Commit Graph

362 Commits (0eab2fa98d3e0ba07042c29362747c96c29e8940)

Author SHA1 Message Date
Joshua Drake 5ef4545a1b fd.read -> fd.read(fd.stat.size)
git-svn-id: file:///home/svn/framework3/trunk@7903 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-17 05:22:40 +00:00
Joshua Drake b37c34579b add exploit module for cve-2009-3869
NOTE: no policy change is required for this exploit to succeed.



git-svn-id: file:///home/svn/framework3/trunk@7899 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-17 04:52:40 +00:00
James Lee 115899d24d add minver and maxver. slightly tricky because the vuln affects moz 1.7 and ff 1.0
git-svn-id: file:///home/svn/framework3/trunk@7886 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 21:54:24 +00:00
James Lee 008c72e255 add proper version
git-svn-id: file:///home/svn/framework3/trunk@7885 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 21:49:32 +00:00
Joshua Drake 56c2d32b1e typo fix
git-svn-id: file:///home/svn/framework3/trunk@7883 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 20:37:15 +00:00
James Lee 48c3709a25 correct maxver
git-svn-id: file:///home/svn/framework3/trunk@7879 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 18:46:53 +00:00
James Lee 0cf566c0b9 fixes 688. better return address for greater reliability, works against FF-1.0.4 and Moz-1.7.1 on XPSP3 and 2kAS-SP0
git-svn-id: file:///home/svn/framework3/trunk@7865 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 23:27:28 +00:00
Joshua Drake f1a975a14e fix typo, remove automatic target
git-svn-id: file:///home/svn/framework3/trunk@7834 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-12 21:44:04 +00:00
Joshua Drake 34408c5e3e add exploit module for CVE-2009-3867 (JRE getSoundbank)
git-svn-id: file:///home/svn/framework3/trunk@7827 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-11 21:18:31 +00:00
Joshua Drake ff83f1cd2f add ranking to every exploit module, pfew!
git-svn-id: file:///home/svn/framework3/trunk@7724 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-06 05:50:37 +00:00
James Lee 8e0eef03c6 see #594. remove some extraneous junk, don't run the shell in a terminal (it dies immediately). space is the only badchar. still doesn't actually work without a modification to encoder/cmd/generic_sh.
git-svn-id: file:///home/svn/framework3/trunk@7680 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-03 09:09:56 +00:00
HD Moore b0403cfde2 OSVDB references from Steve Tornio
git-svn-id: file:///home/svn/framework3/trunk@7658 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-01 16:44:25 +00:00
HD Moore 61e233df91 Keywords on all modules, plugins, and scripts
git-svn-id: file:///home/svn/framework3/trunk@7550 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-17 00:05:19 +00:00
HD Moore d3aa513773 Fixes #339. Cleans up author names for the most part - there are still some stragglers, but this should fix up the frequent contributors
git-svn-id: file:///home/svn/framework3/trunk@7173 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-17 05:55:15 +00:00
Mario Ceballos aae4ac74c1 more adjusting of the cve entries.
git-svn-id: file:///home/svn/framework3/trunk@7157 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-14 12:56:13 +00:00
Mario Ceballos 8e365c17fa fixed the cve entrys.
git-svn-id: file:///home/svn/framework3/trunk@7156 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-14 11:45:14 +00:00
HD Moore 5972666f63 See #339. Massive cleanup of author names, make them consistent across modules
git-svn-id: file:///home/svn/framework3/trunk@7075 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-27 21:30:45 +00:00
James Lee 9ace8f33eb OSVDB references from Steve Tornio
git-svn-id: file:///home/svn/framework3/trunk@7030 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-12 04:22:58 +00:00
HD Moore 71d644e72e Fix the Payload->Space to match the new max size limit for the EXE generator. Thanks for catching it MC
git-svn-id: file:///home/svn/framework3/trunk@7022 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-09 21:23:11 +00:00
James Lee e16647db74 make sure we're running on opera so we don't 404 on a suspicous-looking url if it isn't
git-svn-id: file:///home/svn/framework3/trunk@6963 4d416f70-5f16-0410-b530-b9f4589650da
2009-08-18 05:10:11 +00:00
James Lee bd2da7c12a revert overzealous commit
git-svn-id: file:///home/svn/framework3/trunk@6961 4d416f70-5f16-0410-b530-b9f4589650da
2009-08-18 04:53:35 +00:00
James Lee 08d50e0a5b fix a bug in colorization where %c gets replaced before %cya; wouldn't have been a problem until colorization gets put back in
git-svn-id: file:///home/svn/framework3/trunk@6960 4d416f70-5f16-0410-b530-b9f4589650da
2009-08-18 04:49:16 +00:00
James Lee c29af0197a make opera_historysearch work in an iframe and speed it up so it is less likely to tip off a user
git-svn-id: file:///home/svn/framework3/trunk@6915 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-28 11:08:50 +00:00
HD Moore 876a80f601 Updated osvdb references from Steve Tornio, updated capture/eth_spoof modules
git-svn-id: file:///home/svn/framework3/trunk@6907 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-27 14:05:23 +00:00
James Lee e805bbc3aa remove stupid debug alert
git-svn-id: file:///home/svn/framework3/trunk@6882 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-23 08:58:51 +00:00
James Lee 739207bf4a merge browser_autopwn back into trunk. This changes the database schema slightly, so make sure to db_destroy and db_create before using the database features.
git-svn-id: file:///home/svn/framework3/trunk@6873 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-22 20:14:35 +00:00
HD Moore e70ac6cc19 Added a new set of match flags for cmd injection exploits (RequiredCmds). This reduces the number of 'bad' payloads listed for explot modules. A good example is disabling the netcat -e payloads for old Solaris exploits
git-svn-id: file:///home/svn/framework3/trunk@6854 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-21 15:20:35 +00:00
James Lee 529ded22ae reverting last commit; somebody didn't cross their fingers
git-svn-id: file:///home/svn/framework3/trunk@6847 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-19 20:48:47 +00:00
James Lee c3dc1ecb55 reintegrate browser_autopwn into trunk; cross your fingers and hope this works
git-svn-id: file:///home/svn/framework3/trunk@6846 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-19 17:27:36 +00:00
HD Moore 309acbaa22 Remove extraneous comma
git-svn-id: file:///home/svn/framework3/trunk@6833 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-18 00:27:15 +00:00
HD Moore 282bcb4fae Updated with osvdb and bid references.
git-svn-id: file:///home/svn/framework3/trunk@6832 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-18 00:15:48 +00:00
HD Moore 2d319e9b5b Updated to work better on OS X and avoid 'script is taking too long' errors on all platforms
git-svn-id: file:///home/svn/framework3/trunk@6830 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-17 23:57:59 +00:00
HD Moore 99bc63b11d Adds support for Mac OS X intel (use the vforkshell payloads)
git-svn-id: file:///home/svn/framework3/trunk@6828 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-17 21:28:59 +00:00
HD Moore f8c2a203fd OSVDB references updates from Steve Tornio
git-svn-id: file:///home/svn/framework3/trunk@6812 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-16 16:02:24 +00:00
HD Moore 6624dbd5ff Adds coverage for SBerry's Firefox 3.5 exploit (win32 only atm).
git-svn-id: file:///home/svn/framework3/trunk@6803 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-14 21:59:35 +00:00
James Lee d84c87fa36 updated version info and disclosure date for opera_historysearch
git-svn-id: file:///home/svn/framework3/trunk@6788 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-13 23:12:25 +00:00
James Lee 3e072dd66e add Opera historysearch module; works on linux, windows will come later
git-svn-id: file:///home/svn/framework3/trunk@6777 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-13 07:48:12 +00:00
HD Moore 2ec7693d94 Fix up the modules to pass in the framework object into the new API call
git-svn-id: file:///home/svn/framework3/trunk@6687 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-20 18:18:04 +00:00
HD Moore 2283e0ffe4 Update executable template and API
git-svn-id: file:///home/svn/framework3/trunk@6682 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-20 17:42:17 +00:00
HD Moore b8efb1bbf9 Add Stephen Fewer's shiny exploit for the Java deserialization flaw
git-svn-id: file:///home/svn/framework3/trunk@6664 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-16 17:19:44 +00:00
HD Moore a5f567e76e Massive OSVDB reference update from Steve Tornio.
git-svn-id: file:///home/svn/framework3/trunk@6629 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-07 20:20:42 +00:00
HD Moore b7cac075e0 Adds the itunes overflow from Will Drewry: http://redpig.dataspill.org/2009/05/drive-by-attack-for-itunes-811.html
git-svn-id: file:///home/svn/framework3/trunk@6627 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-05 02:30:24 +00:00
HD Moore 9d8581a17e More osvdb references from Steve Tornio
git-svn-id: file:///home/svn/framework3/trunk@6550 4d416f70-5f16-0410-b530-b9f4589650da
2009-05-13 17:39:42 +00:00
kris 37c2e301ed replacing defunct framework URL in header comments in most modules and pcap_log
git-svn-id: file:///home/svn/framework3/trunk@6479 4d416f70-5f16-0410-b530-b9f4589650da
2009-04-13 14:33:26 +00:00
Ramon de C Valle f124597a56 Code cleanups
git-svn-id: file:///home/svn/framework3/trunk@5773 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-19 21:03:39 +00:00
HD Moore fd256ec4a1 This massive commit changes the metasploit 3 module format. The new syntax allows for greater scalability and future improvements to the metasploit module loader. This change also makes it easier for users to add new modules, since the class name no longer needs to match the directory structure.
git-svn-id: file:///home/svn/framework3/trunk@5709 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-02 05:23:59 +00:00
James Lee 6e212a5981 I'm on crack. mozilla_navigatorjava is the one that works on 1.5.0.5; reverting from 5559
git-svn-id: file:///home/svn/framework3/trunk@5562 4d416f70-5f16-0410-b530-b9f4589650da
2008-07-22 06:02:03 +00:00
James Lee 324703669b typo fix -- really works on <1.5.0.5, not <1.0.5
git-svn-id: file:///home/svn/framework3/trunk@5559 4d416f70-5f16-0410-b530-b9f4589650da
2008-07-19 05:04:33 +00:00
James Lee a0a203fba7 don't hang the browser building the exploit buffer if we can't exploit it
git-svn-id: file:///home/svn/framework3/trunk@5558 4d416f70-5f16-0410-b530-b9f4589650da
2008-07-19 05:03:01 +00:00
James Lee 8800372e46 initial commit of browser_autopwn;
revamp php payloads;
socks5 for IPv6 (untested)



git-svn-id: file:///home/svn/framework3/trunk@5546 4d416f70-5f16-0410-b530-b9f4589650da
2008-07-01 01:44:56 +00:00
HD Moore cad72d16e4 Add the stackadjustment parameter
git-svn-id: file:///home/svn/framework3/trunk@5214 4d416f70-5f16-0410-b530-b9f4589650da
2007-12-04 20:13:50 +00:00
HD Moore 04c6dbc748 Updated svn:keywords
git-svn-id: file:///home/svn/framework3/trunk@5100 4d416f70-5f16-0410-b530-b9f4589650da
2007-09-10 01:01:20 +00:00
HD Moore d35adad50e Revision 1, still some bugs to work out
git-svn-id: file:///home/svn/framework3/trunk@4977 4d416f70-5f16-0410-b530-b9f4589650da
2007-05-29 22:56:18 +00:00
HD Moore 3453b58820 Consistent use of handler(cli), removed the autofilter and dependency check stubs
git-svn-id: file:///home/svn/framework3/trunk@4646 4d416f70-5f16-0410-b530-b9f4589650da
2007-04-04 04:37:30 +00:00
HD Moore abbeb2e87e Adding an Id tag and a standard header to all modules
git-svn-id: file:///home/svn/framework3/trunk@4419 4d416f70-5f16-0410-b530-b9f4589650da
2007-02-18 00:10:39 +00:00
HD Moore ea204ee0ff API change for the HTML mixin, the send_response method is no longer overloaded, instead exploits must call send_response_html to enable HTML evasion. The old method caused problems when a exploit needed HTML and non-HTML response capabilities
git-svn-id: file:///home/svn/framework3/trunk@4173 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-10 03:26:53 +00:00
HD Moore c3876b6dd6 Updates for the autopwn stuff...
git-svn-id: file:///home/svn/framework3/trunk@3906 4d416f70-5f16-0410-b530-b9f4589650da
2006-09-17 08:00:37 +00:00
HD Moore 6a821b59f9 Removed alert() :-)
git-svn-id: file:///home/svn/framework3/trunk@3785 4d416f70-5f16-0410-b530-b9f4589650da
2006-07-31 02:51:43 +00:00
HD Moore e55cff59e1 Fixed Rex::Arch.endian()
Added Rex::Text.to_unescape()
Added two mozilla exploits
Fixed firefox exploit to use new api




git-svn-id: file:///home/svn/framework3/trunk@3784 4d416f70-5f16-0410-b530-b9f4589650da
2006-07-31 02:50:41 +00:00
HD Moore 615104b6ab Other licensing updates (MSF->BSD) and minor cleanups
git-svn-id: file:///home/svn/incoming/trunk@3637 4d416f70-5f16-0410-b530-b9f4589650da
2006-05-06 16:43:45 +00:00
HD Moore bd862a5049 Mods
git-svn-id: file:///home/svn/incoming/trunk@3570 4d416f70-5f16-0410-b530-b9f4589650da
2006-03-12 02:06:57 +00:00
HD Moore 5d284866d9 Fixed
git-svn-id: file:///home/svn/incoming/trunk@3568 4d416f70-5f16-0410-b530-b9f4589650da
2006-03-10 08:03:14 +00:00