Commit Graph

943 Commits (43c076ed96a8b3fcbc6d5b01fba6ca05d2dd8e39)

Author SHA1 Message Date
Steve Tornio bb26593da7 add osvdb ref. rename file to correct typo
git-svn-id: file:///home/svn/framework3/trunk@12279 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-08 12:41:18 +00:00
Wei Chen 717fb83fc9 Added RealNetworks RealGames ActiveX exec arbitrary code execution
git-svn-id: file:///home/svn/framework3/trunk@12276 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-08 02:39:11 +00:00
Wei Chen b90d6fc16f Modified the heap spraying function. Each block size should be more consistent now.
git-svn-id: file:///home/svn/framework3/trunk@12264 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-07 07:27:38 +00:00
Joshua Drake 0882f18ec0 add fix commit diff and fix broken cve reference
git-svn-id: file:///home/svn/framework3/trunk@12166 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-28 03:04:54 +00:00
Joshua Drake 24fd896bfb add OSVDB reference back, conflict handling fail!
git-svn-id: file:///home/svn/framework3/trunk@12165 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-28 03:02:46 +00:00
Wei Chen 214751379f Updated: using get_resource() instead of datastore['URIPATH']
git-svn-id: file:///home/svn/framework3/trunk@12156 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-27 03:56:45 +00:00
Wei Chen 25ca59b56f Added Win Vista and debug target
git-svn-id: file:///home/svn/framework3/trunk@12153 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-26 23:22:51 +00:00
David Rude 349512f48d Updated exploit ranking and description to reflect the new ranking
git-svn-id: file:///home/svn/framework3/trunk@12151 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-26 19:33:38 +00:00
Steve Tornio 81fae13258 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@12147 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-26 12:05:48 +00:00
David Rude ff3659aa37 Lots of work to make this a lot more reliable =)
git-svn-id: file:///home/svn/framework3/trunk@12146 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-26 06:35:28 +00:00
Wei Chen eb7df0be8e Updated how the trigger file should be loaded... the proper way.
git-svn-id: file:///home/svn/framework3/trunk@12140 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-26 00:07:36 +00:00
Wei Chen 77ceadc6ad Updated description and how the trigger file loads
git-svn-id: file:///home/svn/framework3/trunk@12139 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-25 22:49:11 +00:00
Wei Chen 08f210ac52 Added CVE-2010-3275 (VLC AMV vulnerability)
git-svn-id: file:///home/svn/framework3/trunk@12137 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-25 21:03:12 +00:00
Steve Tornio 89ec6ab5da add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@12092 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 11:19:45 +00:00
David Rude 8233030184 opps removed mixin require as well
git-svn-id: file:///home/svn/framework3/trunk@12091 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 04:41:48 +00:00
David Rude f8534f06dd opps removed mixin reference =)
git-svn-id: file:///home/svn/framework3/trunk@12090 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 04:40:38 +00:00
David Rude d7266b6551 Add CVE-2011-0609 exploit for Adobe Flash
git-svn-id: file:///home/svn/framework3/trunk@12089 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 04:31:48 +00:00
Joshua Drake 586c1f9305 oops, broke the LIBPATH option
git-svn-id: file:///home/svn/framework3/trunk@12015 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-18 01:18:18 +00:00
Joshua Drake f4fe3f11b0 enable bind payloads, thx hdm :)
git-svn-id: file:///home/svn/framework3/trunk@12014 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-18 00:52:58 +00:00
Steve Tornio 4992deed21 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@12013 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-18 00:16:06 +00:00
Joshua Drake fb6107ffb5 enable java payloads, currently via one-off method
git-svn-id: file:///home/svn/framework3/trunk@12012 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-17 23:57:11 +00:00
David Rude 36b83cde6f Added exploit for CVE-2010-3747 RealPlayer CDDA URI Code Execution
git-svn-id: file:///home/svn/framework3/trunk@12009 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-17 15:42:28 +00:00
David Rude 382e63e16e fixed a typo in javascript
git-svn-id: file:///home/svn/framework3/trunk@12007 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-17 04:40:36 +00:00
Joshua Drake 4a1e59be8d oops =D
git-svn-id: file:///home/svn/framework3/trunk@11983 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-16 05:01:29 +00:00
Joshua Drake 4644110962 add exploit for cve-2010-4452, currently windows only and no payloads :(
git-svn-id: file:///home/svn/framework3/trunk@11982 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-16 04:50:25 +00:00
David Rude 695963dde7 Fixed references
git-svn-id: file:///home/svn/framework3/trunk@11888 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-07 02:28:15 +00:00
David Rude b51c9f8397 oops forgot a , =)
git-svn-id: file:///home/svn/framework3/trunk@11887 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-06 20:42:37 +00:00
David Rude 6dc0596870 Added Novell iPrint GetDriverSettings <= 5.52 exploit from mr_me thanks
git-svn-id: file:///home/svn/framework3/trunk@11886 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-06 20:27:06 +00:00
Joshua Drake 8ef05017b8 style compliance fixes, naughty naughty
git-svn-id: file:///home/svn/framework3/trunk@11796 4d416f70-5f16-0410-b530-b9f4589650da
2011-02-22 20:49:44 +00:00
Matt Weeks c322534907 Add exploit for CVE-2010-3765, firefox interleaved document.write and appendChild calls.
git-svn-id: file:///home/svn/framework3/trunk@11773 4d416f70-5f16-0410-b530-b9f4589650da
2011-02-18 02:23:10 +00:00
Joshua Drake 8c8b181ffb Update ms11_xxx modules to reflect bulletin release, minor style fixes
git-svn-id: file:///home/svn/framework3/trunk@11730 4d416f70-5f16-0410-b530-b9f4589650da
2011-02-08 23:31:44 +00:00
Joshua Drake e06d4d52fe convert VLC module to FileFormat, adjust spray
git-svn-id: file:///home/svn/framework3/trunk@11705 4d416f70-5f16-0410-b530-b9f4589650da
2011-02-03 18:16:40 +00:00
Joshua Drake 3ac076c20a add exploit for VLC media player WebM processing from Dan Rosenburg
git-svn-id: file:///home/svn/framework3/trunk@11692 4d416f70-5f16-0410-b530-b9f4589650da
2011-02-01 18:54:24 +00:00
Joshua Drake a62f1922b3 fix typos, lol?
git-svn-id: file:///home/svn/framework3/trunk@11662 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-28 23:56:35 +00:00
James Lee d7cda0f85a accept a client argument for get_uri()
git-svn-id: file:///home/svn/framework3/trunk@11623 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-22 00:16:57 +00:00
James Lee f3bda46333 doesn't work on IE8, fixes #3566, thanks Hauke Mehrtens for the patch
git-svn-id: file:///home/svn/framework3/trunk@11610 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-20 19:30:59 +00:00
Joshua Drake b6b9b83dd7 add CVE reference
git-svn-id: file:///home/svn/framework3/trunk@11579 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-14 16:25:37 +00:00
Joshua Drake 739604ea12 Fixes #3469, silly typo
git-svn-id: file:///home/svn/framework3/trunk@11520 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-08 05:58:55 +00:00
Joshua Drake d994f595fe remove unused vars
git-svn-id: file:///home/svn/framework3/trunk@11517 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-08 01:59:10 +00:00
Joshua Drake 287f4c87fe style compliance fixes
git-svn-id: file:///home/svn/framework3/trunk@11516 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-08 01:13:26 +00:00
Joshua Drake 19e8a6a5b1 switch AutoRunScript for InitialAutoRunScript, oops
git-svn-id: file:///home/svn/framework3/trunk@11513 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-08 00:25:44 +00:00
Jonathan Cran a206ed8418 clarifying wmi tools are not installed by default
git-svn-id: file:///home/svn/framework3/trunk@11481 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-06 05:27:37 +00:00
Joshua Drake bc7a8e3b47 fix silly merge conflict data in HTML
git-svn-id: file:///home/svn/framework3/trunk@11479 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-05 22:52:54 +00:00
Joshua Drake 08df4dac3b randomize import styles, patch from jjarmoc
git-svn-id: file:///home/svn/framework3/trunk@11443 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-29 16:49:20 +00:00
Joshua Drake b3bfb5834e change credit to passerby
git-svn-id: file:///home/svn/framework3/trunk@11427 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-28 17:10:19 +00:00
Joshua Drake 5f5d2992ce add reference to 0x557 slides (for .NET 2.0 rop)
git-svn-id: file:///home/svn/framework3/trunk@11405 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-23 01:36:54 +00:00
Joshua Drake cdfe03ce43 add MSFT advisory and CVE
git-svn-id: file:///home/svn/framework3/trunk@11404 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-23 01:30:43 +00:00
Steve Tornio 09b00739fb add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@11402 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-22 22:21:56 +00:00
Joshua Drake 0f24d1955c minor corrections, use .NET 2.0 ROP :)
git-svn-id: file:///home/svn/framework3/trunk@11398 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-22 18:26:18 +00:00
Joshua Drake 44c8a71dcf minor clean ups
git-svn-id: file:///home/svn/framework3/trunk@11397 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-22 18:23:16 +00:00
Mario Ceballos 1407d7f1d5 revert back. little more reliable.
git-svn-id: file:///home/svn/framework3/trunk@11396 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-22 17:40:13 +00:00
Mario Ceballos d89c60f2de add exploit module wmi_admintools.rb
git-svn-id: file:///home/svn/framework3/trunk@11395 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-22 14:35:36 +00:00
Joshua Drake c4c0cabccb switch to .NET 2.0 ROP, Merry Xmas!
git-svn-id: file:///home/svn/framework3/trunk@11390 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-21 19:24:19 +00:00
Joshua Drake 5d2f26b41b add exploit for unpatched IE css import bug
git-svn-id: file:///home/svn/framework3/trunk@11383 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-20 16:34:07 +00:00
Joshua Drake b8b0e1af97 fix typo
git-svn-id: file:///home/svn/framework3/trunk@11380 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-20 09:11:45 +00:00
James Lee f15e6e5e62 update autopwn, replace ms10-018 behaviors with ms10-090 css clip.
git-svn-id: file:///home/svn/framework3/trunk@11333 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-14 18:53:22 +00:00
Joshua Drake af56bebfa1 note ms10-090 bulletin
git-svn-id: file:///home/svn/framework3/trunk@11331 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-14 18:41:20 +00:00
Steve Tornio e6f640bc17 add cve and osvdb refs
git-svn-id: file:///home/svn/framework3/trunk@11189 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-01 03:18:05 +00:00
Mario Ceballos 14ea7a85bb svn keywords
git-svn-id: file:///home/svn/framework3/trunk@11188 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-01 02:03:25 +00:00
Mario Ceballos 5ed387aa38 added exploit module enjoysapgui_comp_download.rb
git-svn-id: file:///home/svn/framework3/trunk@11187 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-01 02:01:46 +00:00
Joshua Drake e9faf75503 fix some more titles with periods
git-svn-id: file:///home/svn/framework3/trunk@11127 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-24 19:35:38 +00:00
James Lee 52389d28f4 make windows the default target
git-svn-id: file:///home/svn/framework3/trunk@11102 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-22 20:54:25 +00:00
James Lee 7a3770f87b don't use java_basicservice_impl in browser autopwn because it doesn't work in an iframe against IE and causes popups in other browsers
git-svn-id: file:///home/svn/framework3/trunk@11101 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-22 20:44:16 +00:00
James Lee d608db778c we're not sending an applet, just a jar, clarify the output
git-svn-id: file:///home/svn/framework3/trunk@11084 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-21 19:58:04 +00:00
James Lee 6f7af42667 add an exploit for cve-2010-3563, thanks Matthias Kaiser
git-svn-id: file:///home/svn/framework3/trunk@11078 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-19 23:02:35 +00:00
Joshua Drake 3992eb7ef8 Mass RE-update: fix all framework URL references
git-svn-id: file:///home/svn/framework3/trunk@10998 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-11 22:43:22 +00:00
Joshua Drake 9fc6f2f3a3 Mass update: fix all framework URL references
git-svn-id: file:///home/svn/framework3/trunk@10996 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-11 22:25:13 +00:00
Joshua Drake eab0a40caa switch up IE6 target to work on older version
git-svn-id: file:///home/svn/framework3/trunk@10978 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-11 02:54:56 +00:00
Joshua Drake 61e5d00722 switch title, comment out IE8 target for now
git-svn-id: file:///home/svn/framework3/trunk@10963 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-09 23:12:48 +00:00
Steve Tornio 338d6e3693 add osvdb refs
git-svn-id: file:///home/svn/framework3/trunk@10914 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-05 02:58:01 +00:00
Joshua Drake b0f64ebba1 add a debug target
git-svn-id: file:///home/svn/framework3/trunk@10912 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-05 00:08:55 +00:00
Joshua Drake 76123e79c1 style compliance fixes
git-svn-id: file:///home/svn/framework3/trunk@10909 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-04 23:59:56 +00:00
Joshua Drake 979ddcd8e5 add exploit for cve-2010-3962
git-svn-id: file:///home/svn/framework3/trunk@10907 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-04 23:44:23 +00:00
Steve Tornio 9f5fca12f7 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@10828 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-26 15:28:04 +00:00
Joshua Drake f909b360ba note tested on 6u11
git-svn-id: file:///home/svn/framework3/trunk@10820 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-25 20:22:08 +00:00
Joshua Drake 3fffd15549 add exploit for cve-2010-3552 (w/dep bypass)
git-svn-id: file:///home/svn/framework3/trunk@10819 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-25 20:21:41 +00:00
Steve Tornio 0251c446f1 add cve, osvdb refs
git-svn-id: file:///home/svn/framework3/trunk@10784 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-22 12:21:30 +00:00
Joshua Drake 6bd75bb2d5 add shockwave exploit from abysssec/rel1k
git-svn-id: file:///home/svn/framework3/trunk@10779 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-22 03:15:22 +00:00
Joshua Drake 7de96a710f add trendmicro extsetowner exploit from Trancer
git-svn-id: file:///home/svn/framework3/trunk@10538 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-04 04:26:09 +00:00
Joshua Drake 279c604015 missed a couple exe generater includes
git-svn-id: file:///home/svn/framework3/trunk@10504 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-28 16:19:50 +00:00
Joshua Drake b8b21cd53c handle dirs and index.html specially
git-svn-id: file:///home/svn/framework3/trunk@10454 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-24 01:11:05 +00:00
Joshua Drake 600ec0a848 add two exploits from Trancer! woot!
git-svn-id: file:///home/svn/framework3/trunk@10429 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-21 18:46:29 +00:00
HD Moore d89004753c Fixes #2450 by allowing any length extension
git-svn-id: file:///home/svn/framework3/trunk@10411 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-21 02:59:22 +00:00
Joshua Drake 8e5cf31e9a big exe/dll update, see #2017
NOTE: These changes specifically affect payload encoding via RPC, "use
payload", and msfencode

1. consolidate user-specified exe generation routine (now
Msf::Util::EXE.to_executable_fmt)
2. supported format types are now queried/checked using arrays
3. cleaned up and standardized exe option passing
4. rename data store options for EXE mixin
5. add generate_payload_exe_service for psexec/smb_relay
6. reworked default template handling in Msf::Util::EXE
  a. added template search path option (not used if template includes
a path separator)
  b. "fallback" flag to enable using default if specified file doesn't
exist
7. added Msf::Util::EXE.to_win64pe_dll
8. improved error messages from exe generation



git-svn-id: file:///home/svn/framework3/trunk@10404 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-21 00:13:30 +00:00
Joshua Drake 4590844871 tons of indentation fixes, some other style tweaks
git-svn-id: file:///home/svn/framework3/trunk@10394 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-20 08:06:27 +00:00
Joshua Drake 19db412383 convert remaining EXE generation to use the mixin, fixes #2017
git-svn-id: file:///home/svn/framework3/trunk@10389 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-20 04:38:13 +00:00
Joshua Drake 21d88b36c1 rename generate_exe -> generate_payload_exe
git-svn-id: file:///home/svn/framework3/trunk@10388 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-20 04:37:25 +00:00
Joshua Drake 5250ff20bb add svn:keywords, increase ranking, add browser version
git-svn-id: file:///home/svn/framework3/trunk@10280 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-09 23:23:40 +00:00
Joshua Drake ace873a37a update test notes
git-svn-id: file:///home/svn/framework3/trunk@10204 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-31 17:55:43 +00:00
Steve Tornio 3c704ec753 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@10201 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-31 11:44:11 +00:00
Joshua Drake 3ab9a9b8d7 add Win7 IE8 target
git-svn-id: file:///home/svn/framework3/trunk@10199 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-30 23:31:01 +00:00
Joshua Drake 561c861a3a add CVE reference
git-svn-id: file:///home/svn/framework3/trunk@10196 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-30 21:52:45 +00:00
Joshua Drake 2d6a956763 update description
git-svn-id: file:///home/svn/framework3/trunk@10194 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-30 20:50:52 +00:00
Joshua Drake f68fd01772 nudge reliability up
git-svn-id: file:///home/svn/framework3/trunk@10193 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-30 20:44:43 +00:00
Joshua Drake a39639c56f add exploit for quicktime backdoor
git-svn-id: file:///home/svn/framework3/trunk@10192 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-30 20:42:51 +00:00
Joshua Drake 330281eadd see #684, adds checksum support, updates modules to use it, fixes some wfs_delay/WfsDelay issues
git-svn-id: file:///home/svn/framework3/trunk@10150 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-25 20:55:37 +00:00
Joshua Drake bc56ae73a1 correct typo, thx jcran
git-svn-id: file:///home/svn/framework3/trunk@10142 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-25 16:18:02 +00:00
Joshua Drake aac956db50 style compliance fixes
git-svn-id: file:///home/svn/framework3/trunk@10128 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-24 18:22:48 +00:00
HD Moore 65af96745f Set manual ranking until we have a vulnerable extension list added by default
git-svn-id: file:///home/svn/framework3/trunk@10101 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-23 13:41:59 +00:00
HD Moore cc3554601f Tools for testing DLL hijack flaws
git-svn-id: file:///home/svn/framework3/trunk@10100 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-23 05:43:47 +00:00
Steve Tornio 0e1ed07e73 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@10078 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-20 11:36:50 +00:00
Joshua Drake 1cc13485ae bring ranking down
git-svn-id: file:///home/svn/framework3/trunk@10070 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-19 23:55:59 +00:00
Joshua Drake 791af4b6c5 add exploit for sonicwall aventail activex format string
git-svn-id: file:///home/svn/framework3/trunk@10069 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-19 23:52:11 +00:00
Joshua Drake 5f0d68d883 add exploit for cve-2010-1799
git-svn-id: file:///home/svn/framework3/trunk@10011 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-13 23:11:23 +00:00
Joshua Drake 1b31a44b57 move riff support from ani_loadimage browser sploit to mixin
git-svn-id: file:///home/svn/framework3/trunk@9984 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-12 16:56:41 +00:00
Joshua Drake b93462a27f add msb and rename module
git-svn-id: file:///home/svn/framework3/trunk@9956 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-04 02:21:33 +00:00
Joshua Drake 459c046ac2 add msb and rename module
git-svn-id: file:///home/svn/framework3/trunk@9955 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-04 02:21:20 +00:00
Joshua Drake a31e133e80 add 3 easy ftp server exploits, 1 chemview activex
git-svn-id: file:///home/svn/framework3/trunk@9935 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-27 02:25:15 +00:00
Joshua Drake f4103fd7f5 increase ranking
git-svn-id: file:///home/svn/framework3/trunk@9933 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-26 19:30:02 +00:00
Joshua Drake 2448f6b1a8 fix lnk file generation, tested OK on win7 x86
git-svn-id: file:///home/svn/framework3/trunk@9930 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-26 01:51:17 +00:00
Joshua Drake 2ccf0a0c81 add UNCHOST var, remove \r chars
git-svn-id: file:///home/svn/framework3/trunk@9897 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-21 00:02:47 +00:00
Joshua Drake dd7a8178d7 actually use Msf::Exploit::EXE
git-svn-id: file:///home/svn/framework3/trunk@9896 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-21 00:02:04 +00:00
Joshua Drake 1ca054ba53 style compliance fixes
git-svn-id: file:///home/svn/framework3/trunk@9893 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-20 23:28:47 +00:00
HD Moore 99e2c9aa72 Looks like my initial testing was wrong - you can trigger this entirely through HTTP with a meta refresh, just not with a 301 (IE only).
git-svn-id: file:///home/svn/framework3/trunk@9888 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-20 19:54:56 +00:00
Joshua Drake 786ccb3d5f add support for OWC11 (from DSR!)
git-svn-id: file:///home/svn/framework3/trunk@9883 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-20 06:24:19 +00:00
HD Moore d388c1bc4f Handle unknown requests in a cleaner way
git-svn-id: file:///home/svn/framework3/trunk@9879 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-20 03:08:43 +00:00
Joshua Drake e30164e09e possibly fix a bug
git-svn-id: file:///home/svn/framework3/trunk@9873 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-20 00:23:18 +00:00
Steve Tornio 3674a11fa5 add osvdb refs
git-svn-id: file:///home/svn/framework3/trunk@9870 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-19 23:02:22 +00:00
HD Moore fcd23fbdce Adds coverage for the Windows Shell LNK code execution flaw (CVE-2010-2568)
git-svn-id: file:///home/svn/framework3/trunk@9869 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-19 22:36:26 +00:00
Joshua Drake d07e613504 style compliance fixes
git-svn-id: file:///home/svn/framework3/trunk@9842 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-16 02:33:25 +00:00
HD Moore 24800ca1ec Add reference for the help center bug
git-svn-id: file:///home/svn/framework3/trunk@9810 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-13 19:31:40 +00:00
HD Moore 19f1583ba5 Change to match MSB
git-svn-id: file:///home/svn/framework3/trunk@9809 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-13 19:30:47 +00:00
HD Moore edae6e2d02 Change to match MSB
git-svn-id: file:///home/svn/framework3/trunk@9808 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-13 19:30:36 +00:00
James Lee a5786cdc64 stop using some older exploits in browser_autopwn in favor of ie_behaviors which works on more versions
git-svn-id: file:///home/svn/framework3/trunk@9787 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-12 02:51:50 +00:00
Joshua Drake c7f5ba801c add lots of disclosure dates from OSVDB (missed a few)
git-svn-id: file:///home/svn/framework3/trunk@9670 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-03 03:19:07 +00:00
Joshua Drake 7d945ed9dc add lots of disclosure dates from OSVDB
git-svn-id: file:///home/svn/framework3/trunk@9669 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-03 03:13:45 +00:00
Joshua Drake 56ea22716e oops, broke the tree
git-svn-id: file:///home/svn/framework3/trunk@9668 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-03 01:38:15 +00:00
Joshua Drake 9984b662e0 switch some URL references to US-CERT-VU type
git-svn-id: file:///home/svn/framework3/trunk@9666 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-03 01:09:32 +00:00
Joshua Drake f6f954a18c add missing CVE/OSVDB references, plenty still missing *wink wink*
git-svn-id: file:///home/svn/framework3/trunk@9659 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-02 00:10:51 +00:00
Joshua Drake 0882838491 ensure binary mode when opening files, whitespace fixes
git-svn-id: file:///home/svn/framework3/trunk@9653 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-01 23:33:07 +00:00
Joshua Drake 8676a88ce3 fix typo, thx chad
git-svn-id: file:///home/svn/framework3/trunk@9646 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-01 20:35:56 +00:00
Joshua Drake a040b3708a add some MSB numbers that were missing, rename ms08-070 msmask32 module
git-svn-id: file:///home/svn/framework3/trunk@9532 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-15 23:49:17 +00:00
Joshua Drake fa505a4069 various fixes, mostly consistency changes to disclosure dates
git-svn-id: file:///home/svn/framework3/trunk@9525 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-15 07:18:08 +00:00
Joshua Drake 09f4c42aee fix whitespace
git-svn-id: file:///home/svn/framework3/trunk@9518 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-15 05:44:29 +00:00
natron 7cbc566c7b Bug fixes for WMP11 and IE8, new configurable setting for exploit trigger, and output cleanup.
git-svn-id: file:///home/svn/framework3/trunk@9495 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-11 20:54:35 +00:00
Joshua Drake 75b906ac4c switch to %uFFFF per secunia analysis, fix regexp handling
git-svn-id: file:///home/svn/framework3/trunk@9491 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-11 17:40:42 +00:00
Joshua Drake cb69258fb2 fix regexp handling
git-svn-id: file:///home/svn/framework3/trunk@9490 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-11 17:40:12 +00:00
Joshua Drake e32abab8dc a HTTP -> an HTTP (http://www.english-zone.com/grammar/a-anlessn.html)
git-svn-id: file:///home/svn/framework3/trunk@9488 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-11 16:12:05 +00:00
Joshua Drake 565397e989 fix CVE reference -- shakes stick
git-svn-id: file:///home/svn/framework3/trunk@9487 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-11 16:10:12 +00:00
Joshua Drake c62b62d35d style compliance fixes
git-svn-id: file:///home/svn/framework3/trunk@9486 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-11 15:17:23 +00:00
Steve Tornio e2f4a6ad0d add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@9485 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-11 10:39:41 +00:00
HD Moore 7c87a96e65 Add CVE from Kurt S.
git-svn-id: file:///home/svn/framework3/trunk@9484 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-11 06:49:54 +00:00
natron f4394bf0e0 Initial commit for Tavis Ormandy's Help Ctr bug. Needs improvement on stealthiness, but works for now.
-n


git-svn-id: file:///home/svn/framework3/trunk@9483 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-11 06:10:08 +00:00
Joshua Drake 619d088ada updated test results
git-svn-id: file:///home/svn/framework3/trunk@9477 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-10 20:55:17 +00:00
Joshua Drake 07ed2d636c add browser version of cve-2010-1297
git-svn-id: file:///home/svn/framework3/trunk@9475 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-10 20:28:05 +00:00
Joshua Drake 6d1e7bdaa5 big commit - lots of cmdstager changes
created 4 cmd stagers (instead of just one): CmdStagerVBS, CmdStagerDebugAsm, CmdStagerDebugWrite, CmdStagerTFTP
created a TFTPServer mixin
created Msf::Exploit::EXE mixin to generate executables
updated all uses of CmdStager to use CmdStagerVBS for the time being
add exploit for cve-2001-0333 using CmdStagerTFTP
updated tftp server to wait for transfers to finish (up to 30 seconds) before shutting down
write debug.exe stager stub in 16-bit assembly (used in CmdStagerDebugAsm)


git-svn-id: file:///home/svn/framework3/trunk@9375 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-26 22:39:56 +00:00
Steve Tornio cfb850b41b add osvdb refs
git-svn-id: file:///home/svn/framework3/trunk@9363 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-25 02:09:42 +00:00
Joshua Drake acf45118a2 add exploit module for communicrypt activex from dookie
git-svn-id: file:///home/svn/framework3/trunk@9356 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-24 22:37:59 +00:00
Steve Tornio 365f13551b added refs. I think all the auxiliary and exploit modules should now be covered.
git-svn-id: file:///home/svn/framework3/trunk@9298 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-13 16:53:50 +00:00
Joshua Drake 128e0515ef stop perpetuating the ambiguity!
git-svn-id: file:///home/svn/framework3/trunk@9262 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-09 17:45:00 +00:00
Joshua Drake 4bc86e603e fix a couple more silly regex mishaps
git-svn-id: file:///home/svn/framework3/trunk@9220 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-04 23:09:32 +00:00
Joshua Drake 0e72894e58 more cleanups
git-svn-id: file:///home/svn/framework3/trunk@9212 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-03 17:13:09 +00:00
Joshua Drake 665baa7691 modify ms09-002 exploit to use encrypt_js
git-svn-id: file:///home/svn/framework3/trunk@9200 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-02 20:42:34 +00:00
Joshua Drake ce372f62ff fix aurora encrypt and add js_encrypt to chilikat module
git-svn-id: file:///home/svn/framework3/trunk@9185 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-01 02:31:17 +00:00
Joshua Drake 2662055be8 add encrypt_js call to aurora exploit
git-svn-id: file:///home/svn/framework3/trunk@9184 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-01 02:14:26 +00:00
Joshua Drake 0ea6eca4bc big module whitespace/formatting cleanup pass
git-svn-id: file:///home/svn/framework3/trunk@9179 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-30 08:40:19 +00:00
Joshua Drake d91046c470 detect and split JS and non-JS versions
git-svn-id: file:///home/svn/framework3/trunk@9160 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-27 17:45:35 +00:00
Joshua Drake 49f6fc4d98 ugh
git-svn-id: file:///home/svn/framework3/trunk@9159 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-27 16:46:21 +00:00
Joshua Drake 2f3171906c remove splash screen
git-svn-id: file:///home/svn/framework3/trunk@9158 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-27 15:58:05 +00:00
Joshua Drake ac188bebdb added support for older JREs using javascript methods from taviso's exploit
git-svn-id: file:///home/svn/framework3/trunk@9151 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-27 00:42:52 +00:00
Joshua Drake a953c47cfb remove carriage returns
git-svn-id: file:///home/svn/framework3/trunk@9140 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-26 18:29:24 +00:00
Joshua Drake bc68b7d92e fix name
git-svn-id: file:///home/svn/framework3/trunk@9097 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-16 08:08:40 +00:00
Joshua Drake fc2fab9bd7 fix name
git-svn-id: file:///home/svn/framework3/trunk@9096 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-16 08:08:36 +00:00
Joshua Drake 51e6a64e07 add UNCPATH option
git-svn-id: file:///home/svn/framework3/trunk@9095 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-16 08:08:14 +00:00
Joshua Drake 80cec47e17 added cve
git-svn-id: file:///home/svn/framework3/trunk@9091 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-16 00:31:31 +00:00
Joshua Drake 180ca93bbb updated description
git-svn-id: file:///home/svn/framework3/trunk@9090 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-16 00:31:03 +00:00
Joshua Drake 8e5f0a37d8 rename modules to microsoft bulletin names and update references
git-svn-id: file:///home/svn/framework3/trunk@9085 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-15 16:08:27 +00:00
Joshua Drake 73dfe9729b update default option settings and auto_target
git-svn-id: file:///home/svn/framework3/trunk@9083 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-15 15:23:43 +00:00
Steve Tornio ec74d862a7 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@9082 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-15 11:18:25 +00:00
Joshua Drake 950f571488 add module for java web start arguments vuln - no CVE yet
git-svn-id: file:///home/svn/framework3/trunk@9074 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-14 21:45:23 +00:00
pusscat 99ecd361d3 Fix variable name (care of Monica Sojeong Hong)
git-svn-id: file:///home/svn/framework3/trunk@9061 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-13 19:05:52 +00:00
HD Moore c8aae09827 Correct english in the quotation
git-svn-id: file:///home/svn/framework3/trunk@9029 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-07 00:59:20 +00:00
Joshua Drake e9083bda0d add exploit module for cve-2010-0805 - from zsploit
git-svn-id: file:///home/svn/framework3/trunk@9018 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-05 20:25:56 +00:00
HD Moore 52faebea30 Typo
git-svn-id: file:///home/svn/framework3/trunk@9006 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-04 04:57:42 +00:00
HD Moore 8f0e3ced67 Correct spelling typo
git-svn-id: file:///home/svn/framework3/trunk@9004 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-04 00:46:49 +00:00
Joshua Drake ff8cdc29aa update description with a little history
git-svn-id: file:///home/svn/framework3/trunk@8968 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-31 22:36:10 +00:00
Joshua Drake da874c323a renamed and udpated "iepeers" vuln with latest information/name
git-svn-id: file:///home/svn/framework3/trunk@8965 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-31 20:15:22 +00:00
Joshua Drake 79e277450a add reliable IE7 trigger from Nanika
git-svn-id: file:///home/svn/framework3/trunk@8935 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-27 01:31:19 +00:00
Joshua Drake 89d6907a8f fix typoez
git-svn-id: file:///home/svn/framework3/trunk@8933 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-27 00:35:48 +00:00
HD Moore 13410d4daa Rename aurora module to the MSB naming convention
git-svn-id: file:///home/svn/framework3/trunk@8780 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-11 05:49:45 +00:00
HD Moore a23344b5d0 Consistency in how IE/Internet Explorer is named
git-svn-id: file:///home/svn/framework3/trunk@8779 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-11 05:49:14 +00:00
Steve Tornio d3da883aa2 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@8774 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-10 22:07:04 +00:00
Joshua Drake 3c57fe6e81 add exploit module for cve-2010-0806
git-svn-id: file:///home/svn/framework3/trunk@8770 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-10 22:01:32 +00:00
Joshua Drake b419a40c45 finished periodic missing CVE reference check (hint vulns w/o CVEs here!)
also some minor cleanups here and there

git-svn-id: file:///home/svn/framework3/trunk@8762 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-10 05:58:01 +00:00
Joshua Drake 83419da78b check for vulnerable version in JS prior to triggering vuln, closes #1011
git-svn-id: file:///home/svn/framework3/trunk@8731 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-06 04:36:16 +00:00
Joshua Drake 73da75a931 big update to cmd stager
1. returns array of commands instead of big blob of lines
2. combine lines together when possible (to reduce # of commands to execute)
3. add cmd stager usage in mssql_payload
4. remove extraneous stuff here and there

git-svn-id: file:///home/svn/framework3/trunk@8721 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-05 00:29:44 +00:00
Joshua Drake 0900314a15 redirect requests without subdirectories
git-svn-id: file:///home/svn/framework3/trunk@8713 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-04 18:28:05 +00:00
Joshua Drake 4bd857b53e add exploit module for cve-2008-3558
git-svn-id: file:///home/svn/framework3/trunk@8712 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-04 17:41:26 +00:00
Joshua Drake e8f22a7136 add exploit module for cve-2008-3878
git-svn-id: file:///home/svn/framework3/trunk@8705 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-04 06:19:37 +00:00
Joshua Drake 5aebed8fe7 add exploit module for cve-2008-5002
git-svn-id: file:///home/svn/framework3/trunk@8703 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-03 21:17:31 +00:00
Joshua Drake fb5906385d add exploit module for cve-2009-1534
git-svn-id: file:///home/svn/framework3/trunk@8698 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-03 18:12:37 +00:00
Joshua Drake d86575701d added CVE, KB references
git-svn-id: file:///home/svn/framework3/trunk@8696 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-03 03:20:58 +00:00
Steve Tornio 074b4ada44 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@8688 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-02 12:23:17 +00:00
Joshua Drake 4b59410507 rename module per ms bulletin
git-svn-id: file:///home/svn/framework3/trunk@8686 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-02 07:50:25 +00:00
Joshua Drake d0153225a0 add exploit module for cve-2009-1612
git-svn-id: file:///home/svn/framework3/trunk@8685 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-02 02:26:55 +00:00
Joshua Drake cc9113397c add exploit for IE Windows Help vulnerability
git-svn-id: file:///home/svn/framework3/trunk@8682 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-01 23:14:20 +00:00
Joshua Drake cc891bce80 whitespace cleanups
git-svn-id: file:///home/svn/framework3/trunk@8677 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-01 15:13:04 +00:00
Joshua Drake afd2df315b rename module part deux!
git-svn-id: file:///home/svn/framework3/trunk@8607 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-23 18:12:10 +00:00
Joshua Drake 705a4626e4 remove dash from file name
git-svn-id: file:///home/svn/framework3/trunk@8605 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-23 18:06:35 +00:00
Joshua Drake 797ab55f52 add exploit module for cve-2009-2011
git-svn-id: file:///home/svn/framework3/trunk@8541 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-17 20:14:40 +00:00
Patrick Webster 3fd3d44ad6 Added barcode_ax49.rb exploit module.
git-svn-id: file:///home/svn/framework3/trunk@8466 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-12 18:06:49 +00:00
James Lee eb6ce38e0c old zero-day shows its age
git-svn-id: file:///home/svn/framework3/trunk@8445 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-10 20:41:07 +00:00
HD Moore ba34abc232 Fix unpack("H*") vs unpack("H*")[0]
git-svn-id: file:///home/svn/framework3/trunk@8416 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 21:37:07 +00:00
Joshua Drake fde3fbb2e3 add exploit module for cve-2009-1569
git-svn-id: file:///home/svn/framework3/trunk@8339 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-01 03:56:02 +00:00
Joshua Drake c073cd707a removed unecessary parameter, commented target
git-svn-id: file:///home/svn/framework3/trunk@8338 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-01 03:33:38 +00:00
Joshua Drake 2783c5884e add exploit module for cve-2009-1568
git-svn-id: file:///home/svn/framework3/trunk@8336 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-01 02:40:47 +00:00
Joshua Drake 4751d83cb8 some cleanups, added some CVE references
git-svn-id: file:///home/svn/framework3/trunk@8304 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 20:15:32 +00:00
Joshua Drake d9e5de5683 note the CLSID of this control
git-svn-id: file:///home/svn/framework3/trunk@8302 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 19:17:50 +00:00
Joshua Drake 31949c4343 svn keywords fixups
fixed a bunch of $Id$ and $Revision$ typos
added keywords property to files missing it



git-svn-id: file:///home/svn/framework3/trunk@8242 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-26 20:12:13 +00:00
Joshua Drake 83f47796fe add reference to ms09-032 (the mitigation)
git-svn-id: file:///home/svn/framework3/trunk@8212 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-24 00:05:19 +00:00
Joshua Drake 409d44bfad fix another typo
git-svn-id: file:///home/svn/framework3/trunk@8190 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 19:26:04 +00:00
Joshua Drake 9cb3ac9340 fix typo
git-svn-id: file:///home/svn/framework3/trunk@8189 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 19:24:54 +00:00
Joshua Drake ab1a1c58db escape more format specifiers passed to util.printd
prevents mucking with the allocation size (hopefully)
a better solution would be to find a different way to allocate the freed memory..


git-svn-id: file:///home/svn/framework3/trunk@8188 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 18:32:01 +00:00
Joshua Drake a87d4e7eb4 escape randomly generated format specifiers passed to util.printd
prevents mucking with the allocation size (hopefully)


git-svn-id: file:///home/svn/framework3/trunk@8186 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 17:09:46 +00:00
Joshua Drake 2b8a2d56a1 some variable renaming
git-svn-id: file:///home/svn/framework3/trunk@8184 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 04:55:16 +00:00
James Lee bbe10b439f let the user know when a client connects
git-svn-id: file:///home/svn/framework3/trunk@8140 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-16 01:00:01 +00:00
HD Moore 69f609bdcd Updated description to make the source of the exploit clear and why it only triggers reliably vs 6 now. Adjusts the heap spray to be slightly bigger
git-svn-id: file:///home/svn/framework3/trunk@8138 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-16 00:55:42 +00:00
Steve Tornio a0326fc842 add CVE and OSVDB refs
git-svn-id: file:///home/svn/framework3/trunk@8137 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-15 22:05:02 +00:00
HD Moore 579a6fe799 Metasploit port of the IE "Aurora" exploit, based on this sample: http://wepawet.iseclab.org/view.php?hash=1aea206aa64ebeabb07237f1e2230d0f&type=js
git-svn-id: file:///home/svn/framework3/trunk@8136 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-15 21:36:04 +00:00
Joshua Drake fba8a1d110 added a German target with 0x0a0a0a0a as the spray addr
git-svn-id: file:///home/svn/framework3/trunk@8125 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-14 22:24:56 +00:00
James Lee 3c6cbbc47e make sure IE service packs don't throw off the version comparison
git-svn-id: file:///home/svn/framework3/trunk@8049 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-31 21:24:00 +00:00
Joshua Drake 2283e029db crossing fingers, big cr removal batch
git-svn-id: file:///home/svn/framework3/trunk@8038 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-30 22:24:22 +00:00
Joshua Drake 19d32b6c97 add jabra to author list
git-svn-id: file:///home/svn/framework3/trunk@7931 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-21 17:01:12 +00:00
Steve Tornio 544efd879b Add OSVDB references
git-svn-id: file:///home/svn/framework3/trunk@7929 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-21 11:53:20 +00:00
Joshua Drake 47ef693b77 add CVE references!
git-svn-id: file:///home/svn/framework3/trunk@7928 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-21 09:38:42 +00:00
HD Moore be42efdd1b Update the PDF modules to work on a wider range of versions
git-svn-id: file:///home/svn/framework3/trunk@7917 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-19 01:02:32 +00:00
James Lee 82d84605e4 advisory says it should work against 5.5, but this module causes js syntax errors, so only run it on 6
git-svn-id: file:///home/svn/framework3/trunk@7914 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-18 19:38:52 +00:00
HD Moore f2ec7795e2 Reliability improvement for the Acrobat bug - use the lame old 0x0c0c0c0c, but this works on the widest range of versions
git-svn-id: file:///home/svn/framework3/trunk@7907 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-17 14:43:05 +00:00
Joshua Drake 026924c9b6 fixed sync issues between browser/fileformat modules
git-svn-id: file:///home/svn/framework3/trunk@7902 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-17 05:19:30 +00:00
Joshua Drake 2baa4a1efa port changes from Lurene to browser version
git-svn-id: file:///home/svn/framework3/trunk@7901 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-17 05:16:35 +00:00
Joshua Drake e563e91d35 added browser versions of yesterdays adobe pdf exploits from jabra
git-svn-id: file:///home/svn/framework3/trunk@7894 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-16 20:37:57 +00:00
James Lee 2570fcee15 get rid of some more ^Ms
git-svn-id: file:///home/svn/framework3/trunk@7880 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 18:47:29 +00:00
James Lee 196ee82179 bye-bye crlf
git-svn-id: file:///home/svn/framework3/trunk@7878 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 18:13:27 +00:00
Joshua Drake 1813a0fb9a updated technique
git-svn-id: file:///home/svn/framework3/trunk@7867 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 00:32:07 +00:00
Mario Ceballos c799df8559 target is no good. offsets change on different installs.
git-svn-id: file:///home/svn/framework3/trunk@7864 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 23:07:21 +00:00
Joshua Drake 88b9ee18af clarified some version info
git-svn-id: file:///home/svn/framework3/trunk@7863 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 23:01:34 +00:00
Joshua Drake 8317b69aca corrected disclosure date
git-svn-id: file:///home/svn/framework3/trunk@7860 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 22:44:37 +00:00
Joshua Drake 2524840348 renamed, new targets, now using seh...
git-svn-id: file:///home/svn/framework3/trunk@7859 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 22:40:56 +00:00
Mario Ceballos 3ac51c7396 added exploit module symantec_altirisdeployment_runcmd.rb.
git-svn-id: file:///home/svn/framework3/trunk@7821 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-11 02:36:01 +00:00
HD Moore 3c08bc0c80 Rename and reference update from the microsoft patch
git-svn-id: file:///home/svn/framework3/trunk@7775 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-09 15:06:26 +00:00
Joshua Drake 87c85b5176 removed executable generation routines from Rex::Text (use Msf::Util::EXE), Fixes #660
git-svn-id: file:///home/svn/framework3/trunk@7760 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-08 21:24:45 +00:00
Joshua Drake 0961ce3523 add exploit module for cve-2009-3693
git-svn-id: file:///home/svn/framework3/trunk@7749 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-08 03:08:46 +00:00
Joshua Drake ff83f1cd2f add ranking to every exploit module, pfew!
git-svn-id: file:///home/svn/framework3/trunk@7724 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-06 05:50:37 +00:00
Joshua Drake 2cf9c3ce2b revision fixups
git-svn-id: file:///home/svn/framework3/trunk@7723 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-06 05:16:11 +00:00
Joshua Drake 17249f29d3 cve roulette also cve-2009-4054
git-svn-id: file:///home/svn/framework3/trunk@7722 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-06 05:00:06 +00:00
HD Moore 927563c135 Correct some assumptions about client-side exploit signature development, remove the prepend since we dont use .net anymore
git-svn-id: file:///home/svn/framework3/trunk@7616 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-25 21:18:26 +00:00
Joshua Drake a4dd52543c removed .net dll bypass, recorded some crash addresses
git-svn-id: file:///home/svn/framework3/trunk@7614 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-25 19:39:15 +00:00
James Lee 00eaff0550 stupid ruby string differences
git-svn-id: file:///home/svn/framework3/trunk@7611 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-25 17:16:45 +00:00
HD Moore 0c19f50718 Fix broken .NET method
git-svn-id: file:///home/svn/framework3/trunk@7610 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-25 17:11:38 +00:00
Joshua Drake f733856974 add exploit module for cve-2009-3762
git-svn-id: file:///home/svn/framework3/trunk@7609 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-25 07:25:04 +00:00
James Lee f516edacfb only works on ie7
git-svn-id: file:///home/svn/framework3/trunk@7603 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-25 02:14:40 +00:00
James Lee c45c15cd29 add autopwn info
git-svn-id: file:///home/svn/framework3/trunk@7599 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-24 23:50:08 +00:00
James Lee 99319d2a55 don't unintentionally create a UNC path. see #558
git-svn-id: file:///home/svn/framework3/trunk@7591 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-24 06:23:03 +00:00
James Lee 4a912e7c0c don't inadvertantly create a UNC path. see #558
git-svn-id: file:///home/svn/framework3/trunk@7590 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-24 06:02:21 +00:00
James Lee 7490e4c4a8 use an absolute uri to the evil gif. fixes #558. we probably ought to have a method for doing this since it seems to be a fairly common problem.
git-svn-id: file:///home/svn/framework3/trunk@7589 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-24 05:44:21 +00:00
Joshua Drake b9939a836f fixed PDF header (oops)
git-svn-id: file:///home/svn/framework3/trunk@7577 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-22 01:01:11 +00:00
Joshua Drake e5796f5b3b changed address to 0x0a0a0a0a
tested against various reader versions
removed pdf version randomization



git-svn-id: file:///home/svn/framework3/trunk@7570 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-19 05:56:03 +00:00
HD Moore 61e233df91 Keywords on all modules, plugins, and scripts
git-svn-id: file:///home/svn/framework3/trunk@7550 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-17 00:05:19 +00:00
Joshua Drake 4edc6d942c updated awingsoft web3d bof module from trancer
git-svn-id: file:///home/svn/framework3/trunk@7533 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-16 16:51:52 +00:00
Joshua Drake 04725e70cc reference updates from Steve Tornio
git-svn-id: file:///home/svn/framework3/trunk@7521 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-15 16:03:01 +00:00
Mario Ceballos 4c23734e72 added exploit module oracle_dc_submittoexpress.rb
git-svn-id: file:///home/svn/framework3/trunk@7520 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-15 01:01:21 +00:00
Joshua Drake 7573994152 add exploit module for another winds3d 0day
git-svn-id: file:///home/svn/framework3/trunk@7518 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-14 22:26:08 +00:00
Joshua Drake 240a8444b0 Fixed some license problems
git-svn-id: file:///home/svn/framework3/trunk@7515 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-14 18:09:05 +00:00
Mario Ceballos bbfc195735 added patch from Steve Tornio.
git-svn-id: file:///home/svn/framework3/trunk@7514 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-14 13:26:27 +00:00
Joshua Drake 8d382ef487 oops -- removed CVE/BID/OSVDB references
git-svn-id: file:///home/svn/framework3/trunk@7512 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-14 04:46:21 +00:00
Joshua Drake 74269325db added CVE/BID/OSVDB references
git-svn-id: file:///home/svn/framework3/trunk@7511 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-14 04:42:02 +00:00
Joshua Drake f86eca488a minor fixup in email addr
git-svn-id: file:///home/svn/framework3/trunk@7510 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-14 04:39:00 +00:00
Joshua Drake 9381abf41a swap L to V for packing
git-svn-id: file:///home/svn/framework3/trunk@7509 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-14 04:38:03 +00:00
Joshua Drake 70cf288b99 added trancer's exploit for cve-2009-2386
git-svn-id: file:///home/svn/framework3/trunk@7508 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-14 04:36:20 +00:00
Joshua Drake da6fa072f2 add module for cve-2008-0492
git-svn-id: file:///home/svn/framework3/trunk@7490 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-13 18:09:50 +00:00
Joshua Drake 7758ebfda4 uniquified name
git-svn-id: file:///home/svn/framework3/trunk@7488 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-13 00:22:14 +00:00
Joshua Drake 61f2c0b195 uniqified name
git-svn-id: file:///home/svn/framework3/trunk@7487 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-13 00:21:54 +00:00
Joshua Drake 2e4f5734ea fixed typo
git-svn-id: file:///home/svn/framework3/trunk@7486 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-13 00:21:09 +00:00
James Lee 70b2d06c86 speed up content creation, string concat sucks
git-svn-id: file:///home/svn/framework3/trunk@7356 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-04 19:06:01 +00:00
James Lee c675cfb1cf Fix 1.9.1 issues, make the vbs smaller (down to about 4MB from almost 10)
git-svn-id: file:///home/svn/framework3/trunk@7355 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-04 18:55:32 +00:00
HD Moore 9e654c51f2 Revive
git-svn-id: file:///home/svn/framework3/trunk@7348 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-04 04:04:39 +00:00
HD Moore 4b53b1d378 Purge
git-svn-id: file:///home/svn/framework3/trunk@7347 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-04 04:04:17 +00:00
HD Moore 98d9d66905 Replaced with encoded shiny bits
git-svn-id: file:///home/svn/framework3/trunk@7346 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-04 03:56:12 +00:00
HD Moore 0a52c98e03 Purging this module due to lame AV sigs, re-adding in a sillier form
git-svn-id: file:///home/svn/framework3/trunk@7345 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-04 03:50:31 +00:00
Mario Ceballos aef3817db9 added patch from steve tornio.
git-svn-id: file:///home/svn/framework3/trunk@7331 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-03 12:02:54 +00:00
Mario Ceballos b62dc9705e remove some debugging.
git-svn-id: file:///home/svn/framework3/trunk@7329 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-02 21:21:50 +00:00
Mario Ceballos 73bd4f7de2 added exploit module symantec_consoleutilities_browseandsavefile.rb from Nikolas Sotiriu.
git-svn-id: file:///home/svn/framework3/trunk@7328 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-02 21:02:45 +00:00
HD Moore 4f3128c061 Stop randomizing the module version, it breaks Acrobat 9
git-svn-id: file:///home/svn/framework3/trunk@7303 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-29 04:09:07 +00:00
Mario Ceballos 131adc4c3a fixed cve reference number.
git-svn-id: file:///home/svn/framework3/trunk@7260 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-25 21:19:27 +00:00
HD Moore e3f68f2639 Another large number of warnings fixed by Yoann Guillot
git-svn-id: file:///home/svn/framework3/trunk@7248 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-25 17:18:23 +00:00
HD Moore a0fbc2914f Remove the milw0rm references, as the links are no longer valid.
git-svn-id: file:///home/svn/framework3/trunk@7237 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-24 18:13:07 +00:00
Mario Ceballos bac233108f added exploit modules ms_visual_studio_msmask.rb and ms_visual_basic_vbp.rb
git-svn-id: file:///home/svn/framework3/trunk@7208 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-19 12:58:03 +00:00
HD Moore d3aa513773 Fixes #339. Cleans up author names for the most part - there are still some stragglers, but this should fix up the frequent contributors
git-svn-id: file:///home/svn/framework3/trunk@7173 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-17 05:55:15 +00:00
Mario Ceballos 62dc4c74d7 added activepdf_webgrabber.rb, etrust_pestscan.rb, ea_checkrequirements.rb and mcafee_hercules_deletesnapshot.rb exploit modules.
git-svn-id: file:///home/svn/framework3/trunk@7167 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-15 15:22:16 +00:00
Mario Ceballos aae4ac74c1 more adjusting of the cve entries.
git-svn-id: file:///home/svn/framework3/trunk@7157 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-14 12:56:13 +00:00
Mario Ceballos 8e365c17fa fixed the cve entrys.
git-svn-id: file:///home/svn/framework3/trunk@7156 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-14 11:45:14 +00:00
Mario Ceballos aee16a85ab fixed the cve entry.
git-svn-id: file:///home/svn/framework3/trunk@7155 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-14 11:28:50 +00:00
Mario Ceballos 63ad9ebf27 added exploit module aol_icq_downloadagent.rb
git-svn-id: file:///home/svn/framework3/trunk@7153 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-13 17:04:05 +00:00
HD Moore 5d9f3323e8 Last two reference updates from Steve Tornio
git-svn-id: file:///home/svn/framework3/trunk@7150 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-12 14:42:51 +00:00
HD Moore 26db223636 OSVDB reference update from Steve Tornio
git-svn-id: file:///home/svn/framework3/trunk@7149 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-12 14:39:51 +00:00
Mario Ceballos a8ccd1fe98 updated references with bid/cve.
git-svn-id: file:///home/svn/framework3/trunk@7148 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-12 12:39:15 +00:00
Mario Ceballos 5b6f16a0f9 added exploit modules athocgov_completeinstallation.rb and symantec_iao.rb
git-svn-id: file:///home/svn/framework3/trunk@7147 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-12 12:31:52 +00:00
Mario Ceballos 1cadfa4ea7 added exploit module amaya_bdo.rb from dookie.
git-svn-id: file:///home/svn/framework3/trunk@7136 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-10 21:51:25 +00:00
kris f21e3c8754 svn:keywords run
git-svn-id: file:///home/svn/framework3/trunk@7128 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-04 23:38:06 +00:00
HD Moore 5972666f63 See #339. Massive cleanup of author names, make them consistent across modules
git-svn-id: file:///home/svn/framework3/trunk@7075 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-27 21:30:45 +00:00
James Lee 9ace8f33eb OSVDB references from Steve Tornio
git-svn-id: file:///home/svn/framework3/trunk@7030 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-12 04:22:58 +00:00
Mario Ceballos 13f5e1c2e5 added exploit module symantec_altirisdeployment_downloadandinstall.rb
git-svn-id: file:///home/svn/framework3/trunk@7023 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-09 22:30:01 +00:00
HD Moore 71d644e72e Fix the Payload->Space to match the new max size limit for the EXE generator. Thanks for catching it MC
git-svn-id: file:///home/svn/framework3/trunk@7022 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-09 21:23:11 +00:00
druid 20102275ce Updated references
git-svn-id: file:///home/svn/framework3/trunk@6956 4d416f70-5f16-0410-b530-b9f4589650da
2009-08-13 22:35:42 +00:00
druid 0a29ce88c0 Added MSB reference
git-svn-id: file:///home/svn/framework3/trunk@6955 4d416f70-5f16-0410-b530-b9f4589650da
2009-08-13 19:25:02 +00:00
Patrick Webster 91faadd782 Added juniper_sslvpn_ive_setupdll ActiveX exploit module.
git-svn-id: file:///home/svn/framework3/trunk@6921 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-30 15:47:23 +00:00
HD Moore 876a80f601 Updated osvdb references from Steve Tornio, updated capture/eth_spoof modules
git-svn-id: file:///home/svn/framework3/trunk@6907 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-27 14:05:23 +00:00
kris d3e65b3363 svn:keywords run
git-svn-id: file:///home/svn/framework3/trunk@6876 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-23 02:55:51 +00:00
James Lee 739207bf4a merge browser_autopwn back into trunk. This changes the database schema slightly, so make sure to db_destroy and db_create before using the database features.
git-svn-id: file:///home/svn/framework3/trunk@6873 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-22 20:14:35 +00:00
James Lee 750a432fd0 fix calls to new to_win32pe with correct number of arguments
git-svn-id: file:///home/svn/framework3/trunk@6872 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-22 19:23:21 +00:00
James Lee 529ded22ae reverting last commit; somebody didn't cross their fingers
git-svn-id: file:///home/svn/framework3/trunk@6847 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-19 20:48:47 +00:00
James Lee c3dc1ecb55 reintegrate browser_autopwn into trunk; cross your fingers and hope this works
git-svn-id: file:///home/svn/framework3/trunk@6846 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-19 17:27:36 +00:00
HD Moore f8c2a203fd OSVDB references updates from Steve Tornio
git-svn-id: file:///home/svn/framework3/trunk@6812 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-16 16:02:24 +00:00
HD Moore b018df89da Some minor tweaks, looks like this module doesnt play nice with the new JS encrypter
git-svn-id: file:///home/svn/framework3/trunk@6799 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-14 11:59:33 +00:00
HD Moore b2a0f8adf5 Comment out references for now
git-svn-id: file:///home/svn/framework3/trunk@6795 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-14 02:42:52 +00:00
HD Moore 298ba64734 Fix the references section
git-svn-id: file:///home/svn/framework3/trunk@6794 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-14 00:25:26 +00:00
HD Moore 306841cc69 Adds coverage for the new OWC ActiveX control exploit
git-svn-id: file:///home/svn/framework3/trunk@6792 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-13 23:39:42 +00:00
HD Moore 5fb316b383 Integrates L4teral's JS encoder/encrypter
git-svn-id: file:///home/svn/framework3/trunk@6784 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-13 22:17:11 +00:00
druid c846f02c79 Final commit of working CLSIDs
git-svn-id: file:///home/svn/framework3/trunk@6755 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-08 22:15:59 +00:00
druid 7a7b2df5a5 Updated list of working ClassIDs
git-svn-id: file:///home/svn/framework3/trunk@6754 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-08 21:34:13 +00:00
druid b9e7e0b902 Removed some CLSIDs that didn't work
git-svn-id: file:///home/svn/framework3/trunk@6753 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-08 21:25:23 +00:00
druid 02f7d6b586 Exploit now uses a random ClassID from the list provided by the Microsoft Advisory rather than a static one (also configurable via an advanced option).
git-svn-id: file:///home/svn/framework3/trunk@6751 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-08 19:47:44 +00:00
HD Moore a54b9a06ef Exploit module for the new MS Video ActiveX flaw from Trancer. See more at http://www.rec-sec.com/2009/07/06/ms-directshow-msvidctl-exploit/
git-svn-id: file:///home/svn/framework3/trunk@6750 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-07 11:11:46 +00:00
HD Moore d0fe4e8610 Remove overzealous change for 1.9.1 compat
git-svn-id: file:///home/svn/framework3/trunk@6697 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-22 13:22:50 +00:00
HD Moore 66a6bfe9c0 Make the PDF modules 1.9.1 compatible
git-svn-id: file:///home/svn/framework3/trunk@6696 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-22 13:21:08 +00:00
HD Moore 2ec7693d94 Fix up the modules to pass in the framework object into the new API call
git-svn-id: file:///home/svn/framework3/trunk@6687 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-20 18:18:04 +00:00
HD Moore 2283e0ffe4 Update executable template and API
git-svn-id: file:///home/svn/framework3/trunk@6682 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-20 17:42:17 +00:00
HD Moore 3a9e42ceb8 Green dam exploit from Trancer
git-svn-id: file:///home/svn/framework3/trunk@6671 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-18 01:54:15 +00:00
HD Moore a5f567e76e Massive OSVDB reference update from Steve Tornio.
git-svn-id: file:///home/svn/framework3/trunk@6629 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-07 20:20:42 +00:00
Mario Ceballos fe463072d6 added exploit module ibmegath_getxmlvalue.rb
git-svn-id: file:///home/svn/framework3/trunk@6609 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-01 11:19:06 +00:00
HD Moore f17ee863bc Three new unpatched exploits from trancer: http://www.rec-sec.com
git-svn-id: file:///home/svn/framework3/trunk@6578 4d416f70-5f16-0410-b530-b9f4589650da
2009-05-24 15:06:12 +00:00
HD Moore 1eddbbf332 More references from Steve Tornio
git-svn-id: file:///home/svn/framework3/trunk@6551 4d416f70-5f16-0410-b530-b9f4589650da
2009-05-14 19:56:07 +00:00
HD Moore 9d8581a17e More osvdb references from Steve Tornio
git-svn-id: file:///home/svn/framework3/trunk@6550 4d416f70-5f16-0410-b530-b9f4589650da
2009-05-13 17:39:42 +00:00
HD Moore 0981295879 More osvdb references from Steve Tornio
git-svn-id: file:///home/svn/framework3/trunk@6547 4d416f70-5f16-0410-b530-b9f4589650da
2009-05-12 19:56:54 +00:00
Mario Ceballos 89d0cb3954 added exploit module mswhale_checkforupdates.rb
git-svn-id: file:///home/svn/framework3/trunk@6486 4d416f70-5f16-0410-b530-b9f4589650da
2009-04-15 21:38:50 +00:00
kris 37c2e301ed replacing defunct framework URL in header comments in most modules and pcap_log
git-svn-id: file:///home/svn/framework3/trunk@6479 4d416f70-5f16-0410-b530-b9f4589650da
2009-04-13 14:33:26 +00:00
Mario Ceballos 3c54e15590 added exploit module sapgui_saveviewtosessionfile.rb
git-svn-id: file:///home/svn/framework3/trunk@6455 4d416f70-5f16-0410-b530-b9f4589650da
2009-04-02 20:43:06 +00:00
natron 8d7c6d6367 Browser version of jbig2decode
git-svn-id: file:///home/svn/framework3/trunk@6451 4d416f70-5f16-0410-b530-b9f4589650da
2009-03-31 14:58:37 +00:00
HD Moore 9d2382f5f5 Adds the PDF geticon modules from jduck
git-svn-id: file:///home/svn/framework3/trunk@6409 4d416f70-5f16-0410-b530-b9f4589650da
2009-03-28 07:40:29 +00:00
HD Moore eccfcdfced Sets svn keywords on modules missing it, tweaks the emailer module
git-svn-id: file:///home/svn/framework3/trunk@6407 4d416f70-5f16-0410-b530-b9f4589650da
2009-03-28 06:03:35 +00:00
HD Moore a5125c6c87 Update the module description
git-svn-id: file:///home/svn/framework3/trunk@6404 4d416f70-5f16-0410-b530-b9f4589650da
2009-03-28 05:52:40 +00:00
Mario Ceballos a036178737 added exploit module orbit_connecting.rb
git-svn-id: file:///home/svn/framework3/trunk@6348 4d416f70-5f16-0410-b530-b9f4589650da
2009-03-17 01:24:16 +00:00
kris 804ff61df6 big svn:keywords run
git-svn-id: file:///home/svn/framework3/trunk@6345 4d416f70-5f16-0410-b530-b9f4589650da
2009-03-15 18:12:33 +00:00
Patrick Webster 2df5dc3204 Added exploit module ebook_flipviewer_fviewerloading from LSO.
git-svn-id: file:///home/svn/framework3/trunk@6281 4d416f70-5f16-0410-b530-b9f4589650da
2009-03-02 23:14:54 +00:00
natron b6731747c4 added ie_unsafe_scripting exploit module
git-svn-id: file:///home/svn/framework3/trunk@6260 4d416f70-5f16-0410-b530-b9f4589650da
2009-02-27 22:35:50 +00:00
cg 8fe4bf88b9 MS09-002 coverage by dean
git-svn-id: file:///home/svn/framework3/trunk@6238 4d416f70-5f16-0410-b530-b9f4589650da
2009-02-20 17:46:52 +00:00
Mario Ceballos 7ef0ddeec5 added exploit module symantec_appstream_unsafe.rb
git-svn-id: file:///home/svn/framework3/trunk@6162 4d416f70-5f16-0410-b530-b9f4589650da
2009-01-18 02:19:26 +00:00
Mario Ceballos 430d7cb424 fixed BID number.
git-svn-id: file:///home/svn/framework3/trunk@6145 4d416f70-5f16-0410-b530-b9f4589650da
2009-01-13 14:41:14 +00:00
Mario Ceballos bc1f2da254 added exploit module winzip_fileview.rb from dean.
git-svn-id: file:///home/svn/framework3/trunk@6144 4d416f70-5f16-0410-b530-b9f4589650da
2009-01-13 14:04:53 +00:00
Mario Ceballos 3ee6eaede8 added exploit module nis2004_antispam.rb that makes use of egypts newly added heap spray stuff.
git-svn-id: file:///home/svn/framework3/trunk@6109 4d416f70-5f16-0410-b530-b9f4589650da
2009-01-10 14:00:49 +00:00
Mario Ceballos fa950d64ef updated with the authors email address.
git-svn-id: file:///home/svn/framework3/trunk@6076 4d416f70-5f16-0410-b530-b9f4589650da
2009-01-05 13:09:18 +00:00
Mario Ceballos 33940517c5 added exploit modules ca_brightstor_addcolumn.rb and verypdf_pdfview.rb from dean.
git-svn-id: file:///home/svn/framework3/trunk@6073 4d416f70-5f16-0410-b530-b9f4589650da
2009-01-04 21:51:04 +00:00
HD Moore 45c08a9011 Fallback to heap spray if the .NET DLL does not load
git-svn-id: file:///home/svn/framework3/trunk@6015 4d416f70-5f16-0410-b530-b9f4589650da
2008-12-17 04:19:54 +00:00
Mario Ceballos aa53df6535 add exploit module adobe_utilprintf.rb, browser based.
git-svn-id: file:///home/svn/framework3/trunk@6014 4d416f70-5f16-0410-b530-b9f4589650da
2008-12-15 15:44:02 +00:00
HD Moore 5822ab75a7 Adds an exploit module (universal) for the new internet explorer xml bug. This module shows off the .NET memory techniques discovered by Alexander Sotirov and Mark Dowd. This code should bypass DEP, ASLR, and NX :-)
git-svn-id: file:///home/svn/framework3/trunk@6012 4d416f70-5f16-0410-b530-b9f4589650da
2008-12-12 01:45:00 +00:00
Ramon de C Valle c66d6c4e46 Set property 'svn:keywords'
git-svn-id: file:///home/svn/framework3/trunk@5783 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-23 02:43:21 +00:00
Ramon de C Valle f124597a56 Code cleanups
git-svn-id: file:///home/svn/framework3/trunk@5773 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-19 21:03:39 +00:00
Mario Ceballos 3de5bab19b added exploit module zenturiprogramchecker_unsafe.rb
git-svn-id: file:///home/svn/framework3/trunk@5769 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-19 13:15:53 +00:00
Mario Ceballos fd95f81cd6 added exploit module systemrequirementslab_unsafe.rb
git-svn-id: file:///home/svn/framework3/trunk@5754 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-14 19:19:39 +00:00
Mario Ceballos b508358132 added exploit modules lpviewer_url.rb and softartisans_getdrivename.rb
git-svn-id: file:///home/svn/framework3/trunk@5750 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-14 13:41:52 +00:00
HD Moore a7a7da9e28 Newer mercury module, more reliable using 0x0c0c0c0c return
git-svn-id: file:///home/svn/framework3/trunk@5742 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-12 17:11:14 +00:00
Mario Ceballos 6ad1a82101 fixed tabbing.
git-svn-id: file:///home/svn/framework3/trunk@5710 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-02 15:48:25 +00:00
HD Moore fd256ec4a1 This massive commit changes the metasploit 3 module format. The new syntax allows for greater scalability and future improvements to the metasploit module loader. This change also makes it easier for users to add new modules, since the class name no longer needs to match the directory structure.
git-svn-id: file:///home/svn/framework3/trunk@5709 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-02 05:23:59 +00:00
Mario Ceballos 67a25b6ce8 added exploit modules ms08_053_mediaencoder.rb, macrovision_unsafe.rb and
ms08_041_snapshotviewer.rb


git-svn-id: file:///home/svn/framework3/trunk@5707 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-01 22:40:57 +00:00
James Lee a212bfba99 fix PrepenEncoder typo, replace it with 'StackAdjustment' => -3500
git-svn-id: file:///home/svn/framework3/trunk@5613 4d416f70-5f16-0410-b530-b9f4589650da
2008-08-01 20:04:42 +00:00
James Lee a97dbb0106 fix missing semicolon in js
git-svn-id: file:///home/svn/framework3/trunk@5612 4d416f70-5f16-0410-b530-b9f4589650da
2008-08-01 02:48:32 +00:00
Mario Ceballos ee0f6ed5cc module update from Elazar Broad.
git-svn-id: file:///home/svn/framework3/trunk@5606 4d416f70-5f16-0410-b530-b9f4589650da
2008-07-27 11:23:42 +00:00
James Lee 894606aab4 bug fix in javascript
git-svn-id: file:///home/svn/framework3/trunk@5570 4d416f70-5f16-0410-b530-b9f4589650da
2008-07-23 00:55:21 +00:00
James Lee d9331e8754 Make browser exploits identify themselves for use with browser_autopwn
git-svn-id: file:///home/svn/framework3/trunk@5551 4d416f70-5f16-0410-b530-b9f4589650da
2008-07-13 01:36:27 +00:00
James Lee 8800372e46 initial commit of browser_autopwn;
revamp php payloads;
socks5 for IPv6 (untested)



git-svn-id: file:///home/svn/framework3/trunk@5546 4d416f70-5f16-0410-b530-b9f4589650da
2008-07-01 01:44:56 +00:00
Mario Ceballos 13859c23d9 added exploit module novelliprint_getdriversettings.rb.
git-svn-id: file:///home/svn/framework3/trunk@5533 4d416f70-5f16-0410-b530-b9f4589650da
2008-06-19 00:06:18 +00:00
Mario Ceballos 8e7ac6c9ac added exploit module creative_software_cachefolder.rb
git-svn-id: file:///home/svn/framework3/trunk@5531 4d416f70-5f16-0410-b530-b9f4589650da
2008-06-17 15:11:17 +00:00
James Lee 899973b7ea Send 404 when we can't exploit a mozilla browser so client doesn't hang.
git-svn-id: file:///home/svn/framework3/trunk@5497 4d416f70-5f16-0410-b530-b9f4589650da
2008-04-26 18:10:41 +00:00
James Lee faa5f7c967 randomize_space
git-svn-id: file:///home/svn/framework3/trunk@5496 4d416f70-5f16-0410-b530-b9f4589650da
2008-04-25 05:29:29 +00:00
HD Moore 82330fff7e Importing two new wireless DoS modules, setting svn:keywords flags where needed.
git-svn-id: file:///home/svn/framework3/trunk@5482 4d416f70-5f16-0410-b530-b9f4589650da
2008-04-21 05:27:06 +00:00
Patrick Webster ade70d182c Added tumbleweed_filetransfer module.
git-svn-id: file:///home/svn/framework3/trunk@5470 4d416f70-5f16-0410-b530-b9f4589650da
2008-04-07 07:57:10 +00:00
Mario Ceballos d41a814ed5 added exploit modules mysql_yassl(win32/linux) and realplayer_console from EB.
git-svn-id: file:///home/svn/framework3/trunk@5463 4d416f70-5f16-0410-b530-b9f4589650da
2008-04-01 11:22:32 +00:00
Mario Ceballos 3e81678f93 added exploit modules winamp_ultravox.rb and
novelliprint_executerequest.rb.


git-svn-id: file:///home/svn/framework3/trunk@5423 4d416f70-5f16-0410-b530-b9f4589650da
2008-03-01 17:20:24 +00:00
Mario Ceballos 845af72226 New exploit module from EB.
git-svn-id: file:///home/svn/framework3/trunk@5422 4d416f70-5f16-0410-b530-b9f4589650da
2008-03-01 02:02:34 +00:00
HD Moore 6a3ccc2955 Fixes for the JS try/catch from EB.
git-svn-id: file:///home/svn/framework3/trunk@5420 4d416f70-5f16-0410-b530-b9f4589650da
2008-02-20 16:45:03 +00:00
HD Moore 93d390e2da Replacement module (more reliable) from EB
git-svn-id: file:///home/svn/framework3/trunk@5416 4d416f70-5f16-0410-b530-b9f4589650da
2008-02-14 16:15:20 +00:00
HD Moore 2dfb607b49 New exploit module from EB and MC
git-svn-id: file:///home/svn/framework3/trunk@5410 4d416f70-5f16-0410-b530-b9f4589650da
2008-02-11 02:28:03 +00:00
Mario Ceballos f4708d774f added exploit modules wincomlpd_admin.rb and facebook_extractiptc.rb.
git-svn-id: file:///home/svn/framework3/trunk@5399 4d416f70-5f16-0410-b530-b9f4589650da
2008-02-07 23:08:14 +00:00
HD Moore 9b6b0990b1 Correct the cve reference format
git-svn-id: file:///home/svn/framework3/trunk@5364 4d416f70-5f16-0410-b530-b9f4589650da
2008-01-27 02:13:54 +00:00
Mario Ceballos 5eda38fa5f IE6...
git-svn-id: file:///home/svn/framework3/trunk@5225 4d416f70-5f16-0410-b530-b9f4589650da
2007-12-27 01:29:04 +00:00
Mario Ceballos 29569b6689 added exploit module hploadrunner.rb.
git-svn-id: file:///home/svn/framework3/trunk@5224 4d416f70-5f16-0410-b530-b9f4589650da
2007-12-27 00:34:33 +00:00
Mario Ceballos c09840e49e added exploit module macrovision_downloadandexecute.rb
git-svn-id: file:///home/svn/framework3/trunk@5223 4d416f70-5f16-0410-b530-b9f4589650da
2007-12-26 12:17:05 +00:00
Mario Ceballos f2103a4a93 added exploit module realplayer_import.rb
git-svn-id: file:///home/svn/framework3/trunk@5213 4d416f70-5f16-0410-b530-b9f4589650da
2007-12-02 17:58:44 +00:00
Mario Ceballos a985158a88 added exploit module sonicwall_addrouteentry.rb
git-svn-id: file:///home/svn/framework3/trunk@5191 4d416f70-5f16-0410-b530-b9f4589650da
2007-11-01 23:15:34 +00:00
Mario Ceballos e2835eec60 added exploit module gom_openurl.rb
git-svn-id: file:///home/svn/framework3/trunk@5189 4d416f70-5f16-0410-b530-b9f4589650da
2007-10-30 21:48:56 +00:00
HD Moore 599aaff600 Correct the module title
git-svn-id: file:///home/svn/framework3/trunk@5183 4d416f70-5f16-0410-b530-b9f4589650da
2007-10-24 16:07:08 +00:00
HD Moore a7626884f6 New module from Trirat Puttaraksa
git-svn-id: file:///home/svn/framework3/trunk@5182 4d416f70-5f16-0410-b530-b9f4589650da
2007-10-24 13:56:18 +00:00
Mario Ceballos 66bd69097c added exploit module kazaa_altnet_heap.rb
git-svn-id: file:///home/svn/framework3/trunk@5135 4d416f70-5f16-0410-b530-b9f4589650da
2007-10-03 16:09:53 +00:00
Mario Ceballos eb88fb1875 added exploit module yahoomessenger_fvcom.rb
git-svn-id: file:///home/svn/framework3/trunk@5129 4d416f70-5f16-0410-b530-b9f4589650da
2007-10-01 10:58:50 +00:00
Mario Ceballos c4868b4cb3 added exploit module ask_shortformat.rb.
git-svn-id: file:///home/svn/framework3/trunk@5120 4d416f70-5f16-0410-b530-b9f4589650da
2007-09-25 02:02:56 +00:00
HD Moore 04c6dbc748 Updated svn:keywords
git-svn-id: file:///home/svn/framework3/trunk@5100 4d416f70-5f16-0410-b530-b9f4589650da
2007-09-10 01:01:20 +00:00
Mario Ceballos 8dcba76799 added exploit module trendmicro_officescan.rb
git-svn-id: file:///home/svn/framework3/trunk@5083 4d416f70-5f16-0410-b530-b9f4589650da
2007-08-31 11:58:31 +00:00
Mario Ceballos 6deb8a18a4 added module enjoysapgui_preparetoposthtml.rb
git-svn-id: file:///home/svn/framework3/trunk@5058 4d416f70-5f16-0410-b530-b9f4589650da
2007-07-18 21:49:44 +00:00
Mario Ceballos c46cb1e466 updated ref.
git-svn-id: file:///home/svn/framework3/trunk@5038 4d416f70-5f16-0410-b530-b9f4589650da
2007-07-08 02:31:17 +00:00
Mario Ceballos 7488351910 added exploit module mcafeevisualtrace_tracetarget.rb
git-svn-id: file:///home/svn/framework3/trunk@5037 4d416f70-5f16-0410-b530-b9f4589650da
2007-07-08 02:24:22 +00:00
Mario Ceballos 91f65449aa added exploit modules logitechvideocall_start.rb and
trendmicro_serverprotect_earthagent.rb


git-svn-id: file:///home/svn/framework3/trunk@5010 4d416f70-5f16-0410-b530-b9f4589650da
2007-07-01 16:04:22 +00:00
Matt Miller c844826266 use exploit base class method
git-svn-id: file:///home/svn/framework3/trunk@5007 4d416f70-5f16-0410-b530-b9f4589650da
2007-06-29 00:29:53 +00:00
HD Moore 2fc2baab0b Brand new ANI module from Solar Eclipse
git-svn-id: file:///home/svn/framework3/trunk@4996 4d416f70-5f16-0410-b530-b9f4589650da
2007-06-18 03:00:08 +00:00
Mario Ceballos 04f35ada87 added exploit module yahoomessenger_server.rb (SEH)
git-svn-id: file:///home/svn/framework3/trunk@4982 4d416f70-5f16-0410-b530-b9f4589650da
2007-06-07 21:32:23 +00:00
HD Moore 26ccc3be69 Adds the first version of the new samba module. Adds keywords to MC's new modules.
git-svn-id: file:///home/svn/framework3/trunk@4953 4d416f70-5f16-0410-b530-b9f4589650da
2007-05-21 20:51:13 +00:00
Mario Ceballos b47efb9d4b added exploit module nis2004_get.rb
git-svn-id: file:///home/svn/framework3/trunk@4928 4d416f70-5f16-0410-b530-b9f4589650da
2007-05-18 04:19:21 +00:00
Mario Ceballos 00ea0f9932 added exploit module bearshare_setformatlikesample.rb
git-svn-id: file:///home/svn/framework3/trunk@4916 4d416f70-5f16-0410-b530-b9f4589650da
2007-05-16 15:12:22 +00:00
HD Moore d95a0d8d90 Updated svn:keywords, merging minor changes
git-svn-id: file:///home/svn/framework3/trunk@4886 4d416f70-5f16-0410-b530-b9f4589650da
2007-05-07 04:48:45 +00:00
HD Moore df60900e34 Remove a duplicate target (thanks Ramon)
git-svn-id: file:///home/svn/framework3/trunk@4845 4d416f70-5f16-0410-b530-b9f4589650da
2007-05-03 03:14:22 +00:00
HD Moore 7d7f244bf6 Fixes #87. Adds new targets to the ANI exploits, fixes Vista target for OE
git-svn-id: file:///home/svn/framework3/trunk@4795 4d416f70-5f16-0410-b530-b9f4589650da
2007-04-28 18:32:36 +00:00
Mario Ceballos e39dd847b9 fixed description.
git-svn-id: file:///home/svn/framework3/trunk@4714 4d416f70-5f16-0410-b530-b9f4589650da
2007-04-20 14:52:14 +00:00
Matt Miller e0b8f5cb9e browser exploits auto inherit check dep and autofilter now
git-svn-id: file:///home/svn/framework3/trunk@4670 4d416f70-5f16-0410-b530-b9f4589650da
2007-04-13 04:15:38 +00:00
Mario Ceballos 2f365ca59b added exploit module windvd7_applicationtype.rb
git-svn-id: file:///home/svn/framework3/trunk@4663 4d416f70-5f16-0410-b530-b9f4589650da
2007-04-11 23:00:09 +00:00
Mario Ceballos 53a1d7e988 added exploit module hpmqc_progcolor.rb
git-svn-id: file:///home/svn/framework3/trunk@4661 4d416f70-5f16-0410-b530-b9f4589650da
2007-04-06 20:37:30 +00:00
HD Moore f60785b2f5 Adds a target for French SP2
git-svn-id: file:///home/svn/framework3/trunk@4658 4d416f70-5f16-0410-b530-b9f4589650da
2007-04-06 04:48:41 +00:00
HD Moore 0c8f9e96b5 Consistent use of handler(cli) after the payload is sent to the user
git-svn-id: file:///home/svn/framework3/trunk@4645 4d416f70-5f16-0410-b530-b9f4589650da
2007-04-04 04:34:17 +00:00
Matt Miller a319b8e582 got rid of duplicated code in browser exploits, fixes #71
git-svn-id: file:///home/svn/framework3/trunk@4642 4d416f70-5f16-0410-b530-b9f4589650da
2007-04-04 02:04:37 +00:00
Matt Miller 317f95d4a2 use the correct payload
git-svn-id: file:///home/svn/framework3/trunk@4640 4d416f70-5f16-0410-b530-b9f4589650da
2007-04-03 07:50:02 +00:00
Matt Miller ddf9c8bac1 correct disclosure date
git-svn-id: file:///home/svn/framework3/trunk@4639 4d416f70-5f16-0410-b530-b9f4589650da
2007-04-03 07:49:27 +00:00
Matt Miller ed030e4807 correct disclosure date
git-svn-id: file:///home/svn/framework3/trunk@4638 4d416f70-5f16-0410-b530-b9f4589650da
2007-04-03 07:48:58 +00:00
Matt Miller 4abe720796 correct disclosure date
git-svn-id: file:///home/svn/framework3/trunk@4637 4d416f70-5f16-0410-b530-b9f4589650da
2007-04-03 07:48:07 +00:00
Matt Miller b74311c71d initial integration of alex's heaplib, and a port of the keyframe exploit
git-svn-id: file:///home/svn/framework3/trunk@4635 4d416f70-5f16-0410-b530-b9f4589650da
2007-04-03 07:35:54 +00:00
HD Moore 080300605a Fix KCODE in Rails (msfweb). Revert ANI exploits back after resolving the issue
git-svn-id: file:///home/svn/framework3/trunk@4633 4d416f70-5f16-0410-b530-b9f4589650da
2007-04-03 04:10:09 +00:00
HD Moore e39233c32b Switch to a 40 byte block of null ptrs for the padding, required for reliability on XP
git-svn-id: file:///home/svn/framework3/trunk@4631 4d416f70-5f16-0410-b530-b9f4589650da
2007-04-03 02:59:26 +00:00
HD Moore 4e1a79ada4 Merged in a patch from Matt for fixing Vista support
git-svn-id: file:///home/svn/framework3/trunk@4627 4d416f70-5f16-0410-b530-b9f4589650da
2007-04-02 21:38:20 +00:00
HD Moore 97db1f3fd7 Two quick fixes
git-svn-id: file:///home/svn/framework3/trunk@4625 4d416f70-5f16-0410-b530-b9f4589650da
2007-04-02 07:04:22 +00:00
Matt Miller 97b6cf3636 here we go
git-svn-id: file:///home/svn/framework3/trunk@4613 4d416f70-5f16-0410-b530-b9f4589650da
2007-04-02 05:51:22 +00:00
HD Moore 7e23cef93c Removed the extraneous sub esp, changed payload space to be 1024 on the http version
git-svn-id: file:///home/svn/framework3/trunk@4611 4d416f70-5f16-0410-b530-b9f4589650da
2007-04-02 05:46:10 +00:00
HD Moore b2ff98b4e9 Fixed the copy-to-stack stub, should work great now
git-svn-id: file:///home/svn/framework3/trunk@4610 4d416f70-5f16-0410-b530-b9f4589650da
2007-04-02 05:42:27 +00:00
HD Moore ac19614bb3 This adds the stack copy prefixer to the ANI code
git-svn-id: file:///home/svn/framework3/trunk@4609 4d416f70-5f16-0410-b530-b9f4589650da
2007-04-02 05:27:41 +00:00
HD Moore b16fc9fd53 Minor updates for targetting
git-svn-id: file:///home/svn/framework3/trunk@4606 4d416f70-5f16-0410-b530-b9f4589650da
2007-04-02 03:10:01 +00:00
Matt Miller aba1959d44 tab vs. space :)
git-svn-id: file:///home/svn/framework3/trunk@4605 4d416f70-5f16-0410-b530-b9f4589650da
2007-04-01 22:24:42 +00:00
Matt Miller f9d8c4e820 modifications to support using an explicit target to regen payloads
git-svn-id: file:///home/svn/framework3/trunk@4602 4d416f70-5f16-0410-b530-b9f4589650da
2007-04-01 21:21:10 +00:00
HD Moore 0c263cf036 Woops, forgot to change all references to the 'All Target's item
git-svn-id: file:///home/svn/framework3/trunk@4601 4d416f70-5f16-0410-b530-b9f4589650da
2007-04-01 21:10:15 +00:00
HD Moore 775d8bc95b Automatic target detection based on the user agent
git-svn-id: file:///home/svn/framework3/trunk@4600 4d416f70-5f16-0410-b530-b9f4589650da
2007-04-01 21:05:05 +00:00
Matt Miller f0fcedf728 raw encoder type wasn't being enforced
git-svn-id: file:///home/svn/framework3/trunk@4599 4d416f70-5f16-0410-b530-b9f4589650da
2007-04-01 21:00:51 +00:00
Matt Miller 6cfab21bcb fixes for Vista, brute forcing
git-svn-id: file:///home/svn/framework3/trunk@4598 4d416f70-5f16-0410-b530-b9f4589650da
2007-04-01 20:33:35 +00:00
HD Moore 86f4bfd514 This module should be ready for the stable tree...
git-svn-id: file:///home/svn/framework3/trunk@4597 4d416f70-5f16-0410-b530-b9f4589650da
2007-04-01 19:00:32 +00:00
HD Moore 24ba17aceb This module now defaults to using all targets at once :-)
git-svn-id: file:///home/svn/framework3/trunk@4596 4d416f70-5f16-0410-b530-b9f4589650da
2007-04-01 18:25:14 +00:00
HD Moore e707423987 Too early this morning...
git-svn-id: file:///home/svn/framework3/trunk@4595 4d416f70-5f16-0410-b530-b9f4589650da
2007-04-01 18:02:22 +00:00
HD Moore 3a8d90bb62 Woops, introduced a typo
git-svn-id: file:///home/svn/framework3/trunk@4594 4d416f70-5f16-0410-b530-b9f4589650da
2007-04-01 18:01:58 +00:00
HD Moore 0cc8db610b Merged in skape's Vista support, cleaned things up
git-svn-id: file:///home/svn/framework3/trunk@4593 4d416f70-5f16-0410-b530-b9f4589650da
2007-04-01 17:58:12 +00:00
HD Moore 3858b33e9c Comitting with a slightly better name and more information
git-svn-id: file:///home/svn/framework3/trunk@4592 4d416f70-5f16-0410-b530-b9f4589650da
2007-03-31 15:26:23 +00:00
HD Moore 473c2c98f9 Rename 1
git-svn-id: file:///home/svn/framework3/trunk@4591 4d416f70-5f16-0410-b530-b9f4589650da
2007-03-31 15:25:55 +00:00
HD Moore f8cdcb8ac8 This adds support for the new ANI exploit module and updates the apple/realplayer modules to include the proper svn:keywords
git-svn-id: file:///home/svn/framework3/trunk@4588 4d416f70-5f16-0410-b530-b9f4589650da
2007-03-31 05:29:37 +00:00
Matt Miller d42194e14a updated modules to use base class rand_xxx methods
git-svn-id: file:///home/svn/framework3/trunk@4498 4d416f70-5f16-0410-b530-b9f4589650da
2007-03-01 08:21:36 +00:00
HD Moore abbeb2e87e Adding an Id tag and a standard header to all modules
git-svn-id: file:///home/svn/framework3/trunk@4419 4d416f70-5f16-0410-b530-b9f4589650da
2007-02-18 00:10:39 +00:00
HD Moore e67f32c9e5 slightly less stupidity (thanks solar!)
git-svn-id: file:///home/svn/framework3/trunk@4360 4d416f70-5f16-0410-b530-b9f4589650da
2007-02-11 22:37:44 +00:00
HD Moore a0c125e118 A new port of my 2.x createobject exploit
git-svn-id: file:///home/svn/framework3/trunk@4345 4d416f70-5f16-0410-b530-b9f4589650da
2007-02-10 19:41:54 +00:00
Mario Ceballos fe2b668918 added exploit module realplayer_smil.rb.
git-svn-id: file:///home/svn/framework3/trunk@4311 4d416f70-5f16-0410-b530-b9f4589650da
2007-02-03 13:10:31 +00:00
Mario Ceballos 4678cfc7b8 added exploit module apple_itunes_playlist.rb.
git-svn-id: file:///home/svn/framework3/trunk@4310 4d416f70-5f16-0410-b530-b9f4589650da
2007-02-03 13:09:45 +00:00
HD Moore b278bef22d Reference updates
git-svn-id: file:///home/svn/framework3/trunk@4266 4d416f70-5f16-0410-b530-b9f4589650da
2007-01-05 14:44:09 +00:00
Mario Ceballos 2f5d44b91a added exploit module apple_quicktime_rtsp.rb
git-svn-id: file:///home/svn/framework3/trunk@4250 4d416f70-5f16-0410-b530-b9f4589650da
2007-01-02 17:51:43 +00:00
HD Moore b2fbf8eb54 Addition of the isComponentInstalled() exploit and updates to the createTextRange() module
git-svn-id: file:///home/svn/framework3/trunk@4218 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-17 08:03:43 +00:00
HD Moore a8776d85df Renamed to match the new MSB number
git-svn-id: file:///home/svn/framework3/trunk@4209 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-17 02:37:45 +00:00
HD Moore 6fef5abeda Resolve a crash bug in the send_response_html() method
Add the MS06_013 CreateTextRange() exploit



git-svn-id: file:///home/svn/framework3/trunk@4208 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-17 02:34:27 +00:00
HD Moore ea204ee0ff API change for the HTML mixin, the send_response method is no longer overloaded, instead exploits must call send_response_html to enable HTML evasion. The old method caused problems when a exploit needed HTML and non-HTML response capabilities
git-svn-id: file:///home/svn/framework3/trunk@4173 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-10 03:26:53 +00:00
HD Moore 206683eebd Changed Html to HTML
git-svn-id: file:///home/svn/framework3/trunk@4169 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-10 02:55:02 +00:00
HD Moore 810f80612b Reference updates
git-svn-id: file:///home/svn/framework3/trunk@4154 4d416f70-5f16-0410-b530-b9f4589650da
2006-11-28 17:18:43 +00:00
Mario Ceballos 55e0b973b1 removed XPSP1 target in xmplay_asx.rb and replaced it with an XPSP2
target. 


git-svn-id: file:///home/svn/framework3/trunk@4152 4d416f70-5f16-0410-b530-b9f4589650da
2006-11-26 20:00:08 +00:00
Mario Ceballos 296144fa9c added exploit module xmplay_asx.rb
git-svn-id: file:///home/svn/framework3/trunk@4151 4d416f70-5f16-0410-b530-b9f4589650da
2006-11-24 01:12:05 +00:00
Mario Ceballos e659032c35 added exploit module mirc_irc_url.rb
git-svn-id: file:///home/svn/framework3/trunk@4104 4d416f70-5f16-0410-b530-b9f4589650da
2006-11-03 19:35:42 +00:00
HD Moore 634fbd3205 Evasion and bug fixes
git-svn-id: file:///home/svn/framework3/trunk@3979 4d416f70-5f16-0410-b530-b9f4589650da
2006-09-27 04:06:33 +00:00
HD Moore f2ed69b991 User-Agent detection for VML exploit.
Randomization for the setSlice() exploit



git-svn-id: file:///home/svn/framework3/trunk@3978 4d416f70-5f16-0410-b530-b9f4589650da
2006-09-27 04:01:22 +00:00
HD Moore 432337a331 Exploit module for the new VML fill method.
git-svn-id: file:///home/svn/framework3/trunk@3977 4d416f70-5f16-0410-b530-b9f4589650da
2006-09-27 03:52:54 +00:00
HD Moore c3876b6dd6 Updates for the autopwn stuff...
git-svn-id: file:///home/svn/framework3/trunk@3906 4d416f70-5f16-0410-b530-b9f4589650da
2006-09-17 08:00:37 +00:00
Matt Miller a230c3f800 credit
git-svn-id: file:///home/svn/framework3/trunk@3831 4d416f70-5f16-0410-b530-b9f4589650da
2006-08-14 09:00:50 +00:00
Matt Miller a724d42aa0 added mcafee mcsubmgr exploit, added functional avoid utf8 encoder
git-svn-id: file:///home/svn/framework3/trunk@3830 4d416f70-5f16-0410-b530-b9f4589650da
2006-08-14 08:55:37 +00:00
HD Moore 13260cc003 Minor changes, LSASS still broked
git-svn-id: file:///home/svn/framework3/trunk@3805 4d416f70-5f16-0410-b530-b9f4589650da
2006-08-05 18:18:27 +00:00
HD Moore 8cc12d1a3d StackAdjustment added to most exploits, PNP tweaked
git-svn-id: file:///home/svn/framework3/trunk@3783 4d416f70-5f16-0410-b530-b9f4589650da
2006-07-31 02:01:14 +00:00
HD Moore 817c4c189f Timeouts added for handlers
git-svn-id: file:///home/svn/framework3/trunk@3773 4d416f70-5f16-0410-b530-b9f4589650da
2006-07-29 22:37:39 +00:00
HD Moore 1a54cc810a Fixed numerous issues involving smb/dcerpc interaction
Fixed 'bad' use of method definition (space after method name, will be depreciated soon)


git-svn-id: file:///home/svn/incoming/trunk@3626 4d416f70-5f16-0410-b530-b9f4589650da
2006-04-30 19:49:27 +00:00
bmc d7e2e99cef * display something when the exploit is sent so the user has some indication of status
git-svn-id: file:///home/svn/incoming/trunk@3499 4d416f70-5f16-0410-b530-b9f4589650da
2006-02-03 19:57:28 +00:00
bmc fe608d1676 general cleanups
add space evasions to the playlist


git-svn-id: file:///home/svn/incoming/trunk@3495 4d416f70-5f16-0410-b530-b9f4589650da
2006-02-03 18:28:13 +00:00
HD Moore 83be4703d6 modules/
git-svn-id: file:///home/svn/incoming/trunk@3493 4d416f70-5f16-0410-b530-b9f4589650da
2006-02-02 20:43:55 +00:00
HD Moore 3a69fe2fae More features
git-svn-id: file:///home/svn/incoming/trunk@3492 4d416f70-5f16-0410-b530-b9f4589650da
2006-02-02 05:54:06 +00:00
bmc 7f270f55b0 its really an html exploit...
git-svn-id: file:///home/svn/incoming/trunk@3484 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-30 22:12:17 +00:00
HD Moore 7ee4d05bec Woo, neat krad winamp exploit :)
git-svn-id: file:///home/svn/incoming/trunk@3479 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-30 19:28:19 +00:00
HD Moore c1b9129bca A couple more assertions in the tcp_server test suite.
Added template for the winamp pls overflow (unc computer name)


git-svn-id: file:///home/svn/incoming/trunk@3474 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-30 17:25:44 +00:00
bmc f1e0f7bcc9 * use zlib
git-svn-id: file:///home/svn/incoming/trunk@3460 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-27 22:06:06 +00:00
bmc 9996207faf * make me an HTML exploit
git-svn-id: file:///home/svn/incoming/trunk@3459 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-27 22:04:28 +00:00
HD Moore 1bffccf605 New licensing terms, revision bump to v3
git-svn-id: file:///home/svn/incoming/trunk@3425 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-21 22:10:20 +00:00
Matt Miller 2e19a86843 added license to all modules
git-svn-id: file:///home/svn/incoming/trunk@3377 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-16 02:59:47 +00:00
HD Moore 3783e27fc7 Fixed handler/disconnect order in FTP, fixes to metafile
git-svn-id: file:///home/svn/incoming/trunk@3348 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-08 14:27:59 +00:00
HD Moore 4148a17b19 Committed new name
git-svn-id: file:///home/svn/incoming/trunk@3312 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-05 22:48:19 +00:00
HD Moore 5550a72d1f rename, tweak
git-svn-id: file:///home/svn/incoming/trunk@3311 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-05 22:27:52 +00:00
HD Moore 8049b32cbc Patches from <anon>
git-svn-id: file:///home/svn/incoming/trunk@3310 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-05 22:20:28 +00:00
HD Moore 46a1ce0721 More tweaks
git-svn-id: file:///home/svn/incoming/trunk@3308 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-05 03:56:20 +00:00
Matt Miller e63ba080a8 added support for use_gzip
git-svn-id: file:///home/svn/incoming/trunk@3303 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-03 04:24:03 +00:00
HD Moore 9452249c09 Updated
git-svn-id: file:///home/svn/incoming/trunk@3301 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-03 04:06:03 +00:00
HD Moore 96d4591b87 Updates to httpserver mixin, gzip encoding added to text, bugfix to wordstar, added metafile exploit, will rename and make it nice later
git-svn-id: file:///home/svn/incoming/trunk@3299 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-02 07:49:52 +00:00
Matt Miller 76549787e5 fix response for 404
git-svn-id: file:///home/svn/incoming/trunk@3298 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-02 04:07:28 +00:00
HD Moore 0902ca6962 Reorganization, adding asn1, pnp, and msmq.
git-svn-id: file:///home/svn/incoming/trunk@3113 4d416f70-5f16-0410-b530-b9f4589650da
2005-11-26 02:33:39 +00:00