p20319658
/
monkey
forked from p34709852/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
920 Commits 30 Branches 0 Tags 47 MiB
Commit Graph

57 Commits

Author SHA1 Message Date
Vakaris 7e2cc86ab9 Code cleaned and tested on ubuntu 2018-08-29 16:55:35 +03:00
Vakaris 8ddfb03f27 Uploaded and modified standard web_rce code usage.Not working, not tested 2018-08-29 16:55:35 +03:00
Vakaris 3f809403d1 Custom http server class moved to the end of file 2018-08-29 16:55:03 +03:00
Vakaris 57e795573e Documented what's required and other minor changes 2018-08-29 14:43:40 +03:00
Vakaris 307a7c396c Notes fixed and tested 2018-08-29 14:43:39 +03:00
Vakaris 39bb41ed25 Removed unused imports and tested 2018-08-29 14:43:39 +03:00
Vakaris f001403a92 Fixed lock bug and made uploaded monkey names standard 2018-08-29 14:43:39 +03:00
Vakaris 8e8422b3b7 Lock changed from singleton into local variable 2018-08-29 14:43:39 +03:00
Vakaris 8fd42abd5d Refactored according to final web_rce framework changes 2018-08-29 14:43:39 +03:00
Vakaris 10528c313d Webblogic refactored to web RCE framework changes(from static methods into class methods) 2018-08-29 14:43:39 +03:00
Vakaris 66bc852742 Bugfix: http servers thread is stopped if remote target is not vulnerable 2018-08-29 14:43:39 +03:00
Vakaris ab64e78f00 Core functions of Oracle weblogic rce 2018-08-29 14:43:39 +03:00
Vakaris 8af2ab70e7 Removed unused import statement 2018-08-29 14:42:40 +03:00
Vakaris 2295f2c0ab More pythonic and clean way to apply function to url_list 2018-08-29 14:42:40 +03:00
Vakaris 84fb96d0de struts built_potential_url's now use map function to save code 2018-08-29 14:42:40 +03:00
Vakaris b07e70855c Refactored struts2 to overload get_exploit_config 2018-08-29 14:42:40 +03:00
Vakaris 071535fd01 Struts2 refactored to use default_exploit_host function 2018-08-29 14:42:40 +03:00
Vakaris beb8dfed92 Struts2 refactored for framework fixes 2018-08-29 14:42:40 +03:00
Vakaris 8d7221eada Struts2 core functions 2018-08-29 14:42:40 +03:00
Vakaris 87b0afae88 Minor changes in run_backup_commands 2018-08-29 14:41:02 +03:00
Vakaris 592dd27d91 Added functions get_monkey_paths and run_backup_commands 2018-08-28 20:51:25 +03:00
Vakaris bd8423216b Changed constructor to have default paths set to None for convienience 2018-08-23 18:35:30 +03:00
Vakaris 3e7d7425e4 made get_exploit_config non-static for readability 2018-08-22 16:01:16 +03:00
Vakaris e1b1236fb3 Comments and CR notes fixed 2018-08-22 13:41:17 +03:00
Vakaris eae3f3440d Refactored exploit_host and added get_exploit_config 2018-08-22 13:33:36 +03:00
Vakaris 911404ef68 Implemented default_exploit_host method that can implement whole framework's workflow according to some flags/params 2018-08-21 12:34:59 +03:00
Vakaris e3d286dbc0 Minor bugfix for error handling in new custom monkey destination paths feature 2018-08-18 13:14:05 +03:00
Vakaris 5565a80418 Web_RCE framework now supports custom monkey uploading paths( we don't always have permissions to uppload to C:\Windows) 2018-08-17 13:53:09 +03:00
Vakaris b8bda692b9 Notes fixed v.2 2018-08-15 16:01:27 +03:00
Vakaris 0d45a44d6b Final, tested framework fixes 2018-08-10 15:07:56 +03:00
Vakaris 5232d84e06 Almost all notes fixed, but nothing tested. 2018-08-09 16:52:15 +03:00
Vakaris d1a29872c4 Fixed half of the notes and added a small tcp_port_to_service method in network/tools 
no message
 2018-08-09 12:13:44 +03:00
Vakaris 8e684a3fad Bugfix: model.__init__ changed( I forgot to add the file to the branch) and server lock is not a singleton anymore 2018-08-07 17:44:31 +03:00
Vakaris 68d949c655 Web RCE framework core files/changes 2018-07-19 12:33:44 +03:00
Vakaris c278b0a29c Small changes 2018-06-26 18:03:31 +03:00
Vakaris 6a37f2b953 removed debugging code 2018-06-25 19:11:58 +03:00
Vakaris 671452243d Fixed some bugs and more notes 2018-06-25 18:26:34 +03:00
Vakaris 7ce790affa Some notes fixed 2018-06-22 14:55:52 +03:00
Vakaris 208411d6fc Cosmetic changes 2018-06-21 00:10:56 +03:00
Vakaris ef6c512ea9 Finished up exploitation and added reporting 2018-06-20 22:35:18 +03:00
Vakaris 2d27972e7e Struts exploitation working, and tested with win-64 and ubuntu 2018-06-20 16:58:20 +03:00
Vakaris 413bdd9254 Not yet functioning and tested, but most functions are done 2018-06-19 18:08:52 +03:00
Vakaris 9a8a6c6e28 Now exploiting both win and linux. Also, added check if monkey is not already present 2018-06-19 18:05:09 +03:00
Daniel Goldberg ecdd2e8762
Merge branch 'develop' into SSH_key_stealing 2018-06-05 16:59:28 +03:00
Vakaris 0503f90168 Notes fixed 2018-06-04 12:07:10 +03:00
Daniel Goldberg c7ed02b98e Bugfix, run Shellshock attack as dropper rather than monkey 2018-05-31 15:38:54 +03:00
Vakaris 30a3bbf9a0 Exploitation of machines using ssh keys added. Also, added shh keys exploitation to report 2018-05-29 01:02:49 +03:00
Daniel Goldberg 2bc87794b7
Merge pull request #130 from cclauss/long-was-removed-in-Python3 
long was removed in Python 3
 2018-05-08 13:06:36 +03:00
cclauss 0bb0cfbd5d long was removed in Python 3 2018-05-07 16:48:49 +02:00
cclauss bc76ea977b New style exceptions, has_key(), and types 2018-05-07 16:24:11 +02:00