adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
56,474 Commits 27 Branches 1,043 Tags
ffb681cb79b20d6eb44e2a8f4fcd9e8dd67b2b2f
Commit Graph

3399 Commits

Author SHA1 Message Date
William Vu 8473662e32 Land #13463, Oracle WebLogic CVE-2020-2555 exploit 2020-05-20 23:21:07 -05:00
Shelby Pace abff1cd731 change true to false 2020-05-19 14:59:47 -05:00
Shelby Pace 378fe767b5 randomize class name 2020-05-19 14:35:36 -05:00
Shelby Pace 8f43ffa8e3 change title 2020-05-19 13:59:27 -05:00
Shelby Pace 6657d3480e remove returns, add autocheck 2020-05-19 13:47:39 -05:00
Shelby Pace 837f307740 rubocop fixes 2020-05-19 13:12:23 -05:00
Shelby Pace d86e008914 Update modules/exploits/multi/misc/weblogic_deserialize_badattrval.rb 
Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>
 2020-05-19 12:29:56 -05:00
Shelby Pace c51a32eaf2 Update modules/exploits/multi/misc/weblogic_deserialize_badattrval.rb 
Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>
 2020-05-19 12:29:41 -05:00
Shelby Pace 5857c80f47 Update modules/exploits/multi/misc/weblogic_deserialize_badattrval.rb 
Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>
 2020-05-19 12:29:17 -05:00
Shelby Pace 4ff4676ab9 Update modules/exploits/multi/misc/weblogic_deserialize_badattrval.rb 
Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>
 2020-05-19 12:28:42 -05:00
Shelby Pace 32386e0947 Update modules/exploits/multi/misc/weblogic_deserialize_badattrval.rb 
Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>
 2020-05-19 12:27:38 -05:00
Shelby Pace 9e813b7e1e add archs 2020-05-15 10:22:08 -05:00
Shelby Pace 91e4328198 add documentation, remove some leftover comments 2020-05-15 09:44:45 -05:00
Shelby Pace 302b7134a3 add code for v12.1.3 2020-05-14 19:06:03 -05:00
Shelby Pace f7c6699843 add code for v12.2.1.3 2020-05-14 14:08:05 -05:00
Shelby Pace aaeb5ad5ee mixin madness 2020-05-13 08:37:53 -05:00
Shelby Pace 76d48281d0 add check method 2020-05-12 16:12:51 -05:00
Shelby Pace 8dde3b6fca add Windows-related code, fix alignment 2020-05-12 12:23:55 -05:00
Shelby Pace 5e0469ce4f add t3_send comment and cmdstager code 2020-05-11 13:18:01 -05:00
Pedro Ribeiro cf25629510 Fix advisory link in TM1 module 2020-05-09 14:58:46 +07:00
Shelby Pace 1851f4bc3c add documented object 2020-05-04 10:34:15 -05:00
Spencer McIntyre 2c61fd0aff Update Apache Shiro RCE module docs 2020-04-28 14:24:17 -04:00
L daf31a3178 Avoid server load balancing 2020-04-27 10:50:34 -05:00
L 64ecd1f95a fixed 2020-04-27 10:50:09 -05:00
L 5732b0f038 fixed 2020-04-27 10:50:09 -05:00
L f8f90e5b98 Add default payload 2020-04-27 10:50:09 -05:00
L 6835d2cd9f Replace <tab> to space 2020-04-27 10:50:09 -05:00
L 1116635477 fixed 2020-04-27 10:50:09 -05:00
L 0516f6e5de Add shiro_rememberme_v124_deserialize Module 2020-04-27 10:50:09 -05:00
William Vu 823c29a127 Update post-RuboCop style in my recent modules 
Mostly 80 columns (yeah, I know) and additional whitespace to complement
the lack of alignment.
 2020-04-22 10:52:00 -05:00
William Vu 7fe0d4ddad Add another blank line 2020-04-17 11:05:01 -05:00
William Vu 4952ec3e5b Fix RuboCop's mistakes in recently landed modules 2020-04-17 10:21:17 -05:00
Alan Foster f2c3fc5f00 Rubocop recently landed modules 2020-04-17 11:55:04 +01:00
William Vu 287ce98155 Don't be lazy anymore and pack lengths as shorts 2020-04-15 15:47:51 -05:00
William Vu 3f8bff2b5a Fix bad regex on length of "Metasploit" string 
It won't match a char because it's a newline. While sticking "m" on the
end of the regex would work, there is zero reason we can't hardcode the
length, since the string is fixed.

irb(main):001:0> "\nhi" =~ /.hi/
=> nil
irb(main):002:0> "\nhi" =~ /.hi/m
=> 0
irb(main):003:0>
 2020-04-15 15:47:50 -05:00
William Vu 4bf2c5edf8 Rename exploit_class to constructor_class 2020-04-15 15:47:50 -05:00
William Vu 79501472ae Wrap jenkins_metaprogramming Base64 at 80 columns 
I think I chose Rex::Text::DefaultWrap (60 columns) before to offer a
consistent wrap regardless of indentation. Kind of a dumb waste of
space.
 2020-04-15 15:47:50 -05:00
William Vu 80817204c9 Improve jenkins_metaprogramming here docs 
Hat tip @adfoster-r7 for the indirect reminder!
 2020-04-15 15:47:50 -05:00
William Vu a73a542399 Add a comment to appease the @gwillcox-r7 god 2020-04-14 23:10:28 -05:00
William Vu c02f74637f Update print and comments 2020-04-14 23:06:38 -05:00
William Vu 0dedf9225e s/for/of/ 2020-04-14 22:56:09 -05:00
William Vu c95823d71d Comment convenience method 2020-04-14 22:07:13 -05:00
William Vu 8f4aa7b761 Comment more comments 2020-04-14 22:04:25 -05:00
William Vu 99c5912cc7 Comment another comment and move stuff around 2020-04-14 21:59:43 -05:00
William Vu b9382230f6 Comment my comments to myself 2020-04-14 21:41:51 -05:00
William Vu c9c3f87203 Note tested version in module 2020-04-14 14:01:59 -05:00
William Vu 5fbaf87c96 Move ClassLoader to HTTP::ClassLoader 
Also note the SSL workaround.
 2020-04-14 14:01:18 -05:00
William Vu 9b59a8e194 Be more verbose and validate classloader server 2020-04-14 14:01:18 -05:00
William Vu 06f54765c3 Remove res.code == 200 check again 
It really isn't necessary when we're looking for just the header.
 2020-04-14 14:01:18 -05:00
William Vu 6f77f27ed5 Move deregister_options from module to mixin 
Whoops, forgot this.
 2020-04-14 14:01:18 -05:00