sgabe
7fc3511ba9
Remove unnecessary NOPs
2014-02-11 23:48:54 +01:00
sgabe
12471660e9
Replace unnecessary NOP sled with random text
2014-02-11 23:48:04 +01:00
sgabe
184ccb9e1e
Fix payload size
2014-02-11 23:42:58 +01:00
jvazquez-r7
3717374896
Fix and improve reliability
2014-02-11 10:44:58 -06:00
sgabe
e8a3984c85
Fix ROP NOP address and reduce/remove NOPs
2014-02-11 00:29:37 +01:00
sgabe
08b6f74fb4
Add module for CVE-2010-2343
2014-02-10 20:46:09 +01:00
jvazquez-r7
5672a4dae5
Land #2962 , @Meatballs1 RequiredCmd property for ARCH_CMD win payloads
2014-02-10 09:51:08 -06:00
sinn3r
c96116b193
Land #2949 - Add module Kloxo SQLi
2014-02-08 13:45:11 -06:00
Meatballs
93b07b0e48
Add missing RequiredCmds
2014-02-08 12:24:49 +00:00
sinn3r
66cb97305c
Land #2953 - KingScada kxClientDownload.ocx ActiveX Remote Code Exec
2014-02-07 17:41:35 -06:00
sinn3r
bd23fcf4b7
Land #2936 - Windows Command Shell Upgrade (Powershell)
2014-02-07 17:39:06 -06:00
James Lee
f0fd2f0598
Land #2944 , add platforms to encoders
...
This allows encoders to advertise compatibility with a particular
platform (or more accurately, non-compatibility with everything that
isn't that platform).
See also #2939
2014-02-07 13:38:05 -06:00
sinn3r
63305025aa
Land #2615 - Add Windows Gather Active Directory User Comments
2014-02-07 12:23:43 -06:00
sinn3r
9c76e7fb00
Handle multiple exceptions
2014-02-07 12:23:10 -06:00
sinn3r
40188e1eda
RuntimeError exception should be handled.
2014-02-07 12:16:15 -06:00
jvazquez-r7
c679b1001b
Make pring_warning verbose
2014-02-07 10:23:07 -06:00
jvazquez-r7
a18de35fa7
Add module for ZDI-14-011
2014-02-06 18:25:36 -06:00
James Lee
4b37cc7243
Land #2927 , PandoraFMS anyterm exploit
2014-02-06 15:22:23 -06:00
James Lee
4236abe282
Better SIGHUP handling
2014-02-06 15:21:54 -06:00
William Vu
19fff3c33e
Land #2942 , @jvennix-r7's Android awesomesauce
...
Also, thanks to @jduck for testing!
2014-02-06 11:53:11 -06:00
Joe Vennix
362e937c8d
Forgot to push local changes.
2014-02-06 11:47:35 -06:00
Joe Vennix
0dc2ec5c4d
Use BrowserExploitServer mixin.
...
This prevents drive-by users on other browsers from ever receiving
the exploit contents.
2014-02-06 11:32:42 -06:00
jvazquez-r7
ac52edabd5
Land #2801 , Land @kicks4kittens IBM Sametime modules
2014-02-06 10:17:03 -06:00
jvazquez-r7
30c325c22e
Make better json check
2014-02-06 10:16:26 -06:00
kicks4kittens
564f9bccc8
Correct print output
...
Printing the room details is the purpose of the module.
Reinstated printing the table in non-verbose mode (users won't know it's there otherwise)
2014-02-05 22:00:02 +01:00
kicks4kittens
445cd7be5a
remove "on {peer}
...
line already includes {peer} info
2014-02-05 21:57:58 +01:00
kicks4kittens
4c0c9101aa
Correct check, reinstate print
...
Corrected JSON check (response is empty, but valid JSON on check success)
Reinstated print to warn user (not only in VERBOSE)
2014-02-05 21:56:56 +01:00
kicks4kittens
60cf68f899
added default SSL
2014-02-05 21:54:02 +01:00
kicks4kittens
3560b41eb2
correct variable name
...
body isn't valid, replaced with res.body and tested
2014-02-05 21:51:55 +01:00
kicks4kittens
38add0ab50
alter print_status
...
Altered print_status to print_good to differentiate when user is online easier
2014-02-05 21:49:39 +01:00
jvazquez-r7
fdb954fdfb
Report credentials
2014-02-05 14:37:33 -06:00
jvazquez-r7
631559a2e8
Add module for Kloco SQLi
2014-02-05 14:18:56 -06:00
Joe Vennix
553616b6cc
Add URL for browser exploit.
2014-02-04 17:04:06 -06:00
Tod Beardsley
3a6626761b
Land #2945 , obsolete old modules
...
Obsoletes:
modules/auxiliary/admin/scada/igss_exec_17.rb
modules/exploits/windows/http/sap_mgmt_con_osexec_payload.rb
modules/post/windows/gather/resolve_hosts.rb
modules/post/windows/manage/persistence.rb
2014-02-04 15:11:25 -06:00
sinn3r
bda93c2bbc
Land #2811 - Add generate_war to jsp_shell payloads
2014-02-04 15:06:45 -06:00
sinn3r
89e1bcc0ca
Deprecate modules with date 2013-something
...
These modules had an expiration date of 2013.
2014-02-04 14:49:18 -06:00
jvazquez-r7
80e7ae144b
Use the platform when selecting the payload
2014-02-04 14:34:11 -06:00
Joe Vennix
23fc73924e
Msftidy it up.
2014-02-04 14:24:36 -06:00
William Vu
a58698c177
Land #2922 , multithreaded check command
2014-02-04 11:21:05 -06:00
jvazquez-r7
cccf2e4258
Land #2926 , @xistence A10 Networks Loadbalancer dir traversal module
2014-02-04 07:28:51 -06:00
jvazquez-r7
cc09367c62
Change the datastore name option
2014-02-04 07:28:14 -06:00
Joe Vennix
700e09f386
Wording tweak.
2014-02-04 02:55:10 -06:00
Joe Vennix
bbabd72b0e
Whitespace tweaks.
2014-02-04 02:52:52 -06:00
Joe Vennix
eb6a5a4c19
Tweak checks.
2014-02-04 02:49:44 -06:00
Joe Vennix
4923a93974
Tweak description.
2014-02-04 02:47:49 -06:00
Joe Vennix
37479884a5
Add browserautopwn support.
2014-02-04 02:32:12 -06:00
Joe Vennix
eba3a5aab0
More accurate description.
2014-02-04 01:44:39 -06:00
Joe Vennix
177bd35552
Add webview HTTP exploit.
2014-02-04 01:37:09 -06:00
Tod Beardsley
7e2a9a7072
More desc fixes, add a vprint to give a hint
2014-02-03 13:18:52 -06:00
Tod Beardsley
d34020115a
Fix up on apache descs and print_* methods
2014-02-03 13:13:57 -06:00