Commit Graph

1440 Commits (2e2142d345a4800e4ef36c3e32cbfaf13fbbbb3f)

Author SHA1 Message Date
Joshua Drake a996668cfa added payload notes
git-svn-id: file:///home/svn/framework3/trunk@8511 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-16 00:27:45 +00:00
Joshua Drake 82369aa9e8 add exploit module for cve-2007-2447
git-svn-id: file:///home/svn/framework3/trunk@8510 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-16 00:26:41 +00:00
Joshua Drake 8c59c9cfdc fix typos
git-svn-id: file:///home/svn/framework3/trunk@8508 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-15 22:42:16 +00:00
Joshua Drake b1ef6075c0 add exploit module for cve-2007-5208
git-svn-id: file:///home/svn/framework3/trunk@8507 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-15 22:38:50 +00:00
HD Moore 1857268af8 Uber-fast-get-me-a-php-shell mode :)
git-svn-id: file:///home/svn/framework3/trunk@8505 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-15 17:59:54 +00:00
HD Moore 32357b1f64 Skip the debugging target for automatic mode
git-svn-id: file:///home/svn/framework3/trunk@8499 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-15 01:02:12 +00:00
HD Moore 5d7139ad6f Various module cleanups
git-svn-id: file:///home/svn/framework3/trunk@8498 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-15 00:48:03 +00:00
Patrick Webster f9ae031055 Added piranha_passwd_exec exploit module.
git-svn-id: file:///home/svn/framework3/trunk@8497 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-14 20:27:24 +00:00
Patrick Webster ee4fd8c75d Ported sambar6_search_results from v2.
git-svn-id: file:///home/svn/framework3/trunk@8480 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-13 20:15:19 +00:00
HD Moore 7aa7995da9 Autodetect and exploit 2003 SP0
git-svn-id: file:///home/svn/framework3/trunk@8479 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-13 20:04:24 +00:00
Patrick Webster 01cbe85468 Fixed OSVDB refs and added CA Server module.
git-svn-id: file:///home/svn/framework3/trunk@8478 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-13 16:16:13 +00:00
Patrick Webster c8da073f80 Ported calicclnt_getconfig exploit module from msf2.
git-svn-id: file:///home/svn/framework3/trunk@8476 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-13 15:38:06 +00:00
Joshua Drake 1896c82e39 add exploit module for cve-2009-2484
git-svn-id: file:///home/svn/framework3/trunk@8475 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-13 06:58:27 +00:00
Joshua Drake 8c28d583aa bump ranking up a notch
git-svn-id: file:///home/svn/framework3/trunk@8474 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-13 06:57:58 +00:00
Joshua Drake d561b8e8ec add references, update description
git-svn-id: file:///home/svn/framework3/trunk@8471 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-12 21:09:09 +00:00
Joshua Drake f3c6b01bbd add first exploit module using Rex::OLE (cve-2009-3129)
git-svn-id: file:///home/svn/framework3/trunk@8470 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-12 20:52:41 +00:00
Patrick Webster 3fd3d44ad6 Added barcode_ax49.rb exploit module.
git-svn-id: file:///home/svn/framework3/trunk@8466 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-12 18:06:49 +00:00
HD Moore 3fe41a0d94 Fix a small typo
git-svn-id: file:///home/svn/framework3/trunk@8463 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-12 14:44:23 +00:00
natron 9729b22972 Loopty version of the wireshark exploit. This will continually blast packets as a background job.
git-svn-id: file:///home/svn/framework3/trunk@8460 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-12 01:58:33 +00:00
Joshua Drake 6e80c7a62c use Rex::Arch::pack_addr
git-svn-id: file:///home/svn/framework3/trunk@8454 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-11 09:03:48 +00:00
Joshua Drake 0f942df9cd whitespace changes
git-svn-id: file:///home/svn/framework3/trunk@8451 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-11 06:00:12 +00:00
Joshua Drake f82c53db2a move 70k binary to data/exploits instead of hex encoded in the exploit
git-svn-id: file:///home/svn/framework3/trunk@8446 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-10 23:17:19 +00:00
James Lee eb6ce38e0c old zero-day shows its age
git-svn-id: file:///home/svn/framework3/trunk@8445 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-10 20:41:07 +00:00
Joshua Drake d96a6a1f8f add exploit module for cve-2009-2261 - first consumer of zip library!
git-svn-id: file:///home/svn/framework3/trunk@8440 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-10 17:28:25 +00:00
Joshua Drake 48a159006a Regenerate the payload with the specified AIX level, cleanups
git-svn-id: file:///home/svn/framework3/trunk@8427 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-09 04:15:47 +00:00
Joshua Drake e7f7ac20ea extended brute range, minor cleanups
git-svn-id: file:///home/svn/framework3/trunk@8426 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-09 04:15:15 +00:00
HD Moore af978cbbdc Regenerate the payload with the specified AIX level
git-svn-id: file:///home/svn/framework3/trunk@8424 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-09 03:59:20 +00:00
Joshua Drake 7bf3de2a3d randomize filler
git-svn-id: file:///home/svn/framework3/trunk@8422 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-09 00:43:56 +00:00
Joshua Drake 40579ce936 it works! don't forget to "set AIX <version>"
git-svn-id: file:///home/svn/framework3/trunk@8421 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-09 00:41:49 +00:00
HD Moore ba34abc232 Fix unpack("H*") vs unpack("H*")[0]
git-svn-id: file:///home/svn/framework3/trunk@8416 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 21:37:07 +00:00
HD Moore c6c1cda153 Try to delete the file (doesn't always work)
git-svn-id: file:///home/svn/framework3/trunk@8413 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 19:12:59 +00:00
HD Moore bc62eaf99b Adds a module to exploit insecure IIS configurations (PUT)
git-svn-id: file:///home/svn/framework3/trunk@8412 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 19:04:19 +00:00
Steve Tornio f3ad1c0a15 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@8410 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 18:53:21 +00:00
Joshua Drake f04ae6f20d minor cleanups -- getting closer
git-svn-id: file:///home/svn/framework3/trunk@8402 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 01:03:46 +00:00
HD Moore 7870638481 Expose the SunRPC socket; we need to overhaul the SunRPC code sometime
git-svn-id: file:///home/svn/framework3/trunk@8399 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 00:52:58 +00:00
Joshua Drake 8b63d506f7 initial commit of aix cmsd exploit (not fully working yet)
git-svn-id: file:///home/svn/framework3/trunk@8398 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 00:44:54 +00:00
Joshua Drake 9f174795d4 add exploit module for vermillion ftpd memory corruption
git-svn-id: file:///home/svn/framework3/trunk@8396 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 00:39:48 +00:00
Joshua Drake a772bc2c85 minor cleanups
git-svn-id: file:///home/svn/framework3/trunk@8395 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-07 21:42:12 +00:00
HD Moore bd91871763 Correct credit for the advisory
git-svn-id: file:///home/svn/framework3/trunk@8391 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-06 23:22:28 +00:00
Joshua Drake 875a66553f clean up a couple comments to save future pain
git-svn-id: file:///home/svn/framework3/trunk@8380 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-06 06:53:31 +00:00
Joshua Drake bd3a4760da fixes to adobe_pdf_embedded_exe
optimized the directory search, and cmdline in general
added the Documents (Vista/Win7) to the list of directories to check
fixes #767



git-svn-id: file:///home/svn/framework3/trunk@8379 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-06 06:51:13 +00:00
Joshua Drake 9397c897ba fix spoof support
git-svn-id: file:///home/svn/framework3/trunk@8367 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-04 04:56:18 +00:00
Joshua Drake 9b79ebd000 add a windows target, thx redsand!
also removed some cruft


git-svn-id: file:///home/svn/framework3/trunk@8364 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-03 18:24:42 +00:00
Joshua Drake 7538b93aae add exploit module for cve-2006-6665
git-svn-id: file:///home/svn/framework3/trunk@8361 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-03 06:09:31 +00:00
Joshua Drake a41647a922 add silly jmp esp target for wireshark gui on debian
git-svn-id: file:///home/svn/framework3/trunk@8360 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-03 00:08:28 +00:00
Steve Tornio 2cbd6d152d Add cve and osvdb refs
git-svn-id: file:///home/svn/framework3/trunk@8347 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-02 12:37:07 +00:00
Joshua Drake 98dd073368 add an exploit module for one of the wireshark lwres vulns
git-svn-id: file:///home/svn/framework3/trunk@8346 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-02 06:20:18 +00:00
Joshua Drake 746c4fc263 whitespace change
git-svn-id: file:///home/svn/framework3/trunk@8345 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-02 06:19:34 +00:00
Joshua Drake fde3fbb2e3 add exploit module for cve-2009-1569
git-svn-id: file:///home/svn/framework3/trunk@8339 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-01 03:56:02 +00:00
Joshua Drake c073cd707a removed unecessary parameter, commented target
git-svn-id: file:///home/svn/framework3/trunk@8338 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-01 03:33:38 +00:00
Joshua Drake 2783c5884e add exploit module for cve-2009-1568
git-svn-id: file:///home/svn/framework3/trunk@8336 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-01 02:40:47 +00:00
natron 3ecabe1be9 Adds static signed jar and user messages letting them know.
git-svn-id: file:///home/svn/framework3/trunk@8328 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-29 19:47:40 +00:00
Joshua Drake 4863faf0a7 add reference to cve-2000-1209 (sa blank password)
git-svn-id: file:///home/svn/framework3/trunk@8324 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-29 16:37:06 +00:00
Joshua Drake c514c2274b typo, fixes #786, see also r8315
git-svn-id: file:///home/svn/framework3/trunk@8316 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-29 01:06:06 +00:00
Joshua Drake 53fd14c9c0 updated description, added PATH variable
git-svn-id: file:///home/svn/framework3/trunk@8315 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-29 01:04:23 +00:00
natron 69ad365b46 Added STDERR to pure java payload, cleaned up user's view.
git-svn-id: file:///home/svn/framework3/trunk@8308 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 22:53:36 +00:00
Steve Tornio 70c0cb7530 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@8307 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 21:04:40 +00:00
Steve Tornio a3f4d4f65e add cve and osvdb refs
git-svn-id: file:///home/svn/framework3/trunk@8306 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 21:04:01 +00:00
Joshua Drake c0e556f7ad oops, broke the tree again!
git-svn-id: file:///home/svn/framework3/trunk@8305 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 20:37:44 +00:00
Joshua Drake 4751d83cb8 some cleanups, added some CVE references
git-svn-id: file:///home/svn/framework3/trunk@8304 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 20:15:32 +00:00
Joshua Drake 7789db860d add exploit module for Audiotran .pls file bof
git-svn-id: file:///home/svn/framework3/trunk@8303 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 19:24:41 +00:00
Joshua Drake d9e5de5683 note the CLSID of this control
git-svn-id: file:///home/svn/framework3/trunk@8302 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 19:17:50 +00:00
Joshua Drake 15e13348c0 add exploit module for AOL phobos bug
git-svn-id: file:///home/svn/framework3/trunk@8300 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 18:58:14 +00:00
Joshua Drake 0fbe42395f added automatic target detection
git-svn-id: file:///home/svn/framework3/trunk@8287 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 07:34:47 +00:00
Joshua Drake 008755b025 add exploit module for yassl CertDecoder::GetName vuln
also renames old mysql_yassl exploit to _hello

git-svn-id: file:///home/svn/framework3/trunk@8282 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 23:24:44 +00:00
natron 9891d60dfc Move applet generation up for slight speed improvement and less spamminess to the user.
git-svn-id: file:///home/svn/framework3/trunk@8281 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 23:15:36 +00:00
natron 5e4442a4d4 Fix a bug missed due to caching issues.
git-svn-id: file:///home/svn/framework3/trunk@8276 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 20:58:13 +00:00
natron c135462768 <@jduck> natron: you need some svn keywords magic
git-svn-id: file:///home/svn/framework3/trunk@8274 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 20:20:32 +00:00
natron cd5e5880d2 Initial commit of Msf::Exploit::Java mixin and multi/browser/java_signed_applet exploit.
git-svn-id: file:///home/svn/framework3/trunk@8267 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 19:46:39 +00:00
Joshua Drake 31949c4343 svn keywords fixups
fixed a bunch of $Id$ and $Revision$ typos
added keywords property to files missing it



git-svn-id: file:///home/svn/framework3/trunk@8242 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-26 20:12:13 +00:00
HD Moore 1bdd286936 This bug actually affected 9.2 as well according to adobe, reference updated
git-svn-id: file:///home/svn/framework3/trunk@8222 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-25 14:22:13 +00:00
Joshua Drake 87adb7714f fixed whitespace
git-svn-id: file:///home/svn/framework3/trunk@8219 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-25 04:52:49 +00:00
Joshua Drake 83f47796fe add reference to ms09-032 (the mitigation)
git-svn-id: file:///home/svn/framework3/trunk@8212 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-24 00:05:19 +00:00
Joshua Drake 14862e0106 added another target
git-svn-id: file:///home/svn/framework3/trunk@8204 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-22 21:43:40 +00:00
Joshua Drake 6fd20d411f add exploit module for cve-2009-4179
git-svn-id: file:///home/svn/framework3/trunk@8192 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-22 05:52:53 +00:00
Joshua Drake 409d44bfad fix another typo
git-svn-id: file:///home/svn/framework3/trunk@8190 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 19:26:04 +00:00
Joshua Drake 9cb3ac9340 fix typo
git-svn-id: file:///home/svn/framework3/trunk@8189 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 19:24:54 +00:00
Joshua Drake ab1a1c58db escape more format specifiers passed to util.printd
prevents mucking with the allocation size (hopefully)
a better solution would be to find a different way to allocate the freed memory..


git-svn-id: file:///home/svn/framework3/trunk@8188 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 18:32:01 +00:00
Joshua Drake a87d4e7eb4 escape randomly generated format specifiers passed to util.printd
prevents mucking with the allocation size (hopefully)


git-svn-id: file:///home/svn/framework3/trunk@8186 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 17:09:46 +00:00
Joshua Drake 2b8a2d56a1 some variable renaming
git-svn-id: file:///home/svn/framework3/trunk@8184 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 04:55:16 +00:00
Joshua Drake 72e1b9bb50 added a couple better error messages
git-svn-id: file:///home/svn/framework3/trunk@8183 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 00:30:08 +00:00
Joshua Drake 97c3159293 fixed version command, check function
git-svn-id: file:///home/svn/framework3/trunk@8182 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 00:15:20 +00:00
Joshua Drake e8048704be add exploit module for cve-2009-1979 (oracle pre-auth bof)
git-svn-id: file:///home/svn/framework3/trunk@8181 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 00:05:18 +00:00
Joshua Drake 310be42bfa try not to repeatedly load static files - see #694
git-svn-id: file:///home/svn/framework3/trunk@8166 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-19 19:12:42 +00:00
Joshua Drake db5097af91 bump ranking up, comment about crash recovery
git-svn-id: file:///home/svn/framework3/trunk@8154 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-19 07:23:22 +00:00
Joshua Drake 477468147b cleanup exceptions, optimize query length, add some entropy
git-svn-id: file:///home/svn/framework3/trunk@8153 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-19 05:09:40 +00:00
Joshua Drake 7c402d1d79 changed a comment
git-svn-id: file:///home/svn/framework3/trunk@8152 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-19 01:56:31 +00:00
Joshua Drake 52b71077d3 major overhaul of ms09-004 (cve-2008-5416) exploit
git-svn-id: file:///home/svn/framework3/trunk@8151 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-19 01:51:48 +00:00
James Lee bbe10b439f let the user know when a client connects
git-svn-id: file:///home/svn/framework3/trunk@8140 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-16 01:00:01 +00:00
HD Moore 69f609bdcd Updated description to make the source of the exploit clear and why it only triggers reliably vs 6 now. Adjusts the heap spray to be slightly bigger
git-svn-id: file:///home/svn/framework3/trunk@8138 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-16 00:55:42 +00:00
Steve Tornio a0326fc842 add CVE and OSVDB refs
git-svn-id: file:///home/svn/framework3/trunk@8137 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-15 22:05:02 +00:00
HD Moore 579a6fe799 Metasploit port of the IE "Aurora" exploit, based on this sample: http://wepawet.iseclab.org/view.php?hash=1aea206aa64ebeabb07237f1e2230d0f&type=js
git-svn-id: file:///home/svn/framework3/trunk@8136 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-15 21:36:04 +00:00
Joshua Drake fba8a1d110 added a German target with 0x0a0a0a0a as the spray addr
git-svn-id: file:///home/svn/framework3/trunk@8125 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-14 22:24:56 +00:00
HD Moore b1f79c6342 Use nohup to prevent the telnet session close from killing the command
git-svn-id: file:///home/svn/framework3/trunk@8082 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-07 00:10:03 +00:00
Joshua Drake 8399ff46b2 oops, left out a var
git-svn-id: file:///home/svn/framework3/trunk@8081 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-06 20:55:41 +00:00
Joshua Drake c51c14bcba fix typos :-/
git-svn-id: file:///home/svn/framework3/trunk@8080 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-06 20:09:34 +00:00
Joshua Drake 97338e6848 add exploit module for cve-2007-2280 (split from other)
git-svn-id: file:///home/svn/framework3/trunk@8079 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-06 20:04:58 +00:00
Joshua Drake 75ff9d327a _2 == cve-2009-3844
git-svn-id: file:///home/svn/framework3/trunk@8078 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-06 20:01:08 +00:00
Joshua Drake 3a9b384554 renamed the moduled
git-svn-id: file:///home/svn/framework3/trunk@8077 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-06 19:29:11 +00:00
Joshua Drake 4a0051d93a lots of updates, preparing to split into two modules
git-svn-id: file:///home/svn/framework3/trunk@8076 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-06 19:28:19 +00:00
Steve Tornio 888b7637c0 Add OSVDB ref, fixed exploit-db refs
git-svn-id: file:///home/svn/framework3/trunk@8071 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-05 11:49:12 +00:00
Joshua Drake 905d391d5e add exploit module for bigant 2.52 usv bug
git-svn-id: file:///home/svn/framework3/trunk@8070 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-05 08:24:35 +00:00
Joshua Drake efb3dbb2af minor tweaks
git-svn-id: file:///home/svn/framework3/trunk@8069 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-05 00:35:46 +00:00
Joshua Drake 789d875d24 record addr for stack hijacking
git-svn-id: file:///home/svn/framework3/trunk@8068 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-05 00:02:15 +00:00
Joshua Drake 9a9c92d785 added description, sql2ksp3 target, minor reliability improvement
git-svn-id: file:///home/svn/framework3/trunk@8067 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-04 22:07:03 +00:00
Steve Tornio c62e314ac4 Add OSVDB ref
git-svn-id: file:///home/svn/framework3/trunk@8063 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-04 13:02:18 +00:00
Mario Ceballos 1239ce132e added exploit module nettransport.rb from dookie
git-svn-id: file:///home/svn/framework3/trunk@8062 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-03 16:07:54 +00:00
Joshua Drake bb07ea9854 many updates, now supporting two diff techniques
git-svn-id: file:///home/svn/framework3/trunk@8061 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-03 08:10:28 +00:00
James Lee 3c6cbbc47e make sure IE service packs don't throw off the version comparison
git-svn-id: file:///home/svn/framework3/trunk@8049 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-31 21:24:00 +00:00
Joshua Drake e2a0ff92ce add check and auto-target selection
git-svn-id: file:///home/svn/framework3/trunk@8048 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-31 16:26:32 +00:00
Steve Tornio 64e524545e Update OSVDB ref
git-svn-id: file:///home/svn/framework3/trunk@8045 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-31 13:30:35 +00:00
Joshua Drake 23d7f53f3a add exploit module for cve-2008-5416
git-svn-id: file:///home/svn/framework3/trunk@8044 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-31 05:18:55 +00:00
Joshua Drake 2283e029db crossing fingers, big cr removal batch
git-svn-id: file:///home/svn/framework3/trunk@8038 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-30 22:24:22 +00:00
Joshua Drake 4827d81966 formatting fixes
git-svn-id: file:///home/svn/framework3/trunk@8029 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-30 00:48:16 +00:00
Joshua Drake 48c2184fb2 reinstated linux bruteforce target from msf2 exploit
git-svn-id: file:///home/svn/framework3/trunk@8025 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-29 22:57:02 +00:00
Joshua Drake 57fd341f4a added auto targeting, XPSP1 target, updated 2ksp4 target, notes, description
git-svn-id: file:///home/svn/framework3/trunk@8023 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-29 19:22:43 +00:00
HD Moore 922cef26fa Store the domain name in the SMB client object, along with other fields provided by NTLMSSP responses. Show the domain name and netbios name in the version scanner. Update MS06-070 to remove the default target, use the domain name from the server response, and use a more reliable return address for 2000 SP4.
git-svn-id: file:///home/svn/framework3/trunk@8022 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-29 14:00:49 +00:00
Joshua Drake 6170998ba3 add exploit module for cve-2006-4691
git-svn-id: file:///home/svn/framework3/trunk@8021 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-29 05:13:57 +00:00
Joshua Drake 1f2c1e7866 corrected cve, removed cr's, added keywords
git-svn-id: file:///home/svn/framework3/trunk@8012 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-28 21:12:11 +00:00
Joshua Drake 45a9d50d0d add exploit module for CVE-2008-4193
git-svn-id: file:///home/svn/framework3/trunk@8010 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-28 20:38:50 +00:00
HD Moore 364880fb4d Bump the session wait to 10 seconds
git-svn-id: file:///home/svn/framework3/trunk@8004 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-28 14:27:33 +00:00
Steve Tornio 5ac485eb48 Add OSVDB reference
git-svn-id: file:///home/svn/framework3/trunk@8002 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-28 12:33:40 +00:00
HD Moore 4728a29bae Two new modules from dijital1
git-svn-id: file:///home/svn/framework3/trunk@8000 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-28 04:36:25 +00:00
HD Moore 16062eed2d Holiday present from EgiX
git-svn-id: file:///home/svn/framework3/trunk@7989 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-26 18:50:44 +00:00
HD Moore d0969746a4 Mostly cosmetic changes from local tree
git-svn-id: file:///home/svn/framework3/trunk@7970 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-26 03:31:20 +00:00
HD Moore 87176f9591 Correct a syntax error in adobe_u3d_meshdecl
git-svn-id: file:///home/svn/framework3/trunk@7959 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-23 12:50:55 +00:00
HD Moore 92c703ba6f Wait a second before deleting the file, catch an exception on delete, combined these reduce some of the issues around psexec
git-svn-id: file:///home/svn/framework3/trunk@7954 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-23 04:02:59 +00:00
James Lee b933f49ec3 this exploit always uses an exe, so default EXITFUNC to process so we don't leave processes lying around
git-svn-id: file:///home/svn/framework3/trunk@7950 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-23 01:29:16 +00:00
Joshua Drake 1e6c9bef74 fix uri for check/detect
git-svn-id: file:///home/svn/framework3/trunk@7942 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-21 23:10:38 +00:00
Joshua Drake 6219116ebf removed exit calls
git-svn-id: file:///home/svn/framework3/trunk@7940 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-21 23:03:03 +00:00
Joshua Drake d0098095a4 hopefully resolved some hang issues
git-svn-id: file:///home/svn/framework3/trunk@7939 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-21 22:57:36 +00:00
Joshua Drake 9afb67aa5f removed exit call
git-svn-id: file:///home/svn/framework3/trunk@7936 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-21 22:10:18 +00:00
Joshua Drake 5830e359b6 corrected "privileged" flag
git-svn-id: file:///home/svn/framework3/trunk@7932 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-21 18:18:18 +00:00
Joshua Drake 19d32b6c97 add jabra to author list
git-svn-id: file:///home/svn/framework3/trunk@7931 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-21 17:01:12 +00:00
Steve Tornio 544efd879b Add OSVDB references
git-svn-id: file:///home/svn/framework3/trunk@7929 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-21 11:53:20 +00:00
Joshua Drake 47ef693b77 add CVE references!
git-svn-id: file:///home/svn/framework3/trunk@7928 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-21 09:38:42 +00:00
Joshua Drake 86dc8da1bb bump ranking up
git-svn-id: file:///home/svn/framework3/trunk@7927 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-21 07:56:48 +00:00
Joshua Drake 4b883322f5 moved length adjustment
git-svn-id: file:///home/svn/framework3/trunk@7926 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-20 22:45:33 +00:00
Joshua Drake 3767b6be7a add exploit module for cve-2008-4828
git-svn-id: file:///home/svn/framework3/trunk@7925 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-20 22:40:14 +00:00
Joshua Drake 6f243f6515 add exploit module for cve-2009-3853
git-svn-id: file:///home/svn/framework3/trunk@7924 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-20 11:09:39 +00:00
Joshua Drake 6a1f43b3df rename again :)
git-svn-id: file:///home/svn/framework3/trunk@7920 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-19 01:09:03 +00:00
Joshua Drake 7ef085f9b2 resolved conflict, attempt #2 to rename
git-svn-id: file:///home/svn/framework3/trunk@7919 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-19 01:08:41 +00:00
Joshua Drake 8f7c820ac9 renamed module
git-svn-id: file:///home/svn/framework3/trunk@7918 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-19 01:04:03 +00:00
HD Moore be42efdd1b Update the PDF modules to work on a wider range of versions
git-svn-id: file:///home/svn/framework3/trunk@7917 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-19 01:02:32 +00:00
Mario Ceballos de84d7e989 updated badchars and removed alphnumeric encoding.
git-svn-id: file:///home/svn/framework3/trunk@7916 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-19 00:08:32 +00:00
James Lee 82d84605e4 advisory says it should work against 5.5, but this module causes js syntax errors, so only run it on 6
git-svn-id: file:///home/svn/framework3/trunk@7914 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-18 19:38:52 +00:00
Joshua Drake c8495272a8 add exploit module for cve-2009-3214
git-svn-id: file:///home/svn/framework3/trunk@7911 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-18 00:19:04 +00:00
Joshua Drake 442bbe9e14 language cleanup
git-svn-id: file:///home/svn/framework3/trunk@7910 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-17 23:02:01 +00:00
HD Moore f2ec7795e2 Reliability improvement for the Acrobat bug - use the lame old 0x0c0c0c0c, but this works on the widest range of versions
git-svn-id: file:///home/svn/framework3/trunk@7907 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-17 14:43:05 +00:00
HD Moore 80fa601a2c Fixes #667. Automigrates this to avoid timer
git-svn-id: file:///home/svn/framework3/trunk@7905 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-17 06:02:34 +00:00
Joshua Drake 5ef4545a1b fd.read -> fd.read(fd.stat.size)
git-svn-id: file:///home/svn/framework3/trunk@7903 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-17 05:22:40 +00:00
Joshua Drake 026924c9b6 fixed sync issues between browser/fileformat modules
git-svn-id: file:///home/svn/framework3/trunk@7902 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-17 05:19:30 +00:00
Joshua Drake 2baa4a1efa port changes from Lurene to browser version
git-svn-id: file:///home/svn/framework3/trunk@7901 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-17 05:16:35 +00:00
Joshua Drake aef9a5c7b2 re-commit of changes from r7892
git-svn-id: file:///home/svn/framework3/trunk@7900 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-17 05:11:45 +00:00
Joshua Drake b37c34579b add exploit module for cve-2009-3869
NOTE: no policy change is required for this exploit to succeed.



git-svn-id: file:///home/svn/framework3/trunk@7899 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-17 04:52:40 +00:00
HD Moore d0a37bd506 Fix tab indentations
git-svn-id: file:///home/svn/framework3/trunk@7898 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-17 04:00:00 +00:00
pusscat 0fa275b53b Cleanups
Allow arbitrary (non-unicode) targets




git-svn-id: file:///home/svn/framework3/trunk@7895 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-16 21:44:18 +00:00
Joshua Drake e563e91d35 added browser versions of yesterdays adobe pdf exploits from jabra
git-svn-id: file:///home/svn/framework3/trunk@7894 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-16 20:37:57 +00:00
Joshua Drake 9a6839e412 add exploit module for cve-2009-2459
git-svn-id: file:///home/svn/framework3/trunk@7893 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-16 03:32:44 +00:00
Joshua Drake 82dc3eb3bf added reference, couple of test results
git-svn-id: file:///home/svn/framework3/trunk@7892 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-16 00:14:47 +00:00
Joshua Drake 191e98dc54 changed module name
git-svn-id: file:///home/svn/framework3/trunk@7890 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 23:17:24 +00:00
Joshua Drake 1875e86f7a remove executable bit
git-svn-id: file:///home/svn/framework3/trunk@7889 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 23:14:15 +00:00
Joshua Drake d9aca586a2 tested against 9.1.0
git-svn-id: file:///home/svn/framework3/trunk@7888 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 23:12:08 +00:00
James Lee 115899d24d add minver and maxver. slightly tricky because the vuln affects moz 1.7 and ff 1.0
git-svn-id: file:///home/svn/framework3/trunk@7886 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 21:54:24 +00:00
James Lee 008c72e255 add proper version
git-svn-id: file:///home/svn/framework3/trunk@7885 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 21:49:32 +00:00
Joshua Drake 2070bd4756 took notes on targets from various other exploits
git-svn-id: file:///home/svn/framework3/trunk@7884 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 20:37:34 +00:00
Joshua Drake 56c2d32b1e typo fix
git-svn-id: file:///home/svn/framework3/trunk@7883 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 20:37:15 +00:00
Steve Tornio 3677711cb0 adding OSVDB ref
git-svn-id: file:///home/svn/framework3/trunk@7882 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 20:34:01 +00:00
Joshua Drake 7b34f7b0f2 add exploit module for cve-2009-4324
git-svn-id: file:///home/svn/framework3/trunk@7881 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 20:15:08 +00:00
James Lee 2570fcee15 get rid of some more ^Ms
git-svn-id: file:///home/svn/framework3/trunk@7880 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 18:47:29 +00:00
James Lee 48c3709a25 correct maxver
git-svn-id: file:///home/svn/framework3/trunk@7879 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 18:46:53 +00:00
James Lee 196ee82179 bye-bye crlf
git-svn-id: file:///home/svn/framework3/trunk@7878 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 18:13:27 +00:00
Joshua Drake f3a0bbc6d6 rename to make a bit more sense
git-svn-id: file:///home/svn/framework3/trunk@7875 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 06:05:30 +00:00
Joshua Drake 2c88e2eb62 rename to make a bit more sense
git-svn-id: file:///home/svn/framework3/trunk@7874 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 05:41:29 +00:00
Joshua Drake d81c581f21 oops, remove hard coded payload
git-svn-id: file:///home/svn/framework3/trunk@7873 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 05:32:52 +00:00
Joshua Drake 4c1034ad7f add exploit module for cve-2006-2502
git-svn-id: file:///home/svn/framework3/trunk@7871 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 04:41:31 +00:00
Joshua Drake d5eb4d8217 add svn:keywords property
git-svn-id: file:///home/svn/framework3/trunk@7869 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 02:08:43 +00:00
Joshua Drake 8a95baa810 add exploit module for cve-2008-1697 from bannedit/muts
git-svn-id: file:///home/svn/framework3/trunk@7868 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 00:32:42 +00:00
Joshua Drake 1813a0fb9a updated technique
git-svn-id: file:///home/svn/framework3/trunk@7867 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 00:32:07 +00:00
James Lee 0cf566c0b9 fixes 688. better return address for greater reliability, works against FF-1.0.4 and Moz-1.7.1 on XPSP3 and 2kAS-SP0
git-svn-id: file:///home/svn/framework3/trunk@7865 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 23:27:28 +00:00
Mario Ceballos c799df8559 target is no good. offsets change on different installs.
git-svn-id: file:///home/svn/framework3/trunk@7864 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 23:07:21 +00:00
Joshua Drake 88b9ee18af clarified some version info
git-svn-id: file:///home/svn/framework3/trunk@7863 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 23:01:34 +00:00
Joshua Drake c831cda3f5 milworm/exploitdb 9277 only covers m3u and mpf, not pls
git-svn-id: file:///home/svn/framework3/trunk@7862 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 22:59:32 +00:00
Joshua Drake 8317b69aca corrected disclosure date
git-svn-id: file:///home/svn/framework3/trunk@7860 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 22:44:37 +00:00
Joshua Drake 2524840348 renamed, new targets, now using seh...
git-svn-id: file:///home/svn/framework3/trunk@7859 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 22:40:56 +00:00
Steve Tornio 1dc2c41837 added OSVDB and exploit-db refs
git-svn-id: file:///home/svn/framework3/trunk@7858 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 22:29:10 +00:00
Joshua Drake 4d645796af add exploit module from dookie
git-svn-id: file:///home/svn/framework3/trunk@7856 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 21:27:43 +00:00
HD Moore 837c70715d Reference updates from Steve Tornio
git-svn-id: file:///home/svn/framework3/trunk@7854 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 20:09:46 +00:00
Joshua Drake ef0d86720a updated description, added xp sp2+sp3 target, see #687
git-svn-id: file:///home/svn/framework3/trunk@7853 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 19:04:40 +00:00
HD Moore 0efbe3baf9 Remove the debug print
git-svn-id: file:///home/svn/framework3/trunk@7852 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 18:56:19 +00:00
HD Moore 97757c37a0 Adds an exploit module for the zabbix agent command execution flaw (no cve/bid/osvdb)
git-svn-id: file:///home/svn/framework3/trunk@7851 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 18:24:24 +00:00
HD Moore e02f62e3aa Switch to a return address that also works on SP0
git-svn-id: file:///home/svn/framework3/trunk@7849 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 17:14:08 +00:00
Joshua Drake f1a975a14e fix typo, remove automatic target
git-svn-id: file:///home/svn/framework3/trunk@7834 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-12 21:44:04 +00:00
Mario Ceballos ea0a1eea7d add ranking...
git-svn-id: file:///home/svn/framework3/trunk@7833 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-12 20:14:24 +00:00
Mario Ceballos 002b043d4c added exploit module hp_nnm_snmp.rb
git-svn-id: file:///home/svn/framework3/trunk@7832 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-12 20:06:14 +00:00
Joshua Drake 5f65d6bb32 properly commit references from Steve Tornio :)
git-svn-id: file:///home/svn/framework3/trunk@7828 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-11 21:24:18 +00:00
Joshua Drake 34408c5e3e add exploit module for CVE-2009-3867 (JRE getSoundbank)
git-svn-id: file:///home/svn/framework3/trunk@7827 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-11 21:18:31 +00:00
Joshua Drake 740fd67b74 add OSVDB reference from Steven Tornio
git-svn-id: file:///home/svn/framework3/trunk@7826 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-11 20:41:37 +00:00
Mario Ceballos 3ac51c7396 added exploit module symantec_altirisdeployment_runcmd.rb.
git-svn-id: file:///home/svn/framework3/trunk@7821 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-11 02:36:01 +00:00
Joshua Drake 95f9c1dacf note file version
git-svn-id: file:///home/svn/framework3/trunk@7820 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-10 23:23:16 +00:00