45b2632d21
android 4.x remove locks (without root)
2015-05-26 06:51:30 +01:00
f953dc08d9
Land #5280 , @m-1-k-3's support for Airties devices to miniupnpd_soap_bof
2015-05-24 15:17:38 -05:00
5bceeb4f27
Land #5349 , @h0ng10's module for CVE-2015-2219 Lenovo System Update Local Privilege Escalation
2015-05-22 17:14:20 -05:00
eb5aadfb4e
Land #5401 , multi-platform CVE-2015-0311 - Flash uncompress() UAF
2015-05-22 16:50:13 -05:00
3aa1ffb4f5
Do minor code cleanup
2015-05-22 16:20:36 -05:00
03b70e3714
Land #5388 , @wchen-r7's fixes #5373 by add info to BrowserRequiements
2015-05-22 10:21:59 -05:00
9ce669f878
Land #5328 : reworked x64 http/https stagers
2015-05-21 23:26:34 -05:00
305da46491
Land #5301 , @m-1-k-3's aux module to extract passwords from Netgear soap interfaces
2015-05-21 16:07:05 -05:00
6da94b1dd5
Deprecate windows module
2015-05-21 15:01:41 -05:00
b9f9647ab1
Use all the BES power
2015-05-21 14:06:41 -05:00
bdf30dd383
Land #5374 , --smallest option in msfvenom
2015-05-20 21:06:10 -05:00
aa919da84d
Add the multiplatform exploit
2015-05-20 18:57:59 -05:00
2cadd5e658
Resolve #5373 , Add ActiveX info in BrowserRequirements
...
Resolve #5373
2015-05-20 16:34:09 -05:00
a4df3468de
unique: should be update:, include uri in data hash
2015-05-20 16:20:09 -05:00
c85b82e8a7
Merge branch 'master' into land-5358-notes
2015-05-20 16:02:59 -05:00
23c77adc68
Land #5377 , Update cred reporting method for http_ntlm
2015-05-20 11:57:42 -05:00
44f8cf4124
Add more size to stagers, adjust psexec payloads
...
This psexec payload size should be evaluated to make sure I'm not doing
anything stupid. i can't see a reason why increasing these sizes would
be bad. They seem to work fine.
2015-05-20 17:07:56 +10:00
6859b24c1c
Fix missing label, update payload sizes
2015-05-20 15:42:31 +10:00
c1b8cee315
Land #5369 , @dmaloney-r7's snmp_login fixes
2015-05-19 10:39:03 -05:00
a93565b5d1
Add 'Payload' section with 'Size' to psexec_psh
...
This missing parameter was causing the payload 'Size' to come through to
the encoders as `nil`. This meant that all the stagers that were
looking at the payload sizes were being told there was no size. In the
case of the meterpreter payloads, this was causing issues with the proxy
settings because the proxy configuration detail isn't added to the
payload unless there's enough space.
This fix adds a default size of 2048 (the same as the plain psexec
module). This makes the proxy settings work as expected.
2015-05-19 22:11:29 +10:00
9fddc21cf3
Shaved another sneaky byte off the payload
2015-05-19 21:21:07 +10:00
6e96e6d118
Shellcode golf to make the payload smaller
...
Tried to implement some more of the stuff that egypt suggested, managed
to get some in, but not others. Ultimately, its smaller than it was, and
I'm sure there are ways to make it better as well.
2015-05-19 21:17:42 +10:00
62720ab357
Fix the wininet stager for http/s
...
For some reason this was only working on Windows7/2008, yet when tired
on Windows 2012 it was resulting in crashes. It was also stopping
working in exploits such as psexec_psh.
Went back to the beginning and started again. With this in place, we can
now do a bit of shellcode golf to make it a bit smaller.
Adjusted payload sizes as well.
2015-05-19 20:03:22 +10:00
55c07b1bdd
Report credentials with create_credential_login
2015-05-19 00:14:55 -05:00
448736989d
Merge branch 'master' into feature/msfvenom-smallest
2015-05-18 18:41:44 -05:00
5d085a3e13
Land #5351 , use 32-bit registry view when detecting epo_sql
2015-05-18 15:48:14 -05:00
79db696c15
fix EOL character
2015-05-18 15:46:55 -05:00
093ca31c7d
The InvalidPayloadSizeException wasn't actually defined anywhere
2015-05-18 15:36:15 -05:00
b0a8c77127
Switch RuntimeError -> EncodingError
2015-05-18 15:33:01 -05:00
7989a29203
Switch to the stock EncodingError exception
2015-05-18 15:27:31 -05:00
5c31586c68
Switch to the correct exception class
2015-05-18 15:25:26 -05:00
69a7a89936
use the correct print_error message
...
vrpint_error feeds through the old authbrute mixin
which does not behave properly anymore. use
print_error instead
5266
2015-05-18 13:51:23 -05:00
09d735e855
remove proof from failure message
...
the snmp login scanner will only have
proof on success, not on failure. remove it from
the failure message for cleaner formatting
5266
2015-05-18 13:45:01 -05:00
e1eed6e9d9
single quotes and slashes..
2015-05-18 16:33:57 +02:00
7d65095472
fix quotes
2015-05-18 12:20:42 +02:00
30f7c651c9
use REGISTRY_VIEW_32_BIT
2015-05-18 10:19:32 +02:00
bf2b113abb
Merge branch 'upstream/master' into update-x64-stagers
2015-05-18 13:28:36 +10:00
d99eedb1e4
Adding begin...ensure block
2015-05-17 20:48:11 +02:00
acb053a2a7
CloseHandle cleanup
2015-05-17 20:39:10 +02:00
d804f5fe49
update to metasploit-payloads 0.0.7
2015-05-17 10:06:38 -05:00
79b9ef008a
Bugfix
2015-05-17 13:55:56 +01:00
829f8420e2
Update static payload sizes for metasploit-payloads-0.0.6
2015-05-15 18:43:47 -05:00
dd5060e08c
Land #5340 , @wchen-r7's change to the symantec_web_gateway_login writing style
2015-05-15 13:18:35 -05:00
cf5fa6752e
Use parenthesis
2015-05-15 13:17:54 -05:00
d05cae5faf
Land #5329 , @wchen-r7's add configurable options to jenkins_login
2015-05-15 11:38:21 -05:00
2882374582
Land #5276 , @lanjelot fixes #4243 and improves java_jdwp_debugger
2015-05-15 11:12:10 -05:00
a46975f1f0
Fix read_reply to use get_once correctly
2015-05-15 11:11:25 -05:00
2721be946a
also check Wow6432Node keys
2015-05-15 14:28:12 +02:00
e075495a5b
string concatenation, clear \ handling
2015-05-15 06:51:42 +02:00
94d39c5c75
remove hard coded pipe name
2015-05-15 06:35:55 +02:00
Tim
jvazquez-r7
wchen-r7
Brent Cook
OJ
William Vu
HD Moore
David Maloney
Donny Maasland (Fox-IT)
Hans-Martin Münch (h0ng10)
Stuart Morgan