Commit Graph

1893 Commits (4ddd78c4de6f7f5abed177ea36a184f87880652a)

Author SHA1 Message Date
Steve Tornio d3da883aa2 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@8774 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-10 22:07:04 +00:00
HD Moore baf64ed999 Remove trailing
git-svn-id: file:///home/svn/framework3/trunk@8771 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-10 22:01:43 +00:00
Joshua Drake 3c57fe6e81 add exploit module for cve-2010-0806
git-svn-id: file:///home/svn/framework3/trunk@8770 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-10 22:01:32 +00:00
HD Moore aaea62bb92 Report the correct local/peer names for the session information. Fix a return value check
git-svn-id: file:///home/svn/framework3/trunk@8765 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-10 07:13:18 +00:00
Joshua Drake b419a40c45 finished periodic missing CVE reference check (hint vulns w/o CVEs here!)
also some minor cleanups here and there

git-svn-id: file:///home/svn/framework3/trunk@8762 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-10 05:58:01 +00:00
Joshua Drake 3b9524697f add verbose option
git-svn-id: file:///home/svn/framework3/trunk@8761 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-10 05:55:47 +00:00
Joshua Drake 52647260b3 add offset for alternative file open methods
git-svn-id: file:///home/svn/framework3/trunk@8757 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-09 05:57:22 +00:00
Joshua Drake fbc157df56 add exploit module for cve-2010-0688
git-svn-id: file:///home/svn/framework3/trunk@8754 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-09 01:04:44 +00:00
HD Moore b1973c6630 Adds detection and exploitation coverage for the Energizer Duo trojan
git-svn-id: file:///home/svn/framework3/trunk@8749 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-08 19:06:50 +00:00
Joshua Drake 83419da78b check for vulnerable version in JS prior to triggering vuln, closes #1011
git-svn-id: file:///home/svn/framework3/trunk@8731 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-06 04:36:16 +00:00
Joshua Drake 35c4a1d123 handle missing targets more gracefully, stub out linux and x86_64 support detection
git-svn-id: file:///home/svn/framework3/trunk@8729 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-05 17:35:18 +00:00
Joshua Drake 28f4eb2fd9 handle failed logins - fixes #1014
git-svn-id: file:///home/svn/framework3/trunk@8728 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-05 17:05:12 +00:00
Joshua Drake de9e944ad9 fix compile error
git-svn-id: file:///home/svn/framework3/trunk@8723 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-05 06:47:19 +00:00
Joshua Drake 73da75a931 big update to cmd stager
1. returns array of commands instead of big blob of lines
2. combine lines together when possible (to reduce # of commands to execute)
3. add cmd stager usage in mssql_payload
4. remove extraneous stuff here and there

git-svn-id: file:///home/svn/framework3/trunk@8721 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-05 00:29:44 +00:00
Joshua Drake 1629bf7bf0 move http_send_cmd into cmdweb test exploit
git-svn-id: file:///home/svn/framework3/trunk@8716 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-04 21:00:58 +00:00
Joshua Drake 0900314a15 redirect requests without subdirectories
git-svn-id: file:///home/svn/framework3/trunk@8713 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-04 18:28:05 +00:00
Joshua Drake 4bd857b53e add exploit module for cve-2008-3558
git-svn-id: file:///home/svn/framework3/trunk@8712 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-04 17:41:26 +00:00
Joshua Drake e8f22a7136 add exploit module for cve-2008-3878
git-svn-id: file:///home/svn/framework3/trunk@8705 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-04 06:19:37 +00:00
Joshua Drake 5aebed8fe7 add exploit module for cve-2008-5002
git-svn-id: file:///home/svn/framework3/trunk@8703 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-03 21:17:31 +00:00
Joshua Drake fb5906385d add exploit module for cve-2009-1534
git-svn-id: file:///home/svn/framework3/trunk@8698 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-03 18:12:37 +00:00
Joshua Drake d86575701d added CVE, KB references
git-svn-id: file:///home/svn/framework3/trunk@8696 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-03 03:20:58 +00:00
Steve Tornio 074b4ada44 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@8688 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-02 12:23:17 +00:00
Joshua Drake 4b59410507 rename module per ms bulletin
git-svn-id: file:///home/svn/framework3/trunk@8686 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-02 07:50:25 +00:00
Joshua Drake d0153225a0 add exploit module for cve-2009-1612
git-svn-id: file:///home/svn/framework3/trunk@8685 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-02 02:26:55 +00:00
Joshua Drake cc9113397c add exploit for IE Windows Help vulnerability
git-svn-id: file:///home/svn/framework3/trunk@8682 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-01 23:14:20 +00:00
Joshua Drake e80df81350 correct the CVE reference
git-svn-id: file:///home/svn/framework3/trunk@8678 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-01 19:47:13 +00:00
Joshua Drake cc891bce80 whitespace cleanups
git-svn-id: file:///home/svn/framework3/trunk@8677 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-01 15:13:04 +00:00
James Lee 3b59bc7cfc use the same option names for user/pass
git-svn-id: file:///home/svn/framework3/trunk@8674 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-26 22:14:58 +00:00
Stephen Fewer b4339930e7 rename this module with the updated MSB and swap out the hard coded kernel stager for the new kernel stager mixin.
git-svn-id: file:///home/svn/framework3/trunk@8656 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-26 13:42:17 +00:00
Joshua Drake 541a409f44 remove app_name variable
git-svn-id: file:///home/svn/framework3/trunk@8619 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-24 16:53:55 +00:00
Joshua Drake afd2df315b rename module part deux!
git-svn-id: file:///home/svn/framework3/trunk@8607 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-23 18:12:10 +00:00
Joshua Drake 705a4626e4 remove dash from file name
git-svn-id: file:///home/svn/framework3/trunk@8605 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-23 18:06:35 +00:00
Joshua Drake 81f93d48e7 add german target from contributor, thx!
git-svn-id: file:///home/svn/framework3/trunk@8601 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-23 17:23:05 +00:00
Joshua Drake b810e9665f add comment about autofilter mapping
git-svn-id: file:///home/svn/framework3/trunk@8592 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-22 22:30:38 +00:00
Joshua Drake b818536e46 corrected comment text
git-svn-id: file:///home/svn/framework3/trunk@8590 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-22 22:27:15 +00:00
Joshua Drake e3b009471b move code in autofilter into check
git-svn-id: file:///home/svn/framework3/trunk@8589 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-22 22:26:28 +00:00
Joshua Drake 1faec528de fix InitAutoRunScript -> InitialAutoRunScript
git-svn-id: file:///home/svn/framework3/trunk@8582 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-22 17:52:19 +00:00
Joshua Drake 6414821ea8 add exploit modules for CVEs 2005-2877 and 2004-1037
git-svn-id: file:///home/svn/framework3/trunk@8578 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-21 20:31:09 +00:00
Joshua Drake 865969e059 whitespace adjustments - finally closes #773
git-svn-id: file:///home/svn/framework3/trunk@8575 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-21 01:44:34 +00:00
Joshua Drake 32bf50c627 add exploit module to get code exec from jboss.system:MainDeployer access
git-svn-id: file:///home/svn/framework3/trunk@8574 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-21 01:41:24 +00:00
Joshua Drake 8446a0c305 add auto-targeting to tomcat_mgr_deploy, fixes #887
git-svn-id: file:///home/svn/framework3/trunk@8564 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-20 01:14:39 +00:00
Steve Tornio 93acc977fe fix osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@8563 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-19 19:42:08 +00:00
Joshua Drake 6e8eddcf5e add exploit module for cve-2008-0506
git-svn-id: file:///home/svn/framework3/trunk@8562 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-19 07:31:12 +00:00
HD Moore 1a53411282 Filter out the other test modules from automation
git-svn-id: file:///home/svn/framework3/trunk@8559 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-19 05:18:43 +00:00
HD Moore 0db3ada840 Filter this from automation
git-svn-id: file:///home/svn/framework3/trunk@8558 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-19 05:15:03 +00:00
natron 5b3c87c9c5 Add option to save java code to file.
git-svn-id: file:///home/svn/framework3/trunk@8557 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-19 05:11:56 +00:00
Joshua Drake 2e77c76824 add exploit module to get code exec on a tomcat manager instance, closes #772
git-svn-id: file:///home/svn/framework3/trunk@8552 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-18 18:18:43 +00:00
Patrick Webster 350c189a34 Added exploit module qbik_wingate_wwwproxy.
git-svn-id: file:///home/svn/framework3/trunk@8547 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-18 15:58:26 +00:00
Joshua Drake 797ab55f52 add exploit module for cve-2009-2011
git-svn-id: file:///home/svn/framework3/trunk@8541 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-17 20:14:40 +00:00
Joshua Drake b4ead057f6 add exploit module for cve-2000-0917
git-svn-id: file:///home/svn/framework3/trunk@8530 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-17 00:56:28 +00:00
Joshua Drake 4800d6841c commit cmd stager stuff from bannedit
git-svn-id: file:///home/svn/framework3/trunk@8518 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-16 16:38:19 +00:00
et cf29ff333e Added a path to prepend
git-svn-id: file:///home/svn/framework3/trunk@8514 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-16 05:24:31 +00:00
Joshua Drake 48b7aec12d corrected cve reference
git-svn-id: file:///home/svn/framework3/trunk@8512 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-16 00:30:17 +00:00
Joshua Drake a996668cfa added payload notes
git-svn-id: file:///home/svn/framework3/trunk@8511 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-16 00:27:45 +00:00
Joshua Drake 82369aa9e8 add exploit module for cve-2007-2447
git-svn-id: file:///home/svn/framework3/trunk@8510 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-16 00:26:41 +00:00
Joshua Drake 8c59c9cfdc fix typos
git-svn-id: file:///home/svn/framework3/trunk@8508 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-15 22:42:16 +00:00
Joshua Drake b1ef6075c0 add exploit module for cve-2007-5208
git-svn-id: file:///home/svn/framework3/trunk@8507 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-15 22:38:50 +00:00
HD Moore 1857268af8 Uber-fast-get-me-a-php-shell mode :)
git-svn-id: file:///home/svn/framework3/trunk@8505 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-15 17:59:54 +00:00
HD Moore 32357b1f64 Skip the debugging target for automatic mode
git-svn-id: file:///home/svn/framework3/trunk@8499 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-15 01:02:12 +00:00
HD Moore 5d7139ad6f Various module cleanups
git-svn-id: file:///home/svn/framework3/trunk@8498 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-15 00:48:03 +00:00
Patrick Webster f9ae031055 Added piranha_passwd_exec exploit module.
git-svn-id: file:///home/svn/framework3/trunk@8497 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-14 20:27:24 +00:00
Patrick Webster ee4fd8c75d Ported sambar6_search_results from v2.
git-svn-id: file:///home/svn/framework3/trunk@8480 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-13 20:15:19 +00:00
HD Moore 7aa7995da9 Autodetect and exploit 2003 SP0
git-svn-id: file:///home/svn/framework3/trunk@8479 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-13 20:04:24 +00:00
Patrick Webster 01cbe85468 Fixed OSVDB refs and added CA Server module.
git-svn-id: file:///home/svn/framework3/trunk@8478 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-13 16:16:13 +00:00
Patrick Webster c8da073f80 Ported calicclnt_getconfig exploit module from msf2.
git-svn-id: file:///home/svn/framework3/trunk@8476 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-13 15:38:06 +00:00
Joshua Drake 1896c82e39 add exploit module for cve-2009-2484
git-svn-id: file:///home/svn/framework3/trunk@8475 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-13 06:58:27 +00:00
Joshua Drake 8c28d583aa bump ranking up a notch
git-svn-id: file:///home/svn/framework3/trunk@8474 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-13 06:57:58 +00:00
Joshua Drake d561b8e8ec add references, update description
git-svn-id: file:///home/svn/framework3/trunk@8471 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-12 21:09:09 +00:00
Joshua Drake f3c6b01bbd add first exploit module using Rex::OLE (cve-2009-3129)
git-svn-id: file:///home/svn/framework3/trunk@8470 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-12 20:52:41 +00:00
Patrick Webster 3fd3d44ad6 Added barcode_ax49.rb exploit module.
git-svn-id: file:///home/svn/framework3/trunk@8466 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-12 18:06:49 +00:00
HD Moore 3fe41a0d94 Fix a small typo
git-svn-id: file:///home/svn/framework3/trunk@8463 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-12 14:44:23 +00:00
natron 9729b22972 Loopty version of the wireshark exploit. This will continually blast packets as a background job.
git-svn-id: file:///home/svn/framework3/trunk@8460 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-12 01:58:33 +00:00
Joshua Drake 6e80c7a62c use Rex::Arch::pack_addr
git-svn-id: file:///home/svn/framework3/trunk@8454 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-11 09:03:48 +00:00
Joshua Drake 0f942df9cd whitespace changes
git-svn-id: file:///home/svn/framework3/trunk@8451 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-11 06:00:12 +00:00
Joshua Drake f82c53db2a move 70k binary to data/exploits instead of hex encoded in the exploit
git-svn-id: file:///home/svn/framework3/trunk@8446 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-10 23:17:19 +00:00
James Lee eb6ce38e0c old zero-day shows its age
git-svn-id: file:///home/svn/framework3/trunk@8445 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-10 20:41:07 +00:00
Joshua Drake d96a6a1f8f add exploit module for cve-2009-2261 - first consumer of zip library!
git-svn-id: file:///home/svn/framework3/trunk@8440 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-10 17:28:25 +00:00
Joshua Drake 48a159006a Regenerate the payload with the specified AIX level, cleanups
git-svn-id: file:///home/svn/framework3/trunk@8427 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-09 04:15:47 +00:00
Joshua Drake e7f7ac20ea extended brute range, minor cleanups
git-svn-id: file:///home/svn/framework3/trunk@8426 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-09 04:15:15 +00:00
HD Moore af978cbbdc Regenerate the payload with the specified AIX level
git-svn-id: file:///home/svn/framework3/trunk@8424 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-09 03:59:20 +00:00
Joshua Drake 7bf3de2a3d randomize filler
git-svn-id: file:///home/svn/framework3/trunk@8422 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-09 00:43:56 +00:00
Joshua Drake 40579ce936 it works! don't forget to "set AIX <version>"
git-svn-id: file:///home/svn/framework3/trunk@8421 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-09 00:41:49 +00:00
HD Moore ba34abc232 Fix unpack("H*") vs unpack("H*")[0]
git-svn-id: file:///home/svn/framework3/trunk@8416 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 21:37:07 +00:00
HD Moore c6c1cda153 Try to delete the file (doesn't always work)
git-svn-id: file:///home/svn/framework3/trunk@8413 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 19:12:59 +00:00
HD Moore bc62eaf99b Adds a module to exploit insecure IIS configurations (PUT)
git-svn-id: file:///home/svn/framework3/trunk@8412 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 19:04:19 +00:00
Steve Tornio f3ad1c0a15 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@8410 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 18:53:21 +00:00
Joshua Drake f04ae6f20d minor cleanups -- getting closer
git-svn-id: file:///home/svn/framework3/trunk@8402 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 01:03:46 +00:00
HD Moore 7870638481 Expose the SunRPC socket; we need to overhaul the SunRPC code sometime
git-svn-id: file:///home/svn/framework3/trunk@8399 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 00:52:58 +00:00
Joshua Drake 8b63d506f7 initial commit of aix cmsd exploit (not fully working yet)
git-svn-id: file:///home/svn/framework3/trunk@8398 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 00:44:54 +00:00
Joshua Drake 9f174795d4 add exploit module for vermillion ftpd memory corruption
git-svn-id: file:///home/svn/framework3/trunk@8396 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-08 00:39:48 +00:00
Joshua Drake a772bc2c85 minor cleanups
git-svn-id: file:///home/svn/framework3/trunk@8395 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-07 21:42:12 +00:00
HD Moore bd91871763 Correct credit for the advisory
git-svn-id: file:///home/svn/framework3/trunk@8391 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-06 23:22:28 +00:00
Joshua Drake 875a66553f clean up a couple comments to save future pain
git-svn-id: file:///home/svn/framework3/trunk@8380 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-06 06:53:31 +00:00
Joshua Drake bd3a4760da fixes to adobe_pdf_embedded_exe
optimized the directory search, and cmdline in general
added the Documents (Vista/Win7) to the list of directories to check
fixes #767



git-svn-id: file:///home/svn/framework3/trunk@8379 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-06 06:51:13 +00:00
Joshua Drake 9397c897ba fix spoof support
git-svn-id: file:///home/svn/framework3/trunk@8367 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-04 04:56:18 +00:00
Joshua Drake 9b79ebd000 add a windows target, thx redsand!
also removed some cruft


git-svn-id: file:///home/svn/framework3/trunk@8364 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-03 18:24:42 +00:00
Joshua Drake 7538b93aae add exploit module for cve-2006-6665
git-svn-id: file:///home/svn/framework3/trunk@8361 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-03 06:09:31 +00:00
Joshua Drake a41647a922 add silly jmp esp target for wireshark gui on debian
git-svn-id: file:///home/svn/framework3/trunk@8360 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-03 00:08:28 +00:00
Steve Tornio 2cbd6d152d Add cve and osvdb refs
git-svn-id: file:///home/svn/framework3/trunk@8347 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-02 12:37:07 +00:00
Joshua Drake 98dd073368 add an exploit module for one of the wireshark lwres vulns
git-svn-id: file:///home/svn/framework3/trunk@8346 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-02 06:20:18 +00:00
Joshua Drake 746c4fc263 whitespace change
git-svn-id: file:///home/svn/framework3/trunk@8345 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-02 06:19:34 +00:00
Joshua Drake fde3fbb2e3 add exploit module for cve-2009-1569
git-svn-id: file:///home/svn/framework3/trunk@8339 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-01 03:56:02 +00:00
Joshua Drake c073cd707a removed unecessary parameter, commented target
git-svn-id: file:///home/svn/framework3/trunk@8338 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-01 03:33:38 +00:00
Joshua Drake 2783c5884e add exploit module for cve-2009-1568
git-svn-id: file:///home/svn/framework3/trunk@8336 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-01 02:40:47 +00:00
natron 3ecabe1be9 Adds static signed jar and user messages letting them know.
git-svn-id: file:///home/svn/framework3/trunk@8328 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-29 19:47:40 +00:00
Joshua Drake 4863faf0a7 add reference to cve-2000-1209 (sa blank password)
git-svn-id: file:///home/svn/framework3/trunk@8324 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-29 16:37:06 +00:00
Joshua Drake c514c2274b typo, fixes #786, see also r8315
git-svn-id: file:///home/svn/framework3/trunk@8316 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-29 01:06:06 +00:00
Joshua Drake 53fd14c9c0 updated description, added PATH variable
git-svn-id: file:///home/svn/framework3/trunk@8315 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-29 01:04:23 +00:00
natron 69ad365b46 Added STDERR to pure java payload, cleaned up user's view.
git-svn-id: file:///home/svn/framework3/trunk@8308 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 22:53:36 +00:00
Steve Tornio 70c0cb7530 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@8307 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 21:04:40 +00:00
Steve Tornio a3f4d4f65e add cve and osvdb refs
git-svn-id: file:///home/svn/framework3/trunk@8306 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 21:04:01 +00:00
Joshua Drake c0e556f7ad oops, broke the tree again!
git-svn-id: file:///home/svn/framework3/trunk@8305 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 20:37:44 +00:00
Joshua Drake 4751d83cb8 some cleanups, added some CVE references
git-svn-id: file:///home/svn/framework3/trunk@8304 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 20:15:32 +00:00
Joshua Drake 7789db860d add exploit module for Audiotran .pls file bof
git-svn-id: file:///home/svn/framework3/trunk@8303 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 19:24:41 +00:00
Joshua Drake d9e5de5683 note the CLSID of this control
git-svn-id: file:///home/svn/framework3/trunk@8302 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 19:17:50 +00:00
Joshua Drake 15e13348c0 add exploit module for AOL phobos bug
git-svn-id: file:///home/svn/framework3/trunk@8300 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 18:58:14 +00:00
Joshua Drake 0fbe42395f added automatic target detection
git-svn-id: file:///home/svn/framework3/trunk@8287 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 07:34:47 +00:00
Joshua Drake 008755b025 add exploit module for yassl CertDecoder::GetName vuln
also renames old mysql_yassl exploit to _hello

git-svn-id: file:///home/svn/framework3/trunk@8282 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 23:24:44 +00:00
natron 9891d60dfc Move applet generation up for slight speed improvement and less spamminess to the user.
git-svn-id: file:///home/svn/framework3/trunk@8281 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 23:15:36 +00:00
natron 5e4442a4d4 Fix a bug missed due to caching issues.
git-svn-id: file:///home/svn/framework3/trunk@8276 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 20:58:13 +00:00
natron c135462768 <@jduck> natron: you need some svn keywords magic
git-svn-id: file:///home/svn/framework3/trunk@8274 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 20:20:32 +00:00
natron cd5e5880d2 Initial commit of Msf::Exploit::Java mixin and multi/browser/java_signed_applet exploit.
git-svn-id: file:///home/svn/framework3/trunk@8267 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 19:46:39 +00:00
Joshua Drake 31949c4343 svn keywords fixups
fixed a bunch of $Id$ and $Revision$ typos
added keywords property to files missing it



git-svn-id: file:///home/svn/framework3/trunk@8242 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-26 20:12:13 +00:00
HD Moore 1bdd286936 This bug actually affected 9.2 as well according to adobe, reference updated
git-svn-id: file:///home/svn/framework3/trunk@8222 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-25 14:22:13 +00:00
Joshua Drake 87adb7714f fixed whitespace
git-svn-id: file:///home/svn/framework3/trunk@8219 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-25 04:52:49 +00:00
Joshua Drake 83f47796fe add reference to ms09-032 (the mitigation)
git-svn-id: file:///home/svn/framework3/trunk@8212 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-24 00:05:19 +00:00
Joshua Drake 14862e0106 added another target
git-svn-id: file:///home/svn/framework3/trunk@8204 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-22 21:43:40 +00:00
Joshua Drake 6fd20d411f add exploit module for cve-2009-4179
git-svn-id: file:///home/svn/framework3/trunk@8192 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-22 05:52:53 +00:00
Joshua Drake 409d44bfad fix another typo
git-svn-id: file:///home/svn/framework3/trunk@8190 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 19:26:04 +00:00
Joshua Drake 9cb3ac9340 fix typo
git-svn-id: file:///home/svn/framework3/trunk@8189 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 19:24:54 +00:00
Joshua Drake ab1a1c58db escape more format specifiers passed to util.printd
prevents mucking with the allocation size (hopefully)
a better solution would be to find a different way to allocate the freed memory..


git-svn-id: file:///home/svn/framework3/trunk@8188 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 18:32:01 +00:00
Joshua Drake a87d4e7eb4 escape randomly generated format specifiers passed to util.printd
prevents mucking with the allocation size (hopefully)


git-svn-id: file:///home/svn/framework3/trunk@8186 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 17:09:46 +00:00
Joshua Drake 2b8a2d56a1 some variable renaming
git-svn-id: file:///home/svn/framework3/trunk@8184 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 04:55:16 +00:00
Joshua Drake 72e1b9bb50 added a couple better error messages
git-svn-id: file:///home/svn/framework3/trunk@8183 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 00:30:08 +00:00
Joshua Drake 97c3159293 fixed version command, check function
git-svn-id: file:///home/svn/framework3/trunk@8182 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 00:15:20 +00:00
Joshua Drake e8048704be add exploit module for cve-2009-1979 (oracle pre-auth bof)
git-svn-id: file:///home/svn/framework3/trunk@8181 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-21 00:05:18 +00:00
Joshua Drake 310be42bfa try not to repeatedly load static files - see #694
git-svn-id: file:///home/svn/framework3/trunk@8166 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-19 19:12:42 +00:00
Joshua Drake db5097af91 bump ranking up, comment about crash recovery
git-svn-id: file:///home/svn/framework3/trunk@8154 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-19 07:23:22 +00:00
Joshua Drake 477468147b cleanup exceptions, optimize query length, add some entropy
git-svn-id: file:///home/svn/framework3/trunk@8153 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-19 05:09:40 +00:00
Joshua Drake 7c402d1d79 changed a comment
git-svn-id: file:///home/svn/framework3/trunk@8152 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-19 01:56:31 +00:00
Joshua Drake 52b71077d3 major overhaul of ms09-004 (cve-2008-5416) exploit
git-svn-id: file:///home/svn/framework3/trunk@8151 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-19 01:51:48 +00:00
James Lee bbe10b439f let the user know when a client connects
git-svn-id: file:///home/svn/framework3/trunk@8140 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-16 01:00:01 +00:00
HD Moore 69f609bdcd Updated description to make the source of the exploit clear and why it only triggers reliably vs 6 now. Adjusts the heap spray to be slightly bigger
git-svn-id: file:///home/svn/framework3/trunk@8138 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-16 00:55:42 +00:00
Steve Tornio a0326fc842 add CVE and OSVDB refs
git-svn-id: file:///home/svn/framework3/trunk@8137 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-15 22:05:02 +00:00
HD Moore 579a6fe799 Metasploit port of the IE "Aurora" exploit, based on this sample: http://wepawet.iseclab.org/view.php?hash=1aea206aa64ebeabb07237f1e2230d0f&type=js
git-svn-id: file:///home/svn/framework3/trunk@8136 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-15 21:36:04 +00:00
Joshua Drake fba8a1d110 added a German target with 0x0a0a0a0a as the spray addr
git-svn-id: file:///home/svn/framework3/trunk@8125 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-14 22:24:56 +00:00
HD Moore b1f79c6342 Use nohup to prevent the telnet session close from killing the command
git-svn-id: file:///home/svn/framework3/trunk@8082 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-07 00:10:03 +00:00
Joshua Drake 8399ff46b2 oops, left out a var
git-svn-id: file:///home/svn/framework3/trunk@8081 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-06 20:55:41 +00:00
Joshua Drake c51c14bcba fix typos :-/
git-svn-id: file:///home/svn/framework3/trunk@8080 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-06 20:09:34 +00:00
Joshua Drake 97338e6848 add exploit module for cve-2007-2280 (split from other)
git-svn-id: file:///home/svn/framework3/trunk@8079 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-06 20:04:58 +00:00
Joshua Drake 75ff9d327a _2 == cve-2009-3844
git-svn-id: file:///home/svn/framework3/trunk@8078 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-06 20:01:08 +00:00
Joshua Drake 3a9b384554 renamed the moduled
git-svn-id: file:///home/svn/framework3/trunk@8077 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-06 19:29:11 +00:00
Joshua Drake 4a0051d93a lots of updates, preparing to split into two modules
git-svn-id: file:///home/svn/framework3/trunk@8076 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-06 19:28:19 +00:00
Steve Tornio 888b7637c0 Add OSVDB ref, fixed exploit-db refs
git-svn-id: file:///home/svn/framework3/trunk@8071 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-05 11:49:12 +00:00
Joshua Drake 905d391d5e add exploit module for bigant 2.52 usv bug
git-svn-id: file:///home/svn/framework3/trunk@8070 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-05 08:24:35 +00:00
Joshua Drake efb3dbb2af minor tweaks
git-svn-id: file:///home/svn/framework3/trunk@8069 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-05 00:35:46 +00:00
Joshua Drake 789d875d24 record addr for stack hijacking
git-svn-id: file:///home/svn/framework3/trunk@8068 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-05 00:02:15 +00:00
Joshua Drake 9a9c92d785 added description, sql2ksp3 target, minor reliability improvement
git-svn-id: file:///home/svn/framework3/trunk@8067 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-04 22:07:03 +00:00
Steve Tornio c62e314ac4 Add OSVDB ref
git-svn-id: file:///home/svn/framework3/trunk@8063 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-04 13:02:18 +00:00
Mario Ceballos 1239ce132e added exploit module nettransport.rb from dookie
git-svn-id: file:///home/svn/framework3/trunk@8062 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-03 16:07:54 +00:00
Joshua Drake bb07ea9854 many updates, now supporting two diff techniques
git-svn-id: file:///home/svn/framework3/trunk@8061 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-03 08:10:28 +00:00
James Lee 3c6cbbc47e make sure IE service packs don't throw off the version comparison
git-svn-id: file:///home/svn/framework3/trunk@8049 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-31 21:24:00 +00:00
Joshua Drake e2a0ff92ce add check and auto-target selection
git-svn-id: file:///home/svn/framework3/trunk@8048 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-31 16:26:32 +00:00
Steve Tornio 64e524545e Update OSVDB ref
git-svn-id: file:///home/svn/framework3/trunk@8045 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-31 13:30:35 +00:00
Joshua Drake 23d7f53f3a add exploit module for cve-2008-5416
git-svn-id: file:///home/svn/framework3/trunk@8044 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-31 05:18:55 +00:00
Joshua Drake 2283e029db crossing fingers, big cr removal batch
git-svn-id: file:///home/svn/framework3/trunk@8038 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-30 22:24:22 +00:00
Joshua Drake 4827d81966 formatting fixes
git-svn-id: file:///home/svn/framework3/trunk@8029 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-30 00:48:16 +00:00
Joshua Drake 48c2184fb2 reinstated linux bruteforce target from msf2 exploit
git-svn-id: file:///home/svn/framework3/trunk@8025 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-29 22:57:02 +00:00
Joshua Drake 57fd341f4a added auto targeting, XPSP1 target, updated 2ksp4 target, notes, description
git-svn-id: file:///home/svn/framework3/trunk@8023 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-29 19:22:43 +00:00
HD Moore 922cef26fa Store the domain name in the SMB client object, along with other fields provided by NTLMSSP responses. Show the domain name and netbios name in the version scanner. Update MS06-070 to remove the default target, use the domain name from the server response, and use a more reliable return address for 2000 SP4.
git-svn-id: file:///home/svn/framework3/trunk@8022 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-29 14:00:49 +00:00
Joshua Drake 6170998ba3 add exploit module for cve-2006-4691
git-svn-id: file:///home/svn/framework3/trunk@8021 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-29 05:13:57 +00:00
Joshua Drake 1f2c1e7866 corrected cve, removed cr's, added keywords
git-svn-id: file:///home/svn/framework3/trunk@8012 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-28 21:12:11 +00:00
Joshua Drake 45a9d50d0d add exploit module for CVE-2008-4193
git-svn-id: file:///home/svn/framework3/trunk@8010 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-28 20:38:50 +00:00
HD Moore 364880fb4d Bump the session wait to 10 seconds
git-svn-id: file:///home/svn/framework3/trunk@8004 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-28 14:27:33 +00:00
Steve Tornio 5ac485eb48 Add OSVDB reference
git-svn-id: file:///home/svn/framework3/trunk@8002 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-28 12:33:40 +00:00
HD Moore 4728a29bae Two new modules from dijital1
git-svn-id: file:///home/svn/framework3/trunk@8000 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-28 04:36:25 +00:00
HD Moore 16062eed2d Holiday present from EgiX
git-svn-id: file:///home/svn/framework3/trunk@7989 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-26 18:50:44 +00:00
HD Moore d0969746a4 Mostly cosmetic changes from local tree
git-svn-id: file:///home/svn/framework3/trunk@7970 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-26 03:31:20 +00:00
HD Moore 87176f9591 Correct a syntax error in adobe_u3d_meshdecl
git-svn-id: file:///home/svn/framework3/trunk@7959 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-23 12:50:55 +00:00
HD Moore 92c703ba6f Wait a second before deleting the file, catch an exception on delete, combined these reduce some of the issues around psexec
git-svn-id: file:///home/svn/framework3/trunk@7954 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-23 04:02:59 +00:00
James Lee b933f49ec3 this exploit always uses an exe, so default EXITFUNC to process so we don't leave processes lying around
git-svn-id: file:///home/svn/framework3/trunk@7950 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-23 01:29:16 +00:00
Joshua Drake 1e6c9bef74 fix uri for check/detect
git-svn-id: file:///home/svn/framework3/trunk@7942 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-21 23:10:38 +00:00
Joshua Drake 6219116ebf removed exit calls
git-svn-id: file:///home/svn/framework3/trunk@7940 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-21 23:03:03 +00:00
Joshua Drake d0098095a4 hopefully resolved some hang issues
git-svn-id: file:///home/svn/framework3/trunk@7939 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-21 22:57:36 +00:00
Joshua Drake 9afb67aa5f removed exit call
git-svn-id: file:///home/svn/framework3/trunk@7936 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-21 22:10:18 +00:00
Joshua Drake 5830e359b6 corrected "privileged" flag
git-svn-id: file:///home/svn/framework3/trunk@7932 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-21 18:18:18 +00:00
Joshua Drake 19d32b6c97 add jabra to author list
git-svn-id: file:///home/svn/framework3/trunk@7931 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-21 17:01:12 +00:00
Steve Tornio 544efd879b Add OSVDB references
git-svn-id: file:///home/svn/framework3/trunk@7929 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-21 11:53:20 +00:00
Joshua Drake 47ef693b77 add CVE references!
git-svn-id: file:///home/svn/framework3/trunk@7928 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-21 09:38:42 +00:00
Joshua Drake 86dc8da1bb bump ranking up
git-svn-id: file:///home/svn/framework3/trunk@7927 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-21 07:56:48 +00:00
Joshua Drake 4b883322f5 moved length adjustment
git-svn-id: file:///home/svn/framework3/trunk@7926 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-20 22:45:33 +00:00
Joshua Drake 3767b6be7a add exploit module for cve-2008-4828
git-svn-id: file:///home/svn/framework3/trunk@7925 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-20 22:40:14 +00:00
Joshua Drake 6f243f6515 add exploit module for cve-2009-3853
git-svn-id: file:///home/svn/framework3/trunk@7924 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-20 11:09:39 +00:00
Joshua Drake 6a1f43b3df rename again :)
git-svn-id: file:///home/svn/framework3/trunk@7920 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-19 01:09:03 +00:00
Joshua Drake 7ef085f9b2 resolved conflict, attempt #2 to rename
git-svn-id: file:///home/svn/framework3/trunk@7919 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-19 01:08:41 +00:00
Joshua Drake 8f7c820ac9 renamed module
git-svn-id: file:///home/svn/framework3/trunk@7918 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-19 01:04:03 +00:00
HD Moore be42efdd1b Update the PDF modules to work on a wider range of versions
git-svn-id: file:///home/svn/framework3/trunk@7917 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-19 01:02:32 +00:00
Mario Ceballos de84d7e989 updated badchars and removed alphnumeric encoding.
git-svn-id: file:///home/svn/framework3/trunk@7916 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-19 00:08:32 +00:00
James Lee 82d84605e4 advisory says it should work against 5.5, but this module causes js syntax errors, so only run it on 6
git-svn-id: file:///home/svn/framework3/trunk@7914 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-18 19:38:52 +00:00
Joshua Drake c8495272a8 add exploit module for cve-2009-3214
git-svn-id: file:///home/svn/framework3/trunk@7911 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-18 00:19:04 +00:00
Joshua Drake 442bbe9e14 language cleanup
git-svn-id: file:///home/svn/framework3/trunk@7910 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-17 23:02:01 +00:00
HD Moore f2ec7795e2 Reliability improvement for the Acrobat bug - use the lame old 0x0c0c0c0c, but this works on the widest range of versions
git-svn-id: file:///home/svn/framework3/trunk@7907 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-17 14:43:05 +00:00
HD Moore 80fa601a2c Fixes #667. Automigrates this to avoid timer
git-svn-id: file:///home/svn/framework3/trunk@7905 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-17 06:02:34 +00:00
Joshua Drake 5ef4545a1b fd.read -> fd.read(fd.stat.size)
git-svn-id: file:///home/svn/framework3/trunk@7903 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-17 05:22:40 +00:00
Joshua Drake 026924c9b6 fixed sync issues between browser/fileformat modules
git-svn-id: file:///home/svn/framework3/trunk@7902 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-17 05:19:30 +00:00
Joshua Drake 2baa4a1efa port changes from Lurene to browser version
git-svn-id: file:///home/svn/framework3/trunk@7901 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-17 05:16:35 +00:00
Joshua Drake aef9a5c7b2 re-commit of changes from r7892
git-svn-id: file:///home/svn/framework3/trunk@7900 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-17 05:11:45 +00:00
Joshua Drake b37c34579b add exploit module for cve-2009-3869
NOTE: no policy change is required for this exploit to succeed.



git-svn-id: file:///home/svn/framework3/trunk@7899 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-17 04:52:40 +00:00
HD Moore d0a37bd506 Fix tab indentations
git-svn-id: file:///home/svn/framework3/trunk@7898 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-17 04:00:00 +00:00
pusscat 0fa275b53b Cleanups
Allow arbitrary (non-unicode) targets




git-svn-id: file:///home/svn/framework3/trunk@7895 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-16 21:44:18 +00:00
Joshua Drake e563e91d35 added browser versions of yesterdays adobe pdf exploits from jabra
git-svn-id: file:///home/svn/framework3/trunk@7894 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-16 20:37:57 +00:00
Joshua Drake 9a6839e412 add exploit module for cve-2009-2459
git-svn-id: file:///home/svn/framework3/trunk@7893 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-16 03:32:44 +00:00
Joshua Drake 82dc3eb3bf added reference, couple of test results
git-svn-id: file:///home/svn/framework3/trunk@7892 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-16 00:14:47 +00:00
Joshua Drake 191e98dc54 changed module name
git-svn-id: file:///home/svn/framework3/trunk@7890 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 23:17:24 +00:00
Joshua Drake 1875e86f7a remove executable bit
git-svn-id: file:///home/svn/framework3/trunk@7889 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 23:14:15 +00:00
Joshua Drake d9aca586a2 tested against 9.1.0
git-svn-id: file:///home/svn/framework3/trunk@7888 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 23:12:08 +00:00
James Lee 115899d24d add minver and maxver. slightly tricky because the vuln affects moz 1.7 and ff 1.0
git-svn-id: file:///home/svn/framework3/trunk@7886 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 21:54:24 +00:00
James Lee 008c72e255 add proper version
git-svn-id: file:///home/svn/framework3/trunk@7885 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 21:49:32 +00:00
Joshua Drake 2070bd4756 took notes on targets from various other exploits
git-svn-id: file:///home/svn/framework3/trunk@7884 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 20:37:34 +00:00
Joshua Drake 56c2d32b1e typo fix
git-svn-id: file:///home/svn/framework3/trunk@7883 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 20:37:15 +00:00
Steve Tornio 3677711cb0 adding OSVDB ref
git-svn-id: file:///home/svn/framework3/trunk@7882 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 20:34:01 +00:00
Joshua Drake 7b34f7b0f2 add exploit module for cve-2009-4324
git-svn-id: file:///home/svn/framework3/trunk@7881 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 20:15:08 +00:00
James Lee 2570fcee15 get rid of some more ^Ms
git-svn-id: file:///home/svn/framework3/trunk@7880 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 18:47:29 +00:00
James Lee 48c3709a25 correct maxver
git-svn-id: file:///home/svn/framework3/trunk@7879 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 18:46:53 +00:00
James Lee 196ee82179 bye-bye crlf
git-svn-id: file:///home/svn/framework3/trunk@7878 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 18:13:27 +00:00
Joshua Drake f3a0bbc6d6 rename to make a bit more sense
git-svn-id: file:///home/svn/framework3/trunk@7875 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 06:05:30 +00:00
Joshua Drake 2c88e2eb62 rename to make a bit more sense
git-svn-id: file:///home/svn/framework3/trunk@7874 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 05:41:29 +00:00
Joshua Drake d81c581f21 oops, remove hard coded payload
git-svn-id: file:///home/svn/framework3/trunk@7873 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 05:32:52 +00:00
Joshua Drake 4c1034ad7f add exploit module for cve-2006-2502
git-svn-id: file:///home/svn/framework3/trunk@7871 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 04:41:31 +00:00
Joshua Drake d5eb4d8217 add svn:keywords property
git-svn-id: file:///home/svn/framework3/trunk@7869 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 02:08:43 +00:00
Joshua Drake 8a95baa810 add exploit module for cve-2008-1697 from bannedit/muts
git-svn-id: file:///home/svn/framework3/trunk@7868 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 00:32:42 +00:00
Joshua Drake 1813a0fb9a updated technique
git-svn-id: file:///home/svn/framework3/trunk@7867 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-15 00:32:07 +00:00
James Lee 0cf566c0b9 fixes 688. better return address for greater reliability, works against FF-1.0.4 and Moz-1.7.1 on XPSP3 and 2kAS-SP0
git-svn-id: file:///home/svn/framework3/trunk@7865 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 23:27:28 +00:00
Mario Ceballos c799df8559 target is no good. offsets change on different installs.
git-svn-id: file:///home/svn/framework3/trunk@7864 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 23:07:21 +00:00
Joshua Drake 88b9ee18af clarified some version info
git-svn-id: file:///home/svn/framework3/trunk@7863 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 23:01:34 +00:00
Joshua Drake c831cda3f5 milworm/exploitdb 9277 only covers m3u and mpf, not pls
git-svn-id: file:///home/svn/framework3/trunk@7862 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 22:59:32 +00:00
Joshua Drake 8317b69aca corrected disclosure date
git-svn-id: file:///home/svn/framework3/trunk@7860 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 22:44:37 +00:00
Joshua Drake 2524840348 renamed, new targets, now using seh...
git-svn-id: file:///home/svn/framework3/trunk@7859 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 22:40:56 +00:00
Steve Tornio 1dc2c41837 added OSVDB and exploit-db refs
git-svn-id: file:///home/svn/framework3/trunk@7858 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 22:29:10 +00:00
Joshua Drake 4d645796af add exploit module from dookie
git-svn-id: file:///home/svn/framework3/trunk@7856 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 21:27:43 +00:00
HD Moore 837c70715d Reference updates from Steve Tornio
git-svn-id: file:///home/svn/framework3/trunk@7854 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 20:09:46 +00:00
Joshua Drake ef0d86720a updated description, added xp sp2+sp3 target, see #687
git-svn-id: file:///home/svn/framework3/trunk@7853 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 19:04:40 +00:00
HD Moore 0efbe3baf9 Remove the debug print
git-svn-id: file:///home/svn/framework3/trunk@7852 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 18:56:19 +00:00
HD Moore 97757c37a0 Adds an exploit module for the zabbix agent command execution flaw (no cve/bid/osvdb)
git-svn-id: file:///home/svn/framework3/trunk@7851 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 18:24:24 +00:00
HD Moore e02f62e3aa Switch to a return address that also works on SP0
git-svn-id: file:///home/svn/framework3/trunk@7849 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 17:14:08 +00:00
Joshua Drake f1a975a14e fix typo, remove automatic target
git-svn-id: file:///home/svn/framework3/trunk@7834 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-12 21:44:04 +00:00
Mario Ceballos ea0a1eea7d add ranking...
git-svn-id: file:///home/svn/framework3/trunk@7833 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-12 20:14:24 +00:00
Mario Ceballos 002b043d4c added exploit module hp_nnm_snmp.rb
git-svn-id: file:///home/svn/framework3/trunk@7832 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-12 20:06:14 +00:00
Joshua Drake 5f65d6bb32 properly commit references from Steve Tornio :)
git-svn-id: file:///home/svn/framework3/trunk@7828 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-11 21:24:18 +00:00
Joshua Drake 34408c5e3e add exploit module for CVE-2009-3867 (JRE getSoundbank)
git-svn-id: file:///home/svn/framework3/trunk@7827 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-11 21:18:31 +00:00
Joshua Drake 740fd67b74 add OSVDB reference from Steven Tornio
git-svn-id: file:///home/svn/framework3/trunk@7826 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-11 20:41:37 +00:00
Mario Ceballos 3ac51c7396 added exploit module symantec_altirisdeployment_runcmd.rb.
git-svn-id: file:///home/svn/framework3/trunk@7821 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-11 02:36:01 +00:00
Joshua Drake 95f9c1dacf note file version
git-svn-id: file:///home/svn/framework3/trunk@7820 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-10 23:23:16 +00:00
Joshua Drake dea639229b rank exploit
git-svn-id: file:///home/svn/framework3/trunk@7819 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-10 23:20:36 +00:00
Joshua Drake 18f96c3395 add exploit module for xenorate bof
git-svn-id: file:///home/svn/framework3/trunk@7818 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-10 23:19:44 +00:00
Joshua Drake fc8a2b2a2e add exploit module for audio workstation from dookie
git-svn-id: file:///home/svn/framework3/trunk@7814 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-10 20:46:53 +00:00
Joshua Drake fb1a8a8283 add exploit module for audio workstation from dookie
git-svn-id: file:///home/svn/framework3/trunk@7813 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-10 20:46:34 +00:00
Joshua Drake e724ceaf33 add exploit for gAlan from loneferret
git-svn-id: file:///home/svn/framework3/trunk@7812 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-10 20:41:40 +00:00
Joshua Drake 076c8d92ea clarification
git-svn-id: file:///home/svn/framework3/trunk@7811 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-10 20:31:34 +00:00
Joshua Drake 9eb6063448 hopefully an improvement in reliability
git-svn-id: file:///home/svn/framework3/trunk@7810 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-10 20:28:32 +00:00
Joshua Drake 21cbb87fac fixup whitespace
git-svn-id: file:///home/svn/framework3/trunk@7804 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-10 18:07:16 +00:00
Joshua Drake d8a4926a22 add framework tag comments to top
git-svn-id: file:///home/svn/framework3/trunk@7803 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-10 17:35:40 +00:00
Joshua Drake 11bbbbd38f add exploit module for cve-2009-3837 from dookie
git-svn-id: file:///home/svn/framework3/trunk@7802 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-10 17:34:58 +00:00
Joshua Drake 6c98f3c03d add exploit module for cve-2009-1394
git-svn-id: file:///home/svn/framework3/trunk@7797 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-10 08:24:37 +00:00
Joshua Drake 4cb050010b add exploitability detection (by trying %n)
git-svn-id: file:///home/svn/framework3/trunk@7791 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-09 23:53:26 +00:00
Joshua Drake 215879334a minor tweaks to targets
git-svn-id: file:///home/svn/framework3/trunk@7788 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-09 23:19:19 +00:00
Joshua Drake d56daab7d8 little comment heh
git-svn-id: file:///home/svn/framework3/trunk@7784 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-09 22:27:11 +00:00
Joshua Drake 164dd4201a updated badchars, rh6.2 target, added %8x detection check
git-svn-id: file:///home/svn/framework3/trunk@7782 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-09 21:51:46 +00:00
HD Moore 4fcdceccb7 No ruby access on the common target
git-svn-id: file:///home/svn/framework3/trunk@7776 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-09 15:13:35 +00:00
HD Moore 3c08bc0c80 Rename and reference update from the microsoft patch
git-svn-id: file:///home/svn/framework3/trunk@7775 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-09 15:06:26 +00:00
HD Moore 8a784339c4 Remove a debug print
git-svn-id: file:///home/svn/framework3/trunk@7774 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-09 14:00:21 +00:00
HD Moore ba1b032207 Adds coverage for the QTSS metachar injection bug
git-svn-id: file:///home/svn/framework3/trunk@7772 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-09 13:23:59 +00:00
Joshua Drake 88de26e46c re-enable pdf obfuscation
git-svn-id: file:///home/svn/framework3/trunk@7771 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-09 06:19:32 +00:00
Joshua Drake e2f70c8928 detect fmt str specifier capabilities, rework stack dumping
git-svn-id: file:///home/svn/framework3/trunk@7769 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-09 02:19:07 +00:00
Joshua Drake 1fec10cb44 finish and test target for redhat 6.2
git-svn-id: file:///home/svn/framework3/trunk@7765 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-08 23:52:11 +00:00
Joshua Drake 4bcc8a93a3 attempt to improve reliability of u3d pdf exploits
git-svn-id: file:///home/svn/framework3/trunk@7762 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-08 22:08:32 +00:00
Joshua Drake 87c85b5176 removed executable generation routines from Rex::Text (use Msf::Util::EXE), Fixes #660
git-svn-id: file:///home/svn/framework3/trunk@7760 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-08 21:24:45 +00:00
Joshua Drake 9b4f521df5 two more similar exploit modules, cleaned up naming
git-svn-id: file:///home/svn/framework3/trunk@7759 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-08 20:20:30 +00:00
Joshua Drake 9da59988a6 updated disclosure date
git-svn-id: file:///home/svn/framework3/trunk@7758 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-08 20:10:17 +00:00
Joshua Drake 5995ddca97 reduce ranking due to egghunter instability
git-svn-id: file:///home/svn/framework3/trunk@7757 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-08 19:53:11 +00:00
Joshua Drake cb5d02af20 remove debug code
git-svn-id: file:///home/svn/framework3/trunk@7756 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-08 19:52:15 +00:00
Joshua Drake 6ae2293a79 add exploit module for cve-2009-0133
git-svn-id: file:///home/svn/framework3/trunk@7755 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-08 19:50:21 +00:00
Joshua Drake bfa405cb2b add exploit module for cve-2009-0133
git-svn-id: file:///home/svn/framework3/trunk@7754 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-08 19:50:00 +00:00
Joshua Drake d86bfedc3e osvdb reference from Steve Tornio
git-svn-id: file:///home/svn/framework3/trunk@7752 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-08 16:29:53 +00:00
Joshua Drake 0961ce3523 add exploit module for cve-2009-3693
git-svn-id: file:///home/svn/framework3/trunk@7749 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-08 03:08:46 +00:00
Joshua Drake 2dfcd26370 oops, dupe of auxiliary/admin/symantec/cba_exec.rb
git-svn-id: file:///home/svn/framework3/trunk@7745 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-07 21:28:53 +00:00
Joshua Drake cb6fbe8894 add exploit module for cve-2009-1429
git-svn-id: file:///home/svn/framework3/trunk@7744 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-07 20:39:00 +00:00
Joshua Drake e04a491905 updated references
git-svn-id: file:///home/svn/framework3/trunk@7743 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-07 20:26:43 +00:00
Joshua Drake ce42156e38 minor tweaks
git-svn-id: file:///home/svn/framework3/trunk@7742 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-07 20:24:30 +00:00
Joshua Drake f6d491a996 add exploit module from dookie
git-svn-id: file:///home/svn/framework3/trunk@7741 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-07 20:24:12 +00:00
Joshua Drake 90342d0fa0 add exploit module from dookie
git-svn-id: file:///home/svn/framework3/trunk@7740 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-07 20:21:25 +00:00
Joshua Drake ff83f1cd2f add ranking to every exploit module, pfew!
git-svn-id: file:///home/svn/framework3/trunk@7724 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-06 05:50:37 +00:00
Joshua Drake 2cf9c3ce2b revision fixups
git-svn-id: file:///home/svn/framework3/trunk@7723 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-06 05:16:11 +00:00
Joshua Drake 17249f29d3 cve roulette also cve-2009-4054
git-svn-id: file:///home/svn/framework3/trunk@7722 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-06 05:00:06 +00:00
Joshua Drake 619f82a420 ugh, rh6.1 isn't vulnerable either
git-svn-id: file:///home/svn/framework3/trunk@7720 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-06 03:42:37 +00:00
Joshua Drake 576d55f821 added some missing CVE references
git-svn-id: file:///home/svn/framework3/trunk@7719 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-06 02:30:42 +00:00
Joshua Drake d93be3e873 typo in description
git-svn-id: file:///home/svn/framework3/trunk@7702 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-04 18:46:45 +00:00
Joshua Drake 5c271db9b5 add OSVDB reference from Steve Tornio
git-svn-id: file:///home/svn/framework3/trunk@7695 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-04 15:52:20 +00:00
Joshua Drake e8e98b9be6 add exploit module for cve-2000-0573
git-svn-id: file:///home/svn/framework3/trunk@7693 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-04 07:50:53 +00:00
Mario Ceballos 80422f24c4 added exploit module ca_arcserve_342.rb
git-svn-id: file:///home/svn/framework3/trunk@7690 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-04 02:55:00 +00:00
HD Moore 9ebcd40a4e Updated references to work better with NeXpose integration
git-svn-id: file:///home/svn/framework3/trunk@7683 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-03 15:27:29 +00:00
James Lee 8e0eef03c6 see #594. remove some extraneous junk, don't run the shell in a terminal (it dies immediately). space is the only badchar. still doesn't actually work without a modification to encoder/cmd/generic_sh.
git-svn-id: file:///home/svn/framework3/trunk@7680 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-03 09:09:56 +00:00
Joshua Drake b8302e6f61 changed default target
git-svn-id: file:///home/svn/framework3/trunk@7675 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-03 00:04:33 +00:00
Joshua Drake b9a97f310e fixed typo in targets
git-svn-id: file:///home/svn/framework3/trunk@7674 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-02 23:50:09 +00:00
Joshua Drake 267ed23223 this exploits an ssh server, moving to ssh dir
git-svn-id: file:///home/svn/framework3/trunk@7673 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-02 22:31:13 +00:00
Joshua Drake dcc05c7494 typo fix
git-svn-id: file:///home/svn/framework3/trunk@7672 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-02 21:06:36 +00:00
Mario Ceballos faa27f93b9 updated with the bid id
git-svn-id: file:///home/svn/framework3/trunk@7669 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-02 12:20:40 +00:00
Joshua Drake b48e5d34e7 added svn keywords
git-svn-id: file:///home/svn/framework3/trunk@7660 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-01 20:36:55 +00:00
HD Moore b0403cfde2 OSVDB references from Steve Tornio
git-svn-id: file:///home/svn/framework3/trunk@7658 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-01 16:44:25 +00:00
Joshua Drake 38d04631e6 recorded some additional test results
git-svn-id: file:///home/svn/framework3/trunk@7657 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-01 16:42:58 +00:00
Joshua Drake ec45ea8c22 minor cleanups, removed 0day text, Fixes #573
git-svn-id: file:///home/svn/framework3/trunk@7646 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-30 18:42:00 +00:00
Mario Ceballos 09cb98678f added exploit module intersystems_cache.rb
git-svn-id: file:///home/svn/framework3/trunk@7631 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-28 15:26:21 +00:00
Joshua Drake f845a7db54 dissected most of the u3d data
git-svn-id: file:///home/svn/framework3/trunk@7628 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-26 07:26:08 +00:00
Joshua Drake 623f3b88ec minor cleanups, fixed u3d_pad function
git-svn-id: file:///home/svn/framework3/trunk@7626 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-26 06:21:39 +00:00
Joshua Drake 8e8a52fe26 removed meta data, randomized mesh name
git-svn-id: file:///home/svn/framework3/trunk@7624 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-26 04:42:42 +00:00
Joshua Drake dd713f96de broke up u3d data a bit, first pass
git-svn-id: file:///home/svn/framework3/trunk@7619 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-26 00:34:22 +00:00
Joshua Drake f88dee904a add exploit module for cve-2009-2994
git-svn-id: file:///home/svn/framework3/trunk@7617 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-25 22:24:10 +00:00
HD Moore 927563c135 Correct some assumptions about client-side exploit signature development, remove the prepend since we dont use .net anymore
git-svn-id: file:///home/svn/framework3/trunk@7616 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-25 21:18:26 +00:00
Joshua Drake e3a1a7958e cleaned up the descriptions
git-svn-id: file:///home/svn/framework3/trunk@7615 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-25 20:05:18 +00:00
Joshua Drake a4dd52543c removed .net dll bypass, recorded some crash addresses
git-svn-id: file:///home/svn/framework3/trunk@7614 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-25 19:39:15 +00:00
James Lee 00eaff0550 stupid ruby string differences
git-svn-id: file:///home/svn/framework3/trunk@7611 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-25 17:16:45 +00:00
HD Moore 0c19f50718 Fix broken .NET method
git-svn-id: file:///home/svn/framework3/trunk@7610 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-25 17:11:38 +00:00
Joshua Drake f733856974 add exploit module for cve-2009-3762
git-svn-id: file:///home/svn/framework3/trunk@7609 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-25 07:25:04 +00:00
James Lee f516edacfb only works on ie7
git-svn-id: file:///home/svn/framework3/trunk@7603 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-25 02:14:40 +00:00
James Lee 07543fd526 fix potential hang when server doesn't respond
git-svn-id: file:///home/svn/framework3/trunk@7602 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-25 02:01:27 +00:00
James Lee c45c15cd29 add autopwn info
git-svn-id: file:///home/svn/framework3/trunk@7599 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-24 23:50:08 +00:00
Joshua Drake 3bca7d14c4 payload compatability: no findsock allowed
git-svn-id: file:///home/svn/framework3/trunk@7597 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-24 19:35:05 +00:00
Patrick Webster 796e8cdfc3 Ported hdm's exchange2000_xexch50 module to version 3.
git-svn-id: file:///home/svn/framework3/trunk@7592 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-24 07:11:12 +00:00
James Lee 99319d2a55 don't unintentionally create a UNC path. see #558
git-svn-id: file:///home/svn/framework3/trunk@7591 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-24 06:23:03 +00:00
James Lee 4a912e7c0c don't inadvertantly create a UNC path. see #558
git-svn-id: file:///home/svn/framework3/trunk@7590 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-24 06:02:21 +00:00
James Lee 7490e4c4a8 use an absolute uri to the evil gif. fixes #558. we probably ought to have a method for doing this since it seems to be a fairly common problem.
git-svn-id: file:///home/svn/framework3/trunk@7589 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-24 05:44:21 +00:00
Patrick Webster f2d998d514 Added check support.
git-svn-id: file:///home/svn/framework3/trunk@7585 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-23 07:37:54 +00:00
Joshua Drake 3bcc51e155 added exloit module for cve-2009-2990
git-svn-id: file:///home/svn/framework3/trunk@7580 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-22 01:15:13 +00:00
Joshua Drake 008fbedf93 created multi-platform fileformat dir
git-svn-id: file:///home/svn/framework3/trunk@7579 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-22 01:14:52 +00:00
Joshua Drake 5dbd32cd98 added japanese target from TomokiSanaki
git-svn-id: file:///home/svn/framework3/trunk@7578 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-22 01:09:59 +00:00
Joshua Drake b9939a836f fixed PDF header (oops)
git-svn-id: file:///home/svn/framework3/trunk@7577 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-22 01:01:11 +00:00
Joshua Drake b54a7aa1d3 confirmed SEH target works on Windows XP SP3
git-svn-id: file:///home/svn/framework3/trunk@7576 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-21 17:44:09 +00:00
Joshua Drake e5796f5b3b changed address to 0x0a0a0a0a
tested against various reader versions
removed pdf version randomization



git-svn-id: file:///home/svn/framework3/trunk@7570 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-19 05:56:03 +00:00
Joshua Drake f767129e61 fixed some typos, thx mubix!
git-svn-id: file:///home/svn/framework3/trunk@7569 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-19 03:36:02 +00:00
Joshua Drake 106350ac97 Stop randomizing the module version, it breaks Acrobat 9
git-svn-id: file:///home/svn/framework3/trunk@7568 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-18 17:39:37 +00:00
Joshua Drake 5bbbafefa2 osvdb reference update from Steve Tornio
git-svn-id: file:///home/svn/framework3/trunk@7565 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-18 04:16:10 +00:00
Joshua Drake c2bcad1f4c add exploit http version
git-svn-id: file:///home/svn/framework3/trunk@7563 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-18 02:29:37 +00:00
Joshua Drake 82706981de dynamically get ip address length
git-svn-id: file:///home/svn/framework3/trunk@7561 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-18 00:49:20 +00:00
Joshua Drake 31e9d9929c add exploit module for another 0day
git-svn-id: file:///home/svn/framework3/trunk@7560 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-17 23:54:26 +00:00
Joshua Drake 447e208abf add httpdx handlepeer() exploit (cve-2009-3711)
git-svn-id: file:///home/svn/framework3/trunk@7557 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-17 22:29:20 +00:00
HD Moore 61e233df91 Keywords on all modules, plugins, and scripts
git-svn-id: file:///home/svn/framework3/trunk@7550 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-17 00:05:19 +00:00
James Lee 10e897b94f make sure we got a response before trying to pull headers out of it. see #519
git-svn-id: file:///home/svn/framework3/trunk@7541 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-16 19:00:16 +00:00
James Lee 9f134512c2 give up if we can't get the password hash. see #519
git-svn-id: file:///home/svn/framework3/trunk@7539 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-16 18:51:51 +00:00
James Lee dd323e2a7b don't try to run methods on an object we just confirmed was nil
git-svn-id: file:///home/svn/framework3/trunk@7538 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-16 18:48:34 +00:00
James Lee b4d04ab22d fix 1.9 str[idx] error; see #519
git-svn-id: file:///home/svn/framework3/trunk@7534 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-16 18:28:34 +00:00
Joshua Drake 4edc6d942c updated awingsoft web3d bof module from trancer
git-svn-id: file:///home/svn/framework3/trunk@7533 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-16 16:51:52 +00:00
James Lee 94729103b4 added osvdb ref and keywords
git-svn-id: file:///home/svn/framework3/trunk@7532 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-16 16:18:51 +00:00
HD Moore bd28e044f0 Handle instances where the pipe does not exist gracefully
git-svn-id: file:///home/svn/framework3/trunk@7531 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-16 15:20:50 +00:00
James Lee 7fb9c4a791 add coverage for cve-2009-1151
git-svn-id: file:///home/svn/framework3/trunk@7528 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-16 08:42:32 +00:00
James Lee 53640065da license
git-svn-id: file:///home/svn/framework3/trunk@7522 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-15 19:53:03 +00:00
Joshua Drake 04725e70cc reference updates from Steve Tornio
git-svn-id: file:///home/svn/framework3/trunk@7521 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-15 16:03:01 +00:00
Mario Ceballos 4c23734e72 added exploit module oracle_dc_submittoexpress.rb
git-svn-id: file:///home/svn/framework3/trunk@7520 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-15 01:01:21 +00:00
Joshua Drake 7573994152 add exploit module for another winds3d 0day
git-svn-id: file:///home/svn/framework3/trunk@7518 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-14 22:26:08 +00:00
Joshua Drake 240a8444b0 Fixed some license problems
git-svn-id: file:///home/svn/framework3/trunk@7515 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-14 18:09:05 +00:00
Mario Ceballos bbfc195735 added patch from Steve Tornio.
git-svn-id: file:///home/svn/framework3/trunk@7514 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-14 13:26:27 +00:00
Joshua Drake 8d382ef487 oops -- removed CVE/BID/OSVDB references
git-svn-id: file:///home/svn/framework3/trunk@7512 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-14 04:46:21 +00:00
Joshua Drake 74269325db added CVE/BID/OSVDB references
git-svn-id: file:///home/svn/framework3/trunk@7511 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-14 04:42:02 +00:00
Joshua Drake f86eca488a minor fixup in email addr
git-svn-id: file:///home/svn/framework3/trunk@7510 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-14 04:39:00 +00:00
Joshua Drake 9381abf41a swap L to V for packing
git-svn-id: file:///home/svn/framework3/trunk@7509 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-14 04:38:03 +00:00
Joshua Drake 70cf288b99 added trancer's exploit for cve-2009-2386
git-svn-id: file:///home/svn/framework3/trunk@7508 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-14 04:36:20 +00:00
Joshua Drake e98036bc9c oops, forgot to remove debugging cruft
git-svn-id: file:///home/svn/framework3/trunk@7507 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-14 04:33:42 +00:00
HD Moore 8b9238e33b Cosmetic/reference cleanups.
git-svn-id: file:///home/svn/framework3/trunk@7506 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-14 04:31:00 +00:00
Joshua Drake cc41639170 add exploit for cve-2009-2485
git-svn-id: file:///home/svn/framework3/trunk@7505 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-14 02:37:18 +00:00
James Lee d90b932383 add a bit more entropy
git-svn-id: file:///home/svn/framework3/trunk@7504 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-14 02:09:32 +00:00
James Lee 38c0a3bd1b 302 is not the same as 200...
git-svn-id: file:///home/svn/framework3/trunk@7503 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-14 02:03:16 +00:00
James Lee d2451547d6 add exploit module for osCommerce file upload
git-svn-id: file:///home/svn/framework3/trunk@7502 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-14 01:56:21 +00:00
Joshua Drake cd11c784e0 added CVE references
git-svn-id: file:///home/svn/framework3/trunk@7499 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-13 22:54:10 +00:00
Joshua Drake da6fa072f2 add module for cve-2008-0492
git-svn-id: file:///home/svn/framework3/trunk@7490 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-13 18:09:50 +00:00
Joshua Drake 7758ebfda4 uniquified name
git-svn-id: file:///home/svn/framework3/trunk@7488 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-13 00:22:14 +00:00
Joshua Drake 61f2c0b195 uniqified name
git-svn-id: file:///home/svn/framework3/trunk@7487 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-13 00:21:54 +00:00
Joshua Drake 2e4f5734ea fixed typo
git-svn-id: file:///home/svn/framework3/trunk@7486 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-13 00:21:09 +00:00
James Lee 41604957fa fix no compatible payloads due to misplaced compat options
git-svn-id: file:///home/svn/framework3/trunk@7483 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-12 20:36:23 +00:00
HD Moore 0d8eaa9190 Fix up a typo in the ddwrt exploit
git-svn-id: file:///home/svn/framework3/trunk@7481 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-12 16:13:51 +00:00
Joshua Drake c9f6e32c70 optimization for extra stack data
git-svn-id: file:///home/svn/framework3/trunk@7463 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-11 01:01:53 +00:00
Joshua Drake 92408fbed4 added patch, finder, and pub exploit refs
git-svn-id: file:///home/svn/framework3/trunk@7457 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-10 23:52:07 +00:00
Joshua Drake 9edcda6862 updated badchars/encoder, increased bytes to end of stack, ppr had badchar in it
git-svn-id: file:///home/svn/framework3/trunk@7456 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-10 23:36:54 +00:00
Joshua Drake e812a2317c added exploit for cve-2009-0184
git-svn-id: file:///home/svn/framework3/trunk@7455 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-10 21:52:17 +00:00
HD Moore 6deb2fe58e windows 2000 target via anonymous submission
git-svn-id: file:///home/svn/framework3/trunk@7454 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-10 20:03:57 +00:00
Joshua Drake 434ee654b4 minor tweaks
git-svn-id: file:///home/svn/framework3/trunk@7429 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-09 19:31:11 +00:00
Joshua Drake 55c32f8bb1 miscellanous cleanups and minimized
git-svn-id: file:///home/svn/framework3/trunk@7421 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-09 05:55:50 +00:00
Joshua Drake 0e2c8f4894 StackAdjustment or Prepend, not both :)
git-svn-id: file:///home/svn/framework3/trunk@7418 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-09 04:31:02 +00:00
Joshua Drake b07d997787 initial commit, randomization to come
git-svn-id: file:///home/svn/framework3/trunk@7417 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-09 04:27:30 +00:00
et 5a460d451c Ugly mixin
git-svn-id: file:///home/svn/framework3/trunk@7401 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-07 22:17:42 +00:00
et 7b832b9d3e Wmap checking for vulnerabilities and launching exploits
git-svn-id: file:///home/svn/framework3/trunk@7399 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-07 21:55:33 +00:00
Mario Ceballos 95694ddd97 updated module targets from Brett Gervasoni.
git-svn-id: file:///home/svn/framework3/trunk@7398 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-07 13:18:03 +00:00
HD Moore 1d5f1e5f69 Fixes #472. This module still needs alot of work, but this solves this particular bug. Caused by unsetting the variable
git-svn-id: file:///home/svn/framework3/trunk@7396 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-06 21:16:56 +00:00
Mario Ceballos c3dd1698fc added exploit module hp_power_manager_login.rb
git-svn-id: file:///home/svn/framework3/trunk@7371 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-06 01:31:17 +00:00
Mario Ceballos 0c12d36cad added patch from Steve Tornio.
git-svn-id: file:///home/svn/framework3/trunk@7365 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-05 12:09:58 +00:00
Mario Ceballos 3da8b7b7f6 added exploit module safenet_softremote_groupname.rb
git-svn-id: file:///home/svn/framework3/trunk@7358 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-04 23:10:50 +00:00
James Lee 70b2d06c86 speed up content creation, string concat sucks
git-svn-id: file:///home/svn/framework3/trunk@7356 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-04 19:06:01 +00:00
James Lee c675cfb1cf Fix 1.9.1 issues, make the vbs smaller (down to about 4MB from almost 10)
git-svn-id: file:///home/svn/framework3/trunk@7355 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-04 18:55:32 +00:00
James Lee 68564f9d5e modules should not handle exceptions like this. if you're just going to print a backtrace, let the dispatcher deal with it so we can get logs
git-svn-id: file:///home/svn/framework3/trunk@7353 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-04 17:04:01 +00:00
HD Moore 9e654c51f2 Revive
git-svn-id: file:///home/svn/framework3/trunk@7348 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-04 04:04:39 +00:00
HD Moore 4b53b1d378 Purge
git-svn-id: file:///home/svn/framework3/trunk@7347 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-04 04:04:17 +00:00
HD Moore 98d9d66905 Replaced with encoded shiny bits
git-svn-id: file:///home/svn/framework3/trunk@7346 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-04 03:56:12 +00:00
HD Moore 0a52c98e03 Purging this module due to lame AV sigs, re-adding in a sillier form
git-svn-id: file:///home/svn/framework3/trunk@7345 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-04 03:50:31 +00:00
HD Moore 84ebdfa7eb Move the mercantec check to the exploit code from autofilter
git-svn-id: file:///home/svn/framework3/trunk@7333 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-03 17:02:03 +00:00
Mario Ceballos aef3817db9 added patch from steve tornio.
git-svn-id: file:///home/svn/framework3/trunk@7331 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-03 12:02:54 +00:00
Mario Ceballos b62dc9705e remove some debugging.
git-svn-id: file:///home/svn/framework3/trunk@7329 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-02 21:21:50 +00:00
Mario Ceballos 73bd4f7de2 added exploit module symantec_consoleutilities_browseandsavefile.rb from Nikolas Sotiriu.
git-svn-id: file:///home/svn/framework3/trunk@7328 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-02 21:02:45 +00:00
HD Moore ac14e84eb6 See #434. Fixes up the last of the modules using the wrong Timeout exception class
git-svn-id: file:///home/svn/framework3/trunk@7326 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-02 18:22:50 +00:00
HD Moore c0758f7bc6 Do not randomize the PDF version (breaks Acrobat 9x)
git-svn-id: file:///home/svn/framework3/trunk@7318 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-02 14:41:59 +00:00
HD Moore 4f3128c061 Stop randomizing the module version, it breaks Acrobat 9
git-svn-id: file:///home/svn/framework3/trunk@7303 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-29 04:09:07 +00:00
et 20be000d47 Wmap able to load exploits and check for vulnerabilities. Next step exploit if vulnerable
git-svn-id: file:///home/svn/framework3/trunk@7302 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-29 03:16:27 +00:00
HD Moore a41b1db7de Autofilter based on existence of the softcart cgi
git-svn-id: file:///home/svn/framework3/trunk@7297 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-28 18:02:37 +00:00
HD Moore aa09862813 Fixes #401. Ends up Windows NT doesn't like DCERPC requests to be partially written by SMB writes, this patches the min write size to be at least as big as the DCERPC request. The DCERPC::max_frag_size parameter can still be used for more evasion.
[*] Started reverse handler
[*] Detected a Windows NT 4.0 target
[*] Adjusting the SMB/DCERPC parameters for Windows NT
[*] Binding to 4b324fc8-1670-01d3-1278-5a47bf6ee188:3.0@ncacn_np:192.168.0.128[\BROWSER] ...
[*] Bound to 4b324fc8-1670-01d3-1278-5a47bf6ee188:3.0@ncacn_np:192.168.0.128[\BROWSER] ...
[*] Building the stub data...
[*] Calling the vulnerable function...
[*] Sending stage (719360 bytes)
[*] Meterpreter session 1 opened (192.168.0.136:4444 -> 192.168.0.128:1485)

meterpreter > sysinfo
Computer: VMNT4
OS      : Windows NT 4.0 (Build 1381, Service Pack 6).
Arch    : x86
Language: en_US



git-svn-id: file:///home/svn/framework3/trunk@7296 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-28 16:37:18 +00:00
HD Moore bffb98ba9f Add XP SP3 target for WarFTPD.
git-svn-id: file:///home/svn/framework3/trunk@7295 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-28 10:29:41 +00:00
HD Moore 5eed9deb2d Adds the joomla TinyMCE file upload exploit from spinbad.
git-svn-id: file:///home/svn/framework3/trunk@7283 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-26 20:00:39 +00:00
Mario Ceballos 131adc4c3a fixed cve reference number.
git-svn-id: file:///home/svn/framework3/trunk@7260 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-25 21:19:27 +00:00
HD Moore e3f68f2639 Another large number of warnings fixed by Yoann Guillot
git-svn-id: file:///home/svn/framework3/trunk@7248 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-25 17:18:23 +00:00
HD Moore b38a74c961 Another mega-patch from Yoann Guillot: fixes warnings generated by method calls with a space betwee the method and the parans, corrects a problem with the alpha encoders that causes them to overwrite the allowed charset, hardcodes the metasm output size of some modules in order to reduce load time, more to come
git-svn-id: file:///home/svn/framework3/trunk@7246 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-25 16:40:19 +00:00
HD Moore a0fbc2914f Remove the milw0rm references, as the links are no longer valid.
git-svn-id: file:///home/svn/framework3/trunk@7237 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-24 18:13:07 +00:00
HD Moore b53a596ff0 Merge in David Kennedy's new MSSQL changes (centralized SQL query mixin)
git-svn-id: file:///home/svn/framework3/trunk@7236 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-23 19:15:32 +00:00
HD Moore 255379c2d0 Fixes #378. Still need to reorganize the modules and fix the lorcon2 mixin for 1.9.1
git-svn-id: file:///home/svn/framework3/trunk@7235 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-23 15:59:13 +00:00
kris 5c9b823c8b output typos, etc
git-svn-id: file:///home/svn/framework3/trunk@7212 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-20 17:49:10 +00:00
Mario Ceballos 2b85ceb4c1 added exploit modules base_qry_common.rb and mambo_cache_lite.rb
git-svn-id: file:///home/svn/framework3/trunk@7210 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-20 15:01:10 +00:00
Mario Ceballos bac233108f added exploit modules ms_visual_studio_msmask.rb and ms_visual_basic_vbp.rb
git-svn-id: file:///home/svn/framework3/trunk@7208 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-19 12:58:03 +00:00
HD Moore df414a4904 Add the 'sa' with blank password CVE and vulnerability references, since the default configuratino of the MSSQL mixin exploits just that.
git-svn-id: file:///home/svn/framework3/trunk@7201 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-18 22:05:19 +00:00
HD Moore 45280f85a5 Fix a looping issue with the new lyris module
git-svn-id: file:///home/svn/framework3/trunk@7199 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-18 21:51:45 +00:00
HD Moore 36fee594ba Adds coverage for the old Lyris ListManager predictable sa password flaw
git-svn-id: file:///home/svn/framework3/trunk@7198 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-18 21:46:29 +00:00
HD Moore 4ac27c9803 Consolidate common APIs into the mixin
git-svn-id: file:///home/svn/framework3/trunk@7195 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-18 20:58:01 +00:00
HD Moore 5ea99ac421 Remove from the db_autopwn set for now
git-svn-id: file:///home/svn/framework3/trunk@7183 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-18 09:31:17 +00:00
HD Moore d3aa513773 Fixes #339. Cleans up author names for the most part - there are still some stragglers, but this should fix up the frequent contributors
git-svn-id: file:///home/svn/framework3/trunk@7173 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-17 05:55:15 +00:00
Mario Ceballos 378b7f29d5 added exploit modules talkative_response.rb, blazedvd_plf.rb, vuplayer_cue.rb and vuplayer_m3u.rb
git-svn-id: file:///home/svn/framework3/trunk@7170 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-16 17:02:44 +00:00
Mario Ceballos 37fa36ed12 fix a typo.
git-svn-id: file:///home/svn/framework3/trunk@7169 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-16 16:51:16 +00:00
Mario Ceballos 7e1c769eef added exploit modules poppeeper_uidl.rb and poppeeper_date.rb
git-svn-id: file:///home/svn/framework3/trunk@7168 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-15 18:04:58 +00:00
Mario Ceballos 62dc4c74d7 added activepdf_webgrabber.rb, etrust_pestscan.rb, ea_checkrequirements.rb and mcafee_hercules_deletesnapshot.rb exploit modules.
git-svn-id: file:///home/svn/framework3/trunk@7167 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-15 15:22:16 +00:00
HD Moore c4bfae59aa Minor cleanups
git-svn-id: file:///home/svn/framework3/trunk@7163 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-15 01:44:00 +00:00
HD Moore 59676df4db Adds ReL1K's mssql_payload module
git-svn-id: file:///home/svn/framework3/trunk@7162 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-14 21:11:28 +00:00
Mario Ceballos aae4ac74c1 more adjusting of the cve entries.
git-svn-id: file:///home/svn/framework3/trunk@7157 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-14 12:56:13 +00:00
Mario Ceballos 8e365c17fa fixed the cve entrys.
git-svn-id: file:///home/svn/framework3/trunk@7156 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-14 11:45:14 +00:00
Mario Ceballos aee16a85ab fixed the cve entry.
git-svn-id: file:///home/svn/framework3/trunk@7155 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-14 11:28:50 +00:00
Mario Ceballos 63ad9ebf27 added exploit module aol_icq_downloadagent.rb
git-svn-id: file:///home/svn/framework3/trunk@7153 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-13 17:04:05 +00:00
HD Moore 5d9f3323e8 Last two reference updates from Steve Tornio
git-svn-id: file:///home/svn/framework3/trunk@7150 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-12 14:42:51 +00:00
HD Moore 26db223636 OSVDB reference update from Steve Tornio
git-svn-id: file:///home/svn/framework3/trunk@7149 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-12 14:39:51 +00:00
Mario Ceballos a8ccd1fe98 updated references with bid/cve.
git-svn-id: file:///home/svn/framework3/trunk@7148 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-12 12:39:15 +00:00
Mario Ceballos 5b6f16a0f9 added exploit modules athocgov_completeinstallation.rb and symantec_iao.rb
git-svn-id: file:///home/svn/framework3/trunk@7147 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-12 12:31:52 +00:00
Mario Ceballos 1cadfa4ea7 added exploit module amaya_bdo.rb from dookie.
git-svn-id: file:///home/svn/framework3/trunk@7136 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-10 21:51:25 +00:00
kris f21e3c8754 svn:keywords run
git-svn-id: file:///home/svn/framework3/trunk@7128 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-04 23:38:06 +00:00
Mario Ceballos 65e57f209a added exploit modules xlink_nfsd.rb, xlink_client.rb and xlink_server.rb
git-svn-id: file:///home/svn/framework3/trunk@7123 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-03 23:05:44 +00:00
HD Moore e23925ed27 Updated the path check to use the Rex method designed for this. Eventually we need to switch this to use zip/filesystem (under lib/)
git-svn-id: file:///home/svn/framework3/trunk@7104 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-01 13:28:38 +00:00
James Lee 6b8dcdced4 add a dependency check for the existence of the zip command. Thanks Donna Hawthorne for the bug report.
git-svn-id: file:///home/svn/framework3/trunk@7102 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-01 05:46:34 +00:00
Mario Ceballos 3dd0e972e0 added exploit module emc_appextender_keyworks.rb
git-svn-id: file:///home/svn/framework3/trunk@7101 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-01 02:13:16 +00:00
HD Moore 07efe98f6d Whitespace and svn properties set
git-svn-id: file:///home/svn/framework3/trunk@7087 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-28 10:54:07 +00:00
Stephen Fewer 360cdaab2e rename the smb2 module to something more specific.
git-svn-id: file:///home/svn/framework3/trunk@7086 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-28 10:23:28 +00:00
Stephen Fewer 50bd91688c Add coverage for the SMBv2 vuln.
git-svn-id: file:///home/svn/framework3/trunk@7085 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-28 08:12:30 +00:00
Mario Ceballos 9509872b4f fixed disclosure date and removed cmd residue.
git-svn-id: file:///home/svn/framework3/trunk@7079 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-28 00:24:18 +00:00
HD Moore a478c11df0 See #339
git-svn-id: file:///home/svn/framework3/trunk@7077 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-27 21:33:07 +00:00
HD Moore 5972666f63 See #339. Massive cleanup of author names, make them consistent across modules
git-svn-id: file:///home/svn/framework3/trunk@7075 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-27 21:30:45 +00:00
Stephen Fewer 53b0709a64 commit MC's patch to remove the unused 'req' string.
git-svn-id: file:///home/svn/framework3/trunk@7074 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-27 19:07:43 +00:00
Stephen Fewer c9efd2428c add MC's module for the Adobe RoboHelp server vuln.
git-svn-id: file:///home/svn/framework3/trunk@7072 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-27 18:38:48 +00:00
HD Moore af1ed06c1c Fixes #335. Merges change that fixes adobe_pdf_embedded_exe when HOMEPATH != C:\
git-svn-id: file:///home/svn/framework3/trunk@7069 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-27 15:02:59 +00:00
Mario Ceballos e715789e7c fix the option description.
git-svn-id: file:///home/svn/framework3/trunk@7065 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-26 12:01:51 +00:00
Mario Ceballos c4594f396f added auxiliary module timbuktu_udp.rb and exploit module timbuktu_fileupload.rb
git-svn-id: file:///home/svn/framework3/trunk@7062 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-26 00:04:00 +00:00
HD Moore 7d122ceb02 Fixes #269. Specifically wrap EOFError
git-svn-id: file:///home/svn/framework3/trunk@7045 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-20 19:49:03 +00:00
Patrick Webster b0c9e8b8e5 Added BigAnt 2.5 exploit module from Dr_IDE.
git-svn-id: file:///home/svn/framework3/trunk@7039 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-17 17:04:47 +00:00
James Lee 9ace8f33eb OSVDB references from Steve Tornio
git-svn-id: file:///home/svn/framework3/trunk@7030 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-12 04:22:58 +00:00
James Lee 85a4f1b9db add a simple check for the generic php exploits
git-svn-id: file:///home/svn/framework3/trunk@7025 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-10 05:24:03 +00:00
Mario Ceballos 13f5e1c2e5 added exploit module symantec_altirisdeployment_downloadandinstall.rb
git-svn-id: file:///home/svn/framework3/trunk@7023 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-09 22:30:01 +00:00
HD Moore 71d644e72e Fix the Payload->Space to match the new max size limit for the EXE generator. Thanks for catching it MC
git-svn-id: file:///home/svn/framework3/trunk@7022 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-09 21:23:11 +00:00
Patrick Webster 086d5daaba Try again :)
git-svn-id: file:///home/svn/framework3/trunk@7020 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-09 15:20:10 +00:00
Patrick Webster d1268286f0 Renamed to correct spelling based on the SAP service.
git-svn-id: file:///home/svn/framework3/trunk@7019 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-09 15:01:25 +00:00
Patrick Webster 63702412b0 Added exploit module sap_2005_licence from Jacopo Cervini.
git-svn-id: file:///home/svn/framework3/trunk@7018 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-09 14:59:34 +00:00
HD Moore eeefc4dd27 Fix a typo
git-svn-id: file:///home/svn/framework3/trunk@7015 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-09 02:06:46 +00:00
HD Moore 56b2ab3f63 Fix the Space and mistyped StackAdjustment in the metaphish merge
git-svn-id: file:///home/svn/framework3/trunk@7014 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-09 00:55:13 +00:00
Mario Ceballos c1aa1b5f22 updated targets list
git-svn-id: file:///home/svn/framework3/trunk@7006 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-05 14:54:22 +00:00
Mario Ceballos cf0f690e4d added exploit module safenet_ike_11.rb
git-svn-id: file:///home/svn/framework3/trunk@6996 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-02 22:04:35 +00:00
Stephen Fewer 1184f01742 Added Aki Immonen's target for Windows 2000 SP3, thanks Aki!
git-svn-id: file:///home/svn/framework3/trunk@6995 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-02 21:24:34 +00:00
HD Moore 41ab69c600 Updated return address from Stephen Fewer, should work for a wider range now
git-svn-id: file:///home/svn/framework3/trunk@6994 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-01 17:34:47 +00:00
HD Moore 251810685f Fix the target patch
git-svn-id: file:///home/svn/framework3/trunk@6993 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-01 17:22:43 +00:00
HD Moore ca22f6fa98 Updated patch and return address for better compatibility with more targets
git-svn-id: file:///home/svn/framework3/trunk@6992 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-01 16:38:52 +00:00
HD Moore 660ae9444b Adds coverage for Kingcope's new IIS FTP exploit, this is a direct port with minimal changes
git-svn-id: file:///home/svn/framework3/trunk@6991 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-01 15:01:57 +00:00
Patrick Webster ff317936db Added alcatel_omnipcx_mastercgi command execution module.
git-svn-id: file:///home/svn/framework3/trunk@6990 4d416f70-5f16-0410-b530-b9f4589650da
2009-09-01 03:43:16 +00:00
Patrick Webster 161406e0a9 Added exploit fileformat module Altap Salamander PDB.
git-svn-id: file:///home/svn/framework3/trunk@6988 4d416f70-5f16-0410-b530-b9f4589650da
2009-08-30 02:18:33 +00:00
Mario Ceballos 18ebd8f308 added exploit module ca_cab.rb
git-svn-id: file:///home/svn/framework3/trunk@6983 4d416f70-5f16-0410-b530-b9f4589650da
2009-08-27 23:26:31 +00:00
HD Moore ab6f955873 Remove the extra \ from the c:\ path to the cmd interpreter
git-svn-id: file:///home/svn/framework3/trunk@6981 4d416f70-5f16-0410-b530-b9f4589650da
2009-08-27 19:51:36 +00:00
HD Moore 882ae5b9dd Adds His0k4's ProFTP 2.9 FTP Client server banner overflow module
git-svn-id: file:///home/svn/framework3/trunk@6975 4d416f70-5f16-0410-b530-b9f4589650da
2009-08-25 16:18:53 +00:00
Mario Ceballos b39742446a patch added for the payload selection. thanks rmkml.
git-svn-id: file:///home/svn/framework3/trunk@6971 4d416f70-5f16-0410-b530-b9f4589650da
2009-08-23 12:40:23 +00:00
HD Moore fd0f4ef65b Exploit from Kevin F. for CVE-2009-0695, a remote cmd execution flaw in the Wyse thin client platform.
git-svn-id: file:///home/svn/framework3/trunk@6968 4d416f70-5f16-0410-b530-b9f4589650da
2009-08-19 18:06:03 +00:00
HD Moore 474ba8860f Merges in Colin's PDF infection code from Black Hat / Defcon
git-svn-id: file:///home/svn/framework3/trunk@6966 4d416f70-5f16-0410-b530-b9f4589650da
2009-08-19 14:44:43 +00:00
James Lee e16647db74 make sure we're running on opera so we don't 404 on a suspicous-looking url if it isn't
git-svn-id: file:///home/svn/framework3/trunk@6963 4d416f70-5f16-0410-b530-b9f4589650da
2009-08-18 05:10:11 +00:00
James Lee bd2da7c12a revert overzealous commit
git-svn-id: file:///home/svn/framework3/trunk@6961 4d416f70-5f16-0410-b530-b9f4589650da
2009-08-18 04:53:35 +00:00
James Lee 08d50e0a5b fix a bug in colorization where %c gets replaced before %cya; wouldn't have been a problem until colorization gets put back in
git-svn-id: file:///home/svn/framework3/trunk@6960 4d416f70-5f16-0410-b530-b9f4589650da
2009-08-18 04:49:16 +00:00
HD Moore 7d866442f0 Skip encoding when there are no badchars -- temporary solution until the encoders also look at the Compat -> RequiredCmds field.
git-svn-id: file:///home/svn/framework3/trunk@6957 4d416f70-5f16-0410-b530-b9f4589650da
2009-08-17 17:42:39 +00:00
druid 20102275ce Updated references
git-svn-id: file:///home/svn/framework3/trunk@6956 4d416f70-5f16-0410-b530-b9f4589650da
2009-08-13 22:35:42 +00:00
druid 0a29ce88c0 Added MSB reference
git-svn-id: file:///home/svn/framework3/trunk@6955 4d416f70-5f16-0410-b530-b9f4589650da
2009-08-13 19:25:02 +00:00
HD Moore 7fb18d6e11 Add coverage for the new nagios3 cmd execution bug
git-svn-id: file:///home/svn/framework3/trunk@6936 4d416f70-5f16-0410-b530-b9f4589650da
2009-08-04 19:27:50 +00:00
Patrick Webster 91faadd782 Added juniper_sslvpn_ive_setupdll ActiveX exploit module.
git-svn-id: file:///home/svn/framework3/trunk@6921 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-30 15:47:23 +00:00
James Lee c29af0197a make opera_historysearch work in an iframe and speed it up so it is less likely to tip off a user
git-svn-id: file:///home/svn/framework3/trunk@6915 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-28 11:08:50 +00:00
James Lee 0b9412536c untested autopwn support for safari_metadata_archive just to have a safari vuln in the mix
git-svn-id: file:///home/svn/framework3/trunk@6913 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-28 06:38:01 +00:00
HD Moore 876a80f601 Updated osvdb references from Steve Tornio, updated capture/eth_spoof modules
git-svn-id: file:///home/svn/framework3/trunk@6907 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-27 14:05:23 +00:00
HD Moore ad68502ef6 Add credit to the milw0rm exploit author
git-svn-id: file:///home/svn/framework3/trunk@6886 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-23 11:51:24 +00:00
HD Moore ed024f82aa Remove the extraneous \r\n (thanks Shuyao!)
git-svn-id: file:///home/svn/framework3/trunk@6884 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-23 11:45:32 +00:00
James Lee e805bbc3aa remove stupid debug alert
git-svn-id: file:///home/svn/framework3/trunk@6882 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-23 08:58:51 +00:00
kris 7262621d35 switch 'Version' Rev to Revision since msf doesn't handle it correctly
git-svn-id: file:///home/svn/framework3/trunk@6877 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-23 03:06:01 +00:00
kris d3e65b3363 svn:keywords run
git-svn-id: file:///home/svn/framework3/trunk@6876 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-23 02:55:51 +00:00
James Lee 739207bf4a merge browser_autopwn back into trunk. This changes the database schema slightly, so make sure to db_destroy and db_create before using the database features.
git-svn-id: file:///home/svn/framework3/trunk@6873 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-22 20:14:35 +00:00
James Lee 750a432fd0 fix calls to new to_win32pe with correct number of arguments
git-svn-id: file:///home/svn/framework3/trunk@6872 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-22 19:23:21 +00:00
HD Moore 4c4a8a764c Let the XP SP0/SP1 and 2000 targets automatically run
git-svn-id: file:///home/svn/framework3/trunk@6865 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-22 12:59:08 +00:00
HD Moore e70ac6cc19 Added a new set of match flags for cmd injection exploits (RequiredCmds). This reduces the number of 'bad' payloads listed for explot modules. A good example is disabling the netcat -e payloads for old Solaris exploits
git-svn-id: file:///home/svn/framework3/trunk@6854 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-21 15:20:35 +00:00
HD Moore 47ebd62092 Adds coverage for the DD-WRT web interface command execution flaw, adds two netcat -e payloads to work with it
git-svn-id: file:///home/svn/framework3/trunk@6852 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-21 12:56:42 +00:00
Mario Ceballos 4691f2b0e5 added exploit module netidentity_xtierrpcpipe.rb
git-svn-id: file:///home/svn/framework3/trunk@6850 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-21 01:04:48 +00:00
James Lee 529ded22ae reverting last commit; somebody didn't cross their fingers
git-svn-id: file:///home/svn/framework3/trunk@6847 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-19 20:48:47 +00:00
James Lee c3dc1ecb55 reintegrate browser_autopwn into trunk; cross your fingers and hope this works
git-svn-id: file:///home/svn/framework3/trunk@6846 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-19 17:27:36 +00:00
HD Moore 309acbaa22 Remove extraneous comma
git-svn-id: file:///home/svn/framework3/trunk@6833 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-18 00:27:15 +00:00
HD Moore 282bcb4fae Updated with osvdb and bid references.
git-svn-id: file:///home/svn/framework3/trunk@6832 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-18 00:15:48 +00:00
HD Moore 2d319e9b5b Updated to work better on OS X and avoid 'script is taking too long' errors on all platforms
git-svn-id: file:///home/svn/framework3/trunk@6830 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-17 23:57:59 +00:00
HD Moore 99bc63b11d Adds support for Mac OS X intel (use the vforkshell payloads)
git-svn-id: file:///home/svn/framework3/trunk@6828 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-17 21:28:59 +00:00
HD Moore f8c2a203fd OSVDB references updates from Steve Tornio
git-svn-id: file:///home/svn/framework3/trunk@6812 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-16 16:02:24 +00:00
Patrick Webster f151ecc0ca Added mirc_privmsg_server exploit module.
git-svn-id: file:///home/svn/framework3/trunk@6806 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-15 11:44:55 +00:00
Mario Ceballos 6005ac7c3f added exploit module tns_service_name.rb. updated ora_ntlm_stealer.rb to use the new mixin.
git-svn-id: file:///home/svn/framework3/trunk@6804 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-15 03:50:45 +00:00
HD Moore 6624dbd5ff Adds coverage for SBerry's Firefox 3.5 exploit (win32 only atm).
git-svn-id: file:///home/svn/framework3/trunk@6803 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-14 21:59:35 +00:00
HD Moore b018df89da Some minor tweaks, looks like this module doesnt play nice with the new JS encrypter
git-svn-id: file:///home/svn/framework3/trunk@6799 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-14 11:59:33 +00:00
HD Moore b2a0f8adf5 Comment out references for now
git-svn-id: file:///home/svn/framework3/trunk@6795 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-14 02:42:52 +00:00
HD Moore 298ba64734 Fix the references section
git-svn-id: file:///home/svn/framework3/trunk@6794 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-14 00:25:26 +00:00
HD Moore 306841cc69 Adds coverage for the new OWC ActiveX control exploit
git-svn-id: file:///home/svn/framework3/trunk@6792 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-13 23:39:42 +00:00
James Lee d84c87fa36 updated version info and disclosure date for opera_historysearch
git-svn-id: file:///home/svn/framework3/trunk@6788 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-13 23:12:25 +00:00
HD Moore 5fb316b383 Integrates L4teral's JS encoder/encrypter
git-svn-id: file:///home/svn/framework3/trunk@6784 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-13 22:17:11 +00:00
James Lee 3e072dd66e add Opera historysearch module; works on linux, windows will come later
git-svn-id: file:///home/svn/framework3/trunk@6777 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-13 07:48:12 +00:00
Mario Ceballos 055c58b82e rename module to make room for new one.
git-svn-id: file:///home/svn/framework3/trunk@6775 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-13 03:50:18 +00:00
druid c846f02c79 Final commit of working CLSIDs
git-svn-id: file:///home/svn/framework3/trunk@6755 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-08 22:15:59 +00:00
druid 7a7b2df5a5 Updated list of working ClassIDs
git-svn-id: file:///home/svn/framework3/trunk@6754 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-08 21:34:13 +00:00
druid b9e7e0b902 Removed some CLSIDs that didn't work
git-svn-id: file:///home/svn/framework3/trunk@6753 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-08 21:25:23 +00:00
druid 02f7d6b586 Exploit now uses a random ClassID from the list provided by the Microsoft Advisory rather than a static one (also configurable via an advanced option).
git-svn-id: file:///home/svn/framework3/trunk@6751 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-08 19:47:44 +00:00
HD Moore a54b9a06ef Exploit module for the new MS Video ActiveX flaw from Trancer. See more at http://www.rec-sec.com/2009/07/06/ms-directshow-msvidctl-exploit/
git-svn-id: file:///home/svn/framework3/trunk@6750 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-07 11:11:46 +00:00
Patrick Webster a4e0c88a1b Added MDaemon WorldClient Form2Raw.cgi exploit module.
git-svn-id: file:///home/svn/framework3/trunk@6736 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-03 01:26:21 +00:00
druid 1df854bee7 Removed unused options, added success message.
git-svn-id: file:///home/svn/framework3/trunk@6730 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-30 14:09:19 +00:00
druid e03428dd8f Disabled debugging output
git-svn-id: file:///home/svn/framework3/trunk@6727 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-30 01:52:48 +00:00
druid bb0408e570 Exploit for /bin/login over dialup
git-svn-id: file:///home/svn/framework3/trunk@6725 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-29 14:13:41 +00:00
Mario Ceballos f90d4123ab added exploit module bopup_comm.rb
git-svn-id: file:///home/svn/framework3/trunk@6721 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-27 14:31:29 +00:00
Ramon de C Valle c2362ec409 All your POWER are belong to us.
git-svn-id: file:///home/svn/framework3/trunk@6698 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-23 03:49:25 +00:00
HD Moore d0fe4e8610 Remove overzealous change for 1.9.1 compat
git-svn-id: file:///home/svn/framework3/trunk@6697 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-22 13:22:50 +00:00
HD Moore 66a6bfe9c0 Make the PDF modules 1.9.1 compatible
git-svn-id: file:///home/svn/framework3/trunk@6696 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-22 13:21:08 +00:00
HD Moore 2ec7693d94 Fix up the modules to pass in the framework object into the new API call
git-svn-id: file:///home/svn/framework3/trunk@6687 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-20 18:18:04 +00:00
HD Moore 2283e0ffe4 Update executable template and API
git-svn-id: file:///home/svn/framework3/trunk@6682 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-20 17:42:17 +00:00
James Lee bc037bbbac make php findsock work again for php_eval and php_include
git-svn-id: file:///home/svn/framework3/trunk@6678 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-20 05:50:52 +00:00
HD Moore 3a9e42ceb8 Green dam exploit from Trancer
git-svn-id: file:///home/svn/framework3/trunk@6671 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-18 01:54:15 +00:00
HD Moore 67b307557d fix eol-style settings
git-svn-id: file:///home/svn/framework3/trunk@6668 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-17 20:54:52 +00:00
HD Moore 5fb2b95190 Patch to simplify the fileformat options from antoine
git-svn-id: file:///home/svn/framework3/trunk@6666 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-17 20:34:28 +00:00
HD Moore b8efb1bbf9 Add Stephen Fewer's shiny exploit for the Java deserialization flaw
git-svn-id: file:///home/svn/framework3/trunk@6664 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-16 17:19:44 +00:00
HD Moore 697f0946e1 Reference correction
git-svn-id: file:///home/svn/framework3/trunk@6637 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-11 23:23:58 +00:00
HD Moore a5f567e76e Massive OSVDB reference update from Steve Tornio.
git-svn-id: file:///home/svn/framework3/trunk@6629 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-07 20:20:42 +00:00
HD Moore b7cac075e0 Adds the itunes overflow from Will Drewry: http://redpig.dataspill.org/2009/05/drive-by-attack-for-itunes-811.html
git-svn-id: file:///home/svn/framework3/trunk@6627 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-05 02:30:24 +00:00
Mario Ceballos fe463072d6 added exploit module ibmegath_getxmlvalue.rb
git-svn-id: file:///home/svn/framework3/trunk@6609 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-01 11:19:06 +00:00
HD Moore f17ee863bc Three new unpatched exploits from trancer: http://www.rec-sec.com
git-svn-id: file:///home/svn/framework3/trunk@6578 4d416f70-5f16-0410-b530-b9f4589650da
2009-05-24 15:06:12 +00:00
HD Moore 92d242cc2f osvdb references from Steve Tornio
git-svn-id: file:///home/svn/framework3/trunk@6568 4d416f70-5f16-0410-b530-b9f4589650da
2009-05-19 13:20:32 +00:00
James Lee 6c8a93035f make the new random header stuff work with magic_quotes
git-svn-id: file:///home/svn/framework3/trunk@6559 4d416f70-5f16-0410-b530-b9f4589650da
2009-05-17 00:35:56 +00:00
James Lee 685535c61d add php compatibility to multi/handler
git-svn-id: file:///home/svn/framework3/trunk@6558 4d416f70-5f16-0410-b530-b9f4589650da
2009-05-17 00:26:17 +00:00
HD Moore 1eddbbf332 More references from Steve Tornio
git-svn-id: file:///home/svn/framework3/trunk@6551 4d416f70-5f16-0410-b530-b9f4589650da
2009-05-14 19:56:07 +00:00
HD Moore 9d8581a17e More osvdb references from Steve Tornio
git-svn-id: file:///home/svn/framework3/trunk@6550 4d416f70-5f16-0410-b530-b9f4589650da
2009-05-13 17:39:42 +00:00
Mario Ceballos 6e84b4ea7f missed a , which borked stuff.
git-svn-id: file:///home/svn/framework3/trunk@6549 4d416f70-5f16-0410-b530-b9f4589650da
2009-05-12 21:42:33 +00:00
HD Moore 0981295879 More osvdb references from Steve Tornio
git-svn-id: file:///home/svn/framework3/trunk@6547 4d416f70-5f16-0410-b530-b9f4589650da
2009-05-12 19:56:54 +00:00
HD Moore 0ab728c6a5 Added OSVDB references from Steve Tornio
git-svn-id: file:///home/svn/framework3/trunk@6546 4d416f70-5f16-0410-b530-b9f4589650da
2009-05-12 19:03:25 +00:00
Patrick Webster 4bafe57fe3 Added cain_abel_4918_rdp.rb from Trancek.
git-svn-id: file:///home/svn/framework3/trunk@6521 4d416f70-5f16-0410-b530-b9f4589650da
2009-05-03 13:29:42 +00:00
Patrick Webster de43887fdd Added destinymediaplayer16.rb from Trancek.
git-svn-id: file:///home/svn/framework3/trunk@6520 4d416f70-5f16-0410-b530-b9f4589650da
2009-05-03 12:12:08 +00:00
Patrick Webster d78b615190 Added racer_503beta5.rb from Trancek.
git-svn-id: file:///home/svn/framework3/trunk@6519 4d416f70-5f16-0410-b530-b9f4589650da
2009-05-03 11:10:37 +00:00
Patrick Webster a99354abce Added zinfaudioplayer221_pls from Trancek. Added SEH, universal target and references.
git-svn-id: file:///home/svn/framework3/trunk@6507 4d416f70-5f16-0410-b530-b9f4589650da
2009-04-29 03:45:37 +00:00
James Lee b31abbc6f9 move the payload into a random X- header so it doesn't show up in access logs
git-svn-id: file:///home/svn/framework3/trunk@6493 4d416f70-5f16-0410-b530-b9f4589650da
2009-04-19 15:47:14 +00:00
Patrick Webster e9776552ad Added domino_http_accept_language from riaf.
git-svn-id: file:///home/svn/framework3/trunk@6488 4d416f70-5f16-0410-b530-b9f4589650da
2009-04-16 06:08:40 +00:00
Mario Ceballos 89d0cb3954 added exploit module mswhale_checkforupdates.rb
git-svn-id: file:///home/svn/framework3/trunk@6486 4d416f70-5f16-0410-b530-b9f4589650da
2009-04-15 21:38:50 +00:00
kris 37c2e301ed replacing defunct framework URL in header comments in most modules and pcap_log
git-svn-id: file:///home/svn/framework3/trunk@6479 4d416f70-5f16-0410-b530-b9f4589650da
2009-04-13 14:33:26 +00:00
kris cc78d9a59c turn off svn:executable in modules
git-svn-id: file:///home/svn/framework3/trunk@6470 4d416f70-5f16-0410-b530-b9f4589650da
2009-04-08 20:04:25 +00:00
Mario Ceballos 3c54e15590 added exploit module sapgui_saveviewtosessionfile.rb
git-svn-id: file:///home/svn/framework3/trunk@6455 4d416f70-5f16-0410-b530-b9f4589650da
2009-04-02 20:43:06 +00:00
natron edbaada754 Reliable write address location; bringing in line with windows/browser version
git-svn-id: file:///home/svn/framework3/trunk@6452 4d416f70-5f16-0410-b530-b9f4589650da
2009-03-31 16:46:50 +00:00
natron 8d7c6d6367 Browser version of jbig2decode
git-svn-id: file:///home/svn/framework3/trunk@6451 4d416f70-5f16-0410-b530-b9f4589650da
2009-03-31 14:58:37 +00:00
kris 9482b4080e set a few more modules' Versions to Revision, only did aux by accident last time
git-svn-id: file:///home/svn/framework3/trunk@6439 4d416f70-5f16-0410-b530-b9f4589650da
2009-03-30 01:09:09 +00:00
Mario Ceballos 6203b02ffc fix tab.
git-svn-id: file:///home/svn/framework3/trunk@6412 4d416f70-5f16-0410-b530-b9f4589650da
2009-03-28 16:27:01 +00:00
Mario Ceballos 64b12fdb61 added exploit module adobe_collectemailfinfo.rb
git-svn-id: file:///home/svn/framework3/trunk@6411 4d416f70-5f16-0410-b530-b9f4589650da
2009-03-28 16:14:32 +00:00
HD Moore 9d2382f5f5 Adds the PDF geticon modules from jduck
git-svn-id: file:///home/svn/framework3/trunk@6409 4d416f70-5f16-0410-b530-b9f4589650da
2009-03-28 07:40:29 +00:00
HD Moore eccfcdfced Sets svn keywords on modules missing it, tweaks the emailer module
git-svn-id: file:///home/svn/framework3/trunk@6407 4d416f70-5f16-0410-b530-b9f4589650da
2009-03-28 06:03:35 +00:00
HD Moore 86bc12940a Fix tabstops for weblogic module
git-svn-id: file:///home/svn/framework3/trunk@6405 4d416f70-5f16-0410-b530-b9f4589650da
2009-03-28 06:00:23 +00:00
HD Moore a5125c6c87 Update the module description
git-svn-id: file:///home/svn/framework3/trunk@6404 4d416f70-5f16-0410-b530-b9f4589650da
2009-03-28 05:52:40 +00:00
natron 3b704ecf46 Add support for Reader 8.1.2, increase heapspray reliability
git-svn-id: file:///home/svn/framework3/trunk@6400 4d416f70-5f16-0410-b530-b9f4589650da
2009-03-28 02:40:27 +00:00
pusscat 41960b0300 Add jsessionid exploit
git-svn-id: file:///home/svn/framework3/trunk@6399 4d416f70-5f16-0410-b530-b9f4589650da
2009-03-27 19:03:39 +00:00
natron bee2e44254 Remove debug messages, fix nops.
git-svn-id: file:///home/svn/framework3/trunk@6398 4d416f70-5f16-0410-b530-b9f4589650da
2009-03-27 02:34:40 +00:00
natron 989a0bf88f Backed off the heapspray, will hopefully work on low and high RAM systems now.
git-svn-id: file:///home/svn/framework3/trunk@6397 4d416f70-5f16-0410-b530-b9f4589650da
2009-03-27 02:32:13 +00:00
natron 8784ee930f Adobe JBIG2Decode Exploit (CVE-2009-0658)
git-svn-id: file:///home/svn/framework3/trunk@6395 4d416f70-5f16-0410-b530-b9f4589650da
2009-03-27 00:08:19 +00:00
HD Moore 13706d1bde Tons of new Mac OS X code from Dino Dai Zovi and Charlie Miller, more to follow
git-svn-id: file:///home/svn/framework3/trunk@6353 4d416f70-5f16-0410-b530-b9f4589650da
2009-03-18 23:28:24 +00:00
Mario Ceballos a036178737 added exploit module orbit_connecting.rb
git-svn-id: file:///home/svn/framework3/trunk@6348 4d416f70-5f16-0410-b530-b9f4589650da
2009-03-17 01:24:16 +00:00
kris 804ff61df6 big svn:keywords run
git-svn-id: file:///home/svn/framework3/trunk@6345 4d416f70-5f16-0410-b530-b9f4589650da
2009-03-15 18:12:33 +00:00
Mario Ceballos f7dafe0156 added exploit module belkin_bulldog.rb.
git-svn-id: file:///home/svn/framework3/trunk@6334 4d416f70-5f16-0410-b530-b9f4589650da
2009-03-11 22:33:51 +00:00
Patrick Webster 7209271870 Added exploit module apache_mod_rewrite_ldap.
git-svn-id: file:///home/svn/framework3/trunk@6327 4d416f70-5f16-0410-b530-b9f4589650da
2009-03-10 06:42:11 +00:00
Patrick Webster 46351557bc Added dogfood_spell_exec exploit module from LSO.
git-svn-id: file:///home/svn/framework3/trunk@6282 4d416f70-5f16-0410-b530-b9f4589650da
2009-03-03 03:32:36 +00:00
Patrick Webster 2df5dc3204 Added exploit module ebook_flipviewer_fviewerloading from LSO.
git-svn-id: file:///home/svn/framework3/trunk@6281 4d416f70-5f16-0410-b530-b9f4589650da
2009-03-02 23:14:54 +00:00
Patrick Webster a71b3e8c22 Added exploit module efs_easychatserver_username from LSO.
git-svn-id: file:///home/svn/framework3/trunk@6280 4d416f70-5f16-0410-b530-b9f4589650da
2009-03-02 06:57:00 +00:00
natron b6731747c4 added ie_unsafe_scripting exploit module
git-svn-id: file:///home/svn/framework3/trunk@6260 4d416f70-5f16-0410-b530-b9f4589650da
2009-02-27 22:35:50 +00:00
Patrick Webster d5c625b803 Added exploit module dlink_long_filename from LSO.
git-svn-id: file:///home/svn/framework3/trunk@6256 4d416f70-5f16-0410-b530-b9f4589650da
2009-02-26 08:19:01 +00:00
Patrick Webster c902c035aa Typo in vendor name. Steamcast.
git-svn-id: file:///home/svn/framework3/trunk@6255 4d416f70-5f16-0410-b530-b9f4589650da
2009-02-25 11:50:24 +00:00
Patrick Webster 415b4c2593 Added exploit module streamcast_useragent.rb from LSO.
git-svn-id: file:///home/svn/framework3/trunk@6254 4d416f70-5f16-0410-b530-b9f4589650da
2009-02-25 11:35:36 +00:00
Patrick Webster 92c45abf2d Added contentkeeperweb_mimencode exploit module.
git-svn-id: file:///home/svn/framework3/trunk@6250 4d416f70-5f16-0410-b530-b9f4589650da
2009-02-25 03:41:25 +00:00
Mario Ceballos 7118ef0a2c added aux module osb_execqr.rb and exploit module osb_ndmp_auth.rb.
git-svn-id: file:///home/svn/framework3/trunk@6248 4d416f70-5f16-0410-b530-b9f4589650da
2009-02-23 16:26:00 +00:00
cg 8fe4bf88b9 MS09-002 coverage by dean
git-svn-id: file:///home/svn/framework3/trunk@6238 4d416f70-5f16-0410-b530-b9f4589650da
2009-02-20 17:46:52 +00:00
Mario Ceballos 092db8229c added exploit module fdm_auth_header.rb
git-svn-id: file:///home/svn/framework3/trunk@6205 4d416f70-5f16-0410-b530-b9f4589650da
2009-02-02 18:27:36 +00:00
HD Moore f927320eda Wrap the telephony require properly
git-svn-id: file:///home/svn/framework3/trunk@6201 4d416f70-5f16-0410-b530-b9f4589650da
2009-01-30 04:28:40 +00:00
Mario Ceballos b321790c04 added exploit module license_gcr.rb.
git-svn-id: file:///home/svn/framework3/trunk@6183 4d416f70-5f16-0410-b530-b9f4589650da
2009-01-25 02:22:18 +00:00