sinn3r
67f788768d
Fix tabs
2012-03-01 22:31:08 -06:00
sinn3r
fd2d9ae0ea
Add MP4 file generating function. Update the description regarding exploit usage.
2012-03-01 22:24:35 -06:00
sinn3r
b1b2ec2c7d
Merge branch 'CVE-2008-5036_vlc_realtext' of https://github.com/juanvazquez/metasploit-framework into juanvazquez-CVE-2008-5036_vlc_realtext
2012-03-01 21:13:33 -06:00
sinn3r
8bad0033d3
Update description
2012-03-01 19:16:29 -06:00
sinn3r
0bc26c1665
Add CVE-2009-4656: DJ Studio .pls buffer overflow
2012-03-01 19:09:25 -06:00
juan
f1a6d8f535
Added exploit module for CVE-2008-5036
2012-03-01 23:06:40 +01:00
sinn3r
5a5e5eab95
Add msvcrt ROP target for IE8
2012-03-01 15:23:41 -06:00
Steve Tornio
2d802750e3
fix osvdb ref
2012-03-01 08:07:11 -06:00
Steve Tornio
256fee3626
add osvdb ref
2012-03-01 08:06:53 -06:00
Tod Beardsley
4369f73c7a
Msftidy fixes on new modules
...
Dropped a cryptic year reference from jducks' java module, found a
spurious space in thelightcosine's telnet module.
2012-02-29 10:42:43 -06:00
sinn3r
74cdb5dabc
It's a two-space tab, not one space. OMG.
2012-02-29 10:13:29 -06:00
sinn3r
986807e525
Add CVE-2012-0201 IBM Personal Communications .ws buffer overflow
2012-02-28 19:01:54 -06:00
sinn3r
5560087006
Add OSVDB 79438 Asus Net4Switch ActiveX Buffer Overflow
2012-02-28 18:58:28 -06:00
sinn3r
339fb8d266
eh, I mean Win2k3 SP0 to SP1
2012-02-23 17:33:49 -06:00
Joshua J. Drake
e262d7a7ff
Add CVE-2012-0500 Sun Java Web Start exploit
2012-02-23 13:30:45 -06:00
Steve Tornio
08fb03276f
add osvdb ref
2012-02-23 07:39:31 -06:00
sinn3r
144fa0dc0e
Comment what \x0b\x04 is for
2012-02-22 22:59:43 -06:00
sinn3r
291e083d65
Add CVE-2011-5001: TrendMicro Control Manager 5.5 CmdProcessor Stack Bof
2012-02-22 19:44:47 -06:00
juan
d6310829ea
Added module for CVE-2008-1602
2012-02-21 22:36:57 +01:00
Tod Beardsley
4a631e463c
Module title normalization
...
Module titles should read like titles. For
capitalization rules in English, see:
http://owl.english.purdue.edu/owl/resource/592/01/
The only exceptions are function names (like 'thisFunc()') and specific
filenames (like thisfile.ocx).
2012-02-21 11:07:44 -06:00
HD Moore
ceb4888772
Fix up the boilerplate comment to use a better url
2012-02-20 19:40:50 -06:00
HD Moore
ab92e38628
Small cosmetic change to module descriptions
2012-02-20 19:29:51 -06:00
HD Moore
af56807668
Cleanup the titles of many exploit modules
2012-02-20 19:25:55 -06:00
sinn3r
dc4bade78c
Use OptEnum to validate delivery method
2012-02-17 21:03:05 -06:00
Joshua J. Drake
d2444e1cf6
fix a few typos
2012-02-16 03:10:22 -06:00
juan
e69037959f
Added CVE-2010-0842
2012-02-15 23:32:31 +01:00
Tod Beardsley
829040d527
A bunch of msftidy fixes, no functional changes.
2012-02-10 19:44:03 -06:00
Steve Tornio
daca3e93a5
add osvdb ref
2012-02-10 07:05:42 -06:00
Steve Tornio
782fcb040d
add osvdb ref
2012-02-10 07:05:26 -06:00
Steve Tornio
1a240648fa
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-02-10 06:51:02 -06:00
sinn3r
5ea20a332b
Clearly I had the wrong disclosure date. This one is based on Adobe's security bulletin.
2012-02-10 00:13:39 -06:00
sinn3r
e5ea2961f5
Add CVE-2011-2140 Adobe Flash SequenceParameterSetNALUnit (mp4) bof
2012-02-10 00:10:28 -06:00
sinn3r
2bd330da33
Add ZDI-12-009 Citrix Provisioning Services 5.6 streamprocess buffer overflow exploit
2012-02-10 00:06:48 -06:00
Steve Tornio
d90fe9b9b7
add osvdb ref
2012-02-02 13:43:03 -06:00
sinn3r
aa44eb955e
Correct author e-mail format
2012-02-02 11:27:43 -06:00
sinn3r
6b29af5c23
Add user-agent check. Auto-migrate.
2012-02-02 03:11:10 -06:00
sinn3r
6be65acfe2
Merge branch 'CVE-2008-2551_c6_DownloaderActiveX' of https://github.com/juanvazquez/metasploit-framework into juanvazquez-CVE-2008-2551_c6_DownloaderActiveX
2012-02-02 02:54:02 -06:00
sinn3r
de675c349a
Upgrade exploit rank, because it fits the description
2012-02-02 02:49:06 -06:00
sinn3r
28b4f4b60d
Add Sunway ForceControl NetDBServer.exe Buffer Overflow (Feature #6331 )
2012-02-02 02:43:32 -06:00
juan
82eacbe2fd
Added module for CVE-2008-2551
2012-02-01 23:26:28 +01:00
Tod Beardsley
e371f0f64c
MSFTidy commits
...
Whitespace fixes, grammar fixes, and breaking up a multiline SOAP
request.
Squashed commit of the following:
commit 2dfd2472f7afc1a05d3647c7ace0d031797c03d9
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:58:53 2012 -0600
Break up the multiline SOAP thing
commit 747e62c5be2e6ba99f70c03ecd436fc444fda99e
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:48:16 2012 -0600
More whitespace and indent
commit 12c42aa1efdbf633773096418172e60277162e22
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:39:36 2012 -0600
Whitespace fixes
commit 32d57444132fef3306ba2bc42743bfa063e498df
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:35:37 2012 -0600
Grammar fixes for new modules.
2012-02-01 10:59:58 -06:00
Jonathan Cran
47c7f47f4e
Merge branch 'master' of r7.github.com:rapid7/metasploit-framework
2012-01-31 20:38:30 -06:00
Jonathan Cran
d9ee43d3dc
add disclosure date
2012-01-31 20:38:05 -06:00
Jonathan Cran
a814a9dce7
add disclosure date
2012-01-31 20:35:58 -06:00
Oliver-Tobias Ripka
0ba7557865
Fix typo in seattlelab_pass.rb exploit.
...
Also remove the $ from the end of the regex which stopped
the exploit from being executed.
2012-01-31 21:09:51 +01:00
sinn3r
1dec4c0c45
These modules should use vprint_xxx() instead of print_xxx() ... if datastore['VERBOSE']
2012-01-30 13:08:35 -06:00
sinn3r
fbac9a7239
Forgot to remove this comment
2012-01-28 13:18:15 -06:00
sinn3r
7b866eee86
Use the proper function for verbose prints
2012-01-27 12:50:01 -06:00
sinn3r
64651e52a8
Credit Shane of X-Force for the discovery
2012-01-27 11:18:34 -06:00
HD Moore
b4e2228404
Fix exitfunc option name
2012-01-27 09:15:31 -06:00
sinn3r
298b94d397
Add MS12-004 MIDI Heap Overflow Remote Code Execution Exploit (CVE-2012-003)
2012-01-27 03:48:39 -06:00
sinn3r
3952a06292
Minor changes
2012-01-26 11:35:43 -06:00
Christopher McBee
1af6740b24
Initial checking of hp_magentservice module
2012-01-25 13:04:30 -05:00
Tod Beardsley
f6a6963726
Msftidy run over the recent changed+added modules
2012-01-24 15:52:41 -06:00
Joshua J. Drake
292332d355
Add some error handling for tns_version method
2012-01-19 13:03:19 -06:00
Tod Beardsley
8ce47ab832
Changing license for KillBill module
...
Talked with Solar Eclipse, and he's consented to change his module
license from GPL to BSD, thus striking a blow for freedom. Thanks!
2012-01-19 11:39:56 -06:00
sinn3r
d6e8f0b54d
Add Felipe as an author (plus a reference) because looks like the PoC originally came from him.
2012-01-18 13:33:27 -06:00
sinn3r
064a71fb1d
Add CVE-2011-3167 HP OpenView NNM exploit (Feature #6245 )
2012-01-18 12:05:18 -06:00
sinn3r
e4ed3c968d
Add OSVDB and BID references
2012-01-17 18:16:47 -06:00
sinn3r
75f543f3eb
Hilarious, I forgot to change the disclosure date.
2012-01-17 18:11:18 -06:00
sinn3r
2e8122dc88
Better MSF style compliance
2012-01-17 14:54:50 -06:00
sinn3r
a682e68073
Add CVE-2011-4786 HP Easy Printer Care XMLCacheMgr exploit (Feature #6246 )
2012-01-17 12:28:47 -06:00
sinn3r
4f16caed0f
Change naming style for MS type bug
2012-01-17 03:00:07 -06:00
sinn3r
c15e7da0b8
Add ZDI-12-012 McAfee SaaS ShowReport code execution
2012-01-16 18:44:11 -06:00
sinn3r
4689421201
Correct variable naming style
2012-01-16 16:03:48 -06:00
Tod Beardsley
11fc423339
Merge pull request #102 from cbgabriel/bsplayer-m3u
...
modules/exploits/windows/fileformat/bsplayer_m3u.rb
2012-01-16 11:24:48 -08:00
Steve Tornio
bd31f3f480
add osvdb ref
2012-01-13 13:21:33 -06:00
sinn3r
2eb35728f6
Randomize nops
2012-01-12 18:37:25 -06:00
root
ffe81584d1
updated author
2012-01-12 19:02:34 -05:00
sinn3r
e42e0004a9
Merge branch 'ms05_054_onload' of https://github.com/SamSharps/metasploit-framework into SamSharps-ms05_054_onload
2012-01-12 17:46:50 -06:00
root
a8ef3417b5
Fixed the date
2012-01-12 20:54:55 -06:00
Sam Sharps
e75e23b963
Removed more unused variables and fixed some formatting
2012-01-12 18:13:28 -06:00
Sam Sharps
f22f54034a
Removed unused variables
2012-01-12 18:05:54 -06:00
Sam Sharps
87ee6905df
Modified exploit to not need egg hunter shellcode
2012-01-12 18:01:22 -06:00
root
ad0b745b31
new file: modules/exploits/windows/fileformat/bsplayer_m3u.rb
2012-01-12 16:12:43 -05:00
Tod Beardsley
092b226cce
Updating tns_auth_sesskey to use a user-supplied SID
...
Applying the patch suggested by Lukas, here: http://mail.metasploit.com/pipermail/framework/2012-January/008374.html
2012-01-11 07:31:36 -06:00
Tod Beardsley
7e25f9a6cc
Death to unicode
...
Apologies to the authors whose names I am now intentionally misspelling.
Maybe in another 10 years, we can guarantee that all terminals and
machine parsers are okay with unicode suddenly popping up in strings.
Also adds a check in msftidy for stray unicode.
2012-01-10 14:54:55 -06:00
sinn3r
bc9014e912
Add new v3.4 target by Michael Coppola (Feature #6207 )
2012-01-09 23:51:11 -06:00
sinn3r
8eee54d1d0
Add e-mail addr for corelanc0d3r (found it in auxiliary/fuzzers/ftp/client_ftp.rb)
2012-01-09 14:23:37 -06:00
sinn3r
2f9d563067
Update reference
2012-01-09 02:14:29 -06:00
David Maloney
9cf2af6a94
Adds exploit/windows/htt/xampp_webdav_upload_php
...
This exploit abuses weak default passwords on XAMPP
for windows to uplaod a php payload and execute it.
Fixes #2170
2012-01-06 12:00:14 -08:00
Sam Sharps
06414c2413
changed author to my actual name
2012-01-06 01:03:20 -06:00
Sam Sharps
b26ed37467
Added description, urls, and another author
2012-01-06 00:47:01 -06:00
Sam Sharps
5c05cebaf7
Added ms05_054_onload.rb IE 6 SP 2 exploit - CVE-2005-1790
2012-01-06 00:16:45 -06:00
sam
f3a9bc2dad
Added ms05_054_onload.rb IE 6 SP 2 exploit - CVE-2005-1790
2012-01-06 00:12:28 -06:00
sinn3r
8cced0a91e
Add CVE-2011-2462 Adobe Reader U3D exploit
2012-01-04 03:49:49 -06:00
Joshua J. Drake
958ffe6e1d
Fix stack trace from unknown agents
2012-01-02 03:41:49 -06:00
Steve Tornio
7bfdc9eff4
add osvdb ref
2012-01-01 09:10:10 -06:00
sinn3r
d9db03dba6
Add CoCSoft StreamDown buffer overflow (Feature #6168 ; no CVE or OSVDB ref)
2011-12-30 10:16:29 -06:00
sinn3r
b202c29153
Correct e-mail format
2011-12-29 11:27:10 -06:00
sinn3r
d484e18300
Add e-mail for tecr0c
2011-12-29 11:14:15 -06:00
sinn3r
9972f42953
Add e-mail for mr_me for consistency
2011-12-29 11:01:38 -06:00
Tod Beardsley
0e3370f1fe
Grammar and spelling on splunk and oracle exploits
2011-12-28 13:42:56 -06:00
Steve Tornio
4215ef3ae1
add osvdb ref
2011-12-24 06:54:39 -06:00
steponequit
69570dada6
Add CVE-2008-2161 OpenTFTP SP 1.4 Buffer Overflow by steponequit
2011-12-23 16:28:36 -06:00
steponequit
84c6739921
added initial opentftp 1.4 windows exploit
2011-12-23 11:27:11 -06:00
sinn3r
41697440c7
Add Oracle Job Scheduler Command Execution (CreateProcessA) - Feature #6079
2011-12-23 01:22:39 -06:00
sinn3r
baaa1f6c82
Add US-Cert references to all these SCADA modules. The refers are based on this list:
...
http://www.scadahacker.com/resources/msf-scada.html
2011-12-20 14:07:29 -06:00
sinn3r
b58097a2a7
Remove junk() because it's never used
2011-12-17 01:28:07 -06:00
sinn3r
fae80f8d49
typo
2011-12-16 11:10:46 -06:00
Steve Tornio
1712f2aa22
add osvdb ref
2011-12-14 07:23:11 -06:00
sinn3r
fea4bfb85c
Repair dead milw0rm link to exploit-db
2011-12-13 16:13:53 -06:00
sinn3r
c1a4c4e584
Repair dead milw0rm link to exploit-db
2011-12-13 16:13:34 -06:00
sinn3r
acef9de711
Repair dead milw0rm link to exploit-db
2011-12-13 16:13:15 -06:00
sinn3r
d246bfa4da
Credit Luigi Auriemma for the original discovery/poc, not Celil
2011-12-13 15:20:26 -06:00
Tod Beardsley
a8fad72fce
Merge branch 'msftidy_fixup'
...
Merging a local msftidy cleanup branch, adding a new optional msftidy
test to check for 1.8 compat and cleaning up some whitespace /
file.open()'s.
2011-12-12 17:55:21 -06:00
Tod Beardsley
f402b8598b
Whitespace and File.open binary mode cleanups.
...
Fixes some recent modules: dns_fuzzer, shodan_search,
avidphoneticindexer, and win_privs.
2011-12-12 17:31:28 -06:00
sinn3r
bacdbb90d7
ugh, stack overflow != stack buffer overflow. Also, metadata format fix.
2011-12-12 15:23:32 -06:00
sinn3r
5af5137241
Add CoDeSys SCADA bof module ( #6083 )
2011-12-12 15:21:15 -06:00
HD Moore
4736cb1cbe
Merge pull request #48 from swtornio/master
...
add osvdb ref
2011-12-11 20:37:43 -08:00
HD Moore
1ae12e3a23
Remove the default target, since module doesn't fingerprint the service
...
pack, this can only end in tears.
2011-12-10 13:31:05 -06:00
Steve Tornio
b521602d82
add osvdb ref
2011-12-10 07:49:50 -06:00
sinn3r
0e2101e4c1
Correct author name
2011-12-07 00:24:16 -06:00
sinn3r
92c1065508
Add CVE-2004-1626 (Ability FTP Server). OSCP l337-fu :-)
2011-12-06 18:52:42 -06:00
sinn3r
e524215b55
WTH, the date format is wrong
2011-12-04 15:23:31 -06:00
Steve Tornio
b75799d18d
=add osvdb ref
2011-12-02 16:50:42 -06:00
Steve Tornio
83f12c6fe0
=add osvdb ref
2011-12-02 16:46:01 -06:00
sinn3r
c8634390b7
Add CCMPlayer m3u exploit (Feature #6029 )
2011-12-02 16:27:59 -06:00
sinn3r
f4b755c319
Add License comment (author already put 'MSF_LICENSE' in there). Also drop rank, because it doesn't cover so many targets
2011-12-02 15:00:39 -06:00
sinn3r
cd2bb027bf
Merge branch 'master' of github.com:rapid7/metasploit-framework
2011-12-02 14:54:53 -06:00
sinn3r
895a509bd3
Add Avid Media Composer 5.5 (Feature #6035 )
2011-12-02 14:53:26 -06:00
Steve Tornio
2bb97791f7
Update OSVDF refs for servu module.
...
* Added osvdb ref to servu module.
* Fixed rhino entry in osvdb, removed comment from module.
Squashed commit of the following:
commit 80ce65253f51e07a0bcb8900402a1b3d59eaeaa1
Author: Steve Tornio <swtornio@gmail.com>
Date: Fri Dec 2 07:44:28 2011 -0600
add osvdb ref
commit 558f20d84dd705b57b7f807a5ea3815e17b6f9f5
Author: Steve Tornio <swtornio@gmail.com>
Date: Wed Nov 30 08:15:20 2011 -0600
fixed in osvdb
[Closes #39 ]
2011-12-02 13:21:41 -05:00
David Maloney
2858cae296
Some quick corrections to tidy things up
2011-11-29 19:57:08 -08:00
David Maloney
be88f483a3
More Accurate Vulnerability Check
2011-11-29 18:38:00 -08:00
David Maloney
0dda948265
New Exploit for the Serv-U FTP Buffer overflow
...
from CVE 2004-2111
2011-11-29 17:34:01 -08:00
Tod Beardsley
f503bd9488
Fixes #5749 by converting to unix-style linefeeds and forcing jtr modules to read files as binary, and updating msftidy to allow for r+b as a ghetto append.
2011-11-28 17:52:34 -06:00
Rob Fuller
c411c216c0
Solved most of msftidy issues with the /modules directory
2011-11-28 17:10:29 -06:00
sinn3r
e11ca43c37
Add feature #5680
2011-11-21 12:39:45 -06:00
sinn3r
76846aa578
Add MS10-038 (CVE-2010-0822) exploit
2011-11-21 11:36:47 -06:00
sinn3r
28a079f308
Add credit to the appropriate researcher
2011-11-20 02:32:45 -06:00
sinn3r
95d639ccf7
Change target index and names. Also retested on XP all the way to Win 7, IE 6 to IE8.
2011-11-20 01:44:52 -06:00
sinn3r
9c2fab0921
Add CVE-2010-0356 (Viscom Movie Player Pro) by tecr0c
2011-11-19 20:40:04 -06:00
sinn3r
30f13984ea
Add wireshark console.lua exploit (CVE-2011-3360)
2011-11-18 21:24:48 -06:00
sinn3r
fea42dbdee
Add feature #5872
2011-11-16 12:26:54 -06:00
David Maloney
c8142043e9
Fixes to credential handling to downcase usernames whenever they are not case sensitive.
...
Also report_auth_info now checks to see if a non-case sensitive version of the cred
may already exist.
2011-11-14 22:50:52 -08:00
sinn3r
2536cf0308
Add feature #5779
2011-11-14 01:49:26 -06:00
Steve Tornio
a0c9297500
add osvdb ref
2011-11-12 06:01:41 -06:00
sinn3r
170c4f5451
Fix author email format
2011-11-12 01:53:25 -06:00
sinn3r
b8b8732d85
Correct disclosure date
2011-11-12 01:12:28 -06:00
sinn3r
ed5bae6441
oops, I don't need that extra comment
2011-11-12 01:04:00 -06:00
sinn3r
84c5268ab4
Add Aviosoft DTV exploit
2011-11-12 01:02:40 -06:00
Patrick Webster
f54b622ad3
Added BID ref for amlibweb module.
2011-11-11 12:04:40 +11:00
wchen-r7
c569ec4a33
Don't really need a revision # in source
2011-11-09 22:10:52 -06:00
Wei Chen
32bb3af298
Add feature #5946
2011-11-09 21:49:34 -06:00
Matt Weeks
fdf13e5e0e
Fixes #5927
...
git-svn-id: file:///home/svn/framework3/trunk@14196 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-08 21:45:17 +00:00
Wei Chen
c4fa5b4674
Fix #5937 . Vista is currently taken down because it's not stable enough.
...
git-svn-id: file:///home/svn/framework3/trunk@14188 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-08 09:35:18 +00:00
Wei Chen
0b981b0db0
Add OSVDB reference
...
git-svn-id: file:///home/svn/framework3/trunk@14179 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-07 02:01:42 +00:00
Wei Chen
e767214411
Fix: whitespaces, svn propset, author e-mail format
...
git-svn-id: file:///home/svn/framework3/trunk@14175 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-06 22:02:26 +00:00
Wei Chen
49dddf1396
Yeah, don't really need the bottom comment anymore
...
git-svn-id: file:///home/svn/framework3/trunk@14172 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-06 20:16:34 +00:00
Wei Chen
43a22d3fa0
Add Office 2007 SP2 target, thanks Juan
...
git-svn-id: file:///home/svn/framework3/trunk@14171 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-06 17:33:29 +00:00
Wei Chen
1a2f60f4c0
Add MS11-021 ( #5917 )
...
git-svn-id: file:///home/svn/framework3/trunk@14169 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-05 23:05:42 +00:00
James Lee
155c3ff9ac
whitespace
...
git-svn-id: file:///home/svn/framework3/trunk@14157 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-04 17:17:10 +00:00
Steve Tornio
7a07e069da
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@14156 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-04 14:15:00 +00:00
Wei Chen
3d6f631780
Upgrade mini_stream as a remote module. Account for all variables that affect the offset to EIP. Also digital1 = Ron.
...
git-svn-id: file:///home/svn/framework3/trunk@14155 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-04 08:20:43 +00:00
Wei Chen
b809f00979
Add NJStar MiniSMTP bof (Feature #5901 )
...
git-svn-id: file:///home/svn/framework3/trunk@14135 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-01 08:19:55 +00:00
Mario Ceballos
0890cca02a
much needed patch worked like a champ in my enviroment.
...
git-svn-id: file:///home/svn/framework3/trunk@14132 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-31 20:37:30 +00:00
Wei Chen
3eff1cfaa5
This exploit does not work at all, and could not be fixed in time. See #5854
...
git-svn-id: file:///home/svn/framework3/trunk@14088 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-27 01:47:48 +00:00
Mario Ceballos
7b099bbaef
remove Rex::Text.pattern_create()
...
git-svn-id: file:///home/svn/framework3/trunk@14076 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-26 22:16:26 +00:00
Wei Chen
ded364c8ef
Feature #5621
...
git-svn-id: file:///home/svn/framework3/trunk@14075 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-26 21:25:46 +00:00
David Rude
086af94b5d
Adds Foxit PDF Reader Exploit CVE-2009-0837
...
git-svn-id: file:///home/svn/framework3/trunk@14069 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-25 20:15:12 +00:00
Joshua Drake
32cde1d45a
don't use the pattern creator
...
git-svn-id: file:///home/svn/framework3/trunk@14050 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-24 19:43:54 +00:00
Wei Chen
fa2355a766
Damn comma
...
git-svn-id: file:///home/svn/framework3/trunk@14048 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-24 16:42:07 +00:00
Wei Chen
68286561f5
Add #5742
...
git-svn-id: file:///home/svn/framework3/trunk@14047 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-24 16:38:02 +00:00
Wei Chen
c0d362bd83
Fix tabs, and the correct the bottom comment
...
git-svn-id: file:///home/svn/framework3/trunk@14041 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-24 01:39:11 +00:00
Wei Chen
a8d62ae01a
Add feature #5592 (Cytel Studio)
...
git-svn-id: file:///home/svn/framework3/trunk@14040 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-24 01:37:32 +00:00
Joshua Drake
7bfa29ace4
clean up exploit HTML print_status
...
git-svn-id: file:///home/svn/framework3/trunk@14036 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-23 14:21:57 +00:00
Joshua Drake
62c8c6ea9f
big msftidy pass, ping me if there are issues
...
git-svn-id: file:///home/svn/framework3/trunk@14034 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-23 11:56:13 +00:00
Steve Tornio
27cba3d7ec
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@14020 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-21 11:50:59 +00:00
Wei Chen
06aa776a77
Bleh, fix BID reference
...
git-svn-id: file:///home/svn/framework3/trunk@14016 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-20 17:40:21 +00:00
Wei Chen
e5f7bfceaf
Add HP Power Manager module by ipax, thx!
...
git-svn-id: file:///home/svn/framework3/trunk@14015 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-20 17:29:48 +00:00
David Rude
091b9779e2
Add commas
...
git-svn-id: file:///home/svn/framework3/trunk@14007 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-19 20:41:09 +00:00
David Rude
521aec205b
Return on error
...
git-svn-id: file:///home/svn/framework3/trunk@14006 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-19 19:55:04 +00:00
Wei Chen
0f1ba8dcf1
Change user agent check
...
git-svn-id: file:///home/svn/framework3/trunk@13993 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 15:48:03 +00:00
HD Moore
e4290e40c4
Fix the check to not report empty user/pass
...
git-svn-id: file:///home/svn/framework3/trunk@13989 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 09:10:00 +00:00
Wei Chen
8e4f4a2672
Add CVE-2011-1774 (Safari libxslt arbitrary file creation)
...
git-svn-id: file:///home/svn/framework3/trunk@13987 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 07:39:50 +00:00
Wei Chen
fbbec1fa92
This exploit falls between NormalRanking to GoodRanking. I'll class it as Normal for now.
...
git-svn-id: file:///home/svn/framework3/trunk@13984 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 03:48:10 +00:00
Wei Chen
975cc52bac
Fix spelling errors
...
git-svn-id: file:///home/svn/framework3/trunk@13983 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 00:54:05 +00:00
Wei Chen
0304702b14
Mention where the getpc code is from, request by corelanc0d3r
...
git-svn-id: file:///home/svn/framework3/trunk@13974 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 14:56:44 +00:00
Tod Beardsley
c336d063da
Mostly file format (unix linefeeds) and File.open() calls using binary. Fixed ranking for mozilla_nstreerange and disclosure and BID # for tugzip.
...
git-svn-id: file:///home/svn/framework3/trunk@13971 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 04:20:53 +00:00
Tod Beardsley
3c36b0c975
Msftidy: knocking out all those trailing spaces. Screw those guys.
...
git-svn-id: file:///home/svn/framework3/trunk@13967 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 03:49:49 +00:00
Wei Chen
39a4488da5
Patch #5740 for Firefox Array.reduceRight() exploit
...
git-svn-id: file:///home/svn/framework3/trunk@13958 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-16 20:28:15 +00:00
Tod Beardsley
d059670d67
Fixes #5570 , commits TecR0c's exploit module, after running through msftidy.rb. Thanks!
...
git-svn-id: file:///home/svn/framework3/trunk@13952 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-16 15:47:04 +00:00
HD Moore
594b0687c7
Fix CVE reference format
...
git-svn-id: file:///home/svn/framework3/trunk@13950 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-16 09:55:07 +00:00
HD Moore
cf8524b1b4
Fixes #5414 by applying Joshua Taylor's patch that corrects bad reference types
...
git-svn-id: file:///home/svn/framework3/trunk@13949 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-16 09:53:53 +00:00
Tod Beardsley
020abd926b
A handful of rankings changes, also converting whitespace.
...
git-svn-id: file:///home/svn/framework3/trunk@13941 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 22:58:20 +00:00
Wei Chen
14d7db1641
Add disclosure dates to all the exploit modules that didn't have one
...
git-svn-id: file:///home/svn/framework3/trunk@13938 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 21:09:17 +00:00
Wei Chen
1adb31747d
This module is missing a ranking. Adding one.
...
git-svn-id: file:///home/svn/framework3/trunk@13936 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 20:35:18 +00:00
Wei Chen
2b746b3505
This module never got a ranking, adding one
...
git-svn-id: file:///home/svn/framework3/trunk@13934 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 20:07:59 +00:00
Wei Chen
4f4c0bc0be
Add CVE-2011-2371 Firefox Array.reduceRight() vuln
...
git-svn-id: file:///home/svn/framework3/trunk@13909 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-13 03:16:15 +00:00
Wei Chen
90a426cec6
Add PcVue 10 LoadObject/SaveObject vuln (Feature #5647 )
...
git-svn-id: file:///home/svn/framework3/trunk@13889 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-12 10:57:31 +00:00
James Lee
6578874439
don't bother escaping a tick
...
git-svn-id: file:///home/svn/framework3/trunk@13887 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-12 01:45:10 +00:00
Wei Chen
c1b1917dce
Change correct name for Lincoln. Also, this is feature #5646
...
git-svn-id: file:///home/svn/framework3/trunk@13868 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-11 03:30:14 +00:00
Wei Chen
e3111e0261
Add CVE-2008-4779
...
git-svn-id: file:///home/svn/framework3/trunk@13867 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-11 03:28:08 +00:00
Wei Chen
f54939cda9
Change target name and description. The module works on multiple systems.
...
git-svn-id: file:///home/svn/framework3/trunk@13853 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-10 16:47:33 +00:00
Wei Chen
8488343e46
Add CVE-2011-2595 (Feature #5645 )
...
git-svn-id: file:///home/svn/framework3/trunk@13852 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-10 16:11:05 +00:00
Wei Chen
756aafd7f2
Add CVE and OSVDB refs
...
git-svn-id: file:///home/svn/framework3/trunk@13848 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-09 22:56:17 +00:00
Joshua Drake
eab8a2434b
fix typo in description
...
git-svn-id: file:///home/svn/framework3/trunk@13845 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-09 19:39:15 +00:00
Wei Chen
487ee5b46e
Does not work against Win 7 SP0/SP1 and Windows Server 2003 SP2. Definitely not an universal target.
...
git-svn-id: file:///home/svn/framework3/trunk@13841 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-09 05:36:42 +00:00
Wei Chen
a3cc25615d
Add bug #5505 (scriptftp_list module)
...
git-svn-id: file:///home/svn/framework3/trunk@13839 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-09 04:17:03 +00:00
HD Moore
3d8a18cfd1
Fix tab indent
...
git-svn-id: file:///home/svn/framework3/trunk@13836 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-08 18:39:23 +00:00
Joshua Drake
2e7edeff81
See #3585 : Happy Third Birthday MS08-067!
...
Adds an AlwaysOn DEP bypass for XP SP2 and SP3
git-svn-id: file:///home/svn/framework3/trunk@13835 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-08 07:26:37 +00:00
Steve Tornio
93f8d73b0c
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@13810 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-02 17:03:23 +00:00
Mario Ceballos
711bfa7d53
initial coverage for ca total defense sqli
...
git-svn-id: file:///home/svn/framework3/trunk@13809 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-02 15:53:44 +00:00
Wei Chen
2b3a277124
Found an instance that causes the win 7 target to fail. This fix corrects it.
...
git-svn-id: file:///home/svn/framework3/trunk@13797 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-27 08:55:07 +00:00
Matt Weeks
de9e99bd3d
Fix some TOCTOU confusion and database errors.
...
git-svn-id: file:///home/svn/framework3/trunk@13779 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-23 15:12:19 +00:00
Wei Chen
ec6f290fbd
Add Windows 7 target and all kinds of stuff.
...
git-svn-id: file:///home/svn/framework3/trunk@13775 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-22 17:40:35 +00:00
Steve Tornio
e93341f9f1
add cve and osvdb refs
...
git-svn-id: file:///home/svn/framework3/trunk@13768 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-21 11:55:56 +00:00
Wei Chen
5d4f68a6f2
Fix JS
...
git-svn-id: file:///home/svn/framework3/trunk@13767 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-21 03:13:45 +00:00
Wei Chen
936f3de84c
This simple math would do the trick
...
git-svn-id: file:///home/svn/framework3/trunk@13766 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-20 18:56:21 +00:00
Wei Chen
742edf1ad1
Add eSignal and eSignal Pro exploit
...
git-svn-id: file:///home/svn/framework3/trunk@13765 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-20 17:39:53 +00:00
Joshua Drake
3318b132c8
add x90c's email address
...
git-svn-id: file:///home/svn/framework3/trunk@13757 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-19 19:40:48 +00:00
Steve Tornio
ee09c028a0
add cve and osvdb refs
...
git-svn-id: file:///home/svn/framework3/trunk@13756 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-19 11:38:49 +00:00
Matt Weeks
1d2ddc55e8
Add UI for PXE attack reset.
...
git-svn-id: file:///home/svn/framework3/trunk@13753 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-18 20:44:16 +00:00
James Lee
f4be092ac1
include the CVE with more details that definitely applies to this bug, in addition to the ambiguous one that may or may not
...
git-svn-id: file:///home/svn/framework3/trunk@13751 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-18 03:57:27 +00:00
Wei Chen
bf315b09ed
Add DAQFactory bof
...
git-svn-id: file:///home/svn/framework3/trunk@13750 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-18 02:45:55 +00:00
Tod Beardsley
10c76f66ba
Adding an extra print line to adobe_cooltype_sing that clearly displays the user-agent.
...
git-svn-id: file:///home/svn/framework3/trunk@13748 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-17 20:12:51 +00:00
Wei Chen
56025609f0
Add fix commit url to reference. Thx jduck!
...
git-svn-id: file:///home/svn/framework3/trunk@13745 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-17 06:48:33 +00:00
Wei Chen
2ebef435a0
Add CVE-2011-2950 Real Player heap overflow
...
git-svn-id: file:///home/svn/framework3/trunk@13738 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-16 19:22:29 +00:00
Wei Chen
6443ee024c
Add Measuresoft ScadaPro exploit
...
git-svn-id: file:///home/svn/framework3/trunk@13737 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-16 08:23:59 +00:00
Wei Chen
7569cad178
Correct variable use in heap spray js function
...
git-svn-id: file:///home/svn/framework3/trunk@13735 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-15 22:37:13 +00:00
Wei Chen
70fa0e630b
Add Windows 7 + IE 8 target. Also use a different approach to get code execution.
...
git-svn-id: file:///home/svn/framework3/trunk@13734 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-15 20:51:01 +00:00
Steve Tornio
de98758f2b
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@13728 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-13 20:10:28 +00:00
Wei Chen
9e5d07b201
Add ScadaTEC ScadaPhone bof
...
git-svn-id: file:///home/svn/framework3/trunk@13727 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-13 17:25:03 +00:00
Steve Tornio
e6ce90c551
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@13724 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-12 21:42:36 +00:00
Wei Chen
8b8388ed44
Add CVE-2011-3322 Procyon Core Server HMI
...
git-svn-id: file:///home/svn/framework3/trunk@13721 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-12 17:54:31 +00:00
Wei Chen
e597891a1f
Add support for DEP bypass
...
git-svn-id: file:///home/svn/framework3/trunk@13711 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-09 18:15:50 +00:00
James Lee
e31acef6e9
whitespace cleanup
...
git-svn-id: file:///home/svn/framework3/trunk@13702 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-07 15:30:08 +00:00
Mario Ceballos
6f28911d3d
added patch from joshua taylor.
...
git-svn-id: file:///home/svn/framework3/trunk@13698 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-06 19:58:40 +00:00
Wei Chen
819e673b88
Mention about the RSA attack in the description, also add a reference for it
...
git-svn-id: file:///home/svn/framework3/trunk@13697 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-06 17:22:00 +00:00
HD Moore
7fb4a3c571
Fix up the disablenops syntax
...
git-svn-id: file:///home/svn/framework3/trunk@13694 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-05 16:27:04 +00:00
Mario Ceballos
2f2421badc
initial coverage of the pnsize bug (fileformat)
...
git-svn-id: file:///home/svn/framework3/trunk@13691 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-03 21:17:58 +00:00
Wei Chen
44ba7e80d5
This module still works against 2.5 (most current as of Sept 2 2011)
...
git-svn-id: file:///home/svn/framework3/trunk@13688 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-03 04:52:04 +00:00
David Rude
8a070b81a2
Add the noobfuscation arg to the heaplib call
...
git-svn-id: file:///home/svn/framework3/trunk@13675 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-01 09:00:20 +00:00
Wei Chen
4e92190fa8
Add additional references, correct disclosure date
...
git-svn-id: file:///home/svn/framework3/trunk@13673 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-01 05:20:47 +00:00
Wei Chen
717b0eddee
Add DVD X plf playlist buffer overflow
...
git-svn-id: file:///home/svn/framework3/trunk@13672 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-01 05:14:21 +00:00
Wei Chen
22dc0ed551
Fix disclosure date
...
git-svn-id: file:///home/svn/framework3/trunk@13670 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-31 00:15:46 +00:00
David Rude
c5fe6ed503
Reset the target to allow for multiple client connections
...
git-svn-id: file:///home/svn/framework3/trunk@13669 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-30 22:29:14 +00:00
David Rude
70dffd6afb
Adds Citrix Gateway ActiveX Stack Based Buffer Overflow module
...
git-svn-id: file:///home/svn/framework3/trunk@13666 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-30 22:22:32 +00:00
Matt Weeks
6853221762
Fixes #5313 by adding logging support to pivoted PXE attacks, and displaying results as the module runs.
...
git-svn-id: file:///home/svn/framework3/trunk@13646 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-27 15:46:49 +00:00
Matt Weeks
f9e651d382
Report to DB too.
...
git-svn-id: file:///home/svn/framework3/trunk@13640 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-25 22:56:22 +00:00
Matt Weeks
23b4f4ed98
Address #5313 for locally-launched PXE attacks.
...
git-svn-id: file:///home/svn/framework3/trunk@13639 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-25 22:48:33 +00:00
amaloteaux
9cfba23558
psexec: allow o upload payload in a subfolder
...
git-svn-id: file:///home/svn/framework3/trunk@13638 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-25 22:30:46 +00:00
Matt Weeks
06c3dabe31
Fixes #5312 for pivoted PXE attacks.
...
git-svn-id: file:///home/svn/framework3/trunk@13634 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-25 02:07:35 +00:00
David Rude
b331073851
cleaned up some column width issues, added on_new_session clean up code to remove files
...
git-svn-id: file:///home/svn/framework3/trunk@13599 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-20 17:47:03 +00:00
Wei Chen
6723c7fb3e
Minor metadata format fix
...
git-svn-id: file:///home/svn/framework3/trunk@13593 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-20 00:11:22 +00:00
Wei Chen
8fbd81a0f0
Add HP Easy Printer xmlsimpleaccessor exploit
...
git-svn-id: file:///home/svn/framework3/trunk@13592 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-19 23:49:45 +00:00
Mario Ceballos
aef764de08
working on moving things referenced in Feature #653 . added different param for secure backup
...
git-svn-id: file:///home/svn/framework3/trunk@13591 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-19 18:35:29 +00:00
Wei Chen
fe53151324
fix tabs
...
git-svn-id: file:///home/svn/framework3/trunk@13590 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-19 16:58:50 +00:00
Wei Chen
056adf7063
Add Win 7 target
...
git-svn-id: file:///home/svn/framework3/trunk@13589 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-19 16:57:19 +00:00
Wei Chen
2a62ac35ac
Fix bug #5267
...
git-svn-id: file:///home/svn/framework3/trunk@13573 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-17 06:14:51 +00:00
Wei Chen
6c58dad979
ugh, why the extra spaces
...
git-svn-id: file:///home/svn/framework3/trunk@13566 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-15 15:34:49 +00:00
Wei Chen
eaa5cf6b5d
Use heaplib on IE 8, allow obfuscation as an option
...
git-svn-id: file:///home/svn/framework3/trunk@13565 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-15 15:32:17 +00:00
Wei Chen
55d60a1af2
Allow JavaScript obfuscation as an option
...
git-svn-id: file:///home/svn/framework3/trunk@13556 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-13 02:28:49 +00:00
Wei Chen
c29a4d5ea3
Specify UUID offset for the custom .Net binary
...
git-svn-id: file:///home/svn/framework3/trunk@13555 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-13 02:15:05 +00:00
Wei Chen
f8bf910fbb
missing var
...
git-svn-id: file:///home/svn/framework3/trunk@13554 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-13 02:05:08 +00:00
Wei Chen
8bf7a9990b
Improve javascript obfuscation, and allow it as an option
...
git-svn-id: file:///home/svn/framework3/trunk@13553 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-12 23:03:11 +00:00
Wei Chen
20f4280d9f
Exploit is much more reliable than before, it gets a promotion
...
git-svn-id: file:///home/svn/framework3/trunk@13549 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-12 19:17:23 +00:00
Wei Chen
bfc59e4c62
Add MS10-026 exploit
...
git-svn-id: file:///home/svn/framework3/trunk@13547 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-12 19:04:25 +00:00
Wei Chen
3b04e7bd9e
Add routine to check target before exploiting it
...
git-svn-id: file:///home/svn/framework3/trunk@13535 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-11 23:05:45 +00:00
Wei Chen
0d9908435a
Allow JavaScript obfuscation as an option
...
git-svn-id: file:///home/svn/framework3/trunk@13533 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-11 22:18:25 +00:00
Wei Chen
456aeeb90b
Allow JavaScript obfuscation as an option
...
git-svn-id: file:///home/svn/framework3/trunk@13530 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-11 18:47:21 +00:00
Wei Chen
4ac431948a
Allow JavaScript obfuscation as an option
...
git-svn-id: file:///home/svn/framework3/trunk@13524 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-11 15:50:43 +00:00
Wei Chen
a1526e86b8
Use heaplib to spray, and use obfuscation as an option
...
git-svn-id: file:///home/svn/framework3/trunk@13523 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-11 15:25:14 +00:00
Steve Tornio
a6a444930e
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@13522 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-11 11:17:30 +00:00
Wei Chen
950a4215a0
Fix a problem where resp.index() might return nil
...
git-svn-id: file:///home/svn/framework3/trunk@13521 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-11 09:03:19 +00:00
Wei Chen
6a89cf5859
Add TeeChart Professional ActiveX exploit
...
git-svn-id: file:///home/svn/framework3/trunk@13520 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-11 08:41:30 +00:00
Matt Weeks
dad6103944
Fix documentation to match change; will only affect windows.
...
git-svn-id: file:///home/svn/framework3/trunk@13519 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-11 03:05:58 +00:00
Matt Weeks
f12742a05f
Better cleanup for PXE attacks.
...
git-svn-id: file:///home/svn/framework3/trunk@13518 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-11 02:57:02 +00:00
Wei Chen
58198f37ba
Fix reference link
...
git-svn-id: file:///home/svn/framework3/trunk@13513 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-10 18:58:20 +00:00
Wei Chen
8dc4228ee0
Fix very minor typo
...
git-svn-id: file:///home/svn/framework3/trunk@13508 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-10 17:05:49 +00:00
Wei Chen
3b1769d621
Add Mozilla Firefox 3.6.16 mChannel Use After Free exploit by Rh0
...
git-svn-id: file:///home/svn/framework3/trunk@13507 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-10 05:58:02 +00:00
Matt Weeks
b2733c04db
More PXE dust for extra magic!
...
git-svn-id: file:///home/svn/framework3/trunk@13493 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-05 17:10:27 +00:00
Wei Chen
a0168d59a8
Minor fix to comply with the 100 columns per line guideline
...
git-svn-id: file:///home/svn/framework3/trunk@13467 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-01 21:20:29 +00:00
David Rude
bee7fba3c8
Small typo fix and some minor formatting
...
git-svn-id: file:///home/svn/framework3/trunk@13466 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-01 19:34:01 +00:00
David Rude
118ca372b3
adding CA Arcserve D2D GWT Credential Information Disclosure module
...
git-svn-id: file:///home/svn/framework3/trunk@13465 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-01 14:40:52 +00:00
Tod Beardsley
df52bfaa4f
Ensure that we check for pcaprub before doing much anything else for those modules that actually require it. In some cases, that means moving open_pcap() up to be the first method call, in others, insert check_pcaprub_loaded first. Also removes a few cases of redundant checking (the Capture mixin does all this already anyway).
...
git-svn-id: file:///home/svn/framework3/trunk@13381 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-27 20:21:47 +00:00
Wei Chen
6fc59d5287
Fill in BID reference
...
git-svn-id: file:///home/svn/framework3/trunk@13330 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-24 19:42:40 +00:00
Wei Chen
6bf90f884e
Fix debug mode and some extra tabs in JS
...
git-svn-id: file:///home/svn/framework3/trunk@13325 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-24 00:22:29 +00:00
Wei Chen
f47a2c7565
Format dictatorship round 2: Fix author e-mail format for all exploit modules
...
git-svn-id: file:///home/svn/framework3/trunk@13297 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-22 20:17:58 +00:00
Wei Chen
25c89c2e7a
Put the short jmp in there
...
git-svn-id: file:///home/svn/framework3/trunk@13224 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-19 15:07:00 +00:00
HD Moore
7dbb56b38b
No longer default a target for XP systems; some obscure builds of XP Embedded SP1 have a different offset and not good way to differentiate
...
git-svn-id: file:///home/svn/framework3/trunk@13214 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-19 01:40:26 +00:00
Wei Chen
3ca9b51984
oops, a little mistake in the description
...
git-svn-id: file:///home/svn/framework3/trunk@13212 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-18 20:46:08 +00:00
Wei Chen
821e9dd68b
Updated metadata, merged code with #4923 . Thx Joff.
...
git-svn-id: file:///home/svn/framework3/trunk@13211 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-18 20:39:27 +00:00
HD Moore
764bb36f44
Wait a little longer for a session (5 seconds)
...
git-svn-id: file:///home/svn/framework3/trunk@13208 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-18 16:05:51 +00:00
HD Moore
8887fe86b8
Either the offset or the env page moves around for this exploit on some non-english systems, do not default the target for 2003 SP0
...
git-svn-id: file:///home/svn/framework3/trunk@13206 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-18 14:59:55 +00:00
Wei Chen
2eeffc39fc
Add Iconics GENESIS32 GenBroker exploit by lincoln and corelanc0d3r
...
git-svn-id: file:///home/svn/framework3/trunk@13197 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-17 15:01:46 +00:00
Wei Chen
681563adc9
Fix that extra tab in the description
...
git-svn-id: file:///home/svn/framework3/trunk@13194 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-16 05:21:20 +00:00
Wei Chen
2e93ba06ba
Add HP NNM ToolBar.exe exploit aganist the OvOSLocale cookie parameter
...
git-svn-id: file:///home/svn/framework3/trunk@13193 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-16 05:14:33 +00:00
Wei Chen
86b40e894b
Make room for another exploit against ToolBar.exe
...
git-svn-id: file:///home/svn/framework3/trunk@13192 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-16 04:45:21 +00:00
James Lee
c412a836ed
add VERBOSE option to all modules and vprint_* methods to use it
...
git-svn-id: file:///home/svn/framework3/trunk@13183 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-15 15:33:35 +00:00
Steve Tornio
9278b0a5f5
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@13152 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-11 06:59:00 +00:00
Wei Chen
94aea207d3
Remove extra tabs and spaces
...
git-svn-id: file:///home/svn/framework3/trunk@13148 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-10 21:10:45 +00:00
Wei Chen
9892eb39eb
Syntax fix
...
git-svn-id: file:///home/svn/framework3/trunk@13147 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-10 20:50:52 +00:00
Wei Chen
32a7eb0000
svn propset
...
git-svn-id: file:///home/svn/framework3/trunk@13146 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-10 19:19:00 +00:00
David Rude
7958516549
Adds Xeros Firefox nstreerange exploit
...
git-svn-id: file:///home/svn/framework3/trunk@13143 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-10 17:12:53 +00:00
Wei Chen
5b69b52ec4
"InitialAutoRunScript" is more like it
...
git-svn-id: file:///home/svn/framework3/trunk@13142 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-10 07:28:12 +00:00
Wei Chen
6448daf571
MS10-018, y u no InitialAutoRunScript
...
git-svn-id: file:///home/svn/framework3/trunk@13141 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-10 07:02:38 +00:00
Wei Chen
15f82402af
I changed my mind. The ATTEMPTS options is required.
...
git-svn-id: file:///home/svn/framework3/trunk@13137 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-09 04:10:52 +00:00
Wei Chen
1246fd5731
Added Blue Coat Authentication Authorization Agent exploit
...
git-svn-id: file:///home/svn/framework3/trunk@13134 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-09 01:40:29 +00:00
Steve Tornio
94640b6bc4
add osvdb refs
...
git-svn-id: file:///home/svn/framework3/trunk@13115 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-07 11:54:54 +00:00
Wei Chen
47e6c4a89f
Added #4870 - MicroP .mppl buffer overflow exploit
...
git-svn-id: file:///home/svn/framework3/trunk@13114 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-07 06:29:37 +00:00
HD Moore
78f2525fdc
Fixes #4879 by adding a new target from bperry
...
git-svn-id: file:///home/svn/framework3/trunk@13110 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-07 03:33:04 +00:00
Wei Chen
1058948419
Updated ROP, no more hardcoded ntdll addresses
...
git-svn-id: file:///home/svn/framework3/trunk@13106 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-06 07:22:24 +00:00
Wei Chen
7589f8d2f1
Updated target name that works against multiple systems (thx corelanc0d3r)
...
git-svn-id: file:///home/svn/framework3/trunk@13105 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-06 01:59:24 +00:00
Wei Chen
1e4dfaf6de
Change author name for dookie
...
git-svn-id: file:///home/svn/framework3/trunk@13096 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-04 22:33:47 +00:00
Wei Chen
2f6b89516a
Added HP Data Protector omniinet buffer overflow with opcode 20
...
git-svn-id: file:///home/svn/framework3/trunk@13092 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-04 17:02:40 +00:00
HD Moore
db6b8c3545
Probably time to fess up :)
...
git-svn-id: file:///home/svn/framework3/trunk@13088 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-02 01:09:46 +00:00
Wei Chen
dbd04d754a
Change to a better P/P/R, tested on 4 different machines. Thx fdiskyou.
...
git-svn-id: file:///home/svn/framework3/trunk@13081 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-01 22:26:12 +00:00
Mario Ceballos
b6e1c6a967
add exploit module hp_omniinet_3.rb
...
git-svn-id: file:///home/svn/framework3/trunk@13080 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-01 17:07:38 +00:00
Wei Chen
fc33b1d20e
'\x00' isn't the same as "\x00"
...
git-svn-id: file:///home/svn/framework3/trunk@13051 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-28 19:45:51 +00:00
Wei Chen
73dc5c605b
Change ranking. Because looks like it works better than "average"
...
git-svn-id: file:///home/svn/framework3/trunk@13042 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-27 18:00:12 +00:00
Wei Chen
e6995b4912
Added ZDI-11-023 Citrix Provisioning Services bof exploit (Feature #4798 )
...
git-svn-id: file:///home/svn/framework3/trunk@13041 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-27 17:54:18 +00:00
Wei Chen
1b25cf3c43
Using SEH instead of egghunter. Verified again on Win2k3. thx to MC.
...
git-svn-id: file:///home/svn/framework3/trunk@13036 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-26 19:28:14 +00:00
Wei Chen
6325515ca7
Minor name change
...
git-svn-id: file:///home/svn/framework3/trunk@13034 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-26 16:09:53 +00:00
Wei Chen
07f415f4e0
Forgot to switch back to random paddings
...
git-svn-id: file:///home/svn/framework3/trunk@13033 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-26 16:06:39 +00:00
Wei Chen
f0e6159a35
Minor name change for the exploit
...
git-svn-id: file:///home/svn/framework3/trunk@13031 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-26 06:01:21 +00:00
Wei Chen
13b2209f3d
Added Microsoft Visio DXF File Buffer Overflow Exploit by Juan
...
git-svn-id: file:///home/svn/framework3/trunk@13030 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-26 05:59:37 +00:00
Wei Chen
0cf51f8d5a
Exploit name change. Also, this thing doesn't use seh.
...
git-svn-id: file:///home/svn/framework3/trunk@13026 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-25 14:25:45 +00:00
Steve Tornio
27eb48f650
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@13025 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-25 11:27:55 +00:00
Wei Chen
f16f850fc6
Added Siemens FactoryLink 8 csservice.exe (port 7580)
...
git-svn-id: file:///home/svn/framework3/trunk@13019 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-25 00:54:18 +00:00
David Rude
37b7345fea
Adds Ranking and Fileformat version of the Lotus Notes LZH Exploit
...
git-svn-id: file:///home/svn/framework3/trunk@13015 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-23 15:43:54 +00:00
Steve Tornio
59943cb367
add osvdb and cve refs
...
git-svn-id: file:///home/svn/framework3/trunk@13014 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-23 12:05:09 +00:00
David Rude
7b5860d0ab
Fix a bug if the RHOST length is 15 or longer
...
git-svn-id: file:///home/svn/framework3/trunk@13013 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-23 09:58:50 +00:00
David Rude
df8bf68722
Adds Lotus Notes .lzh Autonomy Keyview Exploit
...
git-svn-id: file:///home/svn/framework3/trunk@13012 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-23 09:51:16 +00:00
Wei Chen
1223275330
Change ranking for now until we have a better solution for SP3
...
git-svn-id: file:///home/svn/framework3/trunk@13009 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-23 01:04:29 +00:00
Wei Chen
bd62c13fb0
Added RealWin SCADA Server DATAC Login Buffer Overflow (Feature #4787 ))
...
git-svn-id: file:///home/svn/framework3/trunk@13007 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-22 22:36:55 +00:00
James Lee
57cf0b04a7
stack overflow != stack buffer overflow
...
git-svn-id: file:///home/svn/framework3/trunk@13001 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-21 23:27:16 +00:00
Steve Tornio
465bc8ce88
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@13000 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-21 22:42:53 +00:00
Mario Ceballos
a5a1f1587f
add another scada module. winlog_runtime.rb
...
git-svn-id: file:///home/svn/framework3/trunk@12999 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-21 21:48:30 +00:00
Wei Chen
0400a72ab0
RCA, description update, and some text randomness
...
git-svn-id: file:///home/svn/framework3/trunk@12998 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-21 21:08:57 +00:00
Joshua Drake
69963a45ab
Fixes #4752 - Auto-detect the windows directory and use it for subsequent requests
...
git-svn-id: file:///home/svn/framework3/trunk@12997 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-21 18:55:28 +00:00
Steve Tornio
03464a168e
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@12996 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-21 18:02:35 +00:00
David Rude
d796f523a6
Adds FactorLink vrn.exe exploit from hal
...
git-svn-id: file:///home/svn/framework3/trunk@12995 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-21 13:20:18 +00:00
Wei Chen
fdbc038bd0
Add BlackIce Cover Page ActiveX downloadimagefileurl exploit
...
git-svn-id: file:///home/svn/framework3/trunk@12992 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-21 02:51:39 +00:00
Steve Tornio
8ee3bf7f54
add cve, osvdb and bugtraq id.
...
git-svn-id: file:///home/svn/framework3/trunk@12978 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-20 11:07:22 +00:00
HD Moore
3831e49455
See #4506 for Macro handling
...
git-svn-id: file:///home/svn/framework3/trunk@12977 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-20 07:23:16 +00:00
Wei Chen
0b30256203
Add licensing
...
git-svn-id: file:///home/svn/framework3/trunk@12975 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-20 04:01:47 +00:00
Wei Chen
eff703b3ad
Add SCADA Realwin On_FC_CONNECT_FCS_a_FILE buffer overflow
...
git-svn-id: file:///home/svn/framework3/trunk@12974 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-20 00:37:13 +00:00
Steve Tornio
650762517f
update CVE and OSVDB to match what the author said
...
git-svn-id: file:///home/svn/framework3/trunk@12964 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-17 17:35:57 +00:00
Steve Tornio
7c47b48f5b
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@12962 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-17 01:56:20 +00:00
Wei Chen
23cc89482b
CVE correction, thanks Kurt.
...
git-svn-id: file:///home/svn/framework3/trunk@12961 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-17 00:56:11 +00:00
Wei Chen
eae350b88b
CVE-2011-1260 seems to be the right one
...
git-svn-id: file:///home/svn/framework3/trunk@12959 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-16 22:27:10 +00:00
Wei Chen
0a04835138
Added MS11-050 by d0c_s4vage
...
git-svn-id: file:///home/svn/framework3/trunk@12956 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-16 21:19:12 +00:00
HD Moore
d11e1f3294
Make all keywords consistent for modules.
...
git-svn-id: file:///home/svn/framework3/trunk@12936 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-13 03:38:31 +00:00
David Rude
04d280fdd0
minor fixes
...
git-svn-id: file:///home/svn/framework3/trunk@12925 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-12 00:04:55 +00:00
David Rude
ee7454c5e6
Added IBM Tivoli Endpoint Manager HTTP POST query buffer overflow exploit
...
git-svn-id: file:///home/svn/framework3/trunk@12922 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-11 23:48:18 +00:00
Steve Tornio
579d823070
add osvdb and cve refs
...
git-svn-id: file:///home/svn/framework3/trunk@12893 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-09 20:44:52 +00:00
David Rude
247251ac07
Remove references to OUTPUTPATH options, unless files are created using a different method
...
git-svn-id: file:///home/svn/framework3/trunk@12892 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-09 19:51:56 +00:00
Wei Chen
24bb7c3d8d
7-Technologies IGSS v9.0 Rename command buffer overflow
...
git-svn-id: file:///home/svn/framework3/trunk@12886 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-09 06:04:04 +00:00
David Rude
e2820918ad
adds Windows XP SP3 target and updates the reference link
...
git-svn-id: file:///home/svn/framework3/trunk@12873 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-06 20:29:02 +00:00
David Rude
b9e398c706
adds support for SSL
...
git-svn-id: file:///home/svn/framework3/trunk@12872 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-06 20:15:51 +00:00
David Rude
31a659e55a
Fixed this up to use the new JS obfuscation hotness thanks to egyp7s rkelly fu!
...
git-svn-id: file:///home/svn/framework3/trunk@12871 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-06 19:49:33 +00:00
Steve Tornio
377a18030a
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@12869 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-06 19:06:18 +00:00
David Rude
3d7715ce60
Added Cisco AnyConnect VPN Client ActiveX download and execute exploit
...
git-svn-id: file:///home/svn/framework3/trunk@12868 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-06 18:52:26 +00:00
Wei Chen
2e861a2fa8
Added CVE
...
git-svn-id: file:///home/svn/framework3/trunk@12865 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-06 02:35:40 +00:00
James Lee
bee19278d7
add a new javascript obfuscation engine using rkelly for parsing. use it in browser_autopwn and ms10_018_ie_behaviors. see #1003
...
git-svn-id: file:///home/svn/framework3/trunk@12839 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-03 00:36:26 +00:00
Steve Tornio
6890ec5610
add cve and osvdb refs
...
git-svn-id: file:///home/svn/framework3/trunk@12816 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-02 12:24:25 +00:00
David Rude
bfdb3a2a36
Added GoldenFTP exploit
...
git-svn-id: file:///home/svn/framework3/trunk@12812 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-02 01:10:22 +00:00
Steve Tornio
f43368ebe4
add osvdb refs
...
git-svn-id: file:///home/svn/framework3/trunk@12779 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-31 14:33:19 +00:00
Wei Chen
396e476a03
Updated description, documented packet header a bit
...
git-svn-id: file:///home/svn/framework3/trunk@12774 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-30 21:17:35 +00:00
Wei Chen
b950219b0d
Fix typo
...
git-svn-id: file:///home/svn/framework3/trunk@12773 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-30 21:06:56 +00:00
Wei Chen
4d044ee592
Added 7-Technologies IGSS 9.0 Write File / EXE packet handling exploit
...
git-svn-id: file:///home/svn/framework3/trunk@12772 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-30 21:00:49 +00:00
Jonathan Cran
ef7a7adc1e
escape slashes, thanks aushack
...
git-svn-id: file:///home/svn/framework3/trunk@12738 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-27 06:14:52 +00:00
Steve Tornio
782b1c6dd6
add stratsec ref, update disclosure to match public timeline
...
git-svn-id: file:///home/svn/framework3/trunk@12716 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-25 13:57:12 +00:00
Wei Chen
c1233db428
ugh! It's visiwavereport.exe, not visiwave.exe.
...
git-svn-id: file:///home/svn/framework3/trunk@12711 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-25 04:48:25 +00:00
Wei Chen
0c60fe5a4b
Couldn't help but patch-diff it and updated the description again
...
git-svn-id: file:///home/svn/framework3/trunk@12710 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-25 04:45:17 +00:00
Wei Chen
6b6c6b2f64
We're actually not using 'Ret', it is removed.
...
git-svn-id: file:///home/svn/framework3/trunk@12706 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-24 23:15:06 +00:00
Wei Chen
af4b8bfef6
RCA done, the new description explains what really happens that causes the vulnerability.
...
git-svn-id: file:///home/svn/framework3/trunk@12705 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-24 22:58:10 +00:00
Wei Chen
f80c66ee8f
Disclosure date is actually May 10 2011, confirmed by Mr_Me.
...
git-svn-id: file:///home/svn/framework3/trunk@12698 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-23 23:55:03 +00:00
Steve Tornio
fd6a3def6e
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@12695 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-23 19:50:57 +00:00
Wei Chen
d900892da8
Disclosure date change. '2007' wouldn't make sense now, would it?
...
git-svn-id: file:///home/svn/framework3/trunk@12692 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-23 16:30:07 +00:00
Wei Chen
8089d10618
Added VisiWave Site Survey Report buffer overflow exploit
...
git-svn-id: file:///home/svn/framework3/trunk@12691 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-23 16:28:38 +00:00
Steve Tornio
28d5febfad
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@12688 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-22 23:41:15 +00:00
Wei Chen
e916a61eec
Date format fix
...
git-svn-id: file:///home/svn/framework3/trunk@12685 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-22 22:09:52 +00:00
Wei Chen
d9c0d1c941
Added Magix Musik Maker 16 buffer overflow exploit
...
git-svn-id: file:///home/svn/framework3/trunk@12684 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-22 22:08:09 +00:00
James Lee
36983436db
play a little nicer with browser autopwn by not spraying the heap if creating the vulnerable object failed
...
git-svn-id: file:///home/svn/framework3/trunk@12667 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-19 19:45:14 +00:00
James Lee
0b88468617
out with the new, in with the old. css_clip is pretty unreliable in my tests, go back to using ie_behaviors in browser autopwn
...
git-svn-id: file:///home/svn/framework3/trunk@12663 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-19 16:33:55 +00:00
Wei Chen
f9c49ef9ce
Comment update (this is still for the egghunter fix: bug #4552 )
...
git-svn-id: file:///home/svn/framework3/trunk@12657 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-18 19:50:22 +00:00
Wei Chen
6345fec06c
checksum support for egghunter disabled, because not enough room for it. See r4552.
...
git-svn-id: file:///home/svn/framework3/trunk@12656 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-18 19:48:06 +00:00
Steve Tornio
72692d27f7
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@12643 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-17 11:28:25 +00:00
Wei Chen
4f56444f2c
Fix for nops
...
git-svn-id: file:///home/svn/framework3/trunk@12639 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-16 19:30:17 +00:00
Wei Chen
95700687de
Added IGSS 9 buffer overflow
...
git-svn-id: file:///home/svn/framework3/trunk@12638 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-16 19:02:05 +00:00
Wei Chen
40894c3726
Moving Iconics webhmi activeX exploit from browser to scada directory
...
git-svn-id: file:///home/svn/framework3/trunk@12584 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-11 20:45:54 +00:00
Steve Tornio
d0c93f7e49
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@12582 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-11 11:33:16 +00:00
Wei Chen
5d59d819ac
Added SPlayer Content-Type bof
...
git-svn-id: file:///home/svn/framework3/trunk@12581 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-11 00:18:11 +00:00
Steve Tornio
b84df80983
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@12576 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-10 19:16:07 +00:00
Wei Chen
105b5799af
Added ICONICS WebHMI ActiveX SetActiveXGuid bof
...
git-svn-id: file:///home/svn/framework3/trunk@12573 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-10 18:07:15 +00:00
Steve Tornio
c87ba8f026
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@12557 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-06 19:33:01 +00:00
Joshua Drake
5b8e4707cc
Add an exploit for CVE-2011-1574 (libmodplug via VLC 1.1.8)
...
git-svn-id: file:///home/svn/framework3/trunk@12544 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-06 15:29:07 +00:00
Wei Chen
8d78a47e45
get_resource() added to 'src' parameter
...
git-svn-id: file:///home/svn/framework3/trunk@12543 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-05 22:10:30 +00:00
David Rude
c80d454dd7
fixes some logic which restricted the use of other windows targets
...
git-svn-id: file:///home/svn/framework3/trunk@12542 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-05 15:11:46 +00:00
David Rude
a8b6c43636
reverting the disclosure dates for now need to clean up the patch
...
git-svn-id: file:///home/svn/framework3/trunk@12540 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-04 20:43:19 +00:00
David Rude
3b7ea08f6a
Fixes a ton of Disclosure Date discrepencies in various modules, thanks a ton to Michael Baker for spending the time to ensure accuracy
...
git-svn-id: file:///home/svn/framework3/trunk@12539 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-04 19:17:31 +00:00
Steve Tornio
fdd9b361bb
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@12532 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-03 11:40:09 +00:00
Wei Chen
9c619c3a40
Added mjm quickplayer s3m bof
...
git-svn-id: file:///home/svn/framework3/trunk@12474 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-30 02:37:14 +00:00
Wei Chen
72af607aef
Added MJM Coreplayer s3m bof
...
git-svn-id: file:///home/svn/framework3/trunk@12473 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-30 02:36:14 +00:00
Mario Ceballos
be2f68afbd
this method doesnt work with a licensed install.
...
git-svn-id: file:///home/svn/framework3/trunk@12470 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-29 22:17:40 +00:00
Wei Chen
8fa4443a68
Added Subtitle Processor 7.7.1 bof
...
git-svn-id: file:///home/svn/framework3/trunk@12461 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-28 08:12:32 +00:00
Mario Ceballos
be83842dff
added exploit module emc_homebase_exec.rb
...
git-svn-id: file:///home/svn/framework3/trunk@12458 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-27 20:29:27 +00:00
Wei Chen
f59db11f0e
Fixed typo in description. Thanks ragecyr.
...
git-svn-id: file:///home/svn/framework3/trunk@12456 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-27 16:54:49 +00:00
Wei Chen
a31ac81b57
Added eZip Wizard 3.0 Stack Buffer Overflow
...
git-svn-id: file:///home/svn/framework3/trunk@12428 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-25 01:06:34 +00:00
Wei Chen
2772be9125
Small offset change for Win 7 target requested by sd
...
git-svn-id: file:///home/svn/framework3/trunk@12422 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-24 03:50:55 +00:00
Wei Chen
c5d51cf810
Disclosure date change
...
git-svn-id: file:///home/svn/framework3/trunk@12391 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-21 15:45:07 +00:00
Wei Chen
7ef79e3ca5
Changed disclosure date
...
git-svn-id: file:///home/svn/framework3/trunk@12389 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-21 15:34:01 +00:00
Mario Ceballos
31f2afc033
fix date
...
git-svn-id: file:///home/svn/framework3/trunk@12388 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-21 11:12:34 +00:00
Wei Chen
cb491e35d2
Changed disclosure date
...
git-svn-id: file:///home/svn/framework3/trunk@12384 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-21 02:10:40 +00:00
Wei Chen
458d8cccb8
Modified heap spray routine. Added IE 8 target for XP SP3.
...
git-svn-id: file:///home/svn/framework3/trunk@12383 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-20 21:55:33 +00:00
amaloteaux
a08bef0a47
allow the wireshark dect dissector exploit to be used remotly
...
git-svn-id: file:///home/svn/framework3/trunk@12376 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-20 16:36:48 +00:00
Wei Chen
488c6de9df
Description change again
...
git-svn-id: file:///home/svn/framework3/trunk@12371 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-19 16:41:58 +00:00
Wei Chen
4b7595b8e4
Updated the size of the pcap file. Description also udpated.
...
git-svn-id: file:///home/svn/framework3/trunk@12369 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-19 16:34:17 +00:00
Wei Chen
6d0bfaaa57
Updated author
...
git-svn-id: file:///home/svn/framework3/trunk@12368 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-19 15:23:49 +00:00
Steve Tornio
0859bb18a7
add cve and osvdb refs
...
git-svn-id: file:///home/svn/framework3/trunk@12365 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-19 11:32:17 +00:00
Wei Chen
90668a9913
Date format fix
...
git-svn-id: file:///home/svn/framework3/trunk@12364 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-19 07:53:58 +00:00
Wei Chen
9d40da6bbb
Title change
...
git-svn-id: file:///home/svn/framework3/trunk@12363 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-19 06:43:05 +00:00
Wei Chen
9c60889f02
Added Wireshark packet-dect memcpy overflow (.pcap)
...
git-svn-id: file:///home/svn/framework3/trunk@12362 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-19 06:41:57 +00:00
Wei Chen
d4dd84536d
Added Win 7 target
...
git-svn-id: file:///home/svn/framework3/trunk@12361 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-19 03:10:36 +00:00
HD Moore
b94d09cdf1
Try a little harder to make this module more reliable through TCP proxies
...
git-svn-id: file:///home/svn/framework3/trunk@12359 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-18 20:53:21 +00:00
Wei Chen
c28e7259ac
Added CVE-2011-0611 Adobe Flash 0day
...
git-svn-id: file:///home/svn/framework3/trunk@12330 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-16 02:09:33 +00:00
Wei Chen
9ac36d6e0a
Forgot to change two other hardcoded junks to random alpha bytes
...
git-svn-id: file:///home/svn/framework3/trunk@12322 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-14 23:28:58 +00:00
Wei Chen
b81d87173f
Added mr_me's Win XP SP3 + DEP target
...
git-svn-id: file:///home/svn/framework3/trunk@12320 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-14 23:08:47 +00:00
James Lee
b5e0962e3e
return the appropriate check codes instead of just printing stuff. add some error checks to avoid stack traces against samba and non-existant hosts
...
git-svn-id: file:///home/svn/framework3/trunk@12314 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-13 23:26:07 +00:00
Steve Tornio
79e84a46e9
add cve & osvdb refs
...
git-svn-id: file:///home/svn/framework3/trunk@12306 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-12 11:04:29 +00:00
Wei Chen
33249bea32
Changed 0x90 nops to make_nops() instead
...
git-svn-id: file:///home/svn/framework3/trunk@12305 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-11 23:32:41 +00:00
Wei Chen
3dec79f346
Format fix again
...
git-svn-id: file:///home/svn/framework3/trunk@12304 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-11 23:24:12 +00:00
Wei Chen
e5068838ff
Last format fix
...
git-svn-id: file:///home/svn/framework3/trunk@12301 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-11 22:31:27 +00:00
Wei Chen
300989db5f
Format issue fix
...
git-svn-id: file:///home/svn/framework3/trunk@12299 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-11 22:28:38 +00:00
Wei Chen
eea7a0e743
Added Video Spirit vlsprj buffer overflow exploit
...
git-svn-id: file:///home/svn/framework3/trunk@12296 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-11 22:09:23 +00:00
David Rude
39f4c0c42f
Added MS08-067 check method thanks staylor =)
...
git-svn-id: file:///home/svn/framework3/trunk@12294 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-11 16:32:59 +00:00
Patrick Webster
e9e8026832
Fixed author name in modules for myself.
...
git-svn-id: file:///home/svn/framework3/trunk@12292 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-11 02:25:36 +00:00
Wei Chen
ffe6868d22
Updated vbs stager temp var
...
git-svn-id: file:///home/svn/framework3/trunk@12286 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-09 18:24:43 +00:00
Wei Chen
c31603beac
Updated: Using random nops and padding
...
git-svn-id: file:///home/svn/framework3/trunk@12284 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-08 23:09:31 +00:00
Wei Chen
8b0605c418
Added AOL Desktop 9.6 rtx buffer overflow
...
git-svn-id: file:///home/svn/framework3/trunk@12283 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-08 23:03:30 +00:00
David Rude
82f5206bc7
change the filename to reflect the vendor
...
git-svn-id: file:///home/svn/framework3/trunk@12281 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-08 14:06:10 +00:00
Steve Tornio
a8947662db
old file hanging around
...
git-svn-id: file:///home/svn/framework3/trunk@12280 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-08 13:28:57 +00:00
Steve Tornio
bb26593da7
add osvdb ref. rename file to correct typo
...
git-svn-id: file:///home/svn/framework3/trunk@12279 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-08 12:41:18 +00:00
Wei Chen
717fb83fc9
Added RealNetworks RealGames ActiveX exec arbitrary code execution
...
git-svn-id: file:///home/svn/framework3/trunk@12276 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-08 02:39:11 +00:00
David Rude
53790c1afb
Change Vendor name, forgot one target uri fixup
...
git-svn-id: file:///home/svn/framework3/trunk@12275 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-07 23:31:12 +00:00
David Rude
892e241853
Added Netflow Apps Manager Remote Code Execution exploit
...
git-svn-id: file:///home/svn/framework3/trunk@12272 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-07 21:01:34 +00:00
Wei Chen
904b02c44f
Need to track who committed what
...
git-svn-id: file:///home/svn/framework3/trunk@12271 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-07 21:01:20 +00:00
Wei Chen
b90d6fc16f
Modified the heap spraying function. Each block size should be more consistent now.
...
git-svn-id: file:///home/svn/framework3/trunk@12264 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-07 07:27:38 +00:00
Wei Chen
1c5f1f9d24
Fixed typo
...
git-svn-id: file:///home/svn/framework3/trunk@12263 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-07 06:15:47 +00:00
Wei Chen
97a9056a1a
Added CVE-2010-3407 (IBM Lotus Domino iCalendar SMTP)
...
git-svn-id: file:///home/svn/framework3/trunk@12236 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-04 17:43:34 +00:00
amaloteaux
8e61c108d3
typo fix
...
git-svn-id: file:///home/svn/framework3/trunk@12229 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-03 23:11:02 +00:00
Joshua Drake
8a627758f3
update description to remove blurb about ATSVC pipe, since it is no longer used
...
git-svn-id: file:///home/svn/framework3/trunk@12226 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-03 20:53:54 +00:00
James Lee
6dd44fa516
massive keywords cleanup
...
git-svn-id: file:///home/svn/framework3/trunk@12196 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-01 00:51:33 +00:00
Wei Chen
045e75c0b6
Added ret addr for win server 2003 sp2 donated by Polar Bear
...
git-svn-id: file:///home/svn/framework3/trunk@12183 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-30 16:24:52 +00:00
HD Moore
9594829357
Remove the no longer needed require
...
git-svn-id: file:///home/svn/framework3/trunk@12181 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-29 18:11:39 +00:00
HD Moore
e0e8d986e7
Fix up psexec by adding a reqwuire for the wbemexec mixin
...
git-svn-id: file:///home/svn/framework3/trunk@12180 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-29 16:35:26 +00:00
HD Moore
904dd863d1
Remove the WBEM mixin until its actually checked in
...
git-svn-id: file:///home/svn/framework3/trunk@12179 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-29 15:26:08 +00:00
amaloteaux
3a6a02e43c
add wbem exec method for psexec as optional, fix #3972 , thanks to pbk-df3 for patch
...
git-svn-id: file:///home/svn/framework3/trunk@12171 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-29 01:07:32 +00:00
Joshua Drake
0882f18ec0
add fix commit diff and fix broken cve reference
...
git-svn-id: file:///home/svn/framework3/trunk@12166 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-28 03:04:54 +00:00
Joshua Drake
24fd896bfb
add OSVDB reference back, conflict handling fail!
...
git-svn-id: file:///home/svn/framework3/trunk@12165 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-28 03:02:46 +00:00
Wei Chen
214751379f
Updated: using get_resource() instead of datastore['URIPATH']
...
git-svn-id: file:///home/svn/framework3/trunk@12156 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-27 03:56:45 +00:00
Wei Chen
25ca59b56f
Added Win Vista and debug target
...
git-svn-id: file:///home/svn/framework3/trunk@12153 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-26 23:22:51 +00:00
David Rude
349512f48d
Updated exploit ranking and description to reflect the new ranking
...
git-svn-id: file:///home/svn/framework3/trunk@12151 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-26 19:33:38 +00:00
Steve Tornio
81fae13258
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@12147 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-26 12:05:48 +00:00
David Rude
ff3659aa37
Lots of work to make this a lot more reliable =)
...
git-svn-id: file:///home/svn/framework3/trunk@12146 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-26 06:35:28 +00:00
Wei Chen
eb7df0be8e
Updated how the trigger file should be loaded... the proper way.
...
git-svn-id: file:///home/svn/framework3/trunk@12140 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-26 00:07:36 +00:00
Wei Chen
77ceadc6ad
Updated description and how the trigger file loads
...
git-svn-id: file:///home/svn/framework3/trunk@12139 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-25 22:49:11 +00:00
Wei Chen
08f210ac52
Added CVE-2010-3275 (VLC AMV vulnerability)
...
git-svn-id: file:///home/svn/framework3/trunk@12137 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-25 21:03:12 +00:00
Tod Beardsley
fa062b8f32
Sets the cmd stager's temp directory to "." which makes all the writes go to the local data directory for postgresql. This avoids the slashes issue reported by troulouliou and keeps all the uploaded files in one place for somewhat easier cleanup.
...
git-svn-id: file:///home/svn/framework3/trunk@12135 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-25 19:42:36 +00:00
Steve Tornio
5b79e6b4ec
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@12132 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-25 11:28:57 +00:00
Mario Ceballos
c162c0f429
added exploit module hp_nnm_getnnmdata_hostname.rb. now 49 on the list.
...
git-svn-id: file:///home/svn/framework3/trunk@12131 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-25 00:46:59 +00:00
Wei Chen
aa24f29a03
Fixed nops
...
git-svn-id: file:///home/svn/framework3/trunk@12124 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-24 13:51:13 +00:00
Wei Chen
c9eef9ffe5
Fixed typo
...
git-svn-id: file:///home/svn/framework3/trunk@12123 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-24 13:31:58 +00:00
Wei Chen
a05866385f
Added target 7.50, provided by MC
...
git-svn-id: file:///home/svn/framework3/trunk@12122 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-24 02:48:04 +00:00
Steve Tornio
d9dd2a3058
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@12121 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-24 00:49:33 +00:00
Mario Ceballos
342d55ac00
heh, a couple for the hp_nnm party. add exploit modules hp_nnm_getnnmdata_icount.rb hp_nnm_getnnmdata_maxage.rb
...
git-svn-id: file:///home/svn/framework3/trunk@12117 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 21:57:16 +00:00
Wei Chen
1a42a87a65
Added 2011-0267 (exploiting "schdParams" of HP NNM's nnmRptConfig.exe)
...
git-svn-id: file:///home/svn/framework3/trunk@12116 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 21:35:13 +00:00
Tod Beardsley
a3f68b97a6
Fix for 1.8.7 compatability, where regexes need escaped plusses.
...
git-svn-id: file:///home/svn/framework3/trunk@12115 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 21:24:09 +00:00
amaloteaux
46cf938475
fix typo
...
git-svn-id: file:///home/svn/framework3/trunk@12112 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 20:47:49 +00:00
Tod Beardsley
b1178686cf
Fixes #3988 . Adds a command execution module for PostgreSQL by uploading a UDF library and adding sys_exec() as a temporary function. Requires the target to be Windows, uses Bernardo Damele A. G.'s binaries.
...
Also fixes a typo in the arguments to handler which clears up a heretofore mysterious exception (see exploit.rb).
git-svn-id: file:///home/svn/framework3/trunk@12111 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 19:36:07 +00:00
amaloteaux
c0a0e3f217
small fix
...
git-svn-id: file:///home/svn/framework3/trunk@12110 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 19:02:38 +00:00
amaloteaux
e706051bda
psexec : allow exploit to succeed on any r/w share
...
git-svn-id: file:///home/svn/framework3/trunk@12109 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 18:53:32 +00:00
Joshua Drake
6fa39eb32c
merge my work on cve-2010-2703
...
git-svn-id: file:///home/svn/framework3/trunk@12101 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 16:04:45 +00:00
Joshua Drake
efd7b84cc5
change rank / add http fingerprint
...
git-svn-id: file:///home/svn/framework3/trunk@12100 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 16:02:53 +00:00
Joshua Drake
dd5e7f9286
merge in my wacky cve-2010-2709 work
...
git-svn-id: file:///home/svn/framework3/trunk@12099 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 15:55:52 +00:00
Joshua Drake
1460d161da
add exploit for cve-2010-1552
...
git-svn-id: file:///home/svn/framework3/trunk@12098 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 15:47:20 +00:00
Joshua Drake
11e442ed47
add exploit for cve-2010-1964
...
git-svn-id: file:///home/svn/framework3/trunk@12097 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 15:45:48 +00:00
Joshua Drake
6920376237
add exploit for cve-2010-1961
...
git-svn-id: file:///home/svn/framework3/trunk@12096 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 15:44:55 +00:00
Joshua Drake
46cd08e1aa
add exploit for cve-2010-1960
...
git-svn-id: file:///home/svn/framework3/trunk@12095 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 15:43:25 +00:00
Steve Tornio
89ec6ab5da
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@12092 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 11:19:45 +00:00
David Rude
8233030184
opps removed mixin require as well
...
git-svn-id: file:///home/svn/framework3/trunk@12091 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 04:41:48 +00:00
David Rude
f8534f06dd
opps removed mixin reference =)
...
git-svn-id: file:///home/svn/framework3/trunk@12090 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 04:40:38 +00:00
David Rude
d7266b6551
Add CVE-2011-0609 exploit for Adobe Flash
...
git-svn-id: file:///home/svn/framework3/trunk@12089 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 04:31:48 +00:00
Wei Chen
422e5ae7b1
gone.
...
git-svn-id: file:///home/svn/framework3/trunk@12088 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 03:45:01 +00:00
Wei Chen
c8ca48388d
filenamed fix
...
git-svn-id: file:///home/svn/framework3/trunk@12085 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 03:37:18 +00:00
Wei Chen
1a34d81aab
Added CVE-2010-2703
...
git-svn-id: file:///home/svn/framework3/trunk@12083 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 03:23:06 +00:00
Wei Chen
92d52daea8
Added NNM webappmon.exe OvJavaLocale overflow
...
git-svn-id: file:///home/svn/framework3/trunk@12082 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 03:21:56 +00:00
Wei Chen
74e0d2f43e
Added HP NNM nnmRptConfig nameParams overflow
...
git-svn-id: file:///home/svn/framework3/trunk@12081 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 03:20:24 +00:00
Joshua Drake
586c1f9305
oops, broke the LIBPATH option
...
git-svn-id: file:///home/svn/framework3/trunk@12015 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-18 01:18:18 +00:00
Joshua Drake
f4fe3f11b0
enable bind payloads, thx hdm :)
...
git-svn-id: file:///home/svn/framework3/trunk@12014 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-18 00:52:58 +00:00
Steve Tornio
4992deed21
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@12013 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-18 00:16:06 +00:00
Joshua Drake
fb6107ffb5
enable java payloads, currently via one-off method
...
git-svn-id: file:///home/svn/framework3/trunk@12012 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-17 23:57:11 +00:00
David Rude
36b83cde6f
Added exploit for CVE-2010-3747 RealPlayer CDDA URI Code Execution
...
git-svn-id: file:///home/svn/framework3/trunk@12009 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-17 15:42:28 +00:00
David Rude
382e63e16e
fixed a typo in javascript
...
git-svn-id: file:///home/svn/framework3/trunk@12007 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-17 04:40:36 +00:00
Wei Chen
5800608356
Not ready to be part of msf repo, killing it
...
git-svn-id: file:///home/svn/framework3/trunk@11993 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-16 20:42:56 +00:00
HD Moore
f317d60e04
Fix a few cosmetic issues with the kingview module
...
git-svn-id: file:///home/svn/framework3/trunk@11991 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-16 18:04:15 +00:00
Wei Chen
26bee16b5c
I should probably add myself as an author.
...
git-svn-id: file:///home/svn/framework3/trunk@11990 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-16 16:45:12 +00:00
Mario Ceballos
dfd2df6b47
puts this in the appropiate place
...
git-svn-id: file:///home/svn/framework3/trunk@11987 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-16 10:22:07 +00:00
Steve Tornio
78d4822d27
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@11986 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-16 10:15:54 +00:00
David Rude
eeb1aae9d0
Added Japanese NO NX Target
...
git-svn-id: file:///home/svn/framework3/trunk@11985 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-16 07:58:50 +00:00
Joshua Drake
4a1e59be8d
oops =D
...
git-svn-id: file:///home/svn/framework3/trunk@11983 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-16 05:01:29 +00:00
Joshua Drake
4644110962
add exploit for cve-2010-4452, currently windows only and no payloads :(
...
git-svn-id: file:///home/svn/framework3/trunk@11982 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-16 04:50:25 +00:00
Wei Chen
7308a032f9
Added kingview historysvr exploit. by rick2600 & Dillon.
...
git-svn-id: file:///home/svn/framework3/trunk@11980 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-16 02:46:20 +00:00
Wei Chen
e1ff12292f
wrong directory
...
git-svn-id: file:///home/svn/framework3/trunk@11978 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-16 02:44:50 +00:00
Wei Chen
36c05de02e
Added kingview historysvr exploit. By rick2600 and Dillon.
...
git-svn-id: file:///home/svn/framework3/trunk@11977 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-16 02:39:45 +00:00
Mario Ceballos
6d3d0adf93
added exploit module coldfusion_traversal.rb from webDEViL
...
git-svn-id: file:///home/svn/framework3/trunk@11974 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-16 01:38:16 +00:00
Steve Tornio
abcce881b2
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@11969 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-15 21:56:11 +00:00
Mario Ceballos
8189a1f7a9
added exploit module hp_openview_insight_backdoor.rb
...
git-svn-id: file:///home/svn/framework3/trunk@11968 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-15 21:22:07 +00:00
Steve Tornio
45e29834be
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@11955 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-14 12:01:55 +00:00
David Rude
76ee9353aa
changed exploit ranking to better reflect the privileges required
...
git-svn-id: file:///home/svn/framework3/trunk@11954 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-14 10:54:13 +00:00
David Rude
a63534107b
minor style fix
...
git-svn-id: file:///home/svn/framework3/trunk@11953 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-14 05:57:51 +00:00
David Rude
994e6eb450
Exploit for Foxit PDF Reader createDataObject() file write vulnerability
...
git-svn-id: file:///home/svn/framework3/trunk@11952 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-14 05:36:33 +00:00
Wei Chen
ed6f8b5a78
Updated: Made a slight adjustment to the code format
...
git-svn-id: file:///home/svn/framework3/trunk@11945 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-13 07:27:19 +00:00
Wei Chen
74aab1efe4
Added mr_me's kolibri web server head buffer overflow
...
git-svn-id: file:///home/svn/framework3/trunk@11944 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-13 07:18:36 +00:00
amaloteaux
dce7dd13fe
type fix on psexec
...
git-svn-id: file:///home/svn/framework3/trunk@11926 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-10 18:46:58 +00:00
Jonathan Cran
79da0ead08
applying description update from zeknox -- thanks!
...
git-svn-id: file:///home/svn/framework3/trunk@11923 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-10 05:36:17 +00:00
Tod Beardsley
42531e097f
Fixes #3916 . Adds a module for mysql delivery of a payload via a UDF, using Bernardo's quite excellent UDF libraries.
...
git-svn-id: file:///home/svn/framework3/trunk@11899 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-08 22:42:26 +00:00
amaloteaux
5f6995e8d3
enable ntlmv2 and signing for smb client stack (pth implementation is coming), fixes #11678 and #152
...
git-svn-id: file:///home/svn/framework3/trunk@11893 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-07 19:57:53 +00:00
David Rude
695963dde7
Fixed references
...
git-svn-id: file:///home/svn/framework3/trunk@11888 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-07 02:28:15 +00:00
David Rude
b51c9f8397
oops forgot a , =)
...
git-svn-id: file:///home/svn/framework3/trunk@11887 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-06 20:42:37 +00:00
David Rude
6dc0596870
Added Novell iPrint GetDriverSettings <= 5.52 exploit from mr_me thanks
...
git-svn-id: file:///home/svn/framework3/trunk@11886 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-06 20:27:06 +00:00
David Rude
cdba0d532c
Adds a ret for Windows Server 2003 thanks to securityxxpert
...
git-svn-id: file:///home/svn/framework3/trunk@11882 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-05 21:00:57 +00:00
Joshua Drake
dee18a8995
add office 2007 msxml5 targets from SAHA! THX
...
git-svn-id: file:///home/svn/framework3/trunk@11875 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-04 08:39:48 +00:00
Mario Ceballos
aa859e2f68
force ordinal payload
...
git-svn-id: file:///home/svn/framework3/trunk@11799 4d416f70-5f16-0410-b530-b9f4589650da
2011-02-23 00:58:54 +00:00
Joshua Drake
8ef05017b8
style compliance fixes, naughty naughty
...
git-svn-id: file:///home/svn/framework3/trunk@11796 4d416f70-5f16-0410-b530-b9f4589650da
2011-02-22 20:49:44 +00:00
Matt Weeks
c322534907
Add exploit for CVE-2010-3765, firefox interleaved document.write and appendChild calls.
...
git-svn-id: file:///home/svn/framework3/trunk@11773 4d416f70-5f16-0410-b530-b9f4589650da
2011-02-18 02:23:10 +00:00
Joshua Drake
160c683f18
Add WbemExec mixin, modify MS10-061 to use MOF technique
...
git-svn-id: file:///home/svn/framework3/trunk@11766 4d416f70-5f16-0410-b530-b9f4589650da
2011-02-17 19:22:11 +00:00
Joshua Drake
41f0c2eaa5
typo
...
git-svn-id: file:///home/svn/framework3/trunk@11762 4d416f70-5f16-0410-b530-b9f4589650da
2011-02-17 03:56:15 +00:00
Joshua Drake
8c8b181ffb
Update ms11_xxx modules to reflect bulletin release, minor style fixes
...
git-svn-id: file:///home/svn/framework3/trunk@11730 4d416f70-5f16-0410-b530-b9f4589650da
2011-02-08 23:31:44 +00:00
Joshua Drake
dafeecdc96
Small fix from Dan Rosenberg
...
git-svn-id: file:///home/svn/framework3/trunk@11725 4d416f70-5f16-0410-b530-b9f4589650da
2011-02-08 18:22:36 +00:00
Joshua Drake
7d72db3e8e
More updates from Dan Rosenburg -- Works with DEP now!
...
git-svn-id: file:///home/svn/framework3/trunk@11724 4d416f70-5f16-0410-b530-b9f4589650da
2011-02-08 17:50:05 +00:00
Joshua Drake
e06d4d52fe
convert VLC module to FileFormat, adjust spray
...
git-svn-id: file:///home/svn/framework3/trunk@11705 4d416f70-5f16-0410-b530-b9f4589650da
2011-02-03 18:16:40 +00:00
Joshua Drake
acf9b2088d
remove half-browser half-fileformat /misc/ version, but preserve differences in comments in fileformat version
...
git-svn-id: file:///home/svn/framework3/trunk@11701 4d416f70-5f16-0410-b530-b9f4589650da
2011-02-02 21:47:02 +00:00
Joshua Drake
3ac076c20a
add exploit for VLC media player WebM processing from Dan Rosenburg
...
git-svn-id: file:///home/svn/framework3/trunk@11692 4d416f70-5f16-0410-b530-b9f4589650da
2011-02-01 18:54:24 +00:00
Joshua Drake
a62f1922b3
fix typos, lol?
...
git-svn-id: file:///home/svn/framework3/trunk@11662 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-28 23:56:35 +00:00
Joshua Drake
9682091cca
Add SQLI version of MSSQL Payload from Rodrigo Marcos!
...
git-svn-id: file:///home/svn/framework3/trunk@11655 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-27 16:48:07 +00:00
Joshua Drake
81ff9483bf
add ms09-004 exploit via sql injection from Rodrigo Marcos
...
git-svn-id: file:///home/svn/framework3/trunk@11631 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-24 19:37:58 +00:00
James Lee
d7cda0f85a
accept a client argument for get_uri()
...
git-svn-id: file:///home/svn/framework3/trunk@11623 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-22 00:16:57 +00:00
Joshua Drake
ae33e3ac71
Fixes #3571 , normalize 2k3r2 and fix language defaulting
...
git-svn-id: file:///home/svn/framework3/trunk@11614 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-21 04:09:48 +00:00
James Lee
f3bda46333
doesn't work on IE8, fixes #3566 , thanks Hauke Mehrtens for the patch
...
git-svn-id: file:///home/svn/framework3/trunk@11610 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-20 19:30:59 +00:00
Joshua Drake
b6b9b83dd7
add CVE reference
...
git-svn-id: file:///home/svn/framework3/trunk@11579 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-14 16:25:37 +00:00
Joshua Drake
ffbea6199f
Do not wait for the DCERPC call to timeout
...
git-svn-id: file:///home/svn/framework3/trunk@11545 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-11 17:56:27 +00:00
Joshua Drake
739604ea12
Fixes #3469 , silly typo
...
git-svn-id: file:///home/svn/framework3/trunk@11520 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-08 05:58:55 +00:00
Joshua Drake
d994f595fe
remove unused vars
...
git-svn-id: file:///home/svn/framework3/trunk@11517 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-08 01:59:10 +00:00
Joshua Drake
287f4c87fe
style compliance fixes
...
git-svn-id: file:///home/svn/framework3/trunk@11516 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-08 01:13:26 +00:00
Joshua Drake
19e8a6a5b1
switch AutoRunScript for InitialAutoRunScript, oops
...
git-svn-id: file:///home/svn/framework3/trunk@11513 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-08 00:25:44 +00:00
Joshua Drake
452ab6f301
updated description
...
git-svn-id: file:///home/svn/framework3/trunk@11506 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-07 17:51:34 +00:00
Joshua Drake
f7e70e8d42
add an automatic target and now includes Office XP SP3
...
git-svn-id: file:///home/svn/framework3/trunk@11505 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-07 17:48:29 +00:00
Jonathan Cran
a206ed8418
clarifying wmi tools are not installed by default
...
git-svn-id: file:///home/svn/framework3/trunk@11481 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-06 05:27:37 +00:00
Joshua Drake
bc7a8e3b47
fix silly merge conflict data in HTML
...
git-svn-id: file:///home/svn/framework3/trunk@11479 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-05 22:52:54 +00:00
Joshua Drake
f0202c3350
add MSFT advisory references
...
git-svn-id: file:///home/svn/framework3/trunk@11473 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-04 23:00:45 +00:00
James Lee
1735dc8cb2
add bid reference, thanks jjarmoc
...
git-svn-id: file:///home/svn/framework3/trunk@11472 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-04 22:08:33 +00:00
Joshua Drake
152eb80710
fix debug target, adjust File reference
...
git-svn-id: file:///home/svn/framework3/trunk@11469 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-04 16:55:58 +00:00
Steve Tornio
4a1f45c633
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@11467 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-04 16:15:43 +00:00
Joshua Drake
4fc19971ae
add exploit for cve-2010-3970
...
git-svn-id: file:///home/svn/framework3/trunk@11466 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-04 15:30:29 +00:00
Joshua Drake
a59dcc512b
switch target to p/p/r that works on multiple versions
...
git-svn-id: file:///home/svn/framework3/trunk@11459 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-02 09:56:43 +00:00
Joshua Drake
540bd3692c
add fileformat exploit for cve-2010-3333
...
git-svn-id: file:///home/svn/framework3/trunk@11450 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-29 20:30:50 +00:00
Joshua Drake
08df4dac3b
randomize import styles, patch from jjarmoc
...
git-svn-id: file:///home/svn/framework3/trunk@11443 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-29 16:49:20 +00:00
Joshua Drake
b3bfb5834e
change credit to passerby
...
git-svn-id: file:///home/svn/framework3/trunk@11427 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-28 17:10:19 +00:00
HD Moore
a8cb5ee259
Updated return address from Tyler Reguly
...
git-svn-id: file:///home/svn/framework3/trunk@11407 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-25 06:01:12 +00:00
Joshua Drake
5f5d2992ce
add reference to 0x557 slides (for .NET 2.0 rop)
...
git-svn-id: file:///home/svn/framework3/trunk@11405 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-23 01:36:54 +00:00
Joshua Drake
cdfe03ce43
add MSFT advisory and CVE
...
git-svn-id: file:///home/svn/framework3/trunk@11404 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-23 01:30:43 +00:00
Steve Tornio
09b00739fb
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@11402 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-22 22:21:56 +00:00
Joshua Drake
4ddd78c4de
add a couple targets
...
git-svn-id: file:///home/svn/framework3/trunk@11399 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-22 19:14:29 +00:00
Joshua Drake
0f24d1955c
minor corrections, use .NET 2.0 ROP :)
...
git-svn-id: file:///home/svn/framework3/trunk@11398 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-22 18:26:18 +00:00
Joshua Drake
44c8a71dcf
minor clean ups
...
git-svn-id: file:///home/svn/framework3/trunk@11397 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-22 18:23:16 +00:00
Mario Ceballos
1407d7f1d5
revert back. little more reliable.
...
git-svn-id: file:///home/svn/framework3/trunk@11396 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-22 17:40:13 +00:00
Mario Ceballos
d89c60f2de
add exploit module wmi_admintools.rb
...
git-svn-id: file:///home/svn/framework3/trunk@11395 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-22 14:35:36 +00:00
Joshua Drake
5fb2bfc969
fix super busted mssql_payload some more
...
git-svn-id: file:///home/svn/framework3/trunk@11392 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-21 20:36:34 +00:00
Joshua Drake
7db17e323e
fix super busted mssql_payload, oops
...
git-svn-id: file:///home/svn/framework3/trunk@11391 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-21 20:20:20 +00:00
Joshua Drake
c4c0cabccb
switch to .NET 2.0 ROP, Merry Xmas!
...
git-svn-id: file:///home/svn/framework3/trunk@11390 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-21 19:24:19 +00:00
Joshua Drake
5d2f26b41b
add exploit for unpatched IE css import bug
...
git-svn-id: file:///home/svn/framework3/trunk@11383 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-20 16:34:07 +00:00
Joshua Drake
b8b0e1af97
fix typo
...
git-svn-id: file:///home/svn/framework3/trunk@11380 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-20 09:11:45 +00:00
James Lee
f1c13e24a6
remove erroneous OUTPUTPATH overriding the sane one from the fileformat mixin
...
git-svn-id: file:///home/svn/framework3/trunk@11353 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-16 20:11:01 +00:00
Joshua Drake
6a5ebf2d91
fix nil access
...
git-svn-id: file:///home/svn/framework3/trunk@11344 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-15 19:49:40 +00:00
James Lee
f15e6e5e62
update autopwn, replace ms10-018 behaviors with ms10-090 css clip.
...
git-svn-id: file:///home/svn/framework3/trunk@11333 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-14 18:53:22 +00:00
Joshua Drake
af56bebfa1
note ms10-090 bulletin
...
git-svn-id: file:///home/svn/framework3/trunk@11331 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-14 18:41:20 +00:00
Joshua Drake
6a4e52f667
Account for SEH offset depending on the path
...
git-svn-id: file:///home/svn/framework3/trunk@11282 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-10 23:35:58 +00:00
Tod Beardsley
0204cedca6
Makes the print_status displays more consistent between smb_login and psexec by moving some of the domain display functions up into exploit/smb proper.
...
git-svn-id: file:///home/svn/framework3/trunk@11204 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-02 17:29:26 +00:00
James Lee
3fdfb3e945
syntax errors
...
git-svn-id: file:///home/svn/framework3/trunk@11195 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-01 19:26:57 +00:00
Joshua Drake
9156509c58
clarify authors list
...
git-svn-id: file:///home/svn/framework3/trunk@11192 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-01 16:23:04 +00:00
Steve Tornio
e6f640bc17
add cve and osvdb refs
...
git-svn-id: file:///home/svn/framework3/trunk@11189 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-01 03:18:05 +00:00
Mario Ceballos
14ea7a85bb
svn keywords
...
git-svn-id: file:///home/svn/framework3/trunk@11188 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-01 02:03:25 +00:00
Mario Ceballos
5ed387aa38
added exploit module enjoysapgui_comp_download.rb
...
git-svn-id: file:///home/svn/framework3/trunk@11187 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-01 02:01:46 +00:00
Steve Tornio
40ace0a218
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@11183 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-30 23:07:00 +00:00
Joshua Drake
c6cf03021d
add xion audio player exploit from m_101
...
git-svn-id: file:///home/svn/framework3/trunk@11182 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-30 22:03:55 +00:00
Joshua Drake
26a9fe6fc7
add some missing CVE references
...
git-svn-id: file:///home/svn/framework3/trunk@11180 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-30 20:19:18 +00:00
Joshua Drake
8f55c83ed0
clean up some oracle titles
...
git-svn-id: file:///home/svn/framework3/trunk@11128 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-24 19:43:49 +00:00
Joshua Drake
e9faf75503
fix some more titles with periods
...
git-svn-id: file:///home/svn/framework3/trunk@11127 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-24 19:35:38 +00:00
Mario Ceballos
8c46a6be51
renamed.
...
git-svn-id: file:///home/svn/framework3/trunk@11125 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-24 13:44:46 +00:00
Joshua Drake
0d5c85b67a
Improve Oracle module Name fields
...
git-svn-id: file:///home/svn/framework3/trunk@11122 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-24 06:10:13 +00:00
James Lee
52389d28f4
make windows the default target
...
git-svn-id: file:///home/svn/framework3/trunk@11102 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-22 20:54:25 +00:00
James Lee
7a3770f87b
don't use java_basicservice_impl in browser autopwn because it doesn't work in an iframe against IE and causes popups in other browsers
...
git-svn-id: file:///home/svn/framework3/trunk@11101 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-22 20:44:16 +00:00
James Lee
669ef3b86e
clarify targets
...
git-svn-id: file:///home/svn/framework3/trunk@11099 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-22 17:53:49 +00:00
Joshua Drake
75873aedb4
add exploit for foxit reader title stack bof
...
git-svn-id: file:///home/svn/framework3/trunk@11096 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-22 17:43:42 +00:00
James Lee
d608db778c
we're not sending an applet, just a jar, clarify the output
...
git-svn-id: file:///home/svn/framework3/trunk@11084 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-21 19:58:04 +00:00
James Lee
6f7af42667
add an exploit for cve-2010-3563, thanks Matthias Kaiser
...
git-svn-id: file:///home/svn/framework3/trunk@11078 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-19 23:02:35 +00:00
Joshua Drake
3b6edefe44
fix up auto targeting to not assign to "target"
...
git-svn-id: file:///home/svn/framework3/trunk@11072 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-19 18:33:34 +00:00
Steve Tornio
8f3b64e15c
add cve and osvdb refs
...
git-svn-id: file:///home/svn/framework3/trunk@11068 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-19 14:17:35 +00:00
Mario Ceballos
df9a0cfea8
added exploit module realwin_10.rb
...
git-svn-id: file:///home/svn/framework3/trunk@11067 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-18 23:45:40 +00:00
Mario Ceballos
1729f8f075
removed extra stuff.
...
git-svn-id: file:///home/svn/framework3/trunk@11063 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-18 12:31:55 +00:00
Joshua Drake
32c26f18f3
style compliance fixes, set test exploits to manual rank, fix s/ranking/rank/ in some exploits
...
git-svn-id: file:///home/svn/framework3/trunk@11039 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-14 19:03:24 +00:00
HD Moore
a12d9f8dbf
This patch adds detailed thread tracking across the metasploit framework, along with a new console command (threads) to manage these. This level of tracking is required to accurately monitor background tasks, assist with debugging, and kill orphaned threads.
...
git-svn-id: file:///home/svn/framework3/trunk@11003 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-12 06:19:49 +00:00
James Lee
326dc42bca
add EncodedPayload#encoded_exe, encoded_jar, and encoded_war. simplifies exploits that need java and native payloads. see #406 and #3009
...
git-svn-id: file:///home/svn/framework3/trunk@10999 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-11 23:01:35 +00:00
Joshua Drake
3992eb7ef8
Mass RE-update: fix all framework URL references
...
git-svn-id: file:///home/svn/framework3/trunk@10998 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-11 22:43:22 +00:00
Joshua Drake
9fc6f2f3a3
Mass update: fix all framework URL references
...
git-svn-id: file:///home/svn/framework3/trunk@10996 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-11 22:25:13 +00:00
Steve Tornio
2f118dfc50
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@10990 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-11 20:09:15 +00:00
Joshua Drake
a758dfe37d
style compliance fixes
...
git-svn-id: file:///home/svn/framework3/trunk@10988 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-11 18:20:52 +00:00
Mario Ceballos
8042bf202f
added exploit module bacnet_csv.rb
...
git-svn-id: file:///home/svn/framework3/trunk@10985 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-11 16:35:01 +00:00
Joshua Drake
eab0a40caa
switch up IE6 target to work on older version
...
git-svn-id: file:///home/svn/framework3/trunk@10978 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-11 02:54:56 +00:00
Tod Beardsley
996cc49408
Be more accomodating for SMB domains when bruteforcing SMB hosts.
...
git-svn-id: file:///home/svn/framework3/trunk@10977 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-11 02:07:31 +00:00
Joshua Drake
61e5d00722
switch title, comment out IE8 target for now
...
git-svn-id: file:///home/svn/framework3/trunk@10963 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-09 23:12:48 +00:00
Patrick Webster
5073e28854
Added citect_scada_odbc exploit module.
...
git-svn-id: file:///home/svn/framework3/trunk@10956 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-09 05:07:18 +00:00
Steve Tornio
be7d349d60
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@10940 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-07 14:58:55 +00:00
Mario Ceballos
f7717e5f51
added exploit module moxa_mdmtool.rb
...
git-svn-id: file:///home/svn/framework3/trunk@10935 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-06 22:25:36 +00:00
Steve Tornio
338d6e3693
add osvdb refs
...
git-svn-id: file:///home/svn/framework3/trunk@10914 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-05 02:58:01 +00:00
Joshua Drake
b0f64ebba1
add a debug target
...
git-svn-id: file:///home/svn/framework3/trunk@10912 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-05 00:08:55 +00:00
Joshua Drake
76123e79c1
style compliance fixes
...
git-svn-id: file:///home/svn/framework3/trunk@10909 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-04 23:59:56 +00:00
Joshua Drake
b7f2d57709
style compliance fixes
...
git-svn-id: file:///home/svn/framework3/trunk@10908 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-04 23:50:35 +00:00
Joshua Drake
979ddcd8e5
add exploit for cve-2010-3962
...
git-svn-id: file:///home/svn/framework3/trunk@10907 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-04 23:44:23 +00:00
Mario Ceballos
f517b88d9c
added exploit modules lgserver_multi.rb and moxa_mediadbplayback.rb
...
git-svn-id: file:///home/svn/framework3/trunk@10904 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-04 22:19:26 +00:00
Patrick Webster
fc708df5c6
Added exploit module pgp_keyserver7.
...
git-svn-id: file:///home/svn/framework3/trunk@10897 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-04 15:44:21 +00:00
Joshua Drake
dee671318e
style compliance fixes
...
git-svn-id: file:///home/svn/framework3/trunk@10895 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-04 02:54:16 +00:00
Mario Ceballos
99eadeff89
added exploit module lgserver_rxssetdatagrowthscheduleandfilter.rb
...
git-svn-id: file:///home/svn/framework3/trunk@10893 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-04 01:51:54 +00:00
Mario Ceballos
e276697af9
heh, put not puts.
...
git-svn-id: file:///home/svn/framework3/trunk@10892 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-03 22:09:44 +00:00
Patrick Webster
b97cbff5af
Added webster_http exploit module.
...
git-svn-id: file:///home/svn/framework3/trunk@10887 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-03 12:19:19 +00:00
Steve Tornio
d79bbd8440
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@10886 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-03 11:17:25 +00:00
Mario Ceballos
45fd14417c
removed. worked fine under IIS 6.0
...
git-svn-id: file:///home/svn/framework3/trunk@10874 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-02 23:51:17 +00:00
Mario Ceballos
b12d03b7c4
add exploit module coldfusion_fckeditor.rb
...
git-svn-id: file:///home/svn/framework3/trunk@10865 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-02 20:13:36 +00:00
Joshua Drake
b572414eac
add exploit for cve-2010-3654
...
git-svn-id: file:///home/svn/framework3/trunk@10857 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-01 22:34:13 +00:00
Steve Tornio
9f5fca12f7
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@10828 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-26 15:28:04 +00:00
Joshua Drake
f909b360ba
note tested on 6u11
...
git-svn-id: file:///home/svn/framework3/trunk@10820 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-25 20:22:08 +00:00
Joshua Drake
3fffd15549
add exploit for cve-2010-3552 (w/dep bypass)
...
git-svn-id: file:///home/svn/framework3/trunk@10819 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-25 20:21:41 +00:00
Steve Tornio
0251c446f1
add cve, osvdb refs
...
git-svn-id: file:///home/svn/framework3/trunk@10784 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-22 12:21:30 +00:00
Joshua Drake
6bd75bb2d5
add shockwave exploit from abysssec/rel1k
...
git-svn-id: file:///home/svn/framework3/trunk@10779 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-22 03:15:22 +00:00
Steve Tornio
27d2761ec0
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@10775 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-21 11:41:18 +00:00
Mario Ceballos
d384863a83
exploit module fatplayer_wav.rb from dookie.
...
git-svn-id: file:///home/svn/framework3/trunk@10764 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-20 11:53:12 +00:00
Joshua Drake
04858c69fc
style compliance fixes
...
git-svn-id: file:///home/svn/framework3/trunk@10758 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-19 22:54:19 +00:00
Joshua Drake
20e2742596
fix indent
...
git-svn-id: file:///home/svn/framework3/trunk@10750 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-19 15:52:33 +00:00
Mario Ceballos
0411111dfd
couple of modules from Luigi Auriemma's DATAC RealWin advisory
...
git-svn-id: file:///home/svn/framework3/trunk@10734 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-18 21:20:02 +00:00
Joshua Drake
8a17803279
add exploit for ZDI-10-190
...
git-svn-id: file:///home/svn/framework3/trunk@10726 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-18 07:05:22 +00:00
Joshua Drake
f3f7b1dc83
fix typo
...
git-svn-id: file:///home/svn/framework3/trunk@10725 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-18 07:04:57 +00:00
HD Moore
f88033f0cc
Merge in R3L1K's Powershell enhancements and powerdump code (hashdump through powershell)
...
git-svn-id: file:///home/svn/framework3/trunk@10721 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-17 17:39:43 +00:00
Steve Tornio
62622d51c2
add osvdb refs
...
git-svn-id: file:///home/svn/framework3/trunk@10703 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-16 12:17:51 +00:00
Joshua Drake
4ca2007d67
add ranking
...
git-svn-id: file:///home/svn/framework3/trunk@10665 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-13 03:03:24 +00:00
Joshua Drake
b11fbb67eb
oops, messed up whitespace
...
git-svn-id: file:///home/svn/framework3/trunk@10661 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-12 18:40:13 +00:00
Joshua Drake
e0e4aebcc1
fix a few stack bof vulnerability descriptions
...
git-svn-id: file:///home/svn/framework3/trunk@10660 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-12 18:39:21 +00:00
Joshua Drake
ad4064ed20
add ftp client fuzzer and exploits from corelanc0d3r!
...
git-svn-id: file:///home/svn/framework3/trunk@10658 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-12 17:31:18 +00:00