William Vu
91ba25a898
Land #4208 , psexec delay fix
2014-11-17 11:35:56 -06:00
HD Moore
9fe4994492
Chris McNab has been working with MITRE to add these CVEs
...
These CVEs are not live yet, but have been confirmed by cve-assign
t
2014-11-16 18:42:53 -06:00
Rich Lundeen
27d5ed624f
fix for IE9 exploit config
2014-11-14 17:21:59 -08:00
Rich Lundeen
17ab0cf96e
ADD winxpIE8 exploit for MS13-080
2014-11-14 17:16:51 -08:00
sinn3r
e194d5490d
See #4162 - Don't delay before deleting a file via SMB
...
So I was looking at issue #4162 , and on my box I was seeing this
problem of the exploit failing to delete the payload in C:\Windows,
and the error was "Rex::Proto::SMB::Exceptions::NoReply The SMB
server did not reply to our request". I ended up removing the sleep(),
and that got it to function properly again. The box was a Win 7 SP1.
I also tested other Winodws boxes such as Win XP SP3, Windows Server
2008 SP2 and not having the sleep() doesn't seem to break anything.
So I don't even know why someone had to add the sleep() in the first
place.
2014-11-14 15:45:37 -06:00
Tod Beardsley
dd1920edd6
Minor typos and grammar fixes
2014-11-13 14:48:23 -06:00
jvazquez-r7
31f3aa1f6d
Refactor create packager methods
2014-11-13 01:16:15 -06:00
jvazquez-r7
38a96e3cfc
Update target info
2014-11-13 00:56:42 -06:00
jvazquez-r7
e25b6145f9
Add module for MS14-064 bypassing UAC through python for windows
2014-11-13 00:56:10 -06:00
jvazquez-r7
c35dc2e6b3
Add module for CVE-2014-6352
2014-11-12 01:10:49 -06:00
sinn3r
0dbfecba36
Better method name
...
Should be srvhost, not lhost
2014-11-07 02:23:34 -06:00
sinn3r
579481e5f8
Explain why I did this
...
Also tagging Fix #4133
2014-11-06 14:25:11 -06:00
sinn3r
f210ade253
Use SRVHOST for msvidctl_mpeg2
2014-11-06 14:23:21 -06:00
jvazquez-r7
54c1e13a98
Land #4140 , @wchen-r7's default template for adobe_pdf_embedded_exe
...
* Fixes #4134
* Adds a default PDF template
2014-11-05 20:21:14 -06:00
sinn3r
1b2554bc0d
Add a default template for CVE-2010-1240 PDF exploit
2014-11-05 17:08:38 -06:00
sinn3r
9a27984ac1
switch from error to switch
2014-11-03 13:56:41 -06:00
sinn3r
a823ca6b2f
Add support for HTTP authentication. And more informative.
2014-11-03 13:46:53 -06:00
jvazquez-r7
6574db5dbb
Fix the 64 bits code
2014-10-30 17:01:59 -05:00
Meatballs
4f61710c9a
Merge remote-tracking branch 'upstream/master' into psexec_refactor_round2
2014-10-28 20:26:44 +00:00
jvazquez-r7
5e0993d756
Add OJ as author
2014-10-28 09:58:34 -05:00
Spencer McIntyre
830f631da4
Make the check routine less strict
2014-10-27 12:51:20 -04:00
Spencer McIntyre
46b1abac4a
More robust check routine for cve-2014-4113
2014-10-27 11:19:12 -04:00
jvazquez-r7
4406972b46
Do version checking minor cleanup
2014-10-27 09:32:42 -05:00
jvazquez-r7
c319ea91b3
Delete verbose print
2014-10-26 17:31:19 -05:00
jvazquez-r7
34697a2240
Delete 'callback3' also from 32 bits version
2014-10-26 17:28:35 -05:00
Spencer McIntyre
7416c00416
Initial addition of x64 target for cve-2014-4113
2014-10-26 16:54:42 -04:00
jvazquez-r7
a75186d770
Add module for CVE-2014-4113
2014-10-23 18:51:30 -05:00
Tod Beardsley
6812b8fa82
Typo and grammar
2014-10-20 11:02:09 -05:00
sinn3r
d1523c59a9
Land #3965 - BMC Track-It! Arbitrary File Upload
2014-10-17 19:47:42 -05:00
sinn3r
8b5a33c23f
Land #4044 - MS14-060 "Sandworm"
2014-10-17 16:46:32 -05:00
jvazquez-r7
70f8e8d306
Update description
2014-10-17 16:17:00 -05:00
jvazquez-r7
e52241bfe3
Update target info
2014-10-17 16:14:54 -05:00
sinn3r
ef1556eb62
Another update
2014-10-17 13:56:37 -05:00
jvazquez-r7
8fa648744c
Add @wchen-r7's unc regex
2014-10-17 13:46:13 -05:00
URI Assassin
35d3bbf74d
Fix up comment splats with the correct URI
...
See the complaint on #4039 . This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
jvazquez-r7
e5903562ee
Delete bad/incomplete validation method
2014-10-17 10:36:01 -05:00
sinn3r
a79427a659
I shoulda checked before git commit
2014-10-17 00:54:45 -05:00
sinn3r
4c0048f26a
Update description
2014-10-17 00:46:17 -05:00
jvazquez-r7
1d16bd5c77
Fix vulnerability discoverer
2014-10-16 18:01:45 -05:00
jvazquez-r7
807f1e3560
Fix target name
2014-10-16 17:58:45 -05:00
jvazquez-r7
c1f9ccda64
Fix ruby
2014-10-16 17:55:00 -05:00
jvazquez-r7
e40642799e
Add sandworm module
2014-10-16 16:37:37 -05:00
Tod Beardsley
9f6008e275
A couple OSVDB updates for recent modules
2014-10-14 13:39:36 -05:00
Tod Beardsley
4f8801eeba
Land #3651 , local Bluetooth exploit a @KoreLogic
...
This started life as #3653 . I'll take this out of unstable as well,
since it got there on commit b10cbe4f
2014-10-14 13:13:34 -05:00
Tod Beardsley
b1223165d4
Trivial grammar fixes
2014-10-14 12:00:50 -05:00
Pedro Ribeiro
4b7a446547
... and restore use of the complicated socket
2014-10-09 18:30:45 +01:00
Pedro Ribeiro
c78651fccc
Use numbers for version tracking
2014-10-09 18:29:27 +01:00
Jay Smith
7dd6a4d0d9
Merge in changes from @todb-r7.
2014-10-08 13:25:44 -04:00
jvazquez-r7
411f6c8b2d
Land #3793 , @mfadzilr's exploit for CVE-2014-6287, HFS remote code execution
2014-10-08 12:16:09 -05:00
jvazquez-r7
98b69e095c
Use %TEMP% and update ranking
2014-10-08 12:12:00 -05:00
jvazquez-r7
d90fe4f724
Improve check method
2014-10-08 12:03:16 -05:00
jvazquez-r7
25344aeb6a
Change filename
2014-10-08 11:55:33 -05:00
jvazquez-r7
909f88680b
Make exploit aggressive
2014-10-08 11:08:01 -05:00
jvazquez-r7
d02f0dc4b9
Make minor cleanup
2014-10-08 10:36:56 -05:00
jvazquez-r7
d913bf1c35
Fix metadata
2014-10-08 10:29:59 -05:00
Pedro Ribeiro
0a9795216a
Add OSVDB id and full disclosure URL
2014-10-08 08:25:41 +01:00
Pedro Ribeiro
d328b2c29d
Add exploit for Track-It! file upload vuln
2014-10-07 23:50:10 +01:00
James Lee
a65ee6cf30
Land #3373 , recog
...
Conflicts:
Gemfile
Gemfile.lock
data/js/detect/os.js
lib/msf/core/exploit/remote/browser_exploit_server.rb
modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-10-03 18:05:58 -05:00
sinn3r
b17396931f
Fixes #3876 - Move pxeexploit to local directory
2014-09-30 17:16:13 -05:00
Meatballs
d5959d6bd6
Land #2585 , Refactor Bypassuac with Runas Mixin
2014-09-28 09:24:22 +01:00
sinn3r
11b9a8a6ae
Land #3814 - Advantech WebAccess dvs.ocx GetColor BoF
2014-09-23 15:06:21 -05:00
jvazquez-r7
b021ff4399
Add noche tags
2014-09-23 13:11:06 -05:00
jvazquez-r7
5c6236e874
Fix rop chain to allow VirtualAlloc when end of stack is too close
2014-09-23 13:08:26 -05:00
sinn3r
31ecbfdc4e
Land #3756 - EMC AlphaStor Device Manager Opcode 0x75 Command Injection
2014-09-23 12:57:46 -05:00
mfadzilr
a2a2ca550e
add test result on different windows version
2014-09-20 20:06:30 +08:00
mfadzilr
dd71c666dc
added osvdb reference and software download url, use FileDropper method
...
for cleanup
2014-09-20 15:31:28 +08:00
mfadzilr
19ed594e98
using FileDropper method for cleanup
2014-09-20 10:52:21 +08:00
mfadzilr
677d035ce8
added proper regex for check function
...
add comment for changed code
2014-09-19 11:30:51 +08:00
jvazquez-r7
64ac1e6b26
Rand padding
2014-09-17 08:09:09 -05:00
jvazquez-r7
e593a4c898
Add comment about gadgets origin
2014-09-16 16:38:03 -05:00
jvazquez-r7
80f02c2a05
Make module ready to go
2014-09-16 15:18:11 -05:00
mfadzilr
978803e9d8
add proper regex
2014-09-16 21:49:02 +08:00
mfadzilr
783b03efb6
change line 84 as mubix advice, update disclosure date according to
...
bugtraq security list.
2014-09-15 17:21:05 +08:00
mfadzilr
9860ed340e
run msftidy, make correction for CVE format and space at EOL (line 77)
2014-09-15 13:13:25 +08:00
mfadzilr
f1d3c44f4f
exploit module for HTTP File Server version 2.3b, exploiting HFS scripting commands 'save' and 'exec'.
2014-09-15 12:59:27 +08:00
mfadzilr
74ef83812a
update module vulnerability information
2014-09-15 01:43:18 +08:00
mfadzilr
8b4b66fcaa
initial test
2014-09-14 12:26:02 +08:00
jvazquez-r7
3a6066792d
Work in rop chain...
2014-09-13 17:38:19 -05:00
jvazquez-r7
e2ef927177
Add first version for ZDI-14-255
2014-09-12 08:57:54 -05:00
sinn3r
0a6ce1f305
Land #3727 - SolarWinds Storage Manager exploit AND Msf::Payload::JSP
2014-09-09 17:21:03 -05:00
jvazquez-r7
df278dd2dc
Conver to exploit
2014-09-05 14:47:33 -05:00
jvazquez-r7
d4a8b7e00d
Move to exploits
2014-09-05 10:38:28 -05:00
jvazquez-r7
d041ee6629
Delete exploit modules from this branch
2014-09-05 10:29:24 -05:00
jvazquez-r7
f063dcf0f4
Land #3741 , @pedrib's module for CVE-2014-5005 Desktop Central file upload
2014-09-04 15:44:21 -05:00
jvazquez-r7
f466b112df
Minor cleaning on check
2014-09-04 15:43:59 -05:00
jvazquez-r7
74b8e8eb40
Change module filename
2014-09-04 15:39:34 -05:00
jvazquez-r7
7563c0bd0e
Use Gem::Version
2014-09-04 14:40:13 -05:00
jvazquez-r7
2615a7a3be
Favor \&\& and || operands
2014-09-04 14:35:37 -05:00
Pedro Ribeiro
f0e3fa18a3
Restore the original filename
2014-09-03 21:32:05 +01:00
Pedro Ribeiro
d69049008c
Refactor and rename desktopcentra_file_upload
...
- Rewrite check method
- Declare that v7 is also exploitable (tested and it works)
- Rename to dc_agentlogupload_file_upload to match the other DC module's naming convention
- Add CVE / OSVDB / Full disclosure references
2014-09-02 23:12:33 +01:00
Pedro Ribeiro
05856016c9
Add exploit for CVE-2014-5005
2014-09-02 23:09:10 +01:00
jvazquez-r7
8b1791da22
Modify modules to keep old behavior
2014-08-31 01:18:53 -05:00
Spencer McIntyre
1cdf1c2c6e
Land #3709 , @nnam's wing ftp admin console cmd exec
2014-08-29 13:46:01 -04:00
Spencer McIntyre
8095b4893c
Rename and apply rubocop style to wing_ftp_admin_exec
2014-08-29 13:42:11 -04:00
nnam
02bbd53b82
Fix failure messages for check().
2014-08-28 12:09:35 -07:00
Nicholas Nam
6c90a50e47
Handle res.nil case in check(). Revert check for res.nil in
...
execute_command() because it was failing prior to the reverse_shell
connecting.
2014-08-28 10:57:52 -07:00
Nicholas Nam
0788ce9745
Removed unused require and import. Handle the res.nil case in
...
execute_command() and authenticate().
2014-08-28 10:30:30 -07:00
jvazquez-r7
9d3d25a3b3
Solve conflicts
2014-08-28 10:19:12 -05:00
William Vu
9f6a40dfd6
Fix bad pack in mswin_tiff_overflow
...
Reported by @egyjuzer in #3706 .
2014-08-26 11:14:44 -05:00
Nicholas Nam
40b66fae33
Add Wing FTP Server post-auth remote command execution module
2014-08-26 07:28:41 -07:00