sinn3r
f715527423
Improve CVE-2012-1535
2012-08-21 19:58:21 -05:00
sinn3r
13df1480c8
Add exploit for CVE-2012-1535
2012-08-17 12:16:54 -05:00
HD Moore
430351fe79
Better handle of module cache when db_connect is run manually
2012-07-10 23:56:48 -05:00
LittleLightLittleFire
e9ac90f7b0
added CVE-2012-1723
2012-07-10 12:20:37 +10:00
Tod Beardsley
414214eb9d
Permissions.
2012-06-28 11:42:37 -05:00
jvazquez-r7
6ec990ed85
Merge branch 'Openfire-auth-bypass' of https://github.com/h0ng10/metasploit-framework into h0ng10-Openfire-auth-bypass
2012-06-27 23:09:26 +02:00
h0ng10
428ae21928
Changed readme.html file (was from the statistics plugin)
2012-06-26 12:03:52 -04:00
h0ng10
6cc8390da9
Module rewrite, included Java support, direct upload, plugin deletion
2012-06-26 11:56:44 -04:00
HD Moore
6a91626d94
Permissions
2012-06-25 00:36:39 -05:00
h0ng10
65197e79e2
added Exploit for CVE-2008-6508 (Openfire Auth bypass)
2012-06-24 07:35:38 -04:00
jvazquez-r7
b891e868f5
Added actionscript and swf needed
2012-06-23 08:36:35 +02:00
sinn3r
d7d314862f
Need the trigger to actually make it work, duh!
2012-06-22 23:16:12 -05:00
Tod Beardsley
572fb4cb0c
Permissions fix
2012-06-21 15:39:17 -05:00
Steven Seeley
fcf42d3e7b
added adobe flashplayer array indexing exploit (CVE-2011-2110)
2012-06-20 12:52:37 +10:00
HD Moore
5922ec1f7a
Permissions
2012-06-12 15:20:25 -05:00
sinn3r
4743c9fb33
Add MS12-005 (CVE-2012-0013) exploit
2012-06-10 01:08:28 -05:00
HD Moore
e8af6882eb
Permissions
2012-06-06 20:05:29 -05:00
jvazquez-r7
93741770e2
Added module for CVE-2011-3400
2012-06-05 18:21:55 +02:00
jvazquez-r7
287d68f304
added module for CVE-2008-0320
2012-05-23 17:14:11 +02:00
jvazquez-r7
14d8ba00af
Added batik svg java module
2012-05-17 16:48:38 +02:00
James Lee
7a05f3eab4
Mark failed logins as inactive
2012-05-08 16:51:22 -06:00
James Lee
318b14af4c
Fix improper reporting and stack traces when we missed a banner
...
Also makes sure we delete the session if we got a 221 response, even if
we haven't seen a login yet.
2012-05-08 16:40:56 -06:00
James Lee
1eec1cebb5
Fix improper reporting
...
:proto is always tcp, udp, etc., name is the higher layer name
2012-05-08 16:39:32 -06:00
James Lee
536fa39ae8
Keep the client and the server on tracked tcp sessions
2012-05-08 16:38:12 -06:00
Alexandre Maloteaux
452cead1e9
Merge psnuffle ntlmv2 support from Alex Malateaux
...
Testing this with smbclient requires setting "client ntlmv2 auth = yes"
in /etc/samba/smb.conf
Squashed commit of the following:
commit 7acc32f5f00914fed355a080ca237543448f80ca
Author: Alexandre Maloteaux <a.maloteaux@gmail.com>
Date: Thu Apr 12 01:52:49 2012 +0100
psnuffle : move protocol filtering in load function
commit 9c9ae9711c760b4f072271b7e5993f9bf8366671
Author: Alexandre Maloteaux <a.maloteaux@gmail.com>
Date: Thu Apr 12 01:50:48 2012 +0100
psnuffle : add hash exctratiopn from smbv2 session
[Closes #327 ]
2012-05-08 13:41:42 -06:00
HD Moore
f6005ba06e
Permission change, ignore
2012-04-23 13:42:18 -05:00
sinn3r
9a00823828
Merge branch '0a2940-CVE-2008-5499_adobe_flashplayer_aslaunch'
2012-04-19 18:08:22 -05:00
Tod Beardsley
18d83ee6c1
Permissions fix for modicon_ladder.apx
2012-04-12 14:26:27 -05:00
0a2940
654701f1b2
new file: data/exploits/CVE-2008-5499.swf
...
new file: external/source/exploits/CVE-2008-5499/Exploit.as
new file: modules/exploits/linux/browser/adobe_flashplayer_aslaunch.rb
2012-04-10 20:58:22 +01:00
Tod Beardsley
14d9953634
Adding DigitalBond SCADA modules
2012-04-05 12:35:48 -05:00
Tod Beardsley
ab269ac4ec
Permissions fix for exploit jar file
2012-04-02 09:27:35 -05:00
James Lee
025d905c01
Compiled jar with -target 1.2 so it works on older JVMs
2012-03-30 17:05:20 -06:00
sinn3r
e018c6604f
Modify CVE-2012-0507
2012-03-30 02:06:56 -05:00
Tod Beardsley
bec8d40a6c
File permissions fix
2012-03-29 16:24:31 -05:00
sinn3r
791ebdb679
Add CVE-2012-0507 (Java)
2012-03-29 10:31:14 -05:00
HD Moore
c8c73b076d
Permisssions (ignore)
2012-03-08 16:16:13 -06:00
HD Moore
3e6cbe9486
Add source code to the player
2012-03-08 15:23:10 -06:00
HD Moore
b0db18674c
Test out new player code
2012-03-08 15:05:12 -06:00
sinn3r
f2eab70c3f
Add swf file for CVE-2012-0754
2012-03-07 19:23:11 -06:00
David Maloney
d3fad51f3a
Fix my screwup in winscp for servicename
2012-02-21 20:31:52 -06:00
juan
e69037959f
Added CVE-2010-0842
2012-02-15 23:32:31 +01:00
scriptjunkie
1e811aed02
Adds scriptjunkie's multilingual admin fie for pxexploit
...
Also removes duplicated code between external/source/exploits/pxesploit
and external/source/pxesploit.
[Closes #63 ]
Squashed commit of the following:
commit 325f52527233ded1bf6506c366ec8cb9efdc2610
Author: scriptjunkie <scriptjunkie@scriptjunkie.us>
Date: Fri Dec 16 12:14:18 2011 -0600
Jetzt auf Deutsch! y español! 中國人!
[update pxexploit to resolve administrators' group name rather than assume the English 'Administrators']
Also remove duplicate/old pxexploit source code from the tree.
2011-12-23 12:24:45 -06:00
David Maloney
d939e33f1e
Allows for Loot and Tasks to be imported from an MSF ZIP.
...
This should bring any loots and tasks along with
everything else when doing an improt from an MSF ZIP file.
2011-12-05 22:30:34 -05:00
sinn3r
c5302e13ac
Slight changes
2011-12-01 03:02:08 -06:00
sinn3r
f64f0eefda
Add class file for CVE-2011-3544
2011-11-29 18:06:20 -06:00
David Maloney
30d1451159
Consolidation of the Axis2 Deployer Exploits
...
Fixes #5276
2011-11-22 08:47:53 -08:00
sinn3r
3185b3471b
Add template for CVE-2010-0822
2011-11-21 11:36:27 -06:00
scriptjunkie
8d58ea227f
Add UAC bypass to default pxesploit attack.
2011-11-16 08:16:22 -08:00
HD Moore
96766edfd0
Permission changes (to sync)
2011-11-10 19:48:32 -06:00
Wei Chen
aeaea65896
Add template file for ms11-021
...
git-svn-id: file:///home/svn/framework3/trunk@14168 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-05 23:04:54 +00:00
Mario Ceballos
2f2421badc
initial coverage of the pnsize bug (fileformat)
...
git-svn-id: file:///home/svn/framework3/trunk@13691 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-03 21:17:58 +00:00
David Rude
0b72c931b6
Adds the nsepa.ocx ActiveX control for CVE-2011-2882
...
git-svn-id: file:///home/svn/framework3/trunk@13668 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-30 22:23:27 +00:00
Matt Weeks
ce9db06589
Add localboot config for PXE.
...
git-svn-id: file:///home/svn/framework3/trunk@13628 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-24 21:26:41 +00:00
Wei Chen
5559eec7c9
Add trigger file for MS10-026
...
git-svn-id: file:///home/svn/framework3/trunk@13545 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-12 19:01:59 +00:00
Matt Weeks
f12742a05f
Better cleanup for PXE attacks.
...
git-svn-id: file:///home/svn/framework3/trunk@13518 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-11 02:57:02 +00:00
Matt Weeks
b2733c04db
More PXE dust for extra magic!
...
git-svn-id: file:///home/svn/framework3/trunk@13493 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-05 17:10:27 +00:00
amaloteaux
b9bb5c454d
psnuffle : add a smb protocol decoder
...
git-svn-id: file:///home/svn/framework3/trunk@13375 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-27 18:06:28 +00:00
Tod Beardsley
c54e18d757
Fixes #5038 . Removes all instances of Racket objects, as far as I can tell. If I missed any through my mighty grep -ril racket . statement, please reopen!
...
git-svn-id: file:///home/svn/framework3/trunk@13342 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-26 01:29:21 +00:00
Matt Weeks
338a13baac
Fix minor error.
...
git-svn-id: file:///home/svn/framework3/trunk@13167 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-14 02:36:42 +00:00
James Lee
d1b971c5f2
no need for a static sig anymore
...
git-svn-id: file:///home/svn/framework3/trunk@12835 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-03 00:13:44 +00:00
Matt Weeks
971b6f96f6
pxesploit update; compatibility with x64, compatibility with different windows versions.
...
Still no custom payload yet.
git-svn-id: file:///home/svn/framework3/trunk@12430 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-25 02:51:07 +00:00
Wei Chen
ce2687cafe
Added swf trigger file
...
git-svn-id: file:///home/svn/framework3/trunk@12329 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-16 02:08:03 +00:00
David Rude
8c614a9296
made the shellcode request random to avoid signatures
...
git-svn-id: file:///home/svn/framework3/trunk@12148 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-26 16:00:52 +00:00
David Rude
ff3659aa37
Lots of work to make this a lot more reliable =)
...
git-svn-id: file:///home/svn/framework3/trunk@12146 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-26 06:35:28 +00:00
Wei Chen
bdccc67d1d
Added Crash file for CVE-2010-3275 (VLC AMV file)
...
git-svn-id: file:///home/svn/framework3/trunk@12136 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-25 21:01:30 +00:00
Tod Beardsley
9895d01d51
Moving lib_mysqludf_sys*.dll to a more obvious subdirectory of the exploit binaries.
...
git-svn-id: file:///home/svn/framework3/trunk@12128 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-24 17:48:19 +00:00
Tod Beardsley
b1178686cf
Fixes #3988 . Adds a command execution module for PostgreSQL by uploading a UDF library and adding sys_exec() as a temporary function. Requires the target to be Windows, uses Bernardo Damele A. G.'s binaries.
...
Also fixes a typo in the arguments to handler which clears up a heretofore mysterious exception (see exploit.rb).
git-svn-id: file:///home/svn/framework3/trunk@12111 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 19:36:07 +00:00
David Rude
d7266b6551
Add CVE-2011-0609 exploit for Adobe Flash
...
git-svn-id: file:///home/svn/framework3/trunk@12089 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 04:31:48 +00:00
Joshua Drake
fb6107ffb5
enable java payloads, currently via one-off method
...
git-svn-id: file:///home/svn/framework3/trunk@12012 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-17 23:57:11 +00:00
Joshua Drake
4644110962
add exploit for cve-2010-4452, currently windows only and no payloads :(
...
git-svn-id: file:///home/svn/framework3/trunk@11982 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-16 04:50:25 +00:00
Tod Beardsley
42531e097f
Fixes #3916 . Adds a module for mysql delivery of a payload via a UDF, using Bernardo's quite excellent UDF libraries.
...
git-svn-id: file:///home/svn/framework3/trunk@11899 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-08 22:42:26 +00:00
James Lee
05d073c467
move the evil-looking metasploit.PayloadApplet to the more inocuous SiteLoader.class, re-enable rjb compiling for the applet class
...
git-svn-id: file:///home/svn/framework3/trunk@11249 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-07 20:43:53 +00:00
Joshua Drake
fbd340aae8
add an adodb based cmdstager, fixes #1431
...
git-svn-id: file:///home/svn/framework3/trunk@11247 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-07 18:51:12 +00:00
James Lee
191c4e8eb7
make java_signed_applet work with generic java payloads, but keep the default target as Windows/x86 since it is by far the most common victim.
...
git-svn-id: file:///home/svn/framework3/trunk@11172 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-30 03:50:40 +00:00
James Lee
6f7af42667
add an exploit for cve-2010-3563, thanks Matthias Kaiser
...
git-svn-id: file:///home/svn/framework3/trunk@11078 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-19 23:02:35 +00:00
Carlos Perez
c492737f0f
Fixed format issue
...
git-svn-id: file:///home/svn/framework3/trunk@11032 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-14 02:37:37 +00:00
James Lee
089ace9726
update the static-signed jar for java_signed_applet, fixes #3015
...
git-svn-id: file:///home/svn/framework3/trunk@10993 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-11 21:00:29 +00:00
Joshua Drake
b572414eac
add exploit for cve-2010-3654
...
git-svn-id: file:///home/svn/framework3/trunk@10857 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-01 22:34:13 +00:00
Joshua Drake
21f16f63a1
style compliance fixes
...
git-svn-id: file:///home/svn/framework3/trunk@10855 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-01 21:45:49 +00:00
Joshua Drake
6bd75bb2d5
add shockwave exploit from abysssec/rel1k
...
git-svn-id: file:///home/svn/framework3/trunk@10779 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-22 03:15:22 +00:00
Joshua Drake
f997b37245
remove the kitrap0d meterpreter script in favor of the "getsystem" implementation, fixes #800 , fixes #801
...
git-svn-id: file:///home/svn/framework3/trunk@10739 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-18 23:57:41 +00:00
HD Moore
f88033f0cc
Merge in R3L1K's Powershell enhancements and powerdump code (hashdump through powershell)
...
git-svn-id: file:///home/svn/framework3/trunk@10721 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-17 17:39:43 +00:00
Joshua Drake
eaf8ef00d0
add initial version of cve-2010-2883 exploit
...
git-svn-id: file:///home/svn/framework3/trunk@10263 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-08 23:05:18 +00:00
James Lee
85126af521
add an exploit module for cve-2010-0094, thanks Matthias Kaiser.
...
git-svn-id: file:///home/svn/framework3/trunk@10255 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-08 08:20:55 +00:00
James Lee
7381ab8b6d
duh, dont actually need this
...
git-svn-id: file:///home/svn/framework3/trunk@10093 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-21 07:19:49 +00:00
James Lee
6b08dfed61
Add exploit module for cve-2010-08040. This is an awesome bug and my description field doesn't do it justice
...
git-svn-id: file:///home/svn/framework3/trunk@10092 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-21 06:38:29 +00:00
Joshua Drake
4f148f9374
oops, add updateX data files, see #2329
...
git-svn-id: file:///home/svn/framework3/trunk@9964 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-06 19:43:25 +00:00
James Lee
119f9328fc
remove debug prints. =/
...
git-svn-id: file:///home/svn/framework3/trunk@9875 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-20 00:57:03 +00:00
James Lee
08d705c1db
add java meterpreter and update java_calendar_deserialize to be able to use it, see #406
...
git-svn-id: file:///home/svn/framework3/trunk@9874 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-20 00:53:24 +00:00
Joshua Drake
74b30535c4
oops, forgot swf
...
git-svn-id: file:///home/svn/framework3/trunk@9474 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-10 20:14:45 +00:00
Joshua Drake
6d1e7bdaa5
big commit - lots of cmdstager changes
...
created 4 cmd stagers (instead of just one): CmdStagerVBS, CmdStagerDebugAsm, CmdStagerDebugWrite, CmdStagerTFTP
created a TFTPServer mixin
created Msf::Exploit::EXE mixin to generate executables
updated all uses of CmdStager to use CmdStagerVBS for the time being
add exploit for cve-2001-0333 using CmdStagerTFTP
updated tftp server to wait for transfers to finish (up to 30 seconds) before shutting down
write debug.exe stager stub in 16-bit assembly (used in CmdStagerDebugAsm)
git-svn-id: file:///home/svn/framework3/trunk@9375 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-26 22:39:56 +00:00
Joshua Drake
879a92ffbf
change WriteLine to Write
...
git-svn-id: file:///home/svn/framework3/trunk@9089 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-16 00:24:56 +00:00
Joshua Drake
d370ab62c6
don't wait for shell.run to finish
...
git-svn-id: file:///home/svn/framework3/trunk@8718 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-04 22:33:16 +00:00
Joshua Drake
cc9113397c
add exploit for IE Windows Help vulnerability
...
git-svn-id: file:///home/svn/framework3/trunk@8682 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-01 23:14:20 +00:00
Joshua Drake
4800d6841c
commit cmd stager stuff from bannedit
...
git-svn-id: file:///home/svn/framework3/trunk@8518 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-16 16:38:19 +00:00
HD Moore
85c59038ed
Add rsnake's RFI index
...
git-svn-id: file:///home/svn/framework3/trunk@8504 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-15 15:37:04 +00:00
Joshua Drake
f82c53db2a
move 70k binary to data/exploits instead of hex encoded in the exploit
...
git-svn-id: file:///home/svn/framework3/trunk@8446 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-10 23:17:19 +00:00
natron
3ecabe1be9
Adds static signed jar and user messages letting them know.
...
git-svn-id: file:///home/svn/framework3/trunk@8328 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-29 19:47:40 +00:00
natron
69ad365b46
Added STDERR to pure java payload, cleaned up user's view.
...
git-svn-id: file:///home/svn/framework3/trunk@8308 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 22:53:36 +00:00
natron
cd5e5880d2
Initial commit of Msf::Exploit::Java mixin and multi/browser/java_signed_applet exploit.
...
git-svn-id: file:///home/svn/framework3/trunk@8267 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 19:46:39 +00:00