adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
56,474 Commits 27 Branches 1,043 Tags
ffb681cb79b20d6eb44e2a8f4fcd9e8dd67b2b2f
Commit Graph

2040 Commits

Author SHA1 Message Date
Spencer McIntyre 2c61fd0aff Update Apache Shiro RCE module docs 2020-04-28 14:24:17 -04:00
L daf31a3178 Avoid server load balancing 2020-04-27 10:50:34 -05:00
L 64ecd1f95a fixed 2020-04-27 10:50:09 -05:00
L 5732b0f038 fixed 2020-04-27 10:50:09 -05:00
L f8f90e5b98 Add default payload 2020-04-27 10:50:09 -05:00
L 6835d2cd9f Replace <tab> to space 2020-04-27 10:50:09 -05:00
L 1116635477 fixed 2020-04-27 10:50:09 -05:00
L 0516f6e5de Add shiro_rememberme_v124_deserialize Module 2020-04-27 10:50:09 -05:00
William Vu 823c29a127 Update post-RuboCop style in my recent modules 
Mostly 80 columns (yeah, I know) and additional whitespace to complement
the lack of alignment.
 2020-04-22 10:52:00 -05:00
William Vu 7fe0d4ddad Add another blank line 2020-04-17 11:05:01 -05:00
William Vu 4952ec3e5b Fix RuboCop's mistakes in recently landed modules 2020-04-17 10:21:17 -05:00
Alan Foster f2c3fc5f00 Rubocop recently landed modules 2020-04-17 11:55:04 +01:00
William Vu 287ce98155 Don't be lazy anymore and pack lengths as shorts 2020-04-15 15:47:51 -05:00
William Vu 3f8bff2b5a Fix bad regex on length of "Metasploit" string 
It won't match a char because it's a newline. While sticking "m" on the
end of the regex would work, there is zero reason we can't hardcode the
length, since the string is fixed.

irb(main):001:0> "\nhi" =~ /.hi/
=> nil
irb(main):002:0> "\nhi" =~ /.hi/m
=> 0
irb(main):003:0>
 2020-04-15 15:47:50 -05:00
William Vu 4bf2c5edf8 Rename exploit_class to constructor_class 2020-04-15 15:47:50 -05:00
William Vu 79501472ae Wrap jenkins_metaprogramming Base64 at 80 columns 
I think I chose Rex::Text::DefaultWrap (60 columns) before to offer a
consistent wrap regardless of indentation. Kind of a dumb waste of
space.
 2020-04-15 15:47:50 -05:00
William Vu 80817204c9 Improve jenkins_metaprogramming here docs 
Hat tip @adfoster-r7 for the indirect reminder!
 2020-04-15 15:47:50 -05:00
William Vu a73a542399 Add a comment to appease the @gwillcox-r7 god 2020-04-14 23:10:28 -05:00
William Vu c02f74637f Update print and comments 2020-04-14 23:06:38 -05:00
William Vu 0dedf9225e s/for/of/ 2020-04-14 22:56:09 -05:00
William Vu c95823d71d Comment convenience method 2020-04-14 22:07:13 -05:00
William Vu 8f4aa7b761 Comment more comments 2020-04-14 22:04:25 -05:00
William Vu 99c5912cc7 Comment another comment and move stuff around 2020-04-14 21:59:43 -05:00
William Vu b9382230f6 Comment my comments to myself 2020-04-14 21:41:51 -05:00
William Vu c9c3f87203 Note tested version in module 2020-04-14 14:01:59 -05:00
William Vu 5fbaf87c96 Move ClassLoader to HTTP::ClassLoader 
Also note the SSL workaround.
 2020-04-14 14:01:18 -05:00
William Vu 9b59a8e194 Be more verbose and validate classloader server 2020-04-14 14:01:18 -05:00
William Vu 06f54765c3 Remove res.code == 200 check again 
It really isn't necessary when we're looking for just the header.
 2020-04-14 14:01:18 -05:00
William Vu 6f77f27ed5 Move deregister_options from module to mixin 
Whoops, forgot this.
 2020-04-14 14:01:18 -05:00
William Vu c21bb7e9dd Bump a CheckCode to Detected 
We get the Liferay-Portal header.
 2020-04-14 14:01:18 -05:00
William Vu 69e1714d9a Don't be lazy anymore and pack lengths as shorts 2020-04-14 14:01:18 -05:00
William Vu db15baa257 Rename to Msf::Exploit::Remote::Java::ClassLoader 2020-04-14 14:01:18 -05:00
William Vu 673e13d8cb Unzero the lengths I zeroed so it works 2020-04-14 14:01:18 -05:00
William Vu 950a0d57db Fix bad regex in Liferay module, too, duh 2020-04-14 14:01:18 -05:00
William Vu d7cf08d5f3 Convert Java classloading code into a mixin 2020-04-14 14:01:18 -05:00
William Vu d920bb4615 Fix bad regex on length of "Metasploit" string 
It won't match a char because it's a newline. While sticking "m" on the
end of the regex would work, there is zero reason we can't hardcode the
length, since the string is fixed.

irb(main):001:0> "\nhi" =~ /.hi/
=> nil
irb(main):002:0> "\nhi" =~ /.hi/m
=> 0
irb(main):003:0>
 2020-04-14 14:01:17 -05:00
William Vu 83d5a673ac Rename exploit_class to constructor_class 2020-04-14 14:01:17 -05:00
William Vu a98215d27e Relax regex in case of Enterprise Edition (EE) 
I don't know what the regex would be, since I don't have EE.
 2020-04-14 14:01:17 -05:00
William Vu 5e65bb2a6a Document remote classloading files 2020-04-14 14:01:17 -05:00
William Vu 96242a99a1 Document the magic 2020-04-14 14:01:17 -05:00
William Vu d220c1045e Refactor check for precision 2020-04-14 14:01:17 -05:00
William Vu 8297f77d0a Update vuln discoverer to Markus Wulftange 
Wasn't in the original blog post, but it's in the vendor advisory.
 2020-04-14 14:01:17 -05:00
William Vu c475ddac52 Add vendor advisory to references 2020-04-14 14:01:17 -05:00
William Vu 0c8ee27613 Add Liferay Portal Java Unmarshalling RCE 2020-04-14 14:01:17 -05:00
Spencer McIntyre bea42876ee Land #13067, PlaySMS template injection RCE 2020-04-03 10:22:35 -04:00
Spencer McIntyre bd835e8f2d Cleanup more status methods and move the module 2020-04-03 10:21:27 -04:00
bwatters-r7 859eda92bb Land #12759, Apache Solr Remote Code Execution via Velocity Template 
Merge branch 'land-12759' into upstream-master
 2020-04-02 11:23:33 -05:00
ide0x90 861b79bce7 Added new targets and made documentation consistent 2020-03-29 00:33:24 +08:00
h00die 0b4c047411 doc cleanup 2020-03-24 08:47:21 -04:00
Shelby Pace fd8ceb0db2 Land #13082, add Horde Groupware Webmail RCE 2020-03-23 07:32:53 -05:00