sinn3r
243fa4f56a
Land #2910 - MPlayer Lite M3U Buffer Overflow
2014-03-13 14:13:17 -05:00
sinn3r
e832be9eeb
Update description and change ranking
...
The exploit requires the targeted user to open the malicious in
specific ways.
2014-03-13 14:09:37 -05:00
sinn3r
6e37493471
Land #3091 - native shellcode payloads from a FF privileged js shell
2014-03-13 13:36:37 -05:00
Michael Messner
8db5d854c2
typo, null terminator
2014-03-13 18:38:27 +01:00
Joe Vennix
952b50f8c1
Add priv escalation mixin to the firefox local exploit.
2014-03-13 11:49:44 -05:00
Brandon Perry
2734b89062
update normalize_uri calls
2014-03-13 06:55:15 -07:00
William Vu
5aad8f2dc3
Land #3088 , SNMP timestamp elements fix
2014-03-13 02:22:14 -05:00
Brandon Perry
7540dd83eb
randomize markers
2014-03-12 20:11:55 -05:00
Brandon Perry
3fedafb530
whoops, extra char
2014-03-12 19:54:58 -05:00
Brandon Perry
aa00a5d550
check method
2014-03-12 19:47:39 -05:00
Michael Messner
f39e784d19
mipsle execve payload
2014-03-12 21:08:40 +01:00
Brandon Perry
9cb1c1a726
whoops, typoed the markers
2014-03-12 10:58:34 -07:00
Brandon Perry
6636d43dc5
initial module
2014-03-12 10:46:56 -07:00
Tod Beardsley
206660ddde
Recreate the intent of cfebdae from @parzamendi-r7
...
The idea was to rescue on a NoReply instead of just fail, and was part
of a fix in #2656 .
[SeeRM #8730 ]
2014-03-11 14:30:01 -05:00
sho-luv
f7af9780dc
Rescue InvalidWordCount error
...
This is a cherry-pick of commit ea86da2 from PR #2656
2014-03-11 14:17:36 -05:00
William Vu
517f264000
Add last chunk of fixes
2014-03-11 12:46:44 -05:00
James Lee
f51ee2d6b4
snmp_enum: Treat missing timestamp elements as 0
...
Timestamps don't always have all the elements we expect. This treats
them as zeroes to ensure that we don't raise silly exceptions in that
case.
2014-03-11 12:44:07 -05:00
William Vu
25ebb05093
Add next chunk of fixes
...
Going roughly a third at a time.
2014-03-11 12:23:59 -05:00
William Vu
170608e97b
Fix first chunk of msftidy "bad char" errors
...
There needs to be a better way to go about preventing/fixing these.
2014-03-11 11:18:54 -05:00
OJ
3ea3968d88
Merge branch 'upstream/master' into stop_abusing_expand_path
...
Conflicts:
lib/msf/core/post/windows/shadowcopy.rb
modules/exploits/windows/local/bypassuac.rb
modules/post/windows/gather/wmic_command.rb
modules/post/windows/manage/persistence.rb
2014-03-11 23:13:39 +10:00
joev
46c11ea2eb
Small fixes to m-1-k-3's mipsle reboot shellcode.
2014-03-10 17:17:23 -05:00
joev
7da54eb9cf
Merge branch 'landing-3041' into upstream-master
...
Lands PR #3041 , @m-1-k-3's reboot shellcode.
2014-03-10 17:11:06 -05:00
Tod Beardsley
2086224a4c
Minor fixes. Includes a test module.
2014-03-10 14:49:45 -05:00
Tod Beardsley
26be236896
Pass MSFTidy please
2014-03-10 14:45:56 -05:00
jvazquez-r7
8cfa5679f2
More nick instead of name
2014-03-10 16:12:44 +01:00
jvazquez-r7
bc8590dbb9
Change DoS module location
2014-03-10 16:12:20 +01:00
jvazquez-r7
1061036cb9
Use nick instead of name
2014-03-10 16:11:58 +01:00
Tod Beardsley
5485028501
Add 3 Yokogawa SCADA vulns
...
These represent our part for public disclosure of the issues listed
here:
http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0001E.pdf
Yokogawa is calling these YSAR-14-0001E, and I think that they map
thusly:
YSAR-14-0001E Vulnerability 1 :: R7-2013-19.1
YSAR-14-0001E Vulnerability 2 :: R7-2013-19.3
YSAR-14-0001E Vulnerability 3 :: R7-2013-19.4
@jvazquez-r7 if you could confirm, I'd be delighted to land these and
get your disclosure blog post published at:
https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilities
Thanks for all the work on these!
2014-03-10 09:33:54 -05:00
sinn3r
e32ff7c775
Land #3077 - Allow TFTP server to take a host/port argument
2014-03-08 00:58:52 -06:00
Tod Beardsley
151e2287b8
OptPath, not OptString.
2014-03-07 10:52:45 -06:00
Tod Beardsley
5cf1f0ce4d
Since dirs are required, server will send/recv
...
This does change some of the meaning of the required-ness of the
directories. Before, if you wanted to serve files, but not receive any,
you would just fail to set a OUTPUTPATH.
Now, since both are required, users are required to both send and
recieve. This seems okay, you can always just set two different
locations and point the one you don't want at /dev/null or something.
2014-03-07 10:49:11 -06:00
Tod Beardsley
37fa4a73a1
Make the path options required and use /tmp
...
Otherwise it's impossible to run this module without setting the options
which were not otherwise validated anyway.
2014-03-07 10:41:18 -06:00
sinn3r
c76a1ab9f4
Land #3065 - Safari User-Assisted Download & Run Attack
2014-03-07 10:29:56 -06:00
Spencer McIntyre
ebee365fce
Land #2742 , report_vuln for MongoDB no auth
2014-03-06 19:34:45 -05:00
Spencer McIntyre
84f280d74f
Use a more descriptive MongoDB vulnerability title
2014-03-06 19:20:52 -05:00
Tod Beardsley
8a0531650c
Allow TFTP server to take a host/port argument
...
Otherwise you will tend to listen on your default ipv6 'any' address and
bound to udp6 port 69, assuming you haven't bothered to disable your
automatically-enabled ipv6 stack.
This is almost never correct.
2014-03-06 16:13:20 -06:00
Joe Vennix
9638bc7061
Allow a custom .app bundle.
...
* adds a method to Rex::Zip::Archive to allow recursive packing
2014-03-06 16:11:30 -06:00
Joe Vennix
5abb442757
Adds more descriptive explanation of 10.8+ settings.
2014-03-06 15:15:27 -06:00
Joe Vennix
43d315abd5
Hardcode the platform in the safari exploit.
2014-03-06 13:04:47 -06:00
Brendan Coles
df2bdad4f9
Include 'msf/core/exploit/powershell'
...
Prevent:
```
[-] /pentest/exploit/metasploit-framework/modules/exploits/windows/misc/hp_dataprotector_exec_bar.rb: NameError uninitialized constant Msf::Exploit::Powershell
```
2014-03-06 12:57:43 +11:00
Joe Vennix
38a2e6e436
Minor fixes.
2014-03-05 19:03:54 -06:00
Joe Vennix
dca807abe9
Tweaks for BES.
2014-03-05 19:00:15 -06:00
Joe Vennix
12cf5a5138
Add BES, change extra_plist -> plist_extra.
2014-03-05 18:51:42 -06:00
sinn3r
9d0743ae85
Land #3030 - SolidWorks Workgroup PDM 2014 pdmwService.exe Arbitrary File Write
2014-03-05 16:34:54 -06:00
bcoles
1ea35887db
Add OSVDB reference
2014-03-06 01:40:15 +10:30
jvazquez-r7
4e9350a82b
Add module for ZDI-14-008
2014-03-05 03:25:13 -06:00
Joe Vennix
cd3c2f9979
Move osx-app format to EXE.
2014-03-04 22:54:00 -06:00
OJ
a1aef92652
Land #2431 - In-memory bypass uac
2014-03-05 11:15:54 +10:00
sinn3r
7cb6e7e261
Land #3057 - MantisBT Admin SQL Injection Arbitrary File Read
2014-03-04 17:52:29 -06:00
sinn3r
f0e97207b7
Fix email format
2014-03-04 17:51:24 -06:00
Joe Vennix
32c27f6be0
Tweak timeouts.
2014-03-04 17:16:23 -06:00
Joe Vennix
40047f01d3
Adds Safari User Assisted download launch module.
2014-03-04 17:02:51 -06:00
sinn3r
caaa419ef8
Land #3054 - Fix crash in osx/x64/exec on 10.9 Mavericks
2014-03-04 15:24:02 -06:00
Brandon Perry
c86764d414
update default password to root
2014-03-04 11:55:30 -08:00
Brandon Perry
2b06791ea6
updates regarding PR comments
2014-03-04 10:08:31 -08:00
William Vu
e30238fe0d
Land #3062 , unused arg fix for vmware_mount
2014-03-04 11:37:41 -06:00
James Lee
68205fa43c
Actually use the argument
2014-03-04 11:30:42 -06:00
sinn3r
f8310b86d1
Land #3059 - ALLPlayer M3U Buffer Overfloww
2014-03-04 11:29:52 -06:00
David Maloney
db76962b4a
Land #2764 , WMIC Post Mixin changes
...
lands Meatballs WMIC changes
2014-03-04 10:21:46 -06:00
Brandon Perry
a3523bdcb9
Update mantisbt_admin_sqli.rb
...
remove extra new line and fix author line
2014-03-04 08:44:53 -06:00
OJ
f0868c35bf
Land #3050 - Fix tained perl payloads
2014-03-04 10:05:47 +10:00
sgabe
408fedef93
Add module for OSVDB-98283
2014-03-04 00:51:01 +01:00
Meatballs
32d83887d3
Merge remote-tracking branch 'upstream/master' into wmic_post
2014-03-03 21:56:31 +00:00
Brandon Perry
98b59c4103
update desc
2014-03-03 12:40:58 -08:00
Brandon Perry
c5d1071456
add mantisbt aux module
2014-03-03 12:36:38 -08:00
Tod Beardsley
de6be50d64
Minor cleanup and finger-wagging about a for loop
2014-03-03 14:12:22 -06:00
Joe Vennix
6a02a2e3b3
NULL out envp pointer before execve call.
...
This was causing a crash on 10.9.
2014-03-03 08:56:52 -06:00
Sagi Shahar
a005d69b16
Fix $PATH issues. Add FileDropper functionality
2014-03-02 20:43:17 +02:00
Sagi Shahar
8c4b663643
Fix payloads to bypass Perl's Taint mode.
2014-03-02 18:39:05 +02:00
Sagi Shahar
e6c1dd3f9e
Switch post module to fixed exploit module.
2014-03-02 17:42:48 +02:00
Sagi Shahar
1d9e788649
Switch post module to fixed exploit module.
2014-03-02 17:24:22 +02:00
bcoles
f008c77f26
Write payload to startup for Vista+
2014-03-02 18:10:10 +10:30
Sagi Shahar
2870c89b78
Switch exploit module with post module.
2014-03-01 13:49:42 +02:00
Sagi Shahar
17272acb27
Fix module code per recommendations
2014-03-01 00:53:24 +02:00
Meatballs
63751c1d1a
Small msftidies
2014-02-28 22:18:59 +00:00
Michael Messner
15345da9d8
remove the wget module, remove the cmd stuff, testing bind stuff ahead
2014-02-28 22:44:26 +01:00
David Maloney
42a730745e
Land #2418 , Use meterpreter hostname resolution
2014-02-28 14:45:39 -06:00
sinn3r
ac446d3b3f
Land #3043 - randomization for Rex::Zip::Jar and java_signed_applet
2014-02-28 14:10:55 -06:00
David Maloney
e99e668a12
Merge branch 'master' of github.com:rapid7/metasploit-framework
2014-02-28 10:12:03 -06:00
David Maloney
2b5e4bea2b
Landing Pull Request 3003
2014-02-28 10:10:12 -06:00
William Vu
fd1586ee6a
Land #2515 , plaintext creds fix for John
...
[FixRM #8481 ]
2014-02-28 09:53:47 -06:00
Spencer McIntyre
12e4e0e36d
Return whether result is nil or not.
2014-02-28 10:17:37 -05:00
Spencer McIntyre
dfa91310c2
Support checking a single URI for ntlm information.
2014-02-28 08:47:29 -05:00
OJ
7117d50fa4
Land #3028 - bypassuac revamp
2014-02-28 09:12:02 +10:00
Sagi Shahar
fd4457fce8
Add AIX 6.1/7.1 ibstat $PATH Local Privilege Escalation
2014-02-27 23:56:49 +02:00
William Vu
1a053909dc
Land #3044 , chargen_probe reported service fix
2014-02-27 14:33:06 -06:00
sinn3r
f531d61255
Land #3036 - Total Video Player buffer overflow
2014-02-27 14:28:53 -06:00
sinn3r
7625dc4880
Fix syntax error due to the missing ,
2014-02-27 14:25:52 -06:00
sinn3r
49ded452a9
Add OSVDB reference
2014-02-27 14:22:56 -06:00
sinn3r
e72250f08f
Rename Total Video Player module
...
The filename shouldn't include the version, because the exploit should
be able to target multiple versions if it has to.
2014-02-27 14:20:26 -06:00
sinn3r
93ec12af43
Land #3035 - GE Proficy CIMPLICITY gefebt.exe Remote Code Execution
2014-02-27 14:13:28 -06:00
David Maloney
b952b103bd
cleanup tior and .tmp files
...
bypassuac module now also cleans
the tior.exe and all the .tmp files so we have a
clean environemnt afterwards
2014-02-27 13:18:34 -06:00
David Maloney
f66709b5bb
make bypassuac module clean itself up
...
since the IO redirection hangs our original process
we have the moudle wait for the session then kills
the spawning process and delete the exe we dropped
2014-02-27 12:54:40 -06:00
jgor
8be33f42fe
Define service as udp
2014-02-27 12:53:29 -06:00
jvazquez-r7
6c490af75e
Add randomization to Rex::Zip::Jar and java_signed_applet
2014-02-27 12:38:52 -06:00
David Maloney
a8e0c3c255
remove copypasta mistake
2014-02-27 10:05:53 -06:00
Fr330wn4g3
63f74bddae
2° update total_video_player_131_ini_bof
2014-02-27 16:41:35 +01:00
Peter Arzamendi
ea5fe9ec0a
Updated to use get_cookie
2014-02-27 08:52:54 -06:00
Peter Arzamendi
9e52a10f2d
Set SSL to default to true and removed SSL from register_options. Updated Author to include full name
2014-02-26 20:49:03 -06:00
Michael Messner
d6b28e3b74
mipsel reboot payload
2014-02-26 20:34:35 +01:00
David Maloney
96b611104e
cleanup methods in bypassuac module
...
apply the same sort of method cleanup as in
Meatballs injection based module.
2014-02-26 11:00:55 -06:00
jvazquez-r7
bfdefdb338
Land #3023 , @m-1-k-3's module for Linksys WRT120N bof reset password
2014-02-26 09:36:14 -06:00
jvazquez-r7
6ba26bf743
Use normalize_uri
2014-02-26 09:35:42 -06:00
jvazquez-r7
582372ec3e
Do minor cleanup
2014-02-26 09:32:11 -06:00
jvazquez-r7
0531abb691
Land #3026 , @ribeirux DoS module for CVE-2014-0050
2014-02-26 08:53:55 -06:00
jvazquez-r7
449d0d63d1
Do small clean up
2014-02-26 08:52:51 -06:00
Michael Messner
b79197b8ab
feedback included, cleanup, login check
2014-02-26 13:44:36 +01:00
Fr330wn4g3
b81642d8ad
Update total_video_player_131_ini_bof
2014-02-26 11:37:04 +01:00
Fr330wn4g3
a7cacec0c3
Add module for EDB 29799
2014-02-25 23:07:28 +01:00
jvazquez-r7
96ffb1db47
Delete extra comma
2014-02-25 15:29:46 -06:00
jvazquez-r7
cb18639b66
Add small fixes and clean up
2014-02-25 15:25:01 -06:00
jvazquez-r7
1d4b2ea60d
Add module for ZDI-14-015
2014-02-25 15:07:09 -06:00
William Vu
63bbe7bef2
Land #3034 , 302 redirect for http_basic
2014-02-25 13:54:58 -06:00
William Vu
4cc91095de
Fix minor formatting issues
2014-02-25 13:48:37 -06:00
jvazquez-r7
a45c8c2b4a
Land #3029 , @xistence Symantec endpoint exploit
2014-02-25 07:59:35 -06:00
jvazquez-r7
bfe0fdb776
Move module
2014-02-25 07:58:00 -06:00
xistence
ab167baf56
Added randomness instead of payload and xxe keywords
2014-02-25 15:23:10 +07:00
jvazquez-r7
4908d80d6c
Clean up module
2014-02-24 16:00:54 -06:00
kn0
6783e31c67
Used the builtin send_redirect method in Msf::Exploit::Remote::HttpServer instead of creating a redirect inline
2014-02-24 15:59:49 -06:00
ribeirux
ead7cbc692
Author and URI fixed
2014-02-24 22:20:34 +01:00
kn0
f1e71b709c
Added 301 Redirect option to Basic Auth module
2014-02-24 14:59:20 -06:00
William Vu
6f398f374e
Land #3032 , inside_workspace_boundary? typo fix
2014-02-24 14:55:09 -06:00
James Lee
d2945b55c1
Fix typo
...
inside_workspace_boundary() -> inside_workspace_boundary?()
2014-02-24 14:46:08 -06:00
sinn3r
a50b4e88be
Fix msftidy warning: Suspect capitalization in module title: 'encoder'
2014-02-24 11:25:46 -06:00
Michael Messner
2935f4f562
CMD target
2014-02-24 18:12:23 +01:00
jvazquez-r7
c981bbeab9
Land #3011 , @wchen-r7's fix for Dexter exploit
2014-02-24 10:53:10 -06:00
jvazquez-r7
b2d4048f50
Land #3027 , @OJ's fix for ultraminihttp_bof
2014-02-24 10:50:08 -06:00
jvazquez-r7
c9f0885c54
Apply @jlee-r7's feedback
2014-02-24 10:49:13 -06:00
sinn3r
5cdd9a2ff3
Land #2995 - sqlmap minor cleanup, description & file tests
2014-02-24 10:39:01 -06:00
bcoles
a29c6cd2b4
Add SolidWorks Workgroup PDM 2014 pdmwService.exe Arbitrary File Write
2014-02-25 02:57:25 +10:30
xistence
5485759353
Added Symantec Endpoint Protection Manager RCE
2014-02-24 15:04:37 +07:00
xistence
8e3f70851d
Added Symantec Endpoint Protection Manager RCE
2014-02-24 15:01:13 +07:00
Michael Messner
0126e3fcc8
cleanup
2014-02-23 21:17:32 +01:00
Michael Messner
dbbd080fc1
a first try of the cmd stager, wget in a seperated module included
2014-02-23 20:59:17 +01:00
OJ
fdd0d91817
Updated the Ultra Minit HTTP bof exploit
...
After exploiting this application manually I decided to make this
an MSF exploit, only to find that other people had beaten me to it.
However, the existing exploit was broken in a few ways, and this
commit makes those problems go away. They include:
* Correct use of alpha chars in the buffer leading up to the payload
which results in bad chars being avoided. Bad chars muck with the
offsets because they get expanded.
* Adjustment of the payload so that it runs in another thread instead
of in the thread of the request handler. This prevents the session
from being killed after the hard-coded 60-second timeout that is
baked into the application.
* The handler thread terminates itself so that the process doesn't
crash.
* Extra targets were added based on the machines I had access to.
2014-02-23 21:23:41 +10:00
Meatballs
2f7f344be3
Copy original sleep
2014-02-23 04:53:48 +00:00
Meatballs
6127ff92ce
Fix race condition
...
Wait for Sysprep to ExitProcess before cleaning up the DLLs...
2014-03-03 23:41:25 +00:00
Meatballs
d396be963a
Use new cmd_exec_get_pid
2014-02-28 20:53:13 +00:00
Meatballs
2a6258be15
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
...
Conflicts:
external/source/exploits/make.bat
2014-02-28 20:26:24 +00:00
Meatballs
e0fa1d532c
Dont think this works on vista/8
2014-02-26 23:14:17 +00:00
Meatballs
5a7730b495
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
2014-02-25 23:15:47 +00:00
Meatballs
8bdb22aeb9
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
...
Conflicts:
lib/msf/core/post/windows.rb
2014-02-25 22:15:05 +00:00
Meatballs
1f08ad48a4
Fix payload_path method
2014-02-25 22:11:23 +00:00
Meatballs
6687ef80ee
Further bypassuac tidies
...
Dont rescue Exception
Use ReflectiveDLLInjection post mixin
Dont keep retrieving %TEMP% path
2014-02-25 22:03:01 +00:00
David Maloney
23381ea2cb
code tidying
...
break big exploit method up into
smaller methods for better maintainability
2014-02-25 14:07:48 -06:00
ribeirux
8f7f1d0497
Add module for CVE-2014-0050
2014-02-22 14:56:59 +01:00
Michael Messner
ec8e1e3d6f
small fixes
2014-02-21 21:59:45 +01:00
Michael Messner
1384150b7a
make msftidy happy
2014-02-21 21:56:46 +01:00
Michael Messner
c77fc034da
linksys wrt120 admin reset exploit
2014-02-21 21:53:56 +01:00
jvazquez-r7
998fa06912
Land #2998 , @bit4bit's fix for the vtigercrm exploit
2014-02-20 08:36:05 -06:00
jvazquez-r7
0b27cd13e8
Make module work
2014-02-20 08:35:37 -06:00
jvazquez-r7
e75a0ea948
Fix typo
2014-02-19 15:21:02 -06:00
jvazquez-r7
aa07065f67
Land #2959 , reverse powershell payload by @Meatballs1
2014-02-19 15:14:54 -06:00
jvazquez-r7
9fad43da08
Add license information
2014-02-19 15:11:12 -06:00
sinn3r
ed2ac95396
Always replace \ with / for Dexter exploit
...
Fix for the following:
48199fec27 (commitcomment-5419010)
2014-02-19 09:24:07 -06:00
Joe Vennix
50fb9b247e
Restructure some of the exploit methods.
2014-02-19 02:31:22 -06:00
sinn3r
2e7a56b4a7
Land #3001 - SUB Encoder
2014-02-19 01:54:01 -06:00
jvazquez-r7
4ca4d82d89
Land #2939 , @Meatballs1 exploit for Wikimedia RCE and a lot more...
2014-02-18 17:48:02 -06:00
Meatballs
0480ad16aa
No common
2014-02-18 23:09:35 +00:00
William Vu
e7c3b94e60
Land #3006 , @todb-r7's pre-release fixes
2014-02-18 14:15:12 -06:00
Tod Beardsley
721e153c7f
Land #3005 to the fixup-release branch
...
Prefer the intel on #3005 over my own made up 0day guess. Thanks @wvu!
Conflicts:
modules/exploits/windows/fileformat/audiotran_pls_1424.rb
2014-02-18 14:08:54 -06:00
Tod Beardsley
a863d0a526
Pre-release fixes, including msftidy errors.
2014-02-18 14:02:37 -06:00
Michael Messner
3a8de6e124
replaced rhost by peer
2014-02-18 21:01:50 +01:00
William Vu
28dc742bcf
Fix references and disclosure date
2014-02-18 13:59:58 -06:00
jvazquez-r7
4f9ab0b99f
Land #2903 , @Meatballs1 SPN gather post module
2014-02-18 13:53:32 -06:00
jvazquez-r7
4903b05214
Fix tabs
2014-02-18 13:51:40 -06:00
William Vu
c216357815
Land #3000 , audiotran_pls_1424 SEH exploit
2014-02-18 13:27:14 -06:00
Michael Messner
66e2148197
linksys themoon command execution exploit
2014-02-18 19:43:47 +01:00
Michael Messner
4dda7e6bad
linksys themoon command execution exploit
2014-02-18 19:42:50 +01:00
Meatballs
8a68323cf0
Dont keep checking domain
2014-02-18 17:52:34 +00:00
jvazquez-r7
1bc94b8a9d
Merge for retab
2014-02-17 19:19:47 -06:00
Meatballs
e290529841
Sadly this url is dead
2014-02-17 22:07:19 +00:00
Meatballs
6c32848b10
Use correct post methods
2014-02-17 22:03:07 +00:00
Joe Vennix
57449ac719
Adds working shellcode exec local exploit.
2014-02-17 15:31:45 -06:00
Meatballs
83d9a1e7c2
Xp Compat?
2014-02-17 21:28:06 +00:00
Meatballs
5e52e48d16
Gather cached GPO
2014-02-17 20:45:56 +00:00
Philip OKeefe
98958bc7bc
Making audiotran_pls_1424 more readable and adding comments
2014-02-17 13:40:03 -05:00
sinn3r
52ac85be11
Land #2931 - Oracle Forms and Reports RCE
2014-02-17 08:54:23 -06:00
sinn3r
110ffbf342
Indent looks off for this line
2014-02-17 08:53:29 -06:00
sinn3r
632ea05688
100 columns
2014-02-17 08:52:56 -06:00
sinn3r
8da7ba131b
In case people actually don't know what RCE means
2014-02-17 08:51:48 -06:00
sinn3r
73459baefd
Add OSVDB references
2014-02-17 08:50:34 -06:00
Mekanismen
fb7b938f8e
check func fixed
2014-02-17 15:11:56 +01:00
OJ
b2d09ed0d1
Add the NULL byte to the list of valid chars
...
While rare, I guess it is a possibility that the NULL byte can be
used.
2014-02-17 16:40:56 +10:00
xistence
1864089085
removed rport definition
2014-02-17 11:32:24 +07:00
Philip OKeefe
c60ea58257
added audiotran_pls_1424 fileformat for Windows
2014-02-16 16:20:50 -05:00
Mekanismen
e27d98368e
fixed local server issues
2014-02-16 18:26:08 +01:00
Mekanismen
e40b9e5f37
updated and improved
2014-02-16 16:24:39 +01:00
OJ
e134ec4691
Remove '*' from valid file system chars
2014-02-16 23:57:54 +10:00
OJ
a808053c37
Add first pass of optimised sub encoder
...
Full details of the encoder are in the detailed description in the
source itself. But this is effectively an "optimised" SUB encoder
which is similar to the add_sub encoder except it doesn't bother to
use the ADD instructions at all, and it doesn't zero out EAX for
each 4-byte block unless absolutely necessary. This results in
payloads being MUCH smaller (in some cases 30% or more is saved).
2014-02-16 20:12:14 +10:00
Jovany Leandro G.C
74344d6c7e
vtigerolservice.php to vtigerservice.php
...
using direct soap/vtigerolservice.php not work..php need require('config.php');
2014-02-15 20:36:36 -05:00
Matteo Cantoni
8a24da9eea
Module to query Jboss status servlet
2014-02-15 17:46:52 +01:00
Tod Beardsley
f6be574453
Slightly better file checks on sqlmap.py
2014-02-15 09:58:03 -06:00
Tod Beardsley
dacbf55fc1
Minor cleanup of title and desc on sqlmap
2014-02-15 09:55:06 -06:00
Mekanismen
b7d69c168c
bugfix and user supplied local path support
2014-02-15 16:24:59 +01:00
sinn3r
9daffbd484
Land #2973 - Dexter panel (CasinoLoader) SQLi to file upload code exec
2014-02-14 17:16:27 -06:00
sinn3r
48199fec27
Change URL identifier, and make the user choose a target
2014-02-14 17:15:00 -06:00
Meatballs
c39924188a
Clean up
2014-02-14 20:52:04 +00:00
Royce Davis
0e7074c139
Modififed output for smb_enumshares module
2014-02-14 13:39:13 -06:00
Royce Davis
6dc9840064
Modified output for smb_enumshares
2014-02-14 13:12:52 -06:00
jvazquez-r7
b2ea257204
Include Linux::System post mixin
2014-02-14 08:32:21 -06:00
Meatballs1
ad72ecaf84
Handle SPN array
2014-02-14 09:48:23 +00:00
Meatballs1
4b828e5d45
Dont parse empty SPNs
2014-02-14 09:41:37 +00:00
Meatballs1
2c12952112
Moar corrections
2014-02-14 09:37:00 +00:00
Meatballs1
9dd56d32de
Corrections
2014-02-14 09:32:53 +00:00
Meatballs1
7ef68184e1
Handle SPNs differently
2014-02-13 23:24:55 +00:00
Meatballs1
95048b089e
Dont search for made up fields
2014-02-13 22:51:55 +00:00
Russell Sim
ee3f1fc25b
Record successful passwordless access to mongodb
2014-02-14 08:52:17 +11:00
Tod Beardsley
745f313413
Remove @nmonkee as author per twitter convo
2014-02-13 14:41:10 -06:00
Tod Beardsley
371f23b265
Unbreak the URL refs add nmonkee as ref and author
...
While @nmonkee didn't actually contribute to #2942 , he did publish a
python exploit that leverages WebView, so given our policy of being
loose with author credit, I added him.
Also added a ref to @nmonkee's thing.
@jduck @jvennix-r7 if you have a problem with this, please do say so, I
don't think adding @nmonkee in any way diminishes your work, and I don't
want to appear like we're secretly ripping off people's work. I know you
aren't on this or any other module, and I know @nmonkee doesn't think
that either.
2014-02-13 14:19:59 -06:00
Matteo Cantoni
7c860b9553
fix description
2014-02-13 21:11:50 +01:00
jvazquez-r7
61563fb2af
Do minor cleanup
2014-02-13 09:10:04 -06:00
jvazquez-r7
67367092b7
Solve conflicts
2014-02-13 08:42:53 -06:00
William Vu
a4035252d6
Land #1910 , DISCLAIMER for firefox_creds
...
Fixed conflict in Author.
2014-02-12 16:32:08 -06:00
jvazquez-r7
51896bcf74
land #2984 , @wchen-r7's [FixRM #8765 ] NameError uninitialized constant in enum_ad_user_comments
2014-02-12 15:31:54 -06:00
sinn3r
ce2de8f3bf
Different way to write this
2014-02-12 15:08:20 -06:00
Peter Arzamendi
5ef40e3844
Removed bad sets on datastore['USERNAME'] and datastore['PASSWORD']
2014-02-12 13:31:03 -06:00
jvazquez-r7
ff267a64b1
Have into account the Content-Transfer-Encoding header
2014-02-12 12:40:11 -06:00
sinn3r
45d4b1e1fd
Land #2958 - Add options: Applicaiton-Name, Permissions for jar.rb
2014-02-12 11:14:25 -06:00
Peter Arzamendi
2b8a8259f9
Updates to support OWA 2013 and some syntax changes
2014-02-12 09:40:49 -06:00
jvazquez-r7
a59ce95901
Land #2970 , @sgabe exploit for CVE-2010-2343
2014-02-12 08:10:53 -06:00
jvazquez-r7
9845970e12
Use pop#ret to jump over the overwritten seh
2014-02-12 08:10:14 -06:00
sgabe
11513d94f5
Add Juan as author
2014-02-12 12:17:02 +01:00
sgabe
3283880d65
Partially revert "Replace unnecessary NOP sled with random text" to improve reliability.
...
This partially reverts commit 12471660e9
.
2014-02-12 12:09:16 +01:00
xistence
6944c54d13
Added EXTENDED option to smtp_relay
2014-02-12 15:44:53 +07:00
sinn3r
0f620f5aba
Fix Uninitialized Constant RequestError
...
[SeeRM #8765 ] NameError uninitialized constant
2014-02-12 00:23:23 -06:00
sgabe
7195416a04
Increase the size of the NOP sled
2014-02-12 02:35:53 +01:00
sgabe
3f09456ce8
Minor code formatting
2014-02-11 23:53:04 +01:00
sgabe
7fc3511ba9
Remove unnecessary NOPs
2014-02-11 23:48:54 +01:00
sgabe
12471660e9
Replace unnecessary NOP sled with random text
2014-02-11 23:48:04 +01:00
sgabe
184ccb9e1e
Fix payload size
2014-02-11 23:42:58 +01:00
William Vu
c67c0dde8f
Land #2972 , enum_system find/save logs/S[UG]ID
2014-02-11 15:45:27 -06:00
jvazquez-r7
1f0020a61c
Land #2946 , @jlee-r7's optimization of the x86 block_api code
2014-02-11 15:00:00 -06:00
bwall
783e62ea85
Applied changes from @wchen-r7's comments
2014-02-11 10:14:52 -08:00
jvazquez-r7
3717374896
Fix and improve reliability
2014-02-11 10:44:58 -06:00
jvazquez-r7
51df2d8b51
Use the fixed API on the mediawiki exploit
2014-02-11 08:28:58 -06:00
Roberto Soares Espreto
68578c15a3
find command modified
2014-02-11 10:08:12 -02:00
jvazquez-r7
79d559a0c9
Fix MIME message to_s
2014-02-10 22:23:23 -06:00
Roberto Soares Espreto
f181134ef8
Removed hard tabs
2014-02-10 23:16:04 -02:00
sgabe
e8a3984c85
Fix ROP NOP address and reduce/remove NOPs
2014-02-11 00:29:37 +01:00
Meatballs
39be214413
Dont use quotes and start in a console
2014-02-10 23:15:59 +00:00
William Vu
e6905837eb
Land #2960 , rand_text_alpha for amaya_bdo
2014-02-10 16:44:11 -06:00
bwall
13fadffe7e
Dexter panel (CasinoLoader) SQLi to PHP code exec - Initial
2014-02-10 13:44:30 -08:00
Meatballs
a87f604c98
Merge remote-tracking branch 'upstream/master' into mediawiki
2014-02-10 21:43:56 +00:00
Roberto Soares Espreto
2e720f8f0f
Post::Linux - Added to search for files with setuid/setgid and logfiles
2014-02-10 19:24:51 -02:00
Tod Beardsley
1236a4eb07
Fixup on description and some option descrips
2014-02-10 14:41:59 -06:00
jvazquez-r7
3d4d5a84b6
Land #2957 , @zeroSteiner's exploit for CVE-2013-3881
2014-02-10 13:59:45 -06:00
jvazquez-r7
502dbb1370
Add references
2014-02-10 13:55:02 -06:00
sinn3r
8a8bc74687
Land #2940 - DoliWamp 'jqueryFileTree.php' Traversal Gather Credentials
2014-02-10 13:49:02 -06:00
sinn3r
306b31eee3
Small changes before merging
2014-02-10 13:47:31 -06:00