bf1a665259
Land #2657 , Dynamic generation of windows service executable functions
...
Allows a user to specify non service executables as EXE::Template as
long as the file has enough size to store the payload.
2014-06-07 13:28:20 +01:00
d0d389598a
Land #3086 , Android Java Meterpreter updates
...
w00t.
2014-06-02 17:28:38 -05:00
b136765ef7
Nuke extra space at EOL
2014-06-02 14:22:01 -05:00
ea383b4139
Make print/descs/case consistent
2014-06-02 13:20:01 -05:00
3a3d038904
Land #3397 - ElasticSearch Dynamic Script Arbitrary Java Execution
2014-05-29 12:21:21 -05:00
dfa61b316e
A bit of description change
2014-05-29 12:20:40 -05:00
53ab2aefaa
Land #3386 , a few datastore msftidy error fixes
2014-05-29 10:44:37 -05:00
8a2236ecbb
Fix the last of the Set-Cookie msftidy warnings
2014-05-29 04:42:49 -05:00
7a29ae5f36
Add module for CVE-2014-3120
2014-05-27 18:01:16 -05:00
352e14c21a
Land #3391 , all vars_get msftidy warning fixes
2014-05-26 23:41:46 -05:00
da0a9f66ea
Resolved all msftidy vars_get warnings
2014-05-25 19:29:39 +02:00
df97c66ff5
Fixed check
2014-05-24 00:37:52 +02:00
8d4d40b8ba
Resolved some Set-Cookie warnings
2014-05-24 00:34:46 +02:00
efffbf751a
PHP module shouldnt zap CMD option (@wchen-r7)
...
As far as I can tell, there is no purpose for this cleanup. No other CMD
exec module takes pains to clear out CMD after run, and it looks like a
bad idea -- what happens when you rexploit?
2014-05-23 15:09:18 -05:00
28459299b2
Update ibstat_path.rb
...
Add interface detection, defaulting to en0.
2014-05-22 14:16:04 -07:00
b9464e626e
Delete unnecessary line
2014-05-21 10:18:03 -05:00
af415c941b
[SeeRM #8803 ] Avoid false positives when checking fb_cnct_group
2014-05-20 18:44:28 -05:00
7cabfacfa3
Test adobe_flash_pixel_bender_bof on Safari 5.1.7
...
Added browser-requirement for Safari after successful test using Safari 5.1.7 with Adobe Flash Player 13.0.0.182 running on Windows 7 SP1.
2014-05-20 01:43:19 +02:00
52b182d212
Add a small note to bypassuac_injection concerning EXE::Custom
2014-05-19 22:00:35 +01:00
b84379ab3b
Note about EXE::Custom
2014-05-19 22:00:09 +01:00
0ef2e07012
Minor desc and status updates, cosmetic
2014-05-19 08:59:54 -05:00
bf52c0b888
Land #3364 - Symantec Workspace Streaming Arbitrary File Upload
2014-05-19 00:25:33 -05:00
2fb0dbb7f8
Delete debug print_status
2014-05-18 23:34:04 -05:00
975cdcb537
Allow exploitation also on FF
2014-05-18 23:24:01 -05:00
033757812d
Updates to adobe_flash_pixel_bender_bof:
...
1. Added embed-element to work with IE11 (and Firefox). Removed browser-requirements for ActiveX (clsid and method).
2. Added Cache-Control header on SWF-download to avoid AV-detection (no disk caching = no antivirus-analysis :).
Testing performed:
Successfully tested with Adobe Flash Player 13.0.0.182 with IE9, IE10 and IE11 running on Windows 7SP1. (Exploit will trigger on FF29, although sandboxed.)
2014-05-18 22:43:51 +02:00
1b68abe955
Add module for ZDI-14-127
2014-05-15 13:41:52 -05:00
750b6fc218
Land #3348 , some Ruby warning fixes
2014-05-14 01:25:10 -05:00
c421b8e512
Change if not to unless
2014-05-14 01:24:29 -05:00
df4b832019
Resolved some more Set-Cookie warnings
2014-05-13 22:56:12 +02:00
1a3b319262
rebase to use the mixin psexec
2014-05-13 16:04:40 +02:00
d3f2414d09
Fix merging typo
2014-05-13 16:04:40 +02:00
808f87d213
SERVICE_DESCRIPTION doesn't concern this PR
2014-05-13 16:04:39 +02:00
6332957bd2
Try to add SERVICE_DESCRIPTION options to psexec, but it doesn't seem to work...
2014-05-13 16:04:39 +02:00
5ecebc3427
Add options `SERVICE_NAME` and `SERVICE_DISPLAYNAME` to psexec and correct service payload generation
2014-05-13 16:04:37 +02:00
ca7a2c7a36
Add string_to_pushes to use non fixed size service_name
2014-05-13 16:04:37 +02:00
513f3de0f8
new service exe creation refreshed
2014-05-13 16:04:36 +02:00
638ae477d9
Fix up spec. Rex::Proto::Http::ClientRequest handles & and = outside of Rex::Text::uri_encode, so mode doesn't affect them.
...
Fix erroneous typo char.
2014-05-12 12:10:30 -05:00
5f523e8a04
Rex::Text::uri_encode - make 'hex-all' really mean all.
...
'hex-all' encoding was previously ignoring slashes.
This pull adds 'hex-noslashes' mode which carries forward the previous functionality, and replaces all existing references to 'hex-all' with 'hex-noslashes' It then adds a replacement 'hex-all' mode, which really encodes *ALL* characters.
2014-05-12 11:26:27 -05:00
557cd56d92
fixed some ruby warnings
2014-05-10 23:31:02 +02:00
a60558061c
re-enable x86 stager
2014-05-10 19:58:19 +01:00
dee6b53175
fix java payload struts module
2014-05-10 00:19:40 +02:00
6f837715f9
Land #3343 , @FireFart's new uri encoding for struts_code_exec_parameters
2014-05-09 14:37:58 -05:00
38f3a19673
Try to beautify description
2014-05-09 14:35:06 -05:00
43a85fc645
additional GET parameters
2014-05-09 21:21:04 +02:00
ad83921a85
additional GET parameters
2014-05-09 21:15:28 +02:00
f56ea01988
Add module
2014-05-09 10:27:41 -05:00
53fde675e7
randomize meh parameter
2014-05-09 10:38:19 +02:00
a3fff5401f
more code cleanup
2014-05-08 23:05:41 +02:00
e7b7af2f75
fixed apache struts module
2014-05-08 22:15:52 +02:00
6b41a4e2d9
Test Flash 13.0.0.182
2014-05-07 17:39:22 -05:00
Meatballs
Tod Beardsley
sinn3r
William Vu
jvazquez-r7
Christian Mehlmauer
mercd
Jonas Vestberg
agix
Florian Gaultier
Jeff Jarmoc
Tim Wright