kernelsmith
6ef87d1695
update info to reflect use of webdav
...
ms10_042_helpctr_xss_cmd_exec.rb doesn't tell you that it's going to
use webdav, and it's options dont' have the (Don't change) warning for
SRVPORT and URIPATH. This update fixes all that
2012-10-04 14:09:53 -05:00
sinn3r
fbc3709774
Change the title and regex a bit
2012-10-03 12:16:25 -05:00
jvazquez-r7
30846f4190
fix typo in comment
2012-10-03 16:06:00 +02:00
jvazquez-r7
24037ac79a
Added module for CVE-2011-4051
2012-10-03 16:03:36 +02:00
sinn3r
e39472f7d4
Merge branch 'zeroSteiner-module-ms11-080'
2012-10-02 12:01:01 -05:00
sinn3r
e36507fc05
Code cleanup and make msftidy happy
2012-10-02 12:00:23 -05:00
Spencer McIntyre
21e832ac1c
add call to memory protect to fix DEP environments
2012-10-01 18:49:18 -04:00
jvazquez-r7
6679ff765a
remove extra commas
2012-09-28 12:21:59 +02:00
sinn3r
4087790cf7
Oops, forgot to update the check() function
2012-09-27 18:22:57 -05:00
jvazquez-r7
9d3a1871a6
Added module for Samba CVE-2012-1182
2012-09-28 01:18:52 +02:00
Spencer McIntyre
c93692b06d
add a check to verify session is not already system for MS11-080
2012-09-27 08:36:13 -04:00
Spencer McIntyre
8648953747
added MS11-080 AFD JoinLeaf Windows Local Exploit
2012-09-26 11:01:30 -04:00
HD Moore
3ade5a07e7
Add exploit for phpmyadmin backdoor
2012-09-25 10:47:53 -05:00
sinn3r
1111de0197
Add OSVDB reference
2012-09-25 01:19:58 -05:00
sinn3r
2db2c780d6
Additional changes
...
Updated get_target function, comment for original author, possible
bug in handling page redirection.
2012-09-24 17:38:19 -05:00
sinn3r
03815b47f8
Merge branch 'ie_uaf_js_spray_obfuscate' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ie_uaf_js_spray_obfuscate
2012-09-24 17:14:26 -05:00
jvazquez-r7
25e6990dc7
added osvdb reference
2012-09-24 21:49:32 +02:00
jvazquez-r7
2784a5ea2d
added js obfuscation for heap spray
2012-09-24 21:28:34 +02:00
sinn3r
0e94340967
Merge branch 'auxilium' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-auxilium
2012-09-24 10:22:18 -05:00
sinn3r
57b3aae9c0
Only JRE ROP is used
2012-09-24 10:21:02 -05:00
sinn3r
98f4190288
Add Auxilium RateMyPet module
2012-09-24 10:16:11 -05:00
jvazquez-r7
d476ab75cc
fix comment
2012-09-24 10:03:31 +02:00
jvazquez-r7
f3a64432e9
Added module for ZDI-12-170
2012-09-24 10:00:38 +02:00
sinn3r
cade078203
Update author info
2012-09-22 02:29:20 -05:00
sinn3r
d3611c3f99
Correct the tab
2012-09-21 12:29:24 -05:00
sinn3r
25f4e3ee1f
Update patch information for MS12-063
2012-09-21 12:28:41 -05:00
jvazquez-r7
ed24154915
minor fixes
2012-09-21 11:36:58 +02:00
bcoles
6ee2c32f08
add ZEN Load Balancer module
2012-09-21 17:25:20 +09:30
sinn3r
54b98b4175
Merge branch 'ntr_activex_check_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ntr_activex_check_bof
2012-09-20 16:43:20 -05:00
sinn3r
4ead0643a0
Correct target parameters
2012-09-20 16:41:54 -05:00
sinn3r
41449d8379
Merge branch 'ntr_activex_stopmodule' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ntr_activex_stopmodule
2012-09-20 16:33:12 -05:00
Tod Beardsley
a5ffe7297f
Touching up Kernelsmith's wording.
...
It is merely the ROP chain, not the vuln, that requires Java.
2012-09-20 14:52:52 -05:00
Tod Beardsley
883dc26d73
Merge remote branch 'kernelsmith/ie_execcommand_uaf_info'
2012-09-20 14:48:36 -05:00
jvazquez-r7
e98e3a1a28
added module for cve-2012-0266
2012-09-20 19:03:46 +02:00
jvazquez-r7
b61c8b85b8
Added module for CVE-2012-02672
2012-09-20 19:02:20 +02:00
David Maloney
f75ff8987c
updated all my authour refs to use an alias
2012-09-19 21:46:14 -05:00
kernelsmith
f1a39c76ed
update to ie_execcommand_uaf's info to add ROP info
...
This module requires the following dependencies on the target for the
ROP chain to function. For WinXP SP3 with IE8, msvcrt must be present
(which it is on default installs). For Vista/Win7 with IE8 or Win7
with IE9, ire 1.6.x or below must be installed.
2012-09-19 14:10:02 -05:00
Ramon de C Valle
11f82de098
Update author information
2012-09-19 14:00:51 -03:00
sinn3r
cc8102434a
CVE assigned for the IE '0day'
2012-09-18 16:13:27 -05:00
Tod Beardsley
25475ffc93
Msftidy fixes.
...
Whitespace on ie_execcommand_uaf, and skipping a known-weird caps check
on a particular software name.
2012-09-18 11:25:00 -05:00
jvazquez-r7
8b251b053e
initializing msghdr a little better
2012-09-18 12:12:27 +02:00
jvazquez-r7
16c5df46fc
fix while testing ubuntu intrepid
2012-09-18 11:52:50 +02:00
sinn3r
5fbc4b836a
Add Microsoft advisory
2012-09-17 22:13:57 -05:00
Tod Beardsley
75bbd1c48d
Being slightly more clear on Browser Not Supported
...
With this and the rest of sinn3r's fixes, it looks like we can close the
Redmine bug.
[FixRM #7242 ]
2012-09-17 11:16:19 -05:00
sinn3r
d77ab9d8bd
Fix URIPATH and nil target
...
Allow random and '/' as URIPATh, also refuse serving the exploit
when the browser is unknown.
2012-09-17 10:54:12 -05:00
Tod Beardsley
48a46f3b94
Pack / Unpack should be V not L
...
Packing or unpacking to/from L, I, or S as pack types will cause
problems on big-endian builds of Metasloit, and are best avoided.
2012-09-17 09:52:43 -05:00
Tod Beardsley
d77efd587a
Merge remote branch 'wchen-r7/ie_0day_execcommand'
2012-09-17 08:48:22 -05:00
sinn3r
5eaefcf4c7
This is the right one, I promise
2012-09-17 08:41:25 -05:00
sinn3r
8f50a167bd
This is the right module
2012-09-17 08:36:04 -05:00
sinn3r
e43cae70a7
Add IE 0day exploiting the execcommand uaf
2012-09-17 08:28:33 -05:00