Commit Graph

1170 Commits (84ce72367bf70b099804835c3c8e0606a62ffcd4)

Author SHA1 Message Date
sinn3r 466096f637 Add MSB number to name 2014-03-28 20:33:40 -05:00
jvazquez-r7 f7b1874e7d
Land #3151, @wchen-r7's use of BrowserExploitServer in ms13-59's exploit 2014-03-28 14:43:38 -05:00
sinn3r 8ec10f7438 Use BrowserExploitServer for MS13-059 module 2014-03-26 17:49:01 -05:00
jvazquez-r7 19918e3207
Land #3143, @wchen-r7's switch to BrowserExploitServer on ie_setmousecapture_uaf 2014-03-26 14:16:35 -05:00
sinn3r fdc355147f Use BrowserExploitServer mixin for ie_setmousecapture_uaf.rb 2014-03-25 18:41:47 -05:00
sinn3r 6c206e4ced Add a comment about what this build version range is covering 2014-03-25 11:43:13 -05:00
sinn3r 7108d2b90a Add ua_ver and mshtml_build requirements
This vulnerability is specific to certain builds of IE9.
2014-03-25 11:35:35 -05:00
Tod Beardsley cfdd64d5b1
Title, description grammar and spelling 2014-03-24 12:16:59 -05:00
jvazquez-r7 a5afd929b4 Land #3120, @wchen-r7's exploit for CVE-2014-0307 2014-03-20 11:16:40 -05:00
jvazquez-r7 8cb7bc3cbe Fix typo 2014-03-20 11:13:57 -05:00
sinn3r c5158a3ccc Update CVE 2014-03-19 22:13:23 -05:00
Tod Beardsley d27264b402
Land #2782, fix expand_path abuse 2014-03-19 08:41:28 -05:00
sinn3r 2e76faa076 Add MS14-012 Internet Explorer Use-After-Free Exploit Module
Add MS14-012 IE UAF.
2014-03-18 17:55:56 -05:00
William Vu 25ebb05093 Add next chunk of fixes
Going roughly a third at a time.
2014-03-11 12:23:59 -05:00
OJ 3ea3968d88
Merge branch 'upstream/master' into stop_abusing_expand_path
Conflicts:
	lib/msf/core/post/windows/shadowcopy.rb
	modules/exploits/windows/local/bypassuac.rb
	modules/post/windows/gather/wmic_command.rb
	modules/post/windows/manage/persistence.rb
2014-03-11 23:13:39 +10:00
William Vu e6905837eb
Land #2960, rand_text_alpha for amaya_bdo 2014-02-10 16:44:11 -06:00
Tod Beardsley 1236a4eb07
Fixup on description and some option descrips 2014-02-10 14:41:59 -06:00
David Maciejak 32c02dd56a Added some randomness 2014-02-08 11:27:25 +08:00
jvazquez-r7 a18de35fa7 Add module for ZDI-14-011 2014-02-06 18:25:36 -06:00
OJ 1cb671b02e
Merge branch 'adjust_getenv_api' into stop_abusing_expand_path 2014-01-03 08:14:02 +10:00
jvazquez-r7 7f9f4ba4db Make gsubs compliant with the new indentation standard 2013-12-31 11:06:53 -06:00
OJ 9fb081cb2d Add getenvs, update getenv, change extract_path use
Stacks of modules were using `extract_path` where it wasn't really semantically correct
because this was the only way to expand environment variables. This commit fixes that
up a bit.

Also, I changed the existing `getenv` function in `stdapi` to `getenvs`, and had it
support the splat operator. I added a `getenv` function which is used just for a
single variable and uses `getenvs` behind the scenes.

The meterpreter console `getenv` command now uses `getenvs`
2013-12-19 11:54:34 +10:00
Tod Beardsley f88a3a55b6
More slight updates. 2013-12-16 15:05:39 -06:00
sinn3r 04b7e8b174 Fix module title and add vendor patch information 2013-12-16 14:59:00 -06:00
jvazquez-r7 533accaa87 Add module for CVE-2013-3346 2013-12-16 14:13:47 -06:00
Tod Beardsley 55847ce074
Fixup for release
Notably, adds a description for the module landed in #2709.
2013-12-02 16:19:05 -06:00
sinn3r 5d10b44430 Add support for Silverlight
Add support for Silverlight exploitation. [SeeRM #8705]
2013-11-26 14:47:27 -06:00
jvazquez-r7 253719d70c Fix title 2013-11-26 08:11:29 -06:00
sinn3r 8005826160
Land #2644 - MS13-090 CardSpaceClaimCollection vuln 2013-11-25 13:06:09 -06:00
jvazquez-r7 7e4487b93b Update description 2013-11-22 17:37:23 -06:00
jvazquez-r7 a7ad107e88 Add ruby code for ms13-022 2013-11-22 16:41:56 -06:00
sinn3r a9de5e2846
Land #2634 - Opt browser autopwn load list 2013-11-19 15:10:29 -06:00
jvazquez-r7 bddb314073 Fix usage of Retries 2013-11-18 09:09:20 -06:00
jvazquez-r7 237bb22771 Disable auto migrate 2013-11-18 08:54:22 -06:00
jvazquez-r7 cbb7eb192c Add module for CVE-2013-3918 2013-11-15 10:38:52 -06:00
William Vu 2c485c509e Fix caps on module titles (first pass) 2013-11-15 00:03:42 -06:00
jvazquez-r7 fe2cd93a65 Delete ms13_037_svg_dashstyle from the browser_autopwn list 2013-11-13 23:46:50 -06:00
jvazquez-r7 8771b163f0 Solve conflicts with aladdin_choosefilepath_bof 2013-11-12 23:11:42 -06:00
jvazquez-r7 004c1bac78 Reduce number of modules available on BrowserAutopwn 2013-11-12 12:37:29 -06:00
jvazquez-r7 b01d8c50e0 Restore module crash documentation 2013-11-11 17:09:41 -06:00
jvazquez-r7 30de61168d Support heap spray obfuscation 2013-11-11 17:05:54 -06:00
jvazquez-r7 922f0eb900 Switch aladdin_choosefilepath_bof2 to use BrowserExploitServer 2013-11-11 17:01:09 -06:00
William Vu 2aed8a3aea Update modules to use new ZDI reference 2013-10-21 15:13:46 -05:00
sinn3r 032da9be10
Land #2426 - make use of Msf::Config.data_directory 2013-10-21 13:07:33 -05:00
sinn3r 36dace26fa
Land #2538 - Fix redirect URLs 2013-10-21 11:08:03 -05:00
James Lee 94db3f511a Avoid extra slash in redirect URI
[SeeRM #8507]
2013-10-17 14:10:15 -05:00
Tod Beardsley 07ab53ab39
Merge from master to clear conflict
Conflicts:
	modules/exploits/windows/brightstor/tape_engine_8A.rb
	modules/exploits/windows/fileformat/a-pdf_wav_to_mp3.rb
2013-10-17 13:29:24 -05:00
sinn3r 0ce221274b Change JS comments in Ruby. 2013-10-16 16:40:54 -05:00
James Lee 4fa3b8f820 Add support for IE7 on XP 2013-10-16 15:56:34 -05:00
sinn3r 06a212207e Put PrependMigrate on hold because of #1674
But I will probably still want this.
2013-10-16 09:24:46 -05:00