Commit Graph

8103 Commits (48484c1f09015d3f6dec919402e14375028dfe06)

Author SHA1 Message Date
C-P 48484c1f09 Filed vs Failed fix 2015-03-27 11:27:36 -07:00
sinn3r 955c0557e0
Land #4988, Relative URL for ms14_064_ole_code_execution 2015-03-26 13:36:37 -05:00
jvazquez-r7 d84c48cb7d
Use newer hash syntax 2015-03-25 13:39:34 -05:00
jvazquez-r7 72a0909e9b
Land #4992, @wchen-r7's support for multiple ActiveX controls on BrowserExploitServerMerge 2015-03-25 13:30:36 -05:00
Tod Beardsley 49a6057f74
Grammaring harder 2015-03-24 11:10:36 -05:00
William Vu 7c456f2ad8
Land #4993, ams_xfr "payload_exe" NameError fix 2015-03-24 00:51:49 -05:00
sinn3r 8255e7a2dc Fix #4987 - undef payload_exe for ams_xfr
Fix #4987
2015-03-24 00:42:22 -05:00
William Vu 3dac6377d0
Fix #4983, bad copy pasta'd deprecation year 2015-03-24 00:34:54 -05:00
William Vu fadac30f00 Fix deprecated year 2015-03-24 00:34:38 -05:00
William Vu 6353154865
Land #4983, renamed WordPress modules 2015-03-23 23:49:40 -05:00
William Vu e338b77389 Readd and deprecate renamed WordPress modules 2015-03-23 23:48:56 -05:00
sinn3r db243a8225 x360_video_player_set_text_bof actually uses SetText for ActiveX 2015-03-23 23:36:20 -05:00
sinn3r 3248f02c2c These exploits use :activex, so I update the usage for them 2015-03-23 19:34:24 -05:00
andygoblins 89e27d98ab Use relative URL to GET payload for WinXP
Relative URLs are simpler, and allow the exploit to work on attack machines in NAT environments. Example: attack machine is NATed and does not have a DNS hostname. SRVHOST must be 0.0.0.0 but the victim cannot access the attacker from Rex::Socket.source_address
2015-03-23 14:40:06 -05:00
Tod Beardsley 21a97c0926
Add exploit for R7-2015-04, Firefox Proxy RCE 2015-03-23 13:44:41 -05:00
sinn3r 156520338d Making some changes to how BES handles ActiveX 2015-03-23 12:21:27 -05:00
aushack b191f92713 Renamed WordPress files to fit majority naming convention. 2015-03-23 18:15:04 +11:00
jvazquez-r7 2d1adf6ef4
Land #4923, @m-1-k-3's exploit for overflow on belkin routers 2015-03-22 02:05:35 -05:00
jvazquez-r7 ee74bb3c5b
The default concat operator should be ok 2015-03-22 02:05:02 -05:00
jvazquez-r7 5499b68e02
Do code cleanup 2015-03-22 01:58:32 -05:00
William Vu 07b82ec640
Land #4974, minishare_get_overflow WfsDelay change 2015-03-20 18:55:58 -05:00
William Vu 859b54f8a3
Land #4956, Qualys' Exim GHOST module 2015-03-20 18:44:30 -05:00
Adam Ziaja 921b9eab8e Update minishare_get_overflow.rb
set WfsDelay 30
2015-03-20 23:42:54 +01:00
Adam Ziaja 505ecd32fb Update minishare_get_overflow.rb
Windows 2003 SP1 English, Windows 2003 SP2 English
2015-03-20 23:09:50 +01:00
sinn3r 0c2ed21e90
Land #4318, Lateral movement through PSRemoting 2015-03-20 11:39:35 -05:00
sinn3r 23d8479683 Fix typo 2015-03-20 11:39:00 -05:00
sinn3r 0da79edb9c Add a print_status to let the user know the module is over
If I have to run the module as a job, sometimes I can't tell if
the module has finished running or not.
2015-03-20 11:35:18 -05:00
sinn3r 1b67a06d35 No banner var 2015-03-20 02:26:59 -05:00
sinn3r b55ffc9ff1 Change option to FORCE_EXPLOIT 2015-03-20 01:44:10 -05:00
sinn3r d8539ef91a Change datastore option's description 2015-03-19 12:22:42 -05:00
sinn3r a2ba81f84f This should be true (required) 2015-03-19 11:54:03 -05:00
sinn3r d8c8bd1669 Move the details to a wiki 2015-03-19 11:52:17 -05:00
Spencer McIntyre 076f15f933
Land #4792 @jakxx Publish It PUI file exploit 2015-03-18 20:59:54 -04:00
Spencer McIntyre 3f8ed56a9a
Add available space to the payload info 2015-03-18 20:57:58 -04:00
sinn3r 968a8758ad Add CVE-2015-0235 Exim GHOST (glibc gethostbyname) Buffer Overflow
This was originally written by Qualys
2015-03-18 18:51:16 -05:00
joev b33e7f477c
Land #4947, h0ng10's TWiki exploit. 2015-03-18 17:17:34 -05:00
Hans-Martin Münch (h0ng10) 5dd718e4fa Better description 2015-03-18 09:51:51 +01:00
Hans-Martin Münch (h0ng10) 00de437918 Initial commit 2015-03-18 09:45:08 +01:00
jakxx b197b7aaf0 Additional Updates
-Removed unused mixin
-Cleaned up Module name
-Cleaned up author name
2015-03-17 19:24:13 -04:00
jakxx 085e6cc815 Implemented Recommended Changes
-corrected spelling error
-set only option to required
-dumped header data to included file
-Used Rex for jmp values
2015-03-17 16:39:56 -04:00
Sven Vetsch 4d3a1a2f71 fix all duplicated keys in modules 2015-03-14 13:10:42 +01:00
jvazquez-r7 bb81107e51 Land #4927, @wchen-r7's exploit for Flash PCRE CVE-2015-0318 2015-03-13 23:58:05 -05:00
sinn3r 3bfdfbc987 Small changes 2015-03-13 18:55:11 -05:00
jvazquez-r7 1ead57a80d
Land #4928, @h0ng10's local exploit for iPass Mobile Client 2015-03-13 16:58:45 -05:00
jvazquez-r7 9894a3dc54 Change module filename 2015-03-13 16:53:17 -05:00
jvazquez-r7 b4de3ce42b Do minor cleanup 2015-03-13 16:52:26 -05:00
Hans-Martin Münch (h0ng10) b0e730d5ae Typo 2015-03-13 20:41:14 +01:00
Hans-Martin Münch (h0ng10) 726f01b8cc Initial version 2015-03-13 20:33:45 +01:00
sinn3r 182850df30 Stick to Win 7 2015-03-13 12:41:05 -05:00
sinn3r 2b199315d4 Final 2015-03-13 12:30:41 -05:00