Commit Graph

140 Commits (7727f3d6e876e4649d950b617d380f8a44124662)

Author SHA1 Message Date
sinn3r c5302e13ac Slight changes 2011-12-01 03:02:08 -06:00
sinn3r f64f0eefda Add class file for CVE-2011-3544 2011-11-29 18:06:20 -06:00
David Maloney 30d1451159 Consolidation of the Axis2 Deployer Exploits
Fixes #5276
2011-11-22 08:47:53 -08:00
sinn3r 3185b3471b Add template for CVE-2010-0822 2011-11-21 11:36:27 -06:00
scriptjunkie 8d58ea227f Add UAC bypass to default pxesploit attack. 2011-11-16 08:16:22 -08:00
HD Moore 96766edfd0 Permission changes (to sync) 2011-11-10 19:48:32 -06:00
Wei Chen aeaea65896 Add template file for ms11-021
git-svn-id: file:///home/svn/framework3/trunk@14168 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-05 23:04:54 +00:00
Mario Ceballos 2f2421badc initial coverage of the pnsize bug (fileformat)
git-svn-id: file:///home/svn/framework3/trunk@13691 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-03 21:17:58 +00:00
David Rude 0b72c931b6 Adds the nsepa.ocx ActiveX control for CVE-2011-2882
git-svn-id: file:///home/svn/framework3/trunk@13668 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-30 22:23:27 +00:00
Matt Weeks ce9db06589 Add localboot config for PXE.
git-svn-id: file:///home/svn/framework3/trunk@13628 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-24 21:26:41 +00:00
Wei Chen 5559eec7c9 Add trigger file for MS10-026
git-svn-id: file:///home/svn/framework3/trunk@13545 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-12 19:01:59 +00:00
Matt Weeks f12742a05f Better cleanup for PXE attacks.
git-svn-id: file:///home/svn/framework3/trunk@13518 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-11 02:57:02 +00:00
Matt Weeks b2733c04db More PXE dust for extra magic!
git-svn-id: file:///home/svn/framework3/trunk@13493 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-05 17:10:27 +00:00
amaloteaux b9bb5c454d psnuffle : add a smb protocol decoder
git-svn-id: file:///home/svn/framework3/trunk@13375 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-27 18:06:28 +00:00
Tod Beardsley c54e18d757 Fixes #5038. Removes all instances of Racket objects, as far as I can tell. If I missed any through my mighty grep -ril racket . statement, please reopen!
git-svn-id: file:///home/svn/framework3/trunk@13342 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-26 01:29:21 +00:00
Matt Weeks 338a13baac Fix minor error.
git-svn-id: file:///home/svn/framework3/trunk@13167 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-14 02:36:42 +00:00
James Lee d1b971c5f2 no need for a static sig anymore
git-svn-id: file:///home/svn/framework3/trunk@12835 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-03 00:13:44 +00:00
Matt Weeks 971b6f96f6 pxesploit update; compatibility with x64, compatibility with different windows versions.
Still no custom payload yet.



git-svn-id: file:///home/svn/framework3/trunk@12430 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-25 02:51:07 +00:00
Wei Chen ce2687cafe Added swf trigger file
git-svn-id: file:///home/svn/framework3/trunk@12329 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-16 02:08:03 +00:00
David Rude 8c614a9296 made the shellcode request random to avoid signatures
git-svn-id: file:///home/svn/framework3/trunk@12148 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-26 16:00:52 +00:00
David Rude ff3659aa37 Lots of work to make this a lot more reliable =)
git-svn-id: file:///home/svn/framework3/trunk@12146 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-26 06:35:28 +00:00
Wei Chen bdccc67d1d Added Crash file for CVE-2010-3275 (VLC AMV file)
git-svn-id: file:///home/svn/framework3/trunk@12136 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-25 21:01:30 +00:00
Tod Beardsley 9895d01d51 Moving lib_mysqludf_sys*.dll to a more obvious subdirectory of the exploit binaries.
git-svn-id: file:///home/svn/framework3/trunk@12128 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-24 17:48:19 +00:00
Tod Beardsley b1178686cf Fixes #3988. Adds a command execution module for PostgreSQL by uploading a UDF library and adding sys_exec() as a temporary function. Requires the target to be Windows, uses Bernardo Damele A. G.'s binaries.
Also fixes a typo in the arguments to handler which clears up a heretofore mysterious exception (see exploit.rb).



git-svn-id: file:///home/svn/framework3/trunk@12111 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 19:36:07 +00:00
David Rude d7266b6551 Add CVE-2011-0609 exploit for Adobe Flash
git-svn-id: file:///home/svn/framework3/trunk@12089 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 04:31:48 +00:00
Joshua Drake fb6107ffb5 enable java payloads, currently via one-off method
git-svn-id: file:///home/svn/framework3/trunk@12012 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-17 23:57:11 +00:00
Joshua Drake 4644110962 add exploit for cve-2010-4452, currently windows only and no payloads :(
git-svn-id: file:///home/svn/framework3/trunk@11982 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-16 04:50:25 +00:00
Tod Beardsley 42531e097f Fixes #3916. Adds a module for mysql delivery of a payload via a UDF, using Bernardo's quite excellent UDF libraries.
git-svn-id: file:///home/svn/framework3/trunk@11899 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-08 22:42:26 +00:00
James Lee 05d073c467 move the evil-looking metasploit.PayloadApplet to the more inocuous SiteLoader.class, re-enable rjb compiling for the applet class
git-svn-id: file:///home/svn/framework3/trunk@11249 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-07 20:43:53 +00:00
Joshua Drake fbd340aae8 add an adodb based cmdstager, fixes #1431
git-svn-id: file:///home/svn/framework3/trunk@11247 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-07 18:51:12 +00:00
James Lee 191c4e8eb7 make java_signed_applet work with generic java payloads, but keep the default target as Windows/x86 since it is by far the most common victim.
git-svn-id: file:///home/svn/framework3/trunk@11172 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-30 03:50:40 +00:00
James Lee 6f7af42667 add an exploit for cve-2010-3563, thanks Matthias Kaiser
git-svn-id: file:///home/svn/framework3/trunk@11078 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-19 23:02:35 +00:00
Carlos Perez c492737f0f Fixed format issue
git-svn-id: file:///home/svn/framework3/trunk@11032 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-14 02:37:37 +00:00
James Lee 089ace9726 update the static-signed jar for java_signed_applet, fixes #3015
git-svn-id: file:///home/svn/framework3/trunk@10993 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-11 21:00:29 +00:00
Joshua Drake b572414eac add exploit for cve-2010-3654
git-svn-id: file:///home/svn/framework3/trunk@10857 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-01 22:34:13 +00:00
Joshua Drake 21f16f63a1 style compliance fixes
git-svn-id: file:///home/svn/framework3/trunk@10855 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-01 21:45:49 +00:00
Joshua Drake 6bd75bb2d5 add shockwave exploit from abysssec/rel1k
git-svn-id: file:///home/svn/framework3/trunk@10779 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-22 03:15:22 +00:00
Joshua Drake f997b37245 remove the kitrap0d meterpreter script in favor of the "getsystem" implementation, fixes #800, fixes #801
git-svn-id: file:///home/svn/framework3/trunk@10739 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-18 23:57:41 +00:00
HD Moore f88033f0cc Merge in R3L1K's Powershell enhancements and powerdump code (hashdump through powershell)
git-svn-id: file:///home/svn/framework3/trunk@10721 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-17 17:39:43 +00:00
Joshua Drake eaf8ef00d0 add initial version of cve-2010-2883 exploit
git-svn-id: file:///home/svn/framework3/trunk@10263 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-08 23:05:18 +00:00
James Lee 85126af521 add an exploit module for cve-2010-0094, thanks Matthias Kaiser.
git-svn-id: file:///home/svn/framework3/trunk@10255 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-08 08:20:55 +00:00
James Lee 7381ab8b6d duh, dont actually need this
git-svn-id: file:///home/svn/framework3/trunk@10093 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-21 07:19:49 +00:00
James Lee 6b08dfed61 Add exploit module for cve-2010-08040. This is an awesome bug and my description field doesn't do it justice
git-svn-id: file:///home/svn/framework3/trunk@10092 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-21 06:38:29 +00:00
Joshua Drake 4f148f9374 oops, add updateX data files, see #2329
git-svn-id: file:///home/svn/framework3/trunk@9964 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-06 19:43:25 +00:00
James Lee 119f9328fc remove debug prints. =/
git-svn-id: file:///home/svn/framework3/trunk@9875 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-20 00:57:03 +00:00
James Lee 08d705c1db add java meterpreter and update java_calendar_deserialize to be able to use it, see #406
git-svn-id: file:///home/svn/framework3/trunk@9874 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-20 00:53:24 +00:00
Joshua Drake 74b30535c4 oops, forgot swf
git-svn-id: file:///home/svn/framework3/trunk@9474 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-10 20:14:45 +00:00
Joshua Drake 6d1e7bdaa5 big commit - lots of cmdstager changes
created 4 cmd stagers (instead of just one): CmdStagerVBS, CmdStagerDebugAsm, CmdStagerDebugWrite, CmdStagerTFTP
created a TFTPServer mixin
created Msf::Exploit::EXE mixin to generate executables
updated all uses of CmdStager to use CmdStagerVBS for the time being
add exploit for cve-2001-0333 using CmdStagerTFTP
updated tftp server to wait for transfers to finish (up to 30 seconds) before shutting down
write debug.exe stager stub in 16-bit assembly (used in CmdStagerDebugAsm)


git-svn-id: file:///home/svn/framework3/trunk@9375 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-26 22:39:56 +00:00
Joshua Drake 879a92ffbf change WriteLine to Write
git-svn-id: file:///home/svn/framework3/trunk@9089 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-16 00:24:56 +00:00
Joshua Drake d370ab62c6 don't wait for shell.run to finish
git-svn-id: file:///home/svn/framework3/trunk@8718 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-04 22:33:16 +00:00
Joshua Drake cc9113397c add exploit for IE Windows Help vulnerability
git-svn-id: file:///home/svn/framework3/trunk@8682 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-01 23:14:20 +00:00
Joshua Drake 4800d6841c commit cmd stager stuff from bannedit
git-svn-id: file:///home/svn/framework3/trunk@8518 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-16 16:38:19 +00:00
HD Moore 85c59038ed Add rsnake's RFI index
git-svn-id: file:///home/svn/framework3/trunk@8504 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-15 15:37:04 +00:00
Joshua Drake f82c53db2a move 70k binary to data/exploits instead of hex encoded in the exploit
git-svn-id: file:///home/svn/framework3/trunk@8446 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-10 23:17:19 +00:00
natron 3ecabe1be9 Adds static signed jar and user messages letting them know.
git-svn-id: file:///home/svn/framework3/trunk@8328 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-29 19:47:40 +00:00
natron 69ad365b46 Added STDERR to pure java payload, cleaned up user's view.
git-svn-id: file:///home/svn/framework3/trunk@8308 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 22:53:36 +00:00
natron cd5e5880d2 Initial commit of Msf::Exploit::Java mixin and multi/browser/java_signed_applet exploit.
git-svn-id: file:///home/svn/framework3/trunk@8267 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 19:46:39 +00:00
HD Moore cf26fcb9ad Fixes #784. Adds .NET server support
git-svn-id: file:///home/svn/framework3/trunk@8256 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 07:02:07 +00:00
HD Moore 9ea99c37a8 Updated DLL (Win7 - Trap)
git-svn-id: file:///home/svn/framework3/trunk@8244 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-26 20:25:30 +00:00
HD Moore 4b637c4912 Updated with new target system, signature for 2000 SP4, fixed SP4 usage, but the priv esclation is non-functional, use twunk16/debug depending on what is available.
git-svn-id: file:///home/svn/framework3/trunk@8240 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-26 19:13:28 +00:00
HD Moore a898901ad3 Switch to twunk_16 for Windows 7 compatibility
git-svn-id: file:///home/svn/framework3/trunk@8230 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-25 18:07:48 +00:00
HD Moore 9a27a8dc01 Check the new binaries back in
git-svn-id: file:///home/svn/framework3/trunk@8227 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-25 16:56:41 +00:00
HD Moore 8058fb22e8 Purge these copies until the secondary thread issue is fixed
git-svn-id: file:///home/svn/framework3/trunk@8180 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-20 13:36:48 +00:00
HD Moore 2574416a29 Add the associated binaries
git-svn-id: file:///home/svn/framework3/trunk@8169 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-19 22:31:06 +00:00
Joshua Drake b37c34579b add exploit module for cve-2009-3869
NOTE: no policy change is required for this exploit to succeed.



git-svn-id: file:///home/svn/framework3/trunk@7899 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-17 04:52:40 +00:00
Joshua Drake 255724d640 compile java applet with 1.3, Fixes #685
git-svn-id: file:///home/svn/framework3/trunk@7850 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 17:26:19 +00:00
Joshua Drake 34408c5e3e add exploit module for CVE-2009-3867 (JRE getSoundbank)
git-svn-id: file:///home/svn/framework3/trunk@7827 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-11 21:18:31 +00:00
HD Moore c44bcf3299 Add the stub site/dns lists for airpwn/dnspwn
git-svn-id: file:///home/svn/framework3/trunk@7491 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-13 19:17:14 +00:00
HD Moore d892264ad7 Adds a DoS proof of concept for MS09-065 (EOT)
git-svn-id: file:///home/svn/framework3/trunk@7470 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-11 23:48:53 +00:00
HD Moore 80a262f991 Fixes #423. Using /s on a regex forces an encoding that cant match random binary gibberish
git-svn-id: file:///home/svn/framework3/trunk@7322 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-02 17:59:45 +00:00
HD Moore 5f57666f44 Woops! Commit the h2b script needed for mssql_payload
git-svn-id: file:///home/svn/framework3/trunk@7166 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-15 13:52:14 +00:00
HD Moore 2247b483d9 Updated pSnuffle sniffer code from _MAX_
git-svn-id: file:///home/svn/framework3/trunk@6965 4d416f70-5f16-0410-b530-b9f4589650da
2009-08-19 14:07:33 +00:00
HD Moore 5e74e80c89 Update psnuffle modules to use payload_data
git-svn-id: file:///home/svn/framework3/trunk@6899 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-25 14:11:55 +00:00
HD Moore be6bb23b5e Psnuffle modules
git-svn-id: file:///home/svn/framework3/trunk@6824 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-17 20:39:06 +00:00
HD Moore b8efb1bbf9 Add Stephen Fewer's shiny exploit for the Java deserialization flaw
git-svn-id: file:///home/svn/framework3/trunk@6664 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-16 17:19:44 +00:00
HD Moore 962e8688f2 Changing the default sites list, adding more entries
git-svn-id: file:///home/svn/framework3/trunk@5619 4d416f70-5f16-0410-b530-b9f4589650da
2008-08-08 06:01:10 +00:00
HD Moore cc8ae206b6 First batch of karmetasploit updates
git-svn-id: file:///home/svn/framework3/trunk@5618 4d416f70-5f16-0410-b530-b9f4589650da
2008-08-08 06:00:30 +00:00
HD Moore cd33fcca2c New loading screen
git-svn-id: file:///home/svn/framework3/trunk@5617 4d416f70-5f16-0410-b530-b9f4589650da
2008-08-08 05:16:15 +00:00
HD Moore 4b626e5359 Updated forms
git-svn-id: file:///home/svn/framework3/trunk@5552 4d416f70-5f16-0410-b530-b9f4589650da
2008-07-14 05:35:57 +00:00
HD Moore 77f7be3e75 New, cleaner form snippets
git-svn-id: file:///home/svn/framework3/trunk@5493 4d416f70-5f16-0410-b530-b9f4589650da
2008-04-23 04:17:30 +00:00
HD Moore 231529d684 Nuke these for now, need to rebuild
git-svn-id: file:///home/svn/framework3/trunk@5492 4d416f70-5f16-0410-b530-b9f4589650da
2008-04-23 03:44:24 +00:00
HD Moore 84d921633b Fun with saved passwords
git-svn-id: file:///home/svn/framework3/trunk@5490 4d416f70-5f16-0410-b530-b9f4589650da
2008-04-22 18:48:21 +00:00
HD Moore 2eb50c4bb7 Top 500 sites from alexa
git-svn-id: file:///home/svn/framework3/trunk@5489 4d416f70-5f16-0410-b530-b9f4589650da
2008-04-21 22:52:51 +00:00
HD Moore e237177e6d Remove the JS function
git-svn-id: file:///home/svn/framework3/trunk@5488 4d416f70-5f16-0410-b530-b9f4589650da
2008-04-21 22:47:26 +00:00
HD Moore 2084024822 Small bugfixes to HTTP capture
git-svn-id: file:///home/svn/framework3/trunk@5486 4d416f70-5f16-0410-b530-b9f4589650da
2008-04-21 21:49:10 +00:00
HD Moore 929888a714 Configurable HTTP capture service
git-svn-id: file:///home/svn/framework3/trunk@5484 4d416f70-5f16-0410-b530-b9f4589650da
2008-04-21 21:04:11 +00:00
HD Moore 9b343c7149 New mail.app exploit for leopard
git-svn-id: file:///home/svn/framework3/trunk@5209 4d416f70-5f16-0410-b530-b9f4589650da
2007-11-28 22:23:31 +00:00
HD Moore 41088c3ea4 First version of the iPhone libtiff exploit
git-svn-id: file:///home/svn/framework3/trunk@5144 4d416f70-5f16-0410-b530-b9f4589650da
2007-10-14 22:15:41 +00:00
HD Moore d35adad50e Revision 1, still some bugs to work out
git-svn-id: file:///home/svn/framework3/trunk@4977 4d416f70-5f16-0410-b530-b9f4589650da
2007-05-29 22:56:18 +00:00
HD Moore d09046a5b9 Accessing res['header'] is now case insensitive for HTTP responses
Added the Google Appliance exploit



git-svn-id: file:///home/svn/framework3/trunk@4259 4d416f70-5f16-0410-b530-b9f4589650da
2007-01-05 05:22:39 +00:00