Mekanismen
67415808da
added exploit module for CVE-2013-0632
2013-12-09 15:18:34 +01:00
Russell Sim
291a52712e
Allow the NFS protocol to be specified in the mount scanner
2013-12-09 21:26:29 +11:00
sinn3r
1e30cd55f7
Land #2740 - Real regex for MATCH and EXCLUDE
2013-12-09 03:05:08 -06:00
sinn3r
9c5991980a
Land #2733 - Disable meterpreter support because they're not stable
2013-12-09 02:50:36 -06:00
sinn3r
2f6a77861a
Land #2731 - vBulletin nodeid SQL injection (exploit)
2013-12-09 02:22:07 -06:00
sinn3r
feca3efafb
Land #2728 - vBulletin Password Collector via nodeid SQL Injection
2013-12-09 02:12:42 -06:00
sinn3r
92412279ae
Account for failed cred gathering attempts
...
Sometimes the SQL error doesn't contain the info we need.
2013-12-09 02:11:46 -06:00
Joe Vennix
cd66cca8a1
Make browser autopwn datastore use OptRegexp.
2013-12-08 17:46:33 -06:00
Joe Vennix
df76651834
Make sure loot is named correctly.
2013-12-08 14:31:18 -06:00
Joe Vennix
7f3ab14179
Make pipe part of /bin/bash cmd.
2013-12-08 14:27:28 -06:00
Joe Vennix
9b34a8f1ad
Supports 10.3
2013-12-08 14:26:16 -06:00
Joe Vennix
f981a04918
Fix MATCHUSER bug.
...
* Also add spacing and indentation for better readability.
* Refactors grab_shadow_blob method.
2013-12-08 14:21:48 -06:00
Meatballs
45a0ac9e68
Land #2602 , Windows Extended API
...
Retrieve clipboard data
Retrieve window handles
Retrieve service information
2013-12-08 19:01:35 +00:00
Meatballs
e5a92a18a5
and expand path
2013-12-08 19:01:03 +00:00
Meatballs
3c67f1c6a9
Fix file download
2013-12-08 18:57:10 +00:00
Joe Vennix
eacab1b2ad
Fix description, kill dead constant.
2013-12-07 22:28:16 -06:00
Joe Vennix
969f45fd32
Refactor OSX hashdump post module.
...
* Adds support for MATCHUSER regex option
* Adds support for OSX 10.8 and 10.9 hashes (PBKDF2)
* DRYs up a bunch of older code, adds lots of helper fns
* Ends up shaving off ~20 lines
2013-12-07 22:22:23 -06:00
dmaloney-r7
0c5d748fca
Merge pull request #1103 from scriptjunkie/dllinjectfix
...
Support silent shellcode injection into DLLs
2013-12-07 19:47:34 -08:00
scriptjunkie
f4636c46a6
Removing unused endjunk, sections_end, cert_entry
2013-12-07 20:55:51 -06:00
scriptjunkie
77e9996501
Mitigate metasm relocation error by disabling ASLR
...
Deal with import error by actually using the GetProcAddress code.
2013-12-07 20:54:13 -06:00
scriptjunkie
8d33138489
Support silent shellcode injection into DLLs
...
Only run code on DLL_PROCESS_ATTACH, preventing infinite loop otherwise:
Added code would create thread -> calls DLL entry point -> calling added code...
2013-12-07 19:44:17 -06:00
Joe Vennix
c6eac67ab5
Kill meterpreter support for osx media modules.
...
There is some bug that I haven't been able to track down that causes the
osx call to run the event queue to just hang on latest OSX + Java/python
meterpreter. I tried rewriting these modules using OSX's new Media API,
but I run into the same problem. Until I find a solution, we should mark
these shell-only.
2013-12-07 17:46:26 -06:00
joev
c51e9036ae
Merge branch 'land_mipsbe_xor_encoder' into upstream-master
2013-12-07 17:28:57 -06:00
jvazquez-r7
75fb38fe8d
Land #2724 , @wchen-r7 and @jvennix-r7's module for CVE-2013-6414
2013-12-07 14:26:46 -06:00
jvazquez-r7
fdebfe3d2f
Add references
2013-12-07 14:25:58 -06:00
jvazquez-r7
f77784cd0d
Land #2723 , @denandz's module for OSVDB-100423
2013-12-06 17:32:07 -06:00
DoI
3ed293a1d0
Merge pull request #1 from jvazquez-r7/review_2723
...
Review uptime_file_upload
2013-12-06 15:29:15 -08:00
jvazquez-r7
3729c53690
Move uptime_file_upload to the correct location
2013-12-06 15:57:52 -06:00
jvazquez-r7
2ff9c31747
Do minor clean up on uptime_file_upload
2013-12-06 15:57:22 -06:00
sinn3r
adc241faf8
Last one, I say
2013-12-06 15:52:42 -06:00
sinn3r
17193e06a9
Last commit, I swear
2013-12-06 15:49:44 -06:00
sinn3r
58a70779ac
Final update
2013-12-06 15:48:59 -06:00
sinn3r
9f5768ae37
Another update
2013-12-06 14:53:35 -06:00
sinn3r
af16f11784
Another update
2013-12-06 14:39:26 -06:00
jvazquez-r7
d47292ba10
Add module for CVE-2013-3522
2013-12-06 13:50:12 -06:00
sinn3r
87e77b358e
Use the correct URI
2013-12-06 12:08:19 -06:00
sinn3r
5d4acfa274
Plenty of changes
2013-12-06 11:57:02 -06:00
bmerinofe
5e5fd6b01a
Unless replaced
2013-12-06 15:01:35 +01:00
Meatballs
6f02744d46
Land #2730 Typo in mswin_tiff_overflow
2013-12-06 12:32:37 +00:00
Meatballs
3aebe968bb
Land #2721 Reflective DLL Mixin
...
Adds support to load a dll and identify the ReflectiveLoader offset.
Adds support to inject dll into process and execute it.
Updates kitrap0d, ppr_flatten_rec, reflective_dll_inject modules and
payload modules to use above features.
2013-12-06 12:26:51 +00:00
sinn3r
d0adc193b3
Land #2729 - Allow manual self-destruct via "kill -s"
2013-12-06 01:29:48 -06:00
sinn3r
89ef1d4720
Fix a typo in mswin_tiff_overflow
2013-12-06 00:44:12 -06:00
OJ
e90b7641ca
Allow self-destruct via "kill -s"
...
HTTP(s) payloads don't exit cleanly at the moment. This is an issue that's
being addressed through other work. However, there's a need to be able to
terminate the current HTTP(s) session forcably.
This commit add a -s option to kill, which (when specified) will kill
the current session.
2013-12-06 14:56:19 +10:00
OJ
bea0f8c18e
Change client to session in tests
2013-12-06 13:43:47 +10:00
OJ
4ca48308c1
Fix downloading of files
2013-12-06 13:40:20 +10:00
DoI
3d327363af
uptime_file_upload code tidy-ups
2013-12-06 13:45:22 +13:00
OJ
155836ddf9
Adjusted style as per egypt's points
2013-12-06 10:08:38 +10:00
sinn3r
c07686988c
random uri
2013-12-05 18:07:24 -06:00
OJ
73d3ea699f
Remove the last redundant error check
2013-12-06 09:32:21 +10:00
OJ
ccbf305de1
Remove exception stuff from the payloads
2013-12-06 09:26:46 +10:00