Commit Graph

21805 Commits (25b1ec5b754131515b9b523d8d88b8c72cc4a123)

Author SHA1 Message Date
James Lee 25b1ec5b75
Land #2689, getenv 2013-11-26 23:33:25 -06:00
OJ 72813c1f3e
Merge branch 'egypt/feature/getenv-php' into getenv_cmd 2013-11-27 15:22:15 +10:00
James Lee a3337e5de5
Add PHP side for meterpreter getenv 2013-11-26 23:16:28 -06:00
OJ a0f703ee44 Add getenv support to python meterpreter
This change adds support for `getenv` to python meterpreter. Nothing too
complex going on here. I tidied up the definitions of the TLVs as well
so that they look nice.
2013-11-27 11:19:26 +10:00
William Vu ee201a82cd
Land #2673, -x and -s for uploadexec meterp script 2013-11-26 16:26:38 -06:00
OJ 5fc9706268 Use Rex.sleep instead of sleep 2013-11-27 07:51:11 +10:00
William Vu be86a29048
Land #2694, indentation fixes for Gemfile 2013-11-26 13:47:00 -06:00
sinn3r a914fbc400
Land #2693 - case sensitive 2013-11-26 11:16:57 -06:00
Tod Beardsley 671c0d9473
Fix nokogiri typo
[SeeRM #8730]
2013-11-26 10:54:31 -06:00
James Lee a2743e4493
Land #2692, fix title for ms13_022 2013-11-26 10:51:00 -06:00
Tab Assassin c7d4cd9be2
Fix indendation on Gemfile 2013-11-26 10:48:50 -06:00
jvazquez-r7 253719d70c Fix title 2013-11-26 08:11:29 -06:00
sinn3r f1c5ab95bf
Land #2690 - typo 2013-11-25 23:53:34 -06:00
William Vu 70139d05ea Fix missed title 2013-11-25 22:46:35 -06:00
jvazquez-r7 6cb63cdad6
Land #2679, @wchen-r7's exploit for cve-2013-3906 2013-11-25 22:04:26 -06:00
jvazquez-r7 0079413e81 Full revert the change 2013-11-25 22:04:02 -06:00
sinn3r fa97c9fa7c Revert this change 2013-11-25 20:54:39 -06:00
sinn3r 3247106626 Heap spray adjustment by @jvazquez-r7 2013-11-25 20:50:53 -06:00
jvazquez-r7 4c249bb6e9 Fix heap spray 2013-11-25 20:06:42 -06:00
OJ 1a65566005 Add the getenv command which pulls env vars from the victim
This command will allow the attacker to grab environment variables from the
target, if they exist. Calling this function allows for one or more values
to be passed in, which should match the name of the variable required. If
the variable is found, it is returned. If it is not found, the variable
is not returned (ie. it's not present in the resulting hash).

Note 1: POSIX environment vars are case-senstive, whereas Windows is not.
Note 2: POSIX doesn't seem to cough up user environment vars, it only returns
system vars. I'm not sure why this is, but it could be because of the way
we do linking on POSIX.
2013-11-26 10:05:50 +10:00
sinn3r 385381cde2 Change target address
This one tends to work better with our boxes
2013-11-25 17:21:39 -06:00
jvazquez-r7 a7e6a79b15
Land #2685, @wchen-r7's update for the word injector description 2013-11-25 15:47:57 -06:00
William Vu c7c97c9543
Land #2688, TaskManager spec timeout increase 2013-11-25 15:42:43 -06:00
jvazquez-r7 92807d0399
Land #2676, @todb-r7 module for CVE-2013-4164 2013-11-25 15:40:33 -06:00
sinn3r 57f4f68559
Land #2652 - Apache Roller OGNL Injection 2013-11-25 15:14:35 -06:00
sinn3r 8005826160
Land #2644 - MS13-090 CardSpaceClaimCollection vuln 2013-11-25 13:06:09 -06:00
sinn3r 4773270ff0
Land #2677 - MS12-022 COALineDashStyleArray vuln 2013-11-25 12:58:45 -06:00
Tod Beardsley 23448b58e7
Remove timeout checkers that are rescued anyway 2013-11-25 12:37:23 -06:00
Tod Beardsley f311b0cd1e
Add user-controlled verbs.
GET, HEAD, POST, and PROPFIND were tested on WebRick, all successful.
2013-11-25 12:29:05 -06:00
Tod Beardsley 764fd09cc3
Increase duration timeout task manager
Sometimes, Jenkins or Travis is slow, and can't hit that 1 second
timeout. This increases to 5 seconds to account for local slowness.
2013-11-25 10:26:51 -06:00
jvazquez-r7 cc60ca2e2a
Fix module title 2013-11-25 09:33:43 -06:00
jvazquez-r7 cc261d2c25
Land #2670, @juushya's aux brute forcer mod for OpenMind 2013-11-25 09:29:41 -06:00
sinn3r 48578c3bc0 Update description about suitable targets
The same technique work for Microsoft Office 2013 as well. Tested.
2013-11-24 23:02:37 -06:00
jvazquez-r7 49441875f3
Land #2683, @wchen-r7's module name consistency fix 2013-11-24 16:51:22 -06:00
Meatballs b015dd4f1c
Land #2532 Enum LSA Secrets
With refactoring of common methods from smart_hashdump, hashdump,
cachedump to Windows::Post::Privs
2013-11-24 18:09:33 +00:00
sinn3r ce8b63f240 Update module name to stay consistent
This module is under the windows/gather, so must be named the same
way like the rest.
2013-11-24 01:01:29 -06:00
sinn3r fc14a6c149
Land #2576 - NETGEAR ReadyNAS Perl Code Evaluation Vulnerability 2013-11-24 00:47:14 -06:00
jvazquez-r7 31b4e72196 Switch to soft tabs the cs code 2013-11-23 23:06:52 -06:00
sinn3r 9987ec0883 Hmm, change ranking 2013-11-23 00:51:58 -06:00
sinn3r 6ccc3e3c48 Make payload execution more stable 2013-11-23 00:47:45 -06:00
William Vu 8e23119e17
Land #2678, DB_ALL_CREDS should default to false 2013-11-22 23:42:00 -06:00
sinn3r d748fd4003 Final commit 2013-11-22 23:35:26 -06:00
Tod Beardsley 8fc0a8199e DB_ALL_CREDS should be disabled by default
[SeeRM #8699]
2013-11-22 22:16:40 -06:00
sinn3r f871452b97 Slightly change the description
Because it isn't that slow
2013-11-22 19:27:00 -06:00
sinn3r eddedd4746 Working version 2013-11-22 19:14:56 -06:00
jvazquez-r7 9f539bafae Add README on the source code dir 2013-11-22 17:56:05 -06:00
jvazquez-r7 7e4487b93b Update description 2013-11-22 17:37:23 -06:00
jvazquez-r7 25eb13cb3c Small fix to interface 2013-11-22 17:02:08 -06:00
sinn3r c8fd761c53 Progress 2013-11-22 16:57:29 -06:00
jvazquez-r7 288a1080db Add MS13-022 Silverlight app code 2013-11-22 16:53:06 -06:00