Land #4755, @todb-r7's release fixes
commit
9b10cd5655
|
@ -14,16 +14,17 @@ class Metasploit4 < Msf::Exploit::Local
|
|||
|
||||
def initialize(info={})
|
||||
super( update_info( info, {
|
||||
'Name' => 'Android Futex Requeue Kernel Exploit',
|
||||
'Name' => "Android 'Towelroot' Futex Requeue Kernel Exploit",
|
||||
'Description' => %q{
|
||||
This module exploits a bug in futex_requeue in the linux kernel.
|
||||
Any android phone with a kernel built before June 2014 should be vulnerable.
|
||||
This module exploits a bug in futex_requeue in the Linux kernel, using
|
||||
similiar techniques employed by the towelroot exploit. Any Android device
|
||||
with a kernel built before June 2014 is likely to be vulnerable.
|
||||
},
|
||||
'License' => MSF_LICENSE,
|
||||
'Author' => [
|
||||
'Pinkie Pie', #discovery
|
||||
'geohot', #towelroot
|
||||
'timwr' #metasploit module
|
||||
'Pinkie Pie', # discovery
|
||||
'geohot', # towelroot
|
||||
'timwr' # metasploit module
|
||||
],
|
||||
'References' =>
|
||||
[
|
||||
|
|
|
@ -18,11 +18,12 @@ class Metasploit3 < Msf::Exploit::Local
|
|||
|
||||
def initialize(info={})
|
||||
super(update_info(info, {
|
||||
'Name' => 'Windows tcpip!SetAddrOptions NULL Pointer Dereference',
|
||||
'Name' => 'MS14-070 Windows tcpip!SetAddrOptions NULL Pointer Dereference',
|
||||
'Description' => %q{
|
||||
A vulnerability within the Microsoft TCP/IP protocol driver tcpip.sys,
|
||||
can allow an attacker to trigger a NULL pointer dereference by using a
|
||||
specially crafted IOCTL.
|
||||
A vulnerability within the Microsoft TCP/IP protocol driver tcpip.sys
|
||||
can allow a local attacker to trigger a NULL pointer dereference by using a
|
||||
specially crafted IOCTL. This flaw can be abused to elevate privileges to
|
||||
SYSTEM.
|
||||
},
|
||||
'License' => MSF_LICENSE,
|
||||
'Author' =>
|
||||
|
|
|
@ -13,13 +13,13 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
'Name' => 'Achat v0.150 beta7 Buffer Overflow',
|
||||
'Name' => 'Achat Unicode SEH Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits an unicode SEH based stack buffer overflow in Achat v0.150. By
|
||||
sending a crafted message to the default port 9256 it's possible to overwrites the
|
||||
SEH handler. Even when the exploit is reliable it depends of timing since there are
|
||||
This module exploits a Unicode SEH buffer overflow in Achat. By
|
||||
sending a crafted message to the default port 9256/UDP, it's possible to overwrite the
|
||||
SEH handler. Even when the exploit is reliable, it depends on timing since there are
|
||||
two threads overflowing the stack in the same time. This module has been tested on
|
||||
Windows XP SP3 and Windows 7.
|
||||
Achat v0.150 running on Windows XP SP3 and Windows 7.
|
||||
},
|
||||
'Author' =>
|
||||
[
|
||||
|
|
|
@ -14,9 +14,11 @@ class Metasploit3 < Msf::Post
|
|||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
'Name' => 'Windows File Gather File from Raw NTFS',
|
||||
'Description' => %q(
|
||||
This module gathers a file using the raw NTFS device, bypassing some Windows restrictions
|
||||
such as open file with write lock. Can be used to retrieve files such as NTDS.dit.),
|
||||
'Description' => %q{
|
||||
This module gathers a file using the raw NTFS device, bypassing some Windows restrictions
|
||||
such as open file with write lock. Because it avoids the usual file locking issues, it can
|
||||
be used to retrieve files such as NTDS.dit.
|
||||
},
|
||||
'License' => 'MSF_LICENSE',
|
||||
'Platform' => ['win'],
|
||||
'SessionTypes' => ['meterpreter'],
|
||||
|
|
Loading…
Reference in New Issue