Brandon Perry brandonprry

Organizations

@VolatileMindsLLC
@brandonprry
Inconsistent msgpack string serialization
@brandonprry
@brandonprry
  • @brandonprry f3976c5
    small update to the registry reader
brandonprry commented on pull request rapid7/metasploit-framework#5800
@brandonprry

Nice! Thanks a bunch dude On Aug 14, 2015, at 5:05 PM, Juan Vazquez notifications@github.com wrote: Merged #5800 #5800. — Reply to this email dire…

@brandonprry
@brandonprry
  • @brandonprry cadcdea
    Update how we read data from OpenVAS
@brandonprry
  • @brandonprry 1c70636
    Less magic hex values, more integers.
@brandonprry
  • @brandonprry acc4762
    Small code refactor for the nodekey
@brandonprry
  • @brandonprry b80278a
    Fix for ri nodes, now we can enumerate patches
brandonprry commented on pull request rapid7/metasploit-framework#5800
@brandonprry

Probably the path traversal is what it is catching on.

brandonprry commented on pull request rapid7/metasploit-framework#5800
@brandonprry

Thanks, I will look at making a check method this evening after work which looks for the session ID in the response to determine if the given insta…

@brandonprry

Yeah I know. I am not sure if I like unless or if more here. Will likely be a style thing. Sent from a phone

@brandonprry
  • @brandonprry 74ed8cf
    actually that didn't work
@brandonprry
@brandonprry
  • @brandonprry 527eaea
    single quotes and some error handling
@brandonprry
brandonprry commented on pull request rapid7/metasploit-framework#5800
@brandonprry

@Meatballs1 I am not sure exactly what you mean by hijacking to_jsp_war for this.

@brandonprry
  • @brandonprry 830aee8
    check if cookie is actually returned, and if not, fail
brandonprry commented on pull request rapid7/metasploit-framework#5800
@brandonprry

One thing to note is I am not sure how a patched version behaves. Is a cookie not returned by the Forgot Password functionality?

@brandonprry
brandonprry commented on pull request rapid7/metasploit-framework#5800
@brandonprry

Looks like neither of the files can be deleted. The JSP is currently being parse when the execution of the meterp binary is performed to create the…

brandonprry commented on pull request rapid7/metasploit-framework#5800
@brandonprry

The meterp binary cannot be deleted while the shell is open, so that won't be able to be cleaned up. Working on seeing if I can clean up the JSP fi…

brandonprry commented on pull request rapid7/metasploit-framework#5800
@brandonprry

And FWIW I am testing against 64-bit Windows.

@brandonprry
brandonprry commented on pull request rapid7/metasploit-framework#5800
@brandonprry

Adding a 64-bit target, not sure this will work. The SEPM process is 32-bit.

brandonprry commented on pull request rapid7/metasploit-framework#5800
@brandonprry

Good idea. Sent from a phone On Aug 2, 2015, at 9:13 AM, Markus Wulftange notifications@github.com wrote: In modules/exploits/windows/http/sepm_au…

brandonprry commented on pull request rapid7/metasploit-framework#5800
@brandonprry

Ah yes, this is the default bad chars I use for http. Can remove. Sent from a phone On Aug 2, 2015, at 9:14 AM, Markus Wulftange notifications@git…

brandonprry commented on pull request rapid7/metasploit-framework#5800
@brandonprry

There are a couple targets it looks like I can add. One for a pure JSP payload for a command shell and a 64 bit one. Sent from a phone On Aug 2, 2…

brandonprry commented on pull request rapid7/metasploit-framework#5800
@brandonprry

Have church, will need to pick this back up later this afternoon.