f3b88d34c1
Add MS11-081
2013-01-09 15:52:33 -06:00
736f8db6c0
Deleting from browser autopwn
2013-01-09 09:58:20 +01:00
377905be7f
Avoid FileDropper in this case
2013-01-09 09:15:38 +01:00
52982c0785
Added BrowserAutopwn info
2013-01-08 19:53:34 +01:00
0e475dfce1
improvements and testing
2013-01-08 19:43:58 +01:00
b2575f0526
Added module for OSVDB 76681
2013-01-08 17:46:31 +01:00
6654faf55e
Msftidy fixes
2013-01-04 09:29:34 +01:00
8f2dd8e2ce
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
25aaf7a676
msftidy: Remove $Id$
2013-01-04 00:41:44 +01:00
6fd35482cc
This exploit should be in browser auto pwn
2013-01-03 14:45:00 -06:00
06b937ec11
Implements WTFUzz's no-spray technique
...
Do not try to bend the spoon, that is impossible. Instead, only
try to realize the truth: there is no spoon.
2013-01-03 11:57:47 -06:00
38157b86a9
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-12-31 11:15:44 -06:00
f7543e18fe
Your def of commit apparently is a little different than mine, git.
2012-12-31 00:35:13 -06:00
2b3f7c4430
Module rename
...
Sorry, Tod, this must be done.
2012-12-31 00:29:19 -06:00
5703274bc4
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-12-30 20:34:57 -06:00
1084334d5e
Randomness
2012-12-30 20:34:14 -06:00
7cb42a5eb4
Add BID ref
2012-12-30 18:14:22 -06:00
cc52e2c533
Where's Juan's name?
2012-12-30 12:58:16 -06:00
14f21c0a29
using the rop as expected
2012-12-30 16:13:48 +01:00
eed5a74f32
description updated and reference added
2012-12-30 16:08:01 +01:00
f7d6594314
re-deleted comma
2012-12-30 13:39:14 +01:00
6be8ed6168
readd fix for #1219
2012-12-30 13:25:42 +01:00
cd58cc73d9
fixed rop chain for w2003
2012-12-30 13:12:55 +01:00
cab84b5c27
Fix for issue #1219
2012-12-30 13:02:13 +01:00
dcf018c339
Comma
2012-12-30 12:54:44 +01:00
14d197eeb2
Added Windows Server 2003
2012-12-30 11:35:29 +01:00
6cb9106218
Added module for CVE-2012-4792
2012-12-30 01:46:56 +01:00
eb2037bdba
Merge branch 'inotes_dwa85w_bof' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-inotes_dwa85w_bof
2012-12-28 12:16:06 -06:00
9ffb0dcf79
switch to some random data
2012-12-28 12:48:36 +01:00
8f62cd5561
swith to some random data
2012-12-28 12:47:20 +01:00
af61438b0b
added module for zdi-12-132
2012-12-28 11:45:32 +01:00
8ea5c993a2
added module for zdi-12-134
2012-12-28 11:44:30 +01:00
6a3bf6a2a6
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-12-24 17:57:02 -06:00
38f0886058
James has more modules that need to be updated.
...
e-mail update.
2012-12-24 17:51:58 -06:00
4c897c5181
added module for ZDI-12-154
2012-12-24 16:23:19 +01:00
02782258eb
fix eol for ms12_004_midi
2012-12-21 21:01:39 +01:00
3c398d0e62
Final cleanup
2012-12-21 10:46:36 -06:00
4c58991c89
Cleanup ROP a little
2012-12-21 10:35:28 -06:00
e95f0267c6
Update for some leaky icky
2012-12-21 10:03:38 -06:00
f820ffb32d
update authors
2012-12-18 23:57:29 +01:00
8a07d2e53d
Added module for ZDI-12-168
2012-12-18 23:48:53 +01:00
3ed36bd66a
trying to fix stability issues on w7
2012-12-17 19:17:36 +01:00
bce7d48931
comment updated
2012-12-14 23:55:12 +01:00
0a0b26dc2c
after study the crash after the overflow...
2012-12-14 23:54:44 +01:00
3e3f35419b
Added module for CVE-2010-2590
2012-12-14 12:50:29 +01:00
f5193b595c
Update references
2012-12-10 11:42:21 -06:00
811bc49bfd
Merge branch 'bug/rm7593-flash-otf' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-bug/rm7593-flash-otf
2012-12-08 17:16:14 -06:00
3f1cfcc184
More changes
2012-12-07 13:47:07 -06:00
1aaecbcf0c
cleanup and user agent check
2012-12-07 20:38:08 +01:00
a1336c7b5a
Some more changes
2012-12-07 13:32:44 -06:00
9838a2c75f
This never works for us. Gonna ditch it.
2012-12-07 13:02:26 -06:00
b0be8dc4df
history exploit cleanup
2012-12-07 19:23:00 +01:00
38f2348c33
First changes
2012-12-07 11:27:09 -06:00
a872362a65
Merge branch 'maxthon3' of git://github.com/malerisch/metasploit-framework into maxthon
2012-12-07 11:17:15 -06:00
8812285678
Move print of my_target.name to after nil check
...
Avoids
"Exception handling request: undefined method `name' for nil:NilClass"
when we don't have a target for the connecting browser.
[FixRM #7593 ]
2012-12-07 11:00:24 -06:00
5e28563e4e
Advisories URLs changed
2012-12-05 14:33:25 -08:00
b395f8f96d
Only XP for target coverage
2012-11-27 10:48:20 -06:00
2e71fc740e
No badchars, then no need to have the key
2012-11-27 10:46:20 -06:00
8c53b275c6
Added module for cve-2012-3753
2012-11-27 12:10:00 +01:00
6dfda6da37
Added Maxthon3 Cross Context Scripting (XCS) exploits for Win
2012-11-24 15:53:58 -08:00
89ddedf773
If no badchars, no need to specify.
2012-11-23 18:46:50 -06:00
4c9b8d4567
targets updated
2012-11-23 18:48:59 +01:00
52ff38ad8a
add module for cve-2012-3752
2012-11-22 19:56:12 +01:00
91e6b7cd28
added ie8 target
2012-10-31 11:57:38 +01:00
ec8a2955e1
Add OSVDB-86723 Aladdin Knowledge System ChooseFilePath Bof
2012-10-31 03:32:43 -05:00
ede5d0f46b
This is meant to be a warning, so we use print_warning
2012-10-24 00:55:54 -05:00
799c22554e
Warn user if a file/permission is being modified during new session
2012-10-24 00:54:17 -05:00
910644400d
References EDB cleanup
...
All other types of references use String arguments, but approximately half
of the EDB references use Fixnums. Fix this by using Strings here too.
2012-10-23 21:02:09 +02:00
e9f7873afc
Version cleanup
...
Remove all values that are neither 0 nor $Revision$.
2012-10-22 20:57:02 +02:00
60dc83748c
Update modules/exploits/windows/browser/mozilla_mchannel.rb
2012-10-17 12:25:44 -03:00
55c0cda86c
Merge branch 'fix_vprint_reduceright' of git://github.com/kernelsmith/metasploit-framework into kernelsmith-fix_vprint_reduceright
2012-10-11 16:55:52 -05:00
c911eeece2
change vprint_error to print_error
...
exploits/windows/browser/mozilla_reduceright does not tell you when an
incompatible browser connects like most other browser exploits do
(unless verbose is true). This change just changes the vprint to print
to be more consistent w/other browser exploits
2012-10-11 16:51:17 -05:00
1ea73b7bd2
Small description change and favor the use of print_error
2012-10-10 13:37:23 -05:00
f32ce87071
delete comment added by error
2012-10-10 19:32:25 +02:00
13e914d65e
added on_new_session handler to warn users about cleanup
2012-10-10 19:31:38 +02:00
37dc19951b
Added module for ZDI-12-169
2012-10-10 19:14:54 +02:00
0acd9e4eec
Merge branch 'ms10_002_ropdb_update' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-ms10_002_ropdb_update
2012-10-07 17:49:45 +02:00
bdb9b75e1e
Use RopDb, and print what target the module has selected.
2012-10-07 01:42:29 -05:00
5b656087b5
Use RopDb in adobe_flash_otf_font, also cleaner code & output
2012-10-06 21:03:41 -05:00
94d5eb7a8c
Use RopDb in MS11-050, and correct autopwninfo
2012-10-06 01:45:40 -05:00
769fa3743e
Explain why the user cannot modify the URIPATH
2012-10-05 17:24:06 -05:00
21ea77ff8b
Fix spaces
2012-10-05 15:40:37 -05:00
33db3d9610
RopDb for ntr_activex_check_bof.rb
2012-10-05 14:09:59 -05:00
f92843c96e
RopDb for ie_execcommand_uaf.rb
2012-10-05 13:49:17 -05:00
9a53a49625
RopDb for vlc_amv.rb
2012-10-05 12:54:16 -05:00
d9278d82f8
Adopt RopDb for msxml_get_definition_code_exec.rb
2012-10-05 12:20:41 -05:00
6fc8790dd7
Adopt RopDb for ms12_037_same_id.rb
2012-10-05 12:17:19 -05:00
1268614d54
Adopt RopDb for adobe_flash_mp4_cprt.rb
2012-10-05 11:15:53 -05:00
98931e339a
Adopt RopDb for adobe_flash_rtmp.rb
2012-10-05 11:05:19 -05:00
631a06f3bb
Adopt RopDb for adobe_flashplayer_flash10o.rb
2012-10-05 10:55:55 -05:00
77438d2fc7
Make URI modification more obvious, and let the user know why
2012-10-04 17:52:04 -05:00
6ef87d1695
update info to reflect use of webdav
...
ms10_042_helpctr_xss_cmd_exec.rb doesn't tell you that it's going to
use webdav, and it's options dont' have the (Don't change) warning for
SRVPORT and URIPATH. This update fixes all that
2012-10-04 14:09:53 -05:00
2db2c780d6
Additional changes
...
Updated get_target function, comment for original author, possible
bug in handling page redirection.
2012-09-24 17:38:19 -05:00
2784a5ea2d
added js obfuscation for heap spray
2012-09-24 21:28:34 +02:00
57b3aae9c0
Only JRE ROP is used
2012-09-24 10:21:02 -05:00
d476ab75cc
fix comment
2012-09-24 10:03:31 +02:00
f3a64432e9
Added module for ZDI-12-170
2012-09-24 10:00:38 +02:00
d3611c3f99
Correct the tab
2012-09-21 12:29:24 -05:00
25f4e3ee1f
Update patch information for MS12-063
2012-09-21 12:28:41 -05:00
54b98b4175
Merge branch 'ntr_activex_check_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ntr_activex_check_bof
2012-09-20 16:43:20 -05:00
4ead0643a0
Correct target parameters
2012-09-20 16:41:54 -05:00
41449d8379
Merge branch 'ntr_activex_stopmodule' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ntr_activex_stopmodule
2012-09-20 16:33:12 -05:00
a5ffe7297f
Touching up Kernelsmith's wording.
...
It is merely the ROP chain, not the vuln, that requires Java.
2012-09-20 14:52:52 -05:00
e98e3a1a28
added module for cve-2012-0266
2012-09-20 19:03:46 +02:00
b61c8b85b8
Added module for CVE-2012-02672
2012-09-20 19:02:20 +02:00
f1a39c76ed
update to ie_execcommand_uaf's info to add ROP info
...
This module requires the following dependencies on the target for the
ROP chain to function. For WinXP SP3 with IE8, msvcrt must be present
(which it is on default installs). For Vista/Win7 with IE8 or Win7
with IE9, ire 1.6.x or below must be installed.
2012-09-19 14:10:02 -05:00
cc8102434a
CVE assigned for the IE '0day'
2012-09-18 16:13:27 -05:00
25475ffc93
Msftidy fixes.
...
Whitespace on ie_execcommand_uaf, and skipping a known-weird caps check
on a particular software name.
2012-09-18 11:25:00 -05:00
5fbc4b836a
Add Microsoft advisory
2012-09-17 22:13:57 -05:00
75bbd1c48d
Being slightly more clear on Browser Not Supported
...
With this and the rest of sinn3r's fixes, it looks like we can close the
Redmine bug.
[FixRM #7242 ]
2012-09-17 11:16:19 -05:00
d77ab9d8bd
Fix URIPATH and nil target
...
Allow random and '/' as URIPATh, also refuse serving the exploit
when the browser is unknown.
2012-09-17 10:54:12 -05:00
48a46f3b94
Pack / Unpack should be V not L
...
Packing or unpacking to/from L, I, or S as pack types will cause
problems on big-endian builds of Metasloit, and are best avoided.
2012-09-17 09:52:43 -05:00
d77efd587a
Merge remote branch 'wchen-r7/ie_0day_execcommand'
2012-09-17 08:48:22 -05:00
5eaefcf4c7
This is the right one, I promise
2012-09-17 08:41:25 -05:00
8f50a167bd
This is the right module
2012-09-17 08:36:04 -05:00
e43cae70a7
Add IE 0day exploiting the execcommand uaf
2012-09-17 08:28:33 -05:00
39f2cbfc3c
Older targets confirmed for CoolType SING
2012-09-12 16:51:51 -05:00
783ffb13c2
Add Adobe security bulletin references
2012-09-04 00:07:53 -05:00
9d97dc8327
Add Metasploit blogs as references, because they're useful.
2012-09-03 15:57:27 -05:00
8e56d4f2eb
This reference is too damn useful, must add
2012-08-25 16:05:58 -05:00
d51f8cad25
Change title and description
2012-08-24 15:39:56 -05:00
57c6385279
heap spray from flash works pretty well on ie9 too
2012-08-22 20:47:11 +02:00
730c0e9368
added windows vista and w7 targets
2012-08-22 20:13:10 +02:00
f715527423
Improve CVE-2012-1535
2012-08-21 19:58:21 -05:00
d1370c0f33
Alexander Gavrun gets a cookie
2012-08-17 12:23:49 -05:00
53a835dc85
Imply that we only garantee 11.3
2012-08-17 12:18:45 -05:00
13df1480c8
Add exploit for CVE-2012-1535
2012-08-17 12:16:54 -05:00
44dd8b0cc5
Merge branch 'update_juan_author' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-update_juan_author
2012-08-06 19:04:26 +02:00
c2cc4b3b15
juan author name updated
2012-08-06 18:59:16 +02:00
349c841f6b
Blah, OSVDB ref shouldn't be a link
2012-08-06 11:57:59 -05:00
647b587f75
Merge branch 'Meatballs1-uplay'
2012-08-06 11:54:51 -05:00
69ff9e7c1c
Lots of changes before commit.
2012-08-06 11:54:08 -05:00
25b2b2de68
Merge branch 'uplay' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-uplay
2012-08-06 11:33:27 -05:00
13aca3fe4c
Merge branch 'oracle_autovue_setmarkupmode' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-oracle_autovue_setmarkupmode
2012-08-06 03:13:27 -05:00
79e04bb793
add osvdb ref
2012-08-05 09:02:11 -05:00
4e8a6f6508
Added module for CVE-2012-0549
2012-08-05 12:13:23 +02:00
1aacea951d
Serve files as hidden
2012-08-04 18:03:12 +01:00
833999b2c3
Changed blacklist to 404 all files that are not our share and executable - this allows windows/exec payload to work
2012-08-04 17:59:45 +01:00
2f1022a5a3
Merge branch 'uplay' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-uplay
2012-08-01 16:24:23 -05:00
4c28b2a310
modified autopwn_info to add ie9
2012-08-01 19:36:20 +02:00
d3c10d5d39
Added module for CVE-2012-0284
2012-08-01 19:34:37 +02:00
d66678e7ee
Forgot to randomize element ID
2012-07-31 17:25:50 -05:00
7a0b5a6169
Added module for CVE-2012-1876
2012-07-31 23:14:29 +02:00
75a9283fbf
Removed auto migrate as exploit loads in a seperate process to browser anyway
2012-07-31 20:44:14 +01:00
6f697ce519
Working with WebDAV
2012-07-31 20:26:47 +01:00
e7db0ebcef
Blah, removed the wrong ref.
2012-07-30 12:47:32 -05:00
edfe43e7e0
When I say to remove BID ref, I mean it...
2012-07-30 12:46:27 -05:00
e84214d1e1
Remove some references to avoid confusion.
...
rgod's poc and Mikado aren't actually the same thing, despite the
fact they both use the same method. To avoid confusion, refs to
Secunia and CVE are removed, but OSVDB/EDB are kept unless OSVDB
decides rgod's and Mikado's are separate issues.
2012-07-30 12:42:27 -05:00
f298dbbd04
Fixed to work with browser_autopwn
2012-07-30 16:43:21 +01:00
066020e572
Msftidy
2012-07-30 15:51:56 +01:00
404909cb95
Check as IE crashes if length > 693
2012-07-30 15:41:58 +01:00
690c381abd
Initial commit
2012-07-30 14:49:34 +01:00
0bbcac96ea
cleanup: delete revision metadata plus fix disc date
2012-07-26 15:04:15 +02:00
e885b84347
Added module for CVE-2012-0284
2012-07-26 13:08:24 +02:00
06974cbc43
This bug is now patched
2012-07-10 12:28:46 -05:00
73fcf73419
Added module for CVE-2011-2657
2012-07-09 18:03:16 +02:00
600ca5b1dd
Added module for CVE-2012-0708
2012-07-03 19:03:58 +02:00
e5dd6fc672
Update milw0rm references.
...
milw0rm.com is long gone, so all milw0rm references are just
a bunch of broken links. Change to exploit-db instead.
2012-06-28 14:27:12 -05:00
869aec5e3e
Update CVE/OSVDB/Milw0rm references for browser modules
2012-06-28 00:26:20 -05:00
94e28933c8
Whitespace fixes. msftidy.rb yall
2012-06-27 10:06:15 -05:00
348a0b8f6e
Merge branch 'master' into feature/vuln-info
2012-06-24 23:00:13 -05:00
c28d47dc70
Take into account an integer-normalized datastore
2012-06-24 23:00:02 -05:00
e31a09203d
Take into account an integer-normalized datastore
2012-06-24 22:59:14 -05:00
d708f2526c
Adding ref for APSB12-09 to new Flash sploit
2012-06-22 17:30:52 -05:00
72ef8c91f0
module for CVE-2012-0779 added
2012-06-23 00:21:18 +02:00
9d52ecfbb6
Fix a few mistakes (typos & reference)
2012-06-21 02:32:04 -05:00
f7ecc98923
Merge branch 'master' into feature/vuln-info
2012-06-20 13:34:53 -05:00
beb8e33fc4
Fix a typo
2012-06-20 09:53:09 -05:00
efaf5cf193
Oops, I found a typo.
2012-06-19 22:57:45 -05:00
9a9dd53e86
Use get_resource() instead of the hard-coded path
2012-06-19 22:56:25 -05:00
79fc053a2e
Merge branch 'module-CVE-2011-2110' of https://github.com/mrmee/metasploit-framework into mrmee-module-CVE-2011-2110
2012-06-19 22:05:07 -05:00
fcf42d3e7b
added adobe flashplayer array indexing exploit (CVE-2011-2110)
2012-06-20 12:52:37 +10:00
d40e39b71b
Additional exploit fail_with() changes to remove raise calls
2012-06-19 19:43:41 -05:00
a93eeca68d
msxml_get_definition_code_exec: added support for ie9
2012-06-20 00:17:50 +02:00
3b1c434252
Remove trailing space
2012-06-19 16:44:07 -05:00
fb7f6b49f0
This mega-diff adds better error classification to existing modules
2012-06-19 12:59:15 -05:00
f7a85f3f9d
Make it clear that this works on Vista SP2
2012-06-18 20:13:37 -05:00
4739affd54
Fix the comment as well
2012-06-18 19:57:56 -05:00
bd0fd8195d
Add compatibility for Vista SP2 from troulouliou
2012-06-18 19:55:52 -05:00
29887272a9
Correct the description to mention IE8 on Windows 7
2012-06-18 18:14:59 -05:00
256290c206
Additional changes
2012-06-18 10:49:16 -05:00
50269c910a
Add IE 8 targets
2012-06-18 10:44:52 -05:00
38926fb97c
Description and name change
2012-06-15 20:11:34 -05:00
c676708564
BrowserAutopwn info completed
2012-06-16 02:26:33 +02:00
ce241b7e80
BrowserAutopwn info completed
2012-06-16 02:18:01 +02:00
495ed2e434
BrowserAutopwn info added
2012-06-16 02:14:24 +02:00
8a89968a1d
Added module for CVE-2012-1889
2012-06-16 01:50:25 +02:00
99b9261294
Caps in title
2012-06-13 14:19:04 -05:00
42ee2b5c02
Add alienvault.com reference
2012-06-13 12:19:51 -05:00
6abb7bb987
Added module for CVE-2012-1875 as exploited in the wild
2012-06-13 18:33:26 +02:00
74c6eb6f78
Change the title and add a Microsoft reference.
...
This is a MS bug, therefore it's important to point out which
bulletin it belongs to.
2012-06-10 14:45:15 -05:00
a9ee2b3480
Use of make_nops
2012-06-08 19:20:58 +02:00
91f5f304cb
Added module for CVE-2011-2217
2012-06-08 18:10:20 +02:00
bd714017bb
samsung_neti_wiewer: add Space property for Payload
2012-06-07 16:00:36 +02:00
2f3b1effb9
Added module for OSVDB 81453
2012-06-07 12:47:09 +02:00
3f0431cf51
Massive whitespace destruction
...
Remove whitespace found at the end of the line
2012-06-06 00:36:17 -05:00
f438e6c121
Remove the 'Rop' key because we don't really use it
2012-06-05 16:07:23 -05:00
a30f104ee6
Fix space on Authors
2012-06-05 18:23:57 +02:00
93741770e2
Added module for CVE-2011-3400
2012-06-05 18:21:55 +02:00
4681ed1c1e
Whitespace, thanks msftidy.rb!
2012-05-31 18:18:27 -06:00
sinn3r
jvazquez-r7
Christian Mehlmauer
James Lee
malerisch
Michael Schierl
sput-nick
kernelsmith
Tod Beardsley
Steve Tornio
Meatballs1
HD Moore
Steven Seeley