4840a05ada
Update from rapid7 master
2014-06-02 17:17:00 -05:00
52c33b7e79
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2014-06-02 17:32:51 -04:00
9574a327f8
use the new check also in exploit()
2014-06-02 14:38:33 -05:00
3c38c0d87c
Dont be confident about string comparision
2014-06-02 14:37:29 -05:00
b136765ef7
Nuke extra space at EOL
2014-06-02 14:22:01 -05:00
ea383b4139
Make print/descs/case consistent
2014-06-02 13:20:01 -05:00
d0241cf4c1
Add check method
2014-06-02 08:14:40 -05:00
31af8ef07b
Check .NET version
2014-06-01 20:58:08 -05:00
3c5fae3706
Use correct include
2014-06-01 11:51:06 +01:00
4801a7fca0
Allow x86->x64 injection
2014-06-01 11:50:13 +01:00
3ae4a16717
Clean environment variables
2014-05-30 12:21:23 -05:00
b99b577705
Clean environment variable
2014-05-30 12:20:00 -05:00
b27a95c008
Delete unused code
2014-05-30 12:08:55 -05:00
e215bd6e39
Delete unnecessary code and use get_env
2014-05-30 12:07:59 -05:00
76ed9bcf86
hedwig.cgi - cookie bof - return to system
2014-05-30 17:49:37 +02:00
1ddc2d4e87
hedwig.cgi - cookie bof - return to system
2014-05-30 17:32:49 +02:00
1dbd36a3dd
Check for the .NET dfsvc and use %windir%
2014-05-30 09:02:43 -05:00
ffbcbe8cc1
Use cmd_psh_payload
2014-05-29 18:12:18 -05:00
03889ed31f
Use cmd_psh_payload
2014-05-29 18:11:22 -05:00
60c5307475
Fix msftidy
2014-05-30 00:14:59 +02:00
9627bae98b
Add JDWP RCE for Windows and Linux
2014-05-29 23:45:44 +02:00
3a3d038904
Land #3397 - ElasticSearch Dynamic Script Arbitrary Java Execution
2014-05-29 12:21:21 -05:00
dfa61b316e
A bit of description change
2014-05-29 12:20:40 -05:00
e145298c13
Add module for CVE-2014-0257
2014-05-29 11:45:19 -05:00
6e122e683a
Add module for CVE-2013-5045
2014-05-29 11:42:54 -05:00
53ab2aefaa
Land #3386 , a few datastore msftidy error fixes
2014-05-29 10:44:37 -05:00
8a2236ecbb
Fix the last of the Set-Cookie msftidy warnings
2014-05-29 04:42:49 -05:00
7a29ae5f36
Add module for CVE-2014-3120
2014-05-27 18:01:16 -05:00
352e14c21a
Land #3391 , all vars_get msftidy warning fixes
2014-05-26 23:41:46 -05:00
da0a9f66ea
Resolved all msftidy vars_get warnings
2014-05-25 19:29:39 +02:00
df97c66ff5
Fixed check
2014-05-24 00:37:52 +02:00
8d4d40b8ba
Resolved some Set-Cookie warnings
2014-05-24 00:34:46 +02:00
efffbf751a
PHP module shouldnt zap CMD option (@wchen-r7)
...
As far as I can tell, there is no purpose for this cleanup. No other CMD
exec module takes pains to clear out CMD after run, and it looks like a
bad idea -- what happens when you rexploit?
2014-05-23 15:09:18 -05:00
b85c0b7543
rop to system with telnetd
2014-05-23 20:51:25 +02:00
28459299b2
Update ibstat_path.rb
...
Add interface detection, defaulting to en0.
2014-05-22 14:16:04 -07:00
b9464e626e
Delete unnecessary line
2014-05-21 10:18:03 -05:00
af415c941b
[SeeRM #8803 ] Avoid false positives when checking fb_cnct_group
2014-05-20 18:44:28 -05:00
7cabfacfa3
Test adobe_flash_pixel_bender_bof on Safari 5.1.7
...
Added browser-requirement for Safari after successful test using Safari 5.1.7 with Adobe Flash Player 13.0.0.182 running on Windows 7 SP1.
2014-05-20 01:43:19 +02:00
52b182d212
Add a small note to bypassuac_injection concerning EXE::Custom
2014-05-19 22:00:35 +01:00
b84379ab3b
Note about EXE::Custom
2014-05-19 22:00:09 +01:00
0ef2e07012
Minor desc and status updates, cosmetic
2014-05-19 08:59:54 -05:00
bf52c0b888
Land #3364 - Symantec Workspace Streaming Arbitrary File Upload
2014-05-19 00:25:33 -05:00
2fb0dbb7f8
Delete debug print_status
2014-05-18 23:34:04 -05:00
975cdcb537
Allow exploitation also on FF
2014-05-18 23:24:01 -05:00
033757812d
Updates to adobe_flash_pixel_bender_bof:
...
1. Added embed-element to work with IE11 (and Firefox). Removed browser-requirements for ActiveX (clsid and method).
2. Added Cache-Control header on SWF-download to avoid AV-detection (no disk caching = no antivirus-analysis :).
Testing performed:
Successfully tested with Adobe Flash Player 13.0.0.182 with IE9, IE10 and IE11 running on Windows 7SP1. (Exploit will trigger on FF29, although sandboxed.)
2014-05-18 22:43:51 +02:00
1b68abe955
Add module for ZDI-14-127
2014-05-15 13:41:52 -05:00
750b6fc218
Land #3348 , some Ruby warning fixes
2014-05-14 01:25:10 -05:00
c421b8e512
Change if not to unless
2014-05-14 01:24:29 -05:00
df4b832019
Resolved some more Set-Cookie warnings
2014-05-13 22:56:12 +02:00
1a3b319262
rebase to use the mixin psexec
2014-05-13 16:04:40 +02:00
d3f2414d09
Fix merging typo
2014-05-13 16:04:40 +02:00
808f87d213
SERVICE_DESCRIPTION doesn't concern this PR
2014-05-13 16:04:39 +02:00
6332957bd2
Try to add SERVICE_DESCRIPTION options to psexec, but it doesn't seem to work...
2014-05-13 16:04:39 +02:00
5ecebc3427
Add options `SERVICE_NAME` and `SERVICE_DISPLAYNAME` to psexec and correct service payload generation
2014-05-13 16:04:37 +02:00
ca7a2c7a36
Add string_to_pushes to use non fixed size service_name
2014-05-13 16:04:37 +02:00
513f3de0f8
new service exe creation refreshed
2014-05-13 16:04:36 +02:00
638ae477d9
Fix up spec. Rex::Proto::Http::ClientRequest handles & and = outside of Rex::Text::uri_encode, so mode doesn't affect them.
...
Fix erroneous typo char.
2014-05-12 12:10:30 -05:00
5f523e8a04
Rex::Text::uri_encode - make 'hex-all' really mean all.
...
'hex-all' encoding was previously ignoring slashes.
This pull adds 'hex-noslashes' mode which carries forward the previous functionality, and replaces all existing references to 'hex-all' with 'hex-noslashes' It then adds a replacement 'hex-all' mode, which really encodes *ALL* characters.
2014-05-12 11:26:27 -05:00
557cd56d92
fixed some ruby warnings
2014-05-10 23:31:02 +02:00
a60558061c
re-enable x86 stager
2014-05-10 19:58:19 +01:00
dee6b53175
fix java payload struts module
2014-05-10 00:19:40 +02:00
6f837715f9
Land #3343 , @FireFart's new uri encoding for struts_code_exec_parameters
2014-05-09 14:37:58 -05:00
38f3a19673
Try to beautify description
2014-05-09 14:35:06 -05:00
43a85fc645
additional GET parameters
2014-05-09 21:21:04 +02:00
ad83921a85
additional GET parameters
2014-05-09 21:15:28 +02:00
f56ea01988
Add module
2014-05-09 10:27:41 -05:00
53fde675e7
randomize meh parameter
2014-05-09 10:38:19 +02:00
a3fff5401f
more code cleanup
2014-05-08 23:05:41 +02:00
e7b7af2f75
fixed apache struts module
2014-05-08 22:15:52 +02:00
6b41a4e2d9
Test Flash 13.0.0.182
2014-05-07 17:39:22 -05:00
5fd732d24a
Add module for CVE-2014-0515
2014-05-07 17:13:16 -05:00
e8bc89af30
Land #3337 , release fixes
2014-05-05 14:03:48 -05:00
c97c827140
Adjust desc and ranking on ms13-053
...
Since it's likely to crash winlogin.exe in the normal use case
(eventually), I've kicked this down to Average ranking.
2014-05-05 13:46:19 -05:00
3536ec9a74
Description update
2014-05-05 13:43:44 -05:00
3072c2f08a
Update CVEs for RootedCon Yokogawa modules
...
Noticed they were nicely documented at
http://chemical-facility-security-news.blogspot.com/2014/03/ics-cert-publishes-yokogawa-advisory.html
We apparently never updated with CVE numbers.
2014-05-05 13:25:55 -05:00
6bfc9a8aa0
Land #3333 - Adobe Flash Player Integer Underflow Remote Code Execution
2014-05-05 10:39:26 -05:00
073adc759d
Land #3334 , fix author by @julianvilas
2014-05-04 21:30:53 +02:00
dd7705055b
Fix author
2014-05-04 19:31:53 +02:00
7e37939bf2
Land #3090 - Windows NTUserMessageCall Win32k Kernel Pool Overflow (Schlamperei)
2014-05-04 16:41:17 +10:00
5b150a04c6
Add testing information to description
2014-05-03 20:08:00 -05:00
b4c7c5ed1f
Add module for CVE-2014-0497
2014-05-03 20:04:46 -05:00
36f9f342c1
Fix typo
2014-05-02 16:26:08 +02:00
56c5eac823
Message correction
2014-05-02 14:18:18 +01:00
69915c0de5
Message correction
2014-05-02 14:17:27 +01:00
150b89e290
Land #3314 , @julianvilas's exploit for Struts CVE-2014-0094
2014-05-01 18:09:10 -05:00
3dd3ceb3a9
Refactor code
2014-05-01 18:04:37 -05:00
b7ecf829d3
Do first refactor
2014-05-01 16:39:53 -05:00
195005dd83
Do minor style changes
2014-05-01 15:25:55 -05:00
140c8587e7
Fix metadata
2014-05-01 15:24:16 -05:00
e0ee31b388
Modify print_error by fail_with
2014-05-01 20:19:31 +02:00
3374af83ab
Fix typos
2014-05-01 19:44:07 +02:00
1483f02f83
Land #3306 , @xistence's alienvault's exploit
2014-05-01 09:25:07 -05:00
1b39712b73
Redo response check
2014-05-01 09:10:16 -05:00
78cefae607
Use WfsDelay
2014-05-01 09:07:26 -05:00
5db24b8351
Fixes/Stability AlienVault module
2014-05-01 14:53:55 +07:00
c12d72b58c
Changes to alienvault module
2014-05-01 10:39:11 +07:00
9bcf5eadb7
Changes to alienvault module
2014-05-01 10:10:15 +07:00
bd39af3965
Fix target ARCH_JAVA and remove calls to sleep
2014-05-01 00:51:52 +02:00
8b138b2d37
Fix unquoted path in cleanup script
2014-04-30 16:34:33 -05:00
6b740b727b
Changes PATH to proper case
...
This changes PATH to Path
2014-04-30 17:26:36 -04:00
fdc81b198f
Adds the ability to specify path
...
This update allows an explicit path to be set rather
than purely relying on the TEMP environment variable.
2014-04-30 16:08:48 -04:00
8e8fbfe583
Fix msf-staff comments
2014-04-29 17:36:04 +02:00
b2c2245aff
Add comments
2014-04-29 11:24:17 +02:00
a78aae08cf
Add CVE-2014-0094 RCE for Struts 2
2014-04-29 03:58:04 +02:00
17a508af34
Add CVE-2014-0094 RCE for Struts 2
2014-04-29 03:50:45 +02:00
4c0a692678
Land #3312 - Update ms14-012
2014-04-28 18:48:20 -05:00
b1ac0cbdc7
Land #3239 - Added target 6.1 to module
2014-04-28 18:28:14 -05:00
1c88dea7d6
Exploitation also works with flash 13
2014-04-28 16:23:05 -05:00
8a4c7b22ed
Land #3296 - Refactors firefox js usage into a mixin
2014-04-28 15:22:55 -05:00
d530c9c128
Land #3304 - Adobe Flash Player Type Confusion Remote Code Execution
2014-04-28 15:06:50 -05:00
1b4fe90003
Fix msftidy warnings on wireshark exploits
2014-04-28 19:51:38 +01:00
3bfdfb5cab
Grammar
2014-04-28 19:49:56 +01:00
a5baea1a8e
Touch up print_ statements
2014-04-28 19:49:23 +01:00
9a1b216fdb
Move module to new location
2014-04-28 11:55:26 -05:00
51a5a901a8
Fix typo
2014-04-28 11:55:06 -05:00
887dfc5f40
Fix RequiredCmd
2014-04-28 11:54:56 -05:00
245b591247
Do module clean up
2014-04-28 11:45:40 -05:00
2e04bc9e4e
AlienVault OSSIM 4.3.1 unauthenticated SQLi RCE
2014-04-28 10:59:15 +07:00
9ce5545034
Fix comments
2014-04-27 20:13:46 -05:00
60e7e9f515
Add module for CVE-2013-5331
2014-04-27 10:40:46 -05:00
f94d1f6546
Refactors firefox js usage into a mixin.
2014-04-24 15:09:48 -05:00
1353c62967
Land #3295 - Fix NoMethodError undefined method `body' for nil:NilClass
2014-04-24 13:53:58 -05:00
5c0664fb3b
Land #3292 - Mac OS X NFS Mount Privilege Escalation Exploit
2014-04-24 13:43:20 -05:00
656e60c35c
Land #3254 - Wireshark <= 1.8.12/1.10.5 wiretap/mpeg.c Stack BoF
2014-04-24 13:20:50 -05:00
cde9080a6a
Move module to fileformat
2014-04-24 13:17:08 -05:00
a39855e20d
Works for XP SP3 too
2014-04-24 13:16:24 -05:00
ba8d7801f4
Remove default target because there is no auto-select
2014-04-24 13:15:49 -05:00
2e76db01d7
Try to stick to the 100 columns per line rule
2014-04-24 13:15:12 -05:00
8f47edb899
JBoss_Maindeployer: improve feedback against CVE-2010-0738
...
The exploit against CVE-2010-0738 won't work when using GET or POST. In the existing code the request would fail and the function would return a nil. This would be passed to detect_platform without being checked and cause the module to crash ungracefully with the error:
Exploit failed: NoMethodError undefined method `body' for nil:NilClass
The first changes detect a 401 authentication message and provide useful feedback. Given that if, in any case, 'res' is not a valid or useful response the second change just terminates processing.
I've stayed with the module's coding style for consistency.
2014-04-24 12:37:14 -05:00
fd95d9ef38
Added english windows xp sp2 target
2014-04-23 17:32:56 +01:00
143aede19c
Add osx nfs_mount module.
2014-04-23 02:32:42 -05:00
e514ff3607
Description and print_status fixes for release
...
@cdoughty-r7, I choose you! Or @wvu-r7.
2014-04-21 14:00:03 -05:00
66b1c79da9
Update rop chain for versions 6.2 and 6.1
2014-04-21 13:27:14 -04:00
e25ca64641
It's solved the crash when double-click on the pcap file
2014-04-21 17:49:40 +01:00
3861541204
Add more rand_text_alpha functions
2014-04-19 18:37:58 +01:00
7bc546e69a
Add rand_text_alpha function
2014-04-19 17:45:28 +01:00
feea4c1fa6
ROP chain changed
2014-04-18 19:05:53 +01:00
7d801e3acc
Land #3200 , goodbye LORCON modules :(
2014-04-18 12:32:22 -05:00
acb12a8bef
Beautify and fix both ruby an AS
2014-04-17 23:32:29 -05:00
91d9f9ea7f
Update from master
2014-04-17 15:32:49 -05:00
749e141fc8
Do first clean up
2014-04-17 15:31:56 -05:00
8920e0cc80
Use octal encoding and -e, so that echo always works.
2014-04-17 01:17:46 -05:00
d7a63003a3
Land #3266 - MS14-012 Microsoft Internet Explorer CMarkup Use-After-Free
2014-04-15 18:35:18 -05:00
23c2a071cd
Small name change
2014-04-15 18:35:00 -05:00
7a4e12976c
First little bit at Bug 8498
...
[FixRM #8489 ] rhost/rport modification
2014-04-15 18:20:16 -05:00
abd76c5000
Add module for CVE-2014-0322
2014-04-15 17:55:24 -05:00
0b2737da7c
Two more java payloads that wanted to write RHOST
...
There are three total, and they're all copy-pasted from the original
module from 2009. I suspect this idiom isn't used at all any more -- I
can't detect a difference in the payload if I just declare a host being
cli.peerhost, rather than rewriting RHOST to be cli.peerhost.
[SeeRM #8498 ]
2014-04-14 22:22:30 -05:00
775b0de3c0
Replace RHOST reassing with just host
...
This looks okay from debug (the host looks like it's generating okay)
but there may be some subtle thing I'm not seeing here. @wchen-r7 can
you glance at this please?
[SeeRM #8498 ]
2014-04-14 22:17:31 -05:00
e811e169dc
Cambios en el exploit
2014-04-14 16:31:54 +01:00
da26a39634
Add CVE-2014-2219 exploit for windows XP SP3
2014-04-14 16:16:10 +01:00
c99f6654e8
Added target 6.1 to module
2014-04-11 09:59:11 -04:00
fe066ae944
Land #3207 , @7a69 MIPS BE support for Fritz Box's exploit
2014-04-09 23:20:45 -05:00
fdda69d434
Align things
2014-04-09 23:19:41 -05:00
386e2e3d29
Do final / minor cleanup
2014-04-09 23:19:12 -05:00
b69662fa42
Land #3233 - eScan Password Command Injection
2014-04-11 11:05:48 -05:00
0c8f5e9b7d
Add @Firefart's feedback
2014-04-11 10:21:33 -05:00
b0b979ce62
Meterpreter sessions won't get root in this way
2014-04-09 16:59:12 -05:00
a2ce2bfa56
Fix disclosure date
2014-04-09 16:41:49 -05:00
ff232167a6
Add module for eScan command injection
2014-04-09 16:39:06 -05:00
2de210f1c3
Land #3216 - Update @Meatballs1 and @FireFart in authors.rb
2014-04-09 16:38:10 -05:00
eb9d3520be
Land #3208 - Sophos Web Protection Appliance Interface Authenticated Exec
2014-04-09 11:30:59 -05:00
062175128b
Update @Meatballs and @FireFart in authors.rb
2014-04-09 10:46:10 -05:00
8428b37e59
move file to .rb ext
2014-04-09 05:17:14 -07:00
82c9b539ac
Fix disclosure date, earlier than I thought
2014-04-08 21:43:49 -05:00
3013704c75
Create sophos_wpa_iface_exec
...
This module exploits both bugs in http://www.zerodayinitiative.com/advisories/ZDI-14-069/
2014-04-08 21:21:43 -05:00
f3086085b6
Land #3204 - MS14-017 Microsoft Word RTF Object Confusion
2014-04-08 18:47:53 -05:00
fc841331d2
Add a test on echo to check for hex support.
...
* This is much nicer than checking version on userAgent, which
is often changed when rendered in an embedded webview.
2014-04-08 17:58:31 -05:00
a2b709b20e
Land #3189 - Vtiger Install Unauthenticated Remote Command Execution
2014-04-08 14:58:34 -05:00
4012dd0acc
Fix everything that needs to be fixed
2014-04-08 14:57:42 -05:00
8dce80fd30
Added Big Endianess, improved check()-Function
...
Some Fritz!Box devices also run in Big Endianess mode. However, since
"uname -a" always returns "mips" and the "file"-command is not
available, autodetection is not an easy task.
The check()-function now checks, whether the device is really
vulnerable.
Furthemore, it's possible to send 92 bytes.
2014-04-08 21:32:36 +02:00
3f6c8afbe3
Fix typo of MSCOMCTL not MCCOMCTL
2014-04-08 14:52:18 -04:00
85197dffe6
MS14-017 Word RTF listoverridecount memory corruption
2014-04-08 14:44:20 -04:00
21b220321f
Fix typo.
...
This isn't a Linksys exploit. Left over wording from a previous exploit?
2014-04-07 18:06:59 -05:00
17ddbccc34
Remove the broken lorcon module set
...
None of the lorcon / lorcon2 modules have been functional for a long
time, due to the lack of a "Lorcon" gem. It's unclear where it went.
I'm happy to include it and get these working again, but until someone
comes up with some functional code (hint: 'gem install' doesn't work) I
don't see any reason to keep shipping these.
Is there some trick people are doing to make these work? As far as I can
see, they are broken by default.
````
msf auxiliary(wifun) > show options
Module options (auxiliary/dos/wifi/wifun):
Name Current Setting Required Description
---- --------------- -------- -----------
CHANNEL 11 yes The initial channel
DRIVER autodetect yes The name of the wireless driver
for lorcon
INTERFACE wlan0 yes The name of the wireless
interface
msf auxiliary(wifun) > run
[*] The Lorcon2 module is not available: cannot load such file --
Lorcon2
[-] Auxiliary failed: RuntimeError Lorcon2 not available
[-] Call stack:
[-]
/home/todb/git/rapid7/metasploit-framework/lib/msf/core/exploit/lorcon2.rb:67:in
`open_wifi'
[-]
/home/todb/git/rapid7/metasploit-framework/modules/auxiliary/dos/wifi/wifun.rb:29:in
`run'
[*] Auxiliary module execution completed
````
2014-04-07 16:37:10 -05:00
fb1318b91c
Land #3193 , @m-1-k-3's exploit for the Fritzbox RCE vuln
2014-04-07 16:13:31 -05:00
ceaa99e64e
Minor final cleanup
2014-04-07 16:12:54 -05:00
b1a6b28af9
fixed disclosure date
2014-04-07 19:29:37 +02:00
003310f18a
feedback included
2014-04-07 19:25:26 +02:00
7572d6612e
Spelling and grammar on new release modules
2014-04-07 12:18:13 -05:00
85de6ed0c9
feedback included
2014-04-07 18:20:15 +02:00
2e4c2b1637
Disable Android 4.0, add arch detection.
...
Android 4.0, it turns out, has a different echo builtin than the other androids.
Until we can figure out how to drop a payload on a 4.0 shell, we cannot support it.
Arch detection allows mips/x86/arm ndkstagers to work, unfortunately
x86 ndkstager was not working, so it is disabled for now.
2014-04-07 09:44:43 -05:00
56bd35c8ce
Add module for WinRAR spoofing vulnerability
2014-04-07 09:21:49 -05:00
11bbb7f429
fritzbox echo exploit
2014-04-07 09:12:22 +02:00
ca7dcc0781
cleanup with msftidy
2014-04-06 12:41:58 +02:00
6d72860d58
Land #3004 , @m-1-k-3's linksys moon exploit
2014-04-04 14:04:48 -05:00
0ae75860ea
Code clean up
2014-04-04 14:02:12 -05:00
ea1c6fe8a4
Land #3177 - JIRA Issues Collector Directory Traversal
2014-04-04 10:41:51 -05:00
c90c49e319
Add vtiger install rce 0 day
2014-04-04 10:16:55 +02:00
48ef061c3c
Land #3046 , AIX ibtstat privesc exploit
2014-04-03 17:07:00 -05:00
6c67f1881f
Normalize syntax and whitespace
2014-04-03 16:54:33 -05:00
55500ea2f3
Avoid the nullchar.
2014-04-02 21:53:12 -05:00
176cc84865
Remove BES and calculate the pid manually.
2014-04-02 17:21:13 -05:00
577bd7c855
Land #3146 , @wchen-r7's flash version detection code
2014-04-02 15:13:41 -05:00
a85d451904
Add module for CVE-2014-2314
2014-04-02 14:49:31 -05:00
4a575d57ab
Try to fix Meatballs1 suggestions : optional service_description change call
2014-04-02 20:33:09 +01:00
b636a679ae
Erf, sorry, fixed now
2014-04-02 20:33:08 +01:00
631a7b9c48
Adapt to new psexec mixin (first try :D)
2014-04-02 20:33:08 +01:00
978bdbb676
Custom Service Description
2014-04-02 20:33:07 +01:00
e3dda2e862
Land #3172 - CVE-2014-1510 to firefox_xpi_bootstrapped_addon
2014-04-02 14:07:37 -05:00
ebcf972c08
Add initial firefox xpi prompt bypass.
2014-04-01 23:48:35 -05:00
8611526a01
Fix more bugs and more syntax errors
2014-04-01 01:22:12 +02:00
becefde52f
Fix bugs and syntax
2014-04-01 00:54:51 +02:00
ffdca3bf42
Fixup on some modules for release
...
There may be more coming, but if not, this should cover
this week's minor style changes.
2014-03-31 12:42:19 -05:00
cf2589ba8d
Land #3162 , Microsoft module name changes
2014-03-28 23:10:27 -05:00
d7ca537a41
Microsoft module name changes
...
So after making changes for MSIE modules (see #3161 ), I decided to
take a look at all MS modules, and then I ended up changing all of
them. Reason is the same: if you list modules in an ordered list
, this is a little bit easier to see for your eyes.
2014-03-28 20:56:53 -05:00
466096f637
Add MSB number to name
2014-03-28 20:33:40 -05:00
a173fcf2fa
Flash detection for firefox_svg_plugin
...
Good test case
2014-03-28 15:39:25 -05:00
f7b1874e7d
Land #3151 , @wchen-r7's use of BrowserExploitServer in ms13-59's exploit
2014-03-28 14:43:38 -05:00
69369c04b3
Land #3126 , @xistence's exploit for SePortal
2014-03-28 13:52:59 -05:00
7b56c9edac
Add references
2014-03-28 13:51:56 -05:00
94494e38e7
Land #3152 - Use normalize_uri for module wp_property_upload_exec
2014-03-28 13:22:54 +01:00
0b3f49f22a
Land #3145 , Clean up firefox_svg_plugin, use FirefoxPrivilegeEscalation mixin
2014-03-27 12:59:49 -05:00
0b766cd412
changes per firefart
2014-03-27 10:08:44 -07:00
744308bd35
tab...
2014-03-27 05:24:55 -07:00
a8c96213f0
normalize_uri for wp_property_upload_exec
2014-03-27 05:22:56 -07:00
8ec10f7438
Use BrowserExploitServer for MS13-059 module
2014-03-26 17:49:01 -05:00
4319885420
we do not need pieces ...
2014-03-26 20:45:30 +01:00
19918e3207
Land #3143 , @wchen-r7's switch to BrowserExploitServer on ie_setmousecapture_uaf
2014-03-26 14:16:35 -05:00
80808fc98c
Cleans up firefox SVG plugin.
2014-03-26 13:12:39 -05:00
fdc355147f
Use BrowserExploitServer mixin for ie_setmousecapture_uaf.rb
2014-03-25 18:41:47 -05:00
6c206e4ced
Add a comment about what this build version range is covering
2014-03-25 11:43:13 -05:00
7108d2b90a
Add ua_ver and mshtml_build requirements
...
This vulnerability is specific to certain builds of IE9.
2014-03-25 11:35:35 -05:00
0c3a535434
Land #3133 - LifeSize UVC Authenticated RCE via Ping
2014-03-24 21:16:10 -05:00
53b25c8c93
Fix header & author e-mail format
2014-03-24 21:15:27 -05:00
d2a9a26bc8
real fix for sinn3r bug
2014-03-24 18:40:48 -05:00
ec35f4b13f
some bugs for sinn3r
2014-03-24 18:17:50 -05:00
cfdd64d5b1
Title, description grammar and spelling
2014-03-24 12:16:59 -05:00
c7ba7e4d92
Land #3131 , @xistence's exploit for CVE-2014-1903
2014-03-24 08:48:06 -05:00
c3b753f92e
Make PHPFUNC advanced option
2014-03-24 08:47:31 -05:00
4f333d84c9
Clean up code
2014-03-24 08:15:54 -05:00
25ca0552e0
cleanup files after exploit
2014-03-23 17:00:29 +00:00
f9972239cf
randomize payload filename
2014-03-23 16:36:26 +00:00
d6f397ab6d
whoops that isn't how you EDB
2014-03-22 11:48:41 -05:00
291692d6e0
Update lifesize_uvc_ping_rce.rb
2014-03-22 11:30:00 -05:00
67a3a7227b
Create lifesize_uvc_ping_rce.rb
2014-03-21 21:33:12 -05:00
c4f0d8e179
FreePBX config.php RCE CVE-2014-1903
2014-03-21 10:29:15 +07:00
b02337d8b6
Land #3123 - Horde Framework Unserialize PHP Code Execution
2014-03-20 12:32:14 -05:00
a5afd929b4
Land #3120 , @wchen-r7's exploit for CVE-2014-0307
2014-03-20 11:16:40 -05:00
8cb7bc3cbe
Fix typo
2014-03-20 11:13:57 -05:00
2845f834c6
changed cookie retrieval to res.get_cookies
2014-03-20 16:39:26 +07:00
7bfb8e95e6
minor changes to seportal module
2014-03-20 13:44:39 +07:00
5ef49ff64b
SePortal 2.5 SQLi Remote Code Execution
2014-03-20 12:02:06 +07:00
c5158a3ccc
Update CVE
2014-03-19 22:13:23 -05:00
c1cbeff5f0
Land #3122 , lots of Meterpreter updates
...
This lands the binaries built from Meterpreter as of:
rapid7/meterpreter#80 , also known as
commit 5addac75741fadfff35f4f7839cee6fd69705455
as well as the functional changes in:
rapid7/metasploit-framework#2782
rapid7/metasploit-framework#2889
rapid7/metasploit-framework#3061
rapid7/metasploit-framework#3085
2014-03-19 15:35:49 -05:00
d6faf20981
Make title more accurate
2014-03-19 12:43:34 -05:00
144b86fee3
Add reference
2014-03-19 12:17:53 -05:00
27d142b387
Solve conflict by keeping file
2014-03-19 12:15:05 -05:00
fb645b6692
Clean code
2014-03-19 12:06:20 -05:00
0a795ab602
Land #3106 , @xistence's exploit for Array Networks devices
2014-03-19 10:49:03 -05:00
0e27d75e60
Code clean up
2014-03-19 10:48:25 -05:00
jvazquez-r7
jakxx
Tod Beardsley
Meatballs
Michael Messner
Julian Vilas
sinn3r
William Vu
Christian Mehlmauer
mercd
Jonas Vestberg
agix
Florian Gaultier
Jeff Jarmoc
Tim Wright
OJ
xistence
kaospunk
joev
Tom Sellers
JoseMi
Ken Smith
Brandon Perry
Brandon Perry
Fabian Bräunlein
Spencer McIntyre
Jeff Jarmoc
dummys
Sagi Shahar
Kurt Grutzmacher