sinn3r
953a96fc2e
This one looks promising
2013-11-22 12:27:10 -06:00
sinn3r
8476ca872e
More progress
2013-11-22 11:53:57 -06:00
sinn3r
f1d181afc7
Progress
2013-11-22 04:51:55 -06:00
sinn3r
6d5c1c230c
Progress
2013-11-22 03:55:40 -06:00
sinn3r
4d2253fe35
Diet
2013-11-22 02:25:09 -06:00
sinn3r
8382d31f46
More progress
2013-11-21 18:48:12 -06:00
jvazquez-r7
885fedcc3b
Fix target name
2013-11-21 17:42:31 -06:00
sinn3r
22c7703e8b
Land #2658 - Make OGNL expressions compatible with struts 2.0.11.2
2013-11-21 15:30:42 -06:00
sinn3r
56d1c545e7
Oh look, more code
2013-11-21 14:42:07 -06:00
jvazquez-r7
851cf6f0d1
Land #2650 , @pnegry's exploit for DesktopCentral 8
2013-11-21 09:30:17 -06:00
jvazquez-r7
77aa665385
Add Privileged flag
2013-11-21 09:28:28 -06:00
jvazquez-r7
2ab3ab8b66
Delete empty Payload metadata section
2013-11-21 09:27:25 -06:00
jvazquez-r7
6bd3c4c887
Fix target name
2013-11-21 09:07:25 -06:00
jvazquez-r7
4c2ad4ca9a
Fix metadata
2013-11-21 09:06:47 -06:00
jvazquez-r7
8e4c5dbb5e
improve upload_file response check
2013-11-21 09:02:11 -06:00
jvazquez-r7
8fdfeb73db
Fix use of FileDropper and improve check method
2013-11-21 09:01:41 -06:00
jvazquez-r7
4abf01c64c
Clean indentation
2013-11-21 08:32:54 -06:00
sinn3r
ddd5b0abb9
More progress
2013-11-21 04:27:41 -06:00
Karn Ganeshen
b5011891a0
corrected rport syntax
2013-11-21 08:57:45 +03:00
Karn Ganeshen
9539972340
Module for OpenMind Message-OS portal login
2013-11-21 06:33:05 +03:00
Tod Beardsley
3926617972
Land #2664 , clear EOL spaces
...
[SeeRM #8498 ]
2013-11-20 17:27:06 -06:00
joev
eea811b71a
Merge branch 'landing-2601-mipsle-encoders' into upstream-master
2013-11-20 17:14:45 -06:00
sinn3r
e13e457d8f
Progress
2013-11-20 17:11:13 -06:00
William Vu
9f45121b23
Remove EOL spaces
2013-11-20 15:08:13 -06:00
William Vu
e8eb983ae1
Resplat shell_bind_tcp_random_port
2013-11-20 14:48:53 -06:00
jvazquez-r7
cec4166766
Fix description
2013-11-20 12:49:22 -06:00
jvazquez-r7
18e69bee8c
Make OGNL expressions compatible with struts 2.0.11.2
2013-11-20 12:42:10 -06:00
sinn3r
94e13a0b8a
Initial commit of CVE-2013-3906
2013-11-19 23:10:32 -06:00
Thomas Hibbert
4cc20f163b
Update References field to be compliant.
2013-11-20 13:01:21 +13:00
Thomas Hibbert
07c76fd3e6
Module cleaned for msftidy compliance.
2013-11-20 11:33:14 +13:00
sinn3r
a9de5e2846
Land #2634 - Opt browser autopwn load list
2013-11-19 15:10:29 -06:00
jvazquez-r7
14c6ab4ca5
Add module for CVE-2013-4212
2013-11-19 10:25:52 -06:00
Tod Beardsley
ded56f89c3
Fix caps in description
2013-11-18 16:15:50 -06:00
jvazquez-r7
f963f960cb
Update title
2013-11-18 15:07:59 -06:00
jvazquez-r7
274247bfcd
Land #2647 , @jvennix-r7's module for Gzip Memory Bomb DoS
2013-11-18 15:06:46 -06:00
joev
589660872e
Kill FILEPATH datastore option.
2013-11-18 14:13:25 -06:00
jvazquez-r7
f690667294
Land #2617 , @FireFart's mixin and login bruteforcer for TYPO3
2013-11-18 13:37:16 -06:00
jvazquez-r7
0391ae2bc0
Delete general reference
2013-11-18 13:19:09 -06:00
jvazquez-r7
1c4dabaf34
Beautify typo3_bruteforce module
2013-11-18 13:17:15 -06:00
sinn3r
b5fc0493a5
Land #2642 - Fix titles
2013-11-18 12:14:36 -06:00
William Vu
455934a545
Land #2645 , Redis spec conformity for redis_server
2013-11-18 12:00:38 -06:00
jvazquez-r7
9e46975a95
Land #2643 , @ChrisJohnRiley SkipVersionCheck for exim4_dovecot_bannercheck
2013-11-18 11:28:07 -06:00
jvazquez-r7
540b85df3f
Set SkipVersionCheck as not required
2013-11-18 11:27:32 -06:00
jvazquez-r7
f6f0d81149
Land #2632 , @peto01 OSX VPN Manager post module
2013-11-18 09:49:14 -06:00
jvazquez-r7
0a930ef6e1
Clean osx vpn post module
2013-11-18 09:47:52 -06:00
jvazquez-r7
bddb314073
Fix usage of Retries
2013-11-18 09:09:20 -06:00
jvazquez-r7
237bb22771
Disable auto migrate
2013-11-18 08:54:22 -06:00
Thomas Hibbert
960f7c9bbb
Add DesktopCentral arbitrary file upload exploit.
2013-11-18 16:11:28 +13:00
joev
8e889c61f7
Update description.
2013-11-17 15:48:27 -06:00
joev
f7820139dc
Add a content_type datastore option.
2013-11-17 15:38:55 -06:00
joev
43d2711b98
Default to 1 round compression.
2013-11-17 15:35:35 -06:00
joev
1e3860d648
Add gzip bomb dos aux module.
2013-11-17 14:44:33 -06:00
jvazquez-r7
7d22312cd8
Fix redis communication
2013-11-15 19:36:18 -06:00
Tod Beardsley
89d0b3c41c
Return the splat and require on a module.
2013-11-15 12:19:53 -06:00
Tod Beardsley
36db6a4d59
Land #2616 , SuperMicro close_window BOF
2013-11-15 11:34:53 -06:00
jvazquez-r7
cbb7eb192c
Add module for CVE-2013-3918
2013-11-15 10:38:52 -06:00
Chris John Riley
5bd5eacd77
Added option to ignore banner checks
2013-11-15 15:01:11 +01:00
William Vu
2c485c509e
Fix caps on module titles (first pass)
2013-11-15 00:03:42 -06:00
jvazquez-r7
4cf16cf360
Land #2633 , @OJ's port of Kitrap0d as local exploit
2013-11-14 09:27:10 -06:00
Peter Toth
7db42efdd4
Code restructure and more robust error handling
2013-11-14 13:44:49 +01:00
jvazquez-r7
fe2cd93a65
Delete ms13_037_svg_dashstyle from the browser_autopwn list
2013-11-13 23:46:50 -06:00
OJ
506a4d9e67
Remove genericity, x64 and renamed stuff
...
As per discussion on the github issue, the following changes were made:
* Project renamed from elevate to kitrap0d, implying that this is not
intended to be a generic local priv esc exploit container.
* Container DLL no longer generic, always calls the kitrap0d exploit.
* Removal of all x64 code and project configurations.
* Invocation of the exploit changed so that the address of the payload
is passed in to the exploit entry point. The exploit is now responsible
for executing the payload if the exploit is successful. This removes
the possibility of the payload getting executed when the exploit fails.
* Source moved to the appropriate CVE folder.
* Binary moved to the appropriate CVE folder.
* Little bit of source rejigging to tidy things up.
2013-11-14 12:22:53 +10:00
James Lee
5b96ad595f
Skip reg values with no secretes
...
Also update header comment to match new standard
2013-11-13 19:05:16 -06:00
James Lee
cb10b4783b
Mark XP hashes as mscash for JtR to recognize
2013-11-13 19:04:16 -06:00
James Lee
0aef145f64
Merge remote-tracking branch 'upstream/master' into land-2532-enum-lsa
2013-11-13 18:11:21 -06:00
James Lee
8471f74b75
Refactor ivar to a more reasonable method
...
Also changes jtr output for cachedump to produce hashes that can be
auto-detected as mscash2 format for a better user experience.
2013-11-13 18:09:41 -06:00
James Lee
8bb72764ec
Rename credentials/lsa -> lsa_secrets
...
Secrets are not necessarily credentials
2013-11-13 15:23:15 -06:00
James Lee
16627c1bd3
Add spec for capture_lsa_key
2013-11-13 15:16:34 -06:00
William Vu
334a93af45
Land #2638 , refs for android_htmlfileprovider
2013-11-13 14:51:46 -06:00
joev
0612f340f1
Commas are good.
2013-11-13 14:38:50 -06:00
joev
ad5f82d211
Add missing refs to aux/gather/android_htmlfileprovider.
2013-11-13 14:36:18 -06:00
jvazquez-r7
2594427999
Land #2631 , @peto01's osx screen capture post module
2013-11-13 13:58:03 -06:00
jvazquez-r7
2b19490095
Fix Exception handling
2013-11-13 13:57:15 -06:00
jvazquez-r7
95f371a1a6
Move screen_capture to the capture folder
2013-11-13 13:41:11 -06:00
jvazquez-r7
f65e82523b
Clean screen_capture
2013-11-13 13:40:41 -06:00
James Lee
3168359a82
Refactor lsa and add a spec for its crypto methods
2013-11-13 11:55:39 -06:00
Peter Toth
f5760d5e4c
Removed unnecessary delay
2013-11-13 16:25:47 +01:00
Peter Toth
c4a8bfb175
Tighter error handling
2013-11-13 16:19:38 +01:00
Peter Toth
78199409dd
Changes according to feedback
2013-11-13 14:13:40 +01:00
Peter Toth
92da6760ef
Modified module to use windows/screen_spy code
2013-11-13 13:30:20 +01:00
Peter Toth
3fdaf4de94
Work in progress
2013-11-13 13:11:27 +01:00
Peter Toth
d9c402c035
Fixed the module name
2013-11-13 08:57:50 +01:00
jvazquez-r7
8771b163f0
Solve conflicts with aladdin_choosefilepath_bof
2013-11-12 23:11:42 -06:00
Peter Toth
2d9e8e09e6
Minor bugfix
2013-11-13 02:07:06 +01:00
Peter Toth
1fed50c96a
General improvements according to feedback
2013-11-13 01:54:42 +01:00
OJ
e4fc361b37
Various tidies and fixes
...
* Change ranking.
* Update references to comply with correct approach.
* Update messages to better describe what should happen.
* Update the Windows version regex to match XP.
* Update `check` function to use `unless`.
Thanks again @jvazquez-r7 for the feedback!
2013-11-13 10:38:48 +10:00
Peter Toth
6e12553393
Changed option SNAP_FILETYPE to FILETYPE
2013-11-13 00:51:58 +01:00
Peter Toth
779cb48b76
General improvements addressing feedback
2013-11-13 00:42:00 +01:00
jvazquez-r7
ef6d9db48f
Land #2613 , @wchen-r7's BrowserExploitServer mixin
2013-11-12 17:33:12 -06:00
William Vu
da25785eba
Land #2350 , shell_bind_tcp_random_port for Linux
2013-11-12 16:06:37 -06:00
jvazquez-r7
004c1bac78
Reduce number of modules available on BrowserAutopwn
2013-11-12 12:37:29 -06:00
sinn3r
970e70a853
Land #2626 - Add wordpress scanner
2013-11-12 11:30:23 -06:00
sinn3r
6a28f1f2a7
Change 4-space tabs to 2-space tabs
2013-11-12 11:29:28 -06:00
OJ
40f58ce534
Finalise the local exploit for kitrap0d
...
The exploit now properly injects the DLL using RDI and invokes the
exploit based on a parameter passed by the Ruby module. The elevate
code is 'generic' with a goal of possibly supporting more exploits
down the track.
New sessions are now created with the SYSTEM creds, rather than
modifying the existing session. This is now inline with how things
are done with other local modules.
2013-11-12 23:01:24 +10:00
Peter Toth
c5f21ef463
added osx vpn module
2013-11-12 12:47:33 +01:00
Peter Toth
b722fee15c
added OSX module screen_capture
2013-11-12 12:32:30 +01:00
Tod Beardsley
65993704c3
Actually commit the mode change.
2013-11-11 22:16:29 -06:00
Tod Beardsley
2035983d3c
Fix a handful of msftidy warnings, and XXX SSL
...
Marked the SSL stuff as something that needs to be resolved in order to
fix a future bug in datastore manipulation. Also, fixed some whitespace
and exec complaints
[SeeRM #8498 ]
2013-11-11 21:23:35 -06:00
jvazquez-r7
b01d8c50e0
Restore module crash documentation
2013-11-11 17:09:41 -06:00
jvazquez-r7
30de61168d
Support heap spray obfuscation
2013-11-11 17:05:54 -06:00