Commit Graph

2245 Commits (38638a2daf71afa7bf5c64da28abf5940e9dacdb)

Author SHA1 Message Date
Wei Chen 25c89c2e7a Put the short jmp in there
git-svn-id: file:///home/svn/framework3/trunk@13224 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-19 15:07:00 +00:00
HD Moore 7dbb56b38b No longer default a target for XP systems; some obscure builds of XP Embedded SP1 have a different offset and not good way to differentiate
git-svn-id: file:///home/svn/framework3/trunk@13214 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-19 01:40:26 +00:00
Wei Chen 3ca9b51984 oops, a little mistake in the description
git-svn-id: file:///home/svn/framework3/trunk@13212 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-18 20:46:08 +00:00
Wei Chen 821e9dd68b Updated metadata, merged code with #4923. Thx Joff.
git-svn-id: file:///home/svn/framework3/trunk@13211 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-18 20:39:27 +00:00
HD Moore 764bb36f44 Wait a little longer for a session (5 seconds)
git-svn-id: file:///home/svn/framework3/trunk@13208 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-18 16:05:51 +00:00
HD Moore 8887fe86b8 Either the offset or the env page moves around for this exploit on some non-english systems, do not default the target for 2003 SP0
git-svn-id: file:///home/svn/framework3/trunk@13206 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-18 14:59:55 +00:00
Wei Chen d13654740a Update some jboss modules' metadata associated with CVE-2010-0738
git-svn-id: file:///home/svn/framework3/trunk@13204 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-18 05:18:25 +00:00
Wei Chen 2eeffc39fc Add Iconics GENESIS32 GenBroker exploit by lincoln and corelanc0d3r
git-svn-id: file:///home/svn/framework3/trunk@13197 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-17 15:01:46 +00:00
Wei Chen 681563adc9 Fix that extra tab in the description
git-svn-id: file:///home/svn/framework3/trunk@13194 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-16 05:21:20 +00:00
Wei Chen 2e93ba06ba Add HP NNM ToolBar.exe exploit aganist the OvOSLocale cookie parameter
git-svn-id: file:///home/svn/framework3/trunk@13193 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-16 05:14:33 +00:00
Wei Chen 86b40e894b Make room for another exploit against ToolBar.exe
git-svn-id: file:///home/svn/framework3/trunk@13192 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-16 04:45:21 +00:00
James Lee 1d25a6d7d1 add an exploit for java's rmid and rmiregistry code-execution-by-design and supporting source. fixes #4378, thanks mihi!
git-svn-id: file:///home/svn/framework3/trunk@13185 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-15 20:42:31 +00:00
Matt Weeks 1162aafa1e p function causes problems with rpc.
git-svn-id: file:///home/svn/framework3/trunk@13184 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-15 18:45:05 +00:00
James Lee c412a836ed add VERBOSE option to all modules and vprint_* methods to use it
git-svn-id: file:///home/svn/framework3/trunk@13183 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-15 15:33:35 +00:00
Steve Tornio 9278b0a5f5 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@13152 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-11 06:59:00 +00:00
Wei Chen 94aea207d3 Remove extra tabs and spaces
git-svn-id: file:///home/svn/framework3/trunk@13148 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-10 21:10:45 +00:00
Wei Chen 9892eb39eb Syntax fix
git-svn-id: file:///home/svn/framework3/trunk@13147 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-10 20:50:52 +00:00
Wei Chen 32a7eb0000 svn propset
git-svn-id: file:///home/svn/framework3/trunk@13146 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-10 19:19:00 +00:00
David Rude 7958516549 Adds Xeros Firefox nstreerange exploit
git-svn-id: file:///home/svn/framework3/trunk@13143 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-10 17:12:53 +00:00
Wei Chen 5b69b52ec4 "InitialAutoRunScript" is more like it
git-svn-id: file:///home/svn/framework3/trunk@13142 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-10 07:28:12 +00:00
Wei Chen 6448daf571 MS10-018, y u no InitialAutoRunScript
git-svn-id: file:///home/svn/framework3/trunk@13141 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-10 07:02:38 +00:00
Wei Chen 15f82402af I changed my mind. The ATTEMPTS options is required.
git-svn-id: file:///home/svn/framework3/trunk@13137 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-09 04:10:52 +00:00
Wei Chen 1246fd5731 Added Blue Coat Authentication Authorization Agent exploit
git-svn-id: file:///home/svn/framework3/trunk@13134 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-09 01:40:29 +00:00
Steve Tornio 94640b6bc4 add osvdb refs
git-svn-id: file:///home/svn/framework3/trunk@13115 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-07 11:54:54 +00:00
Wei Chen 47e6c4a89f Added #4870 - MicroP .mppl buffer overflow exploit
git-svn-id: file:///home/svn/framework3/trunk@13114 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-07 06:29:37 +00:00
HD Moore 78f2525fdc Fixes #4879 by adding a new target from bperry
git-svn-id: file:///home/svn/framework3/trunk@13110 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-07 03:33:04 +00:00
Wei Chen 1058948419 Updated ROP, no more hardcoded ntdll addresses
git-svn-id: file:///home/svn/framework3/trunk@13106 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-06 07:22:24 +00:00
Wei Chen 7589f8d2f1 Updated target name that works against multiple systems (thx corelanc0d3r)
git-svn-id: file:///home/svn/framework3/trunk@13105 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-06 01:59:24 +00:00
HD Moore ab4961bfa9 Timeline
git-svn-id: file:///home/svn/framework3/trunk@13099 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-05 05:20:47 +00:00
HD Moore e678bb0a8e Update the description to match the latest information
git-svn-id: file:///home/svn/framework3/trunk@13098 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-05 05:11:00 +00:00
HD Moore c82063d708 Update based on feedback from mc, indicating this backdoor was in place since February 15th 2011 and likely even earlier
git-svn-id: file:///home/svn/framework3/trunk@13097 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-05 01:49:05 +00:00
Wei Chen 1e4dfaf6de Change author name for dookie
git-svn-id: file:///home/svn/framework3/trunk@13096 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-04 22:33:47 +00:00
HD Moore 5482a59910 Exit cleanly if the shell as not valid
git-svn-id: file:///home/svn/framework3/trunk@13095 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-04 21:18:44 +00:00
HD Moore bd12c8c6a9 Fix a couple small typos
git-svn-id: file:///home/svn/framework3/trunk@13094 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-04 21:10:30 +00:00
HD Moore e6968c202a A couple bug fixes to enable cmd_interact and a new module for the VSFTPD backdoor
git-svn-id: file:///home/svn/framework3/trunk@13093 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-04 20:09:32 +00:00
Wei Chen 2f6b89516a Added HP Data Protector omniinet buffer overflow with opcode 20
git-svn-id: file:///home/svn/framework3/trunk@13092 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-04 17:02:40 +00:00
HD Moore db6b8c3545 Probably time to fess up :)
git-svn-id: file:///home/svn/framework3/trunk@13088 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-02 01:09:46 +00:00
Wei Chen dbd04d754a Change to a better P/P/R, tested on 4 different machines. Thx fdiskyou.
git-svn-id: file:///home/svn/framework3/trunk@13081 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-01 22:26:12 +00:00
Mario Ceballos b6e1c6a967 add exploit module hp_omniinet_3.rb
git-svn-id: file:///home/svn/framework3/trunk@13080 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-01 17:07:38 +00:00
Wei Chen fc33b1d20e '\x00' isn't the same as "\x00"
git-svn-id: file:///home/svn/framework3/trunk@13051 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-28 19:45:51 +00:00
Wei Chen 73dc5c605b Change ranking. Because looks like it works better than "average"
git-svn-id: file:///home/svn/framework3/trunk@13042 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-27 18:00:12 +00:00
Wei Chen e6995b4912 Added ZDI-11-023 Citrix Provisioning Services bof exploit (Feature #4798)
git-svn-id: file:///home/svn/framework3/trunk@13041 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-27 17:54:18 +00:00
Wei Chen 1b25cf3c43 Using SEH instead of egghunter. Verified again on Win2k3. thx to MC.
git-svn-id: file:///home/svn/framework3/trunk@13036 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-26 19:28:14 +00:00
Joshua Drake bf20ace73e totally noobd out on that one, thx
git-svn-id: file:///home/svn/framework3/trunk@13035 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-26 18:09:21 +00:00
Wei Chen 6325515ca7 Minor name change
git-svn-id: file:///home/svn/framework3/trunk@13034 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-26 16:09:53 +00:00
Wei Chen 07f415f4e0 Forgot to switch back to random paddings
git-svn-id: file:///home/svn/framework3/trunk@13033 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-26 16:06:39 +00:00
Joshua Drake a29002ee2e handle a few corner cases
git-svn-id: file:///home/svn/framework3/trunk@13032 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-26 06:03:23 +00:00
Wei Chen f0e6159a35 Minor name change for the exploit
git-svn-id: file:///home/svn/framework3/trunk@13031 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-26 06:01:21 +00:00
Wei Chen 13b2209f3d Added Microsoft Visio DXF File Buffer Overflow Exploit by Juan
git-svn-id: file:///home/svn/framework3/trunk@13030 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-26 05:59:37 +00:00
Wei Chen 0cf51f8d5a Exploit name change. Also, this thing doesn't use seh.
git-svn-id: file:///home/svn/framework3/trunk@13026 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-25 14:25:45 +00:00