Vakaris
|
ab64e78f00
|
Core functions of Oracle weblogic rce
|
2018-08-29 14:43:39 +03:00 |
Vakaris
|
8af2ab70e7
|
Removed unused import statement
|
2018-08-29 14:42:40 +03:00 |
Vakaris
|
2295f2c0ab
|
More pythonic and clean way to apply function to url_list
|
2018-08-29 14:42:40 +03:00 |
Vakaris
|
84fb96d0de
|
struts built_potential_url's now use map function to save code
|
2018-08-29 14:42:40 +03:00 |
Vakaris
|
b07e70855c
|
Refactored struts2 to overload get_exploit_config
|
2018-08-29 14:42:40 +03:00 |
Vakaris
|
071535fd01
|
Struts2 refactored to use default_exploit_host function
|
2018-08-29 14:42:40 +03:00 |
Vakaris
|
beb8dfed92
|
Struts2 refactored for framework fixes
|
2018-08-29 14:42:40 +03:00 |
Vakaris
|
8d7221eada
|
Struts2 core functions
|
2018-08-29 14:42:40 +03:00 |
Vakaris
|
87b0afae88
|
Minor changes in run_backup_commands
|
2018-08-29 14:41:02 +03:00 |
Vakaris
|
592dd27d91
|
Added functions get_monkey_paths and run_backup_commands
|
2018-08-28 20:51:25 +03:00 |
Vakaris
|
bd8423216b
|
Changed constructor to have default paths set to None for convienience
|
2018-08-23 18:35:30 +03:00 |
Vakaris
|
3e7d7425e4
|
made get_exploit_config non-static for readability
|
2018-08-22 16:01:16 +03:00 |
Vakaris
|
e1b1236fb3
|
Comments and CR notes fixed
|
2018-08-22 13:41:17 +03:00 |
Vakaris
|
eae3f3440d
|
Refactored exploit_host and added get_exploit_config
|
2018-08-22 13:33:36 +03:00 |
Vakaris
|
911404ef68
|
Implemented default_exploit_host method that can implement whole framework's workflow according to some flags/params
|
2018-08-21 12:34:59 +03:00 |
Vakaris
|
e3d286dbc0
|
Minor bugfix for error handling in new custom monkey destination paths feature
|
2018-08-18 13:14:05 +03:00 |
Vakaris
|
5565a80418
|
Web_RCE framework now supports custom monkey uploading paths( we don't always have permissions to uppload to C:\Windows)
|
2018-08-17 13:53:09 +03:00 |
Vakaris
|
b8bda692b9
|
Notes fixed v.2
|
2018-08-15 16:01:27 +03:00 |
Vakaris
|
0d45a44d6b
|
Final, tested framework fixes
|
2018-08-10 15:07:56 +03:00 |
Vakaris
|
5232d84e06
|
Almost all notes fixed, but nothing tested.
|
2018-08-09 16:52:15 +03:00 |
Vakaris
|
d1a29872c4
|
Fixed half of the notes and added a small tcp_port_to_service method in network/tools
no message
|
2018-08-09 12:13:44 +03:00 |
Vakaris
|
8e684a3fad
|
Bugfix: model.__init__ changed( I forgot to add the file to the branch) and server lock is not a singleton anymore
|
2018-08-07 17:44:31 +03:00 |
Vakaris
|
3f8d63c2d9
|
Timeout of joining set to 5 seconds. No use of waiting for another thread to stop. We can run our program while the thread stops
|
2018-08-04 13:01:19 +03:00 |
Vakaris
|
40957f865c
|
Struts2 compatability fix
|
2018-07-19 13:04:52 +03:00 |
Vakaris
|
68d949c655
|
Web RCE framework core files/changes
|
2018-07-19 12:33:44 +03:00 |
Daniel Goldberg
|
3e1edeac61
|
Merge pull request #156 from VakarisZ/dropper_samefile_fix
Dropper bug fix
|
2018-07-18 20:53:52 +03:00 |
Vakaris
|
d78e81db06
|
Changed to a better file comparison function
|
2018-07-18 20:48:15 +03:00 |
Vakaris
|
dfecc6d6ac
|
os.path.samefile does not work on windows. My code checks if files handlers are the same instead
|
2018-07-18 12:44:19 +03:00 |
Daniel Goldberg
|
ae4227731c
|
Merge pull request #155 from guardicore/bugfix/remove_ftp_server
Remove FTP server from infra
|
2018-07-18 10:50:31 +03:00 |
Daniel Goldberg
|
d853e02693
|
Remove FTP server from infra
New FTP server will come from pyftp
|
2018-07-17 13:08:08 +03:00 |
Daniel Goldberg
|
977e0a8769
|
Merge pull request #151 from guardicore/master
Update develop from master
|
2018-07-09 18:53:57 +03:00 |
Daniel Goldberg
|
f98a121c51
|
Merge branch 'develop' into master
|
2018-07-09 18:53:43 +03:00 |
Daniel Goldberg
|
35b535f97a
|
Removed hard coded debug address and replaced with non routable IP
|
2018-07-08 12:14:45 +03:00 |
Daniel Goldberg
|
3118620c8a
|
Merge pull request #146 from VakarisZ/struts2RCE
Struts2 rce
|
2018-06-26 18:37:07 +03:00 |
Vakaris
|
c278b0a29c
|
Small changes
|
2018-06-26 18:03:31 +03:00 |
Vakaris
|
6a37f2b953
|
removed debugging code
|
2018-06-25 19:11:58 +03:00 |
Vakaris
|
671452243d
|
Fixed some bugs and more notes
|
2018-06-25 18:26:34 +03:00 |
Vakaris
|
81712ddbf0
|
Merge branch 'struts2RCE' of https://github.com/VakarisZ/monkey into struts2RCE
|
2018-06-22 14:57:04 +03:00 |
Vakaris
|
7ce790affa
|
Some notes fixed
|
2018-06-22 14:55:52 +03:00 |
Daniel Goldberg
|
d510476658
|
Merge branch 'develop' into struts2RCE
|
2018-06-21 13:23:12 +03:00 |
Daniel Goldberg
|
f55133e8c1
|
Merge pull request #142 from guardicore/feature/MSSQL_fingerprint
Feature/mssql fingerprint
|
2018-06-21 11:46:21 +03:00 |
Daniel Goldberg
|
2ddae99687
|
Merge pull request #144 from guardicore/bugfix/fix-bad-default-config
Fix default config values
|
2018-06-21 11:40:44 +03:00 |
Daniel Goldberg
|
385cf13636
|
Merge pull request #143 from guardicore/hotfix/update-growl
Update mocha
|
2018-06-21 11:40:07 +03:00 |
Vakaris
|
208411d6fc
|
Cosmetic changes
|
2018-06-21 00:10:56 +03:00 |
Vakaris
|
ef6c512ea9
|
Finished up exploitation and added reporting
|
2018-06-20 22:35:18 +03:00 |
Vakaris
|
2d27972e7e
|
Struts exploitation working, and tested with win-64 and ubuntu
|
2018-06-20 16:58:20 +03:00 |
Vakaris
|
413bdd9254
|
Not yet functioning and tested, but most functions are done
|
2018-06-19 18:08:52 +03:00 |
Vakaris
|
9a8a6c6e28
|
Now exploiting both win and linux. Also, added check if monkey is not already present
|
2018-06-19 18:05:09 +03:00 |
Itay Mizeretz
|
0173aaf3f6
|
Update mocha
Change color structure for edge - required by update
|
2018-06-13 17:36:17 +03:00 |
Itay Mizeretz
|
20d4b3a642
|
Fix default config values
|
2018-06-13 16:05:12 +03:00 |