sempervictus
diff --git a/‎COPYING
Lines changed: 1 addition & 1 deletion b/‎COPYING
Lines changed: 1 addition & 1 deletion
diff --git a/‎Gemfile.lock
Lines changed: 13 additions & 13 deletions b/‎Gemfile.lock
Lines changed: 13 additions & 13 deletions
diff --git a/‎LICENSE
Lines changed: 1 addition & 1 deletion b/‎LICENSE
Lines changed: 1 addition & 1 deletion
diff --git a/‎data/post/zip/zip.js
Lines changed: 87 additions & 0 deletions b/‎data/post/zip/zip.js
Lines changed: 87 additions & 0 deletions
diff --git a/‎data/post/zip/zip.vbs
Lines changed: 0 additions & 62 deletions b/‎data/post/zip/zip.vbs
Lines changed: 0 additions & 62 deletions
diff --git a/‎documentation/modules/auxiliary/admin/http/tomcat_administration.md
Lines changed: 51 additions & 0 deletions b/‎documentation/modules/auxiliary/admin/http/tomcat_administration.md
Lines changed: 51 additions & 0 deletions
@@ -1,4 +1,4 @@
-Copyright (C) 2006-2016, Rapid7, Inc.
+Copyright (C) 2006-2017, Rapid7, Inc.
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without modification,
 
@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    metasploit-framework (4.13.15)
+    metasploit-framework (4.13.16)
       actionpack (~> 4.2.6)
       activerecord (~> 4.2.6)
       activesupport (~> 4.2.6)
@@ -103,7 +103,7 @@ GEM
       thor (~> 0.19)
     bcrypt (3.1.11)
     bit-struct (0.15.0)
-    builder (3.2.2)
+    builder (3.2.3)
     capybara (2.11.0)
       addressable
       mime-types (>= 1.16)
@@ -132,7 +132,7 @@ GEM
       nokogiri (~> 1.5)
       railties (>= 3, < 5.1)
     cucumber-wire (0.0.1)
-    diff-lcs (1.2.5)
+    diff-lcs (1.3)
     docile (1.1.5)
     erubis (2.7.0)
     factory_girl (4.8.0)
@@ -142,13 +142,13 @@ GEM
       railties (>= 3.0.0)
     faraday (0.11.0)
       multipart-post (>= 1.2, < 3)
-    ffi (1.9.16)
+    ffi (1.9.17)
     filesize (0.1.1)
     fivemat (1.3.2)
     gherkin (4.0.0)
     i18n (0.7.0)
-    jsobfu (0.4.1)
-      rkelly-remix (= 0.0.6)
+    jsobfu (0.4.2)
+      rkelly-remix
     json (1.8.6)
     loofah (2.0.3)
       nokogiri (>= 1.5.9)
@@ -234,7 +234,7 @@ GEM
       thor (>= 0.18.1, < 2.0)
     rake (12.0.0)
     rb-readline-r7 (0.5.2.0)
-    recog (2.1.3)
+    recog (2.1.4)
       nokogiri
     redcarpet (3.4.0)
     rex-arch (0.1.4)
@@ -257,7 +257,7 @@ GEM
       rex-encoder
       rex-text
     rex-java (0.1.3)
-    rex-mime (0.1.1)
+    rex-mime (0.1.3)
       rex-text
     rex-nop (0.1.0)
       rex-arch
@@ -275,14 +275,14 @@ GEM
       rex-text
     rex-socket (0.1.3)
       rex-core
-    rex-sslscan (0.1.1)
+    rex-sslscan (0.1.2)
       rex-socket
       rex-text
     rex-struct2 (0.1.0)
-    rex-text (0.2.10)
+    rex-text (0.2.11)
     rex-zip (0.1.1)
       rex-text
-    rkelly-remix (0.0.6)
+    rkelly-remix (0.0.7)
     robots (0.10.1)
     rspec-core (3.5.4)
       rspec-support (~> 3.5.0)
@@ -323,10 +323,10 @@ GEM
       thread_safe (~> 0.1)
     tzinfo-data (1.2016.10)
       tzinfo (>= 1.0.0)
-    windows_error (0.0.2)
+    windows_error (0.1.0)
     xpath (2.0.0)
       nokogiri (~> 1.3)
-    yard (0.9.7)
+    yard (0.9.8)
 
 PLATFORMS
   ruby
 
@@ -2,7 +2,7 @@ Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
 Source: http://www.metasploit.com/
 
 Files: *
-Copyright: 2006-2016, Rapid7, Inc.
+Copyright: 2006-2017, Rapid7, Inc.
 License: BSD-3-clause
 
 # The Metasploit Framework is provided under the 3-clause BSD license provided
 
@@ -0,0 +1,87 @@
+/*
+ * Original technique from http://naterice.com/zip-and-unzip-files-using-the-windows-shell-and-vbscript/
+ */
+
+function create_zip(dst)
+{
+	var header = "\x50\x4b\x05\x06" +
+		"\x00\x00\x00\x00\x00\x00\x00\x00\x00" +
+		"\x00\x00\x00\x00\x00\x00\x00\x00\x00";
+
+	/*
+	 * Trick to write a binary file regardless of the system locale
+	 */
+	var outw = new ActiveXObject("ADODB.Stream");
+	outw.Type = 2;
+	outw.Open();
+	outw.WriteText(header);
+	outw.Position = 0;
+
+	var outa = new ActiveXObject("ADODB.Stream");
+	outa.Type = 2;
+	outa.Charset = "windows-1252";
+	outa.Open()
+
+	outw.CopyTo(outa);
+	outa.SaveToFile(dst, 2);
+
+	outw.Close();
+	outa.Close();
+}
+
+function basename(path)
+{
+	var a = path.split("\\");
+	var b = a.slice(-1);
+	return b[0];
+}
+
+function fileeq(a, b)
+{
+	return basename(a).toLowerCase() == basename(b).toLowerCase();
+}
+
+function zip(src, dst)
+{
+	var shell = new ActiveXObject('Shell.Application');
+	var fso = new ActiveXObject('Scripting.FileSystemObject');
+
+	/*
+	 * Normalize paths, required by the shell commands
+	 */
+	src = fso.GetAbsolutePathName(src);
+	dst = fso.GetAbsolutePathName(dst);
+
+	/*
+	 * Create an empty zip file if necessary
+	 */
+	if (!fso.FileExists(dst)) {
+		create_zip(dst);
+	}
+
+	/*
+	 * Check for duplicates
+	 */
+	var zipfile = shell.Namespace(dst);
+	var files = zipfile.items();
+	var count = files.Count;
+	for (var i = 0; i < files.Count; i++) {
+		if (fileeq(files.Item(i).Name, src)) {
+			return;
+		}
+	}
+
+	zipfile.CopyHere(src);
+
+	/*
+	 * Wait for completion, but data can be stale on network shares, so we
+	 * abort after 5 seconds.
+	 */
+	var max_tries = 50;
+	while (count == zipfile.items().Count) {
+		WScript.Sleep(100);
+		if (max_tries-- == 0) {
+			return;
+		}
+	}
+}
@@ -0,0 +1,51 @@
+## Vulnerable Application
+
+  The administrator application was removed as of Tomcat 6.  Tomcat 5.5.36 is available from [apache](https://archive.apache.org/dist/tomcat/tomcat-5/v5.5.36/).  This does not have the `admin` app bundled though, and can be downloaded [here](https://archive.apache.org/dist/tomcat/tomcat-5/v5.5.36/bin/apache-tomcat-5.5.36-admin.zip).
+  
+  To utilize the `admin` application, a user must have the permission `admin` applied to their account.  The following user line will handle all necessary permissions:
+
+  ```
+  <user username="tomcat" password="tomcat" roles="admin"/>
+  ```
+
+## Verification Steps
+
+  1. Install Tomcat 5.5 or older
+  2. Install the admin app
+  3. Start msfconsole
+  4. Do: ```use auxiliary/admin/http/tomcat_administration```
+  5. Do: ```set rhosts [ips]```
+  6. Do: ```set tomcat_user [username]```
+  7. Do: ```set tomcat_pass [username]```
+  8. Do: ```set rport [port]```
+  9. Do: ```run```
+  10. Find all the Tomcat admin portals
+
+## Options
+
+  **rport**
+
+  The default is set to `8180`, which is only default on FreeBSD.  All other operating systems, and the software itself, default to `8080`.
+
+## Scenarios
+
+  Example run against Tomcat 5.5.36 with admin module installed against Windows XP
+
+  ```
+  msf > use auxiliary/admin/http/tomcat_administration 
+  msf auxiliary(tomcat_administration) > set rport 8085
+  rport => 8085
+  msf auxiliary(tomcat_administration) > set rhosts 192.168.2.108
+  rhosts => 192.168.2.108
+  msf auxiliary(tomcat_administration) > set verbose true
+  verbose => true
+  msf auxiliary(tomcat_administration) > set tomcat_pass tomcat
+  tomcat_pass => tomcat
+  msf auxiliary(tomcat_administration) > set tomcat_user tomcat
+  tomcat_user => tomcat
+  msf auxiliary(tomcat_administration) > run
+  
+  [*] http://192.168.2.108:8085/admin [Apache-Coyote/1.1] [Apache Tomcat/5.5.36] [Tomcat Server Administration] [tomcat/tomcat]
+  [*] Scanned 1 of 1 hosts (100% complete)
+  [*] Auxiliary module execution completed
+  ```
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-Copyright (C) 2006-2016, Rapid7, Inc.`
	`1`	`+Copyright (C) 2006-2017, Rapid7, Inc.`
`2`	`2`	`All rights reserved.`
`3`	`3`
`4`	`4`	`Redistribution and use in source and binary forms, with or without modification,`