Brandon Turner
05f0d09828
Merge branch staging/electro-release into master
...
On August 15, shuckins-r7 merged the Metasploit 4.10.0 branch
(staging/electro-release) into master. Rather than merging with
history, he squashed all history into two commits (see
149c3ecc63
and
82760bf5b3
).
We want to preserve history (for things like git blame, git log, etc.).
So on August 22, we reverted the commits above (see
19ba7772f3
).
This merge commit merges the staging/electro-release branch
(62b81d6814
) into master
(48f0743d1b
). It ensures that any changes
committed to master since the original squashed merge are retained.
As a side effect, you may see this merge commit in history/blame for the
time period between August 15 and August 22.
2014-08-22 10:50:38 -05:00
Brandon Turner
19ba7772f3
Revert "Various merge resolutions from master <- staging"
...
This reverts commit 149c3ecc63
.
Conflicts:
lib/metasploit/framework/command/base.rb
lib/metasploit/framework/common_engine.rb
lib/metasploit/framework/require.rb
lib/msf/core/modules/namespace.rb
modules/auxiliary/analyze/jtr_postgres_fast.rb
modules/auxiliary/scanner/smb/smb_login.rb
msfconsole
2014-08-22 10:17:44 -05:00
inkrypto
7e2d474a26
Ranking, Version, Spacing Edit
2014-08-22 11:06:42 -04:00
Tod Beardsley
cad281494f
Minor caps, grammar, desc fixes
2014-08-18 13:35:34 -05:00
HD Moore
d8e82b9394
Lands #3655 , fixes pack operators
...
the commit.
he commit.
2014-08-17 17:25:52 -05:00
HD Moore
6d92d701d7
Merge feature/recog into post-electro master for this PR
2014-08-16 01:19:08 -05:00
Meatballs
0cc3bdfb35
Moar bad packs
2014-08-15 21:11:37 +01:00
inkrypto
7972da350d
Files move to appropriate directories and have proper formatting
2014-08-15 14:37:29 -04:00
Samuel Huckins
149c3ecc63
Various merge resolutions from master <- staging
...
* --ask option ported to new location
* --version option now works
* MSF version updated
* All specs passing
2014-08-15 11:33:31 -05:00
Jay Smith
b55f425ec0
Merge in changes from @todb-r7.
2014-08-14 17:22:07 -04:00
sinn3r
f91116a8e8
Land #3634 - Virtual box 3D Acceleration OpenGL Host escape
2014-08-13 20:08:13 -05:00
jvazquez-r7
127d094a8d
Dont share once device is opened
2014-08-13 16:13:38 -05:00
Meatballs
05a198bc96
Correct spelling
2014-08-13 14:06:25 +01:00
Meatballs
4a01c27ed4
Use get_env and good pack specifier
2014-08-13 10:59:22 +01:00
jvazquez-r7
da4b572a0d
Change module name
2014-08-12 17:17:26 -05:00
jvazquez-r7
3eccc12f50
Switch from vprint to print
2014-08-12 17:11:24 -05:00
jvazquez-r7
f203fdebcb
Use Msf::Exploit::Local::WindowsKernel
2014-08-12 17:09:39 -05:00
jvazquez-r7
e1debd68ad
Merge to update
2014-08-12 16:21:39 -05:00
jvazquez-r7
183b27ee27
There is only one target
2014-08-12 16:14:41 -05:00
jvazquez-r7
c8e4048c19
Some style fixes
2014-08-12 16:11:31 -05:00
jvazquez-r7
ea3d2f727b
Dont fail_with while checking
2014-08-12 16:09:59 -05:00
jvazquez-r7
042423088c
Make sure which the full payload is used
2014-08-12 11:41:29 -05:00
Meatballs
351b687759
Land #3612 , Windows Local Kernel exploits refactor
2014-08-10 22:05:06 +01:00
jvazquez-r7
486b5523ee
Refactor set_version
2014-08-09 02:17:07 -05:00
jvazquez-r7
d959affd6e
Delete debug message
2014-08-09 01:58:42 -05:00
jvazquez-r7
da04b43861
Add module for CVE-2014-0983
2014-08-09 01:56:38 -05:00
jvazquez-r7
b259e5b464
Update description again
2014-08-07 09:21:25 -05:00
jvazquez-r7
4af0eca330
Update target description
2014-08-07 09:11:01 -05:00
Brandon Turner
91bb0b6e10
Metasploit Framework 4.9.3-2014072301
...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJT0CeVAAoJEJMMBVMNnmqO/7AP/0CBRHjtgiR9VnFKSQ+iWTQV
iPNMBevn0mpSRq/gpoKCeFBZ6b+YQYrOLXDKVk62VV9LCslkr/P8LW8ul+m+JtB0
mM6V5esUXM1XhgGEyTnTLRx6BR/WQU1RHlb56ae3nZjQlwCuH/5zEmcy5toZxpsY
6HO46zE0GGBoLr/VgyYlfT08bfoQ+ICyJN0H5ixoovCc3iW0K1MNqLMfdani8zBJ
gYJaMysV7XtepumWWQMSC+b/EuertdXXzWDy2bwe0Q3cQXNXzrkPAvtMqucWG+gy
783OLKCPtVoEZiX87xAptkwmVCRdNGPclaWH7YRZDAh1tqBfRQUg72V/TIrOHCP1
/lYO7yp5pBQg+1UNnpH+xI2YePFfYdHpYDNT5FSQGOnQjJg30ll4SqCm7cVmo2h5
BRSYXkPCsQeXGaFarxGERNb8e+qN/WzSrHzY45tQw8mDuhg94tlf3VtDag3FXxhj
zCxd6bu+tdboVm7FERS85T46kxzmeIycZ4p+Sf7d8gXitl2RKbBdKFNDi1gzeK1T
yN7bDl4sL7qtDgZLXjFrnyC8vXyAqIrAgmFr2JywMBRm6TiCGQvgnrs+sScU3RFU
W2tblGbKQq+CwDeC59uQPqxRkm72SMUrKX9448VEQ+9XbKE3TMQ5Q4qCxmnw31Op
aJ0QgKJz8thZgafZc89I
=e1z9
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABCgAGBQJT4pb8AAoJEA+Ckxyj7hsHn+8P/3FlEYCmoqQ/JzsVtmP3Yi4Q
gBRva+crY831mCCQXFrPJBvWfmy5HOzVh+Zh7zWF0GQ1WuuMppHfR5ARFVwmiDs3
qwndhXwziDzBnznf0JKSgT5eJsH23s/ots1lyWymKJvPuT6hn6MRAHUawgnNmYR9
ttnawmHvCM9Iha2oz3nmkLcNd+83bdBfEWi5l8AQ7jJxwMC2/8VPpMscVVwXqPzd
CoQugAYZW5VeaEiGio5+19Ix9EPkIDvs6wnfGBtfPfeaOIDZV4XOFoIFUtEeZd5o
olvEpYvdqscy4Qujzn4C++3wX3bUxkIbHTJHgrKmlD83dI7Cu1JH716G+yfLoJo0
pQBWTGeWYKEh6leK/9J5Bo1/tOJ/ylbcbvH0Y0tmdu4icHar6uYe1QBrCB9xIdh1
F+xo4guYnVo616DXJQSwjIye83b5dBxACrfA3bqCnFVFgTM5jXGV1cqiBgs9Dl++
tIDPgUJkCe/bIdQ7PntlGRzxKihHahlxhCa++YaGKqSq7gXie8Rl4qgloIrbfNZ/
z3XsoOLNdbMGO7ip88Zjwq4Khj5WZu7ijfCtXO7GU1UJZL1tJ2yK2ic7ZDLc251Y
8EGMSTG53+6yvZYFtWMZeQzjwD2cpuF04dOmHOKi6KGJJ7KRPhn6gpsbc6U1mbH9
AjGcfOzhhcsY+WAQ7OG+
=Pjob
-----END PGP SIGNATURE-----
Merge tag '2014072301' into staging/electro-release
Conflicts:
Gemfile.lock
modules/post/windows/gather/credentials/gpp.rb
This removes the active flag in the gpp.rb module. According to Lance,
the active flag is no longer used.
2014-08-06 15:58:12 -05:00
Spencer McIntyre
b602e47454
Implement improvements based on feedback
2014-08-05 21:24:37 -07:00
Jon Hart
f25bb735a0
Land #3543 , @todb-r7's Rubocop cleanup of MS08-067
2014-08-04 14:35:30 -07:00
Spencer McIntyre
9cd6353246
Update mqac_write to use the mixin and restore pointers
2014-08-04 12:15:39 -07:00
Spencer McIntyre
a523898909
Apply rubocop suggestions for ms_ndproxy
2014-08-04 11:49:01 -07:00
Spencer McIntyre
86e2377218
Switch ms_ndproxy to use the new WindowsKernel mixin
2014-08-04 11:49:01 -07:00
Spencer McIntyre
58d29167e8
Refactor MS11-080 to use the mixin and for style
2014-08-04 11:49:01 -07:00
Joshua Smith
6c2b8f54cf
rubocop cleanup, long lines, etc
2014-08-03 23:19:08 -05:00
OJ
2b021e647d
Minor tidies to conform to standards
2014-08-03 23:19:08 -05:00
OJ
31c51eeb63
Move error messages to `check`
2014-08-03 23:19:08 -05:00
OJ
cbf15660bf
Add some small fixes to the MQAC local exploit
...
* Check for `INVALID_HANDLE_VALUE` when attempting to open the
device, as this is what is returned when the device doesn't exist.
* Make sure that we only run the exploit against tartgets that we
support directly to make sure we don't BSOD machines (such as what
happens with SP1/SP2).
* Add a call to `check` in the exploit code.
2014-08-03 23:19:08 -05:00
b00stfr3ak
add5cefe17
Change runas method to use lib
...
Changed runas method to use the new runas lib. Also did some rubocop
changes.
2014-08-01 17:13:24 -07:00
b00stfr3ak
df98098b0c
New shell_execute_option command
...
Also removed upload option
2014-08-01 17:12:04 -07:00
b00stfr3ak
5c2b074264
Matched bypassuac to upstream
2014-08-01 14:40:23 -07:00
b00stfr3ak
def652a50e
Merge https://github.com/rapid7/metasploit-framework into bypassuac/psh_option
2014-08-01 14:32:55 -07:00
Meatballs
15c1ab64cd
Quick rubocop
2014-07-31 23:11:00 +01:00
Meatballs
d336c56b99
Merge remote-tracking branch 'upstream/master' into land_2551
2014-07-31 23:06:37 +01:00
Meatballs
53b66f3b4a
Land #2075 , Powershell Improvements
2014-07-31 00:49:39 +01:00
Joshua Smith
e00d892f99
rubocop cleanup, long lines, etc
2014-07-28 22:04:45 -05:00
OJ
210342df5b
Minor tidies to conform to standards
2014-07-25 09:32:54 +10:00
OJ
9fe2dd59aa
Move error messages to `check`
2014-07-25 07:57:09 +10:00
OJ
3ec30bdf78
Add some small fixes to the MQAC local exploit
...
* Check for `INVALID_HANDLE_VALUE` when attempting to open the
device, as this is what is returned when the device doesn't exist.
* Make sure that we only run the exploit against tartgets that we
support directly to make sure we don't BSOD machines (such as what
happens with SP1/SP2).
* Add a call to `check` in the exploit code.
2014-07-24 14:48:29 +10:00
Jay Smith
042278ed6a
Update code to reflect @OJ code suggestions
2014-07-23 11:01:43 -04:00
Jay Smith
534a5d964b
Add CVE-2014-4971 BthPan local privilege escalation
...
Add CVE-2014-4971 BthPan local privilege escalation for Windows XP SP3
2014-07-22 18:17:06 -04:00
Jay Smith
0db3a0ec97
Update code to reflect @jlee-r7's code review
2014-07-22 15:14:24 -04:00
Jay Smith
125b2df8f5
Update code to reflect @hdmoore code suggestions
2014-07-22 14:53:24 -04:00
Spencer McIntyre
7f79e58e7f
Lots and cleanups based on PR feed back
2014-07-22 14:45:00 -04:00
Spencer McIntyre
5d9c6bea9d
Fix a typo and use the execute_shellcode function
2014-07-22 13:06:57 -04:00
Spencer McIntyre
12904edf83
Remove unnecessary target info and add url reference
2014-07-22 11:20:07 -04:00
Spencer McIntyre
ca0dcf23b0
Add a simple check method for cve-2014-4971
2014-07-22 10:54:10 -04:00
Spencer McIntyre
6a545c2642
Clean up the mqac escalation module
2014-07-22 10:39:34 -04:00
Spencer McIntyre
da4eb0e08f
First commit of MQAC arbitrary write priv escalation
2014-07-22 10:04:12 -04:00
Meatballs
b0a596b4a1
Update newer modules
2014-07-20 21:59:10 +01:00
Meatballs
474ee81807
Merge remote-tracking branch 'upstream/master' into pr2075
2014-07-20 21:01:54 +01:00
Jay Smith
2be6eb16a2
Add in exploit check and version checks
...
Move the initial checking for the vboxguest device and os checks
into the MSF check routine.
2014-07-17 14:56:34 -04:00
Tod Beardsley
b050b5d1df
Rubocop -a on MS08-067
...
This reduces the number of style guide violations from 230ish to 36.
Nearly all of it has to do with errant parameters, element alignment,
and comment blocks.
Obviously, since this was all automatically fixed, some pretty severe
testing should occur before landing this.
I kind of don't like the automatic styling of the arrays for the
references, but maybe I can get used to it. It's open for discussion.
@jhart-r7 please take a look at this as well -- anything jumping out at
you on this that we should be avoiding for Rubocop?
2014-07-17 12:29:20 -05:00
Trevor Rosen
bebf11c969
Resolves some Login::Status migration issues
...
MSP-10730
2014-07-16 21:52:08 -05:00
William Vu
a07656fec6
Land #3536 , msftidy INFO messages aren't blockers
2014-07-16 17:57:48 -05:00
Tod Beardsley
58558e8dfa
Allow INFO msftidy messages
...
INFO level messages should not block commits or be complained about on
merges. They should merely inform the user.
2014-07-16 15:29:23 -05:00
sinn3r
8733dcb2f8
Land #3531 - Windows 2008 Update for HP AutoPass License
2014-07-16 15:13:05 -05:00
William Vu
ff6c8bd5de
Land #3479 , broken sock.get fix
2014-07-16 14:57:32 -05:00
William Vu
b6ded9813a
Remove EOL whitespace
2014-07-16 14:56:34 -05:00
William Vu
25f74b79b8
Land #3484 , bad pack/unpack specifier fix
2014-07-16 14:52:23 -05:00
Meatballs
7583ed4950
Merge remote-tracking branch 'upstream/master' into pr2075
2014-07-16 20:34:34 +01:00
Jay Smith
6d49f6ecdd
Update code to reflect hdmoore's code review.
2014-07-16 14:29:17 -04:00
Spencer McIntyre
82abe49754
Mark windows/misc/psh_web_delivery as deprecated
2014-07-16 14:02:05 -04:00
David Maloney
52a29856b3
Merge branch 'master' into staging/electro-release
...
Conflicts:
Gemfile
Gemfile.lock
2014-07-16 09:38:44 -05:00
Jay Smith
cef2c257dc
Add CVE-2014-2477 local privilege escalation
2014-07-16 05:49:19 -04:00
jvazquez-r7
6d05a24653
Add target information
2014-07-15 17:45:45 -05:00
jvazquez-r7
604a612393
Have into account differences between windows default installs
2014-07-15 15:03:07 -05:00
jvazquez-r7
8937fbb2f5
Fix email format
2014-07-11 12:45:23 -05:00
James Lee
62a2f1dc0a
Credential -> Model for realm key constants
2014-07-10 14:30:25 -05:00
David Maloney
aeda74f394
Merge branch 'master' into staging/electro-release
...
Conflicts:
Gemfile
Gemfile.lock
2014-07-07 16:41:23 -05:00
Tod Beardsley
9fef2ca0f3
Description/whitespace changes (minor)
...
Four modules updated for the weekly release with minor cosmetic fixes.
- [ ] See all affected modules still load.
- [ ] See all affected modules have expected `info`
2014-07-07 12:39:05 -05:00
jvazquez-r7
cd6b83858b
Add new Yokogawa SCADA exploit
2014-07-07 11:20:49 -05:00
HD Moore
43d65cc93a
Merge branch 'master' into feature/recog
...
Resolves conflicts:
Gemfile
data/js/detect/os.js
modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-07-06 09:17:44 -05:00
sinn3r
79c433e7ea
Land #3480 - Oracle Event Processing FileUploadServlet Arbitrary File Upload
2014-07-03 14:09:12 -05:00
sinn3r
c207d14d1f
Update description
2014-07-03 14:08:31 -05:00
jvazquez-r7
5e0211016d
Merge to solve conflicts
2014-07-03 09:16:04 -05:00
sinn3r
21f6e7bf6c
Change description
2014-07-01 10:44:21 -05:00
sinn3r
449fde5e7c
Description update
2014-07-01 10:26:52 -05:00
sinn3r
c43006f820
Update cogent module description, fix msftidy warnings
2014-07-01 10:06:33 -05:00
HD Moore
c9b6c05eab
Fix improper use of host-endian or signed pack/unpack
...
Note that there are some cases of host-endian left, these
are intentional because they operate on host-local memory
or services.
When in doubt, please use:
```
ri pack
```
2014-06-30 02:50:10 -05:00
HD Moore
6e8415143c
Fix msftidy and tweak a few modules missing timeouts
2014-06-30 00:46:28 -05:00
jvazquez-r7
1acd5e76cb
Add check code for event processing 12
2014-06-29 15:47:57 -05:00
jvazquez-r7
a94396867c
Add module for ZDI-14-106, Oracle Event Processing
2014-06-29 15:44:20 -05:00
Spencer McIntyre
faa9c11450
Dont deregister an option that is in use
2014-06-28 18:22:17 -04:00
Spencer McIntyre
748589f56a
Make cmdstager flavor explicit or from info
...
Every module that uses cmdstager either passes the flavor
as an option to the execute_cmdstager function or relies
on the module / target info now.
2014-06-28 17:40:49 -04:00
HD Moore
e806222512
Fix bad copypast, sock.get usage, HTTP mistakes
2014-06-28 16:18:16 -05:00
HD Moore
baa877ef17
Switch to get_once for consistency
2014-06-28 16:10:49 -05:00
HD Moore
c8e44c341c
Fix use of sock.get vs sock.get_once
2014-06-28 16:10:18 -05:00
HD Moore
5e900a9f49
Correct sock.get() to sock.get_once() to prevent indefinite hangs/misuse
2014-06-28 16:06:46 -05:00
HD Moore
6e80481384
Fix bad use of sock.get() and check() implementations
...
Many of these modules uses sock.get() when they meant get_once()
and their HTTP-based checks were broken in some form. The response
to the sock.get() was not being checked against nil, which would
lead to stack traces when the service did not reply (a likely
case given how malformed the HTTP requests were).
2014-06-28 16:05:05 -05:00
HD Moore
3868348045
Fix incorrect use of sock.get that leads to indefinite hang
2014-06-28 15:48:58 -05:00
David Maloney
b680674b95
Merge branch 'master' into staging/electro-release
2014-06-27 11:55:57 -05:00
Spencer McIntyre
219153c887
Raise NotImplementedError and let :flavor be guessed
2014-06-27 08:34:56 -04:00
Spencer McIntyre
4d4c5e5d6e
Update two modules to use the new cmd stager
2014-06-27 08:34:56 -04:00
jvazquez-r7
45248dcdec
Add YARD documentation for methods
2014-06-27 08:34:56 -04:00
jvazquez-r7
870fa96bd4
Allow quotes in CmdStagerFlavor metadata
2014-06-27 08:34:56 -04:00
jvazquez-r7
91e2e63f42
Add CmdStagerFlavor to metadata
2014-06-27 08:34:55 -04:00
jvazquez-r7
d47994e009
Update modules to use the new generic CMDstager mixin
2014-06-27 08:34:55 -04:00
jvazquez-r7
7ced5927d8
Use One CMDStagermixin
2014-06-27 08:34:55 -04:00
Spencer McIntyre
ae25c300e5
Initial attempt to unify the command stagers.
2014-06-27 08:34:55 -04:00
sinn3r
a60dfdaacb
Land #3471 - HP AutoPass License Server File Upload
2014-06-26 14:34:32 -05:00
sinn3r
ce5d3b12e7
Land #3403 - MS13-097 Registry Symlink IE Sandbox Escape
2014-06-26 13:48:28 -05:00
sinn3r
0b6f7e4483
Land #3404 - MS14-009 .NET Deployment Service IE Sandbox Escape
2014-06-26 11:45:47 -05:00
David Maloney
9cec330f05
Merge branch 'master' into staging/electro-release
2014-06-26 10:22:30 -05:00
Joshua Smith
3ed7050b67
Lands 3420 after wrapping most lines at 80
2014-06-24 17:37:43 -05:00
Joshua Smith
3fe162a8b1
wraps most lines at 80
2014-06-24 17:36:10 -05:00
jvazquez-r7
267642aa4b
Fix description
2014-06-23 09:20:47 -05:00
jvazquez-r7
cc3c06440f
Add module for ZDI-14-195, HP AutoPass License Traversal
2014-06-23 09:19:56 -05:00
jvazquez-r7
a081beacc2
Use Gem::Version for string versions comparison
2014-06-20 09:44:29 -05:00
David Maloney
2b0bb608b1
Merge branch 'master' into staging/electro-release
2014-06-18 10:49:58 -05:00
OJ
5879ca3340
Merge branch 'upstream/master' into meatballs x64_injection
2014-06-18 10:24:33 +10:00
Joshua Smith
bab1e30557
Land #3460 , Ericom AccessNow Server BOF exploit
2014-06-17 19:10:34 -05:00
Joshua Smith
9af9d2f5c2
slight cleanup
2014-06-17 19:08:31 -05:00
jvazquez-r7
1133332702
Finish module
2014-06-17 15:01:35 -05:00
jvazquez-r7
8f8af0e93a
Add draft version
2014-06-17 14:21:49 -05:00
Christian Mehlmauer
03fa858089
Added newline at EOF
2014-06-17 21:05:00 +02:00
Christian Mehlmauer
8e1949f3c8
Added newline at EOF
2014-06-17 21:03:18 +02:00
jvazquez-r7
2fe7593559
Land #3433 , @TecR0c's exploit for Easy File Management Web Server
2014-06-13 09:54:12 -05:00
David Maloney
96e492f572
Merge branch 'master' into staging/electro-release
2014-06-12 14:02:27 -05:00
William Vu
cb91b2b094
Fix broken table indent (s/Ident/Indent/ hash key)
2014-06-12 13:41:44 -05:00
HD Moore
d5b32e31f8
Fix a typo where platform was 'windows' not 'win'
...
This was reported by dracu on freenode
2014-06-11 15:10:33 -05:00
David Maloney
9593422f9c
Merge branch 'master' into staging/electro-release
2014-06-11 10:23:56 -05:00
jvazquez-r7
34f98ddc50
Do minor cleanup
2014-06-11 09:20:22 -05:00
TecR0c
b27b00afbb
Added target 4.0 and cleaned up exploit
2014-06-11 06:22:47 -07:00
TecR0c
f1382af018
Added target 4.0 and cleaned up exploit
2014-06-11 06:20:49 -07:00
jvazquez-r7
a554b25855
Use EXITFUNC
2014-06-10 09:51:06 -05:00
TecR0c
3d33a82c1c
Changed to unless
2014-06-09 09:31:14 -07:00
TecR0c
1252eea4b9
Changed to unless
2014-06-09 09:26:03 -07:00
David Maloney
482aa2ea08
Merge branch 'master' into staging/electro-release
2014-06-09 10:27:22 -05:00
TecR0c
52d26f290f
Added check in exploit func
2014-06-09 03:23:14 -07:00
TecR0c
8ecafbc49e
Easy File Management Web Server v5.3 Stack Buffer Overflow
2014-06-08 04:21:14 -07:00
Brendan Coles
6bef6edb81
Update efs_easychatserver_username.rb
...
Add targets for versions 2.0 to 3.1.
Add install path detection for junk size calculation.
Add version detection for auto targeting.
2014-06-08 06:36:18 +10:00
Meatballs
936c7088ad
Merge branch 'master' into psexec_refactor_round2
...
Conflicts:
lib/msf/core/exploit/smb/psexec.rb
modules/exploits/windows/smb/psexec.rb
2014-06-07 13:38:30 +01:00
Meatballs
bf1a665259
Land #2657 , Dynamic generation of windows service executable functions
...
Allows a user to specify non service executables as EXE::Template as
long as the file has enough size to store the payload.
2014-06-07 13:28:20 +01:00
jvazquez-r7
079fe8622a
Add module for ZDI-14-136
2014-06-04 10:29:33 -05:00
jvazquez-r7
43699b1dfb
Don't clean env variable before using it
2014-06-03 09:56:19 -05:00
jvazquez-r7
b8a2cf776b
Do test
2014-06-03 09:52:01 -05:00
jvazquez-r7
05ed2340dc
Use powershell
2014-06-03 09:29:04 -05:00
jvazquez-r7
f918bcc631
Use powershell instead of mshta
2014-06-03 09:01:56 -05:00
David Maloney
07093ada58
add realm handling to psexec
...
oops, forgot to create the realm when applicable
2014-06-02 14:53:40 -05:00
jvazquez-r7
9574a327f8
use the new check also in exploit()
2014-06-02 14:38:33 -05:00
jvazquez-r7
3c38c0d87c
Dont be confident about string comparision
2014-06-02 14:37:29 -05:00
David Maloney
361b9a1616
psexec credential refactor
...
refactor psexec credential reporting
to use Metasploit::Credential
2014-06-02 14:20:54 -05:00
jvazquez-r7
d0241cf4c1
Add check method
2014-06-02 08:14:40 -05:00
jvazquez-r7
31af8ef07b
Check .NET version
2014-06-01 20:58:08 -05:00
Meatballs
3c5fae3706
Use correct include
2014-06-01 11:51:06 +01:00
Meatballs
4801a7fca0
Allow x86->x64 injection
2014-06-01 11:50:13 +01:00
jvazquez-r7
3ae4a16717
Clean environment variables
2014-05-30 12:21:23 -05:00
jvazquez-r7
b99b577705
Clean environment variable
2014-05-30 12:20:00 -05:00
jvazquez-r7
b27a95c008
Delete unused code
2014-05-30 12:08:55 -05:00
jvazquez-r7
e215bd6e39
Delete unnecessary code and use get_env
2014-05-30 12:07:59 -05:00
jvazquez-r7
1dbd36a3dd
Check for the .NET dfsvc and use %windir%
2014-05-30 09:02:43 -05:00
jvazquez-r7
ffbcbe8cc1
Use cmd_psh_payload
2014-05-29 18:12:18 -05:00
jvazquez-r7
03889ed31f
Use cmd_psh_payload
2014-05-29 18:11:22 -05:00
jvazquez-r7
e145298c13
Add module for CVE-2014-0257
2014-05-29 11:45:19 -05:00
jvazquez-r7
6e122e683a
Add module for CVE-2013-5045
2014-05-29 11:42:54 -05:00
HD Moore
583dab62b2
Introduce and use OS matching constants
2014-05-28 14:35:22 -05:00
William Vu
352e14c21a
Land #3391 , all vars_get msftidy warning fixes
2014-05-26 23:41:46 -05:00
Christian Mehlmauer
da0a9f66ea
Resolved all msftidy vars_get warnings
2014-05-25 19:29:39 +02:00
Christian Mehlmauer
8d4d40b8ba
Resolved some Set-Cookie warnings
2014-05-24 00:34:46 +02:00
jvazquez-r7
b9464e626e
Delete unnecessary line
2014-05-21 10:18:03 -05:00
jvazquez-r7
af415c941b
[SeeRM #8803 ] Avoid false positives when checking fb_cnct_group
2014-05-20 18:44:28 -05:00
Jonas Vestberg
7cabfacfa3
Test adobe_flash_pixel_bender_bof on Safari 5.1.7
...
Added browser-requirement for Safari after successful test using Safari 5.1.7 with Adobe Flash Player 13.0.0.182 running on Windows 7 SP1.
2014-05-20 01:43:19 +02:00
Meatballs
52b182d212
Add a small note to bypassuac_injection concerning EXE::Custom
2014-05-19 22:00:35 +01:00
Meatballs
b84379ab3b
Note about EXE::Custom
2014-05-19 22:00:09 +01:00
HD Moore
ddc8a4f103
Merge branch 'master' of github.com:rapid7/metasploit-framework into feature/recog
2014-05-19 11:42:30 -05:00
Tod Beardsley
0ef2e07012
Minor desc and status updates, cosmetic
2014-05-19 08:59:54 -05:00
sinn3r
bf52c0b888
Land #3364 - Symantec Workspace Streaming Arbitrary File Upload
2014-05-19 00:25:33 -05:00
jvazquez-r7
2fb0dbb7f8
Delete debug print_status
2014-05-18 23:34:04 -05:00
jvazquez-r7
975cdcb537
Allow exploitation also on FF
2014-05-18 23:24:01 -05:00
Jonas Vestberg
033757812d
Updates to adobe_flash_pixel_bender_bof:
...
1. Added embed-element to work with IE11 (and Firefox). Removed browser-requirements for ActiveX (clsid and method).
2. Added Cache-Control header on SWF-download to avoid AV-detection (no disk caching = no antivirus-analysis :).
Testing performed:
Successfully tested with Adobe Flash Player 13.0.0.182 with IE9, IE10 and IE11 running on Windows 7SP1. (Exploit will trigger on FF29, although sandboxed.)
2014-05-18 22:43:51 +02:00
HD Moore
a844b5c30a
Merge branch 'master' of github.com:hmoore-r7/metasploit-framework into feature/recog
...
Conflicts:
Gemfile
Gemfile.lock
data/js/detect/os.js
lib/msf/core/exploit/remote/browser_exploit_server.rb
2014-05-18 10:50:32 -05:00
jvazquez-r7
1b68abe955
Add module for ZDI-14-127
2014-05-15 13:41:52 -05:00
William Vu
750b6fc218
Land #3348 , some Ruby warning fixes
2014-05-14 01:25:10 -05:00
William Vu
c421b8e512
Change if not to unless
2014-05-14 01:24:29 -05:00
agix
1a3b319262
rebase to use the mixin psexec
2014-05-13 16:04:40 +02:00
agix
d3f2414d09
Fix merging typo
2014-05-13 16:04:40 +02:00
Florian Gaultier
808f87d213
SERVICE_DESCRIPTION doesn't concern this PR
2014-05-13 16:04:39 +02:00
Florian Gaultier
6332957bd2
Try to add SERVICE_DESCRIPTION options to psexec, but it doesn't seem to work...
2014-05-13 16:04:39 +02:00
Florian Gaultier
5ecebc3427
Add options `SERVICE_NAME` and `SERVICE_DISPLAYNAME` to psexec and correct service payload generation
2014-05-13 16:04:37 +02:00
Florian Gaultier
ca7a2c7a36
Add string_to_pushes to use non fixed size service_name
2014-05-13 16:04:37 +02:00
Florian Gaultier
513f3de0f8
new service exe creation refreshed
2014-05-13 16:04:36 +02:00
Jeff Jarmoc
5f523e8a04
Rex::Text::uri_encode - make 'hex-all' really mean all.
...
'hex-all' encoding was previously ignoring slashes.
This pull adds 'hex-noslashes' mode which carries forward the previous functionality, and replaces all existing references to 'hex-all' with 'hex-noslashes' It then adds a replacement 'hex-all' mode, which really encodes *ALL* characters.
2014-05-12 11:26:27 -05:00
Christian Mehlmauer
557cd56d92
fixed some ruby warnings
2014-05-10 23:31:02 +02:00
jvazquez-r7
f56ea01988
Add module
2014-05-09 10:27:41 -05:00
jvazquez-r7
6b41a4e2d9
Test Flash 13.0.0.182
2014-05-07 17:39:22 -05:00
jvazquez-r7
5fd732d24a
Add module for CVE-2014-0515
2014-05-07 17:13:16 -05:00
William Vu
e8bc89af30
Land #3337 , release fixes
2014-05-05 14:03:48 -05:00
Tod Beardsley
c97c827140
Adjust desc and ranking on ms13-053
...
Since it's likely to crash winlogin.exe in the normal use case
(eventually), I've kicked this down to Average ranking.
2014-05-05 13:46:19 -05:00