21661b168b
Add cfme_manageiq_evm_upload_exec.rb
...
This module exploits a path traversal vulnerability in the "linuxpkgs"
action of "agent" controller of the Red Hat CloudForms Management Engine
5.1 (ManageIQ Enterprise Virtualization Manager 5.0 and earlier).
2013-12-09 16:18:12 -02:00
c59b8fd7bc
Land #2741 , @russell TCP support for nfsmount
2013-12-09 09:46:34 -06:00
291a52712e
Allow the NFS protocol to be specified in the mount scanner
2013-12-09 21:26:29 +11:00
1e30cd55f7
Land #2740 - Real regex for MATCH and EXCLUDE
2013-12-09 03:05:08 -06:00
9c5991980a
Land #2733 - Disable meterpreter support because they're not stable
2013-12-09 02:50:36 -06:00
2f6a77861a
Land #2731 - vBulletin nodeid SQL injection (exploit)
2013-12-09 02:22:07 -06:00
feca3efafb
Land #2728 - vBulletin Password Collector via nodeid SQL Injection
2013-12-09 02:12:42 -06:00
92412279ae
Account for failed cred gathering attempts
...
Sometimes the SQL error doesn't contain the info we need.
2013-12-09 02:11:46 -06:00
cd66cca8a1
Make browser autopwn datastore use OptRegexp.
2013-12-08 17:46:33 -06:00
45a0ac9e68
Land #2602 , Windows Extended API
...
Retrieve clipboard data
Retrieve window handles
Retrieve service information
2013-12-08 19:01:35 +00:00
e5a92a18a5
and expand path
2013-12-08 19:01:03 +00:00
3c67f1c6a9
Fix file download
2013-12-08 18:57:10 +00:00
0c5d748fca
Merge pull request #1103 from scriptjunkie/dllinjectfix
...
Support silent shellcode injection into DLLs
2013-12-07 19:47:34 -08:00
f4636c46a6
Removing unused endjunk, sections_end, cert_entry
2013-12-07 20:55:51 -06:00
77e9996501
Mitigate metasm relocation error by disabling ASLR
...
Deal with import error by actually using the GetProcAddress code.
2013-12-07 20:54:13 -06:00
8d33138489
Support silent shellcode injection into DLLs
...
Only run code on DLL_PROCESS_ATTACH, preventing infinite loop otherwise:
Added code would create thread -> calls DLL entry point -> calling added code...
2013-12-07 19:44:17 -06:00
c6eac67ab5
Kill meterpreter support for osx media modules.
...
There is some bug that I haven't been able to track down that causes the
osx call to run the event queue to just hang on latest OSX + Java/python
meterpreter. I tried rewriting these modules using OSX's new Media API,
but I run into the same problem. Until I find a solution, we should mark
these shell-only.
2013-12-07 17:46:26 -06:00
c51e9036ae
Merge branch 'land_mipsbe_xor_encoder' into upstream-master
2013-12-07 17:28:57 -06:00
75fb38fe8d
Land #2724 , @wchen-r7 and @jvennix-r7's module for CVE-2013-6414
2013-12-07 14:26:46 -06:00
fdebfe3d2f
Add references
2013-12-07 14:25:58 -06:00
f77784cd0d
Land #2723 , @denandz's module for OSVDB-100423
2013-12-06 17:32:07 -06:00
3ed293a1d0
Merge pull request #1 from jvazquez-r7/review_2723
...
Review uptime_file_upload
2013-12-06 15:29:15 -08:00
3729c53690
Move uptime_file_upload to the correct location
2013-12-06 15:57:52 -06:00
2ff9c31747
Do minor clean up on uptime_file_upload
2013-12-06 15:57:22 -06:00
adc241faf8
Last one, I say
2013-12-06 15:52:42 -06:00
17193e06a9
Last commit, I swear
2013-12-06 15:49:44 -06:00
58a70779ac
Final update
2013-12-06 15:48:59 -06:00
9f5768ae37
Another update
2013-12-06 14:53:35 -06:00
af16f11784
Another update
2013-12-06 14:39:26 -06:00
d47292ba10
Add module for CVE-2013-3522
2013-12-06 13:50:12 -06:00
87e77b358e
Use the correct URI
2013-12-06 12:08:19 -06:00
5d4acfa274
Plenty of changes
2013-12-06 11:57:02 -06:00
6f02744d46
Land #2730 Typo in mswin_tiff_overflow
2013-12-06 12:32:37 +00:00
3aebe968bb
Land #2721 Reflective DLL Mixin
...
Adds support to load a dll and identify the ReflectiveLoader offset.
Adds support to inject dll into process and execute it.
Updates kitrap0d, ppr_flatten_rec, reflective_dll_inject modules and
payload modules to use above features.
2013-12-06 12:26:51 +00:00
d0adc193b3
Land #2729 - Allow manual self-destruct via "kill -s"
2013-12-06 01:29:48 -06:00
89ef1d4720
Fix a typo in mswin_tiff_overflow
2013-12-06 00:44:12 -06:00
e90b7641ca
Allow self-destruct via "kill -s"
...
HTTP(s) payloads don't exit cleanly at the moment. This is an issue that's
being addressed through other work. However, there's a need to be able to
terminate the current HTTP(s) session forcably.
This commit add a -s option to kill, which (when specified) will kill
the current session.
2013-12-06 14:56:19 +10:00
bea0f8c18e
Change client to session in tests
2013-12-06 13:43:47 +10:00
4ca48308c1
Fix downloading of files
2013-12-06 13:40:20 +10:00
3d327363af
uptime_file_upload code tidy-ups
2013-12-06 13:45:22 +13:00
155836ddf9
Adjusted style as per egypt's points
2013-12-06 10:08:38 +10:00
c07686988c
random uri
2013-12-05 18:07:24 -06:00
73d3ea699f
Remove the last redundant error check
2013-12-06 09:32:21 +10:00
ccbf305de1
Remove exception stuff from the payloads
2013-12-06 09:26:46 +10:00
e4c6413643
Land #2718 , @wchen-r7's deletion of @peer on HttpClient modules
2013-12-05 17:25:59 -06:00
5a0a2217dc
Add exception if DLL isn't RDI enabled
2013-12-06 09:18:08 +10:00
f2f8c08c8e
Use blank? method
2013-12-05 16:36:44 -06:00
2cb991cace
Shuffle RDI stuff into more appropriate structure
...
Now broken into two modules, one for loading RDI DLLs off disk and
finding the loader function offset, and another for doing the process
specific stuff of loading into the target.
2013-12-06 08:25:24 +10:00
a380d9b4f2
Add aux module for CVE-2013-3522
2013-12-05 15:58:05 -06:00
fb84d7e7fe
Update to yardoc conventions
2013-12-06 07:54:25 +10:00
Ramon de C Valle
jvazquez-r7
Russell Sim
sinn3r
Joe Vennix
Meatballs
dmaloney-r7
scriptjunkie
DoI
OJ
DoI