infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
5,788 Commits
7 Branches
556 Tags
419 MiB
Commit Graph

1310 Commits (4ae27e32b066b08d41983df74d9348455dcd48e8)

Author SHA1 Message Date
Joshua Drake 008fbedf93 created multi-platform fileformat dir 
git-svn-id: file:///home/svn/framework3/trunk@7579 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-22 01:14:52 +00:00
Joshua Drake 5dbd32cd98 added japanese target from TomokiSanaki 
git-svn-id: file:///home/svn/framework3/trunk@7578 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-22 01:09:59 +00:00
Joshua Drake b9939a836f fixed PDF header (oops) 
git-svn-id: file:///home/svn/framework3/trunk@7577 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-22 01:01:11 +00:00
Joshua Drake b54a7aa1d3 confirmed SEH target works on Windows XP SP3 
git-svn-id: file:///home/svn/framework3/trunk@7576 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-21 17:44:09 +00:00
Joshua Drake e5796f5b3b changed address to 0x0a0a0a0a 
tested against various reader versions
removed pdf version randomization



git-svn-id: file:///home/svn/framework3/trunk@7570 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-19 05:56:03 +00:00
Joshua Drake f767129e61 fixed some typos, thx mubix! 
git-svn-id: file:///home/svn/framework3/trunk@7569 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-19 03:36:02 +00:00
Joshua Drake 106350ac97 Stop randomizing the module version, it breaks Acrobat 9 
git-svn-id: file:///home/svn/framework3/trunk@7568 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-18 17:39:37 +00:00
Joshua Drake 5bbbafefa2 osvdb reference update from Steve Tornio 
git-svn-id: file:///home/svn/framework3/trunk@7565 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-18 04:16:10 +00:00
Joshua Drake c2bcad1f4c add exploit http version 
git-svn-id: file:///home/svn/framework3/trunk@7563 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-18 02:29:37 +00:00
Joshua Drake 82706981de dynamically get ip address length 
git-svn-id: file:///home/svn/framework3/trunk@7561 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-18 00:49:20 +00:00
Joshua Drake 31e9d9929c add exploit module for another 0day 
git-svn-id: file:///home/svn/framework3/trunk@7560 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-17 23:54:26 +00:00
Joshua Drake 447e208abf add httpdx handlepeer() exploit (cve-2009-3711) 
git-svn-id: file:///home/svn/framework3/trunk@7557 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-17 22:29:20 +00:00
HD Moore 61e233df91 Keywords on all modules, plugins, and scripts 
git-svn-id: file:///home/svn/framework3/trunk@7550 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-17 00:05:19 +00:00
James Lee 10e897b94f make sure we got a response before trying to pull headers out of it. see #519 
git-svn-id: file:///home/svn/framework3/trunk@7541 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-16 19:00:16 +00:00
James Lee 9f134512c2 give up if we can't get the password hash. see #519 
git-svn-id: file:///home/svn/framework3/trunk@7539 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-16 18:51:51 +00:00
James Lee dd323e2a7b don't try to run methods on an object we just confirmed was nil 
git-svn-id: file:///home/svn/framework3/trunk@7538 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-16 18:48:34 +00:00
James Lee b4d04ab22d fix 1.9 str[idx] error; see #519 
git-svn-id: file:///home/svn/framework3/trunk@7534 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-16 18:28:34 +00:00
Joshua Drake 4edc6d942c updated awingsoft web3d bof module from trancer 
git-svn-id: file:///home/svn/framework3/trunk@7533 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-16 16:51:52 +00:00
James Lee 94729103b4 added osvdb ref and keywords 
git-svn-id: file:///home/svn/framework3/trunk@7532 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-16 16:18:51 +00:00
HD Moore bd28e044f0 Handle instances where the pipe does not exist gracefully 
git-svn-id: file:///home/svn/framework3/trunk@7531 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-16 15:20:50 +00:00
James Lee 7fb9c4a791 add coverage for cve-2009-1151 
git-svn-id: file:///home/svn/framework3/trunk@7528 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-16 08:42:32 +00:00
James Lee 53640065da license 
git-svn-id: file:///home/svn/framework3/trunk@7522 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-15 19:53:03 +00:00
Joshua Drake 04725e70cc reference updates from Steve Tornio 
git-svn-id: file:///home/svn/framework3/trunk@7521 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-15 16:03:01 +00:00
Mario Ceballos 4c23734e72 added exploit module oracle_dc_submittoexpress.rb 
git-svn-id: file:///home/svn/framework3/trunk@7520 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-15 01:01:21 +00:00
Joshua Drake 7573994152 add exploit module for another winds3d 0day 
git-svn-id: file:///home/svn/framework3/trunk@7518 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-14 22:26:08 +00:00
Joshua Drake 240a8444b0 Fixed some license problems 
git-svn-id: file:///home/svn/framework3/trunk@7515 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-14 18:09:05 +00:00
Mario Ceballos bbfc195735 added patch from Steve Tornio. 
git-svn-id: file:///home/svn/framework3/trunk@7514 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-14 13:26:27 +00:00
Joshua Drake 8d382ef487 oops -- removed CVE/BID/OSVDB references 
git-svn-id: file:///home/svn/framework3/trunk@7512 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-14 04:46:21 +00:00
Joshua Drake 74269325db added CVE/BID/OSVDB references 
git-svn-id: file:///home/svn/framework3/trunk@7511 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-14 04:42:02 +00:00
Joshua Drake f86eca488a minor fixup in email addr 
git-svn-id: file:///home/svn/framework3/trunk@7510 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-14 04:39:00 +00:00
Joshua Drake 9381abf41a swap L to V for packing 
git-svn-id: file:///home/svn/framework3/trunk@7509 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-14 04:38:03 +00:00
Joshua Drake 70cf288b99 added trancer's exploit for cve-2009-2386 
git-svn-id: file:///home/svn/framework3/trunk@7508 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-14 04:36:20 +00:00
Joshua Drake e98036bc9c oops, forgot to remove debugging cruft 
git-svn-id: file:///home/svn/framework3/trunk@7507 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-14 04:33:42 +00:00
HD Moore 8b9238e33b Cosmetic/reference cleanups. 
git-svn-id: file:///home/svn/framework3/trunk@7506 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-14 04:31:00 +00:00
Joshua Drake cc41639170 add exploit for cve-2009-2485 
git-svn-id: file:///home/svn/framework3/trunk@7505 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-14 02:37:18 +00:00
James Lee d90b932383 add a bit more entropy 
git-svn-id: file:///home/svn/framework3/trunk@7504 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-14 02:09:32 +00:00
James Lee 38c0a3bd1b 302 is not the same as 200... 
git-svn-id: file:///home/svn/framework3/trunk@7503 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-14 02:03:16 +00:00
James Lee d2451547d6 add exploit module for osCommerce file upload 
git-svn-id: file:///home/svn/framework3/trunk@7502 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-14 01:56:21 +00:00
Joshua Drake cd11c784e0 added CVE references 
git-svn-id: file:///home/svn/framework3/trunk@7499 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-13 22:54:10 +00:00
Joshua Drake da6fa072f2 add module for cve-2008-0492 
git-svn-id: file:///home/svn/framework3/trunk@7490 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-13 18:09:50 +00:00
Joshua Drake 7758ebfda4 uniquified name 
git-svn-id: file:///home/svn/framework3/trunk@7488 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-13 00:22:14 +00:00
Joshua Drake 61f2c0b195 uniqified name 
git-svn-id: file:///home/svn/framework3/trunk@7487 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-13 00:21:54 +00:00
Joshua Drake 2e4f5734ea fixed typo 
git-svn-id: file:///home/svn/framework3/trunk@7486 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-13 00:21:09 +00:00
James Lee 41604957fa fix no compatible payloads due to misplaced compat options 
git-svn-id: file:///home/svn/framework3/trunk@7483 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-12 20:36:23 +00:00
HD Moore 0d8eaa9190 Fix up a typo in the ddwrt exploit 
git-svn-id: file:///home/svn/framework3/trunk@7481 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-12 16:13:51 +00:00
Joshua Drake c9f6e32c70 optimization for extra stack data 
git-svn-id: file:///home/svn/framework3/trunk@7463 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-11 01:01:53 +00:00
Joshua Drake 92408fbed4 added patch, finder, and pub exploit refs 
git-svn-id: file:///home/svn/framework3/trunk@7457 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-10 23:52:07 +00:00
Joshua Drake 9edcda6862 updated badchars/encoder, increased bytes to end of stack, ppr had badchar in it 
git-svn-id: file:///home/svn/framework3/trunk@7456 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-10 23:36:54 +00:00
Joshua Drake e812a2317c added exploit for cve-2009-0184 
git-svn-id: file:///home/svn/framework3/trunk@7455 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-10 21:52:17 +00:00
HD Moore 6deb2fe58e windows 2000 target via anonymous submission 
git-svn-id: file:///home/svn/framework3/trunk@7454 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-10 20:03:57 +00:00
Joshua Drake 434ee654b4 minor tweaks 
git-svn-id: file:///home/svn/framework3/trunk@7429 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-09 19:31:11 +00:00
Joshua Drake 55c32f8bb1 miscellanous cleanups and minimized 
git-svn-id: file:///home/svn/framework3/trunk@7421 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-09 05:55:50 +00:00
Joshua Drake 0e2c8f4894 StackAdjustment or Prepend, not both :) 
git-svn-id: file:///home/svn/framework3/trunk@7418 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-09 04:31:02 +00:00
Joshua Drake b07d997787 initial commit, randomization to come 
git-svn-id: file:///home/svn/framework3/trunk@7417 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-09 04:27:30 +00:00
et 5a460d451c Ugly mixin 
git-svn-id: file:///home/svn/framework3/trunk@7401 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-07 22:17:42 +00:00
et 7b832b9d3e Wmap checking for vulnerabilities and launching exploits 
git-svn-id: file:///home/svn/framework3/trunk@7399 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-07 21:55:33 +00:00
Mario Ceballos 95694ddd97 updated module targets from Brett Gervasoni. 
git-svn-id: file:///home/svn/framework3/trunk@7398 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-07 13:18:03 +00:00
HD Moore 1d5f1e5f69 Fixes #472. This module still needs alot of work, but this solves this particular bug. Caused by unsetting the variable 
git-svn-id: file:///home/svn/framework3/trunk@7396 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-06 21:16:56 +00:00
Mario Ceballos c3dd1698fc added exploit module hp_power_manager_login.rb 
git-svn-id: file:///home/svn/framework3/trunk@7371 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-06 01:31:17 +00:00
Mario Ceballos 0c12d36cad added patch from Steve Tornio. 
git-svn-id: file:///home/svn/framework3/trunk@7365 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-05 12:09:58 +00:00
Mario Ceballos 3da8b7b7f6 added exploit module safenet_softremote_groupname.rb 
git-svn-id: file:///home/svn/framework3/trunk@7358 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-04 23:10:50 +00:00
James Lee 70b2d06c86 speed up content creation, string concat sucks 
git-svn-id: file:///home/svn/framework3/trunk@7356 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-04 19:06:01 +00:00
James Lee c675cfb1cf Fix 1.9.1 issues, make the vbs smaller (down to about 4MB from almost 10) 
git-svn-id: file:///home/svn/framework3/trunk@7355 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-04 18:55:32 +00:00
James Lee 68564f9d5e modules should not handle exceptions like this. if you're just going to print a backtrace, let the dispatcher deal with it so we can get logs 
git-svn-id: file:///home/svn/framework3/trunk@7353 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-04 17:04:01 +00:00
HD Moore 9e654c51f2 Revive 
git-svn-id: file:///home/svn/framework3/trunk@7348 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-04 04:04:39 +00:00
HD Moore 4b53b1d378 Purge 
git-svn-id: file:///home/svn/framework3/trunk@7347 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-04 04:04:17 +00:00
HD Moore 98d9d66905 Replaced with encoded shiny bits 
git-svn-id: file:///home/svn/framework3/trunk@7346 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-04 03:56:12 +00:00
HD Moore 0a52c98e03 Purging this module due to lame AV sigs, re-adding in a sillier form 
git-svn-id: file:///home/svn/framework3/trunk@7345 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-04 03:50:31 +00:00
HD Moore 84ebdfa7eb Move the mercantec check to the exploit code from autofilter 
git-svn-id: file:///home/svn/framework3/trunk@7333 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-03 17:02:03 +00:00
Mario Ceballos aef3817db9 added patch from steve tornio. 
git-svn-id: file:///home/svn/framework3/trunk@7331 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-03 12:02:54 +00:00
Mario Ceballos b62dc9705e remove some debugging. 
git-svn-id: file:///home/svn/framework3/trunk@7329 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-02 21:21:50 +00:00
Mario Ceballos 73bd4f7de2 added exploit module symantec_consoleutilities_browseandsavefile.rb from Nikolas Sotiriu. 
git-svn-id: file:///home/svn/framework3/trunk@7328 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-02 21:02:45 +00:00
HD Moore ac14e84eb6 See #434. Fixes up the last of the modules using the wrong Timeout exception class 
git-svn-id: file:///home/svn/framework3/trunk@7326 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-02 18:22:50 +00:00
HD Moore c0758f7bc6 Do not randomize the PDF version (breaks Acrobat 9x) 
git-svn-id: file:///home/svn/framework3/trunk@7318 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-02 14:41:59 +00:00
HD Moore 4f3128c061 Stop randomizing the module version, it breaks Acrobat 9 
git-svn-id: file:///home/svn/framework3/trunk@7303 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-29 04:09:07 +00:00
et 20be000d47 Wmap able to load exploits and check for vulnerabilities. Next step exploit if vulnerable 
git-svn-id: file:///home/svn/framework3/trunk@7302 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-29 03:16:27 +00:00
HD Moore a41b1db7de Autofilter based on existence of the softcart cgi 
git-svn-id: file:///home/svn/framework3/trunk@7297 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-28 18:02:37 +00:00
HD Moore aa09862813 Fixes #401. Ends up Windows NT doesn't like DCERPC requests to be partially written by SMB writes, this patches the min write size to be at least as big as the DCERPC request. The DCERPC::max_frag_size parameter can still be used for more evasion. 
[*] Started reverse handler
[*] Detected a Windows NT 4.0 target
[*] Adjusting the SMB/DCERPC parameters for Windows NT
[*] Binding to 4b324fc8-1670-01d3-1278-5a47bf6ee188:3.0@ncacn_np:192.168.0.128[\BROWSER] ...
[*] Bound to 4b324fc8-1670-01d3-1278-5a47bf6ee188:3.0@ncacn_np:192.168.0.128[\BROWSER] ...
[*] Building the stub data...
[*] Calling the vulnerable function...
[*] Sending stage (719360 bytes)
[*] Meterpreter session 1 opened (192.168.0.136:4444 -> 192.168.0.128:1485)

meterpreter > sysinfo
Computer: VMNT4
OS      : Windows NT 4.0 (Build 1381, Service Pack 6).
Arch    : x86
Language: en_US



git-svn-id: file:///home/svn/framework3/trunk@7296 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-28 16:37:18 +00:00
HD Moore bffb98ba9f Add XP SP3 target for WarFTPD. 
git-svn-id: file:///home/svn/framework3/trunk@7295 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-28 10:29:41 +00:00
HD Moore 5eed9deb2d Adds the joomla TinyMCE file upload exploit from spinbad. 
git-svn-id: file:///home/svn/framework3/trunk@7283 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-26 20:00:39 +00:00
Mario Ceballos 131adc4c3a fixed cve reference number. 
git-svn-id: file:///home/svn/framework3/trunk@7260 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-25 21:19:27 +00:00
HD Moore e3f68f2639 Another large number of warnings fixed by Yoann Guillot 
git-svn-id: file:///home/svn/framework3/trunk@7248 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-25 17:18:23 +00:00
HD Moore b38a74c961 Another mega-patch from Yoann Guillot: fixes warnings generated by method calls with a space betwee the method and the parans, corrects a problem with the alpha encoders that causes them to overwrite the allowed charset, hardcodes the metasm output size of some modules in order to reduce load time, more to come 
git-svn-id: file:///home/svn/framework3/trunk@7246 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-25 16:40:19 +00:00
HD Moore a0fbc2914f Remove the milw0rm references, as the links are no longer valid. 
git-svn-id: file:///home/svn/framework3/trunk@7237 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-24 18:13:07 +00:00
HD Moore b53a596ff0 Merge in David Kennedy's new MSSQL changes (centralized SQL query mixin) 
git-svn-id: file:///home/svn/framework3/trunk@7236 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-23 19:15:32 +00:00
HD Moore 255379c2d0 Fixes #378. Still need to reorganize the modules and fix the lorcon2 mixin for 1.9.1 
git-svn-id: file:///home/svn/framework3/trunk@7235 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-23 15:59:13 +00:00
kris 5c9b823c8b output typos, etc 
git-svn-id: file:///home/svn/framework3/trunk@7212 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-20 17:49:10 +00:00
Mario Ceballos 2b85ceb4c1 added exploit modules base_qry_common.rb and mambo_cache_lite.rb 
git-svn-id: file:///home/svn/framework3/trunk@7210 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-20 15:01:10 +00:00
Mario Ceballos bac233108f added exploit modules ms_visual_studio_msmask.rb and ms_visual_basic_vbp.rb 
git-svn-id: file:///home/svn/framework3/trunk@7208 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-19 12:58:03 +00:00
HD Moore df414a4904 Add the 'sa' with blank password CVE and vulnerability references, since the default configuratino of the MSSQL mixin exploits just that. 
git-svn-id: file:///home/svn/framework3/trunk@7201 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-18 22:05:19 +00:00
HD Moore 45280f85a5 Fix a looping issue with the new lyris module 
git-svn-id: file:///home/svn/framework3/trunk@7199 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-18 21:51:45 +00:00
HD Moore 36fee594ba Adds coverage for the old Lyris ListManager predictable sa password flaw 
git-svn-id: file:///home/svn/framework3/trunk@7198 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-18 21:46:29 +00:00
HD Moore 4ac27c9803 Consolidate common APIs into the mixin 
git-svn-id: file:///home/svn/framework3/trunk@7195 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-18 20:58:01 +00:00
HD Moore 5ea99ac421 Remove from the db_autopwn set for now 
git-svn-id: file:///home/svn/framework3/trunk@7183 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-18 09:31:17 +00:00
HD Moore d3aa513773 Fixes #339. Cleans up author names for the most part - there are still some stragglers, but this should fix up the frequent contributors 
git-svn-id: file:///home/svn/framework3/trunk@7173 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-17 05:55:15 +00:00
Mario Ceballos 378b7f29d5 added exploit modules talkative_response.rb, blazedvd_plf.rb, vuplayer_cue.rb and vuplayer_m3u.rb 
git-svn-id: file:///home/svn/framework3/trunk@7170 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-16 17:02:44 +00:00
Mario Ceballos 37fa36ed12 fix a typo. 
git-svn-id: file:///home/svn/framework3/trunk@7169 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-16 16:51:16 +00:00
Mario Ceballos 7e1c769eef added exploit modules poppeeper_uidl.rb and poppeeper_date.rb 
git-svn-id: file:///home/svn/framework3/trunk@7168 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-15 18:04:58 +00:00
Mario Ceballos 62dc4c74d7 added activepdf_webgrabber.rb, etrust_pestscan.rb, ea_checkrequirements.rb and mcafee_hercules_deletesnapshot.rb exploit modules. 
git-svn-id: file:///home/svn/framework3/trunk@7167 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-15 15:22:16 +00:00
HD Moore c4bfae59aa Minor cleanups 
git-svn-id: file:///home/svn/framework3/trunk@7163 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-15 01:44:00 +00:00
HD Moore 59676df4db Adds ReL1K's mssql_payload module 
git-svn-id: file:///home/svn/framework3/trunk@7162 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-14 21:11:28 +00:00
Mario Ceballos aae4ac74c1 more adjusting of the cve entries. 
git-svn-id: file:///home/svn/framework3/trunk@7157 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-14 12:56:13 +00:00
Mario Ceballos 8e365c17fa fixed the cve entrys. 
git-svn-id: file:///home/svn/framework3/trunk@7156 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-14 11:45:14 +00:00
Mario Ceballos aee16a85ab fixed the cve entry. 
git-svn-id: file:///home/svn/framework3/trunk@7155 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-14 11:28:50 +00:00
Mario Ceballos 63ad9ebf27 added exploit module aol_icq_downloadagent.rb 
git-svn-id: file:///home/svn/framework3/trunk@7153 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-13 17:04:05 +00:00
HD Moore 5d9f3323e8 Last two reference updates from Steve Tornio 
git-svn-id: file:///home/svn/framework3/trunk@7150 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-12 14:42:51 +00:00
HD Moore 26db223636 OSVDB reference update from Steve Tornio 
git-svn-id: file:///home/svn/framework3/trunk@7149 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-12 14:39:51 +00:00
Mario Ceballos a8ccd1fe98 updated references with bid/cve. 
git-svn-id: file:///home/svn/framework3/trunk@7148 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-12 12:39:15 +00:00
Mario Ceballos 5b6f16a0f9 added exploit modules athocgov_completeinstallation.rb and symantec_iao.rb 
git-svn-id: file:///home/svn/framework3/trunk@7147 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-12 12:31:52 +00:00
Mario Ceballos 1cadfa4ea7 added exploit module amaya_bdo.rb from dookie. 
git-svn-id: file:///home/svn/framework3/trunk@7136 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-10 21:51:25 +00:00
kris f21e3c8754 svn:keywords run 
git-svn-id: file:///home/svn/framework3/trunk@7128 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-04 23:38:06 +00:00
Mario Ceballos 65e57f209a added exploit modules xlink_nfsd.rb, xlink_client.rb and xlink_server.rb 
git-svn-id: file:///home/svn/framework3/trunk@7123 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-03 23:05:44 +00:00
HD Moore e23925ed27 Updated the path check to use the Rex method designed for this. Eventually we need to switch this to use zip/filesystem (under lib/) 
git-svn-id: file:///home/svn/framework3/trunk@7104 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-01 13:28:38 +00:00
James Lee 6b8dcdced4 add a dependency check for the existence of the zip command. Thanks Donna Hawthorne for the bug report. 
git-svn-id: file:///home/svn/framework3/trunk@7102 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-01 05:46:34 +00:00
Mario Ceballos 3dd0e972e0 added exploit module emc_appextender_keyworks.rb 
git-svn-id: file:///home/svn/framework3/trunk@7101 4d416f70-5f16-0410-b530-b9f4589650da
 2009-10-01 02:13:16 +00:00
HD Moore 07efe98f6d Whitespace and svn properties set 
git-svn-id: file:///home/svn/framework3/trunk@7087 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-28 10:54:07 +00:00
Stephen Fewer 360cdaab2e rename the smb2 module to something more specific. 
git-svn-id: file:///home/svn/framework3/trunk@7086 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-28 10:23:28 +00:00
Stephen Fewer 50bd91688c Add coverage for the SMBv2 vuln. 
git-svn-id: file:///home/svn/framework3/trunk@7085 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-28 08:12:30 +00:00
Mario Ceballos 9509872b4f fixed disclosure date and removed cmd residue. 
git-svn-id: file:///home/svn/framework3/trunk@7079 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-28 00:24:18 +00:00
HD Moore a478c11df0 See #339 
git-svn-id: file:///home/svn/framework3/trunk@7077 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-27 21:33:07 +00:00
HD Moore 5972666f63 See #339. Massive cleanup of author names, make them consistent across modules 
git-svn-id: file:///home/svn/framework3/trunk@7075 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-27 21:30:45 +00:00
Stephen Fewer 53b0709a64 commit MC's patch to remove the unused 'req' string. 
git-svn-id: file:///home/svn/framework3/trunk@7074 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-27 19:07:43 +00:00
Stephen Fewer c9efd2428c add MC's module for the Adobe RoboHelp server vuln. 
git-svn-id: file:///home/svn/framework3/trunk@7072 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-27 18:38:48 +00:00
HD Moore af1ed06c1c Fixes #335. Merges change that fixes adobe_pdf_embedded_exe when HOMEPATH != C:\ 
git-svn-id: file:///home/svn/framework3/trunk@7069 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-27 15:02:59 +00:00
Mario Ceballos e715789e7c fix the option description. 
git-svn-id: file:///home/svn/framework3/trunk@7065 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-26 12:01:51 +00:00
Mario Ceballos c4594f396f added auxiliary module timbuktu_udp.rb and exploit module timbuktu_fileupload.rb 
git-svn-id: file:///home/svn/framework3/trunk@7062 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-26 00:04:00 +00:00
HD Moore 7d122ceb02 Fixes #269. Specifically wrap EOFError 
git-svn-id: file:///home/svn/framework3/trunk@7045 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-20 19:49:03 +00:00
Patrick Webster b0c9e8b8e5 Added BigAnt 2.5 exploit module from Dr_IDE. 
git-svn-id: file:///home/svn/framework3/trunk@7039 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-17 17:04:47 +00:00
James Lee 9ace8f33eb OSVDB references from Steve Tornio 
git-svn-id: file:///home/svn/framework3/trunk@7030 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-12 04:22:58 +00:00
James Lee 85a4f1b9db add a simple check for the generic php exploits 
git-svn-id: file:///home/svn/framework3/trunk@7025 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-10 05:24:03 +00:00
Mario Ceballos 13f5e1c2e5 added exploit module symantec_altirisdeployment_downloadandinstall.rb 
git-svn-id: file:///home/svn/framework3/trunk@7023 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-09 22:30:01 +00:00
HD Moore 71d644e72e Fix the Payload->Space to match the new max size limit for the EXE generator. Thanks for catching it MC 
git-svn-id: file:///home/svn/framework3/trunk@7022 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-09 21:23:11 +00:00
Patrick Webster 086d5daaba Try again :) 
git-svn-id: file:///home/svn/framework3/trunk@7020 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-09 15:20:10 +00:00
Patrick Webster d1268286f0 Renamed to correct spelling based on the SAP service. 
git-svn-id: file:///home/svn/framework3/trunk@7019 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-09 15:01:25 +00:00
Patrick Webster 63702412b0 Added exploit module sap_2005_licence from Jacopo Cervini. 
git-svn-id: file:///home/svn/framework3/trunk@7018 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-09 14:59:34 +00:00
HD Moore eeefc4dd27 Fix a typo 
git-svn-id: file:///home/svn/framework3/trunk@7015 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-09 02:06:46 +00:00
HD Moore 56b2ab3f63 Fix the Space and mistyped StackAdjustment in the metaphish merge 
git-svn-id: file:///home/svn/framework3/trunk@7014 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-09 00:55:13 +00:00
Mario Ceballos c1aa1b5f22 updated targets list 
git-svn-id: file:///home/svn/framework3/trunk@7006 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-05 14:54:22 +00:00
Mario Ceballos cf0f690e4d added exploit module safenet_ike_11.rb 
git-svn-id: file:///home/svn/framework3/trunk@6996 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-02 22:04:35 +00:00
Stephen Fewer 1184f01742 Added Aki Immonen's target for Windows 2000 SP3, thanks Aki! 
git-svn-id: file:///home/svn/framework3/trunk@6995 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-02 21:24:34 +00:00
HD Moore 41ab69c600 Updated return address from Stephen Fewer, should work for a wider range now 
git-svn-id: file:///home/svn/framework3/trunk@6994 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-01 17:34:47 +00:00
HD Moore 251810685f Fix the target patch 
git-svn-id: file:///home/svn/framework3/trunk@6993 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-01 17:22:43 +00:00
HD Moore ca22f6fa98 Updated patch and return address for better compatibility with more targets 
git-svn-id: file:///home/svn/framework3/trunk@6992 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-01 16:38:52 +00:00
HD Moore 660ae9444b Adds coverage for Kingcope's new IIS FTP exploit, this is a direct port with minimal changes 
git-svn-id: file:///home/svn/framework3/trunk@6991 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-01 15:01:57 +00:00
Patrick Webster ff317936db Added alcatel_omnipcx_mastercgi command execution module. 
git-svn-id: file:///home/svn/framework3/trunk@6990 4d416f70-5f16-0410-b530-b9f4589650da
 2009-09-01 03:43:16 +00:00
Patrick Webster 161406e0a9 Added exploit fileformat module Altap Salamander PDB. 
git-svn-id: file:///home/svn/framework3/trunk@6988 4d416f70-5f16-0410-b530-b9f4589650da
 2009-08-30 02:18:33 +00:00
Mario Ceballos 18ebd8f308 added exploit module ca_cab.rb 
git-svn-id: file:///home/svn/framework3/trunk@6983 4d416f70-5f16-0410-b530-b9f4589650da
 2009-08-27 23:26:31 +00:00
HD Moore ab6f955873 Remove the extra \ from the c:\ path to the cmd interpreter 
git-svn-id: file:///home/svn/framework3/trunk@6981 4d416f70-5f16-0410-b530-b9f4589650da
 2009-08-27 19:51:36 +00:00
HD Moore 882ae5b9dd Adds His0k4's ProFTP 2.9 FTP Client server banner overflow module 
git-svn-id: file:///home/svn/framework3/trunk@6975 4d416f70-5f16-0410-b530-b9f4589650da
 2009-08-25 16:18:53 +00:00
Mario Ceballos b39742446a patch added for the payload selection. thanks rmkml. 
git-svn-id: file:///home/svn/framework3/trunk@6971 4d416f70-5f16-0410-b530-b9f4589650da
 2009-08-23 12:40:23 +00:00
HD Moore fd0f4ef65b Exploit from Kevin F. for CVE-2009-0695, a remote cmd execution flaw in the Wyse thin client platform. 
git-svn-id: file:///home/svn/framework3/trunk@6968 4d416f70-5f16-0410-b530-b9f4589650da
 2009-08-19 18:06:03 +00:00
HD Moore 474ba8860f Merges in Colin's PDF infection code from Black Hat / Defcon 
git-svn-id: file:///home/svn/framework3/trunk@6966 4d416f70-5f16-0410-b530-b9f4589650da
 2009-08-19 14:44:43 +00:00
James Lee e16647db74 make sure we're running on opera so we don't 404 on a suspicous-looking url if it isn't 
git-svn-id: file:///home/svn/framework3/trunk@6963 4d416f70-5f16-0410-b530-b9f4589650da
 2009-08-18 05:10:11 +00:00
James Lee bd2da7c12a revert overzealous commit 
git-svn-id: file:///home/svn/framework3/trunk@6961 4d416f70-5f16-0410-b530-b9f4589650da
 2009-08-18 04:53:35 +00:00
James Lee 08d50e0a5b fix a bug in colorization where %c gets replaced before %cya; wouldn't have been a problem until colorization gets put back in 
git-svn-id: file:///home/svn/framework3/trunk@6960 4d416f70-5f16-0410-b530-b9f4589650da
 2009-08-18 04:49:16 +00:00
HD Moore 7d866442f0 Skip encoding when there are no badchars -- temporary solution until the encoders also look at the Compat -> RequiredCmds field. 
git-svn-id: file:///home/svn/framework3/trunk@6957 4d416f70-5f16-0410-b530-b9f4589650da
 2009-08-17 17:42:39 +00:00
druid 20102275ce Updated references 
git-svn-id: file:///home/svn/framework3/trunk@6956 4d416f70-5f16-0410-b530-b9f4589650da
 2009-08-13 22:35:42 +00:00
druid 0a29ce88c0 Added MSB reference 
git-svn-id: file:///home/svn/framework3/trunk@6955 4d416f70-5f16-0410-b530-b9f4589650da
 2009-08-13 19:25:02 +00:00
HD Moore 7fb18d6e11 Add coverage for the new nagios3 cmd execution bug 
git-svn-id: file:///home/svn/framework3/trunk@6936 4d416f70-5f16-0410-b530-b9f4589650da
 2009-08-04 19:27:50 +00:00
Patrick Webster 91faadd782 Added juniper_sslvpn_ive_setupdll ActiveX exploit module. 
git-svn-id: file:///home/svn/framework3/trunk@6921 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-30 15:47:23 +00:00
James Lee c29af0197a make opera_historysearch work in an iframe and speed it up so it is less likely to tip off a user 
git-svn-id: file:///home/svn/framework3/trunk@6915 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-28 11:08:50 +00:00
James Lee 0b9412536c untested autopwn support for safari_metadata_archive just to have a safari vuln in the mix 
git-svn-id: file:///home/svn/framework3/trunk@6913 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-28 06:38:01 +00:00
HD Moore 876a80f601 Updated osvdb references from Steve Tornio, updated capture/eth_spoof modules 
git-svn-id: file:///home/svn/framework3/trunk@6907 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-27 14:05:23 +00:00
HD Moore ad68502ef6 Add credit to the milw0rm exploit author 
git-svn-id: file:///home/svn/framework3/trunk@6886 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-23 11:51:24 +00:00
HD Moore ed024f82aa Remove the extraneous \r\n (thanks Shuyao!) 
git-svn-id: file:///home/svn/framework3/trunk@6884 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-23 11:45:32 +00:00
James Lee e805bbc3aa remove stupid debug alert 
git-svn-id: file:///home/svn/framework3/trunk@6882 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-23 08:58:51 +00:00
kris 7262621d35 switch 'Version' Rev to Revision since msf doesn't handle it correctly 
git-svn-id: file:///home/svn/framework3/trunk@6877 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-23 03:06:01 +00:00
kris d3e65b3363 svn:keywords run 
git-svn-id: file:///home/svn/framework3/trunk@6876 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-23 02:55:51 +00:00
James Lee 739207bf4a merge browser_autopwn back into trunk. This changes the database schema slightly, so make sure to db_destroy and db_create before using the database features. 
git-svn-id: file:///home/svn/framework3/trunk@6873 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-22 20:14:35 +00:00
James Lee 750a432fd0 fix calls to new to_win32pe with correct number of arguments 
git-svn-id: file:///home/svn/framework3/trunk@6872 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-22 19:23:21 +00:00
HD Moore 4c4a8a764c Let the XP SP0/SP1 and 2000 targets automatically run 
git-svn-id: file:///home/svn/framework3/trunk@6865 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-22 12:59:08 +00:00
HD Moore e70ac6cc19 Added a new set of match flags for cmd injection exploits (RequiredCmds). This reduces the number of 'bad' payloads listed for explot modules. A good example is disabling the netcat -e payloads for old Solaris exploits 
git-svn-id: file:///home/svn/framework3/trunk@6854 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-21 15:20:35 +00:00
HD Moore 47ebd62092 Adds coverage for the DD-WRT web interface command execution flaw, adds two netcat -e payloads to work with it 
git-svn-id: file:///home/svn/framework3/trunk@6852 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-21 12:56:42 +00:00
Mario Ceballos 4691f2b0e5 added exploit module netidentity_xtierrpcpipe.rb 
git-svn-id: file:///home/svn/framework3/trunk@6850 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-21 01:04:48 +00:00
James Lee 529ded22ae reverting last commit; somebody didn't cross their fingers 
git-svn-id: file:///home/svn/framework3/trunk@6847 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-19 20:48:47 +00:00
James Lee c3dc1ecb55 reintegrate browser_autopwn into trunk; cross your fingers and hope this works 
git-svn-id: file:///home/svn/framework3/trunk@6846 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-19 17:27:36 +00:00
HD Moore 309acbaa22 Remove extraneous comma 
git-svn-id: file:///home/svn/framework3/trunk@6833 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-18 00:27:15 +00:00
HD Moore 282bcb4fae Updated with osvdb and bid references. 
git-svn-id: file:///home/svn/framework3/trunk@6832 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-18 00:15:48 +00:00
HD Moore 2d319e9b5b Updated to work better on OS X and avoid 'script is taking too long' errors on all platforms 
git-svn-id: file:///home/svn/framework3/trunk@6830 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-17 23:57:59 +00:00
HD Moore 99bc63b11d Adds support for Mac OS X intel (use the vforkshell payloads) 
git-svn-id: file:///home/svn/framework3/trunk@6828 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-17 21:28:59 +00:00
HD Moore f8c2a203fd OSVDB references updates from Steve Tornio 
git-svn-id: file:///home/svn/framework3/trunk@6812 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-16 16:02:24 +00:00
Patrick Webster f151ecc0ca Added mirc_privmsg_server exploit module. 
git-svn-id: file:///home/svn/framework3/trunk@6806 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-15 11:44:55 +00:00
Mario Ceballos 6005ac7c3f added exploit module tns_service_name.rb. updated ora_ntlm_stealer.rb to use the new mixin. 
git-svn-id: file:///home/svn/framework3/trunk@6804 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-15 03:50:45 +00:00
HD Moore 6624dbd5ff Adds coverage for SBerry's Firefox 3.5 exploit (win32 only atm). 
git-svn-id: file:///home/svn/framework3/trunk@6803 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-14 21:59:35 +00:00
HD Moore b018df89da Some minor tweaks, looks like this module doesnt play nice with the new JS encrypter 
git-svn-id: file:///home/svn/framework3/trunk@6799 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-14 11:59:33 +00:00
HD Moore b2a0f8adf5 Comment out references for now 
git-svn-id: file:///home/svn/framework3/trunk@6795 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-14 02:42:52 +00:00
HD Moore 298ba64734 Fix the references section 
git-svn-id: file:///home/svn/framework3/trunk@6794 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-14 00:25:26 +00:00
HD Moore 306841cc69 Adds coverage for the new OWC ActiveX control exploit 
git-svn-id: file:///home/svn/framework3/trunk@6792 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-13 23:39:42 +00:00
James Lee d84c87fa36 updated version info and disclosure date for opera_historysearch 
git-svn-id: file:///home/svn/framework3/trunk@6788 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-13 23:12:25 +00:00
HD Moore 5fb316b383 Integrates L4teral's JS encoder/encrypter 
git-svn-id: file:///home/svn/framework3/trunk@6784 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-13 22:17:11 +00:00
James Lee 3e072dd66e add Opera historysearch module; works on linux, windows will come later 
git-svn-id: file:///home/svn/framework3/trunk@6777 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-13 07:48:12 +00:00
Mario Ceballos 055c58b82e rename module to make room for new one. 
git-svn-id: file:///home/svn/framework3/trunk@6775 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-13 03:50:18 +00:00
druid c846f02c79 Final commit of working CLSIDs 
git-svn-id: file:///home/svn/framework3/trunk@6755 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-08 22:15:59 +00:00
druid 7a7b2df5a5 Updated list of working ClassIDs 
git-svn-id: file:///home/svn/framework3/trunk@6754 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-08 21:34:13 +00:00
druid b9e7e0b902 Removed some CLSIDs that didn't work 
git-svn-id: file:///home/svn/framework3/trunk@6753 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-08 21:25:23 +00:00
druid 02f7d6b586 Exploit now uses a random ClassID from the list provided by the Microsoft Advisory rather than a static one (also configurable via an advanced option). 
git-svn-id: file:///home/svn/framework3/trunk@6751 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-08 19:47:44 +00:00
HD Moore a54b9a06ef Exploit module for the new MS Video ActiveX flaw from Trancer. See more at http://www.rec-sec.com/2009/07/06/ms-directshow-msvidctl-exploit/ 
git-svn-id: file:///home/svn/framework3/trunk@6750 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-07 11:11:46 +00:00
Patrick Webster a4e0c88a1b Added MDaemon WorldClient Form2Raw.cgi exploit module. 
git-svn-id: file:///home/svn/framework3/trunk@6736 4d416f70-5f16-0410-b530-b9f4589650da
 2009-07-03 01:26:21 +00:00
druid 1df854bee7 Removed unused options, added success message. 
git-svn-id: file:///home/svn/framework3/trunk@6730 4d416f70-5f16-0410-b530-b9f4589650da
 2009-06-30 14:09:19 +00:00
druid e03428dd8f Disabled debugging output 
git-svn-id: file:///home/svn/framework3/trunk@6727 4d416f70-5f16-0410-b530-b9f4589650da
 2009-06-30 01:52:48 +00:00
druid bb0408e570 Exploit for /bin/login over dialup 
git-svn-id: file:///home/svn/framework3/trunk@6725 4d416f70-5f16-0410-b530-b9f4589650da
 2009-06-29 14:13:41 +00:00
Mario Ceballos f90d4123ab added exploit module bopup_comm.rb 
git-svn-id: file:///home/svn/framework3/trunk@6721 4d416f70-5f16-0410-b530-b9f4589650da
 2009-06-27 14:31:29 +00:00
Ramon de C Valle c2362ec409 All your POWER are belong to us. 
git-svn-id: file:///home/svn/framework3/trunk@6698 4d416f70-5f16-0410-b530-b9f4589650da
 2009-06-23 03:49:25 +00:00
HD Moore d0fe4e8610 Remove overzealous change for 1.9.1 compat 
git-svn-id: file:///home/svn/framework3/trunk@6697 4d416f70-5f16-0410-b530-b9f4589650da
 2009-06-22 13:22:50 +00:00
HD Moore 66a6bfe9c0 Make the PDF modules 1.9.1 compatible 
git-svn-id: file:///home/svn/framework3/trunk@6696 4d416f70-5f16-0410-b530-b9f4589650da
 2009-06-22 13:21:08 +00:00
HD Moore 2ec7693d94 Fix up the modules to pass in the framework object into the new API call 
git-svn-id: file:///home/svn/framework3/trunk@6687 4d416f70-5f16-0410-b530-b9f4589650da
 2009-06-20 18:18:04 +00:00
HD Moore 2283e0ffe4 Update executable template and API 
git-svn-id: file:///home/svn/framework3/trunk@6682 4d416f70-5f16-0410-b530-b9f4589650da
 2009-06-20 17:42:17 +00:00
James Lee bc037bbbac make php findsock work again for php_eval and php_include 
git-svn-id: file:///home/svn/framework3/trunk@6678 4d416f70-5f16-0410-b530-b9f4589650da
 2009-06-20 05:50:52 +00:00
HD Moore 3a9e42ceb8 Green dam exploit from Trancer 
git-svn-id: file:///home/svn/framework3/trunk@6671 4d416f70-5f16-0410-b530-b9f4589650da
 2009-06-18 01:54:15 +00:00
HD Moore 67b307557d fix eol-style settings 
git-svn-id: file:///home/svn/framework3/trunk@6668 4d416f70-5f16-0410-b530-b9f4589650da
 2009-06-17 20:54:52 +00:00
HD Moore 5fb2b95190 Patch to simplify the fileformat options from antoine 
git-svn-id: file:///home/svn/framework3/trunk@6666 4d416f70-5f16-0410-b530-b9f4589650da
 2009-06-17 20:34:28 +00:00
HD Moore b8efb1bbf9 Add Stephen Fewer's shiny exploit for the Java deserialization flaw 
git-svn-id: file:///home/svn/framework3/trunk@6664 4d416f70-5f16-0410-b530-b9f4589650da
 2009-06-16 17:19:44 +00:00
HD Moore 697f0946e1 Reference correction 
git-svn-id: file:///home/svn/framework3/trunk@6637 4d416f70-5f16-0410-b530-b9f4589650da
 2009-06-11 23:23:58 +00:00
HD Moore a5f567e76e Massive OSVDB reference update from Steve Tornio. 
git-svn-id: file:///home/svn/framework3/trunk@6629 4d416f70-5f16-0410-b530-b9f4589650da
 2009-06-07 20:20:42 +00:00
HD Moore b7cac075e0 Adds the itunes overflow from Will Drewry: http://redpig.dataspill.org/2009/05/drive-by-attack-for-itunes-811.html 
git-svn-id: file:///home/svn/framework3/trunk@6627 4d416f70-5f16-0410-b530-b9f4589650da
 2009-06-05 02:30:24 +00:00
Mario Ceballos fe463072d6 added exploit module ibmegath_getxmlvalue.rb 
git-svn-id: file:///home/svn/framework3/trunk@6609 4d416f70-5f16-0410-b530-b9f4589650da
 2009-06-01 11:19:06 +00:00
HD Moore f17ee863bc Three new unpatched exploits from trancer: http://www.rec-sec.com 
git-svn-id: file:///home/svn/framework3/trunk@6578 4d416f70-5f16-0410-b530-b9f4589650da
 2009-05-24 15:06:12 +00:00
HD Moore 92d242cc2f osvdb references from Steve Tornio 
git-svn-id: file:///home/svn/framework3/trunk@6568 4d416f70-5f16-0410-b530-b9f4589650da
 2009-05-19 13:20:32 +00:00
James Lee 6c8a93035f make the new random header stuff work with magic_quotes 
git-svn-id: file:///home/svn/framework3/trunk@6559 4d416f70-5f16-0410-b530-b9f4589650da
 2009-05-17 00:35:56 +00:00
James Lee 685535c61d add php compatibility to multi/handler 
git-svn-id: file:///home/svn/framework3/trunk@6558 4d416f70-5f16-0410-b530-b9f4589650da
 2009-05-17 00:26:17 +00:00
HD Moore 1eddbbf332 More references from Steve Tornio 
git-svn-id: file:///home/svn/framework3/trunk@6551 4d416f70-5f16-0410-b530-b9f4589650da
 2009-05-14 19:56:07 +00:00
HD Moore 9d8581a17e More osvdb references from Steve Tornio 
git-svn-id: file:///home/svn/framework3/trunk@6550 4d416f70-5f16-0410-b530-b9f4589650da
 2009-05-13 17:39:42 +00:00
Mario Ceballos 6e84b4ea7f missed a , which borked stuff. 
git-svn-id: file:///home/svn/framework3/trunk@6549 4d416f70-5f16-0410-b530-b9f4589650da
 2009-05-12 21:42:33 +00:00
HD Moore 0981295879 More osvdb references from Steve Tornio 
git-svn-id: file:///home/svn/framework3/trunk@6547 4d416f70-5f16-0410-b530-b9f4589650da
 2009-05-12 19:56:54 +00:00
HD Moore 0ab728c6a5 Added OSVDB references from Steve Tornio 
git-svn-id: file:///home/svn/framework3/trunk@6546 4d416f70-5f16-0410-b530-b9f4589650da
 2009-05-12 19:03:25 +00:00
Patrick Webster 4bafe57fe3 Added cain_abel_4918_rdp.rb from Trancek. 
git-svn-id: file:///home/svn/framework3/trunk@6521 4d416f70-5f16-0410-b530-b9f4589650da
 2009-05-03 13:29:42 +00:00
Patrick Webster de43887fdd Added destinymediaplayer16.rb from Trancek. 
git-svn-id: file:///home/svn/framework3/trunk@6520 4d416f70-5f16-0410-b530-b9f4589650da
 2009-05-03 12:12:08 +00:00
Patrick Webster d78b615190 Added racer_503beta5.rb from Trancek. 
git-svn-id: file:///home/svn/framework3/trunk@6519 4d416f70-5f16-0410-b530-b9f4589650da
 2009-05-03 11:10:37 +00:00
Patrick Webster a99354abce Added zinfaudioplayer221_pls from Trancek. Added SEH, universal target and references. 
git-svn-id: file:///home/svn/framework3/trunk@6507 4d416f70-5f16-0410-b530-b9f4589650da
 2009-04-29 03:45:37 +00:00
James Lee b31abbc6f9 move the payload into a random X- header so it doesn't show up in access logs 
git-svn-id: file:///home/svn/framework3/trunk@6493 4d416f70-5f16-0410-b530-b9f4589650da
 2009-04-19 15:47:14 +00:00
Patrick Webster e9776552ad Added domino_http_accept_language from riaf. 
git-svn-id: file:///home/svn/framework3/trunk@6488 4d416f70-5f16-0410-b530-b9f4589650da
 2009-04-16 06:08:40 +00:00
Mario Ceballos 89d0cb3954 added exploit module mswhale_checkforupdates.rb 
git-svn-id: file:///home/svn/framework3/trunk@6486 4d416f70-5f16-0410-b530-b9f4589650da
 2009-04-15 21:38:50 +00:00
kris 37c2e301ed replacing defunct framework URL in header comments in most modules and pcap_log 
git-svn-id: file:///home/svn/framework3/trunk@6479 4d416f70-5f16-0410-b530-b9f4589650da
 2009-04-13 14:33:26 +00:00
kris cc78d9a59c turn off svn:executable in modules 
git-svn-id: file:///home/svn/framework3/trunk@6470 4d416f70-5f16-0410-b530-b9f4589650da
 2009-04-08 20:04:25 +00:00
Mario Ceballos 3c54e15590 added exploit module sapgui_saveviewtosessionfile.rb 
git-svn-id: file:///home/svn/framework3/trunk@6455 4d416f70-5f16-0410-b530-b9f4589650da
 2009-04-02 20:43:06 +00:00
natron edbaada754 Reliable write address location; bringing in line with windows/browser version 
git-svn-id: file:///home/svn/framework3/trunk@6452 4d416f70-5f16-0410-b530-b9f4589650da
 2009-03-31 16:46:50 +00:00
natron 8d7c6d6367 Browser version of jbig2decode 
git-svn-id: file:///home/svn/framework3/trunk@6451 4d416f70-5f16-0410-b530-b9f4589650da
 2009-03-31 14:58:37 +00:00
kris 9482b4080e set a few more modules' Versions to Revision, only did aux by accident last time 
git-svn-id: file:///home/svn/framework3/trunk@6439 4d416f70-5f16-0410-b530-b9f4589650da
 2009-03-30 01:09:09 +00:00
Mario Ceballos 6203b02ffc fix tab. 
git-svn-id: file:///home/svn/framework3/trunk@6412 4d416f70-5f16-0410-b530-b9f4589650da
 2009-03-28 16:27:01 +00:00
Mario Ceballos 64b12fdb61 added exploit module adobe_collectemailfinfo.rb 
git-svn-id: file:///home/svn/framework3/trunk@6411 4d416f70-5f16-0410-b530-b9f4589650da
 2009-03-28 16:14:32 +00:00
HD Moore 9d2382f5f5 Adds the PDF geticon modules from jduck 
git-svn-id: file:///home/svn/framework3/trunk@6409 4d416f70-5f16-0410-b530-b9f4589650da
 2009-03-28 07:40:29 +00:00
HD Moore eccfcdfced Sets svn keywords on modules missing it, tweaks the emailer module 
git-svn-id: file:///home/svn/framework3/trunk@6407 4d416f70-5f16-0410-b530-b9f4589650da
 2009-03-28 06:03:35 +00:00
HD Moore 86bc12940a Fix tabstops for weblogic module 
git-svn-id: file:///home/svn/framework3/trunk@6405 4d416f70-5f16-0410-b530-b9f4589650da
 2009-03-28 06:00:23 +00:00
HD Moore a5125c6c87 Update the module description 
git-svn-id: file:///home/svn/framework3/trunk@6404 4d416f70-5f16-0410-b530-b9f4589650da
 2009-03-28 05:52:40 +00:00
natron 3b704ecf46 Add support for Reader 8.1.2, increase heapspray reliability 
git-svn-id: file:///home/svn/framework3/trunk@6400 4d416f70-5f16-0410-b530-b9f4589650da
 2009-03-28 02:40:27 +00:00
pusscat 41960b0300 Add jsessionid exploit 
git-svn-id: file:///home/svn/framework3/trunk@6399 4d416f70-5f16-0410-b530-b9f4589650da
 2009-03-27 19:03:39 +00:00
natron bee2e44254 Remove debug messages, fix nops. 
git-svn-id: file:///home/svn/framework3/trunk@6398 4d416f70-5f16-0410-b530-b9f4589650da
 2009-03-27 02:34:40 +00:00
natron 989a0bf88f Backed off the heapspray, will hopefully work on low and high RAM systems now. 
git-svn-id: file:///home/svn/framework3/trunk@6397 4d416f70-5f16-0410-b530-b9f4589650da
 2009-03-27 02:32:13 +00:00
natron 8784ee930f Adobe JBIG2Decode Exploit (CVE-2009-0658) 
git-svn-id: file:///home/svn/framework3/trunk@6395 4d416f70-5f16-0410-b530-b9f4589650da
 2009-03-27 00:08:19 +00:00
HD Moore 13706d1bde Tons of new Mac OS X code from Dino Dai Zovi and Charlie Miller, more to follow 
git-svn-id: file:///home/svn/framework3/trunk@6353 4d416f70-5f16-0410-b530-b9f4589650da
 2009-03-18 23:28:24 +00:00
Mario Ceballos a036178737 added exploit module orbit_connecting.rb 
git-svn-id: file:///home/svn/framework3/trunk@6348 4d416f70-5f16-0410-b530-b9f4589650da
 2009-03-17 01:24:16 +00:00
kris 804ff61df6 big svn:keywords run 
git-svn-id: file:///home/svn/framework3/trunk@6345 4d416f70-5f16-0410-b530-b9f4589650da
 2009-03-15 18:12:33 +00:00
Mario Ceballos f7dafe0156 added exploit module belkin_bulldog.rb. 
git-svn-id: file:///home/svn/framework3/trunk@6334 4d416f70-5f16-0410-b530-b9f4589650da
 2009-03-11 22:33:51 +00:00
Patrick Webster 7209271870 Added exploit module apache_mod_rewrite_ldap. 
git-svn-id: file:///home/svn/framework3/trunk@6327 4d416f70-5f16-0410-b530-b9f4589650da
 2009-03-10 06:42:11 +00:00
Patrick Webster 46351557bc Added dogfood_spell_exec exploit module from LSO. 
git-svn-id: file:///home/svn/framework3/trunk@6282 4d416f70-5f16-0410-b530-b9f4589650da
 2009-03-03 03:32:36 +00:00
Patrick Webster 2df5dc3204 Added exploit module ebook_flipviewer_fviewerloading from LSO. 
git-svn-id: file:///home/svn/framework3/trunk@6281 4d416f70-5f16-0410-b530-b9f4589650da
 2009-03-02 23:14:54 +00:00
Patrick Webster a71b3e8c22 Added exploit module efs_easychatserver_username from LSO. 
git-svn-id: file:///home/svn/framework3/trunk@6280 4d416f70-5f16-0410-b530-b9f4589650da
 2009-03-02 06:57:00 +00:00
natron b6731747c4 added ie_unsafe_scripting exploit module 
git-svn-id: file:///home/svn/framework3/trunk@6260 4d416f70-5f16-0410-b530-b9f4589650da
 2009-02-27 22:35:50 +00:00
Patrick Webster d5c625b803 Added exploit module dlink_long_filename from LSO. 
git-svn-id: file:///home/svn/framework3/trunk@6256 4d416f70-5f16-0410-b530-b9f4589650da
 2009-02-26 08:19:01 +00:00
Patrick Webster c902c035aa Typo in vendor name. Steamcast. 
git-svn-id: file:///home/svn/framework3/trunk@6255 4d416f70-5f16-0410-b530-b9f4589650da
 2009-02-25 11:50:24 +00:00
Patrick Webster 415b4c2593 Added exploit module streamcast_useragent.rb from LSO. 
git-svn-id: file:///home/svn/framework3/trunk@6254 4d416f70-5f16-0410-b530-b9f4589650da
 2009-02-25 11:35:36 +00:00
Patrick Webster 92c45abf2d Added contentkeeperweb_mimencode exploit module. 
git-svn-id: file:///home/svn/framework3/trunk@6250 4d416f70-5f16-0410-b530-b9f4589650da
 2009-02-25 03:41:25 +00:00
Mario Ceballos 7118ef0a2c added aux module osb_execqr.rb and exploit module osb_ndmp_auth.rb. 
git-svn-id: file:///home/svn/framework3/trunk@6248 4d416f70-5f16-0410-b530-b9f4589650da
 2009-02-23 16:26:00 +00:00
cg 8fe4bf88b9 MS09-002 coverage by dean 
git-svn-id: file:///home/svn/framework3/trunk@6238 4d416f70-5f16-0410-b530-b9f4589650da
 2009-02-20 17:46:52 +00:00
Mario Ceballos 092db8229c added exploit module fdm_auth_header.rb 
git-svn-id: file:///home/svn/framework3/trunk@6205 4d416f70-5f16-0410-b530-b9f4589650da
 2009-02-02 18:27:36 +00:00
HD Moore f927320eda Wrap the telephony require properly 
git-svn-id: file:///home/svn/framework3/trunk@6201 4d416f70-5f16-0410-b530-b9f4589650da
 2009-01-30 04:28:40 +00:00
Mario Ceballos b321790c04 added exploit module license_gcr.rb. 
git-svn-id: file:///home/svn/framework3/trunk@6183 4d416f70-5f16-0410-b530-b9f4589650da
 2009-01-25 02:22:18 +00:00
HD Moore 1f523d78c9 Configure the architecture list to be ALL, not just a small set of archs 
git-svn-id: file:///home/svn/framework3/trunk@6171 4d416f70-5f16-0410-b530-b9f4589650da
 2009-01-22 05:35:19 +00:00
Mario Ceballos ff8323e6d2 added modules from Matteo Cantoni. 
git-svn-id: file:///home/svn/framework3/trunk@6170 4d416f70-5f16-0410-b530-b9f4589650da
 2009-01-21 12:51:30 +00:00
Mario Ceballos 9637e98cc4 added exploit module hp_nnm_toolbar.rb 
git-svn-id: file:///home/svn/framework3/trunk@6167 4d416f70-5f16-0410-b530-b9f4589650da
 2009-01-19 23:07:28 +00:00
Mario Ceballos 7ef0ddeec5 added exploit module symantec_appstream_unsafe.rb 
git-svn-id: file:///home/svn/framework3/trunk@6162 4d416f70-5f16-0410-b530-b9f4589650da
 2009-01-18 02:19:26 +00:00
Patrick Webster 33ba28346d Added exploit module awstats_migrate_exec. 
git-svn-id: file:///home/svn/framework3/trunk@6155 4d416f70-5f16-0410-b530-b9f4589650da
 2009-01-15 07:09:56 +00:00
HD Moore cb327d40fc Fix up the dialup code 
git-svn-id: file:///home/svn/framework3/trunk@6150 4d416f70-5f16-0410-b530-b9f4589650da
 2009-01-14 05:46:10 +00:00
Mario Ceballos 430d7cb424 fixed BID number. 
git-svn-id: file:///home/svn/framework3/trunk@6145 4d416f70-5f16-0410-b530-b9f4589650da
 2009-01-13 14:41:14 +00:00
Mario Ceballos bc1f2da254 added exploit module winzip_fileview.rb from dean. 
git-svn-id: file:///home/svn/framework3/trunk@6144 4d416f70-5f16-0410-b530-b9f4589650da
 2009-01-13 14:04:53 +00:00
druid 0d1ca42ed6 Adds support for exploitation over dialup via the new Telephony library. 
git-svn-id: file:///home/svn/framework3/trunk@6120 4d416f70-5f16-0410-b530-b9f4589650da
 2009-01-11 06:09:02 +00:00
James Lee 288075f7a0 add report_auth_info to some modules that authenticate. thanks, tebo 
git-svn-id: file:///home/svn/framework3/trunk@6118 4d416f70-5f16-0410-b530-b9f4589650da
 2009-01-11 05:52:07 +00:00
Mario Ceballos 3ee6eaede8 added exploit module nis2004_antispam.rb that makes use of egypts newly added heap spray stuff. 
git-svn-id: file:///home/svn/framework3/trunk@6109 4d416f70-5f16-0410-b530-b9f4589650da
 2009-01-10 14:00:49 +00:00
Patrick Webster 2de1dc9947 No need for string cast. thanks kris/raif. 
git-svn-id: file:///home/svn/framework3/trunk@6094 4d416f70-5f16-0410-b530-b9f4589650da
 2009-01-09 03:22:04 +00:00
Mario Ceballos ddafdad942 added support for 2k3. 
git-svn-id: file:///home/svn/framework3/trunk@6092 4d416f70-5f16-0410-b530-b9f4589650da
 2009-01-09 00:39:08 +00:00
Patrick Webster a41e16ded3 Added ursoft_w32dasm.rb file format module. 
git-svn-id: file:///home/svn/framework3/trunk@6083 4d416f70-5f16-0410-b530-b9f4589650da
 2009-01-07 11:18:44 +00:00
Mario Ceballos ee86b19834 added tns mixin to support oracle8i listener overflow and other tns 
related stuff.


git-svn-id: file:///home/svn/framework3/trunk@6082 4d416f70-5f16-0410-b530-b9f4589650da
 2009-01-07 03:07:01 +00:00
Patrick Webster 204ebd411f Updated with changes from raif. 
git-svn-id: file:///home/svn/framework3/trunk@6080 4d416f70-5f16-0410-b530-b9f4589650da
 2009-01-07 00:15:55 +00:00
Mario Ceballos fa950d64ef updated with the authors email address. 
git-svn-id: file:///home/svn/framework3/trunk@6076 4d416f70-5f16-0410-b530-b9f4589650da
 2009-01-05 13:09:18 +00:00
Mario Ceballos e132179b2d added exploit modules djvu_imageurl.rb, msworks_wkspictureinterface.rb and 
sascam_get.rb from dean.


git-svn-id: file:///home/svn/framework3/trunk@6074 4d416f70-5f16-0410-b530-b9f4589650da
 2009-01-05 00:55:29 +00:00
Mario Ceballos 33940517c5 added exploit modules ca_brightstor_addcolumn.rb and verypdf_pdfview.rb from dean. 
git-svn-id: file:///home/svn/framework3/trunk@6073 4d416f70-5f16-0410-b530-b9f4589650da
 2009-01-04 21:51:04 +00:00
Mario Ceballos f1093ee6a9 added exploit module realtek_playlist.rb. 
git-svn-id: file:///home/svn/framework3/trunk@6029 4d416f70-5f16-0410-b530-b9f4589650da
 2008-12-20 01:49:40 +00:00
kris 248f1e9fc3 Remove "#{xxx.to_s}" redundancies ('s/\(#{[^}]*\)\.to_s}/\1}/g') 
git-svn-id: file:///home/svn/framework3/trunk@6022 4d416f70-5f16-0410-b530-b9f4589650da
 2008-12-19 07:11:08 +00:00
HD Moore 45c08a9011 Fallback to heap spray if the .NET DLL does not load 
git-svn-id: file:///home/svn/framework3/trunk@6015 4d416f70-5f16-0410-b530-b9f4589650da
 2008-12-17 04:19:54 +00:00
Mario Ceballos aa53df6535 add exploit module adobe_utilprintf.rb, browser based. 
git-svn-id: file:///home/svn/framework3/trunk@6014 4d416f70-5f16-0410-b530-b9f4589650da
 2008-12-15 15:44:02 +00:00
HD Moore 5822ab75a7 Adds an exploit module (universal) for the new internet explorer xml bug. This module shows off the .NET memory techniques discovered by Alexander Sotirov and Mark Dowd. This code should bypass DEP, ASLR, and NX :-) 
git-svn-id: file:///home/svn/framework3/trunk@6012 4d416f70-5f16-0410-b530-b9f4589650da
 2008-12-12 01:45:00 +00:00
HD Moore 42da7926ba See #263. Testing post-commit hook 
git-svn-id: file:///home/svn/framework3/trunk@6010 4d416f70-5f16-0410-b530-b9f4589650da
 2008-12-11 03:56:52 +00:00
HD Moore c838c7ef2f See #263. Testing post-commit hook 
git-svn-id: file:///home/svn/framework3/trunk@6009 4d416f70-5f16-0410-b530-b9f4589650da
 2008-12-11 03:55:12 +00:00
HD Moore d64cf0f22f See #263. Testing post-commit hook 
git-svn-id: file:///home/svn/framework3/trunk@6008 4d416f70-5f16-0410-b530-b9f4589650da
 2008-12-11 03:53:52 +00:00
HD Moore cb8230f817 Fixes #263. Correct the max read() size for DCERPC over SMB 
git-svn-id: file:///home/svn/framework3/trunk@6007 4d416f70-5f16-0410-b530-b9f4589650da
 2008-12-11 03:50:30 +00:00
Mario Ceballos 1485e0564e updated with some awesome stuff from Didier Stevens. 
git-svn-id: file:///home/svn/framework3/trunk@6006 4d416f70-5f16-0410-b530-b9f4589650da
 2008-12-08 13:16:54 +00:00
Mario Ceballos 6df3ed8b25 git-svn-id: file:///home/svn/framework3/trunk@6001 4d416f70-5f16-0410-b530-b9f4589650da 2008-12-07 15:02:20 +00:00
Mario Ceballos 29c94ece40 removed hardcoded length for xrefPosition. thanks Didier Stevens. 
git-svn-id: file:///home/svn/framework3/trunk@5999 4d416f70-5f16-0410-b530-b9f4589650da
 2008-12-05 13:13:57 +00:00
Mario Ceballos 103e507635 newer version breaks.. 
git-svn-id: file:///home/svn/framework3/trunk@5998 4d416f70-5f16-0410-b530-b9f4589650da
 2008-12-04 21:57:54 +00:00
Mario Ceballos d47511baf2 updated target. 
git-svn-id: file:///home/svn/framework3/trunk@5996 4d416f70-5f16-0410-b530-b9f4589650da
 2008-12-03 20:20:39 +00:00
Mario Ceballos 381f6da682 added exploit module adobe_utilprintf.rb 
git-svn-id: file:///home/svn/framework3/trunk@5995 4d416f70-5f16-0410-b530-b9f4589650da
 2008-12-03 16:19:25 +00:00
Mario Ceballos e1e1f5d6a4 added fileformat mixin, fileformat exploit videolan_tivo.rb, and network based exploit videolan_tivo.rb 
git-svn-id: file:///home/svn/framework3/trunk@5993 4d416f70-5f16-0410-b530-b9f4589650da
 2008-12-03 01:23:27 +00:00
HD Moore 3266bd9ecd Add a better autofilter() / check() 
git-svn-id: file:///home/svn/framework3/trunk@5950 4d416f70-5f16-0410-b530-b9f4589650da
 2008-11-18 20:15:20 +00:00
kris 85926eb4ff fix svn keywords 
git-svn-id: file:///home/svn/framework3/trunk@5923 4d416f70-5f16-0410-b530-b9f4589650da
 2008-11-16 03:09:22 +00:00
Patrick Webster e14bf65099 Added domino_sametime_stmux module. 
git-svn-id: file:///home/svn/framework3/trunk@5919 4d416f70-5f16-0410-b530-b9f4589650da
 2008-11-14 11:04:33 +00:00
Patrick Webster 086e9fb89a Added veritas_netbackup_cmdexec module. 
git-svn-id: file:///home/svn/framework3/trunk@5914 4d416f70-5f16-0410-b530-b9f4589650da
 2008-11-13 09:45:47 +00:00
Patrick Webster 97ffd10f89 Updated to support Windows targets. 
git-svn-id: file:///home/svn/framework3/trunk@5912 4d416f70-5f16-0410-b530-b9f4589650da
 2008-11-13 09:01:24 +00:00
Patrick Webster 547f01f84a Added new target. 
git-svn-id: file:///home/svn/framework3/trunk@5911 4d416f70-5f16-0410-b530-b9f4589650da
 2008-11-13 08:31:04 +00:00
HD Moore 435ea807a4 Update the description and references to reflect (hah) MS08-068 
git-svn-id: file:///home/svn/framework3/trunk@5890 4d416f70-5f16-0410-b530-b9f4589650da
 2008-11-11 20:46:21 +00:00
HD Moore b665212b35 Make 2003 target universal 
git-svn-id: file:///home/svn/framework3/trunk@5888 4d416f70-5f16-0410-b530-b9f4589650da
 2008-11-11 15:22:24 +00:00
HD Moore 54cd265f82 Purging the ms08-067 check. The check method results in memory corruption and there are still concerns about the source of the technique. We can reimplement this later when there is some free time and less angry people involved ;-) 
git-svn-id: file:///home/svn/framework3/trunk@5887 4d416f70-5f16-0410-b530-b9f4589650da
 2008-11-11 15:01:45 +00:00
kris 7b002d4288 remove unused exception variables 
git-svn-id: file:///home/svn/framework3/trunk@5882 4d416f70-5f16-0410-b530-b9f4589650da
 2008-11-11 06:00:54 +00:00
HD Moore bc7b19f554 Adds keywords to some missing modules, adds an old/lame DoS module that was fixed in Vista SP1 
git-svn-id: file:///home/svn/framework3/trunk@5849 4d416f70-5f16-0410-b530-b9f4589650da
 2008-11-07 22:11:58 +00:00
HD Moore 95d5624a96 Correct scratch/scratch typo 
git-svn-id: file:///home/svn/framework3/trunk@5847 4d416f70-5f16-0410-b530-b9f4589650da
 2008-11-06 14:56:06 +00:00
HD Moore 308a90a01d Complete international support for XP SP2 / XP SP3 
git-svn-id: file:///home/svn/framework3/trunk@5846 4d416f70-5f16-0410-b530-b9f4589650da
 2008-11-06 06:08:45 +00:00
HD Moore 0881649f14 The psexec and smb_relay module now automatically cleanup. The ms08-06 module now supports all languages of XP SP3. 
git-svn-id: file:///home/svn/framework3/trunk@5841 4d416f70-5f16-0410-b530-b9f4589650da
 2008-11-04 22:27:59 +00:00
HD Moore b53695f7db The psexec module now uses a service-compatible exe, shellcode is spawned in a subprocess and the service cleans up properly 
git-svn-id: file:///home/svn/framework3/trunk@5829 4d416f70-5f16-0410-b530-b9f4589650da
 2008-11-03 23:06:37 +00:00
HD Moore e02f740277 Handle multiple sessions by default 
git-svn-id: file:///home/svn/framework3/trunk@5828 4d416f70-5f16-0410-b530-b9f4589650da
 2008-11-03 21:08:46 +00:00
HD Moore 133d7ce658 Adds an automatic default target to ms08-067, autodetects OS, SP, and language now. 
git-svn-id: file:///home/svn/framework3/trunk@5827 4d416f70-5f16-0410-b530-b9f4589650da
 2008-11-03 20:37:51 +00:00
HD Moore 4b30f3ef1a Update the check() comments to reflect new information >:( 
git-svn-id: file:///home/svn/framework3/trunk@5825 4d416f70-5f16-0410-b530-b9f4589650da
 2008-11-03 15:29:51 +00:00
Mario Ceballos 97b2adcc46 added the connect()/smb_login() 
git-svn-id: file:///home/svn/framework3/trunk@5824 4d416f70-5f16-0410-b530-b9f4589650da
 2008-11-03 13:14:06 +00:00
HD Moore f1789fc1b2 Adds the check() method and scanner module to ms08-067, massively upgrades the smb/version scanner, with better SP detection and remote language pack detection. 
git-svn-id: file:///home/svn/framework3/trunk@5823 4d416f70-5f16-0410-b530-b9f4589650da
 2008-11-03 09:17:08 +00:00
HD Moore d9ffc23128 Adds 0x40 to the badchars list, fixes a weird issue, found by Ramon 
git-svn-id: file:///home/svn/framework3/trunk@5822 4d416f70-5f16-0410-b530-b9f4589650da
 2008-11-02 02:35:57 +00:00
HD Moore 4f45818a0f The prefix change makes ms08-067 more reliable vs windows 2000 
git-svn-id: file:///home/svn/framework3/trunk@5820 4d416f70-5f16-0410-b530-b9f4589650da
 2008-10-31 21:10:45 +00:00
HD Moore de6c726e0a New french targets from Antoine 
git-svn-id: file:///home/svn/framework3/trunk@5818 4d416f70-5f16-0410-b530-b9f4589650da
 2008-10-31 15:34:17 +00:00
HD Moore c5ad82fb68 Add SP2 German 
git-svn-id: file:///home/svn/framework3/trunk@5817 4d416f70-5f16-0410-b530-b9f4589650da
 2008-10-31 14:15:16 +00:00
HD Moore d366e8342a Spanish target is SP3 not SP2 
git-svn-id: file:///home/svn/framework3/trunk@5816 4d416f70-5f16-0410-b530-b9f4589650da
 2008-10-31 14:07:58 +00:00
Ramon de C Valle 7427d913c0 Added targets for Portuguese (Brazil) (NX) SP2/SP3 to ms08_067_netapi.rb 
git-svn-id: file:///home/svn/framework3/trunk@5815 4d416f70-5f16-0410-b530-b9f4589650da
 2008-10-31 11:45:52 +00:00
HD Moore 571d577bbd Adds Windows XP SP0/SP1 targets for English 
git-svn-id: file:///home/svn/framework3/trunk@5814 4d416f70-5f16-0410-b530-b9f4589650da
 2008-10-31 06:12:49 +00:00
HD Moore e784bcd515 Adds Windows 2003 SP1 (NO NX and NX(is this needed)). 
git-svn-id: file:///home/svn/framework3/trunk@5813 4d416f70-5f16-0410-b530-b9f4589650da
 2008-10-31 05:55:57 +00:00
HD Moore 7fcf5b3dc2 Lots of new targets merged in for MS08-067 including Brett Moore's 2003 SP2 DEP bypass 
git-svn-id: file:///home/svn/framework3/trunk@5812 4d416f70-5f16-0410-b530-b9f4589650da
 2008-10-31 05:16:02 +00:00
HD Moore dfbc35da3c Patch for ms08-067 from antoine, fixes braindead bug on my part, should increase reliability 
git-svn-id: file:///home/svn/framework3/trunk@5805 4d416f70-5f16-0410-b530-b9f4589650da
 2008-10-30 17:21:07 +00:00
HD Moore e9d133e9aa Remove the while(true) which snuck into this module 
git-svn-id: file:///home/svn/framework3/trunk@5803 4d416f70-5f16-0410-b530-b9f4589650da
 2008-10-30 07:21:53 +00:00
HD Moore f9f6c8d3e6 Adds an initial exploit for MS08-067, support for XP SP2/SP3 DEP, 2003 SP0/SP2 no-DEP. 
git-svn-id: file:///home/svn/framework3/trunk@5798 4d416f70-5f16-0410-b530-b9f4589650da
 2008-10-28 07:35:17 +00:00
Mario Ceballos e700980288 update the return. thanks jacop. 
git-svn-id: file:///home/svn/framework3/trunk@5793 4d416f70-5f16-0410-b530-b9f4589650da
 2008-10-27 20:50:44 +00:00
Ramon de C Valle c66d6c4e46 Set property 'svn:keywords' 
git-svn-id: file:///home/svn/framework3/trunk@5783 4d416f70-5f16-0410-b530-b9f4589650da
 2008-10-23 02:43:21 +00:00
pusscat 16612cacba Rename 
git-svn-id: file:///home/svn/framework3/trunk@5778 4d416f70-5f16-0410-b530-b9f4589650da
 2008-10-22 17:51:12 +00:00
pusscat 822234771f Initial import of the bea oracle weblogic apache plugin 
git-svn-id: file:///home/svn/framework3/trunk@5777 4d416f70-5f16-0410-b530-b9f4589650da
 2008-10-22 17:44:57 +00:00
Ramon de C Valle f124597a56 Code cleanups 
git-svn-id: file:///home/svn/framework3/trunk@5773 4d416f70-5f16-0410-b530-b9f4589650da
 2008-10-19 21:03:39 +00:00
Mario Ceballos 3de5bab19b added exploit module zenturiprogramchecker_unsafe.rb 
git-svn-id: file:///home/svn/framework3/trunk@5769 4d416f70-5f16-0410-b530-b9f4589650da
 2008-10-19 13:15:53 +00:00
Mario Ceballos 727f893ad8 added exploit module quick_tftp_pro_mode.rb from Patrik Wellsly. 
git-svn-id: file:///home/svn/framework3/trunk@5756 4d416f70-5f16-0410-b530-b9f4589650da
 2008-10-15 11:21:06 +00:00
Mario Ceballos fd95f81cd6 added exploit module systemrequirementslab_unsafe.rb 
git-svn-id: file:///home/svn/framework3/trunk@5754 4d416f70-5f16-0410-b530-b9f4589650da
 2008-10-14 19:19:39 +00:00
Ramon de C Valle 8d760ebc1e Added patch and module from Kris Katterjohn 
git-svn-id: file:///home/svn/framework3/trunk@5751 4d416f70-5f16-0410-b530-b9f4589650da
 2008-10-14 14:22:34 +00:00
Mario Ceballos b508358132 added exploit modules lpviewer_url.rb and softartisans_getdrivename.rb 
git-svn-id: file:///home/svn/framework3/trunk@5750 4d416f70-5f16-0410-b530-b9f4589650da
 2008-10-14 13:41:52 +00:00
James Lee 4c091edac1 fixes #198; generic php eval exploit 
git-svn-id: file:///home/svn/framework3/trunk@5746 4d416f70-5f16-0410-b530-b9f4589650da
 2008-10-13 05:55:10 +00:00
HD Moore a7a7da9e28 Newer mercury module, more reliable using 0x0c0c0c0c return 
git-svn-id: file:///home/svn/framework3/trunk@5742 4d416f70-5f16-0410-b530-b9f4589650da
 2008-10-12 17:11:14 +00:00
Patrick Webster 7d85b1d198 Added Medal of Honor module from Jacopo Cervini. 
git-svn-id: file:///home/svn/framework3/trunk@5721 4d416f70-5f16-0410-b530-b9f4589650da
 2008-10-07 12:03:12 +00:00
Mario Ceballos 2965f3b238 updated with better coverage. 
git-svn-id: file:///home/svn/framework3/trunk@5712 4d416f70-5f16-0410-b530-b9f4589650da
 2008-10-04 12:00:43 +00:00
Mario Ceballos 6ad1a82101 fixed tabbing. 
git-svn-id: file:///home/svn/framework3/trunk@5710 4d416f70-5f16-0410-b530-b9f4589650da
 2008-10-02 15:48:25 +00:00
HD Moore fd256ec4a1 This massive commit changes the metasploit 3 module format. The new syntax allows for greater scalability and future improvements to the metasploit module loader. This change also makes it easier for users to add new modules, since the class name no longer needs to match the directory structure. 
git-svn-id: file:///home/svn/framework3/trunk@5709 4d416f70-5f16-0410-b530-b9f4589650da
 2008-10-02 05:23:59 +00:00