d4ba28a20b
Land #8457 , Update multi/fileformat/office_word_macro to allow custom templates
2017-05-26 15:09:23 -05:00
ee13195760
Update office_word_macro exploit to support template injection
2017-05-25 15:53:45 -05:00
0520d7cf76
First crack at Samba CVE-2017-7494
2017-05-24 19:42:04 -05:00
afc804fa03
Quick Ghostscript module based on the public PoC
2017-04-28 09:56:52 -05:00
f3d6a8c456
split PSModulePath in multi strings with ';'
...
1、allows the HTA window to be invisible
2017-04-26 11:01:59 +08:00
5bbb4d755a
Land #8254 , Add CVE-2017-0199 - Office Word HTA Module
2017-04-24 16:05:00 -05:00
c724f0e05d
Handle multiple entries in PSModulePath
...
This commit handles the case where more than one entry exists in
the PSModulePath environment variable. The updated code will loop
through each entry in the PSModulePath checking for the presence of
powershell.exe. When one is encountered it will execute the payload
and exit the for loop.
2017-04-19 11:22:38 -04:00
637098466c
Hidden black flash windows / Close HTA windows
2017-04-16 22:53:17 -05:00
a9df917257
Fix rtf info author
2017-04-14 21:16:39 -05:00
8c662562d3
add CVE-2017-0199 format
2017-04-14 13:22:32 -05:00
437d9b6f02
Fixed newline error in powershell script.
2017-04-05 12:38:38 +02:00
64c06a512e
Land #8020 , ntfs-3g local privilege escalation
2017-04-04 09:48:15 -05:00
e80b8cb373
move sploit.c out to data folder
2017-03-31 20:51:33 -04:00
c00b9ca1e5
Land #8175 , Get into the DANGER ZOOOOOOONE
2017-03-31 14:31:22 -05:00
b5771b0f72
Get into the DANGER ZOOOOOOONE
2017-03-31 12:26:42 -05:00
1ce7bf3938
Land #8126 , Add SolarWind LEM Default SSH Pass/RCE
2017-03-31 11:21:32 -05:00
e9f816272d
Adding solarwinds lem default ssh credentials to the wordlist
2017-03-24 13:24:05 +03:00
4628dfe16b
Remove old banner + rubygems requirements
2017-03-13 17:36:21 +01:00
c9a5190726
Patching "undefined method empty?" errors + "encoding error"
2017-03-13 17:32:56 +01:00
e8257122b3
Creation of a sub-module for modules/auxiliary/crawler/msfcrawler
...
Catching links in comments
2017-03-13 17:18:39 +01:00
2fb42ff019
Fixed an issue in the powershell script
2017-03-07 13:56:18 +01:00
6965a00b45
Resolve #8023 , Support backward compatibility for Office macro
...
Resolve #8023
2017-02-27 13:02:41 -06:00
0fa0fe3bf8
Added NTDSgrab module to metasploit.
2017-02-24 10:15:13 +01:00
83cc28a091
Land #7972 , Microsoft Office Word Macro Generator OS X Edition
2017-02-21 13:26:42 -06:00
2c570b6709
Land #7942 , Microsoft SQL Server Clr Stored Procedure Payload Execution
2017-02-17 17:28:54 -06:00
3d269b46ad
Support OS X for Microsoft Office macro exploit
2017-02-16 12:28:11 -06:00
2d834a3f5a
Finalise module, and add supporting binaries
2017-02-10 12:56:40 +10:00
272d1845fa
Land #7934 , Add exploit module for OpenOffice with a malicious macro
2017-02-09 13:42:58 -06:00
047a9b17cf
Completed version of openoffice_document_macro
2017-02-08 16:29:40 -06:00
cefbee2df4
Add PoC for OpenOffice macro module
2017-02-07 10:12:23 -06:00
ccaa783a31
Add Microsoft Office Word Macro exploit
2017-02-02 17:44:55 -06:00
fb74b2d8f3
initial commit of finished product
2017-01-20 11:01:36 -06:00
4035dd7485
Land #7796 , Improve zip module windows script fallback
2017-01-17 10:59:04 -06:00
24f7959805
add binary for futex_requeue
2017-01-11 13:25:30 -06:00
2585c8c8b5
Land #7461 , convert futex_requeue (towelroot) module to use targetting and core_loadlib
2017-01-11 13:24:25 -06:00
31f85b905a
add comments
2017-01-07 12:50:11 -06:00
cdcf4cce7d
improve zip module windows script fallback
...
- handle non-English locales
- wait more reliably, handle network paths where FS info gets stale
- use absolute paths correctly
2017-01-07 12:27:03 -06:00
2652f347fa
add module binary
2016-12-22 03:25:10 -06:00
e6d4c0001c
hide debug printing
2016-12-20 00:52:11 +08:00
1dae206fde
Land #7379 , Linux Kernel BPF Priv Esc (CVE-2016-4557)
2016-11-11 16:50:20 -06:00
268a72f210
Land #7193 Office DLL hijack module
2016-11-08 23:15:27 -06:00
3c1f642c7b
Moved PPSX to data/exploits folder
2016-11-08 16:04:46 +01:00
31b593ac67
Land #7402 , Add Linux local privilege escalation via overlayfs
2016-11-01 12:46:40 -05:00
d918e25bde
Land #7439 , Add Ghostscript support to ImageMagick Exploit
2016-10-28 17:07:13 -05:00
43fd0a8813
Land #7436 , Put Rex-exploitation Gem Back
2016-10-18 16:03:54 -05:00
0d1fe20ae5
revamped
2016-10-15 20:57:31 -04:00
741c4b8916
updated android payload gem, removed unused extension jar
2016-10-14 09:59:06 -05:00
9fbe1ddd9d
Land #7384 , CVE-2016-6415 - Cisco IKE Information Disclosure
2016-10-14 08:41:34 -05:00
9b15899d91
Add PS template
2016-10-13 17:40:15 -05:00
6f4f2bfa5f
Add PS target and remove MIFF
2016-10-13 17:39:55 -05:00
7894d5b2c1
Revert "Revert "use the new rex-exploitation gem""
...
This reverts commit f3166070ba
2016-10-11 17:40:43 -05:00
d1a11f46e8
Land #7418 , Linux recvmmsg Priv Esc (CVE-2014-0038)
2016-10-09 18:37:52 -05:00
2dfebe586e
working cve-2014-0038
2016-10-08 23:58:09 -04:00
f3166070ba
Revert "use the new rex-exploitation gem"
...
This reverts commit 52f6265d2e
2016-10-08 21:55:16 -05:00
3b3185069f
Land #7408 , Mirai botnet wordlists
2016-10-06 10:07:20 -05:00
83548a0dde
added mirai user/pass to unhash set
2016-10-05 22:24:11 +02:00
7ce73be936
Add linux.mirai wordlists
2016-10-05 17:57:08 +02:00
52f6265d2e
use the new rex-exploitation gem
...
use the new rex-exploitation gem instead of the packaged in lbirary code
cleans up a huge ammount of space in framework
MS-1709
2016-10-05 09:05:27 -05:00
27cf5c65c4
working module
2016-10-04 23:21:53 -04:00
af4f3e7a0d
use templates from the gem for psh
...
use the templates now contained within the magical
gem of rex-powershell
7309
MS-2106
2016-10-04 14:14:25 -05:00
dcc77fda5b
Add back accidentally-deleted nasm comment.
2016-10-03 23:47:13 -05:00
eff85e4118
Just remove DT_HASH.
2016-10-03 23:43:19 -05:00
8828060886
Fix linux x64 elf-so template.
...
Previously the elf-so would crash when loaded with LD_PRELOAD,
due to not enough room for the symbol table.
2016-10-03 23:24:31 -05:00
7368b995f2
CVE-2016-6415 Cisco - sendpacket.raw
2016-09-29 22:24:55 -05:00
c036c258a9
cve-2016-4557
2016-09-29 05:23:12 -04:00
0e82ced082
Add LPE exploit module for the capcom driver flaw
...
This commit includes:
* RDI binary that abuses the SMEP bypass and userland function pointer
invocation that is provided by the driver.
* Related metasploit module.
* Associated make.build to build from command line.
* Updated command line build file.
This also includes the beginnings of a new set of functions that help
with the management/automation of kernel-related work on Windows for
local priv esc exploits.
2016-09-27 22:37:45 +10:00
6382fffc75
Land #7326 , Linux Kernel Netfilter Privesc
2016-09-26 12:38:50 -05:00
23e5556a4c
binary drops work!
2016-09-24 21:31:00 -04:00
dbf66f27d5
Add a browser-based exploit module for CVE-2015-3864
2016-09-23 11:14:31 -05:00
726079c6e7
diffed with fuzzdb
...
https://github.com/fuzzdb-project/fuzzdb/blob/master/discovery/predictable-filepaths/webservers-appservers/SAP.txt
2016-09-21 00:20:46 -04:00
4c4f2e45d6
Land #7283 , add jsp payload generator
2016-09-16 14:37:59 -05:00
6cb331e74d
Land 7281, add vagrant default password to wordlist
2016-09-07 13:01:01 +01:00
96f81b4817
add root:vagrant to root_userpass
2016-09-07 12:59:12 +01:00
c6012e7947
add jsp payload generator
2016-09-06 22:17:21 +02:00
9d5a276e91
Fix recent metasploit-framework.gemspec conflict.
2016-09-06 13:10:28 -05:00
23a5d737fc
Add password "vagrant" to wordlists
...
The password "vagrant" is often used in Metasploitable3.
2016-09-06 12:36:02 -05:00
83160b7e49
Land #7173 , Add post module to compress (zip) a file or directory
2016-08-24 09:38:04 -05:00
e154aafaaa
On Error Resume Next for zip.vbs
2016-08-17 17:08:38 -05:00
8bece28d00
remove *scan bins as well
...
all *scan bins need to be removed as the rex-bin_tools
gem will now handle these and put them in PATH
MS-1691
2016-08-15 14:04:00 -05:00
8f7d0eae0c
Fix #7155 - Add post module to compress (zip) a file or directory
...
Fix #7155
2016-08-02 14:44:58 -05:00
21e6211e8d
add exploit for cve-2016-0189
2016-08-01 13:26:35 -05:00
d1f65b27b8
Land #7151 , Improve CVE-2016-0099 reliability
2016-07-29 09:22:11 -05:00
ee40c9d809
Land #6625 , Send base64ed shellcode and decode with certutil (Actually MSXML)
2016-07-28 13:01:05 -07:00
322fc11225
Fix whitespace
2016-07-27 12:37:14 -05:00
dbe31766af
Update CVE-2016-0099 Powershell
2016-07-27 12:35:43 -05:00
b08d1ad8d8
Revert "Land #6812 , remove broken OSVDB references"
...
This reverts commit 2b016e02167b1d9596c7
2016-07-15 12:00:31 -05:00
8f928c6ca1
Land #7006 , Add MS16-032 Local Priv Esc Exploit
2016-07-12 15:22:35 -05:00
621f3fa5a9
Change naming style
2016-07-12 15:18:18 -05:00
2b016e0216
Land #6812 , remove broken OSVDB references
2016-07-11 22:59:11 -05:00
b4b3a84fa5
refactor ms16-016 code
2016-07-05 20:50:43 -05:00
df1a9bee13
Move ps1, Use Env var, Fix license, New Cleanup
...
MS16-032 ps1 moved to external file. This ps1 will now detect windir
to find cmd.exe. The module now also detects windir to find
powershell.exe. The license is now BSD_LICENSE, and the required
copyright has been moved to the ps1. The previous optional cleanup stage
is now standard. The optional 'W_PATH' assignment is corrected to
select the user's variable unless 'W_PATH' is nil.
2016-06-22 09:25:48 -04:00
ba72d3fd92
Land #6988 , Update banners to metasploit.com, not .pro
2016-06-17 15:29:30 -05:00
cd207df6b8
adding karaf to unix lists per 4358
2016-06-15 20:31:48 -04:00
fe4cfd7e3e
Update banners to metasploit.com, not .pro
2016-06-14 15:11:04 -05:00
ab27c1b701
Merge pull request #6940 from samvartaka/master
...
Exploit for previously unknown stack buffer overflow in Poison Ivy versions 2.1.x (possibly present in older versions too)
2016-06-08 11:25:51 -05:00
5260031991
Modifications based on suggestions by @wchen-r7
2016-06-08 01:17:15 +02:00
9128ba3e57
Add popen() vuln to ImageMagick exploit
...
So... we've actually been sitting on this vuln for a while now. Now that
the cat's out of the bag [1], I'm updating the module. :)
Thanks to @hdm for his sharp eye. ;x
[1] http://permalink.gmane.org/gmane.comp.security.oss.general/19669
2016-06-02 11:35:37 -05:00
7b024d1a72
Land #6914 , add siem to the namelist
2016-05-24 14:22:44 -05:00
9d545b0a05
Update namelist.txt
2016-05-24 13:00:59 -04:00
2bac46097f
Remove url() for MVG
...
Technically unnecessary here.
2016-05-05 14:18:42 -05:00
334c432901
Force https://localhost for SVG and MVG
...
https: is all that's needed to trigger the bug, but we don't want wget
and curl to gripe. localhost should be a safe host to request.
2016-05-05 14:18:42 -05:00
decd770a0b
Encode the entire SVG string
...
Because why not? Not like people care about what's around the command.
2016-05-05 14:18:42 -05:00
232cc114de
Change placeholder text to something useful
...
A la Shellshock. :)
2016-05-05 14:18:42 -05:00
5c04db7a09
Add ImageMagick exploit
2016-05-05 14:18:42 -05:00
71c8ad555e
Resolve #6839 , Make Knowledge Base as default
...
Resolve #6839
2016-05-02 14:12:09 -05:00
d80d2bb8d3
Land #6825 , Fixed borders on code boxes
2016-04-27 11:59:52 -07:00
816bc91e45
Resolve #6807 , remove all OSVDB references.
...
OSVDB is no longer a vulnerability database, therefore all the
references linked to it are invalid.
Resolve #6807
2016-04-23 12:32:34 -05:00
57ab974737
File.exists? must die
2016-04-21 00:47:07 -04:00
22831695dd
Land #6721 , Add additional SOLMAN default creds
2016-03-30 10:48:53 -05:00
4f84c5a3b7
Add additional SOLMAN default creds
2016-03-29 15:53:15 +01:00
629bc00696
Use MSXML decoder instead
2016-03-25 22:52:16 +09:00
57984706b8
Resolve merge conflict with Gemfile
2016-03-24 18:13:31 -05:00
76c6f8c19d
Move module_doc_template
2016-03-24 17:07:19 -05:00
e29fc5987f
Add missing stream.raw for hp_sitescope_dns_tool
...
This adds the missing stream.raw.
2016-03-15 11:06:06 -05:00
d6742c4097
Change <hr> color
2016-03-10 10:44:18 -06:00
ad0a948ae7
Update module_doc_template
2016-03-08 12:21:20 -06:00
58b8c35146
Escape HTML for KB and update rspec
2016-03-08 10:10:10 -06:00
027315eeaa
Update post_demo_template
2016-03-05 20:33:40 -06:00
03eb568af7
Add --- to make sections to stand out more
2016-03-05 15:17:19 -06:00
f4866fd5f0
Update template and web_delivery doc
2016-03-03 01:27:14 -06:00
cececa749d
Update css
2016-03-03 00:58:17 -06:00
11964c5c1a
Add remote exploit demo and web_delivery doc
2016-03-02 19:52:11 -06:00
19bd7b98f4
Fix minor indenting issue
2016-03-01 11:50:56 +09:00
c8c5549b19
Send base64ed shellcode and decode with certutil
2016-03-01 10:48:25 +09:00
fd8e3e719d
real demo
2016-02-26 14:43:53 -06:00
ed0dfa5725
basic usage
2016-02-26 14:35:07 -06:00
250ce6fb17
lets be clear
2016-02-26 14:30:12 -06:00
1c53e53d23
More info about how to write the doc
2016-02-26 14:24:24 -06:00
e40f1e69db
Update default template
2016-02-26 14:18:24 -06:00
6060c7b09b
We make this pretty
2016-02-26 14:15:54 -06:00
95a9f42996
Add a template for future module documentation
2016-02-24 19:28:17 -06:00
24530e2734
Scrollable list, tab name change, print_status
2016-02-19 20:46:39 -06:00
34d10d7829
Should be fullname
2016-02-19 00:13:55 -06:00
7444a0ff04
Make it more obvious which tab the user is viewing
2016-02-18 17:59:45 -06:00
4fc7008561
Close div properly
2016-02-18 16:12:27 -06:00
56c2ba9f75
Turn the HTML template into external
2016-02-18 15:41:14 -06:00
e5ad6fa781
Support "knowledge base"
2016-02-18 15:02:24 -06:00
f8d6a59cdc
Change wording
2016-02-18 12:19:25 -06:00
089d6985b6
Add more demo templates
2016-02-18 00:17:32 -06:00
1bfe1ad140
More demos
2016-02-17 19:04:06 -06:00
76f2c917ee
Allow no GITHUB_OAUTH_TOKEN, and gsub for demo
2016-02-17 15:38:30 -06:00
714106174e
Do external erb template
2016-02-17 14:27:29 -06:00
b0cfb4aacf
Add info -d to show module documentation in .md
2016-02-16 22:44:03 -06:00
aeb1d80e0d
Adding top 100 adobe passwords
2016-02-11 08:55:45 +08:00
b3e8bd1dab
Updated zsploit screens to use std msf colors
...
Using Rex::Ui::Text::Colors now instead of ansi codes
Thanks to @mainframed for the quick turnaround
2016-02-09 12:01:25 -06:00
90e37ea749
Added three cool new mainframe themed screens
...
Thanks to *Solider of Fortran* @mainframed for his amazing original artwork!
These set of 3 limited edition, original, one-of-a-kind screens will modernize
your msf installation to the 1960s and beyond. No seriously they are super cool
and now that metasploit-framework supports System Z - it seemed only fitting.
2016-01-20 06:10:51 -06:00
7f9b804060
Land #6410 , remove JtR binaries, update for independent framework releases
2016-01-06 14:16:49 -06:00
97ae09729c
Add john.conf to data dir as referenced by: lib/metasploit/framework/jtr/cracker.rb
2016-01-06 13:00:05 -06:00
ae57bce262
Adding wordlists back to path
2016-01-06 12:54:25 -06:00
bf764deefb
Add SCADA Default UserPass List
...
This list was based on SCADAPASS: https://github.com/scadastrangelove/SCADAPASS
2016-01-06 12:25:29 +08:00
be340774ea
Land #6432 , Piata SSH scanner wordlist
2016-01-05 10:15:17 -06:00
66e2d945d8
Add more SAP ICM paths
2016-01-05 13:05:46 +08:00
913e8ec525
Update piata_ssh_userpass.txt
2016-01-05 11:28:54 +08:00
713828d0b6
Add piata wordlist
...
Add user and pass wordlist from Piata Mass SSH scanner
2016-01-05 11:27:04 +08:00
8090bbc750
Changes to support framework as a gem
2015-12-30 11:00:45 -06:00
5f5b3ec6a1
Add MS15-134 Microsoft Windows Media Center MCL Information Disclosure
...
CVE-2015-6127
2015-12-17 22:41:58 -06:00
eb4611642d
Add Jenkins CLI Java serialization exploit module
...
CVE-2015-8103
2015-12-11 14:57:10 -06:00
c301c7c7b0
use wav with sounds plugin for windows / linux compat
2015-12-08 16:20:44 -06:00
d44224142e
Update audio files
2015-11-25 23:41:18 -06:00
776455d10a
Add another sound and event
...
Add sound: "We've got a shell"
Add event on_session_fail
2015-11-25 22:46:51 -06:00
af8c557fa9
Add the MP3s
2015-11-25 18:09:27 -06:00
fa32f43ee4
Muts says "Try harder!" or "Excellent" for the sounds plugin
...
With the sounds plugin, muts will say "excellent!" when a session
is received. If a session is terminated (either exited or lost),
muts will say "try harder!"
2015-11-25 18:06:58 -06:00
8703987535
Add HTTPS and new transport support for hop
2015-11-11 21:25:23 -06:00
9c347fbaae
Land #6195 , remove ff buildid from os.js
2015-11-05 15:01:15 -06:00
2f65405a4e
Fix missing brace and indent level
2015-11-05 14:30:26 -06:00
1f73bbe7ca
Remove obsolete files in data/gui/
2015-11-02 10:44:47 -06:00
d90f87449a
Fix merge
2015-09-22 16:55:01 -05:00
7d2a2a8b64
Fix issues with using hop for new core
2015-09-22 16:54:02 -05:00
48b06a2cd9
Fixed no detection error
2015-09-18 10:48:24 -05:00
858d3f5a55
Closes #3936 , Remove Firefox buildid from os.js
2015-09-16 16:04:22 -05:00
c7afe4f663
Land #5930 , MS15-078 (atmfd.dll buffer overflow)
2015-09-16 15:33:38 -05:00
9626596f85
Clean template code
2015-09-12 13:43:05 -05:00
53f995b9c3
Do first prototype
2015-09-10 19:35:26 -05:00
30cb93b4df
Land #5940 , @hmoore-r7's fixes for busybox post modules
2015-09-08 15:12:23 -05:00
122d57fc20
Land #5945 , Add auto-accept to osx/enum_keychain
2015-09-08 10:56:08 -05:00
1b320bae6a
Add auto-accept to osx/enum_keychain.
2015-09-07 21:17:49 -05:00
091c4d5214
Expand and reorder
2015-09-05 22:51:32 -05:00
76d74576db
Remove FTP-only default credentials
2015-09-05 22:39:51 -05:00
21b69b9430
Remove HP MPE/iX password defaults
2015-09-05 22:38:30 -05:00
eaf51a2113
Land #5722 , @vallejocc's busybox work
2015-09-04 13:36:44 -05:00
b39575928e
Update reflective exploit
2015-09-03 11:01:41 -05:00
b912e3ce65
Add exploit template
2015-09-02 17:28:35 -05:00
4090c2c8ea
Land #5880 , adds ScriptHost UAC bypass for Win7/2008
2015-09-02 14:14:18 -05:00
1b778d0650
Land #5898 , use gem version of php & python meterp
2015-08-31 16:16:36 -05:00
30830ad9e5
Land #5262 , fix webcam_chat and tidy adjacent code
2015-08-31 14:21:24 -05:00
a51d3df753
typo
2015-08-31 14:18:55 -05:00
9364982467
Land #5665 , Add osx rootpipe entitlements exploit for 10.10.3
2015-08-28 13:33:16 -05:00
11db9c2112
Land #5896 , Update ms15_004_tswbproxy to use a Reflective DLL
2015-08-27 17:11:26 -05:00
593f501571
finish move of php / python meterpreters to metasploit-payloads
2015-08-27 11:34:22 -05:00
a2d5511e39
Land #5379 , new post modules to load into powershell sessions
2015-08-26 17:11:40 -05:00
5d0ed797a3
Update DLL
2015-08-26 15:15:32 -05:00
228087dced
Initial working scripthost bypass uac
2015-08-23 20:16:15 +01:00
129edd8b2e
Original bypass script
2015-08-23 19:46:24 +01:00
d54249370b
Move tpwn source to external/source/exploits
2015-08-17 18:27:47 -05:00
efc980074c
Add tpwn exploit files
2015-08-17 17:11:07 -05:00
5dd015150c
Land #5748 , refactor google geolocate, add wlan_geolocate and send_sms to android meterpreter
2015-08-16 10:58:17 -05:00
1db376bed8
check if a process still exists before deleting it
2015-08-15 19:46:04 -05:00
5ff61ca5f3
Added modules to jailbreak and control remotely BusyBox based devices. It was added to a word list with default credentials typically used by commercial routers.
2015-08-10 18:29:41 +02:00
121fe1adda
Land #5654 : Python Meterpreter Transport
2015-07-22 10:39:06 +10:00
7113c801b1
Land #5732 , reliability update for adobe_flash_hacking_team_uaf
2015-07-17 16:43:39 -05:00
837eb9ea38
Land #5742 , better quality coverage for adobe_flash_opaque_background_uaf
2015-07-17 16:25:14 -05:00
255d8ed096
Improve adobe_flash_opaque_background_uaf
2015-07-16 14:56:32 -05:00
010e48919e
Pymet immediately change transports on tcp failure
2015-07-16 11:00:43 -04:00
0cb5000e48
Pymet use incremental backoff for http recv pkt
2015-07-16 10:29:36 -04:00
986463e489
Fix killav post module, handle errors, better output
2015-07-16 11:35:01 +10:00
8bead8fd87
av_list.txt
...
it's the av_list.txt, i sure hope this works.
2015-07-15 20:26:42 -04:00
831cb904a9
Pymet fix the new transport position
2015-07-15 19:45:34 -04:00
a637921305
Update swf
2015-07-15 18:35:41 -05:00
b504f0be8e
Update adobe_flash_hacking_team_uaf
2015-07-15 18:18:04 -05:00
18cb55f1fa
Pymet fix transport automatic roll over
2015-07-14 15:18:11 -04:00
00da619556
Pymet fix previous transport index logic
2015-07-14 14:32:57 -04:00
9f48853e00
Pymet fix the order in which transports are added
2015-07-14 14:26:27 -04:00
d6565a9aee
Merge branch 'bes_flash' into bapv2_flash_test
2015-07-14 00:34:54 -05:00
b72ba7f51c
Add AS2 flash detection code
2015-07-13 18:26:02 -05:00
8fb6bedd94
Delete as3 detecotr
2015-07-13 18:23:39 -05:00
9116460cb0
Add prototype with AS3
2015-07-13 16:33:55 -05:00
299978d0e2
Put again old exploiter
2015-07-11 00:36:32 -05:00
63005a3b92
Add module for flash CVE-2015-5122
...
* Just a fast port for the exploit leaked
* Just tested on win7sp1 / IE11
2015-07-11 00:28:55 -05:00
3d630de353
Replace with a real CVE number
2015-07-07 14:44:12 -05:00
2cdaace42f
Land #5678 , Land adobe_flash_hacking_team_uaf.r
2015-07-07 12:34:59 -05:00
d9aacf2d41
Add module for hacking team flash exploit
2015-07-07 11:19:48 -05:00
9e2e64bba1
Land #5644 , Windows 10 Detection for os.js
2015-07-06 16:19:06 -05:00
2a89e248d7
Pymet fix send uuid logic for Python 3.x
2015-07-06 11:20:34 -04:00
c993c70006
Remove sleep(), clean up WritableDir usage.
2015-07-05 18:59:00 -05:00
a8b56bb44a
Oops, need to include the binary files.
2015-07-05 18:24:45 -05:00
841fbddfc6
Pymet fix packet polling interval
2015-07-02 11:51:53 -04:00
0af397217c
Merge pymet transport feature into fresh branch
2015-07-02 08:43:13 -04:00
6ab7c314de
Pymet fix reverse_tcp transport for IPv6 addresses
2015-07-02 08:33:11 -04:00
dbe239bc75
Pymet fix transport next and prev for one transport
2015-07-02 08:23:02 -04:00
482247771d
Add a fingerprint for Windows 10 + IE11
2015-07-01 18:06:25 -05:00
cd688437ac
Add support for Windows 10 for os.js
...
Resolves #4248
2015-07-01 15:02:22 -05:00
b1b21c4bef
Pymet fixes for Python 3.x
2015-07-01 14:32:12 -04:00
1de94a6865
Add module for CVE-2015-3113
2015-07-01 13:13:57 -05:00
2a891c50eb
Pymet transport stabilty and correction
2015-07-01 11:12:30 -04:00
4b5b7c8a27
Pymet support for core_transport_remove
2015-06-30 15:46:33 -04:00
6a45e19636
Pymet fix bind and tcp socket cleanup logic
2015-06-30 15:25:23 -04:00
3d49781230
Pymet support for core_transport_sleep
2015-06-29 18:34:35 -04:00
9a8ffacfd1
Pymet transport changing improvements
2015-06-29 14:00:07 -04:00
00742ea924
Pymet cleaner transport switching with responses
2015-06-28 13:16:00 -04:00
f6fa462bdc
Pymet support for changing transports
2015-06-27 20:57:45 -04:00
175d9cdcb1
Pymet support for creating and listing transports
2015-06-26 16:52:55 -04:00
79185e91c6
Refactor the pymet to use transport objects
2015-06-26 14:56:31 -04:00
7aae9b210e
Add pymet support for core_enumextcmd
2015-06-26 11:32:51 -04:00
ee0377ca16
Add module for CVE-2015-3105
2015-06-25 13:35:01 -05:00
ae41f2bfa0
Update exploit binaries for ms15-051
2015-06-25 09:33:15 +10:00
e75287875b
hack android-specific commands back to life
2015-06-22 20:41:58 -05:00
3686accadd
Merge branch 'upstream/master' into cve-2015-1701
2015-06-22 07:52:17 +10:00
04901baab8
Land #5572 @todb-r7's adds snowden's password to unix_passwords.txt
2015-06-19 17:01:22 -05:00
b580f93c22
New password from Snowden
2015-06-19 15:37:48 -05:00
d116f1efd5
Land #5566 , @wchen-r7 fixes #5565 modifying os.js
2015-06-19 11:07:00 -05:00
William Webb
wchen-r7
HD Moore
anhilo
Brandon Knight
nixawk
Koen Riepe
bwatters-r7
h00die
Pearce Barry
dmohanty-r7
Mehmet Ince
Jon P
Brent Cook
OJ
Tim
scriptjunkie
Yorick Koster
William Vu
David Maloney
Tonimir Kisasondi
mach-0
Joshua J. Drake
Adam Muntner
Christian Mehlmauer
khr0x40sh
h00die
Tod Beardsley
samvartaka
x90" * 365
Meatballs
f7b053223a9e
l0gan
Jay Turla
Bigendian Smalls
Chris Doughty
Louis Sato
James Lee
Mo Sadek
jvazquez-r7
joev
HD Moore
jvicente
Spencer McIntyre
Marc-Andre Meloche