Commit Graph

22193 Commits (03d552c087cdb0b9bda8b9febaaa9812ab837316)

Author SHA1 Message Date
Mekanismen 60d32be7d9 updated 2013-12-09 23:10:13 +01:00
Brandon Turner 3b0a01e6dc
Land #2746, weekly update grammer/caps fixup 2013-12-09 14:18:42 -06:00
Tod Beardsley e737b136cc
Minor grammar/caps fixup for release 2013-12-09 14:01:27 -06:00
Mekanismen 14d12a2ce3 updated 2013-12-09 20:22:26 +01:00
Ramon de C Valle 37826688ce Add cfme_manageiq_evm_pass_reset.rb
This module exploits a SQL injection vulnerability in the "explorer"
action of "miq_policy" controller of the Red Hat CloudForms Management
Engine 5.1 (ManageIQ Enterprise Virtualization Manager 5.0 and earlier)
by changing the password of the target account to the specified
password.
2013-12-09 16:49:07 -02:00
Ramon de C Valle 21661b168b Add cfme_manageiq_evm_upload_exec.rb
This module exploits a path traversal vulnerability in the "linuxpkgs"
action of "agent" controller of the Red Hat CloudForms Management Engine
5.1 (ManageIQ Enterprise Virtualization Manager 5.0 and earlier).
2013-12-09 16:18:12 -02:00
Joe Vennix 6d1d45c691 Add user param to nt_hash call. 2013-12-09 10:28:06 -06:00
jvazquez-r7 c59b8fd7bc
Land #2741, @russell TCP support for nfsmount 2013-12-09 09:46:34 -06:00
Mekanismen 67415808da added exploit module for CVE-2013-0632 2013-12-09 15:18:34 +01:00
Russell Sim 291a52712e Allow the NFS protocol to be specified in the mount scanner 2013-12-09 21:26:29 +11:00
sinn3r 1e30cd55f7
Land #2740 - Real regex for MATCH and EXCLUDE 2013-12-09 03:05:08 -06:00
sinn3r 9c5991980a
Land #2733 - Disable meterpreter support because they're not stable 2013-12-09 02:50:36 -06:00
sinn3r 2f6a77861a
Land #2731 - vBulletin nodeid SQL injection (exploit) 2013-12-09 02:22:07 -06:00
sinn3r feca3efafb
Land #2728 - vBulletin Password Collector via nodeid SQL Injection 2013-12-09 02:12:42 -06:00
sinn3r 92412279ae Account for failed cred gathering attempts
Sometimes the SQL error doesn't contain the info we need.
2013-12-09 02:11:46 -06:00
Joe Vennix cd66cca8a1 Make browser autopwn datastore use OptRegexp. 2013-12-08 17:46:33 -06:00
Joe Vennix dea35252af Kill unused method. 2013-12-08 14:35:49 -06:00
Joe Vennix df76651834 Make sure loot is named correctly. 2013-12-08 14:31:18 -06:00
Joe Vennix 7f3ab14179 Make pipe part of /bin/bash cmd. 2013-12-08 14:27:28 -06:00
Joe Vennix 9b34a8f1ad Supports 10.3 2013-12-08 14:26:16 -06:00
Joe Vennix f981a04918 Fix MATCHUSER bug.
* Also add spacing and indentation for better readability.
* Refactors grab_shadow_blob method.
2013-12-08 14:21:48 -06:00
Meatballs 45a0ac9e68
Land #2602, Windows Extended API
Retrieve clipboard data
Retrieve window handles
Retrieve service information
2013-12-08 19:01:35 +00:00
Meatballs e5a92a18a5
and expand path 2013-12-08 19:01:03 +00:00
Meatballs 3c67f1c6a9
Fix file download 2013-12-08 18:57:10 +00:00
Joe Vennix eacab1b2ad Fix description, kill dead constant. 2013-12-07 22:28:16 -06:00
Joe Vennix 969f45fd32 Refactor OSX hashdump post module.
* Adds support for MATCHUSER regex option
* Adds support for OSX 10.8 and 10.9 hashes (PBKDF2)
* DRYs up a bunch of older code, adds lots of helper fns
* Ends up shaving off ~20 lines
2013-12-07 22:22:23 -06:00
dmaloney-r7 0c5d748fca Merge pull request #1103 from scriptjunkie/dllinjectfix
Support silent shellcode injection into DLLs
2013-12-07 19:47:34 -08:00
scriptjunkie f4636c46a6
Removing unused endjunk, sections_end, cert_entry 2013-12-07 20:55:51 -06:00
scriptjunkie 77e9996501
Mitigate metasm relocation error by disabling ASLR
Deal with import error by actually using the GetProcAddress code.
2013-12-07 20:54:13 -06:00
scriptjunkie 8d33138489 Support silent shellcode injection into DLLs
Only run code on DLL_PROCESS_ATTACH, preventing infinite loop otherwise:
Added code would create thread -> calls DLL entry point -> calling added code...
2013-12-07 19:44:17 -06:00
Joe Vennix 3066e62711 Fix typo, fix no-autologin users bug. 2013-12-07 19:27:36 -06:00
Joe Vennix 4cb788b9de Adds osx autologin password post module. 2013-12-07 19:01:35 -06:00
Joe Vennix c6eac67ab5 Kill meterpreter support for osx media modules.
There is some bug that I haven't been able to track down that causes the
osx call to run the event queue to just hang on latest OSX + Java/python
meterpreter. I tried rewriting these modules using OSX's new Media API,
but I run into the same problem. Until I find a solution, we should mark
these shell-only.
2013-12-07 17:46:26 -06:00
joev c51e9036ae
Merge branch 'land_mipsbe_xor_encoder' into upstream-master 2013-12-07 17:28:57 -06:00
jvazquez-r7 75fb38fe8d
Land #2724, @wchen-r7 and @jvennix-r7's module for CVE-2013-6414 2013-12-07 14:26:46 -06:00
jvazquez-r7 fdebfe3d2f Add references 2013-12-07 14:25:58 -06:00
jvazquez-r7 f77784cd0d
Land #2723, @denandz's module for OSVDB-100423 2013-12-06 17:32:07 -06:00
DoI 3ed293a1d0 Merge pull request #1 from jvazquez-r7/review_2723
Review uptime_file_upload
2013-12-06 15:29:15 -08:00
jvazquez-r7 3729c53690 Move uptime_file_upload to the correct location 2013-12-06 15:57:52 -06:00
jvazquez-r7 2ff9c31747 Do minor clean up on uptime_file_upload 2013-12-06 15:57:22 -06:00
sinn3r adc241faf8 Last one, I say 2013-12-06 15:52:42 -06:00
sinn3r 17193e06a9 Last commit, I swear 2013-12-06 15:49:44 -06:00
sinn3r 58a70779ac Final update 2013-12-06 15:48:59 -06:00
sinn3r 9f5768ae37 Another update 2013-12-06 14:53:35 -06:00
sinn3r af16f11784 Another update 2013-12-06 14:39:26 -06:00
jvazquez-r7 d47292ba10 Add module for CVE-2013-3522 2013-12-06 13:50:12 -06:00
sinn3r 87e77b358e Use the correct URI 2013-12-06 12:08:19 -06:00
sinn3r 5d4acfa274 Plenty of changes 2013-12-06 11:57:02 -06:00
bmerinofe 5e5fd6b01a Unless replaced 2013-12-06 15:01:35 +01:00
Meatballs 6f02744d46
Land #2730 Typo in mswin_tiff_overflow 2013-12-06 12:32:37 +00:00