Julian Vilas
73536f2ac0
Add support Java 8
2014-06-07 22:43:14 +02:00
Brendan Coles
6bef6edb81
Update efs_easychatserver_username.rb
...
Add targets for versions 2.0 to 3.1.
Add install path detection for junk size calculation.
Add version detection for auto targeting.
2014-06-08 06:36:18 +10:00
Meatballs
bf1a665259
Land #2657 , Dynamic generation of windows service executable functions
...
Allows a user to specify non service executables as EXE::Template as
long as the file has enough size to store the payload.
2014-06-07 13:28:20 +01:00
Julian Vilas
e7957bf999
Change GET request by random text
2014-06-05 01:33:00 +02:00
jvazquez-r7
c9bd0ca995
Add minor changes
2014-06-04 15:56:14 -05:00
jvazquez-r7
bb77327b09
Warn the user if the detected platform doesnt match target
2014-06-04 14:50:18 -05:00
jvazquez-r7
b76253f9ff
Add context to the socket
2014-06-04 14:25:01 -05:00
jvazquez-r7
77eeb5209a
Do small cleanups
2014-06-04 14:23:21 -05:00
jvazquez-r7
6c643f8837
Fix usage of Rex::Sockket::Tcp
2014-06-04 14:14:23 -05:00
jvazquez-r7
837668d083
use optiona argument for read_reply
2014-06-04 13:48:53 -05:00
jvazquez-r7
d184717e55
delete blank lines
2014-06-04 13:24:34 -05:00
jvazquez-r7
33a7bc64fa
Do some easy cleaning
2014-06-04 13:18:59 -05:00
jvazquez-r7
1ff539fc73
No sense to check two times
2014-06-04 12:48:20 -05:00
jvazquez-r7
7a5b5d31f9
Avoid messages inside check
2014-06-04 12:43:39 -05:00
jvazquez-r7
3869fcb438
common http breakpoint event
2014-06-04 12:41:23 -05:00
jvazquez-r7
9ffe8d80b4
Do some metadata cleaning
2014-06-04 12:33:57 -05:00
jvazquez-r7
079fe8622a
Add module for ZDI-14-136
2014-06-04 10:29:33 -05:00
Julian Vilas
b9d8f75f59
Add breakpoint autohitting
2014-06-03 23:34:40 +02:00
Julian Vilas
6061e5e713
Fix suggestions
2014-06-03 23:13:14 +02:00
jvazquez-r7
43699b1dfb
Don't clean env variable before using it
2014-06-03 09:56:19 -05:00
jvazquez-r7
b8a2cf776b
Do test
2014-06-03 09:52:01 -05:00
jvazquez-r7
05ed2340dc
Use powershell
2014-06-03 09:29:04 -05:00
jvazquez-r7
f918bcc631
Use powershell instead of mshta
2014-06-03 09:01:56 -05:00
joev
04ac07a216
Compress and base64 data to save bytes.
...
Reduced file size from 43kb to 12kb, yay.
2014-06-02 23:06:46 -05:00
joev
cf6b181959
Revert change to trailer(). Kill dead method.
...
* I verified that changes to PDF mixin do not affect any older modules that
generate PDF. I did this by (on each branch) running in irb, then
running the module and diffing the pdf's generated by each branch. There were
no changes.
2014-06-02 22:26:14 -05:00
joev
9f5dfab9ea
Add better interface for specifying custom #eol.
2014-06-02 22:26:11 -05:00
joev
feca6c4700
Add exploit for ajsif vuln in Adobe Reader.
...
* This refactors the logic of webview_addjavascriptinterface into a mixin (android.rb).
* Additionally, some behavior in pdf.rb had to be modified (in backwards-compatible ways).
Conflicts:
lib/msf/core/exploit/mixins.rb
2014-06-02 22:25:55 -05:00
jvazquez-r7
7f4702b65e
Update from rapid7 master
2014-06-02 17:41:41 -05:00
Tod Beardsley
d0d389598a
Land #3086 , Android Java Meterpreter updates
...
w00t.
2014-06-02 17:28:38 -05:00
jvazquez-r7
4840a05ada
Update from rapid7 master
2014-06-02 17:17:00 -05:00
jvazquez-r7
9574a327f8
use the new check also in exploit()
2014-06-02 14:38:33 -05:00
jvazquez-r7
3c38c0d87c
Dont be confident about string comparision
2014-06-02 14:37:29 -05:00
Tod Beardsley
b136765ef7
Nuke extra space at EOL
2014-06-02 14:22:01 -05:00
Tod Beardsley
ea383b4139
Make print/descs/case consistent
2014-06-02 13:20:01 -05:00
jvazquez-r7
d0241cf4c1
Add check method
2014-06-02 08:14:40 -05:00
jvazquez-r7
31af8ef07b
Check .NET version
2014-06-01 20:58:08 -05:00
Meatballs
3c5fae3706
Use correct include
2014-06-01 11:51:06 +01:00
Meatballs
4801a7fca0
Allow x86->x64 injection
2014-06-01 11:50:13 +01:00
jvazquez-r7
3ae4a16717
Clean environment variables
2014-05-30 12:21:23 -05:00
jvazquez-r7
b99b577705
Clean environment variable
2014-05-30 12:20:00 -05:00
jvazquez-r7
b27a95c008
Delete unused code
2014-05-30 12:08:55 -05:00
jvazquez-r7
e215bd6e39
Delete unnecessary code and use get_env
2014-05-30 12:07:59 -05:00
Michael Messner
76ed9bcf86
hedwig.cgi - cookie bof - return to system
2014-05-30 17:49:37 +02:00
Michael Messner
1ddc2d4e87
hedwig.cgi - cookie bof - return to system
2014-05-30 17:32:49 +02:00
jvazquez-r7
1dbd36a3dd
Check for the .NET dfsvc and use %windir%
2014-05-30 09:02:43 -05:00
jvazquez-r7
ffbcbe8cc1
Use cmd_psh_payload
2014-05-29 18:12:18 -05:00
jvazquez-r7
03889ed31f
Use cmd_psh_payload
2014-05-29 18:11:22 -05:00
Julian Vilas
60c5307475
Fix msftidy
2014-05-30 00:14:59 +02:00
Julian Vilas
9627bae98b
Add JDWP RCE for Windows and Linux
2014-05-29 23:45:44 +02:00
sinn3r
3a3d038904
Land #3397 - ElasticSearch Dynamic Script Arbitrary Java Execution
2014-05-29 12:21:21 -05:00
sinn3r
dfa61b316e
A bit of description change
2014-05-29 12:20:40 -05:00
jvazquez-r7
e145298c13
Add module for CVE-2014-0257
2014-05-29 11:45:19 -05:00
jvazquez-r7
6e122e683a
Add module for CVE-2013-5045
2014-05-29 11:42:54 -05:00
William Vu
53ab2aefaa
Land #3386 , a few datastore msftidy error fixes
2014-05-29 10:44:37 -05:00
William Vu
8a2236ecbb
Fix the last of the Set-Cookie msftidy warnings
2014-05-29 04:42:49 -05:00
jvazquez-r7
7a29ae5f36
Add module for CVE-2014-3120
2014-05-27 18:01:16 -05:00
William Vu
352e14c21a
Land #3391 , all vars_get msftidy warning fixes
2014-05-26 23:41:46 -05:00
Christian Mehlmauer
da0a9f66ea
Resolved all msftidy vars_get warnings
2014-05-25 19:29:39 +02:00
Christian Mehlmauer
df97c66ff5
Fixed check
2014-05-24 00:37:52 +02:00
Christian Mehlmauer
8d4d40b8ba
Resolved some Set-Cookie warnings
2014-05-24 00:34:46 +02:00
Tod Beardsley
efffbf751a
PHP module shouldnt zap CMD option (@wchen-r7)
...
As far as I can tell, there is no purpose for this cleanup. No other CMD
exec module takes pains to clear out CMD after run, and it looks like a
bad idea -- what happens when you rexploit?
2014-05-23 15:09:18 -05:00
Michael Messner
b85c0b7543
rop to system with telnetd
2014-05-23 20:51:25 +02:00
mercd
28459299b2
Update ibstat_path.rb
...
Add interface detection, defaulting to en0.
2014-05-22 14:16:04 -07:00
jvazquez-r7
b9464e626e
Delete unnecessary line
2014-05-21 10:18:03 -05:00
jvazquez-r7
af415c941b
[SeeRM #8803 ] Avoid false positives when checking fb_cnct_group
2014-05-20 18:44:28 -05:00
Jonas Vestberg
7cabfacfa3
Test adobe_flash_pixel_bender_bof on Safari 5.1.7
...
Added browser-requirement for Safari after successful test using Safari 5.1.7 with Adobe Flash Player 13.0.0.182 running on Windows 7 SP1.
2014-05-20 01:43:19 +02:00
Meatballs
52b182d212
Add a small note to bypassuac_injection concerning EXE::Custom
2014-05-19 22:00:35 +01:00
Meatballs
b84379ab3b
Note about EXE::Custom
2014-05-19 22:00:09 +01:00
Tod Beardsley
0ef2e07012
Minor desc and status updates, cosmetic
2014-05-19 08:59:54 -05:00
sinn3r
bf52c0b888
Land #3364 - Symantec Workspace Streaming Arbitrary File Upload
2014-05-19 00:25:33 -05:00
jvazquez-r7
2fb0dbb7f8
Delete debug print_status
2014-05-18 23:34:04 -05:00
jvazquez-r7
975cdcb537
Allow exploitation also on FF
2014-05-18 23:24:01 -05:00
Jonas Vestberg
033757812d
Updates to adobe_flash_pixel_bender_bof:
...
1. Added embed-element to work with IE11 (and Firefox). Removed browser-requirements for ActiveX (clsid and method).
2. Added Cache-Control header on SWF-download to avoid AV-detection (no disk caching = no antivirus-analysis :).
Testing performed:
Successfully tested with Adobe Flash Player 13.0.0.182 with IE9, IE10 and IE11 running on Windows 7SP1. (Exploit will trigger on FF29, although sandboxed.)
2014-05-18 22:43:51 +02:00
jvazquez-r7
1b68abe955
Add module for ZDI-14-127
2014-05-15 13:41:52 -05:00
William Vu
750b6fc218
Land #3348 , some Ruby warning fixes
2014-05-14 01:25:10 -05:00
William Vu
c421b8e512
Change if not to unless
2014-05-14 01:24:29 -05:00
Christian Mehlmauer
df4b832019
Resolved some more Set-Cookie warnings
2014-05-13 22:56:12 +02:00
agix
1a3b319262
rebase to use the mixin psexec
2014-05-13 16:04:40 +02:00
agix
d3f2414d09
Fix merging typo
2014-05-13 16:04:40 +02:00
Florian Gaultier
808f87d213
SERVICE_DESCRIPTION doesn't concern this PR
2014-05-13 16:04:39 +02:00
Florian Gaultier
6332957bd2
Try to add SERVICE_DESCRIPTION options to psexec, but it doesn't seem to work...
2014-05-13 16:04:39 +02:00
Florian Gaultier
5ecebc3427
Add options `SERVICE_NAME` and `SERVICE_DISPLAYNAME` to psexec and correct service payload generation
2014-05-13 16:04:37 +02:00
Florian Gaultier
ca7a2c7a36
Add string_to_pushes to use non fixed size service_name
2014-05-13 16:04:37 +02:00
Florian Gaultier
513f3de0f8
new service exe creation refreshed
2014-05-13 16:04:36 +02:00
Jeff Jarmoc
638ae477d9
Fix up spec. Rex::Proto::Http::ClientRequest handles & and = outside of Rex::Text::uri_encode, so mode doesn't affect them.
...
Fix erroneous typo char.
2014-05-12 12:10:30 -05:00
Jeff Jarmoc
5f523e8a04
Rex::Text::uri_encode - make 'hex-all' really mean all.
...
'hex-all' encoding was previously ignoring slashes.
This pull adds 'hex-noslashes' mode which carries forward the previous functionality, and replaces all existing references to 'hex-all' with 'hex-noslashes' It then adds a replacement 'hex-all' mode, which really encodes *ALL* characters.
2014-05-12 11:26:27 -05:00
Christian Mehlmauer
557cd56d92
fixed some ruby warnings
2014-05-10 23:31:02 +02:00
Tim Wright
a60558061c
re-enable x86 stager
2014-05-10 19:58:19 +01:00
Christian Mehlmauer
dee6b53175
fix java payload struts module
2014-05-10 00:19:40 +02:00
jvazquez-r7
6f837715f9
Land #3343 , @FireFart's new uri encoding for struts_code_exec_parameters
2014-05-09 14:37:58 -05:00
jvazquez-r7
38f3a19673
Try to beautify description
2014-05-09 14:35:06 -05:00
Christian Mehlmauer
43a85fc645
additional GET parameters
2014-05-09 21:21:04 +02:00
Christian Mehlmauer
ad83921a85
additional GET parameters
2014-05-09 21:15:28 +02:00
jvazquez-r7
f56ea01988
Add module
2014-05-09 10:27:41 -05:00
Christian Mehlmauer
53fde675e7
randomize meh parameter
2014-05-09 10:38:19 +02:00
Christian Mehlmauer
a3fff5401f
more code cleanup
2014-05-08 23:05:41 +02:00
Christian Mehlmauer
e7b7af2f75
fixed apache struts module
2014-05-08 22:15:52 +02:00
jvazquez-r7
6b41a4e2d9
Test Flash 13.0.0.182
2014-05-07 17:39:22 -05:00
jvazquez-r7
5fd732d24a
Add module for CVE-2014-0515
2014-05-07 17:13:16 -05:00
William Vu
e8bc89af30
Land #3337 , release fixes
2014-05-05 14:03:48 -05:00
Tod Beardsley
c97c827140
Adjust desc and ranking on ms13-053
...
Since it's likely to crash winlogin.exe in the normal use case
(eventually), I've kicked this down to Average ranking.
2014-05-05 13:46:19 -05:00
Tod Beardsley
3536ec9a74
Description update
2014-05-05 13:43:44 -05:00
Tod Beardsley
3072c2f08a
Update CVEs for RootedCon Yokogawa modules
...
Noticed they were nicely documented at
http://chemical-facility-security-news.blogspot.com/2014/03/ics-cert-publishes-yokogawa-advisory.html
We apparently never updated with CVE numbers.
2014-05-05 13:25:55 -05:00
sinn3r
6bfc9a8aa0
Land #3333 - Adobe Flash Player Integer Underflow Remote Code Execution
2014-05-05 10:39:26 -05:00
Christian Mehlmauer
073adc759d
Land #3334 , fix author by @julianvilas
2014-05-04 21:30:53 +02:00
Julian Vilas
dd7705055b
Fix author
2014-05-04 19:31:53 +02:00
OJ
7e37939bf2
Land #3090 - Windows NTUserMessageCall Win32k Kernel Pool Overflow (Schlamperei)
2014-05-04 16:41:17 +10:00
jvazquez-r7
5b150a04c6
Add testing information to description
2014-05-03 20:08:00 -05:00
jvazquez-r7
b4c7c5ed1f
Add module for CVE-2014-0497
2014-05-03 20:04:46 -05:00
julianvilas
36f9f342c1
Fix typo
2014-05-02 16:26:08 +02:00
Meatballs
56c5eac823
Message correction
2014-05-02 14:18:18 +01:00
Meatballs
69915c0de5
Message correction
2014-05-02 14:17:27 +01:00
jvazquez-r7
150b89e290
Land #3314 , @julianvilas's exploit for Struts CVE-2014-0094
2014-05-01 18:09:10 -05:00
jvazquez-r7
3dd3ceb3a9
Refactor code
2014-05-01 18:04:37 -05:00
jvazquez-r7
b7ecf829d3
Do first refactor
2014-05-01 16:39:53 -05:00
jvazquez-r7
195005dd83
Do minor style changes
2014-05-01 15:25:55 -05:00
jvazquez-r7
140c8587e7
Fix metadata
2014-05-01 15:24:16 -05:00
Julian Vilas
e0ee31b388
Modify print_error by fail_with
2014-05-01 20:19:31 +02:00
Julian Vilas
3374af83ab
Fix typos
2014-05-01 19:44:07 +02:00
jvazquez-r7
1483f02f83
Land #3306 , @xistence's alienvault's exploit
2014-05-01 09:25:07 -05:00
jvazquez-r7
1b39712b73
Redo response check
2014-05-01 09:10:16 -05:00
jvazquez-r7
78cefae607
Use WfsDelay
2014-05-01 09:07:26 -05:00
xistence
5db24b8351
Fixes/Stability AlienVault module
2014-05-01 14:53:55 +07:00
xistence
c12d72b58c
Changes to alienvault module
2014-05-01 10:39:11 +07:00
xistence
9bcf5eadb7
Changes to alienvault module
2014-05-01 10:10:15 +07:00
Julian Vilas
bd39af3965
Fix target ARCH_JAVA and remove calls to sleep
2014-05-01 00:51:52 +02:00
William Vu
8b138b2d37
Fix unquoted path in cleanup script
2014-04-30 16:34:33 -05:00
kaospunk
6b740b727b
Changes PATH to proper case
...
This changes PATH to Path
2014-04-30 17:26:36 -04:00
kaospunk
fdc81b198f
Adds the ability to specify path
...
This update allows an explicit path to be set rather
than purely relying on the TEMP environment variable.
2014-04-30 16:08:48 -04:00
julianvilas
8e8fbfe583
Fix msf-staff comments
2014-04-29 17:36:04 +02:00
julianvilas
b2c2245aff
Add comments
2014-04-29 11:24:17 +02:00
Julian Vilas
a78aae08cf
Add CVE-2014-0094 RCE for Struts 2
2014-04-29 03:58:04 +02:00
Julian Vilas
17a508af34
Add CVE-2014-0094 RCE for Struts 2
2014-04-29 03:50:45 +02:00
sinn3r
4c0a692678
Land #3312 - Update ms14-012
2014-04-28 18:48:20 -05:00
sinn3r
b1ac0cbdc7
Land #3239 - Added target 6.1 to module
2014-04-28 18:28:14 -05:00
jvazquez-r7
1c88dea7d6
Exploitation also works with flash 13
2014-04-28 16:23:05 -05:00
sinn3r
8a4c7b22ed
Land #3296 - Refactors firefox js usage into a mixin
2014-04-28 15:22:55 -05:00
sinn3r
d530c9c128
Land #3304 - Adobe Flash Player Type Confusion Remote Code Execution
2014-04-28 15:06:50 -05:00
Tod Beardsley
1b4fe90003
Fix msftidy warnings on wireshark exploits
2014-04-28 19:51:38 +01:00
Tod Beardsley
3bfdfb5cab
Grammar
2014-04-28 19:49:56 +01:00
Tod Beardsley
a5baea1a8e
Touch up print_ statements
2014-04-28 19:49:23 +01:00
jvazquez-r7
9a1b216fdb
Move module to new location
2014-04-28 11:55:26 -05:00
jvazquez-r7
51a5a901a8
Fix typo
2014-04-28 11:55:06 -05:00
jvazquez-r7
887dfc5f40
Fix RequiredCmd
2014-04-28 11:54:56 -05:00
jvazquez-r7
245b591247
Do module clean up
2014-04-28 11:45:40 -05:00
xistence
2e04bc9e4e
AlienVault OSSIM 4.3.1 unauthenticated SQLi RCE
2014-04-28 10:59:15 +07:00
jvazquez-r7
9ce5545034
Fix comments
2014-04-27 20:13:46 -05:00
jvazquez-r7
60e7e9f515
Add module for CVE-2013-5331
2014-04-27 10:40:46 -05:00
joev
f94d1f6546
Refactors firefox js usage into a mixin.
2014-04-24 15:09:48 -05:00
sinn3r
1353c62967
Land #3295 - Fix NoMethodError undefined method `body' for nil:NilClass
2014-04-24 13:53:58 -05:00
sinn3r
5c0664fb3b
Land #3292 - Mac OS X NFS Mount Privilege Escalation Exploit
2014-04-24 13:43:20 -05:00
sinn3r
656e60c35c
Land #3254 - Wireshark <= 1.8.12/1.10.5 wiretap/mpeg.c Stack BoF
2014-04-24 13:20:50 -05:00
sinn3r
cde9080a6a
Move module to fileformat
2014-04-24 13:17:08 -05:00
sinn3r
a39855e20d
Works for XP SP3 too
2014-04-24 13:16:24 -05:00
sinn3r
ba8d7801f4
Remove default target because there is no auto-select
2014-04-24 13:15:49 -05:00
sinn3r
2e76db01d7
Try to stick to the 100 columns per line rule
2014-04-24 13:15:12 -05:00
Tom Sellers
8f47edb899
JBoss_Maindeployer: improve feedback against CVE-2010-0738
...
The exploit against CVE-2010-0738 won't work when using GET or POST. In the existing code the request would fail and the function would return a nil. This would be passed to detect_platform without being checked and cause the module to crash ungracefully with the error:
Exploit failed: NoMethodError undefined method `body' for nil:NilClass
The first changes detect a 401 authentication message and provide useful feedback. Given that if, in any case, 'res' is not a valid or useful response the second change just terminates processing.
I've stayed with the module's coding style for consistency.
2014-04-24 12:37:14 -05:00
JoseMi
fd95d9ef38
Added english windows xp sp2 target
2014-04-23 17:32:56 +01:00
Joe Vennix
143aede19c
Add osx nfs_mount module.
2014-04-23 02:32:42 -05:00
Tod Beardsley
e514ff3607
Description and print_status fixes for release
...
@cdoughty-r7, I choose you! Or @wvu-r7.
2014-04-21 14:00:03 -05:00
Ken Smith
66b1c79da9
Update rop chain for versions 6.2 and 6.1
2014-04-21 13:27:14 -04:00
JoseMi
e25ca64641
It's solved the crash when double-click on the pcap file
2014-04-21 17:49:40 +01:00
JoseMi
3861541204
Add more rand_text_alpha functions
2014-04-19 18:37:58 +01:00
JoseMi
7bc546e69a
Add rand_text_alpha function
2014-04-19 17:45:28 +01:00
JoseMi
feea4c1fa6
ROP chain changed
2014-04-18 19:05:53 +01:00
William Vu
7d801e3acc
Land #3200 , goodbye LORCON modules :(
2014-04-18 12:32:22 -05:00
jvazquez-r7
acb12a8bef
Beautify and fix both ruby an AS
2014-04-17 23:32:29 -05:00
jvazquez-r7
91d9f9ea7f
Update from master
2014-04-17 15:32:49 -05:00
jvazquez-r7
749e141fc8
Do first clean up
2014-04-17 15:31:56 -05:00
Joe Vennix
8920e0cc80
Use octal encoding and -e, so that echo always works.
2014-04-17 01:17:46 -05:00
sinn3r
d7a63003a3
Land #3266 - MS14-012 Microsoft Internet Explorer CMarkup Use-After-Free
2014-04-15 18:35:18 -05:00
sinn3r
23c2a071cd
Small name change
2014-04-15 18:35:00 -05:00
sinn3r
7a4e12976c
First little bit at Bug 8498
...
[FixRM #8489 ] rhost/rport modification
2014-04-15 18:20:16 -05:00
jvazquez-r7
abd76c5000
Add module for CVE-2014-0322
2014-04-15 17:55:24 -05:00
Tod Beardsley
0b2737da7c
Two more java payloads that wanted to write RHOST
...
There are three total, and they're all copy-pasted from the original
module from 2009. I suspect this idiom isn't used at all any more -- I
can't detect a difference in the payload if I just declare a host being
cli.peerhost, rather than rewriting RHOST to be cli.peerhost.
[SeeRM #8498 ]
2014-04-14 22:22:30 -05:00
Tod Beardsley
775b0de3c0
Replace RHOST reassing with just host
...
This looks okay from debug (the host looks like it's generating okay)
but there may be some subtle thing I'm not seeing here. @wchen-r7 can
you glance at this please?
[SeeRM #8498 ]
2014-04-14 22:17:31 -05:00
JoseMi
e811e169dc
Cambios en el exploit
2014-04-14 16:31:54 +01:00
JoseMi
da26a39634
Add CVE-2014-2219 exploit for windows XP SP3
2014-04-14 16:16:10 +01:00
Ken Smith
c99f6654e8
Added target 6.1 to module
2014-04-11 09:59:11 -04:00
jvazquez-r7
fe066ae944
Land #3207 , @7a69 MIPS BE support for Fritz Box's exploit
2014-04-09 23:20:45 -05:00
jvazquez-r7
fdda69d434
Align things
2014-04-09 23:19:41 -05:00
jvazquez-r7
386e2e3d29
Do final / minor cleanup
2014-04-09 23:19:12 -05:00
sinn3r
b69662fa42
Land #3233 - eScan Password Command Injection
2014-04-11 11:05:48 -05:00
jvazquez-r7
0c8f5e9b7d
Add @Firefart's feedback
2014-04-11 10:21:33 -05:00
jvazquez-r7
b0b979ce62
Meterpreter sessions won't get root in this way
2014-04-09 16:59:12 -05:00
jvazquez-r7
a2ce2bfa56
Fix disclosure date
2014-04-09 16:41:49 -05:00
jvazquez-r7
ff232167a6
Add module for eScan command injection
2014-04-09 16:39:06 -05:00
sinn3r
2de210f1c3
Land #3216 - Update @Meatballs1 and @FireFart in authors.rb
2014-04-09 16:38:10 -05:00
sinn3r
eb9d3520be
Land #3208 - Sophos Web Protection Appliance Interface Authenticated Exec
2014-04-09 11:30:59 -05:00
Tod Beardsley
062175128b
Update @Meatballs and @FireFart in authors.rb
2014-04-09 10:46:10 -05:00
Brandon Perry
8428b37e59
move file to .rb ext
2014-04-09 05:17:14 -07:00
Brandon Perry
82c9b539ac
Fix disclosure date, earlier than I thought
2014-04-08 21:43:49 -05:00
Brandon Perry
3013704c75
Create sophos_wpa_iface_exec
...
This module exploits both bugs in http://www.zerodayinitiative.com/advisories/ZDI-14-069/
2014-04-08 21:21:43 -05:00
sinn3r
f3086085b6
Land #3204 - MS14-017 Microsoft Word RTF Object Confusion
2014-04-08 18:47:53 -05:00
Joe Vennix
fc841331d2
Add a test on echo to check for hex support.
...
* This is much nicer than checking version on userAgent, which
is often changed when rendered in an embedded webview.
2014-04-08 17:58:31 -05:00
sinn3r
a2b709b20e
Land #3189 - Vtiger Install Unauthenticated Remote Command Execution
2014-04-08 14:58:34 -05:00
sinn3r
4012dd0acc
Fix everything that needs to be fixed
2014-04-08 14:57:42 -05:00
Fabian Bräunlein
8dce80fd30
Added Big Endianess, improved check()-Function
...
Some Fritz!Box devices also run in Big Endianess mode. However, since
"uname -a" always returns "mips" and the "file"-command is not
available, autodetection is not an easy task.
The check()-function now checks, whether the device is really
vulnerable.
Furthemore, it's possible to send 92 bytes.
2014-04-08 21:32:36 +02:00
Spencer McIntyre
3f6c8afbe3
Fix typo of MSCOMCTL not MCCOMCTL
2014-04-08 14:52:18 -04:00
Spencer McIntyre
85197dffe6
MS14-017 Word RTF listoverridecount memory corruption
2014-04-08 14:44:20 -04:00