adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
62,886 Commits 27 Branches 1,043 Tags
074120a2d38d0bf4a88e4e884d41c896a5a345fd
T
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
RageLtMan 074120a2d3 Scaffold HTTP Header Injection Exploit 
Using the infrastructure developped for use in the log4shell HTTP
scanner, implement a basic HTTP exploit module which performs the
same action as the scanner does per-host on a specific target; but
instead of logging the vulnerability, return a crafted LDAP search
response containing the payload encoded within the search response.

The crux of this effort lies in payload generation, specifically in
crafting the legal LDAP response packet out of the request data and
generated JAR-format payload. The payload selection is based on an
offline discussion with @Mihi during which he indicated JNDI's
ability to load JARs in the same way as raw Java classes. This
assumption/interpretation on my part may be incorrect.

At present, the delivered LDAP search response appears to be valid
in WireShark, and the vulnerable test docker is showing internal
values in its console output a la:
```
Received a request for API version com.sun.jndi.ldap.LdapCtx@3575a
```
which shows that it is processing the response on its end, just
not in the way we would prefer, yet.

This may be a result of how the MSF payload is being shuffled and
mutated by the packet construction method, or a mistake in the way
i pass in the queried base DN or execute the LDAP search response
transaction.

Testing: fails currently for aforementioned reason

TODO:
  figure out how to encode the payload/LDAP response correctly
  continue testing until verified and upstreamed
2021-12-29 09:10:07 -05:00
.github
expand version to 3.0.3 until 3.1 is handled
2021-12-28 09:22:17 -06:00
app
deprecated model error pattern
2021-08-09 12:16:12 -05:00
config
remove laoder initializer
2021-08-09 12:16:12 -05:00
data
Land #15961, Initial Rex LDAP Server
2021-12-28 14:50:03 -05:00
db
automatic module_metadata_base.json update
2021-12-28 14:09:38 -06:00
docker
remove debug output
2018-10-21 22:34:19 +02:00
documentation
Land #15961, Initial Rex LDAP Server
2021-12-28 14:50:03 -05:00
external
Pulled offsets out of dll into module. Auto-find lsass.exe when pid is 0
2021-12-18 10:56:46 -08:00
kubernetes
Meterpreter Helm chart tweaks
2021-11-05 15:14:19 +00:00
lib
Land #15961, Initial Rex LDAP Server
2021-12-28 14:50:03 -05:00
modules
Scaffold HTTP Header Injection Exploit
2021-12-29 09:10:07 -05:00
plugins
Add support for long arguments to Rex Parser
2021-12-14 17:45:56 +00:00
script
kill cucumber in framework
2017-07-12 08:00:29 -05:00
scripts
Fix Meterpreter spelling mistake
2021-10-12 23:40:43 +01:00
spec
Add tcp uri scheme for setting rhosts
2021-12-15 15:37:05 +00:00
test
modify Post::File tests to check write_file return value
2021-11-25 03:37:06 +00:00
tools
Only warn about missing CVEs in exploit modules
2021-11-04 07:18:27 -04:00
.dockerignore
change docker root exec
2018-10-21 22:30:01 +02:00
.gitignore
Merged branches
2021-10-08 02:55:39 +05:30
.gitmodules
Add RDI submodule, port Kitrap0d
2013-11-27 16:04:41 +10:00
.mailmap
Add Simon Janusz to mail map
2021-07-13 10:38:50 +01:00
.rspec
Add modern --require to .rspec
2014-10-08 10:55:40 -05:00
.rubocop.yml
Autofix module info hash values on the same line
2021-08-27 16:39:49 +01:00
.ruby-gemset
Remove gitignore, change to metasploit-framework
2013-09-13 12:44:19 -05:00
.ruby-version
bump ruby 3.0
2021-12-01 12:02:59 -06:00
.simplecov
Remove fastlib
2014-09-18 15:24:21 -05:00
.yardopts
remove HACKING from yardopts
2017-09-07 02:35:56 -05:00
CODE_OF_CONDUCT.md
Change individual contacts
2018-12-13 10:38:55 -06:00
CONTRIBUTING.md
Fix up a typo in CONTRIBUTING.md
2021-06-05 14:31:15 -05:00
COPYING
Update LICENSE and COPYING
2020-01-18 18:45:37 -06:00
CURRENT.md
add CURRENT.md to track major changes and how to migrate with them
2018-01-18 06:35:53 -06:00
docker-compose.override.yml
change docker root exec
2018-10-21 22:30:01 +02:00
docker-compose.yml
docker: hassle-free DB bootstrap
2021-01-08 16:20:11 +01:00
Dockerfile
bump docker image to match .ruby-version
2021-12-01 12:21:25 -06:00
Gemfile
Make swagger-blocks a default dependency
2021-05-10 13:21:55 +01:00
Gemfile.local.example
Add in fix to use relative paths for Gemfile.local.example, thereby fixing review comments
2020-09-24 09:25:03 -05:00
Gemfile.lock
Bump version of framework to 6.1.22
2021-12-23 12:10:50 -06:00
LICENSE
Add Process Herpaderping evasion module and binaries
2021-01-22 18:33:10 +01:00
LICENSE_GEMS
Bump version of framework to 6.1.22
2021-12-23 12:10:50 -06:00
metasploit-framework.gemspec
bump metasploit_payloads-mettle to 1.0.17
2021-12-10 06:06:07 +00:00
msf-json-rpc.ru
Add health check functionality
2021-04-16 01:59:22 +01:00
msf-ws.ru
Use zeitwerk for lib/msf/core folder
2020-12-07 10:31:45 +00:00
msfconsole
move web service api code into library path
2021-08-09 12:22:43 -05:00
msfd
remove msf folder requires
2021-01-18 14:21:54 +00:00
msfdb
Ensure msfdb reinit can be used for starting the database
2021-06-18 09:13:48 +01:00
msfrpc
Remove extra require for a now deleted file that no longer exists
2021-03-02 10:57:07 +00:00
msfrpcd
remove msf folder requires
2021-01-18 14:21:54 +00:00
msfupdate
we don't need ruby-backports anymore (or maybe we can use it more conditionally on Ruby 2.6), it uses a lot of memory
2019-12-02 09:03:58 -06:00
msfvenom
Generate machine readable msfvenom output when pipes are used
2021-05-26 11:13:49 +01:00
Rakefile
Use zeitwerk for lib/msf/core folder
2020-12-07 10:31:45 +00:00
README.md
Added the link for 'COPYING' file
2019-10-07 13:16:15 +05:30
Vagrantfile
moves v.gui comment to appropriate location(s)
2020-10-08 11:59:09 -05:00

README.md

Metasploit Build Status Maintainability Test Coverage Docker Pulls

The Metasploit Framework is released under a BSD-style license. See COPYING for more details.

The latest version of this software is available from: https://metasploit.com

Bug tracking and development information can be found at: https://github.com/rapid7/metasploit-framework

New bugs and feature requests should be directed to: https://r-7.co/MSF-BUGv1

API documentation for writing modules can be found at: https://rapid7.github.io/metasploit-framework/api

Questions and suggestions can be sent to: Freenode IRC channel or e-mail the metasploit-hackers mailing list

Installing

Generally, you should use the free installer, which contains all of the dependencies and will get you up and running with a few clicks. See the Dev Environment Setup if you'd like to deal with dependencies on your own.

Using Metasploit

Metasploit can do all sorts of things. The first thing you'll want to do is start msfconsole, but after that, you'll probably be best served by reading Metasploit Unleashed, the great community resources, or the wiki.

Contributing

See the Dev Environment Setup guide on GitHub, which will walk you through the whole process from installing all the dependencies, to cloning the repository, and finally to submitting a pull request. For slightly more information, see Contributing.

Reference in New Issue View Git Blame Copy Permalink
S
Description
Metasploit Framework
Readme Multiple Licenses 1.6 GiB
Languages
Ruby 95%
PowerShell 2.7%
C 1.2%
Python 0.4%
HTML 0.2%
Other 0.1%