legras 02f2a2828e Fix references CVE and WPVDB 2018-11-14 18:19:12 +01:00
Julien Legras 3daec992c8 Fix indentation 2018-11-14 18:08:31 +01:00
Julien Legras b9348bd579 Added the CVE number in the references 2018-11-14 16:52:57 +01:00
Julien Legras 5f9570cbcf Added WordPress Duplicator <= 1.2.40 and documentation 2018-11-14 16:39:42 +01:00
Brent Cook 6300758c46 use https for metaploit.com links 2017-07-24 06:26:21 -07:00
g0tmi1k 772bec23a1 Fix various typos 2017-07-21 07:40:08 -07:00
g0tmi1k b8d80d87f1 Remove last newline after class - Make @wvu-r7 happy 2017-07-19 11:19:49 +01:00
William Vu 64452de06d Fix msf/core and self.class msftidy warnings 
Also fixed rex requires.
 2017-05-03 15:44:51 -05:00
Brent Cook b08d1ad8d8 Revert "Land #6812, remove broken OSVDB references" 
This reverts commit 2b016e0216, reversing
changes made to 7b1d9596c7.
 2016-07-15 12:00:31 -05:00
wchen-r7 816bc91e45 Resolve #6807, remove all OSVDB references. 
OSVDB is no longer a vulnerability database, therefore all the
references linked to it are invalid.

Resolve #6807
 2016-04-23 12:32:34 -05:00
Christian Mehlmauer 3123175ac7 use MetasploitModule as a class name 2016-03-08 14:02:44 +01:00
Brent Cook f703fa21d6 Revert "change Metasploit3 class names" 
This reverts commit 666ae14259.
 2016-03-07 13:19:55 -06:00
Christian Mehlmauer 666ae14259 change Metasploit3 class names 2016-03-07 09:56:58 +01:00
URI Assassin 35d3bbf74d Fix up comment splats with the correct URI 
See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
 2014-10-17 11:47:33 -05:00
jvazquez-r7 8937fbb2f5 Fix email format 2014-07-11 12:45:23 -05:00
Christian Mehlmauer 8d4d40b8ba Resolved some Set-Cookie warnings 2014-05-24 00:34:46 +02:00
sinn3r cdc425e4eb Update some checks 2014-01-24 12:08:23 -06:00
sinn3r 689999c8b8 Saving progress 
Progress group 3: Making sure these checks comply with the new
guidelines. Please read: "How to write a check() method" found in
the wiki.
 2014-01-21 13:03:36 -06:00
Tod Beardsley 23d058067a Redo the boilerplate / splat 
[SeeRM #8496]
 2013-10-15 13:51:57 -05:00
Winterspite 0acb170ee8 Bug #8419 - Added platform info missing on exploits 2013-10-08 22:41:50 -04:00