infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
32,633 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

1303 Commits (6977a12dd83089041cf79b49649858381508c8b4)

Author SHA1 Message Date
Tod Beardsley b5794db973
Spelling 2015-02-03 14:10:47 -06:00
Tod Beardsley edd5ec3b0d
Refactor and rename of @sgabe's module 
Renamed because it's not just MBAM, and having malwarebytes in the name
is more memorable anyway.

This refactor's @sgabe's original module to prefer if/else over
unless/else, clearly labelling variables, and wrapping up discrete
functionality into specific methods, and adds an OSVDB and the original
discoverer's URL.
 2015-02-03 14:08:25 -06:00
sinn3r bb9c961847 Change description a bit 2015-01-27 12:14:55 -06:00
sinn3r 2dedaee9ca Working version after the upgrade 2015-01-27 12:02:36 -06:00
sinn3r 9e3388df34 Use BES for MS13-037 and default to ntdll 2015-01-27 00:18:36 -06:00
Tod Beardsley bae19405a7
Various grammar, spelling, word choice fixes 2015-01-26 11:00:07 -06:00
sgabe dbe5dd77e3 Enforce update to real versions 2015-01-25 10:53:14 +01:00
Gabor Seljan 2680e76e26 Remove wrong references 2015-01-25 00:17:30 +01:00
sgabe affc661524 Add module for CVE-2014-4936 2015-01-18 17:18:05 +01:00
sgabe 68dc3ce876 Minor code formatting 2015-01-15 19:33:08 +01:00
sinn3r 57904773e7 Configurable resource 2015-01-15 10:28:03 -06:00
Gabor Seljan ef0be946b1 Use HttpServer instead of TcpServer 2015-01-15 10:39:17 +01:00
sgabe da0fce1ea8 Add module for CVE-2014-2206 2015-01-14 22:04:30 +01:00
jvazquez-r7 b1453afb52
Land #4297, fixes #4293, Use OperatingSystems::Match::WINDOWS 
* instead of Msf::OperatingSystems::WINDOWS
 2014-12-12 18:19:58 -06:00
Christian Mehlmauer 0f27c63720
fix msftidy warnings 2014-12-12 13:16:21 +01:00
Tod Beardsley 79f2708a6e
Slight fixes to grammar/desc/whitespace 
Note that the format_all_drives module had a pile of CRLFs that should
have been caught by msftidy. Not sure why it didn't.
 2014-12-04 13:11:33 -06:00
sinn3r 2fcbcc0c26 Resolve merge conflict for ie_setmousecapture_uaf (#4213) 
Conflicts:
	modules/exploits/windows/browser/ie_setmousecapture_uaf.rb
 2014-12-03 14:12:15 -06:00
sinn3r a631ee65f6 Fix #4293 - Use OperatingSystems::Match::WINDOWS 
Fix #4293. Modules should use OperatingSystems::Match::WINDOWS
instead of Msf::OperatingSystems::WINDOWS, because the second
won't match anything anymore.
 2014-12-02 13:46:27 -06:00
sinn3r a88ee0911a Fix os detection 
See #3373
 2014-12-02 01:15:55 -06:00
sinn3r a42c7a81e7 Fix os detection 
See #4283
 2014-12-02 01:13:51 -06:00
sinn3r 0f973fdf2b Fix #4284 - Typo "neline" causing the exploit to break 
"neline" isn't supposed to be there at all.
 2014-12-01 01:24:30 -06:00
sinn3r 2a7d4ed963 Touchup 2014-11-28 10:12:05 -06:00
spdfire 583494c0db use BrowserExploitServer 2014-11-24 18:49:27 +01:00
spdfire 08a67d78c5 module for CVE-2014-6332. 2014-11-24 08:25:18 +01:00
Rich Lundeen 27d5ed624f fix for IE9 exploit config 2014-11-14 17:21:59 -08:00
Rich Lundeen 17ab0cf96e ADD winxpIE8 exploit for MS13-080 2014-11-14 17:16:51 -08:00
sinn3r 0dbfecba36 Better method name 
Should be srvhost, not lhost
 2014-11-07 02:23:34 -06:00
sinn3r 579481e5f8 Explain why I did this 
Also tagging Fix #4133
 2014-11-06 14:25:11 -06:00
sinn3r f210ade253 Use SRVHOST for msvidctl_mpeg2 2014-11-06 14:23:21 -06:00
URI Assassin 35d3bbf74d
Fix up comment splats with the correct URI 
See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
 2014-10-17 11:47:33 -05:00
James Lee a65ee6cf30
Land #3373, recog 
Conflicts:
	Gemfile
	Gemfile.lock
	data/js/detect/os.js
	lib/msf/core/exploit/remote/browser_exploit_server.rb
	modules/exploits/android/browser/webview_addjavascriptinterface.rb
 2014-10-03 18:05:58 -05:00
jvazquez-r7 b021ff4399 Add noche tags 2014-09-23 13:11:06 -05:00
jvazquez-r7 5c6236e874 Fix rop chain to allow VirtualAlloc when end of stack is too close 2014-09-23 13:08:26 -05:00
jvazquez-r7 64ac1e6b26 Rand padding 2014-09-17 08:09:09 -05:00
jvazquez-r7 e593a4c898 Add comment about gadgets origin 2014-09-16 16:38:03 -05:00
jvazquez-r7 80f02c2a05 Make module ready to go 2014-09-16 15:18:11 -05:00
jvazquez-r7 3a6066792d Work in rop chain... 2014-09-13 17:38:19 -05:00
jvazquez-r7 e2ef927177 Add first version for ZDI-14-255 2014-09-12 08:57:54 -05:00
HD Moore 6d92d701d7 Merge feature/recog into post-electro master for this PR 2014-08-16 01:19:08 -05:00
jvazquez-r7 042423088c Make sure which the full payload is used 2014-08-12 11:41:29 -05:00
Meatballs 7583ed4950
Merge remote-tracking branch 'upstream/master' into pr2075 2014-07-16 20:34:34 +01:00
jvazquez-r7 8937fbb2f5 Fix email format 2014-07-11 12:45:23 -05:00
HD Moore 43d65cc93a Merge branch 'master' into feature/recog 
Resolves conflicts:
	Gemfile
	data/js/detect/os.js
	modules/exploits/android/browser/webview_addjavascriptinterface.rb
 2014-07-06 09:17:44 -05:00
jvazquez-r7 870fa96bd4 Allow quotes in CmdStagerFlavor metadata 2014-06-27 08:34:56 -04:00
jvazquez-r7 91e2e63f42 Add CmdStagerFlavor to metadata 2014-06-27 08:34:55 -04:00
jvazquez-r7 7ced5927d8 Use One CMDStagermixin 2014-06-27 08:34:55 -04:00
Spencer McIntyre ae25c300e5 Initial attempt to unify the command stagers. 2014-06-27 08:34:55 -04:00
Christian Mehlmauer 03fa858089
Added newline at EOF 2014-06-17 21:05:00 +02:00
Christian Mehlmauer 8e1949f3c8
Added newline at EOF 2014-06-17 21:03:18 +02:00
HD Moore 583dab62b2 Introduce and use OS matching constants 2014-05-28 14:35:22 -05:00
Jonas Vestberg 7cabfacfa3 Test adobe_flash_pixel_bender_bof on Safari 5.1.7 
Added browser-requirement for Safari after successful test using Safari 5.1.7 with Adobe Flash Player 13.0.0.182 running on Windows 7 SP1.
 2014-05-20 01:43:19 +02:00
HD Moore ddc8a4f103 Merge branch 'master' of github.com:rapid7/metasploit-framework into feature/recog 2014-05-19 11:42:30 -05:00
jvazquez-r7 2fb0dbb7f8 Delete debug print_status 2014-05-18 23:34:04 -05:00
jvazquez-r7 975cdcb537 Allow exploitation also on FF 2014-05-18 23:24:01 -05:00
Jonas Vestberg 033757812d Updates to adobe_flash_pixel_bender_bof: 
1. Added embed-element to work with IE11 (and Firefox). Removed browser-requirements for ActiveX (clsid and method).
2. Added Cache-Control header on SWF-download to avoid AV-detection (no disk caching = no antivirus-analysis :).

Testing performed:
Successfully tested with Adobe Flash Player 13.0.0.182 with IE9, IE10 and IE11 running on Windows 7SP1. (Exploit will trigger on FF29, although sandboxed.)
 2014-05-18 22:43:51 +02:00
HD Moore a844b5c30a Merge branch 'master' of github.com:hmoore-r7/metasploit-framework into feature/recog 
Conflicts:
	Gemfile
	Gemfile.lock
	data/js/detect/os.js
	lib/msf/core/exploit/remote/browser_exploit_server.rb
 2014-05-18 10:50:32 -05:00
Jeff Jarmoc 5f523e8a04 Rex::Text::uri_encode - make 'hex-all' really mean all. 
'hex-all' encoding was previously ignoring slashes.
This pull adds 'hex-noslashes' mode which carries forward the previous functionality, and replaces all existing references to 'hex-all' with 'hex-noslashes'  It then adds a replacement 'hex-all' mode, which really encodes *ALL* characters.
 2014-05-12 11:26:27 -05:00
jvazquez-r7 6b41a4e2d9 Test Flash 13.0.0.182 2014-05-07 17:39:22 -05:00
jvazquez-r7 5fd732d24a Add module for CVE-2014-0515 2014-05-07 17:13:16 -05:00
jvazquez-r7 5b150a04c6 Add testing information to description 2014-05-03 20:08:00 -05:00
jvazquez-r7 b4c7c5ed1f Add module for CVE-2014-0497 2014-05-03 20:04:46 -05:00
jvazquez-r7 1c88dea7d6 Exploitation also works with flash 13 2014-04-28 16:23:05 -05:00
jvazquez-r7 9ce5545034 Fix comments 2014-04-27 20:13:46 -05:00
jvazquez-r7 60e7e9f515 Add module for CVE-2013-5331 2014-04-27 10:40:46 -05:00
Tod Beardsley e514ff3607
Description and print_status fixes for release 
@cdoughty-r7, I choose you! Or @wvu-r7.
 2014-04-21 14:00:03 -05:00
Meatballs 67f44072ca
Merge remote-tracking branch 'upstream/master' into pr2075 2014-04-19 18:45:55 +01:00
jvazquez-r7 acb12a8bef Beautify and fix both ruby an AS 2014-04-17 23:32:29 -05:00
jvazquez-r7 91d9f9ea7f Update from master 2014-04-17 15:32:49 -05:00
jvazquez-r7 749e141fc8 Do first clean up 2014-04-17 15:31:56 -05:00
sinn3r 23c2a071cd Small name change 2014-04-15 18:35:00 -05:00
jvazquez-r7 abd76c5000 Add module for CVE-2014-0322 2014-04-15 17:55:24 -05:00
Meatballs 38d8df4040
Merge remote-tracking branch 'upstream/master' into pr2075 
Conflicts:
	modules/exploits/windows/local/wmi.rb
 2014-04-15 22:06:45 +01:00
Tod Beardsley 062175128b
Update @Meatballs and @FireFart in authors.rb 2014-04-09 10:46:10 -05:00
HD Moore a7a0a306f9 Fix usage of os_flavor for target matching 2014-04-02 07:23:30 -07:00
HD Moore 55d9928186 Fix use of os_flavor to ensure correct target matching 2014-04-02 07:21:54 -07:00
HD Moore be4a366eab Fix up two modules using the old os_flavor definition 2014-04-02 07:19:47 -07:00
HD Moore 7e227581a7 Rework OS fingerprinting to match Recog changes 
This commit changes how os_name and os_flavor are handled
for client-side exploits, matching recent changes to the
server-side exploits and scanner fingerprints.

This commit also updates the client-side fingerprinting to
take into account Windows 8.1 and IE 9, 10, and 11.
 2014-04-01 08:14:58 -07:00
sinn3r 466096f637 Add MSB number to name 2014-03-28 20:33:40 -05:00
jvazquez-r7 f7b1874e7d
Land #3151, @wchen-r7's use of BrowserExploitServer in ms13-59's exploit 2014-03-28 14:43:38 -05:00
sinn3r 8ec10f7438 Use BrowserExploitServer for MS13-059 module 2014-03-26 17:49:01 -05:00
jvazquez-r7 19918e3207
Land #3143, @wchen-r7's switch to BrowserExploitServer on ie_setmousecapture_uaf 2014-03-26 14:16:35 -05:00
sinn3r fdc355147f Use BrowserExploitServer mixin for ie_setmousecapture_uaf.rb 2014-03-25 18:41:47 -05:00
sinn3r 6c206e4ced Add a comment about what this build version range is covering 2014-03-25 11:43:13 -05:00
sinn3r 7108d2b90a Add ua_ver and mshtml_build requirements 
This vulnerability is specific to certain builds of IE9.
 2014-03-25 11:35:35 -05:00
Tod Beardsley cfdd64d5b1
Title, description grammar and spelling 2014-03-24 12:16:59 -05:00
jvazquez-r7 a5afd929b4 Land #3120, @wchen-r7's exploit for CVE-2014-0307 2014-03-20 11:16:40 -05:00
jvazquez-r7 8cb7bc3cbe Fix typo 2014-03-20 11:13:57 -05:00
sinn3r c5158a3ccc Update CVE 2014-03-19 22:13:23 -05:00
Tod Beardsley d27264b402
Land #2782, fix expand_path abuse 2014-03-19 08:41:28 -05:00
sinn3r 2e76faa076 Add MS14-012 Internet Explorer Use-After-Free Exploit Module 
Add MS14-012 IE UAF.
 2014-03-18 17:55:56 -05:00
William Vu 25ebb05093 Add next chunk of fixes 
Going roughly a third at a time.
 2014-03-11 12:23:59 -05:00
OJ 3ea3968d88
Merge branch 'upstream/master' into stop_abusing_expand_path 
Conflicts:
	lib/msf/core/post/windows/shadowcopy.rb
	modules/exploits/windows/local/bypassuac.rb
	modules/post/windows/gather/wmic_command.rb
	modules/post/windows/manage/persistence.rb
 2014-03-11 23:13:39 +10:00
Meatballs b8b36ef528
Merge remote-tracking branch 'upstream/master' into pr2075 2014-02-14 22:52:55 +00:00
William Vu e6905837eb
Land #2960, rand_text_alpha for amaya_bdo 2014-02-10 16:44:11 -06:00
Tod Beardsley 1236a4eb07
Fixup on description and some option descrips 2014-02-10 14:41:59 -06:00
Meatballs c37cb5075c
Merge remote-tracking branch 'upstream/master' into pr2075 2014-02-08 22:11:31 +00:00
David Maciejak 32c02dd56a Added some randomness 2014-02-08 11:27:25 +08:00
jvazquez-r7 a18de35fa7 Add module for ZDI-14-011 2014-02-06 18:25:36 -06:00
dukeBarman 88c283880a Fix bugs 2014-01-18 17:04:46 -05:00
dukeBarman 766c408d86 Add CVE-2013-0634: Adobe Flash Player 11.5 memory corruption 2014-01-18 11:07:11 -05:00