jvazquez-r7
bc9a26d4ee
Fix condition
2013-08-12 23:05:26 -05:00
jvazquez-r7
568181de84
Add sthetic spaces
2013-08-12 22:33:34 -05:00
jvazquez-r7
6d70d4924e
Land #2206 , @PsychoSpy module for OSVDB 94097
2013-08-12 22:27:03 -05:00
jvazquez-r7
7981601eb8
Do final cleanup on intrasrv_bof
2013-08-12 22:24:53 -05:00
sinn3r
2d3c2c1c87
Set default target to 0 because there's only one
2013-08-12 20:01:23 -05:00
sinn3r
c0335cee26
Land #2214 - CVE-2013-3928: Chasys Draw IES Buffer Overflow
2013-08-12 19:16:02 -05:00
sinn3r
7562324d96
Land #2210 - CVE-2013-5019: Ultra Mini HTTPD Stack Buffer Overflow
2013-08-12 19:13:58 -05:00
sinn3r
51d9c59dcd
Extra tabs, bye
2013-08-12 19:13:20 -05:00
Nathan Einwechter
db78ffcc46
...
2013-08-12 18:21:10 -04:00
Nathan Einwechter
49bcec5c92
Additional cleanup
2013-08-12 18:20:03 -04:00
jvazquez-r7
b3f229ff59
Add module for CVE-2013-3928
2013-08-12 17:18:30 -05:00
Nathan Einwechter
7014322dfd
Code cleanup
2013-08-12 18:16:00 -04:00
Nathan Einwechter
264fe32705
Added new badchars
2013-08-12 18:08:49 -04:00
Nathan Einwechter
bbc93b2a58
msftidy
2013-08-12 15:14:01 -04:00
Nathan Einwechter
28f030494e
Use tcp mixin/clean corrupt bytes
2013-08-12 15:12:15 -04:00
jvazquez-r7
8ac01d3b8e
Fix description and make it aggressive
2013-08-12 11:19:25 -05:00
Nathan Einwechter
7854c452d2
Added more payload padding
2013-08-12 11:10:10 -04:00
Nathan Einwechter
9f33a59dc2
Fix target ret
2013-08-12 11:04:55 -04:00
Nathan Einwechter
6f96445b42
Change target ret/cleanup
2013-08-12 10:13:48 -04:00
Nathan Einwechter
a35d548979
Use HttpClient
2013-08-12 10:01:01 -04:00
bcoles
d63d7bc7da
Add Open-FTPD 1.2 Writable Directory Traversal Execution
2013-08-12 08:49:49 +09:30
Nathan Einwechter
896320ed42
fix typo
2013-08-11 16:48:43 -04:00
Nathan Einwechter
4b14fa53e0
tidy debugs
2013-08-11 16:39:41 -04:00
Nathan Einwechter
90ef224c46
Implement CVE-2012-5019
2013-08-11 16:33:40 -04:00
Nathan Einwechter
185ef2ecae
msftidy
2013-08-10 16:01:44 -04:00
Nathan Einwechter
6fe4e3dd0e
Added Intrasrv 1.0 BOF
2013-08-10 15:56:07 -04:00
sinn3r
5128458c90
Land #2201 - Better check for ppr_flatten_rec
2013-08-09 14:44:23 -05:00
sinn3r
021c358159
Land #2203 - Fix regex for x64 detection
2013-08-09 13:23:38 -05:00
Sagi Shahar
7178633140
Fixed architecture detection in bypassuac modules
2013-08-09 03:42:02 +02:00
Meatballs
318280fea7
Add 7/2k8 RTM versions
2013-08-08 20:02:14 +01:00
Meatballs
d64352652f
Adds unsupported Vista versions
2013-08-08 19:58:40 +01:00
Meatballs
08c32c250f
File versions
2013-08-08 19:42:14 +01:00
sinn3r
a03d71d60e
Land #2181 - More targets for hp_sys_mgmt_exec
...
Thanks mwulftange!
2013-08-08 13:35:33 -05:00
jvazquez-r7
0f975da5f4
Update target info and something else...
2013-08-07 16:00:06 -05:00
jvazquez-r7
d1beb313f6
Add module for 2013-1690
2013-08-07 15:36:54 -05:00
jvazquez-r7
9790181dd2
Land #2176 , @wchen-r7's fix for [TestRM #8272 ]
2013-08-05 13:10:25 -05:00
Tod Beardsley
40f015f596
Avoid require race with powershell
2013-08-05 09:56:32 -05:00
Tod Beardsley
a885ff9bcc
Use consistent caps for 'PowerShell'
2013-08-05 09:33:49 -05:00
Tod Beardsley
5ea67586c8
Rewrite description for MS13-005
...
The first part of the description was copy-pasted from
http://packetstormsecurity.com/files/122588/ms13_005_hwnd_broadcast.rb.txt
which contained some grammatical errors. Please try to avoid cribbing
other researchers' descriptions directly for Metasploit modules.
2013-08-05 09:29:29 -05:00
Tod Beardsley
e7206af5b5
OSVDB and comment doc fixes
2013-08-05 09:08:17 -05:00
Markus Wulftange
8cc07cc571
Merge Linux and Windows exploit in multi platform exploit
2013-08-02 18:49:03 +02:00
Ruslaideemin
f927d1d7d3
Increase exploit reliability
...
From some limited testing, it appears that this exploit is
missing \x0d\x0a in the bad chars. If the generated payload / hunter
or egg contain that combination, it seems to cause reliability issues
and exploitation fails.
The home page for this software can be found at
http://www.leighb.com/intrasrv.htm
2013-08-02 09:06:20 +10:00
Markus Wulftange
4a127c2ed2
Add hp_sys_mgmt_exec module for Linux and enhance module for Windows
...
The hp_sys_mgmt_exec module for Linux is a port of the Windows module with minor changes due to the requirement of quotes. It also uses Perl instead of PHP as PHP may not always be in the environment PATH. Although the Windows module works perfectly, it now uses the same technique to encode the command (thankfully, PHP adopted major syntax characteristics and functions from Perl).
2013-07-31 22:05:25 +02:00
sinn3r
8c47f1df2d
We don't need this option anymore
2013-07-31 03:30:34 -05:00
sinn3r
af0046658b
Change the way file is stored
2013-07-31 03:28:24 -05:00
Tod Beardsley
7e539332db
Reverting disaster merge to 593363c5f
with diff
...
There was a disaster of a merge at 6f37cf22eb
that is particularly
difficult to untangle (it was a bad merge from a long-running local
branch).
What this commit does is simulate a hard reset, by doing thing:
git checkout -b reset-hard-ohmu
git reset --hard 593363c5f9
git checkout upstream-master
git checkout -b revert-via-diff
git diff --no-prefix upstream-master..reset-hard-ohmy > patch
patch -p0 < patch
Since there was one binary change, also did this:
git checkout upstream-master data/exploits/CVE-2012-1535/Main.swf
Now we have one commit that puts everything back. It screws up
file-level history a little, but it's at least at a point where we can
move on with our lives. Sorry.
2013-07-29 21:47:52 -05:00
jvazquez-r7
05be76ecb7
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-29 16:41:22 -05:00
sinn3r
ab75d00f8a
Land #2169 - Description update
2013-07-29 14:24:57 -05:00
Meatballs
7801eadbc2
psh description
2013-07-29 19:14:12 +01:00
jvazquez-r7
455569aee8
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-29 12:10:12 -05:00
jvazquez-r7
3a05993f16
Make msftidy happy and warn user about long times
2013-07-29 11:45:30 -05:00
Tod Beardsley
37312f2aa9
Module, singular
2013-07-29 10:58:36 -05:00
Tod Beardsley
11e9cca855
Spelling and description touch ups.
2013-07-29 10:57:19 -05:00
Meatballs
234e49d982
Add type technique
2013-07-26 23:33:16 +01:00
jvazquez-r7
805a9675a7
Modify the check for Integrity Level and Allow dropt o fs
2013-07-26 14:54:50 -05:00
Meatballs
12a58c730a
Small fix
2013-07-26 10:15:47 +01:00
Meatballs
6a13ed0371
Missing include
2013-07-26 03:18:17 +01:00
Meatballs
72b8891ba3
Check for low integrity
2013-07-26 03:16:45 +01:00
Meatballs
030640d5bc
back to cmd
2013-07-26 03:00:36 +01:00
Meatballs
d3f3e5d63e
Working with psh download
2013-07-26 02:29:55 +01:00
Meatballs
b99ad41a64
Add api constants and tidy
2013-07-26 01:48:39 +01:00
Meatballs
0235e6803d
Initial working
2013-07-25 23:24:11 +01:00
jvazquez-r7
5014919198
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-25 09:02:20 -05:00
Sean Verity
dff35c0820
Minor update to Target Selection. Refer to comments on #2128 .
2013-07-24 19:02:47 -04:00
Sean Verity
d478df520f
Merge remote-tracking branch 'rapid7/master'
...
Starting fresh.
2013-07-24 18:31:53 -04:00
jvazquez-r7
e9a4f6d5da
Merge branch 'dll_fix' of https://github.com/Meatballs1/metasploit-framework
2013-07-24 14:00:52 -05:00
Meatballs
44cae75af1
Cleanup
2013-07-24 19:52:59 +01:00
jvazquez-r7
dbad1a5e4c
Clean up description
2013-07-24 12:02:33 -05:00
jvazquez-r7
18dbdb828f
Land #2133 , @Meatballs1's exploit for PSH Web Delivery
2013-07-24 12:01:37 -05:00
Meatballs
f79d3f7591
Shorten cmd
2013-07-24 17:48:03 +01:00
jvazquez-r7
47c21dfe85
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-24 11:42:11 -05:00
Meatballs
8103baf21a
Update title
2013-07-24 17:29:23 +01:00
Meatballs
18ac83bec1
Final updates and tidy
2013-07-24 17:28:19 +01:00
jvazquez-r7
b0c17fdebc
Land #2002 , @jlee-r7's patch for better handling uri resources
2013-07-23 15:49:21 -05:00
jvazquez-r7
99a345f8d1
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-22 13:54:26 -05:00
Tod Beardsley
164153f1e6
Minor updates to titles and descriptions
2013-07-22 13:04:54 -05:00
jvazquez-r7
15b0e39617
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-21 13:47:40 -05:00
sinn3r
e7e712fa01
EOL fix
2013-07-20 19:54:05 -05:00
sinn3r
ab515fb66d
Add the file format version of CVE-2013-1017
2013-07-20 19:50:09 -05:00
Meatballs
fe405d2187
Tidyup info
2013-07-19 23:50:59 +01:00
Meatballs
6fab3f6308
Add powershell cmdline
2013-07-19 23:24:54 +01:00
Meatballs
d1fdcfff91
Initial commit
2013-07-19 19:33:55 +01:00
Sean Verity
f16ed32848
Added '2003 R2 SP2' to target selection
2013-07-19 09:57:09 -04:00
jvazquez-r7
bdfad076b4
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-18 15:43:58 -05:00
jvazquez-r7
cb108a8253
Add module for ZDI-13-147
2013-07-18 15:37:11 -05:00
jvazquez-r7
efb8591a49
Update apple_quicktime_rdrf references
2013-07-18 13:57:31 -05:00
jvazquez-r7
1a5e0e10a5
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-18 13:53:57 -05:00
sinn3r
b90e1d54e2
Land #2117 - HP Managed Printing Administration jobAcct Command Exec
2013-07-18 13:21:11 -05:00
sinn3r
280529f885
Make some changes to the description
2013-07-18 13:20:36 -05:00
jvazquez-r7
52079c960f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-18 12:52:42 -05:00
sinn3r
b94cde1d65
Name change for pyoor
2013-07-18 10:50:25 -05:00
jvazquez-r7
104edd8e93
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-18 10:38:53 -05:00
jvazquez-r7
3780b1b59f
Add module for ZDI-11-352
2013-07-18 09:39:55 -05:00
jvazquez-r7
bf023f261a
Delete comma
2013-07-17 20:46:03 -05:00
jvazquez-r7
7ee4855345
Fix msftidy and delete duplicate stack adjustment
2013-07-17 20:45:54 -05:00
sinn3r
6713fb1609
Fix typos
2013-07-17 18:06:40 -05:00
sinn3r
9ae7c80b15
Add more targets plus some other corrections
2013-07-17 14:43:41 -05:00
sinn3r
c85b994c07
Add CVE-2013-1017: Apple Quicktime Invalid Atom Length BoF
...
This module exploits a vulnerability found in Apple Quicktime. The
flaw is triggered when Quicktime fails to properly handle the data
length for certain atoms such as 'rdrf' or 'dref' in the Alis record,
which may result a buffer overflow by loading a specially crafted .mov
file, and allows arbitrary code execution under the context of the user.
2013-07-17 13:45:05 -05:00
jvazquez-r7
c7361043ae
up to date
2013-07-17 11:47:06 -05:00
jvazquez-r7
11f8b351c0
Merge branch 'nvidia' of https://github.com/Meatballs1/metasploit-framework
2013-07-17 11:44:42 -05:00
jvazquez-r7
19b11cd6e2
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-15 08:23:38 -05:00
James Lee
94f8b1d177
Land #2073 , psexec_psh
2013-07-12 16:14:17 -05:00
James Lee
f81369a10d
Don't make promises about AV detection
2013-07-12 16:13:02 -05:00
James Lee
bc88732400
Prints don't need to be rescued
2013-07-12 15:56:04 -05:00
jvazquez-r7
e2f6218104
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-12 08:38:08 -05:00
sinn3r
529471ed53
Land #2081 - MediaCoder .M3U Buffer Overflow
2013-07-11 23:57:43 -05:00
sinn3r
1341d6ec6b
Remove extra commas and try to keep a line in 100 columns
2013-07-11 23:54:54 -05:00
jvazquez-r7
937642762f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-11 15:20:33 -05:00
sinn3r
1cf65623d6
Small desc update
2013-07-11 13:20:39 -05:00
jvazquez-r7
d9107d2bd9
Add module for CVE-2013-3248
2013-07-11 12:30:08 -05:00
modpr0be
16c9effcb4
make msftidy happy
2013-07-11 00:32:32 +07:00
modpr0be
8de88cbd05
change target from win7 sp1 to win7 sp0, fix description
2013-07-11 00:14:30 +07:00
jvazquez-r7
64b2f3f7a0
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-08 16:55:39 -05:00
Tod Beardsley
8d7396d60a
Minor description changes on new modules
2013-07-08 16:24:40 -05:00
jvazquez-r7
6a9a9ac20a
Merge branch 'module-mediacoder-m3u' of https://github.com/modpr0be/metasploit-framework
2013-07-08 15:53:36 -05:00
jvazquez-r7
8ab8eb8e59
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-08 15:52:31 -05:00
modpr0be
b2a18c37ee
add dll references for rop
2013-07-09 03:20:05 +07:00
jvazquez-r7
3f874f504c
Use metadata
2013-07-08 09:25:02 -05:00
jvazquez-r7
512dd7d15a
Update title
2013-07-08 09:11:31 -05:00
jvazquez-r7
c60aeaa202
Add module for CVE-2013-3482
2013-07-08 09:11:10 -05:00
modpr0be
ed6d88a28b
credit to mona.py for rop
2013-07-07 18:07:05 +07:00
modpr0be
ecb2667401
remove seh mixin and fix the rop nop address
2013-07-06 23:08:51 +07:00
Meatballs
fc5e5a5aad
Fixup description
2013-07-06 09:29:32 +01:00
Meatballs
22601e6cc7
Exit process when complete
2013-07-06 09:27:27 +01:00
modpr0be
23d2bfc915
add more author
2013-07-06 11:52:16 +07:00
modpr0be
b8354d3d6c
Added MediaCoder exploit module
2013-07-06 11:07:11 +07:00
Meatballs
0e84886bce
Spawn 32bit process
2013-07-05 22:56:21 +01:00
Meatballs
2bfe8b3b29
msftidy
2013-07-05 22:35:22 +01:00
Meatballs
5dc2492b20
Renamed module
2013-07-05 22:32:15 +01:00
Meatballs
0ce3fe2e7c
Added service status checks to Post::Windows::Services
...
Added QueryServiceStatus to Railgun Advapi32 Definitions
Added Checks to module
2013-07-05 22:25:04 +01:00
Meatballs
66c2b79177
Initial commit
2013-07-05 19:48:27 +01:00
jvazquez-r7
7f645807f6
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-05 10:25:41 -05:00
jvazquez-r7
ad94f434ab
Avoid a fix address for the final userland payload
2013-07-05 10:21:11 -05:00
Meatballs
479664b5aa
Remove redundant file
2013-07-04 12:07:14 +01:00
Meatballs
cd159960e1
Tidy
2013-07-04 12:02:32 +01:00
Meatballs
9c1a43a417
Check payload arch
2013-07-04 11:46:34 +01:00
Meatballs
83bc32abb4
Remove Exploit::Exe
2013-07-04 11:01:01 +01:00
Meatballs
7d6a78bf1f
Remove report aux
2013-07-04 10:36:32 +01:00
Meatballs
555140b85a
Add warning for persist
2013-07-04 10:30:03 +01:00
Meatballs
44cdc0a1c8
Move options to lib
2013-07-04 10:25:37 +01:00
Meatballs
1368c1c27f
Move options to lib
2013-07-04 10:25:08 +01:00
Meatballs
8590720890
Use fail_with
2013-07-04 10:21:24 +01:00
Meatballs
3eab7107b8
Remove opt supplied by lib
2013-07-04 10:16:03 +01:00
Meatballs
7d273b2c8b
Refactor to psexec lib
2013-07-04 10:11:13 +01:00
Meatballs
1569a15856
Msf license
2013-07-04 10:08:29 +01:00
Meatballs
052c23b980
Add missing require
2013-07-04 09:58:48 +01:00
Meatballs
6fa60be76f
Merge branch 'psexec_psh' of https://github.com/sempervictus/metasploit-framework into psexec_psh
2013-07-04 09:42:18 +01:00
sinn3r
226f4dd8cc
Use execute_shellcode for novell_client_nicm.rb
2013-07-03 13:57:41 -05:00
sinn3r
f9cfba9021
Use execute_shellcode for novell_client_nwfs.rb
2013-07-03 13:55:50 -05:00
jvazquez-r7
6e44cb56bf
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-03 12:44:47 -05:00
jvazquez-r7
2f77e8626f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-03 11:56:25 -05:00
sinn3r
7ef5695867
[FixRM:#8129] - Remove invalid metasploit.com references
...
These "metasploit.com" references aren't related to the vulns,
shouldn't be in them.
2013-07-03 11:52:10 -05:00
g0tmi1k
2a6056fd2a
exploits/s4u_persistence~Fixed typos+default values
2013-07-03 00:38:50 +01:00
jvazquez-r7
146d1eb27d
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-02 10:06:00 -05:00
jvazquez-r7
1110aefe49
Land #2038 , @modpr0be exploit for ABBS Audio Media Player
2013-07-01 23:20:50 -05:00
modpr0be
2e5398470b
remove additional junk, tested and not needed
2013-07-02 09:23:42 +07:00
jvazquez-r7
72f19181d1
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-01 16:38:19 -05:00
modpr0be
9b8bfa6290
change last junk from rand_text_alpha_upper to rand_text
2013-07-01 23:49:19 +07:00
modpr0be
c631778a38
make a nice way to fill the rest of buffer
2013-07-01 23:39:08 +07:00
sinn3r
dbce1b36e5
Land #2036 - CVE-2013-3660
...
Thx Tavis, Keebie4e, and Meatballs
2013-07-01 10:55:51 -05:00
modpr0be
478beee38b
remove unnecessary option and make msftidy happy
2013-07-01 18:51:47 +07:00
modpr0be
f16d097c00
clean version, tested on winxp sp3 and win7 sp1
2013-07-01 18:35:50 +07:00
jvazquez-r7
f58f481399
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-30 22:36:46 -05:00
modpr0be
e0ae71e874
minor fixing in the exploit module description
2013-07-01 03:27:06 +07:00
modpr0be
007fddb6bf
remove SEH function, not needed
2013-07-01 03:13:20 +07:00
modpr0be
1e4b69ab03
Added abbs amp exploit module
2013-07-01 03:08:22 +07:00
jvazquez-r7
a2b8daf149
Modify fail message when exploitation doen't success
2013-06-29 10:45:13 -05:00
jvazquez-r7
a5c3f4ca9b
Modify ruby code according to comments
2013-06-29 08:54:00 -05:00
jvazquez-r7
427e26c4dc
Fix current_pid
2013-06-28 21:36:49 -05:00
jvazquez-r7
32ae7ec2fa
Fix error description and bad variable usage
2013-06-28 21:30:33 -05:00
jvazquez-r7
fb67002df9
Switch from print_error to print_warning
2013-06-28 21:29:20 -05:00
jvazquez-r7
3ab948209b
Fix module according to @wchen-r7 feedback
2013-06-28 20:44:42 -05:00
jvazquez-r7
00416f3430
Add a new print_status
2013-06-28 18:23:49 -05:00
jvazquez-r7
7725937461
Add Module for cve-2013-3660
2013-06-28 18:18:21 -05:00
jvazquez-r7
90b30dc317
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-26 14:31:52 -05:00
Steve Tornio
6ea622c45e
reference updates
2013-06-26 09:44:56 -05:00
jvazquez-r7
7ab4d4dcc4
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-25 17:34:29 -05:00
Steve Tornio
5b71013dde
reference updates
2013-06-25 13:41:22 -05:00
jvazquez-r7
0c306260be
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-25 09:13:01 -05:00
William Vu
d6374ddfff
Land #2020 , CVE and OSVDB update
2013-06-25 08:17:54 -05:00
sinn3r
4df943d1a2
CVE and OSVDB update
2013-06-25 02:06:20 -05:00
jvazquez-r7
795dd6a02a
Add module for OSVDB 93718
2013-06-24 23:51:28 -05:00
jvazquez-r7
ca8ce363b8
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-24 16:32:55 -05:00
sinn3r
b3d90c68a4
Land #2008 - More OSVDB refs
2013-06-24 01:53:29 -05:00
jvazquez-r7
31fcb911f2
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-23 21:41:10 -05:00
Steve Tornio
a920127f8c
reference updates for several modules
2013-06-23 20:43:34 -05:00
sinn3r
5b0092ff39
Land #2006 - Ref updates
2013-06-23 18:26:48 -05:00
jvazquez-r7
2150d9efb0
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-22 12:06:18 -05:00
Steve Tornio
427f063c48
fix formatting
2013-06-22 07:32:29 -05:00
Steve Tornio
1e25dedb66
fix formatting
2013-06-22 07:31:47 -05:00
Steve Tornio
14850cd387
reference updates for multiple modules
2013-06-22 07:28:04 -05:00
sinn3r
de659326ce
Land #2003 - Novell Client 4.91 SP4 nwfs.sys Local Privilege Escalation
2013-06-21 21:52:32 -05:00
sinn3r
5de7fff685
Credit
2013-06-21 21:38:40 -05:00
Markus Wulftange
afa0e6c42a
Use CmdStagerVBS instead of CmdStagerTFTP
...
By using `php.exe` as stager, the bad characters can be completely
bypassed. This allows the use of the CmdStagerVBS, which should be
working on all supported Windows systems.
2013-06-22 01:13:03 +02:00
jvazquez-r7
f106b6db50
Add comment with the component version
2013-06-21 17:38:30 -05:00
jvazquez-r7
5fe9a80bf0
Add module for OSVDB 46578
2013-06-21 17:31:40 -05:00
James Lee
2c12a43e77
Add a method for dealing with hardcoded URIs
2013-06-21 15:48:02 -05:00
jvazquez-r7
785639148c
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-20 17:18:42 -05:00
sinn3r
8dfe9b5318
Add login feature
2013-06-20 04:16:23 -05:00
sinn3r
ebde05b783
Improve check
2013-06-20 03:18:33 -05:00
sinn3r
20621d17de
Add CVE-2013-3576 - HP System Management Homepage exploit
2013-06-20 03:08:42 -05:00
jvazquez-r7
9e3053f24d
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-18 10:00:44 -05:00
jvazquez-r7
aa134b0bcc
Land #1973 , @wchen-r7's fix to handle ftp auth correctly
2013-06-18 09:34:55 -05:00
jvazquez-r7
ae1a3e3ca1
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-17 20:39:31 -05:00
Tod Beardsley
4ca9a88324
Tidying up grammar and titles
2013-06-17 16:49:14 -05:00
sinn3r
820f589df0
Missed this one.
2013-06-17 15:52:53 -05:00
sinn3r
163d3e771b
Handle connect_login return value properly
...
Some modules ignore connect_login's return value, which may result
an EOF if send_cmd() is used later on. All the modules fixed are
the ones require auth according to the module description, or
CVE/vendor/OSVDB info.
2013-06-17 15:48:34 -05:00
jvazquez-r7
11bf17b0d6
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-15 11:55:22 -05:00
William Vu
bd17e67f75
Land #1960 , lower ranking for MS13-009
2013-06-14 15:28:06 -05:00
sinn3r
2abf70a1ca
Lower ranking for MS13-009
...
We haven't been able to make this one more reliable, so todb suggests
we lower the ranking first.
2013-06-14 15:24:43 -05:00
sinn3r
d35c3469e8
Fix typo
...
EDB reference
2013-06-14 15:16:20 -05:00
jvazquez-r7
2d083be8e7
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-14 13:28:44 -05:00
sinn3r
0d384d23b8
Land #1954 - Fix resource_uri and mp4 file path
2013-06-14 13:15:17 -05:00
jvazquez-r7
060261bb3b
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-14 13:15:13 -05:00
sinn3r
933ac88b44
Missing the file param that's needed to download the mp4
2013-06-14 13:13:48 -05:00
sinn3r
d2df3234f4
Land #1955 - mozilla_mchannel.rb undefined agent variable
2013-06-14 11:14:20 -05:00
sinn3r
223807d0df
Land #1956 - fix regex error for mozilla_reduceright.rb
2013-06-14 11:09:49 -05:00
jvazquez-r7
86258e32b1
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-13 16:05:03 -05:00
sinn3r
0440c03c7a
Land #1934 - Fix UltraISO Exploit File Creation
2013-06-13 13:57:09 -05:00
jvazquez-r7
95118895d6
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-13 13:05:42 -05:00
jvazquez-r7
81813a78fc
Fix module Name
2013-06-13 11:55:23 -05:00
jvazquez-r7
707bc33148
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-13 10:17:28 -05:00
jvazquez-r7
eaba8e7b59
up to date
2013-06-12 15:44:00 -05:00
jvazquez-r7
afb2f83238
Add module for CVE-2012-1533
2013-06-12 14:40:53 -05:00
jvazquez-r7
c38eabe481
Fix description, code and perform test
2013-06-12 11:07:03 -05:00
jvazquez-r7
5c8053491f
Add DEP bypass for ntdll ms12-001
2013-06-12 10:41:05 -05:00
jvazquez-r7
a1c7961cbc
Suport js obfuscation for the trigger
2013-06-12 08:06:12 -05:00
jvazquez-r7
5240c6e164
Add module for MS13-037 CVE-2013-2551
2013-06-12 07:37:57 -05:00
jvazquez-r7
9ea58ba165
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-11 10:40:01 -05:00
sinn3r
081baad68c
Remove variable 'overflow' because it's not used
...
The 'overflow' variable isn't needed
2013-06-11 02:26:45 -05:00
Ruslaideemin
ca0ab8d6ee
maxthon_history_xcs.rb - fix User-agent string
...
request.headers['User-agent'] is incorrect, it should be
request.headers['User-Agent'].
Downloaded following version from oldapps.com to confirm
the exploit code is wrong.
Supported Systems Windows 98, 2000 (Maxthon 2.5.15 Build
1000), XP, Vista, 7, 8
MD5 Checksum F3791637C886A46940876211209F82F4
SHA1 Checksum 039BB218245E5DC1BAB0F57298C68AC487F86323
Release Date 20 October, 2011 (2 years ago )
2013-06-11 13:37:21 +10:00
jvazquez-r7
69c25014ae
Make msftidy happy
2013-06-13 18:58:38 -05:00
sinn3r
12801430e3
Update both ultraiso files to the right fix
2013-06-13 18:44:19 -05:00
Ruslaideemin
4e41e871bb
mozilla_reduceright.rb - fix regex error.
...
[] is character class, and will match on 1, 6, 7, and |.
Where as (16|17) will match on either 16, or 17.
irb(main):053:0> y = /Firefox\/3\.6\.[16|17]/
=> /Firefox\/3\.6\.[16|17]/
irb(main):054:0> x = "Firefox/3.6.13"
=> "Firefox/3.6.13"
irb(main):055:0> x =~ y
=> 0
irb(main):056:0> y = /Firefox\/3\.6\.(16|17)/
=> /Firefox\/3\.6\.(16|17)/
irb(main):057:0> x =~ y
=> nil
2013-06-11 11:52:27 +10:00
Ruslaideemin
996171b35f
mozilla_mchannel.rb undefined agent variable
...
If the TARGET is chosen instead of using the default
automatic, the agent variable will be undefined, which
causes the exploit to fail.
2013-06-11 10:43:47 +10:00
jvazquez-r7
72b871d762
up to date
2013-06-10 16:37:05 -05:00
Ruslaideemin
d91b412661
adobe_flash_sps.rb - resource_uri vs get_resource
...
resource_uri will randomize the returned uri unless
datastore['URIPATH"] is set.
get_resource will return the currently used reosurce_uri
Since the incorrect type is used, this exploit is completely broken.
Tested fix with both URIPATH set to / and unset, and it works after
redirect.
2013-06-11 07:13:02 +10:00
jvazquez-r7
9c44ea0c61
up to date
2013-06-10 13:02:01 -05:00
jvazquez-r7
b20a38add4
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-10 12:22:52 -05:00
sinn3r
0895184e1f
Land #1932 - Actually support OUTPUTPATH datastore option
2013-06-10 11:22:28 -05:00
Tod Beardsley
f58e279066
Cleanup on module names, descriptions.
2013-06-10 10:52:22 -05:00
Ruslaideemin
cd64e3593c
Fix UltraISO file creation
...
This makes file creation where datastore['FILENAME'] is not used when
a different filename is required, and ends up creating files in the
wrong place.
2013-06-09 12:37:34 +10:00
Ruslaideemin
c6b4290fea
Fix UltraISO Exploit File Creation
...
Both ultraiso_ccd.rb and ultraiso_cue.rb use File.open to create
files, instead of using the create_file() function. This leads
to files being created in the wrong directory.
We work around this by dynamically changing the
file_format_filename function to return the corrected filename.
2013-06-09 09:51:15 +10:00
Ruslaideemin
cb79aa252a
Fix output path in ms10_004_textbytesatom.rb
...
ms10_004_textbytesatom.rb does not write to the local data directory,
instead it writes to the metasploit path (at least, that's where I
started msfrpcd).
This fixes it by using Msf::Config.local_directory
2013-06-09 07:28:48 +10:00
jvazquez-r7
9c27a294cb
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-07 13:01:37 -05:00
jvazquez-r7
a157e65802
Land #1916 , @wchen-r7's exploit for Synactics PDF
2013-06-07 12:11:45 -05:00
sinn3r
ea2895ac13
Change to AverageRanking
...
Just to play with the firing order for Browser Autopwn, this one
should fire as late as possible.
2013-06-07 12:08:51 -05:00
sinn3r
9c7b446532
Updates description about default browser setting
2013-06-07 11:58:31 -05:00
sinn3r
f3421f2c3a
Fix different landings
2013-06-07 10:26:04 -05:00
jvazquez-r7
0fb77cb4a7
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-07 08:44:07 -05:00