ad2ec497c2
Land #2773 - Fix ms_ndproxy to work under a sandboxed Reader
2013-12-16 20:32:27 -06:00
52cb43e6a8
Fix typo
2013-12-16 20:28:49 -06:00
84759a552a
Save one variable
2013-12-16 16:49:44 -06:00
042bd4f80b
Fix ms_ndproxy to work under a sandboxed Reader
2013-12-16 16:19:17 -06:00
f88a3a55b6
More slight updates.
2013-12-16 15:05:39 -06:00
afcee93309
Land #2771 - Fix description
2013-12-16 15:01:32 -06:00
04b7e8b174
Fix module title and add vendor patch information
2013-12-16 14:59:00 -06:00
040619c373
Minor description changes
...
No code changes (one comment made on play_youtube to suggest xdg-open
rather than firefox for linux targets).
2013-12-16 14:57:33 -06:00
533accaa87
Add module for CVE-2013-3346
2013-12-16 14:13:47 -06:00
3dec7f61a5
Check in sysnative if wow64
2013-12-15 01:12:52 +00:00
2dc4faad72
Resplat license
2013-12-15 01:12:51 +00:00
8203274256
Small fixes
...
Remove " from service command if it is quoted.
Spawn SYSWOW64 notepad.
2013-12-15 01:12:51 +00:00
f2e2147065
Change unless with else to if with else
2013-12-15 01:12:50 +00:00
cff7008500
Fix final issues with merge
...
Hopefully this will be the last of the changes.
2013-12-15 01:12:50 +00:00
41c538856a
Re-add RDI mixin changes
2013-12-15 01:12:49 +00:00
db29af0f97
First batch of submodule refactorings
2013-12-15 01:12:48 +00:00
6916f7c5d2
Fixup description
2013-12-15 01:12:47 +00:00
3d1646d18e
Exit process when complete
2013-12-15 01:12:47 +00:00
dd32c2b0b8
Spawn 32bit process
2013-12-15 01:12:46 +00:00
819ba30a33
msftidy
...
Conflicts:
lib/msf/core/post/windows/services.rb
2013-12-15 01:12:46 +00:00
5eca4714c2
Renamed module
2013-12-15 01:12:46 +00:00
a930056d7f
Added service status checks to Post::Windows::Services
...
Added QueryServiceStatus to Railgun Advapi32 Definitions
Added Checks to module
Conflicts:
lib/msf/core/post/windows/services.rb
lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb
2013-12-15 01:12:45 +00:00
c6623b380a
Initial commit
2013-12-15 01:12:45 +00:00
ba1a70b72e
Update Microsoft patch information
2013-12-13 15:59:15 -06:00
5c1ca97e21
Create a new process to host the final payload
2013-12-12 08:26:44 -06:00
eb4e3f8a32
Fix os detection
2013-12-12 07:39:19 -06:00
8b518776bc
Dont fail_with on check
2013-12-11 22:08:36 -06:00
02915c751c
Favor unless over if not and add reference
2013-12-11 16:28:09 -06:00
b6fa3f28b1
Modify description
2013-12-11 08:56:31 -06:00
c4721de4a0
Add module for CVE-2013-5065
2013-12-11 08:52:35 -06:00
3a9ac303f0
Use rexml for XML data generation
2013-12-10 15:37:44 -06:00
230fcd87a5
Add module for zdi-13-259
2013-12-10 08:45:08 -06:00
6f02744d46
Land #2730 Typo in mswin_tiff_overflow
2013-12-06 12:32:37 +00:00
3aebe968bb
Land #2721 Reflective DLL Mixin
...
Adds support to load a dll and identify the ReflectiveLoader offset.
Adds support to inject dll into process and execute it.
Updates kitrap0d, ppr_flatten_rec, reflective_dll_inject modules and
payload modules to use above features.
2013-12-06 12:26:51 +00:00
89ef1d4720
Fix a typo in mswin_tiff_overflow
2013-12-06 00:44:12 -06:00
2cb991cace
Shuffle RDI stuff into more appropriate structure
...
Now broken into two modules, one for loading RDI DLLs off disk and
finding the loader function offset, and another for doing the process
specific stuff of loading into the target.
2013-12-06 08:25:24 +10:00
b936831125
Renamed the mixin module
2013-12-05 08:13:54 +10:00
7e8db8662e
Update name of the mixin
...
Changed `RdiMixin` to `ReflectiveDLLInjection`.
2013-12-04 22:18:29 +10:00
f79af4c30e
Add RDI mixin module
...
MSF was starting to see more modules using RDI to load binaries into
remote processes, so it made sense to create a mixin which contained
the functionality that was being used in various locations.
This commit contains the new mixin, and adjustments to all the existing
exploits and modules which use RDI.
2013-12-04 16:09:41 +10:00
230db6451b
Remove @peer for modules that use HttpClient
...
The HttpClient mixin has a peer() method, therefore these modules
should not have to make their own. Also new module writers won't
repeat the same old code again.
2013-12-03 12:58:16 -06:00
ddbd5858e0
Land #2701 - Refactor of `ppr_flatten_rec`
...
Also [SeeRM #8140 ]
2013-12-03 10:51:58 -06:00
2d77ed58d5
Land #2648 , @pnegry's exploit for Kaseya File Upload
2013-12-03 09:35:05 -06:00
2606a6ff0e
Do minor clean up for kaseya_uploadimage_file_upload
2013-12-03 09:34:25 -06:00
21bb8fd25a
Update based on jvazquez's suggestions.
2013-12-03 13:49:31 +13:00
55847ce074
Fixup for release
...
Notably, adds a description for the module landed in #2709 .
2013-12-02 16:19:05 -06:00
8817c0eee0
Change description a bit
...
Try to make this sound smoother
2013-11-28 12:19:42 -06:00
807e2dfd31
Fix title
2013-11-28 10:53:12 -06:00
7dee4ffd4d
Add module for ZDI-13-270
2013-11-28 10:47:04 -06:00
d1e4975f76
Use res.get_cookies instead of homebrew parse. Use _cgi
2013-11-28 16:35:36 +13:00
0b879d8f39
Comments for WfsDelay, adjustment to injection
...
I had inteded to add the `WfsDelay` as Meatballs suggested, but for locl
exploits this doesn't appear to work as expected. After speaking to HDM
we've decided to leave the sleep in there and figure out the `WsfDelay`
thing later.
This also includes a slight refactor which puts the payload and the
exploit in the same chunk of allocated memory. Minor optimisation, but
worth it.
2013-11-28 08:42:16 +10:00
sinn3r
jvazquez-r7
Tod Beardsley
Meatballs
OJ
Thomas Hibbert