Joshua Drake
a996668cfa
added payload notes
...
git-svn-id: file:///home/svn/framework3/trunk@8511 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-16 00:27:45 +00:00
Joshua Drake
82369aa9e8
add exploit module for cve-2007-2447
...
git-svn-id: file:///home/svn/framework3/trunk@8510 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-16 00:26:41 +00:00
Joshua Drake
8c59c9cfdc
fix typos
...
git-svn-id: file:///home/svn/framework3/trunk@8508 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-15 22:42:16 +00:00
Joshua Drake
b1ef6075c0
add exploit module for cve-2007-5208
...
git-svn-id: file:///home/svn/framework3/trunk@8507 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-15 22:38:50 +00:00
HD Moore
1857268af8
Uber-fast-get-me-a-php-shell mode :)
...
git-svn-id: file:///home/svn/framework3/trunk@8505 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-15 17:59:54 +00:00
HD Moore
32357b1f64
Skip the debugging target for automatic mode
...
git-svn-id: file:///home/svn/framework3/trunk@8499 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-15 01:02:12 +00:00
HD Moore
5d7139ad6f
Various module cleanups
...
git-svn-id: file:///home/svn/framework3/trunk@8498 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-15 00:48:03 +00:00
Patrick Webster
f9ae031055
Added piranha_passwd_exec exploit module.
...
git-svn-id: file:///home/svn/framework3/trunk@8497 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-14 20:27:24 +00:00
Patrick Webster
ee4fd8c75d
Ported sambar6_search_results from v2.
...
git-svn-id: file:///home/svn/framework3/trunk@8480 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-13 20:15:19 +00:00
HD Moore
7aa7995da9
Autodetect and exploit 2003 SP0
...
git-svn-id: file:///home/svn/framework3/trunk@8479 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-13 20:04:24 +00:00
Patrick Webster
01cbe85468
Fixed OSVDB refs and added CA Server module.
...
git-svn-id: file:///home/svn/framework3/trunk@8478 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-13 16:16:13 +00:00
Patrick Webster
c8da073f80
Ported calicclnt_getconfig exploit module from msf2.
...
git-svn-id: file:///home/svn/framework3/trunk@8476 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-13 15:38:06 +00:00
Joshua Drake
1896c82e39
add exploit module for cve-2009-2484
...
git-svn-id: file:///home/svn/framework3/trunk@8475 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-13 06:58:27 +00:00
Joshua Drake
8c28d583aa
bump ranking up a notch
...
git-svn-id: file:///home/svn/framework3/trunk@8474 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-13 06:57:58 +00:00
Joshua Drake
d561b8e8ec
add references, update description
...
git-svn-id: file:///home/svn/framework3/trunk@8471 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-12 21:09:09 +00:00
Joshua Drake
f3c6b01bbd
add first exploit module using Rex::OLE (cve-2009-3129)
...
git-svn-id: file:///home/svn/framework3/trunk@8470 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-12 20:52:41 +00:00
Patrick Webster
3fd3d44ad6
Added barcode_ax49.rb exploit module.
...
git-svn-id: file:///home/svn/framework3/trunk@8466 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-12 18:06:49 +00:00
HD Moore
3fe41a0d94
Fix a small typo
...
git-svn-id: file:///home/svn/framework3/trunk@8463 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-12 14:44:23 +00:00
natron
9729b22972
Loopty version of the wireshark exploit. This will continually blast packets as a background job.
...
git-svn-id: file:///home/svn/framework3/trunk@8460 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-12 01:58:33 +00:00
Joshua Drake
6e80c7a62c
use Rex::Arch::pack_addr
...
git-svn-id: file:///home/svn/framework3/trunk@8454 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-11 09:03:48 +00:00
Joshua Drake
0f942df9cd
whitespace changes
...
git-svn-id: file:///home/svn/framework3/trunk@8451 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-11 06:00:12 +00:00
Joshua Drake
f82c53db2a
move 70k binary to data/exploits instead of hex encoded in the exploit
...
git-svn-id: file:///home/svn/framework3/trunk@8446 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-10 23:17:19 +00:00
James Lee
eb6ce38e0c
old zero-day shows its age
...
git-svn-id: file:///home/svn/framework3/trunk@8445 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-10 20:41:07 +00:00
Joshua Drake
d96a6a1f8f
add exploit module for cve-2009-2261 - first consumer of zip library!
...
git-svn-id: file:///home/svn/framework3/trunk@8440 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-10 17:28:25 +00:00
Joshua Drake
48a159006a
Regenerate the payload with the specified AIX level, cleanups
...
git-svn-id: file:///home/svn/framework3/trunk@8427 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-09 04:15:47 +00:00
Joshua Drake
e7f7ac20ea
extended brute range, minor cleanups
...
git-svn-id: file:///home/svn/framework3/trunk@8426 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-09 04:15:15 +00:00
HD Moore
af978cbbdc
Regenerate the payload with the specified AIX level
...
git-svn-id: file:///home/svn/framework3/trunk@8424 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-09 03:59:20 +00:00
Joshua Drake
7bf3de2a3d
randomize filler
...
git-svn-id: file:///home/svn/framework3/trunk@8422 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-09 00:43:56 +00:00
Joshua Drake
40579ce936
it works! don't forget to "set AIX <version>"
...
git-svn-id: file:///home/svn/framework3/trunk@8421 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-09 00:41:49 +00:00
HD Moore
ba34abc232
Fix unpack("H*") vs unpack("H*")[0]
...
git-svn-id: file:///home/svn/framework3/trunk@8416 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 21:37:07 +00:00
HD Moore
c6c1cda153
Try to delete the file (doesn't always work)
...
git-svn-id: file:///home/svn/framework3/trunk@8413 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 19:12:59 +00:00
HD Moore
bc62eaf99b
Adds a module to exploit insecure IIS configurations (PUT)
...
git-svn-id: file:///home/svn/framework3/trunk@8412 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 19:04:19 +00:00
Steve Tornio
f3ad1c0a15
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@8410 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 18:53:21 +00:00
Joshua Drake
f04ae6f20d
minor cleanups -- getting closer
...
git-svn-id: file:///home/svn/framework3/trunk@8402 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 01:03:46 +00:00
HD Moore
7870638481
Expose the SunRPC socket; we need to overhaul the SunRPC code sometime
...
git-svn-id: file:///home/svn/framework3/trunk@8399 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 00:52:58 +00:00
Joshua Drake
8b63d506f7
initial commit of aix cmsd exploit (not fully working yet)
...
git-svn-id: file:///home/svn/framework3/trunk@8398 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 00:44:54 +00:00
Joshua Drake
9f174795d4
add exploit module for vermillion ftpd memory corruption
...
git-svn-id: file:///home/svn/framework3/trunk@8396 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 00:39:48 +00:00
Joshua Drake
a772bc2c85
minor cleanups
...
git-svn-id: file:///home/svn/framework3/trunk@8395 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-07 21:42:12 +00:00
HD Moore
bd91871763
Correct credit for the advisory
...
git-svn-id: file:///home/svn/framework3/trunk@8391 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-06 23:22:28 +00:00
Joshua Drake
875a66553f
clean up a couple comments to save future pain
...
git-svn-id: file:///home/svn/framework3/trunk@8380 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-06 06:53:31 +00:00
Joshua Drake
bd3a4760da
fixes to adobe_pdf_embedded_exe
...
optimized the directory search, and cmdline in general
added the Documents (Vista/Win7) to the list of directories to check
fixes #767
git-svn-id: file:///home/svn/framework3/trunk@8379 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-06 06:51:13 +00:00
Joshua Drake
9397c897ba
fix spoof support
...
git-svn-id: file:///home/svn/framework3/trunk@8367 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-04 04:56:18 +00:00
Joshua Drake
9b79ebd000
add a windows target, thx redsand!
...
also removed some cruft
git-svn-id: file:///home/svn/framework3/trunk@8364 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-03 18:24:42 +00:00
Joshua Drake
7538b93aae
add exploit module for cve-2006-6665
...
git-svn-id: file:///home/svn/framework3/trunk@8361 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-03 06:09:31 +00:00
Joshua Drake
a41647a922
add silly jmp esp target for wireshark gui on debian
...
git-svn-id: file:///home/svn/framework3/trunk@8360 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-03 00:08:28 +00:00
Steve Tornio
2cbd6d152d
Add cve and osvdb refs
...
git-svn-id: file:///home/svn/framework3/trunk@8347 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-02 12:37:07 +00:00
Joshua Drake
98dd073368
add an exploit module for one of the wireshark lwres vulns
...
git-svn-id: file:///home/svn/framework3/trunk@8346 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-02 06:20:18 +00:00
Joshua Drake
746c4fc263
whitespace change
...
git-svn-id: file:///home/svn/framework3/trunk@8345 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-02 06:19:34 +00:00
Joshua Drake
fde3fbb2e3
add exploit module for cve-2009-1569
...
git-svn-id: file:///home/svn/framework3/trunk@8339 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-01 03:56:02 +00:00
Joshua Drake
c073cd707a
removed unecessary parameter, commented target
...
git-svn-id: file:///home/svn/framework3/trunk@8338 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-01 03:33:38 +00:00
Joshua Drake
2783c5884e
add exploit module for cve-2009-1568
...
git-svn-id: file:///home/svn/framework3/trunk@8336 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-01 02:40:47 +00:00
natron
3ecabe1be9
Adds static signed jar and user messages letting them know.
...
git-svn-id: file:///home/svn/framework3/trunk@8328 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-29 19:47:40 +00:00
Joshua Drake
4863faf0a7
add reference to cve-2000-1209 (sa blank password)
...
git-svn-id: file:///home/svn/framework3/trunk@8324 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-29 16:37:06 +00:00
Joshua Drake
c514c2274b
typo, fixes #786 , see also r8315
...
git-svn-id: file:///home/svn/framework3/trunk@8316 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-29 01:06:06 +00:00
Joshua Drake
53fd14c9c0
updated description, added PATH variable
...
git-svn-id: file:///home/svn/framework3/trunk@8315 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-29 01:04:23 +00:00
natron
69ad365b46
Added STDERR to pure java payload, cleaned up user's view.
...
git-svn-id: file:///home/svn/framework3/trunk@8308 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 22:53:36 +00:00
Steve Tornio
70c0cb7530
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@8307 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 21:04:40 +00:00
Steve Tornio
a3f4d4f65e
add cve and osvdb refs
...
git-svn-id: file:///home/svn/framework3/trunk@8306 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 21:04:01 +00:00
Joshua Drake
c0e556f7ad
oops, broke the tree again!
...
git-svn-id: file:///home/svn/framework3/trunk@8305 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 20:37:44 +00:00
Joshua Drake
4751d83cb8
some cleanups, added some CVE references
...
git-svn-id: file:///home/svn/framework3/trunk@8304 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 20:15:32 +00:00
Joshua Drake
7789db860d
add exploit module for Audiotran .pls file bof
...
git-svn-id: file:///home/svn/framework3/trunk@8303 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 19:24:41 +00:00
Joshua Drake
d9e5de5683
note the CLSID of this control
...
git-svn-id: file:///home/svn/framework3/trunk@8302 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 19:17:50 +00:00
Joshua Drake
15e13348c0
add exploit module for AOL phobos bug
...
git-svn-id: file:///home/svn/framework3/trunk@8300 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 18:58:14 +00:00
Joshua Drake
0fbe42395f
added automatic target detection
...
git-svn-id: file:///home/svn/framework3/trunk@8287 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 07:34:47 +00:00
Joshua Drake
008755b025
add exploit module for yassl CertDecoder::GetName vuln
...
also renames old mysql_yassl exploit to _hello
git-svn-id: file:///home/svn/framework3/trunk@8282 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 23:24:44 +00:00
natron
9891d60dfc
Move applet generation up for slight speed improvement and less spamminess to the user.
...
git-svn-id: file:///home/svn/framework3/trunk@8281 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 23:15:36 +00:00
natron
5e4442a4d4
Fix a bug missed due to caching issues.
...
git-svn-id: file:///home/svn/framework3/trunk@8276 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 20:58:13 +00:00
natron
c135462768
<@jduck> natron: you need some svn keywords magic
...
git-svn-id: file:///home/svn/framework3/trunk@8274 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 20:20:32 +00:00
natron
cd5e5880d2
Initial commit of Msf::Exploit::Java mixin and multi/browser/java_signed_applet exploit.
...
git-svn-id: file:///home/svn/framework3/trunk@8267 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 19:46:39 +00:00
Joshua Drake
31949c4343
svn keywords fixups
...
fixed a bunch of $Id$ and $Revision$ typos
added keywords property to files missing it
git-svn-id: file:///home/svn/framework3/trunk@8242 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-26 20:12:13 +00:00
HD Moore
1bdd286936
This bug actually affected 9.2 as well according to adobe, reference updated
...
git-svn-id: file:///home/svn/framework3/trunk@8222 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-25 14:22:13 +00:00
Joshua Drake
87adb7714f
fixed whitespace
...
git-svn-id: file:///home/svn/framework3/trunk@8219 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-25 04:52:49 +00:00
Joshua Drake
83f47796fe
add reference to ms09-032 (the mitigation)
...
git-svn-id: file:///home/svn/framework3/trunk@8212 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-24 00:05:19 +00:00
Joshua Drake
14862e0106
added another target
...
git-svn-id: file:///home/svn/framework3/trunk@8204 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-22 21:43:40 +00:00
Joshua Drake
6fd20d411f
add exploit module for cve-2009-4179
...
git-svn-id: file:///home/svn/framework3/trunk@8192 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-22 05:52:53 +00:00
Joshua Drake
409d44bfad
fix another typo
...
git-svn-id: file:///home/svn/framework3/trunk@8190 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 19:26:04 +00:00
Joshua Drake
9cb3ac9340
fix typo
...
git-svn-id: file:///home/svn/framework3/trunk@8189 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 19:24:54 +00:00
Joshua Drake
ab1a1c58db
escape more format specifiers passed to util.printd
...
prevents mucking with the allocation size (hopefully)
a better solution would be to find a different way to allocate the freed memory..
git-svn-id: file:///home/svn/framework3/trunk@8188 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 18:32:01 +00:00
Joshua Drake
a87d4e7eb4
escape randomly generated format specifiers passed to util.printd
...
prevents mucking with the allocation size (hopefully)
git-svn-id: file:///home/svn/framework3/trunk@8186 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 17:09:46 +00:00
Joshua Drake
2b8a2d56a1
some variable renaming
...
git-svn-id: file:///home/svn/framework3/trunk@8184 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 04:55:16 +00:00
Joshua Drake
72e1b9bb50
added a couple better error messages
...
git-svn-id: file:///home/svn/framework3/trunk@8183 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 00:30:08 +00:00
Joshua Drake
97c3159293
fixed version command, check function
...
git-svn-id: file:///home/svn/framework3/trunk@8182 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 00:15:20 +00:00
Joshua Drake
e8048704be
add exploit module for cve-2009-1979 (oracle pre-auth bof)
...
git-svn-id: file:///home/svn/framework3/trunk@8181 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 00:05:18 +00:00
Joshua Drake
310be42bfa
try not to repeatedly load static files - see #694
...
git-svn-id: file:///home/svn/framework3/trunk@8166 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-19 19:12:42 +00:00
Joshua Drake
db5097af91
bump ranking up, comment about crash recovery
...
git-svn-id: file:///home/svn/framework3/trunk@8154 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-19 07:23:22 +00:00
Joshua Drake
477468147b
cleanup exceptions, optimize query length, add some entropy
...
git-svn-id: file:///home/svn/framework3/trunk@8153 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-19 05:09:40 +00:00
Joshua Drake
7c402d1d79
changed a comment
...
git-svn-id: file:///home/svn/framework3/trunk@8152 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-19 01:56:31 +00:00
Joshua Drake
52b71077d3
major overhaul of ms09-004 (cve-2008-5416) exploit
...
git-svn-id: file:///home/svn/framework3/trunk@8151 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-19 01:51:48 +00:00
James Lee
bbe10b439f
let the user know when a client connects
...
git-svn-id: file:///home/svn/framework3/trunk@8140 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-16 01:00:01 +00:00
HD Moore
69f609bdcd
Updated description to make the source of the exploit clear and why it only triggers reliably vs 6 now. Adjusts the heap spray to be slightly bigger
...
git-svn-id: file:///home/svn/framework3/trunk@8138 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-16 00:55:42 +00:00
Steve Tornio
a0326fc842
add CVE and OSVDB refs
...
git-svn-id: file:///home/svn/framework3/trunk@8137 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-15 22:05:02 +00:00
HD Moore
579a6fe799
Metasploit port of the IE "Aurora" exploit, based on this sample: http://wepawet.iseclab.org/view.php?hash=1aea206aa64ebeabb07237f1e2230d0f&type=js
...
git-svn-id: file:///home/svn/framework3/trunk@8136 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-15 21:36:04 +00:00
Joshua Drake
fba8a1d110
added a German target with 0x0a0a0a0a as the spray addr
...
git-svn-id: file:///home/svn/framework3/trunk@8125 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-14 22:24:56 +00:00
HD Moore
b1f79c6342
Use nohup to prevent the telnet session close from killing the command
...
git-svn-id: file:///home/svn/framework3/trunk@8082 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-07 00:10:03 +00:00
Joshua Drake
8399ff46b2
oops, left out a var
...
git-svn-id: file:///home/svn/framework3/trunk@8081 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-06 20:55:41 +00:00
Joshua Drake
c51c14bcba
fix typos :-/
...
git-svn-id: file:///home/svn/framework3/trunk@8080 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-06 20:09:34 +00:00
Joshua Drake
97338e6848
add exploit module for cve-2007-2280 (split from other)
...
git-svn-id: file:///home/svn/framework3/trunk@8079 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-06 20:04:58 +00:00
Joshua Drake
75ff9d327a
_2 == cve-2009-3844
...
git-svn-id: file:///home/svn/framework3/trunk@8078 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-06 20:01:08 +00:00
Joshua Drake
3a9b384554
renamed the moduled
...
git-svn-id: file:///home/svn/framework3/trunk@8077 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-06 19:29:11 +00:00
Joshua Drake
4a0051d93a
lots of updates, preparing to split into two modules
...
git-svn-id: file:///home/svn/framework3/trunk@8076 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-06 19:28:19 +00:00
Steve Tornio
888b7637c0
Add OSVDB ref, fixed exploit-db refs
...
git-svn-id: file:///home/svn/framework3/trunk@8071 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-05 11:49:12 +00:00
Joshua Drake
905d391d5e
add exploit module for bigant 2.52 usv bug
...
git-svn-id: file:///home/svn/framework3/trunk@8070 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-05 08:24:35 +00:00
Joshua Drake
efb3dbb2af
minor tweaks
...
git-svn-id: file:///home/svn/framework3/trunk@8069 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-05 00:35:46 +00:00
Joshua Drake
789d875d24
record addr for stack hijacking
...
git-svn-id: file:///home/svn/framework3/trunk@8068 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-05 00:02:15 +00:00
Joshua Drake
9a9c92d785
added description, sql2ksp3 target, minor reliability improvement
...
git-svn-id: file:///home/svn/framework3/trunk@8067 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-04 22:07:03 +00:00
Steve Tornio
c62e314ac4
Add OSVDB ref
...
git-svn-id: file:///home/svn/framework3/trunk@8063 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-04 13:02:18 +00:00
Mario Ceballos
1239ce132e
added exploit module nettransport.rb from dookie
...
git-svn-id: file:///home/svn/framework3/trunk@8062 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-03 16:07:54 +00:00
Joshua Drake
bb07ea9854
many updates, now supporting two diff techniques
...
git-svn-id: file:///home/svn/framework3/trunk@8061 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-03 08:10:28 +00:00
James Lee
3c6cbbc47e
make sure IE service packs don't throw off the version comparison
...
git-svn-id: file:///home/svn/framework3/trunk@8049 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-31 21:24:00 +00:00
Joshua Drake
e2a0ff92ce
add check and auto-target selection
...
git-svn-id: file:///home/svn/framework3/trunk@8048 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-31 16:26:32 +00:00
Steve Tornio
64e524545e
Update OSVDB ref
...
git-svn-id: file:///home/svn/framework3/trunk@8045 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-31 13:30:35 +00:00
Joshua Drake
23d7f53f3a
add exploit module for cve-2008-5416
...
git-svn-id: file:///home/svn/framework3/trunk@8044 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-31 05:18:55 +00:00
Joshua Drake
2283e029db
crossing fingers, big cr removal batch
...
git-svn-id: file:///home/svn/framework3/trunk@8038 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-30 22:24:22 +00:00
Joshua Drake
4827d81966
formatting fixes
...
git-svn-id: file:///home/svn/framework3/trunk@8029 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-30 00:48:16 +00:00
Joshua Drake
48c2184fb2
reinstated linux bruteforce target from msf2 exploit
...
git-svn-id: file:///home/svn/framework3/trunk@8025 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-29 22:57:02 +00:00
Joshua Drake
57fd341f4a
added auto targeting, XPSP1 target, updated 2ksp4 target, notes, description
...
git-svn-id: file:///home/svn/framework3/trunk@8023 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-29 19:22:43 +00:00
HD Moore
922cef26fa
Store the domain name in the SMB client object, along with other fields provided by NTLMSSP responses. Show the domain name and netbios name in the version scanner. Update MS06-070 to remove the default target, use the domain name from the server response, and use a more reliable return address for 2000 SP4.
...
git-svn-id: file:///home/svn/framework3/trunk@8022 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-29 14:00:49 +00:00
Joshua Drake
6170998ba3
add exploit module for cve-2006-4691
...
git-svn-id: file:///home/svn/framework3/trunk@8021 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-29 05:13:57 +00:00
Joshua Drake
1f2c1e7866
corrected cve, removed cr's, added keywords
...
git-svn-id: file:///home/svn/framework3/trunk@8012 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-28 21:12:11 +00:00
Joshua Drake
45a9d50d0d
add exploit module for CVE-2008-4193
...
git-svn-id: file:///home/svn/framework3/trunk@8010 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-28 20:38:50 +00:00
HD Moore
364880fb4d
Bump the session wait to 10 seconds
...
git-svn-id: file:///home/svn/framework3/trunk@8004 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-28 14:27:33 +00:00
Steve Tornio
5ac485eb48
Add OSVDB reference
...
git-svn-id: file:///home/svn/framework3/trunk@8002 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-28 12:33:40 +00:00
HD Moore
4728a29bae
Two new modules from dijital1
...
git-svn-id: file:///home/svn/framework3/trunk@8000 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-28 04:36:25 +00:00
HD Moore
16062eed2d
Holiday present from EgiX
...
git-svn-id: file:///home/svn/framework3/trunk@7989 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-26 18:50:44 +00:00
HD Moore
d0969746a4
Mostly cosmetic changes from local tree
...
git-svn-id: file:///home/svn/framework3/trunk@7970 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-26 03:31:20 +00:00
HD Moore
87176f9591
Correct a syntax error in adobe_u3d_meshdecl
...
git-svn-id: file:///home/svn/framework3/trunk@7959 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-23 12:50:55 +00:00
HD Moore
92c703ba6f
Wait a second before deleting the file, catch an exception on delete, combined these reduce some of the issues around psexec
...
git-svn-id: file:///home/svn/framework3/trunk@7954 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-23 04:02:59 +00:00
James Lee
b933f49ec3
this exploit always uses an exe, so default EXITFUNC to process so we don't leave processes lying around
...
git-svn-id: file:///home/svn/framework3/trunk@7950 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-23 01:29:16 +00:00
Joshua Drake
1e6c9bef74
fix uri for check/detect
...
git-svn-id: file:///home/svn/framework3/trunk@7942 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-21 23:10:38 +00:00
Joshua Drake
6219116ebf
removed exit calls
...
git-svn-id: file:///home/svn/framework3/trunk@7940 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-21 23:03:03 +00:00
Joshua Drake
d0098095a4
hopefully resolved some hang issues
...
git-svn-id: file:///home/svn/framework3/trunk@7939 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-21 22:57:36 +00:00
Joshua Drake
9afb67aa5f
removed exit call
...
git-svn-id: file:///home/svn/framework3/trunk@7936 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-21 22:10:18 +00:00
Joshua Drake
5830e359b6
corrected "privileged" flag
...
git-svn-id: file:///home/svn/framework3/trunk@7932 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-21 18:18:18 +00:00
Joshua Drake
19d32b6c97
add jabra to author list
...
git-svn-id: file:///home/svn/framework3/trunk@7931 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-21 17:01:12 +00:00
Steve Tornio
544efd879b
Add OSVDB references
...
git-svn-id: file:///home/svn/framework3/trunk@7929 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-21 11:53:20 +00:00
Joshua Drake
47ef693b77
add CVE references!
...
git-svn-id: file:///home/svn/framework3/trunk@7928 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-21 09:38:42 +00:00
Joshua Drake
86dc8da1bb
bump ranking up
...
git-svn-id: file:///home/svn/framework3/trunk@7927 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-21 07:56:48 +00:00
Joshua Drake
4b883322f5
moved length adjustment
...
git-svn-id: file:///home/svn/framework3/trunk@7926 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-20 22:45:33 +00:00
Joshua Drake
3767b6be7a
add exploit module for cve-2008-4828
...
git-svn-id: file:///home/svn/framework3/trunk@7925 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-20 22:40:14 +00:00
Joshua Drake
6f243f6515
add exploit module for cve-2009-3853
...
git-svn-id: file:///home/svn/framework3/trunk@7924 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-20 11:09:39 +00:00
Joshua Drake
6a1f43b3df
rename again :)
...
git-svn-id: file:///home/svn/framework3/trunk@7920 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-19 01:09:03 +00:00
Joshua Drake
7ef085f9b2
resolved conflict, attempt #2 to rename
...
git-svn-id: file:///home/svn/framework3/trunk@7919 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-19 01:08:41 +00:00
Joshua Drake
8f7c820ac9
renamed module
...
git-svn-id: file:///home/svn/framework3/trunk@7918 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-19 01:04:03 +00:00
HD Moore
be42efdd1b
Update the PDF modules to work on a wider range of versions
...
git-svn-id: file:///home/svn/framework3/trunk@7917 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-19 01:02:32 +00:00
Mario Ceballos
de84d7e989
updated badchars and removed alphnumeric encoding.
...
git-svn-id: file:///home/svn/framework3/trunk@7916 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-19 00:08:32 +00:00
James Lee
82d84605e4
advisory says it should work against 5.5, but this module causes js syntax errors, so only run it on 6
...
git-svn-id: file:///home/svn/framework3/trunk@7914 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-18 19:38:52 +00:00
Joshua Drake
c8495272a8
add exploit module for cve-2009-3214
...
git-svn-id: file:///home/svn/framework3/trunk@7911 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-18 00:19:04 +00:00
Joshua Drake
442bbe9e14
language cleanup
...
git-svn-id: file:///home/svn/framework3/trunk@7910 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-17 23:02:01 +00:00
HD Moore
f2ec7795e2
Reliability improvement for the Acrobat bug - use the lame old 0x0c0c0c0c, but this works on the widest range of versions
...
git-svn-id: file:///home/svn/framework3/trunk@7907 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-17 14:43:05 +00:00
HD Moore
80fa601a2c
Fixes #667 . Automigrates this to avoid timer
...
git-svn-id: file:///home/svn/framework3/trunk@7905 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-17 06:02:34 +00:00
Joshua Drake
5ef4545a1b
fd.read -> fd.read(fd.stat.size)
...
git-svn-id: file:///home/svn/framework3/trunk@7903 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-17 05:22:40 +00:00
Joshua Drake
026924c9b6
fixed sync issues between browser/fileformat modules
...
git-svn-id: file:///home/svn/framework3/trunk@7902 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-17 05:19:30 +00:00
Joshua Drake
2baa4a1efa
port changes from Lurene to browser version
...
git-svn-id: file:///home/svn/framework3/trunk@7901 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-17 05:16:35 +00:00
Joshua Drake
aef9a5c7b2
re-commit of changes from r7892
...
git-svn-id: file:///home/svn/framework3/trunk@7900 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-17 05:11:45 +00:00
Joshua Drake
b37c34579b
add exploit module for cve-2009-3869
...
NOTE: no policy change is required for this exploit to succeed.
git-svn-id: file:///home/svn/framework3/trunk@7899 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-17 04:52:40 +00:00
HD Moore
d0a37bd506
Fix tab indentations
...
git-svn-id: file:///home/svn/framework3/trunk@7898 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-17 04:00:00 +00:00
pusscat
0fa275b53b
Cleanups
...
Allow arbitrary (non-unicode) targets
git-svn-id: file:///home/svn/framework3/trunk@7895 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-16 21:44:18 +00:00
Joshua Drake
e563e91d35
added browser versions of yesterdays adobe pdf exploits from jabra
...
git-svn-id: file:///home/svn/framework3/trunk@7894 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-16 20:37:57 +00:00
Joshua Drake
9a6839e412
add exploit module for cve-2009-2459
...
git-svn-id: file:///home/svn/framework3/trunk@7893 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-16 03:32:44 +00:00
Joshua Drake
82dc3eb3bf
added reference, couple of test results
...
git-svn-id: file:///home/svn/framework3/trunk@7892 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-16 00:14:47 +00:00
Joshua Drake
191e98dc54
changed module name
...
git-svn-id: file:///home/svn/framework3/trunk@7890 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 23:17:24 +00:00
Joshua Drake
1875e86f7a
remove executable bit
...
git-svn-id: file:///home/svn/framework3/trunk@7889 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 23:14:15 +00:00
Joshua Drake
d9aca586a2
tested against 9.1.0
...
git-svn-id: file:///home/svn/framework3/trunk@7888 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 23:12:08 +00:00
James Lee
115899d24d
add minver and maxver. slightly tricky because the vuln affects moz 1.7 and ff 1.0
...
git-svn-id: file:///home/svn/framework3/trunk@7886 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 21:54:24 +00:00
James Lee
008c72e255
add proper version
...
git-svn-id: file:///home/svn/framework3/trunk@7885 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 21:49:32 +00:00
Joshua Drake
2070bd4756
took notes on targets from various other exploits
...
git-svn-id: file:///home/svn/framework3/trunk@7884 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 20:37:34 +00:00
Joshua Drake
56c2d32b1e
typo fix
...
git-svn-id: file:///home/svn/framework3/trunk@7883 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 20:37:15 +00:00
Steve Tornio
3677711cb0
adding OSVDB ref
...
git-svn-id: file:///home/svn/framework3/trunk@7882 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 20:34:01 +00:00
Joshua Drake
7b34f7b0f2
add exploit module for cve-2009-4324
...
git-svn-id: file:///home/svn/framework3/trunk@7881 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 20:15:08 +00:00
James Lee
2570fcee15
get rid of some more ^Ms
...
git-svn-id: file:///home/svn/framework3/trunk@7880 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 18:47:29 +00:00
James Lee
48c3709a25
correct maxver
...
git-svn-id: file:///home/svn/framework3/trunk@7879 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 18:46:53 +00:00
James Lee
196ee82179
bye-bye crlf
...
git-svn-id: file:///home/svn/framework3/trunk@7878 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 18:13:27 +00:00
Joshua Drake
f3a0bbc6d6
rename to make a bit more sense
...
git-svn-id: file:///home/svn/framework3/trunk@7875 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 06:05:30 +00:00
Joshua Drake
2c88e2eb62
rename to make a bit more sense
...
git-svn-id: file:///home/svn/framework3/trunk@7874 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 05:41:29 +00:00
Joshua Drake
d81c581f21
oops, remove hard coded payload
...
git-svn-id: file:///home/svn/framework3/trunk@7873 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 05:32:52 +00:00
Joshua Drake
4c1034ad7f
add exploit module for cve-2006-2502
...
git-svn-id: file:///home/svn/framework3/trunk@7871 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 04:41:31 +00:00
Joshua Drake
d5eb4d8217
add svn:keywords property
...
git-svn-id: file:///home/svn/framework3/trunk@7869 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 02:08:43 +00:00
Joshua Drake
8a95baa810
add exploit module for cve-2008-1697 from bannedit/muts
...
git-svn-id: file:///home/svn/framework3/trunk@7868 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 00:32:42 +00:00
Joshua Drake
1813a0fb9a
updated technique
...
git-svn-id: file:///home/svn/framework3/trunk@7867 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 00:32:07 +00:00
James Lee
0cf566c0b9
fixes 688. better return address for greater reliability, works against FF-1.0.4 and Moz-1.7.1 on XPSP3 and 2kAS-SP0
...
git-svn-id: file:///home/svn/framework3/trunk@7865 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 23:27:28 +00:00
Mario Ceballos
c799df8559
target is no good. offsets change on different installs.
...
git-svn-id: file:///home/svn/framework3/trunk@7864 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 23:07:21 +00:00
Joshua Drake
88b9ee18af
clarified some version info
...
git-svn-id: file:///home/svn/framework3/trunk@7863 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 23:01:34 +00:00
Joshua Drake
c831cda3f5
milworm/exploitdb 9277 only covers m3u and mpf, not pls
...
git-svn-id: file:///home/svn/framework3/trunk@7862 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 22:59:32 +00:00
Joshua Drake
8317b69aca
corrected disclosure date
...
git-svn-id: file:///home/svn/framework3/trunk@7860 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 22:44:37 +00:00
Joshua Drake
2524840348
renamed, new targets, now using seh...
...
git-svn-id: file:///home/svn/framework3/trunk@7859 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 22:40:56 +00:00
Steve Tornio
1dc2c41837
added OSVDB and exploit-db refs
...
git-svn-id: file:///home/svn/framework3/trunk@7858 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 22:29:10 +00:00
Joshua Drake
4d645796af
add exploit module from dookie
...
git-svn-id: file:///home/svn/framework3/trunk@7856 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 21:27:43 +00:00
HD Moore
837c70715d
Reference updates from Steve Tornio
...
git-svn-id: file:///home/svn/framework3/trunk@7854 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 20:09:46 +00:00
Joshua Drake
ef0d86720a
updated description, added xp sp2+sp3 target, see #687
...
git-svn-id: file:///home/svn/framework3/trunk@7853 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 19:04:40 +00:00
HD Moore
0efbe3baf9
Remove the debug print
...
git-svn-id: file:///home/svn/framework3/trunk@7852 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 18:56:19 +00:00
HD Moore
97757c37a0
Adds an exploit module for the zabbix agent command execution flaw (no cve/bid/osvdb)
...
git-svn-id: file:///home/svn/framework3/trunk@7851 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 18:24:24 +00:00
HD Moore
e02f62e3aa
Switch to a return address that also works on SP0
...
git-svn-id: file:///home/svn/framework3/trunk@7849 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 17:14:08 +00:00
Joshua Drake
f1a975a14e
fix typo, remove automatic target
...
git-svn-id: file:///home/svn/framework3/trunk@7834 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-12 21:44:04 +00:00
Mario Ceballos
ea0a1eea7d
add ranking...
...
git-svn-id: file:///home/svn/framework3/trunk@7833 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-12 20:14:24 +00:00
Mario Ceballos
002b043d4c
added exploit module hp_nnm_snmp.rb
...
git-svn-id: file:///home/svn/framework3/trunk@7832 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-12 20:06:14 +00:00
Joshua Drake
5f65d6bb32
properly commit references from Steve Tornio :)
...
git-svn-id: file:///home/svn/framework3/trunk@7828 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-11 21:24:18 +00:00
Joshua Drake
34408c5e3e
add exploit module for CVE-2009-3867 (JRE getSoundbank)
...
git-svn-id: file:///home/svn/framework3/trunk@7827 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-11 21:18:31 +00:00
Joshua Drake
740fd67b74
add OSVDB reference from Steven Tornio
...
git-svn-id: file:///home/svn/framework3/trunk@7826 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-11 20:41:37 +00:00
Mario Ceballos
3ac51c7396
added exploit module symantec_altirisdeployment_runcmd.rb.
...
git-svn-id: file:///home/svn/framework3/trunk@7821 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-11 02:36:01 +00:00
Joshua Drake
95f9c1dacf
note file version
...
git-svn-id: file:///home/svn/framework3/trunk@7820 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-10 23:23:16 +00:00