h00die
|
706d51389e
|
spelling fix
|
2016-05-19 19:30:18 -04:00 |
HD Moore
|
32e1a19875
|
Fix up the disclosure date
|
2016-05-11 00:18:22 -05:00 |
HD Moore
|
ded79ce1ff
|
Fix CVE syntax
|
2016-05-10 23:18:45 -05:00 |
HD Moore
|
4a5d150716
|
Fixups to continue supporting Rails 4.2.x
|
2016-05-10 23:12:48 -05:00 |
HD Moore
|
04bb493ccb
|
Small typo fixed
|
2016-05-10 23:07:51 -05:00 |
HD Moore
|
7c6958bbd8
|
Rework rails_web_console_v2_code_exec to support CVE-2015-3224
|
2016-05-10 11:08:02 -05:00 |
wchen-r7
|
3db72e9b4b
|
Land #6853, use send_request_cgi! for CVE-2016-0854 exploit
|
2016-05-09 16:10:04 -05:00 |
Kyle Gray
|
2a546d191f
|
Land #6854, smtp header fix
Fixes an issue with duplicate headers when sending emails.
Fixes MS-1476
|
2016-05-06 12:07:12 -05:00 |
William Vu
|
2abb062070
|
Clean up module
|
2016-05-06 11:51:29 -05:00 |
David Maloney
|
e4e6246692
|
Merge branch 'master' of github.com:rapid7/metasploit-framework
|
2016-05-06 10:55:52 -05:00 |
Louis Sato
|
8dc7de5b84
|
Land #6838, add Rails web-console module
|
2016-05-05 15:53:52 -05:00 |
William Vu
|
1bc2ec9c11
|
Update vulnerable versions to include 6.x (legacy)
|
2016-05-05 14:18:42 -05:00 |
William Vu
|
26b749ff5a
|
Add default LHOST
This is a massive workaround and probably shouldn't be done. :-)
|
2016-05-05 14:18:42 -05:00 |
William Vu
|
5c713d9f75
|
Set default payload
Land #6849 for this to be effective.
|
2016-05-05 14:18:42 -05:00 |
William Vu
|
232cc114de
|
Change placeholder text to something useful
A la Shellshock. :)
|
2016-05-05 14:18:42 -05:00 |
William Vu
|
f32c7ba569
|
Add template generation details
|
2016-05-05 14:18:42 -05:00 |
William Vu
|
23a0517a01
|
Update description
|
2016-05-05 14:18:42 -05:00 |
William Vu
|
d7b76c3ab4
|
Add more references
|
2016-05-05 14:18:42 -05:00 |
William Vu
|
5c04db7a09
|
Add ImageMagick exploit
|
2016-05-05 14:18:42 -05:00 |
Adam Cammack
|
2e460a87dd
|
Remove extra assignment
|
2016-05-05 11:24:19 -05:00 |
David Maloney
|
891a788ad4
|
Land #6849, mknod to mkfifo
lands wvu's pr to switch from mknod to
mkfifo for netcat payloads
|
2016-05-05 10:34:41 -05:00 |
Vex Woo
|
35a780c6a8
|
fix send_request_cgi redirection issues #6806
|
2016-05-05 09:55:32 -05:00 |
Christian Mehlmauer
|
9357a30725
|
remove duplicate key
|
2016-05-04 22:15:33 +02:00 |
William Vu
|
74e5772bbf
|
Replace mknod with mkfifo for portability
Works on BSD and OS X now. This has been bugging me for a while.
|
2016-05-04 02:32:37 -05:00 |
HD Moore
|
779a7c0f68
|
Switch to the default rails server port
|
2016-05-03 02:06:58 -05:00 |
HD Moore
|
8b04eaaa60
|
Clean up various whitespace
|
2016-05-03 02:06:37 -05:00 |
wchen-r7
|
68ad9b0b53
|
Land #6835, support Windows and Java platforms for struts_dmi_exec
|
2016-05-02 15:04:42 -05:00 |
wchen-r7
|
df44dc9c1c
|
Deprecate exploits/linux/http/struts_dmi_exec
Please use exploits/multi/http/struts_dmi_exec, which supports
Windows and Java targets.
|
2016-05-02 15:03:25 -05:00 |
Brian Patterson
|
be363411de
|
Land #6317, Add delay(with jitter) option to auxiliary scanner and portscan modules
|
2016-05-02 13:09:40 -05:00 |
HD Moore
|
3300bcc5cb
|
Make msftidy happier
|
2016-05-02 02:33:06 -05:00 |
HD Moore
|
67c9f6a1cf
|
Add rails_web_console_v2_code_exec, abuse of a debug feature
|
2016-05-02 02:31:14 -05:00 |
join-us
|
6a00f2fc5a
|
mv exploits/linux/http/struts_dmi_exec.rb to exploits/multi/http/struts_dmi_exec.rb
|
2016-05-01 00:00:29 +08:00 |
join-us
|
ec66410fab
|
add java_stager / windows_stager | exploit with only one http request
|
2016-04-30 23:56:56 +08:00 |
wchen-r7
|
73ac6e6fef
|
Land #6831, Add CVE-2016-3081 Apache struts s2_032 DMI Code Exec
|
2016-04-29 11:53:47 -05:00 |
wchen-r7
|
d6a6577c5c
|
Default payload to linux/x86/meterpreter/reverse_tcp_uuid
Default to linux/x86/meterpreter/reverse_tcp_uuid for now because
of issue #6833
|
2016-04-29 11:52:50 -05:00 |
join-us
|
288975a9ce
|
rm modules/exploits/multi/http/struts_dmi_exec.rb
|
2016-04-30 00:44:31 +08:00 |
Security Corporation
|
9d279d2a74
|
Merge pull request #15 from wchen-r7/pr6831
Changes for Apache struts from @wchen-r7
|
2016-04-30 00:37:53 +08:00 |
join-us
|
15ffae4ae8
|
rename module name
|
2016-04-30 00:17:26 +08:00 |
join-us
|
1d95a8a76d
|
rename struts_code_exec_dynamic_method_invocation.rb to struts_dmi_exec.rb
|
2016-04-30 00:13:34 +08:00 |
wchen-r7
|
97061c1b90
|
Update struts_dmi_exec.rb
|
2016-04-29 11:13:25 -05:00 |
join-us
|
9e56bb8358
|
send http request (get -> post)
|
2016-04-30 00:08:00 +08:00 |
wchen-r7
|
e9535dbc5b
|
Address all @FireFart's feedback
|
2016-04-29 11:03:15 -05:00 |
wchen-r7
|
6f6558923b
|
Rename module as struts_dmi_exec.rb
|
2016-04-29 10:34:48 -05:00 |
join-us
|
643591546e
|
struts s2_032 rce - linux_stager
|
2016-04-29 10:49:56 +08:00 |
wchen-r7
|
2a91a876ff
|
Update php/meterpreter_reverse_tcp size
|
2016-04-27 16:14:38 -05:00 |
William Vu
|
0cb555f28d
|
Fix typo
|
2016-04-26 15:26:22 -05:00 |
Adam Cammack
|
f28d280199
|
Land #6814, move stdapi to exist?
|
2016-04-24 13:41:11 -04:00 |
Brent Cook
|
194a84c793
|
Modify stdapi so it also uses exist? over exists? for ruby parity
Also add an alias for backward compatibility.
|
2016-04-23 17:31:22 -04:00 |
Brent Cook
|
9a873a7eb5
|
more style fixes
|
2016-04-23 12:18:28 -04:00 |
Brent Cook
|
d86174c3bf
|
style fixes
|
2016-04-23 12:18:28 -04:00 |