Commit Graph

1237 Commits

Author SHA1 Message Date
Vakaris 7e2cc86ab9 Code cleaned and tested on ubuntu 2018-08-29 16:55:35 +03:00
Vakaris 8ddfb03f27 Uploaded and modified standard web_rce code usage.Not working, not tested 2018-08-29 16:55:35 +03:00
Vakaris 3f809403d1 Custom http server class moved to the end of file 2018-08-29 16:55:03 +03:00
itaymmguardicore 9317d0a805
Merge pull request #179 from VakarisZ/Struts2_with_framework
Struts2 with framework
2018-08-29 15:05:09 +03:00
itaymmguardicore aab8f9295e
Merge pull request #178 from VakarisZ/WebRCE_Framework
Added functions get_monkey_paths and run_backup_commands
2018-08-29 15:01:12 +03:00
itaymmguardicore 7a5e53ee69
Merge pull request #176 from acepace/feature/support-common-folder-exploit-import
Feature/support common folder exploit import
2018-08-29 14:52:34 +03:00
Vakaris 57e795573e Documented what's required and other minor changes 2018-08-29 14:43:40 +03:00
Vakaris 307a7c396c Notes fixed and tested 2018-08-29 14:43:39 +03:00
Vakaris 39bb41ed25 Removed unused imports and tested 2018-08-29 14:43:39 +03:00
Vakaris f001403a92 Fixed lock bug and made uploaded monkey names standard 2018-08-29 14:43:39 +03:00
Vakaris 8e8422b3b7 Lock changed from singleton into local variable 2018-08-29 14:43:39 +03:00
Vakaris 8fd42abd5d Refactored according to final web_rce framework changes 2018-08-29 14:43:39 +03:00
Vakaris 10528c313d Webblogic refactored to web RCE framework changes(from static methods into class methods) 2018-08-29 14:43:39 +03:00
Vakaris 66bc852742 Bugfix: http servers thread is stopped if remote target is not vulnerable 2018-08-29 14:43:39 +03:00
Vakaris ab64e78f00 Core functions of Oracle weblogic rce 2018-08-29 14:43:39 +03:00
Vakaris 8af2ab70e7 Removed unused import statement 2018-08-29 14:42:40 +03:00
Vakaris 2295f2c0ab More pythonic and clean way to apply function to url_list 2018-08-29 14:42:40 +03:00
Vakaris 84fb96d0de struts built_potential_url's now use map function to save code 2018-08-29 14:42:40 +03:00
Vakaris b07e70855c Refactored struts2 to overload get_exploit_config 2018-08-29 14:42:40 +03:00
Vakaris 071535fd01 Struts2 refactored to use default_exploit_host function 2018-08-29 14:42:40 +03:00
Vakaris beb8dfed92 Struts2 refactored for framework fixes 2018-08-29 14:42:40 +03:00
Vakaris 8d7221eada Struts2 core functions 2018-08-29 14:42:40 +03:00
Vakaris 87b0afae88 Minor changes in run_backup_commands 2018-08-29 14:41:02 +03:00
itaymmguardicore f594a5681f
Merge pull request #175 from acepace/bugfix/imports
Fix relative imports
2018-08-29 14:06:09 +03:00
Vakaris 592dd27d91 Added functions get_monkey_paths and run_backup_commands 2018-08-28 20:51:25 +03:00
Daniel Goldberg 3ce81ee78a Rewrote config parsing. Avoid the horrible cast by example function and avoid possible circular import issues. 2018-08-27 11:16:40 -04:00
Daniel Goldberg cad9aca5dd Fix one more old style import 2018-08-27 11:06:58 -04:00
Daniel Goldberg b23418782c Move configuration to be a exploit object field rather than every exploit importing it. 2018-08-27 11:04:09 -04:00
Daniel Goldberg be08027221 Fix relative imports 2018-08-27 10:58:43 -04:00
itaymmguardicore dbbb3f143e
Merge pull request #172 from VakarisZ/WebRCE_Framework
Changed constructor to have default paths set to None for convienience
2018-08-26 11:11:30 +03:00
Vakaris bd8423216b Changed constructor to have default paths set to None for convienience 2018-08-23 18:35:30 +03:00
maor.rayzin c373bfbcfb * integrated parts of the pth report to the main report module.
* Changed the ui a bit, removed some tables and add information to the current tables.
2018-08-23 15:17:08 +03:00
itaymmguardicore 685371a062
Merge pull request #168 from VakarisZ/Struts2_with_framework
Struts2 vulnerability with framework
2018-08-23 15:08:36 +03:00
Vakaris 3ff823ab04 Removed unused import statement 2018-08-23 15:06:58 +03:00
Vakaris 1c5c010028 More pythonic and clean way to apply function to url_list 2018-08-23 14:37:31 +03:00
Itay Mizeretz 5489a68049 Remove unecessary consts 2018-08-23 14:10:50 +03:00
Vakaris ef4eadf64a struts built_potential_url's now use map function to save code 2018-08-23 13:51:11 +03:00
Itay Mizeretz cdc576e77e Make mimikatz inside zip and extract only if config says so 2018-08-22 19:31:26 +03:00
itaymmguardicore fc2929ed2e
Merge pull request #159 from VakarisZ/WebRCE_Framework
Web rce framework
2018-08-22 16:46:48 +03:00
Vakaris df4b1268d1 Refactored struts2 to overload get_exploit_config 2018-08-22 16:08:38 +03:00
Vakaris 9ef44ef71f Struts2 refactored to use default_exploit_host function 2018-08-22 16:07:59 +03:00
Vakaris 6cb058eb1d Struts2 refactored for framework fixes 2018-08-22 16:07:39 +03:00
Vakaris bbd4adf2ae Struts2 core functions 2018-08-22 16:07:39 +03:00
Vakaris 3e7d7425e4 made get_exploit_config non-static for readability 2018-08-22 16:01:16 +03:00
Vakaris e1b1236fb3 Comments and CR notes fixed 2018-08-22 13:41:17 +03:00
Vakaris eae3f3440d Refactored exploit_host and added get_exploit_config 2018-08-22 13:33:36 +03:00
Itay Mizeretz 369795e375 small fixes to make everything work 2018-08-21 17:17:21 +03:00
Vakaris 911404ef68 Implemented default_exploit_host method that can implement whole framework's workflow according to some flags/params 2018-08-21 12:34:59 +03:00
Itay Mizeretz a18061d45d Merge branch 'develop' into feature/detect-cross-segment-traffic
# Conflicts:
#	infection_monkey/config.py
#	infection_monkey/example.conf
#	monkey_island/cc/services/report.py
2018-08-21 11:42:45 +03:00
Itay Mizeretz 203943bf27 Merge remote-tracking branch 'origin/master' into develop 2018-08-21 11:34:59 +03:00