26792975eb
Refactor of code to reduce duplication
...
Add mixin for the stageless http preparation
2015-03-30 13:18:56 +10:00
f8851551c5
Add initial x64 stageless meterrpeter module
2015-03-30 11:23:51 +10:00
ce8f6d72e1
More work on x64 stageless
...
Testing with HD's new changes that allow for generation of larger x64
payloads
2015-03-30 09:51:04 +10:00
28b9e89963
removed duplicate "uses" from description
2015-03-29 19:40:31 -04:00
17dc2b184d
Merging upstream/master
2015-03-30 09:12:20 +10:00
c430e5fab1
@m7x forgot to put a reference in
2015-03-29 02:13:31 +01:00
de2bf0181c
add first pass at gallerywd sqli scanner
2015-03-28 16:15:51 -05:00
9f0483248c
add TARGETURI datastore option
2015-03-28 15:46:41 -05:00
2ed9489f38
Delete load line
2015-03-28 20:31:35 +00:00
99f79e8533
Use incognito token stealing rather than process migration if we have
...
the privileges required for successful impersonation.
2015-03-28 20:31:35 +00:00
f83f4ae764
Move hashdump to gather
2015-03-28 20:31:35 +00:00
e2af15a0df
Refactor MSSQL Post
2015-03-28 20:31:35 +00:00
1558190a9d
Add module mssql_local_hashdump
2015-03-28 20:31:35 +00:00
6ede476423
Update joomla_ecommercewd_sqli_scanner.rb
2015-03-28 08:38:12 -05:00
ef8c0aac69
Land #5020 , spelling fixes for some modules
2015-03-28 00:36:04 -05:00
0dbd8544b4
Update joomla_ecommercewd_sqli_scanner.rb
2015-03-27 21:20:59 -05:00
31be47d5bc
Create joomla_ecommercewd_sqli_scanner.rb
2015-03-27 20:25:33 -05:00
f84a46df63
Add module for CVE-2015-0313
2015-03-27 18:51:13 -05:00
9cfafdd8b8
Land #4649 , improve post/windows/manage/run_as and as an exploit
2015-03-27 17:31:30 -05:00
4f4bf9debb
paylod vs payload
2015-03-27 11:55:15 -07:00
0a8fe781d1
paylod vs payload
2015-03-27 11:54:14 -07:00
5ba614a325
payloda vs payload
2015-03-27 11:53:20 -07:00
2d81460583
Explot vs Exploit
2015-03-27 11:37:11 -07:00
f129347b51
Filed vs Failed fix
2015-03-27 11:28:50 -07:00
48484c1f09
Filed vs Failed fix
2015-03-27 11:27:36 -07:00
3e104fd8e6
Add Directory Traversal for RIPS Scanner
2015-03-27 05:08:43 -03:00
f996c5a888
Update description
2015-03-27 02:31:36 -05:00
67dc46791d
Limit the module to IE 8 and IE9
2015-03-27 02:30:04 -05:00
f88d9651b6
I don't think it's worth putting the js in ie_addons.js
2015-03-27 02:26:50 -05:00
bd2763292a
Properly credit Soroush Dalili
2015-03-26 23:36:16 -05:00
560f31c34d
Minor changes
2015-03-26 23:29:44 -05:00
68624dd56e
Final for ie_files_disclosure.rb
2015-03-26 22:49:22 -05:00
b0b17775c2
First working version
2015-03-26 21:53:26 -05:00
e0568e95c2
Land #4978 @zerosteiner adds reverse https for python meterpreter
2015-03-26 19:16:46 -05:00
955c0557e0
Land #4988 , Relative URL for ms14_064_ole_code_execution
2015-03-26 13:36:37 -05:00
d81a246660
target_uri
2015-03-26 12:16:20 +01:00
b7f469b747
feedback
2015-03-26 07:39:36 +01:00
10e8cefd6d
Pymet dont validate ssl certs for 2.7.9/3.4.3
2015-03-25 19:49:42 -04:00
68cb766681
Land #5007 , Ruby 1.9+ syntax
2015-03-25 16:11:53 -05:00
632879ceb6
Land #5001 , wp_easycart_privilege_escalation CVE
2015-03-25 13:54:44 -05:00
d84c48cb7d
Use newer hash syntax
2015-03-25 13:39:34 -05:00
72a0909e9b
Land #4992 , @wchen-r7's support for multiple ActiveX controls on BrowserExploitServerMerge
2015-03-25 13:30:36 -05:00
0540e25db2
Calculate the java/rmi/registry/RegistryImpl_Stub hash dinamically
2015-03-25 11:29:07 -05:00
356e8c727c
Add specs for Msf::Java::Rmi::Client::Jmx::Server
2015-03-24 18:56:58 -05:00
7a0fe05803
Add CVE-ID to module references
2015-03-24 22:30:43 +00:00
7bf00f8f47
Land #4789 , @rastating WPLMS wordpress module
2015-03-24 20:46:38 +01:00
39e87f927a
Make code consistent
2015-03-24 11:44:26 -05:00
49a6057f74
Grammaring harder
2015-03-24 11:10:36 -05:00
7c456f2ad8
Land #4993 , ams_xfr "payload_exe" NameError fix
2015-03-24 00:51:49 -05:00
8255e7a2dc
Fix #4987 - undef payload_exe for ams_xfr
...
Fix #4987
2015-03-24 00:42:22 -05:00
3dac6377d0
Fix #4983 , bad copy pasta'd deprecation year
2015-03-24 00:34:54 -05:00
fadac30f00
Fix deprecated year
2015-03-24 00:34:38 -05:00
6353154865
Land #4983 , renamed WordPress modules
2015-03-23 23:49:40 -05:00
e338b77389
Readd and deprecate renamed WordPress modules
2015-03-23 23:48:56 -05:00
db243a8225
x360_video_player_set_text_bof actually uses SetText for ActiveX
2015-03-23 23:36:20 -05:00
3248f02c2c
These exploits use :activex, so I update the usage for them
2015-03-23 19:34:24 -05:00
04341bfc78
Support JMX_ROLE again
2015-03-23 17:32:26 -05:00
1869977921
Land #4962 : OJ adjusts MSF to new metsrv needs
...
bump meterpreter bins to 0.0.17
2015-03-23 17:18:06 -05:00
d8d4c23d60
JMX code refactoring
2015-03-23 17:06:51 -05:00
24d74b26e3
Beginning work for stageless x64 meterpreter
2015-03-24 06:50:06 +10:00
962bb670de
Remove old JMX mixin
2015-03-23 15:48:10 -05:00
89e27d98ab
Use relative URL to GET payload for WinXP
...
Relative URLs are simpler, and allow the exploit to work on attack machines in NAT environments. Example: attack machine is NATed and does not have a DNS hostname. SRVHOST must be 0.0.0.0 but the victim cannot access the attacker from Rex::Socket.source_address
2015-03-23 14:40:06 -05:00
21a97c0926
Add exploit for R7-2015-04, Firefox Proxy RCE
2015-03-23 13:44:41 -05:00
156520338d
Making some changes to how BES handles ActiveX
2015-03-23 12:21:27 -05:00
79068c8ec2
Delete JMX discovery stream
2015-03-23 10:21:37 -05:00
b191f92713
Renamed WordPress files to fit majority naming convention.
2015-03-23 18:15:04 +11:00
9c9d333a1b
Create verify ssl mixin, adjust some formatting
2015-03-23 13:21:08 +10:00
2d1adf6ef4
Land #4923 , @m-1-k-3's exploit for overflow on belkin routers
2015-03-22 02:05:35 -05:00
ee74bb3c5b
The default concat operator should be ok
2015-03-22 02:05:02 -05:00
5499b68e02
Do code cleanup
2015-03-22 01:58:32 -05:00
a407bc8d65
Fix the reverse_https stager CachedSize for the spec
2015-03-21 13:05:44 -04:00
7282968d8a
Python reverse HTTPS stager
2015-03-21 12:43:14 -04:00
07b82ec640
Land #4974 , minishare_get_overflow WfsDelay change
2015-03-20 18:55:58 -05:00
859b54f8a3
Land #4956 , Qualys' Exim GHOST module
2015-03-20 18:44:30 -05:00
8c3e39acf0
Land #4847 @rastating's module for WordPress WP EasyCart privilege escalation
2015-03-20 18:23:05 -05:00
349d7cb9ee
Do minor cleanup
2015-03-20 18:20:45 -05:00
921b9eab8e
Update minishare_get_overflow.rb
...
set WfsDelay 30
2015-03-20 23:42:54 +01:00
4004771aed
Land #4972 , minishare_get_overflow targets
...
Windows 2003 SP1 English and Windows 2003 SP2 English.
2015-03-20 17:27:34 -05:00
6f51946aa0
Land #4969 , GitLab module references
2015-03-20 17:26:51 -05:00
99f3de0843
Clean up info hash formatting
2015-03-20 17:26:21 -05:00
505ecd32fb
Update minishare_get_overflow.rb
...
Windows 2003 SP1 English, Windows 2003 SP2 English
2015-03-20 23:09:50 +01:00
1226b3656f
Land #4945 , @wchen-r7's login scanner for Symantec web gateway
2015-03-20 14:44:05 -05:00
2f35fcff99
Fix require
2015-03-20 14:43:42 -05:00
8ee520e749
Add reference
2015-03-20 19:17:34 +00:00
b19f766728
Land #4942 , Gitlab Login Scanner
2015-03-20 13:02:12 -05:00
a2ce14a31e
Land #4941 , Gitlab Unauth User Enumeration
2015-03-20 12:28:35 -05:00
235124a40a
Fix typo
2015-03-20 12:27:23 -05:00
84164b44b2
Should also rescue JSON::ParserError for banner parsing
2015-03-20 12:27:02 -05:00
0c2ed21e90
Land #4318 , Lateral movement through PSRemoting
2015-03-20 11:39:35 -05:00
23d8479683
Fix typo
2015-03-20 11:39:00 -05:00
0da79edb9c
Add a print_status to let the user know the module is over
...
If I have to run the module as a job, sometimes I can't tell if
the module has finished running or not.
2015-03-20 11:35:18 -05:00
1b67a06d35
No banner var
2015-03-20 02:26:59 -05:00
b55ffc9ff1
Change option to FORCE_EXPLOIT
2015-03-20 01:44:10 -05:00
fd4ad9bd2e
Rework changes on top of HD's PR
...
This commit removes duplication, tidies up a couple of things and puts
some common code into the x509 module.
2015-03-20 13:06:57 +10:00
7b4161bdb4
Update code to handle cert validation properly
...
This code contains duplication from HD's PR. Once his has been landed
this code can be fixed up a bit so that duplication is removed.
2015-03-20 12:52:47 +10:00
7eec88c086
Land #4957 , glassfish_login symbol cleanup
2015-03-19 21:20:33 -05:00
b839547dc3
Add documentation for Registry modules and methods
2015-03-19 17:57:21 -05:00
a7f1244251
Finish the java_rmi_registry gather module
2015-03-19 17:33:45 -05:00
94ab2f94fd
Remove symbols that aren't used
...
These symbols belong to the AuthBrute mixin, but we are not using
AuthBrute for login testing.
2015-03-19 14:14:01 -05:00
d8539ef91a
Change datastore option's description
2015-03-19 12:22:42 -05:00
a2ba81f84f
This should be true (required)
2015-03-19 11:54:03 -05:00
d8c8bd1669
Move the details to a wiki
2015-03-19 11:52:17 -05:00
5c3134a616
Add first support to gather information from RMI registries
2015-03-19 11:16:04 -05:00
7899881416
Update POSIX bins from master
2015-03-19 14:50:14 +10:00
1a2f35d806
Land #4951 : Dynamic URI generation for Java/Python reverse_http(s)
2015-03-19 12:41:20 +10:00
076f15f933
Land #4792 @jakxx Publish It PUI file exploit
2015-03-18 20:59:54 -04:00
3f8ed56a9a
Add available space to the payload info
2015-03-18 20:57:58 -04:00
6ceab3d02d
Add a DisclosureDate
2015-03-18 23:51:18 +00:00
968a8758ad
Add CVE-2015-0235 Exim GHOST (glibc gethostbyname) Buffer Overflow
...
This was originally written by Qualys
2015-03-18 18:51:16 -05:00
b33e7f477c
Land #4947 , h0ng10's TWiki exploit.
2015-03-18 17:17:34 -05:00
346b1d539f
Revert Java back to static size for cache purposes (less cpu usage on startup)
2015-03-18 16:24:01 -05:00
33bbf7cb7e
Dynamic URI generation for python/java http(s) stagers
2015-03-18 16:08:11 -05:00
ae84c8ee30
Delete even more comments
2015-03-18 15:55:52 -05:00
f956ba1a46
Do first JMX cleaning try
2015-03-18 15:37:07 -05:00
7ae97393e0
fix x64/reverse_https stager shellcode
2015-03-18 15:34:31 -04:00
e943cb550f
Land #4585 : CVE-2015-0975 XXE in OpenNMS
2015-03-18 22:34:52 +10:00
d1a2f58303
Fix of regex for file capture and format tweaks
2015-03-18 22:17:44 +10:00
5dd718e4fa
Better description
2015-03-18 09:51:51 +01:00
00de437918
Initial commit
2015-03-18 09:45:08 +01:00
fa7242388b
Move the module to the correct location
2015-03-18 18:18:54 +10:00
b62da42927
Merge branch 'master' into feature/add-proxies-to-wininet
2015-03-18 01:51:15 -05:00
c607cf7b11
Merging master
2015-03-18 01:45:44 -05:00
ef443c83b9
Fix overgreed search/replace
2015-03-18 01:21:53 -05:00
f7a06d8e44
Rework PROXY_{HOST|PORT|TYPE|USERNAME|PASSWORD) to the new syntax
2015-03-18 01:15:32 -05:00
87a489907c
Place an IPv6 proxy IP between brackets
2015-03-18 01:01:16 -05:00
259db269bd
Remove user/pass and invalid class from the options
2015-03-18 01:01:16 -05:00
2ab14e7e79
Adds IPv6 and option-related issues with the previous patch
2015-03-18 01:01:10 -05:00
0601946830
Don't mandate and default PROXY_HOST (miscopy from the proxy stager)
2015-03-18 01:00:04 -05:00
85fb534e63
Fix up the offset detection again, cleanup redundant code
2015-03-18 00:59:25 -05:00
2f13988d7b
Use OptPort vs OptInt and cleanup the description
2015-03-18 00:59:25 -05:00
a01be365b0
Rework PROXYHOST/PROXYPORT to PROXY_HOST/PROXY_PORT
...
This also cleans up the windows reverse_https_proxy stager.
2015-03-18 00:59:13 -05:00
14be07a2c4
Update java_rmi_server modules
2015-03-17 21:29:52 -05:00
b197b7aaf0
Additional Updates
...
-Removed unused mixin
-Cleaned up Module name
-Cleaned up author name
2015-03-17 19:24:13 -04:00
bd4738b93e
Land #4827 , capture and nbns fixups
2015-03-17 17:37:55 -05:00
d7fa0ec669
Let IPAddr#hton do the calculating
2015-03-17 17:36:45 -05:00
085e6cc815
Implemented Recommended Changes
...
-corrected spelling error
-set only option to required
-dumped header data to included file
-Used Rex for jmp values
2015-03-17 16:39:56 -04:00
1242404085
Delete comment
2015-03-17 14:18:07 -05:00
d1d6378179
Land #4566 , Misfortune Cookie scanner improvements
2015-03-17 12:32:35 -05:00
f95b783193
I don't need these eitehr
2015-03-17 11:33:49 -05:00
ebe7ad07b0
Add specs, plus modify java_rmi_server modules
2015-03-17 11:26:27 -05:00
0490af8ba8
Added error checks, randomness, and uuid delimeter
2015-03-17 10:20:22 -04:00
f3fc4003d0
typo
2015-03-17 10:19:40 -04:00
b92d243c0e
Merge branch 'module-cve-2015-0975' of https://github.com/jstnkndy/metasploit-framework into module-cve-2015-0975
2015-03-17 10:18:32 -04:00
e0a7f531cc
Added error checking, randomness, uuid delimiters
2015-03-17 10:10:51 -04:00
e1ebc6c7fe
Update date, remove URL (will replace later)
2015-03-17 12:50:47 +00:00
0cd85cb052
Correct capitilzation of GitLab
2015-03-17 11:33:57 +00:00
d18224e3cb
Correct capitilzation of GitLab
2015-03-17 11:32:14 +00:00
f4a1e981ab
Add gitlab login scanner
2015-03-17 11:19:23 +00:00
878247f495
Small modifications
2015-03-17 10:03:32 +00:00
f1d5d8f1ce
Store to loot as well
2015-03-17 09:55:28 +00:00
9f40826f8e
Store creds in database
2015-03-17 09:17:08 +00:00
3830e71257
Catch 7.5 401
2015-03-17 09:17:08 +00:00
1b565b0290
Check revision
2015-03-17 09:17:07 +00:00
7216f2a971
Initial commit
2015-03-17 09:17:07 +00:00
14296826f7
A cleaner way to set datastore options
2015-03-17 03:07:49 -05:00
ff58f7d270
Add Symantec Web Gateway Login Module
2015-03-17 02:51:57 -05:00
0a37df67a0
Add initial support for better RMI calls
2015-03-16 23:44:16 -05:00
abb8a32e68
update spec for dynamic meterpreter payloads
2015-03-16 18:08:13 -05:00
2a525958bd
fixed typo
...
Does no one tested this script on x64 yet ?
2015-03-16 20:15:26 +01:00
2ea984423b
while(true)->loop, use thread.join
2015-03-16 14:08:01 -05:00
ac0e23d783
Land #4932 , hardcoded username fix
...
For mssql_escalate_execute_as_sqli.
2015-03-16 01:46:13 -05:00
7e89281485
Adds proxy (with authentication) support to reverse_http(s)
2015-03-16 00:03:31 -05:00
00dbcc12ca
Removed imp_user var from escalate_privs func
2015-03-15 22:02:12 -07:00
5bebabb005
fixed hardcoded username
2015-03-15 19:45:02 -05:00
4d3a1a2f71
fix all duplicated keys in modules
2015-03-14 13:10:42 +01:00
bb81107e51
Land #4927 , @wchen-r7's exploit for Flash PCRE CVE-2015-0318
2015-03-13 23:58:05 -05:00
3bfdfbc987
Small changes
2015-03-13 18:55:11 -05:00
1ead57a80d
Land #4928 , @h0ng10's local exploit for iPass Mobile Client
2015-03-13 16:58:45 -05:00
9894a3dc54
Change module filename
2015-03-13 16:53:17 -05:00
b4de3ce42b
Do minor cleanup
2015-03-13 16:52:26 -05:00
b0e730d5ae
Typo
2015-03-13 20:41:14 +01:00
726f01b8cc
Initial version
2015-03-13 20:33:45 +01:00
182850df30
Stick to Win 7
2015-03-13 12:41:05 -05:00
2b199315d4
Final
2015-03-13 12:30:41 -05:00
b68e05e536
Land #4914 , @hmoore-r7 and @BorjaMerino winhttp stagers
2015-03-13 08:24:11 -05:00
35cfdf051a
Add support for meterpreter_reverse_ipv6_tcp
...
New payload added, makes use of existing functionality.
2015-03-13 20:15:31 +10:00
a32cd2ae9e
Land #4877 , CVE-2015-0240 (Samba) aux module
2015-03-13 00:03:53 -05:00
6011e8b3e1
Land #4918 , Rework how payload prepends work
2015-03-12 18:56:04 -05:00
75b2ef81dc
Land #4890 , @julianvilas's improvements struts_code_exec_classloader
2015-03-12 17:25:00 -05:00
b6146b1499
Use print_warning
2015-03-12 17:22:03 -05:00
e035e6ce51
Land #4899 , @h0ng10's exploit for iPass Open Mobile CVE-2015-0925
2015-03-12 16:42:52 -05:00
7b7ebc20d7
Fix indentation
2015-03-12 16:41:41 -05:00
da47d368e8
Do minor style cleaning
2015-03-12 16:35:48 -05:00
a77078b555
Add X86 target
2015-03-12 16:34:44 -05:00
1b20bc9dca
Land #4919 , @wchen-r7's new reference for ie_uxss_injection
2015-03-12 15:30:37 -05:00
b43893ad71
Lands #4903 , corrects the return value used for the script path
2015-03-12 14:05:22 -05:00
819a49b28a
msftidy again
2015-03-12 19:09:52 +01:00
2eab258a76
msftidy
2015-03-12 19:07:56 +01:00
ccf7314c8f
msftidy
2015-03-12 19:05:21 +01:00
6fcab31997
ncc exploit CVE-2015-1187 - dir626l
2015-03-12 18:55:50 +01:00
220a26c5a4
Land #4907 , CVE-2015-1427, elasticsearch groovy code injection
2015-03-12 11:28:24 -05:00
ac24652196
Land #4911 , CVE-2015-0096 (ms15_020_shortcut_icon_dllloader)
2015-03-12 10:51:56 -05:00
67d05f9354
Add the PR as a reference (how to guide)
2015-03-12 10:51:01 -05:00
0d36115112
Update MS15-018 MSB reference
2015-03-12 10:13:37 -05:00
744b1a680e
Reworks how payload prepends work internally, see #1674
2015-03-12 02:30:06 -05:00
f676dc03c8
Lands #4849 , prevents the target from running out of memory during NTFS reads
2015-03-12 00:01:47 -05:00
68d69177ad
Add smb module for MS15-020
2015-03-11 23:46:50 -05:00
24440b8c38
Lands #4913 , adds OSVDB reference to nvidia module
2015-03-11 23:32:22 -05:00
a9fa2d25aa
Add SMB module for MS10-046
2015-03-11 23:23:56 -05:00
345b5cc8e1
Add stageless meterpreter support
...
This commit adds plumbing which allows for the creation of stageless
meterpreter payloads that include extensions. The included transprots at
this point are bind_tcp, reverse_tcp and reverse_https, all x86.
More coming for x64. Will also validate http soon.
2015-03-12 13:22:04 +10:00
c3f2536ef6
Make the stager clear in the payload descriptions
2015-03-11 21:30:02 -05:00
b105a88b95
Fix https convention
2015-03-11 21:26:31 -05:00
8bae58d631
Updated cache sizes
2015-03-11 21:25:12 -05:00
99494328d2
Update Nvidia module with an OSVDB ref
...
The paper is really good, but could use a more traditional reference.
[See #4884 ]
2015-03-11 19:51:22 -05:00
0e4e264325
Redo description
2015-03-11 18:19:28 -05:00
4e6aca0209
refactor create_exploit_file
2015-03-11 18:13:09 -05:00
5662e5c5a6
Add module for MS15-020
2015-03-11 17:29:02 -05:00
1135e5e073
First take on WinHTTP stagers, untested
2015-03-11 16:27:14 -05:00
7e3b4017f0
Rename and resynced with master, ready for refactoring
2015-03-11 14:36:27 -05:00
ea1bc69e2e
Merge branch 'master' into feature/add-reverse_winhttp-stagers
2015-03-11 14:29:34 -05:00
215c209f88
Land #4901 , CVE-2014-0311, Flash ByteArray Uncompress UAF
2015-03-11 14:04:17 -05:00
43b90610b1
Temp
2015-03-11 13:53:34 -05:00
ceeee4446f
Land #4904 , @hmoore-r7 reworks reverse_http/s stagers
...
They are now assembled dynamically and support more flexible options,
such as long URLs.
2015-03-11 10:41:59 -05:00
2a9d6e64e2
Starting point for CVE-2015-0318
2015-03-11 09:58:41 -05:00
ad39adf9c2
Missing comma
2015-03-11 00:49:07 -05:00
a89926b663
Exclude vncinject from http stagers (depends on sockedi)
2015-03-11 00:46:04 -05:00
8a452a7cba
Do somce cleanup
2015-03-10 17:10:44 -05:00
9ade107325
disable reverse_http methods from upexec and shell payloads
...
These don't work over http and don't appear to have ever, as far back as
I could test. They appear to be an accident perhaps.
2015-03-10 17:08:58 -05:00
4a84693fb0
Support windows
2015-03-10 16:58:33 -05:00
c26bea3429
Fix credits
2015-03-10 16:27:07 -05:00
980c83cb70
Fix metadata
2015-03-10 16:25:02 -05:00
9e17874389
Exploit CVE-2015-1427
2015-03-10 16:17:51 -05:00
db351317a5
Merge with PR branch
2015-03-10 14:08:35 -05:00
0f763c2cb3
First step to reworking the winhttp stagers
2015-03-10 14:07:25 -05:00
991e72a4fa
HTTP stager based on WinHttp
2015-03-10 13:40:16 -05:00
966848127a
Refactor x86 Windows reverse_http and reverse_https stagers
2015-03-10 12:48:30 -05:00
64f769504b
encoding
2015-03-10 17:47:15 +01:00
6657c7d11d
Belkin - CVE-2014-1635
2015-03-10 16:49:51 +01:00
f8f178b1db
Fix script_mvel_rce check
2015-03-10 09:39:02 -05:00
9dc99e4207
Update check
2015-03-10 09:26:22 -05:00
c6cb1e840d
Fixes persistence module by revering changes to the value returned by the write_script_to_target function, which screws up the path that is used for startup. Currently an escaped path "C://Users//..." is being used instead of using windows standards "C:\Users\...".
2015-03-10 10:26:03 +01:00
97f09b6ab0
Land #4894 : hmoore-r7 cache payload sizes on start
...
Avoid the hit of regenerating all of the static-size payloads when
loading the framework. This will facilitate conversion of payloads to
use metasm later.
2015-03-09 23:06:55 -05:00
fc4b312879
Add template
2015-03-09 23:04:32 -05:00
fe822f8d33
Modify automatic file cleanup
2015-03-10 00:45:20 +01:00
0ef303cb6c
Fix Java payload
2015-03-10 00:01:27 +01:00
618fbf075a
Update CachedSize for the fixed stager
2015-03-09 16:57:14 -05:00
746f18d9bb
Fallback to a localhost variant to make the length predictable
2015-03-09 16:56:25 -05:00
78167c3bb8
Use single quotes when possible
2015-03-09 16:55:21 -05:00
6543c3c36f
Update CachedSize for the fixed stager
2015-03-09 16:54:57 -05:00
c676ac1499
Fallback to a localhost variant to make the length predictable
2015-03-09 16:53:28 -05:00
cb72b26874
Add module for CVE-2014-0311
2015-03-09 16:52:23 -05:00
d0324e8ad3
Final cleanup, passing specs
2015-03-09 15:50:57 -05:00
da81f6b2a0
Correct the :dynamic cache sizes
2015-03-09 15:44:14 -05:00
02509d02e4
The result of running ./tools/update_payload_cached_sizes.rb
2015-03-09 15:31:04 -05:00
bba4223d68
Initial commit
2015-03-09 16:36:11 +01:00
df80d56fda
Land #4898 , prefer URI to open-uri
2015-03-09 09:14:10 -05:00
3075c56064
Fix "response HTML" message
...
In modules/exploits/multi/browser/firefox_xpi_bootstrapped_addon.rb.
2015-03-07 17:08:08 -06:00
2eb0011a99
Autotrigger JSP shell at docBase
2015-03-07 20:41:08 +01:00
3be2bde5a2
Use bypass for bulletin S2-020
2015-03-07 19:14:20 +01:00
d7295959ca
Remove open-uri usage in msf.
2015-03-05 23:45:28 -06:00
OJ
h00die
Meatballs
Brandon Perry
root
William Vu
jvazquez-r7
sinn3r
C-P
Roberto Soares
Brent Cook
m-1-k-3
Spencer McIntyre
rastating
Christian Mehlmauer
Tod Beardsley
andygoblins
aushack
Adam Ziaja
joev
HD Moore
rwhitcroft
Hans-Martin Münch (h0ng10)
jakxx
James Lee
jstnkndy
Felix Wehnert
Scott Sutherland
Sven Vetsch
scriptjunkie
Borja Merino
Sigurd Jervelund Hansen
Julian Vilas