Commit Graph

31880 Commits (86f943e25aab78ff7cb1654e7ce7ad319a7990ef)

Author SHA1 Message Date
sinn3r 220a26c5a4
Land #4907, CVE-2015-1427, elasticsearch groovy code injection 2015-03-12 11:28:24 -05:00
sinn3r ac24652196
Land #4911, CVE-2015-0096 (ms15_020_shortcut_icon_dllloader) 2015-03-12 10:51:56 -05:00
sinn3r 67d05f9354 Add the PR as a reference (how to guide) 2015-03-12 10:51:01 -05:00
sinn3r 0d36115112 Update MS15-018 MSB reference 2015-03-12 10:13:37 -05:00
HD Moore 744b1a680e Reworks how payload prepends work internally, see #1674 2015-03-12 02:30:06 -05:00
HD Moore 376d05f797 Avoid instantiating the module during recalculate 2015-03-12 01:02:37 -05:00
HD Moore f676dc03c8
Lands #4849, prevents the target from running out of memory during NTFS reads 2015-03-12 00:01:47 -05:00
HD Moore 7252ba284a Tweak memory usage from 64Mb to 4Mb 2015-03-11 23:58:13 -05:00
jvazquez-r7 e9e9d27363 Merge support for the SMB share mixin 2015-03-11 23:49:27 -05:00
jvazquez-r7 68d69177ad Add smb module for MS15-020 2015-03-11 23:46:50 -05:00
HD Moore 24440b8c38
Lands #4913, adds OSVDB reference to nvidia module 2015-03-11 23:32:22 -05:00
HD Moore aa79b71e35 Fixes #4897 by corrected kernel32!Interlocked function definitions 2015-03-11 23:26:32 -05:00
jvazquez-r7 a9fa2d25aa Add SMB module for MS10-046 2015-03-11 23:23:56 -05:00
HD Moore cdef992d6b
Lands #4912, http handlers will use the client's Host header by default. 2015-03-11 23:23:37 -05:00
scriptjunkie dfbc50ff47 Make Host header override optional 2015-03-11 23:15:45 -05:00
HD Moore b604599c8e Fix comments 2015-03-11 21:32:35 -05:00
HD Moore c3f2536ef6 Make the stager clear in the payload descriptions 2015-03-11 21:30:02 -05:00
HD Moore b105a88b95 Fix https convention 2015-03-11 21:26:31 -05:00
HD Moore 8bae58d631 Updated cache sizes 2015-03-11 21:25:12 -05:00
HD Moore 479a9cc1a9 Fix missing stack variables & remove old comment 2015-03-11 21:23:27 -05:00
HD Moore 631e1606bf Fix WinHttpSetOption & stack parameters 2015-03-11 21:05:18 -05:00
Tod Beardsley 99494328d2
Update Nvidia module with an OSVDB ref
The paper is really good, but could use a more traditional reference.

[See #4884]
2015-03-11 19:51:22 -05:00
scriptjunkie 401d553f84 Use host header in reverse_http(s) 2015-03-11 19:40:52 -05:00
jvazquez-r7 0e4e264325 Redo description 2015-03-11 18:19:28 -05:00
jvazquez-r7 aaabd23707
merge cleanup 2015-03-11 18:13:56 -05:00
jvazquez-r7 4e6aca0209 refactor create_exploit_file 2015-03-11 18:13:09 -05:00
jvazquez-r7 5662e5c5a6 Add module for MS15-020 2015-03-11 17:29:02 -05:00
HD Moore 66a45ac7fd Add spec for reverse_winhttps 2015-03-11 16:29:22 -05:00
HD Moore 1135e5e073 First take on WinHTTP stagers, untested 2015-03-11 16:27:14 -05:00
HD Moore 7e3b4017f0 Rename and resynced with master, ready for refactoring 2015-03-11 14:36:27 -05:00
HD Moore ea1bc69e2e Merge branch 'master' into feature/add-reverse_winhttp-stagers 2015-03-11 14:29:34 -05:00
sinn3r 215c209f88
Land #4901, CVE-2014-0311, Flash ByteArray Uncompress UAF 2015-03-11 14:04:17 -05:00
sinn3r 43b90610b1 Temp 2015-03-11 13:53:34 -05:00
Tod Beardsley 239b0c5d09
Add the most recent alias joe uses 2015-03-11 12:28:51 -05:00
Tod Beardsley c227c56cd9
Update .mailmap for @joevennix 2015-03-11 12:24:04 -05:00
Brent Cook ceeee4446f
Land #4904, @hmoore-r7 reworks reverse_http/s stagers
They are now assembled dynamically and support more flexible options,
such as long URLs.
2015-03-11 10:41:59 -05:00
sinn3r 2a9d6e64e2 Starting point for CVE-2015-0318 2015-03-11 09:58:41 -05:00
HD Moore 02c7461d32
Lands #4906 and fixes #4905 by updating Conventions for HTTP incompatible payloads 2015-03-11 00:49:27 -05:00
HD Moore ad39adf9c2 Missing comma 2015-03-11 00:49:07 -05:00
HD Moore cb1a1ef692 Remove bad stager+stage combinations from the payload set 2015-03-11 00:46:24 -05:00
HD Moore a89926b663 Exclude vncinject from http stagers (depends on sockedi) 2015-03-11 00:46:04 -05:00
jvazquez-r7 8a452a7cba Do somce cleanup 2015-03-10 17:10:44 -05:00
Brent Cook 9ade107325 disable reverse_http methods from upexec and shell payloads
These don't work over http and don't appear to have ever, as far back as
I could test. They appear to be an accident perhaps.
2015-03-10 17:08:58 -05:00
jvazquez-r7 4a84693fb0 Support windows 2015-03-10 16:58:33 -05:00
jvazquez-r7 c26bea3429 Fix credits 2015-03-10 16:27:07 -05:00
jvazquez-r7 980c83cb70 Fix metadata 2015-03-10 16:25:02 -05:00
jvazquez-r7 9e17874389 Exploit CVE-2015-1427 2015-03-10 16:17:51 -05:00
HD Moore 1d17e9ab5b Remove the 256 byte limit for URLs 2015-03-10 15:27:04 -05:00
Samuel Huckins 7be665d74e
Land #4900, credential version for postgres hash 2015-03-10 15:17:55 -05:00
HD Moore 5f382e539a Updated required_space to count all 256 bytes of the URL 2015-03-10 15:17:09 -05:00