34b84395c1
Fix References field
2013-09-24 15:16:02 -05:00
adfacfbed1
Do not fail_with on method used from check
2013-09-24 15:08:48 -05:00
4b6a646899
Fix typo
2013-09-24 15:06:35 -05:00
f5cac304f4
Use default send_request_cgi timeout
2013-09-24 15:05:24 -05:00
8b9adf6886
changes made to zeroshell_exec according to suggestions
2013-09-24 08:35:07 +07:00
6429219a1d
added ZeroShell RC2 RCE
2013-09-22 15:13:55 +07:00
8381bf8646
Land #2404 - Add powershell support for current_user_psexec
2013-09-20 17:14:55 -05:00
96364c78f8
Need to catch RequestError too
...
Because a meterpreter session may throw that
2013-09-20 17:13:35 -05:00
59a201a8d3
Land #2334 , @tkrpata and @jvennix-r7's patch for sudo_password_bypass
2013-09-20 17:01:19 -05:00
fb8d0dc887
Write the return
2013-09-20 17:00:07 -05:00
b6c7116890
Land #1778 - Mimikatz Fix for table.print and x86 warning
2013-09-20 16:13:53 -05:00
2591be503b
Psh support
2013-09-20 22:07:42 +01:00
ace8e85227
Land #2403 - Complete CmdStagerEcho code doc
2013-09-20 15:03:46 -05:00
4ad9bd53f0
Land #2354 , @jlee-r7's patch for loading problems on test post modules
2013-09-20 13:44:10 -05:00
87f75e1065
Complete CmdStagerEcho code doc
2013-09-20 13:24:53 -05:00
29649b9a04
Land #2388 , @dummys's exploit for CVE-2013-5696
2013-09-20 13:03:01 -05:00
8922d0fc7f
Fix small bugs on glpi_install_rce
2013-09-20 13:01:41 -05:00
b24ae6e80c
Clean glpi_install_rce
2013-09-20 12:58:23 -05:00
bb7b57cad9
Land #2370 - PCMAN FTP Server post-auth stack buffer overflow
2013-09-20 12:29:10 -05:00
feb76ea767
Modify check
...
Since auth is required, check function needs to look into that too
2013-09-20 12:28:21 -05:00
2d6c76d0ad
Rename pcman module
...
Because this is clearly a msf module, we don't need 'msf' as a
filename. The shorter the better.
2013-09-20 12:18:24 -05:00
6690e35761
Account for username length
...
Username is part of the overflowing string, need to account for that
2013-09-20 12:17:34 -05:00
9d67cbb4db
Retabbed
2013-09-20 11:58:53 -05:00
85152c4281
Land #2400 - Add OSVDB reference for openemr_sqli_privesc_upload
2013-09-20 10:39:06 -05:00
ec393cfcc0
Land #2401 , @wchen-r7's exploit for cve-2013-3205
2013-09-20 10:29:02 -05:00
6f5e528699
Remove author, all the credits go to corelanc0der and sinn3r
2013-09-20 10:27:37 -05:00
83f54d71ea
Add MS13-069 (CVE-2013-3205) IE ccaret object use-after-free
...
This module exploits a use-after-free vulnerability found in Internet Explorer,
specifically in how the browser handles the caret (text cursor) object. In IE's
standards mode, the caret handling's vulnerable state can be triggered by first
setting up an editable page with an input field, and then we can force the caret
to update in an onbeforeeditfocus event by setting the body's innerHTML property.
In this event handler, mshtml!CCaret::`vftable' can be freed using a document.write()
function, however, mshtml!CCaret::UpdateScreenCaret remains unaware aware of this
change, and still uses the same reference to the CCaret object. When the function
tries to use this invalid reference to call a virtual function at offset 0x2c, it
finally results a crash. Precise control of the freed object allows arbitrary code
execution under the context of the user.
The vuln works against IE8 on Win 7, but the current version of the custom spray
doesn't actually work well against that target. More work is needed before we can
add that target for sure. The reason a custom spray is needed is because the
document.write() function erases the typical spray routines we use like
js_property_spray, or the heaplib + substring one. Tried using an iframe too,
but onbeforeeditfocus event doesn't seem to work well in an iframe (does not
fire when innerHTML is used.)
2013-09-20 10:20:35 -05:00
bad6f2279d
Add OSVDB reference for openemr_sqli_privesc_upload
2013-09-20 09:41:23 -05:00
032b9115a0
removed the old exploit
2013-09-20 10:53:52 +02:00
187ab16467
many change in the code and replace at the correct place the module
2013-09-20 10:45:10 +02:00
7d17eef7a7
Updated several msftidy [WARNING] Spaces at EOL issues.
2013-09-19 20:35:08 -07:00
c3976e8315
Land #2364 - Update retab util
2013-09-19 22:24:45 -05:00
955365d605
Land #2391 - MS13-071 Microsoft Windows Theme File Handling Vulnerability
2013-09-19 22:21:09 -05:00
0eb838156b
Land #2390 - Use payload.encoded because BadChars are defined
2013-09-19 22:10:55 -05:00
9598853fee
Land #2389 - Fix use of Rex sockets from dlink modules
2013-09-19 22:09:53 -05:00
4abdf5ed15
Land #2398 - Use https://rubygems.org
2013-09-19 22:08:26 -05:00
2569259180
Land #2397 - cmd injection in Linksys WRT110 web interface.
2013-09-19 22:06:19 -05:00
8d70a9d893
Add more refs
2013-09-19 22:05:23 -05:00
262b44ff2f
Use HTTPS in our Gemfile.
2013-09-20 08:06:48 +07:00
137b3bc6ea
Fix whitespace issues.
2013-09-19 17:29:11 -05:00
bd96c6c093
Adds module for CVE-2013-3568.
2013-09-19 17:26:30 -05:00
46a241b168
Fix my own cleanup
2013-09-19 14:51:22 -05:00
e9e1b28ba8
Land #2371 , echo -e cmd stager
2013-09-19 14:47:39 -05:00
08c7b49be0
corrected too much if
2013-09-19 21:47:01 +02:00
31903be393
Land #2380 , @xistence exploit for EDB 28329
2013-09-19 14:42:27 -05:00
cb737525b1
Final cleanup for openemr_sqli_privesc_upload
2013-09-19 14:40:57 -05:00
76e170513d
Do first clean on openemr_sqli_privesc_upload
2013-09-19 14:36:25 -05:00
cf0375f7e6
Fix check return value
2013-09-19 14:17:45 -05:00
862a8fb8aa
corrected indentation bug again
2013-09-19 20:27:23 +02:00
9b486e1dbb
Add comment about the smb_* methods
2013-09-19 13:23:46 -05:00
jvazquez-r7
xistence
sinn3r
Meatballs
dummys
Rick Flores (nanotechz9l)
Alexia Cole
Joe Vennix
Tod Beardsley