jvazquez-r7
da362914e2
Fix indentation
2015-05-26 15:50:31 -05:00
jvazquez-r7
d78d04e070
Fix CVE-2014-0569
2015-05-26 15:49:22 -05:00
jvazquez-r7
e0a1fa4ef6
Fix indentation
2015-05-26 15:38:56 -05:00
jvazquez-r7
1742876757
Fix CVE-2014-0556
2015-05-26 15:30:39 -05:00
jvazquez-r7
a1538fc3ba
Update AS code
2015-05-26 15:18:01 -05:00
jvazquez-r7
f35d7a85d3
Adjust numbers
2015-05-21 15:56:11 -05:00
jvazquez-r7
a8e9b0fb54
Update ActionScript
2015-05-21 14:58:38 -05:00
jvazquez-r7
51bb4b5a9b
Add module for CVE-2015-0359
2015-05-07 17:00:00 -05:00
jvazquez-r7
582919acac
Add module for CVE-2015-0336
2015-05-05 17:25:19 -05:00
jvazquez-r7
b07a864416
Fix as indentation
2015-04-29 19:01:11 -05:00
jvazquez-r7
dbba466b5b
Add module for CVE-2014-8440
2015-04-29 17:52:04 -05:00
jvazquez-r7
28fac60c81
Add module for CVE-2015-0556
2015-04-15 14:08:16 -05:00
jvazquez-r7
91f5d0af5a
Add module for CVE-2014-0569
...
* Adobe flash, Integer overflow on casi32
2015-04-09 19:37:26 -05:00
jvazquez-r7
11c6f3fdca
Do reliable resolution of kernel32
2015-03-29 15:52:13 -05:00
jvazquez-r7
f84a46df63
Add module for CVE-2015-0313
2015-03-27 18:51:13 -05:00
jvazquez-r7
bb81107e51
Land #4927 , @wchen-r7's exploit for Flash PCRE CVE-2015-0318
2015-03-13 23:58:05 -05:00
sinn3r
2a25e2b2e1
Update Main.as
2015-03-13 11:40:16 -05:00
sinn3r
0ee0a0da1c
This seems to work
2015-03-13 04:43:06 -05:00
sinn3r
0c3329f69e
Back on track
2015-03-12 15:26:55 -05:00
sinn3r
43b90610b1
Temp
2015-03-11 13:53:34 -05:00
sinn3r
2a9d6e64e2
Starting point for CVE-2015-0318
2015-03-11 09:58:41 -05:00
jvazquez-r7
14c3848493
Delete useless comment
2015-03-09 16:59:10 -05:00
jvazquez-r7
cb72b26874
Add module for CVE-2014-0311
2015-03-09 16:52:23 -05:00
Brent Cook
af405eeb7d
Land #4287 , @timwr's exploit form CVS-2014-3153
2015-02-09 10:33:14 -06:00
jvazquez-r7
aa7f7d4d81
Add DLL source code
2015-02-01 19:59:10 -06:00
Brent Cook
89e5a2b892
disable -no-thumb, doesn't work with latest NDK?
2015-01-30 09:36:21 -06:00
Brent Cook
47cd5a3e59
Land #4562 , wchen-r7's Win8 NtApphelpCacheControl privilege escalation
2015-01-15 13:52:07 -06:00
sinn3r
7e1b8a1c83
Not needed anymore
2015-01-09 19:05:44 -06:00
sinn3r
c79589509c
Old comment
2015-01-09 19:04:50 -06:00
sinn3r
74e8e057dd
Use RDL
2015-01-09 19:02:08 -06:00
sinn3r
f998bfc246
Update exploit.cpp
2015-01-08 21:37:13 -06:00
sinn3r
eea6ccee1f
Source
2015-01-08 18:43:29 -06:00
OJ
844460dd87
Update bypass UAC to work on 8.1 and 2012
...
This commit contains a bunch of work that comes from Meatballs1 and
Lesage, and updates the bypassuac_inject module so that it works on
Windows 8.x and Windows 2012. Almost zero of the code in this module
can be attributed to me. Most of it comes from Ben's work.
I did do some code tidying, adjustment of style, etc. but other than
that it's all down to other people.
2015-01-08 15:39:19 +10:00
Tim
5c50a07c0f
futex_requeue
2014-12-01 03:49:22 +00:00
jvazquez-r7
7772da5e3f
Change paths, add makefile and compile
2014-11-30 21:06:11 -06:00
jvazquez-r7
b6306ef7a2
Move C source to exploits folder
2014-11-30 20:42:53 -06:00
jvazquez-r7
f43a6e9be0
Use PDWORD_PTR and DWORD_PTR
2014-10-31 17:35:50 -05:00
jvazquez-r7
6154b7d55f
Fix style again
2014-10-31 12:51:48 -05:00
jvazquez-r7
203af90a44
Fix style
2014-10-31 12:50:23 -05:00
jvazquez-r7
0c23733722
Use hungarian notation
2014-10-31 12:47:50 -05:00
jvazquez-r7
8e547e27b3
Use correct types
2014-10-31 12:37:21 -05:00
OJ
cbd616bbf5
A few sneaky style changes, but no functional ones
...
Changes were purely for style, and Juan was happy to let me make them
as part of the merge.
2014-10-31 09:08:11 +10:00
jvazquez-r7
6574db5dbb
Fix the 64 bits code
2014-10-30 17:01:59 -05:00
jvazquez-r7
03a84a1de3
Search the AccessToken
2014-10-30 12:17:03 -05:00
OJ
908094c3d3
Remove debug, treat warnings as errors
2014-10-28 09:04:02 +10:00
OJ
0a03b2dd48
Final code tidy
2014-10-28 08:59:33 +10:00
OJ
6f3b373f01
More code tidy and unifying of stuff
2014-10-28 08:37:49 +10:00
OJ
0e761575c8
More code tidying, reduced x64/x86 duplication
2014-10-28 08:09:18 +10:00
OJ
062eff8ede
Fix project settings, make files, start tidying of code
2014-10-28 07:58:19 +10:00
Spencer McIntyre
d6a63ccc5e
Remove unnecessary C debugging code for the exploit
2014-10-27 11:24:23 -04:00
Spencer McIntyre
46b1abac4a
More robust check routine for cve-2014-4113
2014-10-27 11:19:12 -04:00
jvazquez-r7
4406972b46
Do version checking minor cleanup
2014-10-27 09:32:42 -05:00
jvazquez-r7
0aaebc7872
Make GetPtiCurrent USER32 independent
2014-10-26 18:51:02 -05:00
jvazquez-r7
34697a2240
Delete 'callback3' also from 32 bits version
2014-10-26 17:28:35 -05:00
Spencer McIntyre
7416c00416
Initial addition of x64 target for cve-2014-4113
2014-10-26 16:54:42 -04:00
jvazquez-r7
d8eaf3dd65
Add exploit source code
2014-10-23 18:59:58 -05:00
HD Moore
8cca4d7795
Fix the makefile to use the right directory
...
Reported by severos on IRC, the current output
class is in the right place, but the makefile
was broken.
2014-08-03 13:38:15 -05:00
sinn3r
ce5d3b12e7
Land #3403 - MS13-097 Registry Symlink IE Sandbox Escape
2014-06-26 13:48:28 -05:00
jvazquez-r7
443f9f175c
Update IE11Sandbox exploit source
2014-06-03 09:58:07 -05:00
jvazquez-r7
372a12b966
Restore make.msbuild permissions
2014-06-03 09:07:34 -05:00
jvazquez-r7
98a06b3d72
Restore make.msbuild
2014-06-03 09:05:26 -05:00
jvazquez-r7
f918bcc631
Use powershell instead of mshta
2014-06-03 09:01:56 -05:00
jvazquez-r7
f6862cd130
Land @OJ's updated meterpreter binaries
2014-05-30 20:27:28 -05:00
OJ
d2b8706bd6
Include meterpreter bins, add Sandbox builds
...
This commit contains the binaries that are needed for Juan's sandbox
escape functionality (ie. the updated old libloader code). It also
contains rebuilt binaries for all meterpreter plugins.
I've also added command line build scripts for the sandbox escapes
and added that to the "exploits" build.
2014-05-31 08:12:34 +10:00
jvazquez-r7
c1368dbb4c
Use %windir%
2014-05-30 09:06:41 -05:00
jvazquez-r7
75777cb3f9
Add IE11SandboxEscapes source
2014-05-29 11:38:43 -05:00
jvazquez-r7
58c46cc73d
Add compilation instructions for the AS
2014-05-08 16:48:42 -05:00
jvazquez-r7
5fd732d24a
Add module for CVE-2014-0515
2014-05-07 17:13:16 -05:00
sinn3r
6bfc9a8aa0
Land #3333 - Adobe Flash Player Integer Underflow Remote Code Execution
2014-05-05 10:39:26 -05:00
OJ
7e37939bf2
Land #3090 - Windows NTUserMessageCall Win32k Kernel Pool Overflow (Schlamperei)
2014-05-04 16:41:17 +10:00
jvazquez-r7
b4c7c5ed1f
Add module for CVE-2014-0497
2014-05-03 20:04:46 -05:00
Meatballs
850f6b0276
Address OJ's comments
2014-05-02 13:33:55 +01:00
jvazquez-r7
60e7e9f515
Add module for CVE-2013-5331
2014-04-27 10:40:46 -05:00
jvazquez-r7
acb12a8bef
Beautify and fix both ruby an AS
2014-04-17 23:32:29 -05:00
jvazquez-r7
abd76c5000
Add module for CVE-2014-0322
2014-04-15 17:55:24 -05:00
OJ
409787346e
Bring build tools up to date, change some project settings
...
This commit brings the source into line with the general format/settings
that are used in other exploits.
2014-03-14 22:57:16 +10:00
kyuzo
41720428e4
Refactoring exploit and adding build files for dll.
2014-03-12 10:25:52 +00:00
kyuzo
2a1e96165c
Adding MS013-058 for Windows7 x86
2014-03-06 18:39:34 +00:00
Meatballs
7877589537
Delete correctly
2014-02-23 02:47:13 +00:00
Meatballs
6127ff92ce
Fix race condition
...
Wait for Sysprep to ExitProcess before cleaning up the DLLs...
2014-03-03 23:41:25 +00:00
Meatballs
2a6258be15
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
...
Conflicts:
external/source/exploits/make.bat
2014-02-28 20:26:24 +00:00
David Maloney
9d9149d9d8
remove some dead code paths
...
refactor some dead conditionals and a case/switch
that wasn't doing anything
2014-02-27 11:45:57 -06:00
OJ
4b924659b2
Adjust project config
...
* Remove editbin usage for console apps
* Remove whole program optimisation
2014-02-26 17:14:14 +10:00
OJ
10829299f5
Add make support for command line builds
2014-02-26 16:40:54 +10:00
OJ
eb3da1ce87
Editbin and post build steps
2014-02-26 16:36:55 +10:00
OJ
712f47cb4e
Remove Palm configuration from bypassuac config
2014-02-26 16:07:22 +10:00
OJ
9159512a3d
Fix VS 2013 build, remove old files, rejig project config
...
This wasn't building cleanly for a few reasons with VS 2013 on my desktop.
This commit fixes this problems with the configuration and makes things fit
with the way we're now doing things (ie. output locations, etc).
Incremental builds are disabled as they were causing problems, but this isn't
a concern for a project as small as this.
2014-02-26 16:05:24 +10:00
OJ
d37774e12d
Remove ARM config, add build to make for all exploits
2014-02-26 10:57:15 +10:00
Meatballs
8bdb22aeb9
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
...
Conflicts:
lib/msf/core/post/windows.rb
2014-02-25 22:15:05 +00:00
David Maloney
289580777c
remove unneccsary logging elements
...
update soloutions for VS2013
remove the CLogger
Remove Print Usage
this removes unneccsary strings that can
be used to easily identify our executable
2014-02-20 20:00:19 -06:00
Spencer McIntyre
0ac1acda70
Upgrade toolchain to Visual Studio 2013 v120.
2014-02-10 09:35:07 -05:00
Spencer McIntyre
01f41a209c
Remove the DLL and add make.msbuild for easier compiling.
2014-02-07 10:05:05 -05:00
Spencer McIntyre
f686385349
Remove an unnecessary VS file and modify version check.
2014-02-07 08:45:51 -05:00
Spencer McIntyre
cc32c877a9
Add CVE-2013-3881 win32k Null Page exploit
2014-02-06 17:23:38 -05:00
Meatballs
ea349e6618
Rm redundant solution file
2013-12-20 16:03:08 +00:00
OJ
0db062a1ce
Merge branch 'meatballs-vncdll-submodule'
2013-12-20 18:29:27 +10:00
OJ
0ebef33345
Quick fix to x64 kitrap0d project
...
Stops errors on debug builds, not that anyone cares.
2013-12-20 09:51:24 +10:00
OJ
e22b4ba88c
Add make script for nvidia nvsvc
2013-12-15 01:12:49 +00:00
OJ
0c82817445
Final changes before PR
2013-12-15 01:12:49 +00:00
OJ
db29af0f97
First batch of submodule refactorings
2013-12-15 01:12:48 +00:00
Meatballs
be4dae7db9
Forgot C changes
2013-12-15 01:12:48 +00:00
Meatballs
c6623b380a
Initial commit
2013-12-15 01:12:45 +00:00
Meatballs
ab1ddac0c8
Merge remote-tracking branch 'upstream/master' into submodule
...
Conflicts:
external/source/exploits/cve-2013-3660/dll/reflective_dll.vcxproj
2013-12-08 18:25:03 +00:00
Meatballs
496b017e33
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
2013-12-05 17:09:32 +00:00
Meatballs
dc0f2b7291
Use ExitProcess
2013-12-05 17:08:47 +00:00
Meatballs
6edd9aa736
Update for new ReflectiveDLL Submodule
2013-11-30 20:12:08 +00:00
Meatballs
cf12826d2c
Dont use xp toolchain
...
and dont bother editbin
2013-11-30 20:04:00 +00:00
Meatballs
d3a0199539
Update for new Reflective DLL Submodule
...
Update to VS2013 Toolsets
Include .msbuild and make.bat
Tidyup of if { }
Post build step to copy to output directory
2013-11-30 19:58:25 +00:00
Meatballs
915d741f86
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
...
Conflicts:
.gitmodules
external/source/ReflectiveDLLInjection
2013-11-30 19:10:04 +00:00
Meatballs
57342a9c0c
Merge remote-tracking branch 'upstream/master' into submodule
...
Conflicts:
.gitmodules
external/source/ReflectiveDLLInjection
2013-11-30 19:07:54 +00:00
OJ
defc0ebe5c
ppr_flatten_rec update, RDI submodule, and refactor
...
This commit contains a few changes for the ppr_flatten_rec local windows
exploit. First, the exploit binary itself:
* Updated to use the RDI submodule.
* Updated to build with VS2013.
* Updated to generate a binary called `ppr_flatten_rc.x86.dll`.
* Invocation of the exploit requires address of the payload to run.
Second, the module in MSF behaved a little strange. I expected it to create
a new session with system privs and leave the existing session alone. This
wasn't the case. It used to create an instance of notepad, migrate the
_existing_ session to it, and run the exploit from there. This behaviour
didn't seem to be consistent with other local exploits. The changes
include:
* Existing session is now left alone, only used as a proxy.
* New notepad instance has exploit reflectively loaded.
* New notepad instance has payload directly injected.
* Exploit invocation takes the payload address as a parameter.
* A wait is added as the exploit is slow to run (nature of the exploit).
* Payloads are executed on successful exploit.
2013-11-27 20:44:18 +10:00
OJ
468654d2b5
Add RDI submodule, port Kitrap0d
...
This commit is the first in a series that will move all the exploits that use RDI
over to the R7 fork. The RDI source will be in a single known location and each
exploit will have to work from that location.
The kitrap0d exploit has been migrated over to use this submodule so that there's
one example of how it's done for future contributions to follow.
2013-11-27 16:04:41 +10:00
jvazquez-r7
31b4e72196
Switch to soft tabs the cs code
2013-11-23 23:06:52 -06:00
jvazquez-r7
9f539bafae
Add README on the source code dir
2013-11-22 17:56:05 -06:00
jvazquez-r7
25eb13cb3c
Small fix to interface
2013-11-22 17:02:08 -06:00
jvazquez-r7
288a1080db
Add MS13-022 Silverlight app code
2013-11-22 16:53:06 -06:00
OJ
506a4d9e67
Remove genericity, x64 and renamed stuff
...
As per discussion on the github issue, the following changes were made:
* Project renamed from elevate to kitrap0d, implying that this is not
intended to be a generic local priv esc exploit container.
* Container DLL no longer generic, always calls the kitrap0d exploit.
* Removal of all x64 code and project configurations.
* Invocation of the exploit changed so that the address of the payload
is passed in to the exploit entry point. The exploit is now responsible
for executing the payload if the exploit is successful. This removes
the possibility of the payload getting executed when the exploit fails.
* Source moved to the appropriate CVE folder.
* Binary moved to the appropriate CVE folder.
* Little bit of source rejigging to tidy things up.
2013-11-14 12:22:53 +10:00
OJ
40f58ce534
Finalise the local exploit for kitrap0d
...
The exploit now properly injects the DLL using RDI and invokes the
exploit based on a parameter passed by the Ruby module. The elevate
code is 'generic' with a goal of possibly supporting more exploits
down the track.
New sessions are now created with the SYSTEM creds, rather than
modifying the existing session. This is now inline with how things
are done with other local modules.
2013-11-12 23:01:24 +10:00
OJ
6a25ba18be
Move kitrap0d exploit from getsystem to local exploit
...
This version modifies the existing meterpreter session and bumps the privs
up to SYSTEM. However it's not how local exploits are supposed to work.
More work will be done to make this create a new session with the elevated
privs instead.
2013-11-11 17:14:40 +10:00
Meatballs
b3cc9f6f1e
Use sysnative to delete the cryptbase.dll when in SYSWOW64 process.
...
Merge branch 'master' of github.com:Meatballs1/metasploit-framework into bypassuac_redo
Conflicts:
modules/exploits/windows/local/bypassuac.rb
2013-10-17 21:01:57 +01:00
Meatballs
2764bfc1b4
Remove opensdf
2013-09-27 10:19:16 +01:00
Meatballs
c3c07b5fd7
Better arch checking
2013-09-27 09:39:29 +01:00
Meatballs
dfac7b57d2
Fixup SysWOW64
2013-09-27 09:10:49 +01:00
Meatballs
b8df7cc496
Initialize strings fool
2013-09-27 09:01:00 +01:00
Meatballs
5bd414d4b4
Submodule
2013-09-26 23:19:13 +01:00
Meatballs
fc5e389708
Small changes to proj
2013-09-05 22:27:36 +01:00
Meatballs
81c78efaea
Example submodule
2013-09-05 22:00:04 +01:00
Meatballs
280f78c249
Update source
2013-08-30 10:48:47 +01:00
Meatballs
ff5cf396ab
Remove large file and rename payload.dll
2013-08-27 00:30:27 +01:00
Meatballs
035e97523b
In memory bypassuac
2013-08-27 00:13:19 +01:00
jvazquez-r7
795ad70eab
Change directory names
2013-08-15 22:52:42 -05:00
jvazquez-r7
cc5804f5f3
Add Port for OSVDB 96277
2013-08-15 18:34:51 -05:00
jvazquez-r7
c7361043ae
up to date
2013-07-17 11:47:06 -05:00
Meatballs
2634d33832
Forgot C changes
2013-07-06 09:30:09 +01:00
Meatballs
66c2b79177
Initial commit
2013-07-05 19:48:27 +01:00
jvazquez-r7
a4d353fcb3
Clean a little more the VS project
2013-06-29 15:15:27 -05:00
jvazquez-r7
de245113af
Wrap Reflective DLL Readme.md to 80 columns
2013-06-29 09:29:09 -05:00
jvazquez-r7
6878534d4b
Clean Visual Studio Project
2013-06-29 09:20:40 -05:00
jvazquez-r7
7725937461
Add Module for cve-2013-3660
2013-06-28 18:18:21 -05:00
jvazquez-r7
3c1af8217b
Land #2011 , @matthiaskaiser's exploit for cve-2013-2460
2013-06-26 14:35:22 -05:00
jvazquez-r7
b400c0fb8a
Delete project files
2013-06-25 12:58:39 -05:00
jvazquez-r7
d25e1ba44e
Make fixes proposed by review and clean
2013-06-25 12:58:00 -05:00
jvazquez-r7
b32513b1b8
Fix CVE-2013-2171 with @jlee-r7 feedback
2013-06-25 10:40:55 -05:00
sinn3r
74825af933
Add Makefile
2013-06-24 16:08:22 -05:00
sinn3r
6780566a54
Add CVE-2013-2171: FreeBSD 9 Address Space Manipulation Module
2013-06-24 11:50:21 -05:00
Matthias Kaiser
8a96b7f9f2
added Java7u21 RCE module
...
Click2Play bypass doesn't seem to work anymore.
2013-06-24 02:04:38 -04:00
jvazquez-r7
7090d4609b
Add module for CVE-2013-1488
2013-06-07 13:38:41 -05:00
jvazquez-r7
9fca89f70b
fix small issues
2013-04-20 01:43:14 -05:00
jvazquez-r7
c225d8244e
Added module for CVE-2013-1493
2013-03-26 22:30:18 +01:00
jvazquez-r7
f04df6300a
makefile updated
2013-02-21 13:44:37 +01:00
jvazquez-r7
da9e58ef79
Added the java code to get the ser file
2013-02-20 18:14:24 +01:00
jvazquez-r7
d88ad80116
Added first version of cve-2013-0431
2013-02-20 16:39:53 +01:00
jvazquez-r7
ee2fed8335
Merge branch 'master' of https://github.com/booboule/metasploit-framework into booboule-master
2013-01-24 16:18:06 +01:00
booboule
afa32c7552
Update external/source/exploits/cve-2012-5076_2/Makefile
...
Wrong directory path
2013-01-23 20:18:24 +01:00
booboule
d2b75ad005
Update external/source/exploits/cve-2012-5088/Makefile
2013-01-23 12:42:33 +01:00
jvazquez-r7
807bd6e88a
Merge branch 'java_jre17_glassfish_averagerangestatisticimpl' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-java_jre17_glassfish_averagerangestatisticimpl
2013-01-22 15:33:39 +01:00
jvazquez-r7
ef16a7fd24
cleanup
2013-01-17 21:45:13 +01:00
jvazquez-r7
670b4e8e06
cleanup
2013-01-17 21:39:41 +01:00
jvazquez-r7
78279a0397
Added new module for cve-2012-5076
2013-01-17 21:27:47 +01:00
jvazquez-r7
d0b9808fc7
Added module for CVE-2012-5088
2013-01-17 21:14:49 +01:00
jvazquez-r7
51f3f59d2f
cve and references available
2013-01-11 00:54:53 +01:00
jvazquez-r7
e503d596ed
code indention for exploit.java fixed
2013-01-10 20:34:58 +01:00
jvazquez-r7
876d889d82
added exploit for j7u10 0day
2013-01-10 20:30:43 +01:00
jvazquez-r7
133ad04452
Cleanup of #1062
2012-12-07 11:55:48 +01:00
jvazquez-r7
fd1557b6d2
Merge branch 'msi_elevated' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-msi_elevated
2012-11-28 21:49:36 +01:00
Meatballs1
bc9065ad42
Move MSI source and binary location
2012-11-27 18:12:49 +00:00
jvazquez-r7
5076198ba2
fixing bperry comments
2012-11-11 20:18:19 +01:00
jvazquez-r7
08cc6d56ec
updated java source
2012-11-11 20:11:33 +01:00
jvazquez-r7
c07701f61e
Makefile updated
2012-11-11 17:44:27 +01:00
jvazquez-r7
1528ccf423
added Makefile for java code
2012-11-11 17:43:57 +01:00
jvazquez-r7
8619c5291b
Added module for CVE-2012-5076
2012-11-11 17:05:51 +01:00
sinn3r
d37b52c9d3
Update source information
2012-08-30 17:48:02 -05:00
jvazquez-r7
363c0913ae
changed dir names according to CVE
2012-08-28 16:33:01 +02:00
jvazquez-r7
52ca1083c2
Added java_jre17_exec
2012-08-27 11:25:04 +02:00
sinn3r
f715527423
Improve CVE-2012-1535
2012-08-21 19:58:21 -05:00
sinn3r
13df1480c8
Add exploit for CVE-2012-1535
2012-08-17 12:16:54 -05:00
sinn3r
54576a9bbd
Last touch-up
...
The contents of this pull request are very similar to what the msf
dev had in private, so everybody is credited for the effort.
2012-07-10 00:37:07 -05:00
LittleLightLittleFire
956ec9d1da
added Makefile for CVE-2012-1723
2012-07-10 14:12:07 +10:00
LittleLightLittleFire
e9ac90f7b0
added CVE-2012-1723
2012-07-10 12:20:37 +10:00
jvazquez-r7
38abeeb235
changes on openfire_auth_bypass
2012-06-27 23:16:07 +02:00
jvazquez-r7
245205c6c9
changes on openfire_auth_bypass
2012-06-27 23:15:40 +02:00
h0ng10
6cc8390da9
Module rewrite, included Java support, direct upload, plugin deletion
2012-06-26 11:56:44 -04:00
h0ng10
65197e79e2
added Exploit for CVE-2008-6508 (Openfire Auth bypass)
2012-06-24 07:35:38 -04:00
jvazquez-r7
b891e868f5
Added actionscript and swf needed
2012-06-23 08:36:35 +02:00
Steven Seeley
fcf42d3e7b
added adobe flashplayer array indexing exploit (CVE-2011-2110)
2012-06-20 12:52:37 +10:00
jvazquez-r7
14d8ba00af
Added batik svg java module
2012-05-17 16:48:38 +02:00
sinn3r
f5e8f57497
Minor fixes
2012-04-19 18:07:35 -05:00
sinn3r
835d8b209d
clear whitespace
2012-04-12 01:08:22 -05:00
0a2940
654701f1b2
new file: data/exploits/CVE-2008-5499.swf
...
new file: external/source/exploits/CVE-2008-5499/Exploit.as
new file: modules/exploits/linux/browser/adobe_flashplayer_aslaunch.rb
2012-04-10 20:58:22 +01:00
James Lee
6b996ed9de
Add checks for data being null, too, just in case
2012-03-30 16:46:49 -06:00
James Lee
b424475774
Add a makefile
...
Compiles with an old -target so it will work on older JVMs
2012-03-30 16:25:47 -06:00
sinn3r
e018c6604f
Modify CVE-2012-0507
2012-03-30 02:06:56 -05:00
sinn3r
791ebdb679
Add CVE-2012-0507 (Java)
2012-03-29 10:31:14 -05:00
sinn3r
befb60217c
Add CVE-2012-0754 .as source
2012-03-07 19:25:51 -06:00
juan
e69037959f
Added CVE-2010-0842
2012-02-15 23:32:31 +01:00
scriptjunkie
1e811aed02
Adds scriptjunkie's multilingual admin fie for pxexploit
...
Also removes duplicated code between external/source/exploits/pxesploit
and external/source/pxesploit.
[Closes #63 ]
Squashed commit of the following:
commit 325f52527233ded1bf6506c366ec8cb9efdc2610
Author: scriptjunkie <scriptjunkie@scriptjunkie.us>
Date: Fri Dec 16 12:14:18 2011 -0600
Jetzt auf Deutsch! y español! 中國人!
[update pxexploit to resolve administrators' group name rather than assume the English 'Administrators']
Also remove duplicate/old pxexploit source code from the tree.
2011-12-23 12:24:45 -06:00
sinn3r
e7c179d0b5
The more description the better
2011-12-01 03:03:37 -06:00
sinn3r
9e71be8ed0
Add source for CVE-2011-3544
2011-11-29 18:04:31 -06:00
Matt Buck
16f45fc894
Add empty directories from svn repo.
2011-11-09 18:41:40 -06:00
Matt Weeks
971b6f96f6
pxesploit update; compatibility with x64, compatibility with different windows versions.
...
Still no custom payload yet.
git-svn-id: file:///home/svn/framework3/trunk@12430 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-25 02:51:07 +00:00