Commit Graph

943 Commits (43c076ed96a8b3fcbc6d5b01fba6ca05d2dd8e39)

Author SHA1 Message Date
Wei Chen 8bf7a9990b Improve javascript obfuscation, and allow it as an option
git-svn-id: file:///home/svn/framework3/trunk@13553 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-12 23:03:11 +00:00
Wei Chen 20f4280d9f Exploit is much more reliable than before, it gets a promotion
git-svn-id: file:///home/svn/framework3/trunk@13549 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-12 19:17:23 +00:00
Wei Chen bfc59e4c62 Add MS10-026 exploit
git-svn-id: file:///home/svn/framework3/trunk@13547 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-12 19:04:25 +00:00
Wei Chen 3b04e7bd9e Add routine to check target before exploiting it
git-svn-id: file:///home/svn/framework3/trunk@13535 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-11 23:05:45 +00:00
Wei Chen 0d9908435a Allow JavaScript obfuscation as an option
git-svn-id: file:///home/svn/framework3/trunk@13533 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-11 22:18:25 +00:00
Wei Chen 456aeeb90b Allow JavaScript obfuscation as an option
git-svn-id: file:///home/svn/framework3/trunk@13530 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-11 18:47:21 +00:00
Wei Chen 4ac431948a Allow JavaScript obfuscation as an option
git-svn-id: file:///home/svn/framework3/trunk@13524 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-11 15:50:43 +00:00
Wei Chen a1526e86b8 Use heaplib to spray, and use obfuscation as an option
git-svn-id: file:///home/svn/framework3/trunk@13523 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-11 15:25:14 +00:00
Steve Tornio a6a444930e add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@13522 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-11 11:17:30 +00:00
Wei Chen 6a89cf5859 Add TeeChart Professional ActiveX exploit
git-svn-id: file:///home/svn/framework3/trunk@13520 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-11 08:41:30 +00:00
Wei Chen 58198f37ba Fix reference link
git-svn-id: file:///home/svn/framework3/trunk@13513 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-10 18:58:20 +00:00
Wei Chen 8dc4228ee0 Fix very minor typo
git-svn-id: file:///home/svn/framework3/trunk@13508 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-10 17:05:49 +00:00
Wei Chen 3b1769d621 Add Mozilla Firefox 3.6.16 mChannel Use After Free exploit by Rh0
git-svn-id: file:///home/svn/framework3/trunk@13507 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-10 05:58:02 +00:00
Wei Chen 6bf90f884e Fix debug mode and some extra tabs in JS
git-svn-id: file:///home/svn/framework3/trunk@13325 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-24 00:22:29 +00:00
Wei Chen f47a2c7565 Format dictatorship round 2: Fix author e-mail format for all exploit modules
git-svn-id: file:///home/svn/framework3/trunk@13297 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-22 20:17:58 +00:00
Wei Chen 94aea207d3 Remove extra tabs and spaces
git-svn-id: file:///home/svn/framework3/trunk@13148 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-10 21:10:45 +00:00
Wei Chen 9892eb39eb Syntax fix
git-svn-id: file:///home/svn/framework3/trunk@13147 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-10 20:50:52 +00:00
Wei Chen 32a7eb0000 svn propset
git-svn-id: file:///home/svn/framework3/trunk@13146 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-10 19:19:00 +00:00
David Rude 7958516549 Adds Xeros Firefox nstreerange exploit
git-svn-id: file:///home/svn/framework3/trunk@13143 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-10 17:12:53 +00:00
Wei Chen 6448daf571 MS10-018, y u no InitialAutoRunScript
git-svn-id: file:///home/svn/framework3/trunk@13141 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-10 07:02:38 +00:00
Wei Chen 1058948419 Updated ROP, no more hardcoded ntdll addresses
git-svn-id: file:///home/svn/framework3/trunk@13106 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-06 07:22:24 +00:00
Wei Chen 1223275330 Change ranking for now until we have a better solution for SP3
git-svn-id: file:///home/svn/framework3/trunk@13009 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-23 01:04:29 +00:00
Wei Chen fdbc038bd0 Add BlackIce Cover Page ActiveX downloadimagefileurl exploit
git-svn-id: file:///home/svn/framework3/trunk@12992 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-21 02:51:39 +00:00
Steve Tornio 650762517f update CVE and OSVDB to match what the author said
git-svn-id: file:///home/svn/framework3/trunk@12964 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-17 17:35:57 +00:00
Steve Tornio 7c47b48f5b add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@12962 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-17 01:56:20 +00:00
Wei Chen 23cc89482b CVE correction, thanks Kurt.
git-svn-id: file:///home/svn/framework3/trunk@12961 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-17 00:56:11 +00:00
Wei Chen eae350b88b CVE-2011-1260 seems to be the right one
git-svn-id: file:///home/svn/framework3/trunk@12959 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-16 22:27:10 +00:00
Wei Chen 0a04835138 Added MS11-050 by d0c_s4vage
git-svn-id: file:///home/svn/framework3/trunk@12956 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-16 21:19:12 +00:00
David Rude b9e398c706 adds support for SSL
git-svn-id: file:///home/svn/framework3/trunk@12872 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-06 20:15:51 +00:00
David Rude 31a659e55a Fixed this up to use the new JS obfuscation hotness thanks to egyp7s rkelly fu!
git-svn-id: file:///home/svn/framework3/trunk@12871 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-06 19:49:33 +00:00
Steve Tornio 377a18030a add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@12869 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-06 19:06:18 +00:00
David Rude 3d7715ce60 Added Cisco AnyConnect VPN Client ActiveX download and execute exploit
git-svn-id: file:///home/svn/framework3/trunk@12868 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-06 18:52:26 +00:00
James Lee bee19278d7 add a new javascript obfuscation engine using rkelly for parsing. use it in browser_autopwn and ms10_018_ie_behaviors. see #1003
git-svn-id: file:///home/svn/framework3/trunk@12839 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-03 00:36:26 +00:00
James Lee 36983436db play a little nicer with browser autopwn by not spraying the heap if creating the vulnerable object failed
git-svn-id: file:///home/svn/framework3/trunk@12667 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-19 19:45:14 +00:00
James Lee 0b88468617 out with the new, in with the old. css_clip is pretty unreliable in my tests, go back to using ie_behaviors in browser autopwn
git-svn-id: file:///home/svn/framework3/trunk@12663 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-19 16:33:55 +00:00
Wei Chen f9c49ef9ce Comment update (this is still for the egghunter fix: bug #4552)
git-svn-id: file:///home/svn/framework3/trunk@12657 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-18 19:50:22 +00:00
Wei Chen 6345fec06c checksum support for egghunter disabled, because not enough room for it. See r4552.
git-svn-id: file:///home/svn/framework3/trunk@12656 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-18 19:48:06 +00:00
Wei Chen 40894c3726 Moving Iconics webhmi activeX exploit from browser to scada directory
git-svn-id: file:///home/svn/framework3/trunk@12584 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-11 20:45:54 +00:00
Steve Tornio b84df80983 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@12576 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-10 19:16:07 +00:00
Wei Chen 105b5799af Added ICONICS WebHMI ActiveX SetActiveXGuid bof
git-svn-id: file:///home/svn/framework3/trunk@12573 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-10 18:07:15 +00:00
Wei Chen 8d78a47e45 get_resource() added to 'src' parameter
git-svn-id: file:///home/svn/framework3/trunk@12543 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-05 22:10:30 +00:00
David Rude a8b6c43636 reverting the disclosure dates for now need to clean up the patch
git-svn-id: file:///home/svn/framework3/trunk@12540 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-04 20:43:19 +00:00
David Rude 3b7ea08f6a Fixes a ton of Disclosure Date discrepencies in various modules, thanks a ton to Michael Baker for spending the time to ensure accuracy
git-svn-id: file:///home/svn/framework3/trunk@12539 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-04 19:17:31 +00:00
Wei Chen c5d51cf810 Disclosure date change
git-svn-id: file:///home/svn/framework3/trunk@12391 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-21 15:45:07 +00:00
Mario Ceballos 31f2afc033 fix date
git-svn-id: file:///home/svn/framework3/trunk@12388 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-21 11:12:34 +00:00
Wei Chen cb491e35d2 Changed disclosure date
git-svn-id: file:///home/svn/framework3/trunk@12384 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-21 02:10:40 +00:00
Wei Chen 458d8cccb8 Modified heap spray routine. Added IE 8 target for XP SP3.
git-svn-id: file:///home/svn/framework3/trunk@12383 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-20 21:55:33 +00:00
Wei Chen c28e7259ac Added CVE-2011-0611 Adobe Flash 0day
git-svn-id: file:///home/svn/framework3/trunk@12330 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-16 02:09:33 +00:00
Wei Chen ffe6868d22 Updated vbs stager temp var
git-svn-id: file:///home/svn/framework3/trunk@12286 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-09 18:24:43 +00:00
Steve Tornio a8947662db old file hanging around
git-svn-id: file:///home/svn/framework3/trunk@12280 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-08 13:28:57 +00:00
Steve Tornio bb26593da7 add osvdb ref. rename file to correct typo
git-svn-id: file:///home/svn/framework3/trunk@12279 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-08 12:41:18 +00:00
Wei Chen 717fb83fc9 Added RealNetworks RealGames ActiveX exec arbitrary code execution
git-svn-id: file:///home/svn/framework3/trunk@12276 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-08 02:39:11 +00:00
Wei Chen b90d6fc16f Modified the heap spraying function. Each block size should be more consistent now.
git-svn-id: file:///home/svn/framework3/trunk@12264 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-07 07:27:38 +00:00
Joshua Drake 0882f18ec0 add fix commit diff and fix broken cve reference
git-svn-id: file:///home/svn/framework3/trunk@12166 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-28 03:04:54 +00:00
Joshua Drake 24fd896bfb add OSVDB reference back, conflict handling fail!
git-svn-id: file:///home/svn/framework3/trunk@12165 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-28 03:02:46 +00:00
Wei Chen 214751379f Updated: using get_resource() instead of datastore['URIPATH']
git-svn-id: file:///home/svn/framework3/trunk@12156 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-27 03:56:45 +00:00
Wei Chen 25ca59b56f Added Win Vista and debug target
git-svn-id: file:///home/svn/framework3/trunk@12153 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-26 23:22:51 +00:00
David Rude 349512f48d Updated exploit ranking and description to reflect the new ranking
git-svn-id: file:///home/svn/framework3/trunk@12151 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-26 19:33:38 +00:00
Steve Tornio 81fae13258 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@12147 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-26 12:05:48 +00:00
David Rude ff3659aa37 Lots of work to make this a lot more reliable =)
git-svn-id: file:///home/svn/framework3/trunk@12146 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-26 06:35:28 +00:00
Wei Chen eb7df0be8e Updated how the trigger file should be loaded... the proper way.
git-svn-id: file:///home/svn/framework3/trunk@12140 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-26 00:07:36 +00:00
Wei Chen 77ceadc6ad Updated description and how the trigger file loads
git-svn-id: file:///home/svn/framework3/trunk@12139 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-25 22:49:11 +00:00
Wei Chen 08f210ac52 Added CVE-2010-3275 (VLC AMV vulnerability)
git-svn-id: file:///home/svn/framework3/trunk@12137 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-25 21:03:12 +00:00
Steve Tornio 89ec6ab5da add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@12092 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 11:19:45 +00:00
David Rude 8233030184 opps removed mixin require as well
git-svn-id: file:///home/svn/framework3/trunk@12091 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 04:41:48 +00:00
David Rude f8534f06dd opps removed mixin reference =)
git-svn-id: file:///home/svn/framework3/trunk@12090 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 04:40:38 +00:00
David Rude d7266b6551 Add CVE-2011-0609 exploit for Adobe Flash
git-svn-id: file:///home/svn/framework3/trunk@12089 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 04:31:48 +00:00
Joshua Drake 586c1f9305 oops, broke the LIBPATH option
git-svn-id: file:///home/svn/framework3/trunk@12015 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-18 01:18:18 +00:00
Joshua Drake f4fe3f11b0 enable bind payloads, thx hdm :)
git-svn-id: file:///home/svn/framework3/trunk@12014 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-18 00:52:58 +00:00
Steve Tornio 4992deed21 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@12013 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-18 00:16:06 +00:00
Joshua Drake fb6107ffb5 enable java payloads, currently via one-off method
git-svn-id: file:///home/svn/framework3/trunk@12012 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-17 23:57:11 +00:00
David Rude 36b83cde6f Added exploit for CVE-2010-3747 RealPlayer CDDA URI Code Execution
git-svn-id: file:///home/svn/framework3/trunk@12009 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-17 15:42:28 +00:00
David Rude 382e63e16e fixed a typo in javascript
git-svn-id: file:///home/svn/framework3/trunk@12007 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-17 04:40:36 +00:00
Joshua Drake 4a1e59be8d oops =D
git-svn-id: file:///home/svn/framework3/trunk@11983 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-16 05:01:29 +00:00
Joshua Drake 4644110962 add exploit for cve-2010-4452, currently windows only and no payloads :(
git-svn-id: file:///home/svn/framework3/trunk@11982 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-16 04:50:25 +00:00
David Rude 695963dde7 Fixed references
git-svn-id: file:///home/svn/framework3/trunk@11888 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-07 02:28:15 +00:00
David Rude b51c9f8397 oops forgot a , =)
git-svn-id: file:///home/svn/framework3/trunk@11887 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-06 20:42:37 +00:00
David Rude 6dc0596870 Added Novell iPrint GetDriverSettings <= 5.52 exploit from mr_me thanks
git-svn-id: file:///home/svn/framework3/trunk@11886 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-06 20:27:06 +00:00
Joshua Drake 8ef05017b8 style compliance fixes, naughty naughty
git-svn-id: file:///home/svn/framework3/trunk@11796 4d416f70-5f16-0410-b530-b9f4589650da
2011-02-22 20:49:44 +00:00
Matt Weeks c322534907 Add exploit for CVE-2010-3765, firefox interleaved document.write and appendChild calls.
git-svn-id: file:///home/svn/framework3/trunk@11773 4d416f70-5f16-0410-b530-b9f4589650da
2011-02-18 02:23:10 +00:00
Joshua Drake 8c8b181ffb Update ms11_xxx modules to reflect bulletin release, minor style fixes
git-svn-id: file:///home/svn/framework3/trunk@11730 4d416f70-5f16-0410-b530-b9f4589650da
2011-02-08 23:31:44 +00:00
Joshua Drake e06d4d52fe convert VLC module to FileFormat, adjust spray
git-svn-id: file:///home/svn/framework3/trunk@11705 4d416f70-5f16-0410-b530-b9f4589650da
2011-02-03 18:16:40 +00:00
Joshua Drake 3ac076c20a add exploit for VLC media player WebM processing from Dan Rosenburg
git-svn-id: file:///home/svn/framework3/trunk@11692 4d416f70-5f16-0410-b530-b9f4589650da
2011-02-01 18:54:24 +00:00
Joshua Drake a62f1922b3 fix typos, lol?
git-svn-id: file:///home/svn/framework3/trunk@11662 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-28 23:56:35 +00:00
James Lee d7cda0f85a accept a client argument for get_uri()
git-svn-id: file:///home/svn/framework3/trunk@11623 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-22 00:16:57 +00:00
James Lee f3bda46333 doesn't work on IE8, fixes #3566, thanks Hauke Mehrtens for the patch
git-svn-id: file:///home/svn/framework3/trunk@11610 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-20 19:30:59 +00:00
Joshua Drake b6b9b83dd7 add CVE reference
git-svn-id: file:///home/svn/framework3/trunk@11579 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-14 16:25:37 +00:00
Joshua Drake 739604ea12 Fixes #3469, silly typo
git-svn-id: file:///home/svn/framework3/trunk@11520 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-08 05:58:55 +00:00
Joshua Drake d994f595fe remove unused vars
git-svn-id: file:///home/svn/framework3/trunk@11517 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-08 01:59:10 +00:00
Joshua Drake 287f4c87fe style compliance fixes
git-svn-id: file:///home/svn/framework3/trunk@11516 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-08 01:13:26 +00:00
Joshua Drake 19e8a6a5b1 switch AutoRunScript for InitialAutoRunScript, oops
git-svn-id: file:///home/svn/framework3/trunk@11513 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-08 00:25:44 +00:00
Jonathan Cran a206ed8418 clarifying wmi tools are not installed by default
git-svn-id: file:///home/svn/framework3/trunk@11481 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-06 05:27:37 +00:00
Joshua Drake bc7a8e3b47 fix silly merge conflict data in HTML
git-svn-id: file:///home/svn/framework3/trunk@11479 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-05 22:52:54 +00:00
Joshua Drake 08df4dac3b randomize import styles, patch from jjarmoc
git-svn-id: file:///home/svn/framework3/trunk@11443 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-29 16:49:20 +00:00
Joshua Drake b3bfb5834e change credit to passerby
git-svn-id: file:///home/svn/framework3/trunk@11427 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-28 17:10:19 +00:00
Joshua Drake 5f5d2992ce add reference to 0x557 slides (for .NET 2.0 rop)
git-svn-id: file:///home/svn/framework3/trunk@11405 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-23 01:36:54 +00:00
Joshua Drake cdfe03ce43 add MSFT advisory and CVE
git-svn-id: file:///home/svn/framework3/trunk@11404 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-23 01:30:43 +00:00
Steve Tornio 09b00739fb add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@11402 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-22 22:21:56 +00:00
Joshua Drake 0f24d1955c minor corrections, use .NET 2.0 ROP :)
git-svn-id: file:///home/svn/framework3/trunk@11398 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-22 18:26:18 +00:00
Joshua Drake 44c8a71dcf minor clean ups
git-svn-id: file:///home/svn/framework3/trunk@11397 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-22 18:23:16 +00:00
Mario Ceballos 1407d7f1d5 revert back. little more reliable.
git-svn-id: file:///home/svn/framework3/trunk@11396 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-22 17:40:13 +00:00
Mario Ceballos d89c60f2de add exploit module wmi_admintools.rb
git-svn-id: file:///home/svn/framework3/trunk@11395 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-22 14:35:36 +00:00
Joshua Drake c4c0cabccb switch to .NET 2.0 ROP, Merry Xmas!
git-svn-id: file:///home/svn/framework3/trunk@11390 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-21 19:24:19 +00:00
Joshua Drake 5d2f26b41b add exploit for unpatched IE css import bug
git-svn-id: file:///home/svn/framework3/trunk@11383 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-20 16:34:07 +00:00
Joshua Drake b8b0e1af97 fix typo
git-svn-id: file:///home/svn/framework3/trunk@11380 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-20 09:11:45 +00:00
James Lee f15e6e5e62 update autopwn, replace ms10-018 behaviors with ms10-090 css clip.
git-svn-id: file:///home/svn/framework3/trunk@11333 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-14 18:53:22 +00:00
Joshua Drake af56bebfa1 note ms10-090 bulletin
git-svn-id: file:///home/svn/framework3/trunk@11331 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-14 18:41:20 +00:00
Steve Tornio e6f640bc17 add cve and osvdb refs
git-svn-id: file:///home/svn/framework3/trunk@11189 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-01 03:18:05 +00:00
Mario Ceballos 14ea7a85bb svn keywords
git-svn-id: file:///home/svn/framework3/trunk@11188 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-01 02:03:25 +00:00
Mario Ceballos 5ed387aa38 added exploit module enjoysapgui_comp_download.rb
git-svn-id: file:///home/svn/framework3/trunk@11187 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-01 02:01:46 +00:00
Joshua Drake e9faf75503 fix some more titles with periods
git-svn-id: file:///home/svn/framework3/trunk@11127 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-24 19:35:38 +00:00
James Lee 52389d28f4 make windows the default target
git-svn-id: file:///home/svn/framework3/trunk@11102 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-22 20:54:25 +00:00
James Lee 7a3770f87b don't use java_basicservice_impl in browser autopwn because it doesn't work in an iframe against IE and causes popups in other browsers
git-svn-id: file:///home/svn/framework3/trunk@11101 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-22 20:44:16 +00:00
James Lee d608db778c we're not sending an applet, just a jar, clarify the output
git-svn-id: file:///home/svn/framework3/trunk@11084 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-21 19:58:04 +00:00
James Lee 6f7af42667 add an exploit for cve-2010-3563, thanks Matthias Kaiser
git-svn-id: file:///home/svn/framework3/trunk@11078 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-19 23:02:35 +00:00
Joshua Drake 3992eb7ef8 Mass RE-update: fix all framework URL references
git-svn-id: file:///home/svn/framework3/trunk@10998 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-11 22:43:22 +00:00
Joshua Drake 9fc6f2f3a3 Mass update: fix all framework URL references
git-svn-id: file:///home/svn/framework3/trunk@10996 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-11 22:25:13 +00:00
Joshua Drake eab0a40caa switch up IE6 target to work on older version
git-svn-id: file:///home/svn/framework3/trunk@10978 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-11 02:54:56 +00:00
Joshua Drake 61e5d00722 switch title, comment out IE8 target for now
git-svn-id: file:///home/svn/framework3/trunk@10963 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-09 23:12:48 +00:00
Steve Tornio 338d6e3693 add osvdb refs
git-svn-id: file:///home/svn/framework3/trunk@10914 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-05 02:58:01 +00:00
Joshua Drake b0f64ebba1 add a debug target
git-svn-id: file:///home/svn/framework3/trunk@10912 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-05 00:08:55 +00:00
Joshua Drake 76123e79c1 style compliance fixes
git-svn-id: file:///home/svn/framework3/trunk@10909 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-04 23:59:56 +00:00
Joshua Drake 979ddcd8e5 add exploit for cve-2010-3962
git-svn-id: file:///home/svn/framework3/trunk@10907 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-04 23:44:23 +00:00
Steve Tornio 9f5fca12f7 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@10828 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-26 15:28:04 +00:00
Joshua Drake f909b360ba note tested on 6u11
git-svn-id: file:///home/svn/framework3/trunk@10820 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-25 20:22:08 +00:00
Joshua Drake 3fffd15549 add exploit for cve-2010-3552 (w/dep bypass)
git-svn-id: file:///home/svn/framework3/trunk@10819 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-25 20:21:41 +00:00
Steve Tornio 0251c446f1 add cve, osvdb refs
git-svn-id: file:///home/svn/framework3/trunk@10784 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-22 12:21:30 +00:00
Joshua Drake 6bd75bb2d5 add shockwave exploit from abysssec/rel1k
git-svn-id: file:///home/svn/framework3/trunk@10779 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-22 03:15:22 +00:00
Joshua Drake 7de96a710f add trendmicro extsetowner exploit from Trancer
git-svn-id: file:///home/svn/framework3/trunk@10538 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-04 04:26:09 +00:00
Joshua Drake 279c604015 missed a couple exe generater includes
git-svn-id: file:///home/svn/framework3/trunk@10504 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-28 16:19:50 +00:00
Joshua Drake b8b21cd53c handle dirs and index.html specially
git-svn-id: file:///home/svn/framework3/trunk@10454 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-24 01:11:05 +00:00
Joshua Drake 600ec0a848 add two exploits from Trancer! woot!
git-svn-id: file:///home/svn/framework3/trunk@10429 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-21 18:46:29 +00:00
HD Moore d89004753c Fixes #2450 by allowing any length extension
git-svn-id: file:///home/svn/framework3/trunk@10411 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-21 02:59:22 +00:00
Joshua Drake 8e5cf31e9a big exe/dll update, see #2017
NOTE: These changes specifically affect payload encoding via RPC, "use
payload", and msfencode

1. consolidate user-specified exe generation routine (now
Msf::Util::EXE.to_executable_fmt)
2. supported format types are now queried/checked using arrays
3. cleaned up and standardized exe option passing
4. rename data store options for EXE mixin
5. add generate_payload_exe_service for psexec/smb_relay
6. reworked default template handling in Msf::Util::EXE
  a. added template search path option (not used if template includes
a path separator)
  b. "fallback" flag to enable using default if specified file doesn't
exist
7. added Msf::Util::EXE.to_win64pe_dll
8. improved error messages from exe generation



git-svn-id: file:///home/svn/framework3/trunk@10404 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-21 00:13:30 +00:00
Joshua Drake 4590844871 tons of indentation fixes, some other style tweaks
git-svn-id: file:///home/svn/framework3/trunk@10394 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-20 08:06:27 +00:00
Joshua Drake 19db412383 convert remaining EXE generation to use the mixin, fixes #2017
git-svn-id: file:///home/svn/framework3/trunk@10389 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-20 04:38:13 +00:00
Joshua Drake 21d88b36c1 rename generate_exe -> generate_payload_exe
git-svn-id: file:///home/svn/framework3/trunk@10388 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-20 04:37:25 +00:00
Joshua Drake 5250ff20bb add svn:keywords, increase ranking, add browser version
git-svn-id: file:///home/svn/framework3/trunk@10280 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-09 23:23:40 +00:00
Joshua Drake ace873a37a update test notes
git-svn-id: file:///home/svn/framework3/trunk@10204 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-31 17:55:43 +00:00
Steve Tornio 3c704ec753 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@10201 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-31 11:44:11 +00:00
Joshua Drake 3ab9a9b8d7 add Win7 IE8 target
git-svn-id: file:///home/svn/framework3/trunk@10199 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-30 23:31:01 +00:00
Joshua Drake 561c861a3a add CVE reference
git-svn-id: file:///home/svn/framework3/trunk@10196 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-30 21:52:45 +00:00
Joshua Drake 2d6a956763 update description
git-svn-id: file:///home/svn/framework3/trunk@10194 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-30 20:50:52 +00:00
Joshua Drake f68fd01772 nudge reliability up
git-svn-id: file:///home/svn/framework3/trunk@10193 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-30 20:44:43 +00:00
Joshua Drake a39639c56f add exploit for quicktime backdoor
git-svn-id: file:///home/svn/framework3/trunk@10192 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-30 20:42:51 +00:00
Joshua Drake 330281eadd see #684, adds checksum support, updates modules to use it, fixes some wfs_delay/WfsDelay issues
git-svn-id: file:///home/svn/framework3/trunk@10150 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-25 20:55:37 +00:00
Joshua Drake bc56ae73a1 correct typo, thx jcran
git-svn-id: file:///home/svn/framework3/trunk@10142 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-25 16:18:02 +00:00
Joshua Drake aac956db50 style compliance fixes
git-svn-id: file:///home/svn/framework3/trunk@10128 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-24 18:22:48 +00:00
HD Moore 65af96745f Set manual ranking until we have a vulnerable extension list added by default
git-svn-id: file:///home/svn/framework3/trunk@10101 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-23 13:41:59 +00:00
HD Moore cc3554601f Tools for testing DLL hijack flaws
git-svn-id: file:///home/svn/framework3/trunk@10100 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-23 05:43:47 +00:00
Steve Tornio 0e1ed07e73 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@10078 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-20 11:36:50 +00:00
Joshua Drake 1cc13485ae bring ranking down
git-svn-id: file:///home/svn/framework3/trunk@10070 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-19 23:55:59 +00:00
Joshua Drake 791af4b6c5 add exploit for sonicwall aventail activex format string
git-svn-id: file:///home/svn/framework3/trunk@10069 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-19 23:52:11 +00:00
Joshua Drake 5f0d68d883 add exploit for cve-2010-1799
git-svn-id: file:///home/svn/framework3/trunk@10011 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-13 23:11:23 +00:00
Joshua Drake 1b31a44b57 move riff support from ani_loadimage browser sploit to mixin
git-svn-id: file:///home/svn/framework3/trunk@9984 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-12 16:56:41 +00:00
Joshua Drake b93462a27f add msb and rename module
git-svn-id: file:///home/svn/framework3/trunk@9956 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-04 02:21:33 +00:00
Joshua Drake 459c046ac2 add msb and rename module
git-svn-id: file:///home/svn/framework3/trunk@9955 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-04 02:21:20 +00:00
Joshua Drake a31e133e80 add 3 easy ftp server exploits, 1 chemview activex
git-svn-id: file:///home/svn/framework3/trunk@9935 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-27 02:25:15 +00:00
Joshua Drake f4103fd7f5 increase ranking
git-svn-id: file:///home/svn/framework3/trunk@9933 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-26 19:30:02 +00:00
Joshua Drake 2448f6b1a8 fix lnk file generation, tested OK on win7 x86
git-svn-id: file:///home/svn/framework3/trunk@9930 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-26 01:51:17 +00:00
Joshua Drake 2ccf0a0c81 add UNCHOST var, remove \r chars
git-svn-id: file:///home/svn/framework3/trunk@9897 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-21 00:02:47 +00:00
Joshua Drake dd7a8178d7 actually use Msf::Exploit::EXE
git-svn-id: file:///home/svn/framework3/trunk@9896 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-21 00:02:04 +00:00
Joshua Drake 1ca054ba53 style compliance fixes
git-svn-id: file:///home/svn/framework3/trunk@9893 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-20 23:28:47 +00:00
HD Moore 99e2c9aa72 Looks like my initial testing was wrong - you can trigger this entirely through HTTP with a meta refresh, just not with a 301 (IE only).
git-svn-id: file:///home/svn/framework3/trunk@9888 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-20 19:54:56 +00:00
Joshua Drake 786ccb3d5f add support for OWC11 (from DSR!)
git-svn-id: file:///home/svn/framework3/trunk@9883 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-20 06:24:19 +00:00
HD Moore d388c1bc4f Handle unknown requests in a cleaner way
git-svn-id: file:///home/svn/framework3/trunk@9879 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-20 03:08:43 +00:00
Joshua Drake e30164e09e possibly fix a bug
git-svn-id: file:///home/svn/framework3/trunk@9873 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-20 00:23:18 +00:00
Steve Tornio 3674a11fa5 add osvdb refs
git-svn-id: file:///home/svn/framework3/trunk@9870 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-19 23:02:22 +00:00
HD Moore fcd23fbdce Adds coverage for the Windows Shell LNK code execution flaw (CVE-2010-2568)
git-svn-id: file:///home/svn/framework3/trunk@9869 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-19 22:36:26 +00:00
Joshua Drake d07e613504 style compliance fixes
git-svn-id: file:///home/svn/framework3/trunk@9842 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-16 02:33:25 +00:00
HD Moore 24800ca1ec Add reference for the help center bug
git-svn-id: file:///home/svn/framework3/trunk@9810 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-13 19:31:40 +00:00
HD Moore 19f1583ba5 Change to match MSB
git-svn-id: file:///home/svn/framework3/trunk@9809 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-13 19:30:47 +00:00
HD Moore edae6e2d02 Change to match MSB
git-svn-id: file:///home/svn/framework3/trunk@9808 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-13 19:30:36 +00:00
James Lee a5786cdc64 stop using some older exploits in browser_autopwn in favor of ie_behaviors which works on more versions
git-svn-id: file:///home/svn/framework3/trunk@9787 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-12 02:51:50 +00:00
Joshua Drake c7f5ba801c add lots of disclosure dates from OSVDB (missed a few)
git-svn-id: file:///home/svn/framework3/trunk@9670 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-03 03:19:07 +00:00
Joshua Drake 7d945ed9dc add lots of disclosure dates from OSVDB
git-svn-id: file:///home/svn/framework3/trunk@9669 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-03 03:13:45 +00:00
Joshua Drake 56ea22716e oops, broke the tree
git-svn-id: file:///home/svn/framework3/trunk@9668 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-03 01:38:15 +00:00
Joshua Drake 9984b662e0 switch some URL references to US-CERT-VU type
git-svn-id: file:///home/svn/framework3/trunk@9666 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-03 01:09:32 +00:00
Joshua Drake f6f954a18c add missing CVE/OSVDB references, plenty still missing *wink wink*
git-svn-id: file:///home/svn/framework3/trunk@9659 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-02 00:10:51 +00:00
Joshua Drake 0882838491 ensure binary mode when opening files, whitespace fixes
git-svn-id: file:///home/svn/framework3/trunk@9653 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-01 23:33:07 +00:00
Joshua Drake 8676a88ce3 fix typo, thx chad
git-svn-id: file:///home/svn/framework3/trunk@9646 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-01 20:35:56 +00:00
Joshua Drake a040b3708a add some MSB numbers that were missing, rename ms08-070 msmask32 module
git-svn-id: file:///home/svn/framework3/trunk@9532 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-15 23:49:17 +00:00
Joshua Drake fa505a4069 various fixes, mostly consistency changes to disclosure dates
git-svn-id: file:///home/svn/framework3/trunk@9525 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-15 07:18:08 +00:00
Joshua Drake 09f4c42aee fix whitespace
git-svn-id: file:///home/svn/framework3/trunk@9518 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-15 05:44:29 +00:00
natron 7cbc566c7b Bug fixes for WMP11 and IE8, new configurable setting for exploit trigger, and output cleanup.
git-svn-id: file:///home/svn/framework3/trunk@9495 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-11 20:54:35 +00:00
Joshua Drake 75b906ac4c switch to %uFFFF per secunia analysis, fix regexp handling
git-svn-id: file:///home/svn/framework3/trunk@9491 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-11 17:40:42 +00:00
Joshua Drake cb69258fb2 fix regexp handling
git-svn-id: file:///home/svn/framework3/trunk@9490 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-11 17:40:12 +00:00
Joshua Drake e32abab8dc a HTTP -> an HTTP (http://www.english-zone.com/grammar/a-anlessn.html)
git-svn-id: file:///home/svn/framework3/trunk@9488 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-11 16:12:05 +00:00
Joshua Drake 565397e989 fix CVE reference -- shakes stick
git-svn-id: file:///home/svn/framework3/trunk@9487 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-11 16:10:12 +00:00
Joshua Drake c62b62d35d style compliance fixes
git-svn-id: file:///home/svn/framework3/trunk@9486 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-11 15:17:23 +00:00
Steve Tornio e2f4a6ad0d add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@9485 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-11 10:39:41 +00:00
HD Moore 7c87a96e65 Add CVE from Kurt S.
git-svn-id: file:///home/svn/framework3/trunk@9484 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-11 06:49:54 +00:00
natron f4394bf0e0 Initial commit for Tavis Ormandy's Help Ctr bug. Needs improvement on stealthiness, but works for now.
-n


git-svn-id: file:///home/svn/framework3/trunk@9483 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-11 06:10:08 +00:00
Joshua Drake 619d088ada updated test results
git-svn-id: file:///home/svn/framework3/trunk@9477 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-10 20:55:17 +00:00
Joshua Drake 07ed2d636c add browser version of cve-2010-1297
git-svn-id: file:///home/svn/framework3/trunk@9475 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-10 20:28:05 +00:00
Joshua Drake 6d1e7bdaa5 big commit - lots of cmdstager changes
created 4 cmd stagers (instead of just one): CmdStagerVBS, CmdStagerDebugAsm, CmdStagerDebugWrite, CmdStagerTFTP
created a TFTPServer mixin
created Msf::Exploit::EXE mixin to generate executables
updated all uses of CmdStager to use CmdStagerVBS for the time being
add exploit for cve-2001-0333 using CmdStagerTFTP
updated tftp server to wait for transfers to finish (up to 30 seconds) before shutting down
write debug.exe stager stub in 16-bit assembly (used in CmdStagerDebugAsm)


git-svn-id: file:///home/svn/framework3/trunk@9375 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-26 22:39:56 +00:00
Steve Tornio cfb850b41b add osvdb refs
git-svn-id: file:///home/svn/framework3/trunk@9363 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-25 02:09:42 +00:00
Joshua Drake acf45118a2 add exploit module for communicrypt activex from dookie
git-svn-id: file:///home/svn/framework3/trunk@9356 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-24 22:37:59 +00:00
Steve Tornio 365f13551b added refs. I think all the auxiliary and exploit modules should now be covered.
git-svn-id: file:///home/svn/framework3/trunk@9298 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-13 16:53:50 +00:00
Joshua Drake 128e0515ef stop perpetuating the ambiguity!
git-svn-id: file:///home/svn/framework3/trunk@9262 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-09 17:45:00 +00:00
Joshua Drake 4bc86e603e fix a couple more silly regex mishaps
git-svn-id: file:///home/svn/framework3/trunk@9220 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-04 23:09:32 +00:00
Joshua Drake 0e72894e58 more cleanups
git-svn-id: file:///home/svn/framework3/trunk@9212 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-03 17:13:09 +00:00
Joshua Drake 665baa7691 modify ms09-002 exploit to use encrypt_js
git-svn-id: file:///home/svn/framework3/trunk@9200 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-02 20:42:34 +00:00
Joshua Drake ce372f62ff fix aurora encrypt and add js_encrypt to chilikat module
git-svn-id: file:///home/svn/framework3/trunk@9185 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-01 02:31:17 +00:00
Joshua Drake 2662055be8 add encrypt_js call to aurora exploit
git-svn-id: file:///home/svn/framework3/trunk@9184 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-01 02:14:26 +00:00
Joshua Drake 0ea6eca4bc big module whitespace/formatting cleanup pass
git-svn-id: file:///home/svn/framework3/trunk@9179 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-30 08:40:19 +00:00
Joshua Drake d91046c470 detect and split JS and non-JS versions
git-svn-id: file:///home/svn/framework3/trunk@9160 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-27 17:45:35 +00:00
Joshua Drake 49f6fc4d98 ugh
git-svn-id: file:///home/svn/framework3/trunk@9159 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-27 16:46:21 +00:00
Joshua Drake 2f3171906c remove splash screen
git-svn-id: file:///home/svn/framework3/trunk@9158 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-27 15:58:05 +00:00
Joshua Drake ac188bebdb added support for older JREs using javascript methods from taviso's exploit
git-svn-id: file:///home/svn/framework3/trunk@9151 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-27 00:42:52 +00:00
Joshua Drake a953c47cfb remove carriage returns
git-svn-id: file:///home/svn/framework3/trunk@9140 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-26 18:29:24 +00:00
Joshua Drake bc68b7d92e fix name
git-svn-id: file:///home/svn/framework3/trunk@9097 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-16 08:08:40 +00:00
Joshua Drake fc2fab9bd7 fix name
git-svn-id: file:///home/svn/framework3/trunk@9096 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-16 08:08:36 +00:00
Joshua Drake 51e6a64e07 add UNCPATH option
git-svn-id: file:///home/svn/framework3/trunk@9095 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-16 08:08:14 +00:00
Joshua Drake 80cec47e17 added cve
git-svn-id: file:///home/svn/framework3/trunk@9091 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-16 00:31:31 +00:00
Joshua Drake 180ca93bbb updated description
git-svn-id: file:///home/svn/framework3/trunk@9090 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-16 00:31:03 +00:00
Joshua Drake 8e5f0a37d8 rename modules to microsoft bulletin names and update references
git-svn-id: file:///home/svn/framework3/trunk@9085 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-15 16:08:27 +00:00
Joshua Drake 73dfe9729b update default option settings and auto_target
git-svn-id: file:///home/svn/framework3/trunk@9083 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-15 15:23:43 +00:00
Steve Tornio ec74d862a7 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@9082 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-15 11:18:25 +00:00
Joshua Drake 950f571488 add module for java web start arguments vuln - no CVE yet
git-svn-id: file:///home/svn/framework3/trunk@9074 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-14 21:45:23 +00:00
pusscat 99ecd361d3 Fix variable name (care of Monica Sojeong Hong)
git-svn-id: file:///home/svn/framework3/trunk@9061 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-13 19:05:52 +00:00
HD Moore c8aae09827 Correct english in the quotation
git-svn-id: file:///home/svn/framework3/trunk@9029 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-07 00:59:20 +00:00
Joshua Drake e9083bda0d add exploit module for cve-2010-0805 - from zsploit
git-svn-id: file:///home/svn/framework3/trunk@9018 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-05 20:25:56 +00:00
HD Moore 52faebea30 Typo
git-svn-id: file:///home/svn/framework3/trunk@9006 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-04 04:57:42 +00:00
HD Moore 8f0e3ced67 Correct spelling typo
git-svn-id: file:///home/svn/framework3/trunk@9004 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-04 00:46:49 +00:00
Joshua Drake ff8cdc29aa update description with a little history
git-svn-id: file:///home/svn/framework3/trunk@8968 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-31 22:36:10 +00:00
Joshua Drake da874c323a renamed and udpated "iepeers" vuln with latest information/name
git-svn-id: file:///home/svn/framework3/trunk@8965 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-31 20:15:22 +00:00
Joshua Drake 79e277450a add reliable IE7 trigger from Nanika
git-svn-id: file:///home/svn/framework3/trunk@8935 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-27 01:31:19 +00:00
Joshua Drake 89d6907a8f fix typoez
git-svn-id: file:///home/svn/framework3/trunk@8933 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-27 00:35:48 +00:00
HD Moore 13410d4daa Rename aurora module to the MSB naming convention
git-svn-id: file:///home/svn/framework3/trunk@8780 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-11 05:49:45 +00:00
HD Moore a23344b5d0 Consistency in how IE/Internet Explorer is named
git-svn-id: file:///home/svn/framework3/trunk@8779 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-11 05:49:14 +00:00
Steve Tornio d3da883aa2 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@8774 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-10 22:07:04 +00:00
Joshua Drake 3c57fe6e81 add exploit module for cve-2010-0806
git-svn-id: file:///home/svn/framework3/trunk@8770 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-10 22:01:32 +00:00
Joshua Drake b419a40c45 finished periodic missing CVE reference check (hint vulns w/o CVEs here!)
also some minor cleanups here and there

git-svn-id: file:///home/svn/framework3/trunk@8762 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-10 05:58:01 +00:00
Joshua Drake 83419da78b check for vulnerable version in JS prior to triggering vuln, closes #1011
git-svn-id: file:///home/svn/framework3/trunk@8731 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-06 04:36:16 +00:00
Joshua Drake 73da75a931 big update to cmd stager
1. returns array of commands instead of big blob of lines
2. combine lines together when possible (to reduce # of commands to execute)
3. add cmd stager usage in mssql_payload
4. remove extraneous stuff here and there

git-svn-id: file:///home/svn/framework3/trunk@8721 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-05 00:29:44 +00:00
Joshua Drake 0900314a15 redirect requests without subdirectories
git-svn-id: file:///home/svn/framework3/trunk@8713 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-04 18:28:05 +00:00
Joshua Drake 4bd857b53e add exploit module for cve-2008-3558
git-svn-id: file:///home/svn/framework3/trunk@8712 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-04 17:41:26 +00:00
Joshua Drake e8f22a7136 add exploit module for cve-2008-3878
git-svn-id: file:///home/svn/framework3/trunk@8705 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-04 06:19:37 +00:00
Joshua Drake 5aebed8fe7 add exploit module for cve-2008-5002
git-svn-id: file:///home/svn/framework3/trunk@8703 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-03 21:17:31 +00:00
Joshua Drake fb5906385d add exploit module for cve-2009-1534
git-svn-id: file:///home/svn/framework3/trunk@8698 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-03 18:12:37 +00:00
Joshua Drake d86575701d added CVE, KB references
git-svn-id: file:///home/svn/framework3/trunk@8696 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-03 03:20:58 +00:00
Steve Tornio 074b4ada44 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@8688 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-02 12:23:17 +00:00
Joshua Drake 4b59410507 rename module per ms bulletin
git-svn-id: file:///home/svn/framework3/trunk@8686 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-02 07:50:25 +00:00
Joshua Drake d0153225a0 add exploit module for cve-2009-1612
git-svn-id: file:///home/svn/framework3/trunk@8685 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-02 02:26:55 +00:00
Joshua Drake cc9113397c add exploit for IE Windows Help vulnerability
git-svn-id: file:///home/svn/framework3/trunk@8682 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-01 23:14:20 +00:00
Joshua Drake cc891bce80 whitespace cleanups
git-svn-id: file:///home/svn/framework3/trunk@8677 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-01 15:13:04 +00:00
Joshua Drake afd2df315b rename module part deux!
git-svn-id: file:///home/svn/framework3/trunk@8607 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-23 18:12:10 +00:00
Joshua Drake 705a4626e4 remove dash from file name
git-svn-id: file:///home/svn/framework3/trunk@8605 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-23 18:06:35 +00:00
Joshua Drake 797ab55f52 add exploit module for cve-2009-2011
git-svn-id: file:///home/svn/framework3/trunk@8541 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-17 20:14:40 +00:00
Patrick Webster 3fd3d44ad6 Added barcode_ax49.rb exploit module.
git-svn-id: file:///home/svn/framework3/trunk@8466 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-12 18:06:49 +00:00
James Lee eb6ce38e0c old zero-day shows its age
git-svn-id: file:///home/svn/framework3/trunk@8445 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-10 20:41:07 +00:00
HD Moore ba34abc232 Fix unpack("H*") vs unpack("H*")[0]
git-svn-id: file:///home/svn/framework3/trunk@8416 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 21:37:07 +00:00
Joshua Drake fde3fbb2e3 add exploit module for cve-2009-1569
git-svn-id: file:///home/svn/framework3/trunk@8339 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-01 03:56:02 +00:00
Joshua Drake c073cd707a removed unecessary parameter, commented target
git-svn-id: file:///home/svn/framework3/trunk@8338 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-01 03:33:38 +00:00
Joshua Drake 2783c5884e add exploit module for cve-2009-1568
git-svn-id: file:///home/svn/framework3/trunk@8336 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-01 02:40:47 +00:00
Joshua Drake 4751d83cb8 some cleanups, added some CVE references
git-svn-id: file:///home/svn/framework3/trunk@8304 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 20:15:32 +00:00
Joshua Drake d9e5de5683 note the CLSID of this control
git-svn-id: file:///home/svn/framework3/trunk@8302 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 19:17:50 +00:00
Joshua Drake 31949c4343 svn keywords fixups
fixed a bunch of $Id$ and $Revision$ typos
added keywords property to files missing it



git-svn-id: file:///home/svn/framework3/trunk@8242 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-26 20:12:13 +00:00
Joshua Drake 83f47796fe add reference to ms09-032 (the mitigation)
git-svn-id: file:///home/svn/framework3/trunk@8212 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-24 00:05:19 +00:00
Joshua Drake 409d44bfad fix another typo
git-svn-id: file:///home/svn/framework3/trunk@8190 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 19:26:04 +00:00
Joshua Drake 9cb3ac9340 fix typo
git-svn-id: file:///home/svn/framework3/trunk@8189 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 19:24:54 +00:00
Joshua Drake ab1a1c58db escape more format specifiers passed to util.printd
prevents mucking with the allocation size (hopefully)
a better solution would be to find a different way to allocate the freed memory..


git-svn-id: file:///home/svn/framework3/trunk@8188 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 18:32:01 +00:00
Joshua Drake a87d4e7eb4 escape randomly generated format specifiers passed to util.printd
prevents mucking with the allocation size (hopefully)


git-svn-id: file:///home/svn/framework3/trunk@8186 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 17:09:46 +00:00
Joshua Drake 2b8a2d56a1 some variable renaming
git-svn-id: file:///home/svn/framework3/trunk@8184 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 04:55:16 +00:00
James Lee bbe10b439f let the user know when a client connects
git-svn-id: file:///home/svn/framework3/trunk@8140 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-16 01:00:01 +00:00
HD Moore 69f609bdcd Updated description to make the source of the exploit clear and why it only triggers reliably vs 6 now. Adjusts the heap spray to be slightly bigger
git-svn-id: file:///home/svn/framework3/trunk@8138 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-16 00:55:42 +00:00
Steve Tornio a0326fc842 add CVE and OSVDB refs
git-svn-id: file:///home/svn/framework3/trunk@8137 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-15 22:05:02 +00:00
HD Moore 579a6fe799 Metasploit port of the IE "Aurora" exploit, based on this sample: http://wepawet.iseclab.org/view.php?hash=1aea206aa64ebeabb07237f1e2230d0f&type=js
git-svn-id: file:///home/svn/framework3/trunk@8136 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-15 21:36:04 +00:00
Joshua Drake fba8a1d110 added a German target with 0x0a0a0a0a as the spray addr
git-svn-id: file:///home/svn/framework3/trunk@8125 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-14 22:24:56 +00:00
James Lee 3c6cbbc47e make sure IE service packs don't throw off the version comparison
git-svn-id: file:///home/svn/framework3/trunk@8049 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-31 21:24:00 +00:00
Joshua Drake 2283e029db crossing fingers, big cr removal batch
git-svn-id: file:///home/svn/framework3/trunk@8038 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-30 22:24:22 +00:00
Joshua Drake 19d32b6c97 add jabra to author list
git-svn-id: file:///home/svn/framework3/trunk@7931 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-21 17:01:12 +00:00
Steve Tornio 544efd879b Add OSVDB references
git-svn-id: file:///home/svn/framework3/trunk@7929 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-21 11:53:20 +00:00
Joshua Drake 47ef693b77 add CVE references!
git-svn-id: file:///home/svn/framework3/trunk@7928 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-21 09:38:42 +00:00
HD Moore be42efdd1b Update the PDF modules to work on a wider range of versions
git-svn-id: file:///home/svn/framework3/trunk@7917 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-19 01:02:32 +00:00
James Lee 82d84605e4 advisory says it should work against 5.5, but this module causes js syntax errors, so only run it on 6
git-svn-id: file:///home/svn/framework3/trunk@7914 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-18 19:38:52 +00:00
HD Moore f2ec7795e2 Reliability improvement for the Acrobat bug - use the lame old 0x0c0c0c0c, but this works on the widest range of versions
git-svn-id: file:///home/svn/framework3/trunk@7907 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-17 14:43:05 +00:00
Joshua Drake 026924c9b6 fixed sync issues between browser/fileformat modules
git-svn-id: file:///home/svn/framework3/trunk@7902 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-17 05:19:30 +00:00
Joshua Drake 2baa4a1efa port changes from Lurene to browser version
git-svn-id: file:///home/svn/framework3/trunk@7901 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-17 05:16:35 +00:00
Joshua Drake e563e91d35 added browser versions of yesterdays adobe pdf exploits from jabra
git-svn-id: file:///home/svn/framework3/trunk@7894 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-16 20:37:57 +00:00
James Lee 2570fcee15 get rid of some more ^Ms
git-svn-id: file:///home/svn/framework3/trunk@7880 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 18:47:29 +00:00
James Lee 196ee82179 bye-bye crlf
git-svn-id: file:///home/svn/framework3/trunk@7878 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 18:13:27 +00:00
Joshua Drake 1813a0fb9a updated technique
git-svn-id: file:///home/svn/framework3/trunk@7867 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 00:32:07 +00:00
Mario Ceballos c799df8559 target is no good. offsets change on different installs.
git-svn-id: file:///home/svn/framework3/trunk@7864 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 23:07:21 +00:00
Joshua Drake 88b9ee18af clarified some version info
git-svn-id: file:///home/svn/framework3/trunk@7863 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 23:01:34 +00:00
Joshua Drake 8317b69aca corrected disclosure date
git-svn-id: file:///home/svn/framework3/trunk@7860 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 22:44:37 +00:00
Joshua Drake 2524840348 renamed, new targets, now using seh...
git-svn-id: file:///home/svn/framework3/trunk@7859 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 22:40:56 +00:00
Mario Ceballos 3ac51c7396 added exploit module symantec_altirisdeployment_runcmd.rb.
git-svn-id: file:///home/svn/framework3/trunk@7821 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-11 02:36:01 +00:00
HD Moore 3c08bc0c80 Rename and reference update from the microsoft patch
git-svn-id: file:///home/svn/framework3/trunk@7775 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-09 15:06:26 +00:00
Joshua Drake 87c85b5176 removed executable generation routines from Rex::Text (use Msf::Util::EXE), Fixes #660
git-svn-id: file:///home/svn/framework3/trunk@7760 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-08 21:24:45 +00:00
Joshua Drake 0961ce3523 add exploit module for cve-2009-3693
git-svn-id: file:///home/svn/framework3/trunk@7749 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-08 03:08:46 +00:00
Joshua Drake ff83f1cd2f add ranking to every exploit module, pfew!
git-svn-id: file:///home/svn/framework3/trunk@7724 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-06 05:50:37 +00:00
Joshua Drake 2cf9c3ce2b revision fixups
git-svn-id: file:///home/svn/framework3/trunk@7723 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-06 05:16:11 +00:00
Joshua Drake 17249f29d3 cve roulette also cve-2009-4054
git-svn-id: file:///home/svn/framework3/trunk@7722 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-06 05:00:06 +00:00
HD Moore 927563c135 Correct some assumptions about client-side exploit signature development, remove the prepend since we dont use .net anymore
git-svn-id: file:///home/svn/framework3/trunk@7616 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-25 21:18:26 +00:00
Joshua Drake a4dd52543c removed .net dll bypass, recorded some crash addresses
git-svn-id: file:///home/svn/framework3/trunk@7614 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-25 19:39:15 +00:00
James Lee 00eaff0550 stupid ruby string differences
git-svn-id: file:///home/svn/framework3/trunk@7611 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-25 17:16:45 +00:00
HD Moore 0c19f50718 Fix broken .NET method
git-svn-id: file:///home/svn/framework3/trunk@7610 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-25 17:11:38 +00:00
Joshua Drake f733856974 add exploit module for cve-2009-3762
git-svn-id: file:///home/svn/framework3/trunk@7609 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-25 07:25:04 +00:00
James Lee f516edacfb only works on ie7
git-svn-id: file:///home/svn/framework3/trunk@7603 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-25 02:14:40 +00:00
James Lee c45c15cd29 add autopwn info
git-svn-id: file:///home/svn/framework3/trunk@7599 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-24 23:50:08 +00:00
James Lee 99319d2a55 don't unintentionally create a UNC path. see #558
git-svn-id: file:///home/svn/framework3/trunk@7591 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-24 06:23:03 +00:00
James Lee 4a912e7c0c don't inadvertantly create a UNC path. see #558
git-svn-id: file:///home/svn/framework3/trunk@7590 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-24 06:02:21 +00:00
James Lee 7490e4c4a8 use an absolute uri to the evil gif. fixes #558. we probably ought to have a method for doing this since it seems to be a fairly common problem.
git-svn-id: file:///home/svn/framework3/trunk@7589 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-24 05:44:21 +00:00
Joshua Drake b9939a836f fixed PDF header (oops)
git-svn-id: file:///home/svn/framework3/trunk@7577 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-22 01:01:11 +00:00
Joshua Drake e5796f5b3b changed address to 0x0a0a0a0a
tested against various reader versions
removed pdf version randomization



git-svn-id: file:///home/svn/framework3/trunk@7570 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-19 05:56:03 +00:00
HD Moore 61e233df91 Keywords on all modules, plugins, and scripts
git-svn-id: file:///home/svn/framework3/trunk@7550 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-17 00:05:19 +00:00
Joshua Drake 4edc6d942c updated awingsoft web3d bof module from trancer
git-svn-id: file:///home/svn/framework3/trunk@7533 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-16 16:51:52 +00:00
Joshua Drake 04725e70cc reference updates from Steve Tornio
git-svn-id: file:///home/svn/framework3/trunk@7521 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-15 16:03:01 +00:00
Mario Ceballos 4c23734e72 added exploit module oracle_dc_submittoexpress.rb
git-svn-id: file:///home/svn/framework3/trunk@7520 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-15 01:01:21 +00:00
Joshua Drake 7573994152 add exploit module for another winds3d 0day
git-svn-id: file:///home/svn/framework3/trunk@7518 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-14 22:26:08 +00:00
Joshua Drake 240a8444b0 Fixed some license problems
git-svn-id: file:///home/svn/framework3/trunk@7515 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-14 18:09:05 +00:00
Mario Ceballos bbfc195735 added patch from Steve Tornio.
git-svn-id: file:///home/svn/framework3/trunk@7514 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-14 13:26:27 +00:00
Joshua Drake 8d382ef487 oops -- removed CVE/BID/OSVDB references
git-svn-id: file:///home/svn/framework3/trunk@7512 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-14 04:46:21 +00:00
Joshua Drake 74269325db added CVE/BID/OSVDB references
git-svn-id: file:///home/svn/framework3/trunk@7511 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-14 04:42:02 +00:00
Joshua Drake f86eca488a minor fixup in email addr
git-svn-id: file:///home/svn/framework3/trunk@7510 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-14 04:39:00 +00:00
Joshua Drake 9381abf41a swap L to V for packing
git-svn-id: file:///home/svn/framework3/trunk@7509 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-14 04:38:03 +00:00
Joshua Drake 70cf288b99 added trancer's exploit for cve-2009-2386
git-svn-id: file:///home/svn/framework3/trunk@7508 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-14 04:36:20 +00:00
Joshua Drake da6fa072f2 add module for cve-2008-0492
git-svn-id: file:///home/svn/framework3/trunk@7490 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-13 18:09:50 +00:00
Joshua Drake 7758ebfda4 uniquified name
git-svn-id: file:///home/svn/framework3/trunk@7488 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-13 00:22:14 +00:00
Joshua Drake 61f2c0b195 uniqified name
git-svn-id: file:///home/svn/framework3/trunk@7487 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-13 00:21:54 +00:00
Joshua Drake 2e4f5734ea fixed typo
git-svn-id: file:///home/svn/framework3/trunk@7486 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-13 00:21:09 +00:00
James Lee 70b2d06c86 speed up content creation, string concat sucks
git-svn-id: file:///home/svn/framework3/trunk@7356 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-04 19:06:01 +00:00
James Lee c675cfb1cf Fix 1.9.1 issues, make the vbs smaller (down to about 4MB from almost 10)
git-svn-id: file:///home/svn/framework3/trunk@7355 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-04 18:55:32 +00:00
HD Moore 9e654c51f2 Revive
git-svn-id: file:///home/svn/framework3/trunk@7348 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-04 04:04:39 +00:00
HD Moore 4b53b1d378 Purge
git-svn-id: file:///home/svn/framework3/trunk@7347 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-04 04:04:17 +00:00
HD Moore 98d9d66905 Replaced with encoded shiny bits
git-svn-id: file:///home/svn/framework3/trunk@7346 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-04 03:56:12 +00:00
HD Moore 0a52c98e03 Purging this module due to lame AV sigs, re-adding in a sillier form
git-svn-id: file:///home/svn/framework3/trunk@7345 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-04 03:50:31 +00:00
Mario Ceballos aef3817db9 added patch from steve tornio.
git-svn-id: file:///home/svn/framework3/trunk@7331 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-03 12:02:54 +00:00
Mario Ceballos b62dc9705e remove some debugging.
git-svn-id: file:///home/svn/framework3/trunk@7329 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-02 21:21:50 +00:00
Mario Ceballos 73bd4f7de2 added exploit module symantec_consoleutilities_browseandsavefile.rb from Nikolas Sotiriu.
git-svn-id: file:///home/svn/framework3/trunk@7328 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-02 21:02:45 +00:00
HD Moore 4f3128c061 Stop randomizing the module version, it breaks Acrobat 9
git-svn-id: file:///home/svn/framework3/trunk@7303 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-29 04:09:07 +00:00
Mario Ceballos 131adc4c3a fixed cve reference number.
git-svn-id: file:///home/svn/framework3/trunk@7260 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-25 21:19:27 +00:00
HD Moore e3f68f2639 Another large number of warnings fixed by Yoann Guillot
git-svn-id: file:///home/svn/framework3/trunk@7248 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-25 17:18:23 +00:00
HD Moore a0fbc2914f Remove the milw0rm references, as the links are no longer valid.
git-svn-id: file:///home/svn/framework3/trunk@7237 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-24 18:13:07 +00:00
Mario Ceballos bac233108f added exploit modules ms_visual_studio_msmask.rb and ms_visual_basic_vbp.rb
git-svn-id: file:///home/svn/framework3/trunk@7208 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-19 12:58:03 +00:00
HD Moore d3aa513773 Fixes #339. Cleans up author names for the most part - there are still some stragglers, but this should fix up the frequent contributors
git-svn-id: file:///home/svn/framework3/trunk@7173 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-17 05:55:15 +00:00
Mario Ceballos 62dc4c74d7 added activepdf_webgrabber.rb, etrust_pestscan.rb, ea_checkrequirements.rb and mcafee_hercules_deletesnapshot.rb exploit modules.
git-svn-id: file:///home/svn/framework3/trunk@7167 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-15 15:22:16 +00:00
Mario Ceballos aae4ac74c1 more adjusting of the cve entries.
git-svn-id: file:///home/svn/framework3/trunk@7157 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-14 12:56:13 +00:00
Mario Ceballos 8e365c17fa fixed the cve entrys.
git-svn-id: file:///home/svn/framework3/trunk@7156 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-14 11:45:14 +00:00
Mario Ceballos aee16a85ab fixed the cve entry.
git-svn-id: file:///home/svn/framework3/trunk@7155 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-14 11:28:50 +00:00
Mario Ceballos 63ad9ebf27 added exploit module aol_icq_downloadagent.rb
git-svn-id: file:///home/svn/framework3/trunk@7153 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-13 17:04:05 +00:00
HD Moore 5d9f3323e8 Last two reference updates from Steve Tornio
git-svn-id: file:///home/svn/framework3/trunk@7150 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-12 14:42:51 +00:00
HD Moore 26db223636 OSVDB reference update from Steve Tornio
git-svn-id: file:///home/svn/framework3/trunk@7149 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-12 14:39:51 +00:00
Mario Ceballos a8ccd1fe98 updated references with bid/cve.
git-svn-id: file:///home/svn/framework3/trunk@7148 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-12 12:39:15 +00:00
Mario Ceballos 5b6f16a0f9 added exploit modules athocgov_completeinstallation.rb and symantec_iao.rb
git-svn-id: file:///home/svn/framework3/trunk@7147 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-12 12:31:52 +00:00
Mario Ceballos 1cadfa4ea7 added exploit module amaya_bdo.rb from dookie.
git-svn-id: file:///home/svn/framework3/trunk@7136 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-10 21:51:25 +00:00
kris f21e3c8754 svn:keywords run
git-svn-id: file:///home/svn/framework3/trunk@7128 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-04 23:38:06 +00:00
HD Moore 5972666f63 See #339. Massive cleanup of author names, make them consistent across modules
git-svn-id: file:///home/svn/framework3/trunk@7075 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-27 21:30:45 +00:00
James Lee 9ace8f33eb OSVDB references from Steve Tornio
git-svn-id: file:///home/svn/framework3/trunk@7030 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-12 04:22:58 +00:00
Mario Ceballos 13f5e1c2e5 added exploit module symantec_altirisdeployment_downloadandinstall.rb
git-svn-id: file:///home/svn/framework3/trunk@7023 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-09 22:30:01 +00:00
HD Moore 71d644e72e Fix the Payload->Space to match the new max size limit for the EXE generator. Thanks for catching it MC
git-svn-id: file:///home/svn/framework3/trunk@7022 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-09 21:23:11 +00:00
druid 20102275ce Updated references
git-svn-id: file:///home/svn/framework3/trunk@6956 4d416f70-5f16-0410-b530-b9f4589650da
2009-08-13 22:35:42 +00:00
druid 0a29ce88c0 Added MSB reference
git-svn-id: file:///home/svn/framework3/trunk@6955 4d416f70-5f16-0410-b530-b9f4589650da
2009-08-13 19:25:02 +00:00
Patrick Webster 91faadd782 Added juniper_sslvpn_ive_setupdll ActiveX exploit module.
git-svn-id: file:///home/svn/framework3/trunk@6921 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-30 15:47:23 +00:00
HD Moore 876a80f601 Updated osvdb references from Steve Tornio, updated capture/eth_spoof modules
git-svn-id: file:///home/svn/framework3/trunk@6907 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-27 14:05:23 +00:00
kris d3e65b3363 svn:keywords run
git-svn-id: file:///home/svn/framework3/trunk@6876 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-23 02:55:51 +00:00
James Lee 739207bf4a merge browser_autopwn back into trunk. This changes the database schema slightly, so make sure to db_destroy and db_create before using the database features.
git-svn-id: file:///home/svn/framework3/trunk@6873 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-22 20:14:35 +00:00
James Lee 750a432fd0 fix calls to new to_win32pe with correct number of arguments
git-svn-id: file:///home/svn/framework3/trunk@6872 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-22 19:23:21 +00:00
James Lee 529ded22ae reverting last commit; somebody didn't cross their fingers
git-svn-id: file:///home/svn/framework3/trunk@6847 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-19 20:48:47 +00:00
James Lee c3dc1ecb55 reintegrate browser_autopwn into trunk; cross your fingers and hope this works
git-svn-id: file:///home/svn/framework3/trunk@6846 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-19 17:27:36 +00:00
HD Moore f8c2a203fd OSVDB references updates from Steve Tornio
git-svn-id: file:///home/svn/framework3/trunk@6812 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-16 16:02:24 +00:00
HD Moore b018df89da Some minor tweaks, looks like this module doesnt play nice with the new JS encrypter
git-svn-id: file:///home/svn/framework3/trunk@6799 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-14 11:59:33 +00:00
HD Moore b2a0f8adf5 Comment out references for now
git-svn-id: file:///home/svn/framework3/trunk@6795 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-14 02:42:52 +00:00
HD Moore 298ba64734 Fix the references section
git-svn-id: file:///home/svn/framework3/trunk@6794 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-14 00:25:26 +00:00
HD Moore 306841cc69 Adds coverage for the new OWC ActiveX control exploit
git-svn-id: file:///home/svn/framework3/trunk@6792 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-13 23:39:42 +00:00
HD Moore 5fb316b383 Integrates L4teral's JS encoder/encrypter
git-svn-id: file:///home/svn/framework3/trunk@6784 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-13 22:17:11 +00:00
druid c846f02c79 Final commit of working CLSIDs
git-svn-id: file:///home/svn/framework3/trunk@6755 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-08 22:15:59 +00:00
druid 7a7b2df5a5 Updated list of working ClassIDs
git-svn-id: file:///home/svn/framework3/trunk@6754 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-08 21:34:13 +00:00
druid b9e7e0b902 Removed some CLSIDs that didn't work
git-svn-id: file:///home/svn/framework3/trunk@6753 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-08 21:25:23 +00:00
druid 02f7d6b586 Exploit now uses a random ClassID from the list provided by the Microsoft Advisory rather than a static one (also configurable via an advanced option).
git-svn-id: file:///home/svn/framework3/trunk@6751 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-08 19:47:44 +00:00
HD Moore a54b9a06ef Exploit module for the new MS Video ActiveX flaw from Trancer. See more at http://www.rec-sec.com/2009/07/06/ms-directshow-msvidctl-exploit/
git-svn-id: file:///home/svn/framework3/trunk@6750 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-07 11:11:46 +00:00
HD Moore d0fe4e8610 Remove overzealous change for 1.9.1 compat
git-svn-id: file:///home/svn/framework3/trunk@6697 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-22 13:22:50 +00:00
HD Moore 66a6bfe9c0 Make the PDF modules 1.9.1 compatible
git-svn-id: file:///home/svn/framework3/trunk@6696 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-22 13:21:08 +00:00
HD Moore 2ec7693d94 Fix up the modules to pass in the framework object into the new API call
git-svn-id: file:///home/svn/framework3/trunk@6687 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-20 18:18:04 +00:00
HD Moore 2283e0ffe4 Update executable template and API
git-svn-id: file:///home/svn/framework3/trunk@6682 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-20 17:42:17 +00:00
HD Moore 3a9e42ceb8 Green dam exploit from Trancer
git-svn-id: file:///home/svn/framework3/trunk@6671 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-18 01:54:15 +00:00
HD Moore a5f567e76e Massive OSVDB reference update from Steve Tornio.
git-svn-id: file:///home/svn/framework3/trunk@6629 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-07 20:20:42 +00:00
Mario Ceballos fe463072d6 added exploit module ibmegath_getxmlvalue.rb
git-svn-id: file:///home/svn/framework3/trunk@6609 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-01 11:19:06 +00:00
HD Moore f17ee863bc Three new unpatched exploits from trancer: http://www.rec-sec.com
git-svn-id: file:///home/svn/framework3/trunk@6578 4d416f70-5f16-0410-b530-b9f4589650da
2009-05-24 15:06:12 +00:00
HD Moore 1eddbbf332 More references from Steve Tornio
git-svn-id: file:///home/svn/framework3/trunk@6551 4d416f70-5f16-0410-b530-b9f4589650da
2009-05-14 19:56:07 +00:00
HD Moore 9d8581a17e More osvdb references from Steve Tornio
git-svn-id: file:///home/svn/framework3/trunk@6550 4d416f70-5f16-0410-b530-b9f4589650da
2009-05-13 17:39:42 +00:00
HD Moore 0981295879 More osvdb references from Steve Tornio
git-svn-id: file:///home/svn/framework3/trunk@6547 4d416f70-5f16-0410-b530-b9f4589650da
2009-05-12 19:56:54 +00:00
Mario Ceballos 89d0cb3954 added exploit module mswhale_checkforupdates.rb
git-svn-id: file:///home/svn/framework3/trunk@6486 4d416f70-5f16-0410-b530-b9f4589650da
2009-04-15 21:38:50 +00:00
kris 37c2e301ed replacing defunct framework URL in header comments in most modules and pcap_log
git-svn-id: file:///home/svn/framework3/trunk@6479 4d416f70-5f16-0410-b530-b9f4589650da
2009-04-13 14:33:26 +00:00
Mario Ceballos 3c54e15590 added exploit module sapgui_saveviewtosessionfile.rb
git-svn-id: file:///home/svn/framework3/trunk@6455 4d416f70-5f16-0410-b530-b9f4589650da
2009-04-02 20:43:06 +00:00
natron 8d7c6d6367 Browser version of jbig2decode
git-svn-id: file:///home/svn/framework3/trunk@6451 4d416f70-5f16-0410-b530-b9f4589650da
2009-03-31 14:58:37 +00:00
HD Moore 9d2382f5f5 Adds the PDF geticon modules from jduck
git-svn-id: file:///home/svn/framework3/trunk@6409 4d416f70-5f16-0410-b530-b9f4589650da
2009-03-28 07:40:29 +00:00
HD Moore eccfcdfced Sets svn keywords on modules missing it, tweaks the emailer module
git-svn-id: file:///home/svn/framework3/trunk@6407 4d416f70-5f16-0410-b530-b9f4589650da
2009-03-28 06:03:35 +00:00
HD Moore a5125c6c87 Update the module description
git-svn-id: file:///home/svn/framework3/trunk@6404 4d416f70-5f16-0410-b530-b9f4589650da
2009-03-28 05:52:40 +00:00
Mario Ceballos a036178737 added exploit module orbit_connecting.rb
git-svn-id: file:///home/svn/framework3/trunk@6348 4d416f70-5f16-0410-b530-b9f4589650da
2009-03-17 01:24:16 +00:00
kris 804ff61df6 big svn:keywords run
git-svn-id: file:///home/svn/framework3/trunk@6345 4d416f70-5f16-0410-b530-b9f4589650da
2009-03-15 18:12:33 +00:00
Patrick Webster 2df5dc3204 Added exploit module ebook_flipviewer_fviewerloading from LSO.
git-svn-id: file:///home/svn/framework3/trunk@6281 4d416f70-5f16-0410-b530-b9f4589650da
2009-03-02 23:14:54 +00:00
natron b6731747c4 added ie_unsafe_scripting exploit module
git-svn-id: file:///home/svn/framework3/trunk@6260 4d416f70-5f16-0410-b530-b9f4589650da
2009-02-27 22:35:50 +00:00
cg 8fe4bf88b9 MS09-002 coverage by dean
git-svn-id: file:///home/svn/framework3/trunk@6238 4d416f70-5f16-0410-b530-b9f4589650da
2009-02-20 17:46:52 +00:00
Mario Ceballos 7ef0ddeec5 added exploit module symantec_appstream_unsafe.rb
git-svn-id: file:///home/svn/framework3/trunk@6162 4d416f70-5f16-0410-b530-b9f4589650da
2009-01-18 02:19:26 +00:00
Mario Ceballos 430d7cb424 fixed BID number.
git-svn-id: file:///home/svn/framework3/trunk@6145 4d416f70-5f16-0410-b530-b9f4589650da
2009-01-13 14:41:14 +00:00
Mario Ceballos bc1f2da254 added exploit module winzip_fileview.rb from dean.
git-svn-id: file:///home/svn/framework3/trunk@6144 4d416f70-5f16-0410-b530-b9f4589650da
2009-01-13 14:04:53 +00:00
Mario Ceballos 3ee6eaede8 added exploit module nis2004_antispam.rb that makes use of egypts newly added heap spray stuff.
git-svn-id: file:///home/svn/framework3/trunk@6109 4d416f70-5f16-0410-b530-b9f4589650da
2009-01-10 14:00:49 +00:00
Mario Ceballos fa950d64ef updated with the authors email address.
git-svn-id: file:///home/svn/framework3/trunk@6076 4d416f70-5f16-0410-b530-b9f4589650da
2009-01-05 13:09:18 +00:00
Mario Ceballos 33940517c5 added exploit modules ca_brightstor_addcolumn.rb and verypdf_pdfview.rb from dean.
git-svn-id: file:///home/svn/framework3/trunk@6073 4d416f70-5f16-0410-b530-b9f4589650da
2009-01-04 21:51:04 +00:00
HD Moore 45c08a9011 Fallback to heap spray if the .NET DLL does not load
git-svn-id: file:///home/svn/framework3/trunk@6015 4d416f70-5f16-0410-b530-b9f4589650da
2008-12-17 04:19:54 +00:00
Mario Ceballos aa53df6535 add exploit module adobe_utilprintf.rb, browser based.
git-svn-id: file:///home/svn/framework3/trunk@6014 4d416f70-5f16-0410-b530-b9f4589650da
2008-12-15 15:44:02 +00:00
HD Moore 5822ab75a7 Adds an exploit module (universal) for the new internet explorer xml bug. This module shows off the .NET memory techniques discovered by Alexander Sotirov and Mark Dowd. This code should bypass DEP, ASLR, and NX :-)
git-svn-id: file:///home/svn/framework3/trunk@6012 4d416f70-5f16-0410-b530-b9f4589650da
2008-12-12 01:45:00 +00:00
Ramon de C Valle c66d6c4e46 Set property 'svn:keywords'
git-svn-id: file:///home/svn/framework3/trunk@5783 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-23 02:43:21 +00:00
Ramon de C Valle f124597a56 Code cleanups
git-svn-id: file:///home/svn/framework3/trunk@5773 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-19 21:03:39 +00:00
Mario Ceballos 3de5bab19b added exploit module zenturiprogramchecker_unsafe.rb
git-svn-id: file:///home/svn/framework3/trunk@5769 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-19 13:15:53 +00:00
Mario Ceballos fd95f81cd6 added exploit module systemrequirementslab_unsafe.rb
git-svn-id: file:///home/svn/framework3/trunk@5754 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-14 19:19:39 +00:00
Mario Ceballos b508358132 added exploit modules lpviewer_url.rb and softartisans_getdrivename.rb
git-svn-id: file:///home/svn/framework3/trunk@5750 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-14 13:41:52 +00:00
HD Moore a7a7da9e28 Newer mercury module, more reliable using 0x0c0c0c0c return
git-svn-id: file:///home/svn/framework3/trunk@5742 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-12 17:11:14 +00:00
Mario Ceballos 6ad1a82101 fixed tabbing.
git-svn-id: file:///home/svn/framework3/trunk@5710 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-02 15:48:25 +00:00
HD Moore fd256ec4a1 This massive commit changes the metasploit 3 module format. The new syntax allows for greater scalability and future improvements to the metasploit module loader. This change also makes it easier for users to add new modules, since the class name no longer needs to match the directory structure.
git-svn-id: file:///home/svn/framework3/trunk@5709 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-02 05:23:59 +00:00
Mario Ceballos 67a25b6ce8 added exploit modules ms08_053_mediaencoder.rb, macrovision_unsafe.rb and
ms08_041_snapshotviewer.rb


git-svn-id: file:///home/svn/framework3/trunk@5707 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-01 22:40:57 +00:00
James Lee a212bfba99 fix PrepenEncoder typo, replace it with 'StackAdjustment' => -3500
git-svn-id: file:///home/svn/framework3/trunk@5613 4d416f70-5f16-0410-b530-b9f4589650da
2008-08-01 20:04:42 +00:00
James Lee a97dbb0106 fix missing semicolon in js
git-svn-id: file:///home/svn/framework3/trunk@5612 4d416f70-5f16-0410-b530-b9f4589650da
2008-08-01 02:48:32 +00:00
Mario Ceballos ee0f6ed5cc module update from Elazar Broad.
git-svn-id: file:///home/svn/framework3/trunk@5606 4d416f70-5f16-0410-b530-b9f4589650da
2008-07-27 11:23:42 +00:00
James Lee 894606aab4 bug fix in javascript
git-svn-id: file:///home/svn/framework3/trunk@5570 4d416f70-5f16-0410-b530-b9f4589650da
2008-07-23 00:55:21 +00:00
James Lee d9331e8754 Make browser exploits identify themselves for use with browser_autopwn
git-svn-id: file:///home/svn/framework3/trunk@5551 4d416f70-5f16-0410-b530-b9f4589650da
2008-07-13 01:36:27 +00:00
James Lee 8800372e46 initial commit of browser_autopwn;
revamp php payloads;
socks5 for IPv6 (untested)



git-svn-id: file:///home/svn/framework3/trunk@5546 4d416f70-5f16-0410-b530-b9f4589650da
2008-07-01 01:44:56 +00:00
Mario Ceballos 13859c23d9 added exploit module novelliprint_getdriversettings.rb.
git-svn-id: file:///home/svn/framework3/trunk@5533 4d416f70-5f16-0410-b530-b9f4589650da
2008-06-19 00:06:18 +00:00
Mario Ceballos 8e7ac6c9ac added exploit module creative_software_cachefolder.rb
git-svn-id: file:///home/svn/framework3/trunk@5531 4d416f70-5f16-0410-b530-b9f4589650da
2008-06-17 15:11:17 +00:00
James Lee 899973b7ea Send 404 when we can't exploit a mozilla browser so client doesn't hang.
git-svn-id: file:///home/svn/framework3/trunk@5497 4d416f70-5f16-0410-b530-b9f4589650da
2008-04-26 18:10:41 +00:00
James Lee faa5f7c967 randomize_space
git-svn-id: file:///home/svn/framework3/trunk@5496 4d416f70-5f16-0410-b530-b9f4589650da
2008-04-25 05:29:29 +00:00
HD Moore 82330fff7e Importing two new wireless DoS modules, setting svn:keywords flags where needed.
git-svn-id: file:///home/svn/framework3/trunk@5482 4d416f70-5f16-0410-b530-b9f4589650da
2008-04-21 05:27:06 +00:00
Patrick Webster ade70d182c Added tumbleweed_filetransfer module.
git-svn-id: file:///home/svn/framework3/trunk@5470 4d416f70-5f16-0410-b530-b9f4589650da
2008-04-07 07:57:10 +00:00
Mario Ceballos d41a814ed5 added exploit modules mysql_yassl(win32/linux) and realplayer_console from EB.
git-svn-id: file:///home/svn/framework3/trunk@5463 4d416f70-5f16-0410-b530-b9f4589650da
2008-04-01 11:22:32 +00:00
Mario Ceballos 3e81678f93 added exploit modules winamp_ultravox.rb and
novelliprint_executerequest.rb.


git-svn-id: file:///home/svn/framework3/trunk@5423 4d416f70-5f16-0410-b530-b9f4589650da
2008-03-01 17:20:24 +00:00
Mario Ceballos 845af72226 New exploit module from EB.
git-svn-id: file:///home/svn/framework3/trunk@5422 4d416f70-5f16-0410-b530-b9f4589650da
2008-03-01 02:02:34 +00:00
HD Moore 6a3ccc2955 Fixes for the JS try/catch from EB.
git-svn-id: file:///home/svn/framework3/trunk@5420 4d416f70-5f16-0410-b530-b9f4589650da
2008-02-20 16:45:03 +00:00
HD Moore 93d390e2da Replacement module (more reliable) from EB
git-svn-id: file:///home/svn/framework3/trunk@5416 4d416f70-5f16-0410-b530-b9f4589650da
2008-02-14 16:15:20 +00:00
HD Moore 2dfb607b49 New exploit module from EB and MC
git-svn-id: file:///home/svn/framework3/trunk@5410 4d416f70-5f16-0410-b530-b9f4589650da
2008-02-11 02:28:03 +00:00
Mario Ceballos f4708d774f added exploit modules wincomlpd_admin.rb and facebook_extractiptc.rb.
git-svn-id: file:///home/svn/framework3/trunk@5399 4d416f70-5f16-0410-b530-b9f4589650da
2008-02-07 23:08:14 +00:00
HD Moore 9b6b0990b1 Correct the cve reference format
git-svn-id: file:///home/svn/framework3/trunk@5364 4d416f70-5f16-0410-b530-b9f4589650da
2008-01-27 02:13:54 +00:00
Mario Ceballos 5eda38fa5f IE6...
git-svn-id: file:///home/svn/framework3/trunk@5225 4d416f70-5f16-0410-b530-b9f4589650da
2007-12-27 01:29:04 +00:00
Mario Ceballos 29569b6689 added exploit module hploadrunner.rb.
git-svn-id: file:///home/svn/framework3/trunk@5224 4d416f70-5f16-0410-b530-b9f4589650da
2007-12-27 00:34:33 +00:00
Mario Ceballos c09840e49e added exploit module macrovision_downloadandexecute.rb
git-svn-id: file:///home/svn/framework3/trunk@5223 4d416f70-5f16-0410-b530-b9f4589650da
2007-12-26 12:17:05 +00:00
Mario Ceballos f2103a4a93 added exploit module realplayer_import.rb
git-svn-id: file:///home/svn/framework3/trunk@5213 4d416f70-5f16-0410-b530-b9f4589650da
2007-12-02 17:58:44 +00:00
Mario Ceballos a985158a88 added exploit module sonicwall_addrouteentry.rb
git-svn-id: file:///home/svn/framework3/trunk@5191 4d416f70-5f16-0410-b530-b9f4589650da
2007-11-01 23:15:34 +00:00
Mario Ceballos e2835eec60 added exploit module gom_openurl.rb
git-svn-id: file:///home/svn/framework3/trunk@5189 4d416f70-5f16-0410-b530-b9f4589650da
2007-10-30 21:48:56 +00:00
HD Moore 599aaff600 Correct the module title
git-svn-id: file:///home/svn/framework3/trunk@5183 4d416f70-5f16-0410-b530-b9f4589650da
2007-10-24 16:07:08 +00:00
HD Moore a7626884f6 New module from Trirat Puttaraksa
git-svn-id: file:///home/svn/framework3/trunk@5182 4d416f70-5f16-0410-b530-b9f4589650da
2007-10-24 13:56:18 +00:00
Mario Ceballos 66bd69097c added exploit module kazaa_altnet_heap.rb
git-svn-id: file:///home/svn/framework3/trunk@5135 4d416f70-5f16-0410-b530-b9f4589650da
2007-10-03 16:09:53 +00:00
Mario Ceballos eb88fb1875 added exploit module yahoomessenger_fvcom.rb
git-svn-id: file:///home/svn/framework3/trunk@5129 4d416f70-5f16-0410-b530-b9f4589650da
2007-10-01 10:58:50 +00:00
Mario Ceballos c4868b4cb3 added exploit module ask_shortformat.rb.
git-svn-id: file:///home/svn/framework3/trunk@5120 4d416f70-5f16-0410-b530-b9f4589650da
2007-09-25 02:02:56 +00:00
HD Moore 04c6dbc748 Updated svn:keywords
git-svn-id: file:///home/svn/framework3/trunk@5100 4d416f70-5f16-0410-b530-b9f4589650da
2007-09-10 01:01:20 +00:00
Mario Ceballos 8dcba76799 added exploit module trendmicro_officescan.rb
git-svn-id: file:///home/svn/framework3/trunk@5083 4d416f70-5f16-0410-b530-b9f4589650da
2007-08-31 11:58:31 +00:00
Mario Ceballos 6deb8a18a4 added module enjoysapgui_preparetoposthtml.rb
git-svn-id: file:///home/svn/framework3/trunk@5058 4d416f70-5f16-0410-b530-b9f4589650da
2007-07-18 21:49:44 +00:00
Mario Ceballos c46cb1e466 updated ref.
git-svn-id: file:///home/svn/framework3/trunk@5038 4d416f70-5f16-0410-b530-b9f4589650da
2007-07-08 02:31:17 +00:00
Mario Ceballos 7488351910 added exploit module mcafeevisualtrace_tracetarget.rb
git-svn-id: file:///home/svn/framework3/trunk@5037 4d416f70-5f16-0410-b530-b9f4589650da
2007-07-08 02:24:22 +00:00