sinn3r
|
220a26c5a4
|
Land #4907, CVE-2015-1427, elasticsearch groovy code injection
|
2015-03-12 11:28:24 -05:00 |
sinn3r
|
ac24652196
|
Land #4911, CVE-2015-0096 (ms15_020_shortcut_icon_dllloader)
|
2015-03-12 10:51:56 -05:00 |
sinn3r
|
67d05f9354
|
Add the PR as a reference (how to guide)
|
2015-03-12 10:51:01 -05:00 |
sinn3r
|
0d36115112
|
Update MS15-018 MSB reference
|
2015-03-12 10:13:37 -05:00 |
HD Moore
|
744b1a680e
|
Reworks how payload prepends work internally, see #1674
|
2015-03-12 02:30:06 -05:00 |
HD Moore
|
376d05f797
|
Avoid instantiating the module during recalculate
|
2015-03-12 01:02:37 -05:00 |
HD Moore
|
f676dc03c8
|
Lands #4849, prevents the target from running out of memory during NTFS reads
|
2015-03-12 00:01:47 -05:00 |
HD Moore
|
7252ba284a
|
Tweak memory usage from 64Mb to 4Mb
|
2015-03-11 23:58:13 -05:00 |
jvazquez-r7
|
e9e9d27363
|
Merge support for the SMB share mixin
|
2015-03-11 23:49:27 -05:00 |
jvazquez-r7
|
68d69177ad
|
Add smb module for MS15-020
|
2015-03-11 23:46:50 -05:00 |
HD Moore
|
24440b8c38
|
Lands #4913, adds OSVDB reference to nvidia module
|
2015-03-11 23:32:22 -05:00 |
HD Moore
|
aa79b71e35
|
Fixes #4897 by corrected kernel32!Interlocked function definitions
|
2015-03-11 23:26:32 -05:00 |
jvazquez-r7
|
a9fa2d25aa
|
Add SMB module for MS10-046
|
2015-03-11 23:23:56 -05:00 |
HD Moore
|
cdef992d6b
|
Lands #4912, http handlers will use the client's Host header by default.
|
2015-03-11 23:23:37 -05:00 |
scriptjunkie
|
dfbc50ff47
|
Make Host header override optional
|
2015-03-11 23:15:45 -05:00 |
HD Moore
|
b604599c8e
|
Fix comments
|
2015-03-11 21:32:35 -05:00 |
HD Moore
|
c3f2536ef6
|
Make the stager clear in the payload descriptions
|
2015-03-11 21:30:02 -05:00 |
HD Moore
|
b105a88b95
|
Fix https convention
|
2015-03-11 21:26:31 -05:00 |
HD Moore
|
8bae58d631
|
Updated cache sizes
|
2015-03-11 21:25:12 -05:00 |
HD Moore
|
479a9cc1a9
|
Fix missing stack variables & remove old comment
|
2015-03-11 21:23:27 -05:00 |
HD Moore
|
631e1606bf
|
Fix WinHttpSetOption & stack parameters
|
2015-03-11 21:05:18 -05:00 |
Tod Beardsley
|
99494328d2
|
Update Nvidia module with an OSVDB ref
The paper is really good, but could use a more traditional reference.
[See #4884]
|
2015-03-11 19:51:22 -05:00 |
scriptjunkie
|
401d553f84
|
Use host header in reverse_http(s)
|
2015-03-11 19:40:52 -05:00 |
jvazquez-r7
|
0e4e264325
|
Redo description
|
2015-03-11 18:19:28 -05:00 |
jvazquez-r7
|
aaabd23707
|
merge cleanup
|
2015-03-11 18:13:56 -05:00 |
jvazquez-r7
|
4e6aca0209
|
refactor create_exploit_file
|
2015-03-11 18:13:09 -05:00 |
jvazquez-r7
|
5662e5c5a6
|
Add module for MS15-020
|
2015-03-11 17:29:02 -05:00 |
HD Moore
|
66a45ac7fd
|
Add spec for reverse_winhttps
|
2015-03-11 16:29:22 -05:00 |
HD Moore
|
1135e5e073
|
First take on WinHTTP stagers, untested
|
2015-03-11 16:27:14 -05:00 |
HD Moore
|
7e3b4017f0
|
Rename and resynced with master, ready for refactoring
|
2015-03-11 14:36:27 -05:00 |
HD Moore
|
ea1bc69e2e
|
Merge branch 'master' into feature/add-reverse_winhttp-stagers
|
2015-03-11 14:29:34 -05:00 |
sinn3r
|
215c209f88
|
Land #4901, CVE-2014-0311, Flash ByteArray Uncompress UAF
|
2015-03-11 14:04:17 -05:00 |
sinn3r
|
43b90610b1
|
Temp
|
2015-03-11 13:53:34 -05:00 |
Tod Beardsley
|
239b0c5d09
|
Add the most recent alias joe uses
|
2015-03-11 12:28:51 -05:00 |
Tod Beardsley
|
c227c56cd9
|
Update .mailmap for @joevennix
|
2015-03-11 12:24:04 -05:00 |
Brent Cook
|
ceeee4446f
|
Land #4904, @hmoore-r7 reworks reverse_http/s stagers
They are now assembled dynamically and support more flexible options,
such as long URLs.
|
2015-03-11 10:41:59 -05:00 |
sinn3r
|
2a9d6e64e2
|
Starting point for CVE-2015-0318
|
2015-03-11 09:58:41 -05:00 |
HD Moore
|
02c7461d32
|
Lands #4906 and fixes #4905 by updating Conventions for HTTP incompatible payloads
|
2015-03-11 00:49:27 -05:00 |
HD Moore
|
ad39adf9c2
|
Missing comma
|
2015-03-11 00:49:07 -05:00 |
HD Moore
|
cb1a1ef692
|
Remove bad stager+stage combinations from the payload set
|
2015-03-11 00:46:24 -05:00 |
HD Moore
|
a89926b663
|
Exclude vncinject from http stagers (depends on sockedi)
|
2015-03-11 00:46:04 -05:00 |
jvazquez-r7
|
8a452a7cba
|
Do somce cleanup
|
2015-03-10 17:10:44 -05:00 |
Brent Cook
|
9ade107325
|
disable reverse_http methods from upexec and shell payloads
These don't work over http and don't appear to have ever, as far back as
I could test. They appear to be an accident perhaps.
|
2015-03-10 17:08:58 -05:00 |
jvazquez-r7
|
4a84693fb0
|
Support windows
|
2015-03-10 16:58:33 -05:00 |
jvazquez-r7
|
c26bea3429
|
Fix credits
|
2015-03-10 16:27:07 -05:00 |
jvazquez-r7
|
980c83cb70
|
Fix metadata
|
2015-03-10 16:25:02 -05:00 |
jvazquez-r7
|
9e17874389
|
Exploit CVE-2015-1427
|
2015-03-10 16:17:51 -05:00 |
HD Moore
|
1d17e9ab5b
|
Remove the 256 byte limit for URLs
|
2015-03-10 15:27:04 -05:00 |
Samuel Huckins
|
7be665d74e
|
Land #4900, credential version for postgres hash
|
2015-03-10 15:17:55 -05:00 |
HD Moore
|
5f382e539a
|
Updated required_space to count all 256 bytes of the URL
|
2015-03-10 15:17:09 -05:00 |