adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
50,028 Commits 27 Branches 1,043 Tags
f4e84da495ffae37cedc008cc0c3aef7619d05f7
Commit Graph

25542 Commits

Author SHA1 Message Date
Brendan Coles 5957315167 Land #11141, Ensure Byte XORi Encoder uses cacheflush() 2018-12-29 10:20:07 +00:00
Brendan Coles 005b2664b8 Land #11140, Ensure MIPS Long XOR Encoder uses cacheflush() 2018-12-29 10:14:47 +00:00
Shelby Pace 29e7c49332 Land #10444, add Consul rexec RCE module 2018-12-28 09:14:28 -06:00
Shelby Pace fb8f06b2f5 Land #10443, add Consul service RCE module 2018-12-28 08:33:56 -06:00
Green-m 69e7956adf Land #11174, Fix platform bug when upgrade shell. 
The platform on windows powershell should be 'win', rather than
'windows', this bug leads to failure when upgrade powershell session
to meterpreter.
 2018-12-26 11:31:39 +08:00
L ee7120d63a fixed post/multi/manage/shell_to_meterpreter 2018-12-25 15:00:39 +08:00
Quentin Kaiser 18c844623a Remove extra spaces. 2018-12-24 13:48:07 +01:00
Quentin Kaiser e10792f4e6 Remove extra space. 2018-12-24 13:30:03 +01:00
Brent Cook b9742802aa Land #11137, Clean up linux/local/vmware_alsa_config exploit module 2018-12-21 17:04:11 -06:00
Jacob Robles 4bc871c499 Add CmdStager to erlang_cookie_rce 2018-12-21 07:33:37 -06:00
Brent Cook b83c6ad496 Land #11149, fix a PTY leak in Python Meterpreter 2018-12-20 17:30:42 -06:00
Quentin Kaiser bf2de42077 Now supports all version of Consul. 2018-12-20 18:56:07 +01:00
Quentin Kaiser 2919b970cd Implement execution checks with a timeout limit so we don't leave zombie checks running in background. 2018-12-20 18:41:35 +01:00
Quentin Kaiser ba5c40db77 No need for CVE field. 2018-12-20 18:18:53 +01:00
William Vu 5af05ad976 Land #11143, nc -j fix for cups_root_file_read 2018-12-19 22:37:00 -06:00
Jeffrey Martin bf4bb0a5b9 bump metasploit-payloads gem 
Update metasploit-payloads gem to 1.3.57 to pick up
fix for Python Meterpreter PTY Leak from rapid7/metasploit-payloads#319
 2018-12-19 18:19:24 -06:00
asoto-r7 d601837e03 Land #10401, java_jmx_server scanner for Java JMX MBean servers 2018-12-19 13:12:03 -06:00
asoto-r7 50b7d93a18 java_jmx_scanner: Incorporate @bcoles suggestions 2018-12-19 12:56:53 -06:00
Wei Chen f7eb3452be Land #11083, set user agent in Windows reverse_http(s) stagers 2018-12-19 11:38:12 -06:00
Jacob Robles 6921b79890 Land #11089, Erlang cookie rce exploit module 2018-12-19 08:02:40 -06:00
William Vu 1b8b3bbb95 Update nc -j check in cups_root_file_read 2018-12-18 17:38:33 -06:00
asoto-r7 51ce96a2b4 Merge branch 'jmx_scanner' of https://github.com/sgorbaty/metasploit-framework into sgorbaty-jmx_scanner 2018-12-18 16:05:03 -06:00
Milton-Valencia bb758f9a61 I didn't forget msftidy I swear 2018-12-18 14:55:12 -06:00
Milton-Valencia 8a2a605a99 added targets 2018-12-18 14:50:57 -06:00
Quentin Kaiser ef8601aa71 Bail early if we receive an unexpected response. 2018-12-18 19:42:26 +01:00
Quentin Kaiser 4ee7bdee6c Merge branch 'consul_service_exec' of github.com:QKaiser/metasploit-framework into consul_service_exec 2018-12-18 19:33:51 +01:00
Quentin Kaiser b3563b1bc2 Cleaner version of check function thanks to @bcoles. 2018-12-18 19:33:30 +01:00
Brendan Coles 5e134d7d8d Update modules/exploits/multi/misc/consul_service_exec.rb 
Co-Authored-By: QKaiser <QKaiser@users.noreply.github.com>
 2018-12-18 19:27:19 +01:00
Brendan Coles 5192c081ee Update modules/exploits/multi/misc/consul_service_exec.rb 
Co-Authored-By: QKaiser <QKaiser@users.noreply.github.com>
 2018-12-18 19:27:08 +01:00
Quentin Kaiser 6ad40deac3 print_status will never throw a JSON::ParseError exception. 2018-12-18 19:15:13 +01:00
Pedro Ribeiro 1e88ce9a3d Edit the comments to -84 2018-12-18 16:33:44 +00:00
Pedro Ribeiro 05218654f4 adjust the offset to -84 2018-12-18 16:30:47 +00:00
Pedro Ribeiro af418ec7f7 Fix mipsle byte_xori too 2018-12-18 16:05:23 +00:00
Quentin Kaiser a52ffbcead Missing disclosure date. 2018-12-18 17:03:09 +01:00
Quentin Kaiser a3d020a7e2 Add support for authorization with X-Consul-Token ACL header. 2018-12-18 16:56:03 +01:00
Quentin Kaiser 1839144978 Cleaner to define this as a Hash, then call .to_json on it. 2018-12-18 16:53:49 +01:00
Pedro Ribeiro d40d6c4e3d Update longxor.rb 
Suffers from the same problem as the mipsbe version
 2018-12-18 15:48:29 +00:00
Pedro Ribeiro 34c9555717 Fix byte_xori encoder 
The byte_xori encoder for mipsbe does not work correctly. At the end of the decoding, it should invoke cacheflush() with the correct parameters:
int cacheflush(char *addr, int nbytes, int cache)

I think this is because the encoder is based of the longxori encoder, which itself is pretty old (2008), and before kernel 2.6.11, cacheflush() did not need any parameters (from the cacheflush man page):
BUGS
Linux kernels older than version 2.6.11 ignore the addr and nbytes arguments, making this function fairly expensive. Therefore, the whole cache is always flushed.

This commit fixes that by setting up the parameters correctly. As an unfortunate side effect this increases the shellcode by 16 bytes, but it is absolutely necessary for it to work properly.

Note that this bug is not present when testing the encoder output on an emulator like qemu; emulators do not need to flush the caches to work properly.
 2018-12-18 15:37:47 +00:00
Quentin Kaiser 177ae2f927 fail_with is not allowed in check method. Use vprint_error and return a CheckCode instead. Cleaner response check in check function. Usage of CheckCode instead of Exploit::CheckCode. 2018-12-18 16:33:53 +01:00
Quentin Kaiser 0feadf636b Define in RPORT and SSL in register_options rather than DefaultOptions. Support for echo and printf command stager flavors + support for curl and wget command stager flavors (hence reactivation of SRVHOST, SRVPORT, URIPATH and SSLCert). 2018-12-18 16:29:36 +01:00
Quentin Kaiser 0acdcd98f2 Merge branch 'master' into consul_service_exec 2018-12-18 16:27:08 +01:00
Quentin Kaiser f487f978c2 Merge branch 'consul_exec' of github.com:QKaiser/metasploit-framework into consul_exec 2018-12-18 16:09:18 +01:00
Quentin Kaiser 08541cd7b9 Merge branch 'master' into consul_exec 2018-12-18 16:07:08 +01:00
Quentin Kaiser a1e1e4a4f4 Remove useless comment. 2018-12-18 16:05:50 +01:00
Quentin Kaiser b80e5715d4 Add support for authorization with X-Consul-Token ACL header. 2018-12-18 16:02:39 +01:00
Quentin Kaiser 551f8c5e92 Support for echo and printf command stager flavors + support for curl and wget command stager flavors (hence reactivation of SRVHOST, SRVPORT, URIPATH and SSLCert). 2018-12-18 15:48:58 +01:00
Quentin Kaiser f290221a66 Cleaner response check in check function. Usage of CheckCode instead of Exploit::CheckCode. 2018-12-18 15:36:52 +01:00
Quentin Kaiser aeec5cf23e Cleaner to define this as a Hash, then call .to_json on it. Better support of agent definition in check function. 2018-12-18 15:31:30 +01:00
Quentin Kaiser e51530688b fail_with is not allowed in check method. Use vprint_error and return a CheckCode instead. 2018-12-18 15:09:04 +01:00
Quentin Kaiser 4682cf5796 Define in register_options rather than DefaultOptions. 2018-12-18 15:04:28 +01:00