Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

merge #2

Merged
merged 280 commits into from Jan 13, 2019
Merged

merge #2

merged 280 commits into from Jan 13, 2019

Conversation

pedrib
Copy link
Owner

@pedrib pedrib commented Jan 13, 2019

Tell us what this change does. If you're fixing a bug, please mention
the github issue number.

Verification

List the steps needed to make sure this thing works

  • Start msfconsole
  • use exploit/windows/smb/ms08_067_netapi
  • ...
  • Verify the thing does what it should
  • Verify the thing does not do what it should not
  • Document the thing and how it works (Example)

busterb and others added 30 commits December 8, 2018 06:24
@busterb
update payload sizes
0ce05f0
@defaultnamehere
Simplify Chrome Gather Cookies
c5015c6 
Module now uses Chrome itself as a websocket client, reading websockets
via js. It no longer downloads and executes `websocat`.
erlang cookie rce exploit module
fcad3f0
varys -> varies
69ed80f
changes
02f3d46
tweak
3922912
req changes
2beddf1
removed 0 just saw...
15aaaa4
twks
f6bfbdd
added date based on man page
ee2ed46
wait wrong
565f2e3
@busterb
remove old metasm remnants
4ff6f01 
Noticed while @asoto-r7 was reviewing Code Climate results, and it
highlighted some metasm code as having unusual code structure. Rather
than fixing it, we can delete it, since this is from upstream metasm
presumably, which we've used as a Gem for some time (thanks @egypt).

All payloads should still be regenerable, and evasion modules as well.
@busterb
delete old cpuinfo code (is it used anywhere?)
bd3e474
@busterb
remove metasm/cpuinfo license info
1434355
@busterb
remove cpuinfo from license
5d90608
added comments
2e26cea
msftidy....lol
3f1aa42
@mkienow-r7
Fix typo
4cefb8d
@mkienow-r7
Remove unnecessary single object selection
3f9b2da
@mkienow-r7
Move convert_msf_session_to_hash to data proxy
a8ed971
@mkienow-r7
Add update_session method
b6cdf7a
@mkienow-r7
Use update_session rather than Mdm save method
c2af36f 
The changes ensure that updates to an Mdm::Session are reflected on a
remote data service.
@mkienow-r7
Enhance race condition workaround in report_host
a683ced
@mkienow-r7
Remove unused session_dto flag
ad6b80b
@mkienow-r7
Remove debug code
eec7a3d
@bcoles
Add Rex::Exploitation::CmdStagerFetch
8d93812
@bcoles
Clean up linux/local/vmware_alsa_config
d973a58
Make longxor encoder great again
fff850a 
The longxor encoder for mipsbe does not work correctly. At the end of the decoding, it should invoke cacheflush() with the correct parameters:
int cacheflush(char *addr, int nbytes, int cache)

The encoder previously did not setup the arguments, as it even said so in the comments:
;       addiu   $4, $16, -4       ; not checked by Linux
;       li      $5,40                   ; not checked by Linux
;       li      $6,3                    ; $6 is set above

I think this is because the encoder is pretty old (2008), and before kernel 2.6.11, cacheflush() did not need any parameters (from the cacheflush man page):
BUGS
       Linux  kernels older than version 2.6.11 ignore the addr and nbytes arguments, making this function fairly expensive.  Therefore, the
       whole cache is always flushed.

This commit fixes that by setting up the parameters correctly. As an unfortunate side effect this increases the shellcode by 16 bytes, but it is absolutely necessary for it to work properly. 

Note that this bug is not present when testing the encoder output on an emulator like qemu; emulators do not need to flush the caches to work properly.

As an added bonus I have also made it compatible with toupper() restrictions, which is common in web server exploits too. This did not add any extra bytes to the encoder.
fix spacing
86cbddf
Define in register_options rather than DefaultOptions.
4682cf5
@pedrib pedrib merged commit 7ac30b8 into pedrib:master Jan 13, 2019
pedrib pushed a commit that referenced this pull request Jun 8, 2019
@CorrM
Android application controller #2
d3e83d4
pedrib pushed a commit that referenced this pull request Jun 8, 2019
Merge pull request #2 from jrobles-r7/wp-google-maps-sqli
562de86 
Wp google maps sqli update
pedrib pushed a commit that referenced this pull request Jun 25, 2020
@mdisec
Merge pull request #2 from h00die/land-13645
f8ea4a0 
fixing up some styling and rubocop run
pedrib pushed a commit that referenced this pull request Jul 30, 2020
@red0xff
Merge pull request #2 from jmartin-r7/GSOC/SQLi_Engine-as-factory
e5062bc 
refactor mixin as factory for SQLi classes
pedrib pushed a commit that referenced this pull request Jul 30, 2020
@ErikWynter
Merge pull request #2 from space-r7/zentao-pro-changes
7981672 
Replace ret CheckCode with fail_with()
pedrib pushed a commit that referenced this pull request Jul 30, 2020
@HynekPetrak
Merge pull request #2 from h00die/13868
5458dca 
add cracking support for dynamic_82
pedrib pushed a commit that referenced this pull request Oct 1, 2020
@EgeBalci
Merge pull request #2 from smcintyre-r7/pr/13980/fixes
b95c708 
Validate the PE file early on to raise errors
pedrib pushed a commit that referenced this pull request Oct 1, 2020
@adfoster-r7
Merge pull request #2, Pass args through to search for cmd_use
de0826f
pedrib pushed a commit that referenced this pull request Oct 1, 2020
@cdelafuente-r7
Updates from review #2
94796f5
pedrib pushed a commit that referenced this pull request Jul 7, 2021
@wvu
Land rapid7#15141, vmware_vrops_mgr_ssrf_rce doc fix #2
684475c
pedrib pushed a commit that referenced this pull request Jul 7, 2021
@mcorybillington
Merge pull request #2 from space-r7/suitecrm-changes
3c5b704 
add cookie jar usage and AutoCheck
pedrib pushed a commit that referenced this pull request Jul 7, 2021
@pingport80
Merge pull request #2 from jmartin-r7/proposed-terminal-context
ca5b851 
adjust history context to thread file write
pedrib pushed a commit that referenced this pull request Nov 10, 2021
@jheysel-r7
Merge pull request #2 from smcintyre-r7/pr/collab/15624
eee079a 
Fixup issues from testing
pedrib pushed a commit that referenced this pull request Jan 12, 2022
@thesunRider
Merge pull request #2 from bwatters-r7/land-15742
57427ae 
Toggle HTTP server
pedrib pushed a commit that referenced this pull request Feb 10, 2022
@namaenonaimumei
Merge pull request #2 from h00die/landing-16054
4bb2924 
cracker refactor around jtr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone