Ramon de C Valle
21661b168b
Add cfme_manageiq_evm_upload_exec.rb
...
This module exploits a path traversal vulnerability in the "linuxpkgs"
action of "agent" controller of the Red Hat CloudForms Management Engine
5.1 (ManageIQ Enterprise Virtualization Manager 5.0 and earlier).
2013-12-09 16:18:12 -02:00
Joe Vennix
6d1d45c691
Add user param to nt_hash call.
2013-12-09 10:28:06 -06:00
jvazquez-r7
c59b8fd7bc
Land #2741 , @russell TCP support for nfsmount
2013-12-09 09:46:34 -06:00
Mekanismen
67415808da
added exploit module for CVE-2013-0632
2013-12-09 15:18:34 +01:00
Russell Sim
291a52712e
Allow the NFS protocol to be specified in the mount scanner
2013-12-09 21:26:29 +11:00
sinn3r
1e30cd55f7
Land #2740 - Real regex for MATCH and EXCLUDE
2013-12-09 03:05:08 -06:00
sinn3r
9c5991980a
Land #2733 - Disable meterpreter support because they're not stable
2013-12-09 02:50:36 -06:00
sinn3r
2f6a77861a
Land #2731 - vBulletin nodeid SQL injection (exploit)
2013-12-09 02:22:07 -06:00
sinn3r
feca3efafb
Land #2728 - vBulletin Password Collector via nodeid SQL Injection
2013-12-09 02:12:42 -06:00
sinn3r
92412279ae
Account for failed cred gathering attempts
...
Sometimes the SQL error doesn't contain the info we need.
2013-12-09 02:11:46 -06:00
Joe Vennix
cd66cca8a1
Make browser autopwn datastore use OptRegexp.
2013-12-08 17:46:33 -06:00
Joe Vennix
dea35252af
Kill unused method.
2013-12-08 14:35:49 -06:00
Joe Vennix
df76651834
Make sure loot is named correctly.
2013-12-08 14:31:18 -06:00
Joe Vennix
7f3ab14179
Make pipe part of /bin/bash cmd.
2013-12-08 14:27:28 -06:00
Joe Vennix
9b34a8f1ad
Supports 10.3
2013-12-08 14:26:16 -06:00
Joe Vennix
f981a04918
Fix MATCHUSER bug.
...
* Also add spacing and indentation for better readability.
* Refactors grab_shadow_blob method.
2013-12-08 14:21:48 -06:00
Meatballs
45a0ac9e68
Land #2602 , Windows Extended API
...
Retrieve clipboard data
Retrieve window handles
Retrieve service information
2013-12-08 19:01:35 +00:00
Meatballs
e5a92a18a5
and expand path
2013-12-08 19:01:03 +00:00
Meatballs
3c67f1c6a9
Fix file download
2013-12-08 18:57:10 +00:00
Meatballs
ab1ddac0c8
Merge remote-tracking branch 'upstream/master' into submodule
...
Conflicts:
external/source/exploits/cve-2013-3660/dll/reflective_dll.vcxproj
2013-12-08 18:25:03 +00:00
jiuweigui
2a0b503f06
Minor fix
2013-12-08 18:17:22 +02:00
Joe Vennix
eacab1b2ad
Fix description, kill dead constant.
2013-12-07 22:28:16 -06:00
Joe Vennix
969f45fd32
Refactor OSX hashdump post module.
...
* Adds support for MATCHUSER regex option
* Adds support for OSX 10.8 and 10.9 hashes (PBKDF2)
* DRYs up a bunch of older code, adds lots of helper fns
* Ends up shaving off ~20 lines
2013-12-07 22:22:23 -06:00
dmaloney-r7
0c5d748fca
Merge pull request #1103 from scriptjunkie/dllinjectfix
...
Support silent shellcode injection into DLLs
2013-12-07 19:47:34 -08:00
scriptjunkie
f4636c46a6
Removing unused endjunk, sections_end, cert_entry
2013-12-07 20:55:51 -06:00
scriptjunkie
77e9996501
Mitigate metasm relocation error by disabling ASLR
...
Deal with import error by actually using the GetProcAddress code.
2013-12-07 20:54:13 -06:00
scriptjunkie
8d33138489
Support silent shellcode injection into DLLs
...
Only run code on DLL_PROCESS_ATTACH, preventing infinite loop otherwise:
Added code would create thread -> calls DLL entry point -> calling added code...
2013-12-07 19:44:17 -06:00
Joe Vennix
3066e62711
Fix typo, fix no-autologin users bug.
2013-12-07 19:27:36 -06:00
Joe Vennix
4cb788b9de
Adds osx autologin password post module.
2013-12-07 19:01:35 -06:00
Joe Vennix
c6eac67ab5
Kill meterpreter support for osx media modules.
...
There is some bug that I haven't been able to track down that causes the
osx call to run the event queue to just hang on latest OSX + Java/python
meterpreter. I tried rewriting these modules using OSX's new Media API,
but I run into the same problem. Until I find a solution, we should mark
these shell-only.
2013-12-07 17:46:26 -06:00
joev
c51e9036ae
Merge branch 'land_mipsbe_xor_encoder' into upstream-master
2013-12-07 17:28:57 -06:00
jvazquez-r7
75fb38fe8d
Land #2724 , @wchen-r7 and @jvennix-r7's module for CVE-2013-6414
2013-12-07 14:26:46 -06:00
jvazquez-r7
fdebfe3d2f
Add references
2013-12-07 14:25:58 -06:00
jvazquez-r7
f77784cd0d
Land #2723 , @denandz's module for OSVDB-100423
2013-12-06 17:32:07 -06:00
DoI
3ed293a1d0
Merge pull request #1 from jvazquez-r7/review_2723
...
Review uptime_file_upload
2013-12-06 15:29:15 -08:00
jvazquez-r7
3729c53690
Move uptime_file_upload to the correct location
2013-12-06 15:57:52 -06:00
jvazquez-r7
2ff9c31747
Do minor clean up on uptime_file_upload
2013-12-06 15:57:22 -06:00
sinn3r
adc241faf8
Last one, I say
2013-12-06 15:52:42 -06:00
sinn3r
17193e06a9
Last commit, I swear
2013-12-06 15:49:44 -06:00
sinn3r
58a70779ac
Final update
2013-12-06 15:48:59 -06:00
sinn3r
9f5768ae37
Another update
2013-12-06 14:53:35 -06:00
sinn3r
af16f11784
Another update
2013-12-06 14:39:26 -06:00
jvazquez-r7
d47292ba10
Add module for CVE-2013-3522
2013-12-06 13:50:12 -06:00
sinn3r
87e77b358e
Use the correct URI
2013-12-06 12:08:19 -06:00
sinn3r
5d4acfa274
Plenty of changes
2013-12-06 11:57:02 -06:00
bmerinofe
5e5fd6b01a
Unless replaced
2013-12-06 15:01:35 +01:00
Meatballs
6f02744d46
Land #2730 Typo in mswin_tiff_overflow
2013-12-06 12:32:37 +00:00
Meatballs
3aebe968bb
Land #2721 Reflective DLL Mixin
...
Adds support to load a dll and identify the ReflectiveLoader offset.
Adds support to inject dll into process and execute it.
Updates kitrap0d, ppr_flatten_rec, reflective_dll_inject modules and
payload modules to use above features.
2013-12-06 12:26:51 +00:00
sinn3r
d0adc193b3
Land #2729 - Allow manual self-destruct via "kill -s"
2013-12-06 01:29:48 -06:00
sinn3r
89ef1d4720
Fix a typo in mswin_tiff_overflow
2013-12-06 00:44:12 -06:00