Jon Hart
1c7fb7cc7d
Mostly working exploit for CVE-2014-9390
2014-12-19 15:24:27 -08:00
Jon Hart
4888ebe68d
Initial commit of POC module for CVE-2013-9390 ( #4435 )
2014-12-19 12:58:02 -08:00
Spencer McIntyre
0ee20561d4
Remove file exists check from stdapi_fs_delete_file
2014-12-09 11:03:57 -06:00
Spencer McIntyre
42710cc32e
Error messages for the python meterpreter
2014-12-09 11:03:57 -06:00
Christian Mehlmauer
738fc78883
Land #4220 , outlook gather post module
2014-12-07 22:41:28 +01:00
Christian Mehlmauer
9187a409ec
outlook post module fixes
2014-12-06 00:28:44 +01:00
Spencer McIntyre
83b0ac0209
Fix stdapi_sys_config_getenv for Python3
2014-12-04 15:58:17 -06:00
Spencer McIntyre
44816b84aa
Prefer the pwd module for getuid when available
2014-12-04 15:58:17 -06:00
HD Moore
fc96d011ab
Python reverse_http stager, lands #4225
2014-12-02 11:47:31 -06:00
jvazquez-r7
7a2c9c4c0d
Land #4263 , @jvennix-r7's OSX Mavericks root privilege escalation
...
* Msf module for the Ian Beer exploit
2014-11-30 21:13:07 -06:00
jvazquez-r7
7772da5e3f
Change paths, add makefile and compile
2014-11-30 21:06:11 -06:00
Meatballs
f5f32fac06
Add token fiddling from nishang
2014-11-28 23:02:59 +00:00
Meatballs
48a5123607
Merge remote-tracking branch 'upstream/master' into pr4233_powerdump
2014-11-27 20:08:11 +00:00
Joe Vennix
7a3fb12124
Add an OSX privilege escalation from Google's Project Zero.
2014-11-25 12:34:16 -06:00
Peter Marszalik
830af7f95e
identified instances of tabs vs spaces in the original
...
identified 16 instances in the original code where tab was used vs spaces. updated to keep consistent.
2014-11-25 12:17:43 -06:00
Peter Marszalik
705bd42b41
tab to space change - line 296
2014-11-22 14:48:44 -06:00
Peter Marszalik
900aa9cd6b
powerdump.ps1 bug - corrupt hash fix
...
Fixed the bug where the hashes are not being extracted correctly when LM is disabled and history is enabled.
Rather than relying on length, LM and NT headers are checked. Four bytes at 0xa0 show if LM exists and four bytes at 0xac show if NT exists. Details on this known issue can be found in the following whitepaper from blackhat:
https://media.blackhat.com/bh-us-12/Briefings/Reynolds/BH_US_12_Reynods_Stamp_Out_Hash_WP.pdf
2014-11-18 23:10:57 -06:00
Spencer McIntyre
2b36c1bb43
Fix pymeterp bugs from testing in osx and python3
2014-11-17 14:04:30 -05:00
HD Moore
1d8b746d89
Adds new TFTP file names, submitted by Chris McNab
2014-11-16 18:47:11 -06:00
Spencer McIntyre
0bf93acf6b
Pymeterp http proxy and user agent support
2014-11-16 14:29:20 -05:00
Spencer McIntyre
e562883ba9
Escape inserted vars and fix core_loadlib
2014-11-15 15:06:18 -05:00
Spencer McIntyre
7c14e818f6
Patch pymeterp http settings
2014-11-14 17:12:23 -05:00
Spencer McIntyre
681ae8ce6b
Pymet reverse_http stager basic implementation
2014-11-14 14:15:46 -05:00
Spencer McIntyre
6b2387b7fc
Prepare for a reverse_http stager
2014-11-14 11:15:22 -05:00
jvazquez-r7
c35dc2e6b3
Add module for CVE-2014-6352
2014-11-12 01:10:49 -06:00
William Vu
adad3809cc
Rename logo file
2014-11-11 16:07:44 -06:00
Joshua Smith
329ea4fe01
the masterpiece is complete
2014-11-11 15:35:36 -06:00
Spencer McIntyre
7edc248207
Don't fail if username_from_token returns None
2014-11-10 09:15:16 -05:00
Spencer McIntyre
104841babf
Add getsid to the python meterpreter
2014-11-08 20:57:24 -05:00
sinn3r
c2391bf011
Add an R in /Info for the trailer dictionary to make it readable
2014-11-05 22:28:37 -06:00
sinn3r
1b2554bc0d
Add a default template for CVE-2010-1240 PDF exploit
2014-11-05 17:08:38 -06:00
jvazquez-r7
f43a6e9be0
Use PDWORD_PTR and DWORD_PTR
2014-10-31 17:35:50 -05:00
jvazquez-r7
8e547e27b3
Use correct types
2014-10-31 12:37:21 -05:00
HD Moore
9b61ae5f63
This is halloween.
...
THISISHALLOWEEN=1 ./msfconsole
2014-10-30 23:35:12 -05:00
jvazquez-r7
6574db5dbb
Fix the 64 bits code
2014-10-30 17:01:59 -05:00
jvazquez-r7
03a84a1de3
Search the AccessToken
2014-10-30 12:17:03 -05:00
OJ
908094c3d3
Remove debug, treat warnings as errors
2014-10-28 09:04:02 +10:00
OJ
0a03b2dd48
Final code tidy
2014-10-28 08:59:33 +10:00
William Vu
626cd55b5e
Land #4073 , improved banner selection
2014-10-27 14:20:10 -05:00
Spencer McIntyre
04a99f09bb
Land #4064 , Win32k.sys NULL Pointer Dereference
2014-10-27 14:01:07 -04:00
jvazquez-r7
042d29b1d6
Compile binaries in house
2014-10-27 12:18:33 -05:00
jvazquez-r7
4406972b46
Do version checking minor cleanup
2014-10-27 09:32:42 -05:00
jvazquez-r7
0aaebc7872
Make GetPtiCurrent USER32 independent
2014-10-26 18:51:02 -05:00
jvazquez-r7
34697a2240
Delete 'callback3' also from 32 bits version
2014-10-26 17:28:35 -05:00
Spencer McIntyre
7416c00416
Initial addition of x64 target for cve-2014-4113
2014-10-26 16:54:42 -04:00
Spencer McIntyre
91dc875af5
Remove seemingly useless file among banners
2014-10-24 13:11:58 -04:00
Spencer McIntyre
c1a61e3b4e
Support an MSFLOGO env var and logo enumeration
2014-10-24 13:07:28 -04:00
Spencer McIntyre
82f41d56a6
Add [user_]logos_directory to Msf::Config
2014-10-24 10:52:05 -04:00
Joshua Smith
34f29f218c
really resolve merge conflicts
2014-10-23 21:51:33 -05:00
jvazquez-r7
a75186d770
Add module for CVE-2014-4113
2014-10-23 18:51:30 -05:00