Commit Graph

7931 Commits (3b21de390661675fc6d47dbce293e37bd128e56c)

Author SHA1 Message Date
sinn3r 05d2703a98 Explain why obfuscation is disabled 2015-02-12 14:00:01 -06:00
William Vu 9b10cd5655
Land #4755, @todb-r7's release fixes 2015-02-12 13:16:08 -06:00
Tod Beardsley c156ed62a9
on, not of. 2015-02-12 12:56:53 -06:00
Tod Beardsley e35f603888
Comma fascism 2015-02-12 12:49:45 -06:00
Tod Beardsley d89eda65fa
Moar fixes, thanks @wvu-r7
See #4755
2015-02-12 12:46:38 -06:00
Tod Beardsley e78d08e20d
Fix up titles, descriptions 2015-02-12 12:11:40 -06:00
sinn3r 50c72125a4 ::Errno::EINVAL, disable obfuscation, revoke ms14-064 2015-02-12 11:54:01 -06:00
jvazquez-r7 155651e187 Make filename shorter 2015-02-12 11:45:51 -06:00
jvazquez-r7 95bfe7a7de Do minor cleanup 2015-02-12 11:45:51 -06:00
rastating 30f310321d Added CVE reference 2015-02-12 11:45:51 -06:00
rastating 38ad960640 Add Maarch LetterBox file upload module 2015-02-12 11:45:51 -06:00
William Vu 309159d876
Land #4753, updated ms14_070_tcpip_ioctl info 2015-02-12 09:57:29 -06:00
Spencer McIntyre 8ab469d3bd Update ms14-070 module information and references 2015-02-12 09:51:01 -05:00
William Vu b894050bba Fix local/pxeexploit datastore 2015-02-11 12:19:56 -06:00
Brent Cook f99ef5c0f5 fix msftidy warnings about towelroot module 2015-02-11 11:17:44 -06:00
rastating cb1efa3edd Improved error handling, tidied up some code 2015-02-11 10:16:18 +00:00
rastating 80a086d5f6 Add WordPress Photo Gallery upload module 2015-02-11 01:03:51 +00:00
sinn3r d23c9b552f Trade MS12-004 for MS13-090 against Windows XP BrowserAutoPwn 2015-02-10 18:58:56 -06:00
jvazquez-r7 29c68ef1ec
End fixing namespaces 2015-02-10 11:55:14 -06:00
jvazquez-r7 1f4fdb5d18
Update from master 2015-02-10 10:47:17 -06:00
jvazquez-r7 5687028f09
Land #4671, @earthquake's exploit for achat buffer overflow 2015-02-09 17:50:09 -06:00
jvazquez-r7 6165d623ff
Change module filename 2015-02-09 17:39:55 -06:00
jvazquez-r7 eb0741d7a7
Modify reference 2015-02-09 17:39:18 -06:00
jvazquez-r7 86f3bcad11
Do minor cleanup 2015-02-09 17:33:05 -06:00
Balazs Bucsay ac6879cfe1 proper payload encoding from now on 2015-02-09 23:36:35 +01:00
Balazs Bucsay c7880ab4e1 hex strings related explanations 2015-02-09 23:21:38 +01:00
Balazs Bucsay 9891026d30 sleep changed to Rex::sleep 2015-02-09 22:33:41 +01:00
jvazquez-r7 81cad064ea
Land #4724, @wchen-r7's AllowWin32SEH's change on alpha encoders 2015-02-09 11:01:00 -06:00
Brent Cook af405eeb7d
Land #4287, @timwr's exploit form CVS-2014-3153 2015-02-09 10:33:14 -06:00
jvazquez-r7 831a1494ac Keep default behavior for modules forcing Msf::Encoder::Type::AlphanumUpper 2015-02-08 18:29:25 -06:00
jvazquez-r7 3e7e9ae99b Keep default behavior for modules forcing Msf::Encoder::Type::AlphanumMixed 2015-02-08 18:22:11 -06:00
Christian Mehlmauer 6d46182c2f
Land #4570, @rastating 's module for wp-easycart 2015-02-07 23:42:23 +01:00
Christian Mehlmauer f2b834cebe
remove check because the vuln is unpatched 2015-02-07 23:38:44 +01:00
Christian Mehlmauer d2421a2d75
wrong version 2015-02-07 23:34:19 +01:00
Christian Mehlmauer 56d2bc5adb
correct version number 2015-02-07 23:22:43 +01:00
rastating 345d5c5c08 Update version numbers to reflect latest release 2015-02-07 19:09:16 +00:00
jvazquez-r7 87775c6ee4 Fix description 2015-02-06 23:55:27 -06:00
jvazquez-r7 76387eebe0 Use File.open 2015-02-06 21:35:07 -06:00
jvazquez-r7 1ea4a326c1
Land #4656, @nanomebia's fixes for sugarcrm_unserialize_exec 2015-02-06 16:42:01 -06:00
jvazquez-r7 e511f72ab4 Delete final check
* A session is the best proof of success
2015-02-06 16:34:34 -06:00
jvazquez-r7 f6933ed02c Add module for EDB-35948 2015-02-06 11:05:29 -06:00
Tod Beardsley 036cb77dd0
Land #4709, fixed up some datastore mangling 2015-02-05 21:22:38 -06:00
Spencer McIntyre 4e0a62cb3a
Land #4664, MS14-070 Server 2003 tcpip.sys priv esc 2015-02-05 18:49:15 -05:00
Spencer McIntyre a359fe9acc Minor fixup on the ms14-070 module description 2015-02-05 18:41:58 -05:00
Spencer McIntyre dc13446536 Forgot to comment ret instruction 2015-02-05 14:09:01 -05:00
Spencer McIntyre 5a39ba32f6 Make the ret instruction for token stealing optional 2015-02-05 14:00:38 -05:00
Spencer McIntyre dabc163076 Modify the shellcode stub to save the process 2015-02-05 13:54:52 -05:00
Tod Beardsley c633c710bc
Mostly caps/grammar/spelling, GoodRanking on MBAM 2015-02-05 12:36:47 -06:00
William Vu b43522a2b8
Fix scadapro_cmdexe datastore 2015-02-05 02:54:03 -06:00
William Vu a12d1244b9
Fix zenworks_helplauncher_exec datastore 2015-02-05 02:53:47 -06:00
William Vu 148ffaf55f
Fix real_arcade_installerdlg datastore 2015-02-05 02:53:38 -06:00
William Vu a7156cf4a8
Fix zabbix_script_exec datastore 2015-02-05 02:53:22 -06:00
Spencer McIntyre aebf5056ac Dont compare a string to an integer 2015-02-04 16:55:43 -05:00
Tod Beardsley 47d4acd91d
Land #4605, Malwarebytes fake update exploit 2015-02-04 10:28:17 -06:00
jvazquez-r7 fbf32669c6 Use single quote 2015-02-04 09:47:27 -06:00
julianvilas de09559cc8 Change HTTP requests to succeed when going through HTTP proxies 2015-02-04 15:32:14 +01:00
jvazquez-r7 c366e7777d Delete ternary operators 2015-02-03 17:43:00 -06:00
jvazquez-r7 c0e1440572
Land #4685, @FireFart's module for Wordpress Platform Theme RCE 2015-02-03 17:35:59 -06:00
jvazquez-r7 28f303d431 Decrease timeout 2015-02-03 17:33:29 -06:00
jvazquez-r7 34717d166d Fix typo 2015-02-03 17:12:54 -06:00
jvazquez-r7 a1c157a4db
Land #4609, @h0ng10's module for Wordpress Pixabay Images PHP Code Upload 2015-02-03 17:01:32 -06:00
jvazquez-r7 eebee7c066 Do better session creation handling 2015-02-03 17:00:37 -06:00
jvazquez-r7 4ca4fd1be2 Allow to provide the traversal depth 2015-02-03 16:38:40 -06:00
jvazquez-r7 e62a5a4fff Make the calling payload code easier 2015-02-03 16:23:04 -06:00
jvazquez-r7 61cdb5dfc9 Change filename 2015-02-03 16:13:10 -06:00
jvazquez-r7 82be43ea58 Do minor cleanup 2015-02-03 16:07:27 -06:00
jvazquez-r7 82eeec0946 Delete comments 2015-02-03 15:25:52 -06:00
jvazquez-r7 52616a069a Add support for NTLMSSP 2015-02-03 15:25:02 -06:00
Tod Beardsley b5794db973
Spelling 2015-02-03 14:10:47 -06:00
Tod Beardsley edd5ec3b0d
Refactor and rename of @sgabe's module
Renamed because it's not just MBAM, and having malwarebytes in the name
is more memorable anyway.

This refactor's @sgabe's original module to prefer if/else over
unless/else, clearly labelling variables, and wrapping up discrete
functionality into specific methods, and adds an OSVDB and the original
discoverer's URL.
2015-02-03 14:08:25 -06:00
William Vu d5c61c01f5
Land #4694, uninit Rex::OLE fix 2015-02-02 05:33:40 -06:00
sinn3r 9112e70187 Fix #4693 - Uninit Rex::OLE in MS14-064 exploits
Fix #4693
2015-02-02 00:20:34 -06:00
jvazquez-r7 d211488e5d Add Initial version 2015-02-01 19:47:58 -06:00
Christian Mehlmauer 2c956c0a0f
add wordpress platform theme rce 2015-01-31 22:02:44 +01:00
Julian Vilas f983c8171e Modify description to match both Struts 1.x and 2.x versions 2015-01-30 12:35:38 +01:00
Julian Vilas 1a11ae4021 Add new references about Struts 1 2015-01-29 23:27:52 +01:00
Balazs Bucsay 64ab11c6ba Add Achat Beta v0.150 RCE for Win7/XPSP3 2015-01-29 23:20:31 +01:00
Julian Vilas 4cc5844baf Add Struts 1 support 2015-01-29 23:12:34 +01:00
Jay Smith 6c529f8f6b
Addressed feedback from @OJ and @zeroSteiner 2015-01-29 11:57:03 -05:00
Nanomebia d04fd3b978 Fixing Indentation
Small indentation fix
2015-01-29 13:03:19 +08:00
Jay Smith 064ca2d02e
Updated version checking 2015-01-28 18:25:30 -05:00
sinn3r 0f88d0ad75 Change print_* to vprint_*
According to our wiki doc, all print_* should be vprint_* for check()
2015-01-28 15:44:14 -06:00
James Lee 51764eb207
Add a check() for mssql_payload 2015-01-28 13:44:16 -06:00
Jay Smith 37c08128dc
Add in MS14-070 Priv Escalation for Windows 2003 2015-01-28 13:24:39 -05:00
Nanomebia af90c6482b Sanity Changes
Reverted failure behaviour on line 70
Removed a space that prevented line 98 from working as intended
2015-01-28 18:40:43 +08:00
Nanomebia 27c412341f Syntax Changes
Cleaned up this statement a tiny bit
2015-01-28 18:34:19 +08:00
Nanomebia fc3094ec9b Syntax changes
Fixed some more syntax - failures
2015-01-28 18:30:21 +08:00
Nanomebia 321eb452c5 Syntax Fixes
Fixed some or's to || - and's to &&.
Fixed failure if statement (fails using fail_with())
Fixed nested else (now and elsif)
Changed final execute logic - checks for success rather than failure.
2015-01-28 18:08:15 +08:00
Nanomebia fefc3d088c Cookie fix and success display
Added handling for if the server doesn't correctly assign a cookie using
Set-Cookie by changing the regex and doing an additional check.  Also
fixed the success display -  changed the if statement to match others in
this module and fixed the text output based on server response.
2015-01-28 17:11:05 +08:00
sinn3r bb9c961847 Change description a bit 2015-01-27 12:14:55 -06:00
sinn3r 2dedaee9ca Working version after the upgrade 2015-01-27 12:02:36 -06:00
sinn3r 9e3388df34 Use BES for MS13-037 and default to ntdll 2015-01-27 00:18:36 -06:00
Tod Beardsley bae19405a7
Various grammar, spelling, word choice fixes 2015-01-26 11:00:07 -06:00
sinn3r f5916eba6d Move modules/exploits/windows/misc/psh_web_delivery.rb
This module was scheduled to be removed on 10/23/2014.
Please use exploit/multi/script/web_delivery instead.
2015-01-26 00:28:40 -06:00
sinn3r bbcc2eb07d Move modules/exploits/windows/misc/pxecploit.rb
This module was scheduled to be removed on 10/31/2014.
Please use exploits/windows/local/pxeexploit instead.
2015-01-26 00:25:02 -06:00
sgabe dbe5dd77e3 Enforce update to real versions 2015-01-25 10:53:14 +01:00
Gabor Seljan 2680e76e26 Remove wrong references 2015-01-25 00:17:30 +01:00
Hans-Martin Münch (h0ng10) 419fa93897 Add OSVDB and WPScan references 2015-01-23 09:27:42 +01:00
Hans-Martin Münch (h0ng10) dfbbc79e0d make retries a datastore option 2015-01-23 09:23:09 +01:00
Hans-Martin Münch (h0ng10) 11bf58e548 Use metasploit methods 2015-01-23 08:48:52 +01:00