081c279b61
Remove misleading comment
2013-09-24 11:42:31 -05:00
8db1a389eb
Land #2304 fix post module require order
...
Incidentally resolve conflict on current_user_psexec to account for the
new powershell require.
2013-09-23 16:52:23 -05:00
e885ab45b6
Land #1734 Metasploit side for ip resolv
2013-09-23 16:18:40 -05:00
918a86554b
Land #2405 , new bins with ip resolv feature
...
This is required for PR #1734
2013-09-23 16:17:49 -05:00
973bdc3fe0
Land #2411 , @todb-r7's pre-week release module touchups
2013-09-23 14:30:24 -05:00
2656c63459
Knock out a Unicode character
2013-09-23 14:22:11 -05:00
99f145cbff
Don't split the post requires
2013-09-23 14:02:43 -05:00
4bff8f2cdc
Update descriptions for clarity.
2013-09-23 13:48:23 -05:00
a46ac7533d
Land #2407 , require fix for current_user_psexec
2013-09-23 11:57:19 -05:00
1fc849bdd5
Land #2188 , @m-1-k-3's module for OSVDB 90221
2013-09-23 11:44:43 -05:00
71d74655f9
Modify description
2013-09-23 11:44:04 -05:00
df2c4b3f7a
Land #2408 - Update MS13-071 info
2013-09-23 10:24:32 -05:00
8d50cc5099
Land #2406 , rbenv-comapt .ruby-version
2013-09-23 07:17:54 -05:00
8417b916c7
Complete MS13-071 Information
2013-09-21 21:22:34 -05:00
6b06ed0df1
Update current_user_psexec.rb
2013-09-22 03:07:17 +05:00
4f3b737c8c
Fixed the .ruby-version file to not have the word "ruby" in it, since
...
it produces a warning whenever you use ruby
2013-09-20 21:59:31 -05:00
8381bf8646
Land #2404 - Add powershell support for current_user_psexec
2013-09-20 17:14:55 -05:00
96364c78f8
Need to catch RequestError too
...
Because a meterpreter session may throw that
2013-09-20 17:13:35 -05:00
59a201a8d3
Land #2334 , @tkrpata and @jvennix-r7's patch for sudo_password_bypass
2013-09-20 17:01:19 -05:00
fb8d0dc887
Write the return
2013-09-20 17:00:07 -05:00
b6c7116890
Land #1778 - Mimikatz Fix for table.print and x86 warning
2013-09-20 16:13:53 -05:00
3cdddb8ff3
New meterpreter binaries for ip resolv feature
...
* New meterpreter binaries that include the IP resolve feature.
* Updated .gitignore to correctly match pivot file name.
2013-09-21 07:12:40 +10:00
2591be503b
Psh support
2013-09-20 22:07:42 +01:00
ace8e85227
Land #2403 - Complete CmdStagerEcho code doc
2013-09-20 15:03:46 -05:00
4ad9bd53f0
Land #2354 , @jlee-r7's patch for loading problems on test post modules
2013-09-20 13:44:10 -05:00
87f75e1065
Complete CmdStagerEcho code doc
2013-09-20 13:24:53 -05:00
29649b9a04
Land #2388 , @dummys's exploit for CVE-2013-5696
2013-09-20 13:03:01 -05:00
8922d0fc7f
Fix small bugs on glpi_install_rce
2013-09-20 13:01:41 -05:00
b24ae6e80c
Clean glpi_install_rce
2013-09-20 12:58:23 -05:00
bb7b57cad9
Land #2370 - PCMAN FTP Server post-auth stack buffer overflow
2013-09-20 12:29:10 -05:00
feb76ea767
Modify check
...
Since auth is required, check function needs to look into that too
2013-09-20 12:28:21 -05:00
2d6c76d0ad
Rename pcman module
...
Because this is clearly a msf module, we don't need 'msf' as a
filename. The shorter the better.
2013-09-20 12:18:24 -05:00
6690e35761
Account for username length
...
Username is part of the overflowing string, need to account for that
2013-09-20 12:17:34 -05:00
9d67cbb4db
Retabbed
2013-09-20 11:58:53 -05:00
85152c4281
Land #2400 - Add OSVDB reference for openemr_sqli_privesc_upload
2013-09-20 10:39:06 -05:00
ec393cfcc0
Land #2401 , @wchen-r7's exploit for cve-2013-3205
2013-09-20 10:29:02 -05:00
6f5e528699
Remove author, all the credits go to corelanc0der and sinn3r
2013-09-20 10:27:37 -05:00
83f54d71ea
Add MS13-069 (CVE-2013-3205) IE ccaret object use-after-free
...
This module exploits a use-after-free vulnerability found in Internet Explorer,
specifically in how the browser handles the caret (text cursor) object. In IE's
standards mode, the caret handling's vulnerable state can be triggered by first
setting up an editable page with an input field, and then we can force the caret
to update in an onbeforeeditfocus event by setting the body's innerHTML property.
In this event handler, mshtml!CCaret::`vftable' can be freed using a document.write()
function, however, mshtml!CCaret::UpdateScreenCaret remains unaware aware of this
change, and still uses the same reference to the CCaret object. When the function
tries to use this invalid reference to call a virtual function at offset 0x2c, it
finally results a crash. Precise control of the freed object allows arbitrary code
execution under the context of the user.
The vuln works against IE8 on Win 7, but the current version of the custom spray
doesn't actually work well against that target. More work is needed before we can
add that target for sure. The reason a custom spray is needed is because the
document.write() function erases the typical spray routines we use like
js_property_spray, or the heaplib + substring one. Tried using an iframe too,
but onbeforeeditfocus event doesn't seem to work well in an iframe (does not
fire when innerHTML is used.)
2013-09-20 10:20:35 -05:00
bad6f2279d
Add OSVDB reference for openemr_sqli_privesc_upload
2013-09-20 09:41:23 -05:00
032b9115a0
removed the old exploit
2013-09-20 10:53:52 +02:00
187ab16467
many change in the code and replace at the correct place the module
2013-09-20 10:45:10 +02:00
7d17eef7a7
Updated several msftidy [WARNING] Spaces at EOL issues.
2013-09-19 20:35:08 -07:00
c3976e8315
Land #2364 - Update retab util
2013-09-19 22:24:45 -05:00
955365d605
Land #2391 - MS13-071 Microsoft Windows Theme File Handling Vulnerability
2013-09-19 22:21:09 -05:00
0eb838156b
Land #2390 - Use payload.encoded because BadChars are defined
2013-09-19 22:10:55 -05:00
9598853fee
Land #2389 - Fix use of Rex sockets from dlink modules
2013-09-19 22:09:53 -05:00
4abdf5ed15
Land #2398 - Use https://rubygems.org
2013-09-19 22:08:26 -05:00
2569259180
Land #2397 - cmd injection in Linksys WRT110 web interface.
2013-09-19 22:06:19 -05:00
8d70a9d893
Add more refs
2013-09-19 22:05:23 -05:00
262b44ff2f
Use HTTPS in our Gemfile.
2013-09-20 08:06:48 +07:00
Tod Beardsley
jvazquez-r7
William Vu
sinn3r
darknight007
Matt Andreko
OJ
Meatballs
dummys
Rick Flores (nanotechz9l)
Alexia Cole