Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Drupal Drupalgeddon 2 #9876

Merged
merged 26 commits into from
Apr 25, 2018
Merged

Add Drupal Drupalgeddon 2 #9876

merged 26 commits into from
Apr 25, 2018

Commits on Apr 14, 2018

  1. Add Drupal Drupalgeddon 2

    @wvu
    wvu committed Apr 14, 2018
    Configuration menu
    Copy the full SHA
    d8508b8 View commit details
    Browse the repository at this point in the history

Commits on Apr 18, 2018

  1. Refactor module and address review comments

    @wvu
    wvu committed Apr 18, 2018
    Configuration menu
    Copy the full SHA
    1900aa2 View commit details
    Browse the repository at this point in the history

Commits on Apr 19, 2018

  1. Refactor clean URL handling and remove dead code

    @wvu
    wvu committed Apr 19, 2018
    Configuration menu
    Copy the full SHA
    86ffbc7 View commit details
    Browse the repository at this point in the history

  2. Add version detection and automatic targeting 

    I also refactored error handling. Should be cleaner now.
    @wvu
    wvu committed Apr 19, 2018
    Configuration menu
    Copy the full SHA
    3d116d7 View commit details
    Browse the repository at this point in the history

  3. Refactor once more with feeling 

    Nested conditionals are the devil. Printing should be consistent now.
    @wvu
    wvu committed Apr 19, 2018
    Configuration menu
    Copy the full SHA
    7a2cc99 View commit details
    Browse the repository at this point in the history

  4. Add in-memory PHP execution using assert()

    @wvu
    wvu committed Apr 19, 2018
    Configuration menu
    Copy the full SHA
    2670d06 View commit details
    Browse the repository at this point in the history

  5. Cache version detection and print only once 

    Oops. This is the problem with overloading methods.
    @wvu
    wvu committed Apr 19, 2018
    Configuration menu
    Copy the full SHA
    62aca93 View commit details
    Browse the repository at this point in the history

  6. Add PHP dropper functionality and targets

    @wvu
    wvu committed Apr 19, 2018
    Configuration menu
    Copy the full SHA
    fcfe927 View commit details
    Browse the repository at this point in the history

Commits on Apr 20, 2018

  1. Merge remote-tracking branch 'upstream/master' into feature/drupal

    @wvu
    wvu committed Apr 20, 2018
    Configuration menu
    Copy the full SHA
    5be4526 View commit details
    Browse the repository at this point in the history

Commits on Apr 21, 2018

  1. Stop being lazy about badchar analysis 

    Badchars apply to all targets.
    @wvu
    wvu committed Apr 21, 2018
    Configuration menu
    Copy the full SHA
    8be58d3 View commit details
    Browse the repository at this point in the history

Commits on Apr 24, 2018

  1. Rewrite PHP targets to work with 7.x and 8.x 

    Win some, lose some. php -r spawns a new (obvious) command. :/

Check method and version detection also rewritten. :)
    @wvu
    wvu committed Apr 24, 2018
    Configuration menu
    Copy the full SHA
    c8b6482 View commit details
    Browse the repository at this point in the history

  2. Add module doc to appease the @h00die god

    @wvu
    wvu committed Apr 24, 2018
    Configuration menu
    Copy the full SHA
    2abfee8 View commit details
    Browse the repository at this point in the history

  3. Change back to vprint_status for the nth time 

    I really couldn't decide, especially once I got rid of CmdStager.

Also fully document the module options.
    @wvu
    wvu committed Apr 24, 2018
    Configuration menu
    Copy the full SHA
    b507391 View commit details
    Browse the repository at this point in the history

  4. Explain available targets in documentation 

    Oops.
    @wvu
    wvu committed Apr 24, 2018
    Configuration menu
    Copy the full SHA
    cd48616 View commit details
    Browse the repository at this point in the history

  5. Restore a return lost in the refactor :( 

    Also spiff up comments.
    @wvu
    wvu committed Apr 24, 2018
    Configuration menu
    Copy the full SHA
    cfaca5b View commit details
    Browse the repository at this point in the history

Commits on Apr 25, 2018

  1. Clarify version detection error message 

    This was supposed to imply that we couldn't configure the exploit for a
targetable version. Instead, it just read weirdly. I think it was
missing "to target" at the end. "Determine" is a much better word,
though, since we may be doing detection instead of mere configuration.
    @wvu
    wvu committed Apr 25, 2018
    Configuration menu
    Copy the full SHA
    8ff4407 View commit details
    Browse the repository at this point in the history

  2. Remove block quote and add version to sample run 

    The block quote was ripped directly from the module description. It
isn't necessary in the dedicated documentation. Reads better now.
    @wvu
    wvu committed Apr 25, 2018
    Configuration menu
    Copy the full SHA
    89c95ca View commit details
    Browse the repository at this point in the history

  3. Don't make a header out of tested version 

    Reads a little better now.
    @wvu
    wvu committed Apr 25, 2018
    Configuration menu
    Copy the full SHA
    e03ebf9 View commit details
    Browse the repository at this point in the history

  4. Use PHP_FUNC as a fallback in case assert() fails 

    Additionally drop a file in a writable directory in case CWD fails.
    @wvu
    wvu committed Apr 25, 2018
    Configuration menu
    Copy the full SHA
    8bc1417 View commit details
    Browse the repository at this point in the history

  5. Add SA-CORE-2018-002 as an AKA ref 

    Makes sense to me. Even though it's technically the advisory.
    @wvu
    wvu committed Apr 25, 2018
    Configuration menu
    Copy the full SHA
    2ff0e59 View commit details
    Browse the repository at this point in the history

  6. Add check for patch level in CHANGELOG.txt 

    Looks like 8.x has core/CHANGELOG.txt instead.
    @wvu
    wvu committed Apr 25, 2018
    Configuration menu
    Copy the full SHA
    ec43801 View commit details
    Browse the repository at this point in the history

  7. Correct comment about PHP CLI (it's not our last!)

    @wvu
    wvu committed Apr 25, 2018
    Configuration menu
    Copy the full SHA
    b7ac160 View commit details
    Browse the repository at this point in the history

  8. Use print_good for patch level check, oops

    @wvu
    wvu committed Apr 25, 2018
    Configuration menu
    Copy the full SHA
    910e933 View commit details
    Browse the repository at this point in the history

  9. Update module doc with patch level detection

    @wvu
    wvu committed Apr 25, 2018
    Configuration menu
    Copy the full SHA
    675ed78 View commit details
    Browse the repository at this point in the history

  10. Set target type instead of regexing names 

    We're no longer matching multiple targets like /In-Memory/ or /Dropper/,
so it makes sense to match on a specific value now.

Old matching in this commit: 1900aa2.
    @wvu
    wvu committed Apr 25, 2018
    Configuration menu
    Copy the full SHA
    b8eb7f2 View commit details
    Browse the repository at this point in the history

  11. Add TurnKey Linux ISOs to module doc setup section

    @wvu
    wvu committed Apr 25, 2018
    Configuration menu
    Copy the full SHA
    644889a View commit details
    Browse the repository at this point in the history