Commit Graph

21601 Commits (8e4c5dbb5e1c306efc90f6c76ac191fa9342002d)

Author SHA1 Message Date
jvazquez-r7 8e4c5dbb5e improve upload_file response check 2013-11-21 09:02:11 -06:00
jvazquez-r7 8fdfeb73db Fix use of FileDropper and improve check method 2013-11-21 09:01:41 -06:00
jvazquez-r7 4abf01c64c Clean indentation 2013-11-21 08:32:54 -06:00
Thomas Hibbert 4cc20f163b Update References field to be compliant. 2013-11-20 13:01:21 +13:00
Thomas Hibbert 07c76fd3e6 Module cleaned for msftidy compliance. 2013-11-20 11:33:14 +13:00
Thomas Hibbert 960f7c9bbb Add DesktopCentral arbitrary file upload exploit. 2013-11-18 16:11:28 +13:00
Tod Beardsley 36db6a4d59
Land #2616, SuperMicro close_window BOF 2013-11-15 11:34:53 -06:00
sinn3r 7d408a6118
Land #2639 - rm sleep & constant usage warnings 2013-11-15 11:21:47 -06:00
William Vu de424e3779
Land #2641, rm ext_server_extapi.x{86,64}.dll 2013-11-14 22:12:02 -06:00
OJ 0b413aa0b8 Remove extapi binaries
These were committed in the flurry of merges last night by me. They
should be removed until the extapi PR has been fully reviewed and
merged. This commit just removes the binaries from master, they'll
be re-added when appropriate.
2013-11-15 06:24:00 +10:00
jvazquez-r7 4cf16cf360
Land #2633, @OJ's port of Kitrap0d as local exploit 2013-11-14 09:27:10 -06:00
jvazquez-r7 30a938e620
Land #2640, @OJ's updated meterpreter binaries
0012c4530a
2013-11-14 09:25:41 -06:00
OJ 4bd0900359
Updated meterpreter binaries
Includes the following:

* Clean builds
* Removal of kitrap0d from getsystem
* Doc updates
* Webcam crash fix
* Schedular and channel refactor
* Posix crash fix for post modules
2013-11-15 01:14:14 +10:00
OJ 506a4d9e67
Remove genericity, x64 and renamed stuff
As per discussion on the github issue, the following changes were made:

* Project renamed from elevate to kitrap0d, implying that this is not
  intended to be a generic local priv esc exploit container.
* Container DLL no longer generic, always calls the kitrap0d exploit.
* Removal of all x64 code and project configurations.
* Invocation of the exploit changed so that the address of the payload
  is passed in to the exploit entry point. The exploit is now responsible
  for executing the payload if the exploit is successful. This removes
  the possibility of the payload getting executed when the exploit fails.
* Source moved to the appropriate CVE folder.
* Binary moved to the appropriate CVE folder.
* Little bit of source rejigging to tidy things up.
2013-11-14 12:22:53 +10:00
Tod Beardsley 6549b2e347
Spaces for the table, not tabs. 2013-11-13 16:48:19 -06:00
Tod Beardsley e2dd13e7f8
Renumber the 8 commandments 2013-11-13 16:45:21 -06:00
Tod Beardsley 7b0acd238e
Remove sleep and constant usage warnings 2013-11-13 16:37:03 -06:00
William Vu 334a93af45
Land #2638, refs for android_htmlfileprovider 2013-11-13 14:51:46 -06:00
joev 0612f340f1 Commas are good. 2013-11-13 14:38:50 -06:00
joev ad5f82d211 Add missing refs to aux/gather/android_htmlfileprovider. 2013-11-13 14:36:18 -06:00
William Vu 6bd82d8589
Land #2636, Win8 for {constants,platform}.rb 2013-11-13 14:20:52 -06:00
jvazquez-r7 2594427999
Land #2631, @peto01's osx screen capture post module 2013-11-13 13:58:03 -06:00
jvazquez-r7 2b19490095 Fix Exception handling 2013-11-13 13:57:15 -06:00
jvazquez-r7 95f371a1a6 Move screen_capture to the capture folder 2013-11-13 13:41:11 -06:00
jvazquez-r7 f65e82523b Clean screen_capture 2013-11-13 13:40:41 -06:00
sinn3r 3a923422a3 Update class for Win 8 2013-11-13 13:27:44 -06:00
William Vu 94a2f52ccc
Land #2637, version number bump to 4.9.0-dev 2013-11-13 13:20:18 -06:00
Tod Beardsley 5e342debbc
Don't be dopey in the RSpec version matching 2013-11-13 13:04:26 -06:00
Tod Beardsley 3500cf06d4
Add a spec for version checking. 2013-11-13 12:49:57 -06:00
Tod Beardsley 74df9bd037
Bump version number since 4.8.0 is out 2013-11-13 11:42:31 -06:00
sinn3r 8e90116c89 Add Win 8 to constants 2013-11-13 11:38:27 -06:00
Peter Toth f5760d5e4c Removed unnecessary delay 2013-11-13 16:25:47 +01:00
Peter Toth c4a8bfb175 Tighter error handling 2013-11-13 16:19:38 +01:00
Peter Toth 92da6760ef Modified module to use windows/screen_spy code 2013-11-13 13:30:20 +01:00
Peter Toth 3fdaf4de94 Work in progress 2013-11-13 13:11:27 +01:00
OJ e4fc361b37 Various tidies and fixes
* Change ranking.
* Update references to comply with correct approach.
* Update messages to better describe what should happen.
* Update the Windows version regex to match XP.
* Update `check` function to use `unless`.

Thanks again @jvazquez-r7 for the feedback!
2013-11-13 10:38:48 +10:00
sinn3r 2fc43182be
Land #2622 - Fix up proxy/socks4a.rb 2013-11-12 18:22:32 -06:00
Peter Toth 6e12553393 Changed option SNAP_FILETYPE to FILETYPE 2013-11-13 00:51:58 +01:00
Peter Toth 779cb48b76 General improvements addressing feedback 2013-11-13 00:42:00 +01:00
jvazquez-r7 ef6d9db48f
Land #2613, @wchen-r7's BrowserExploitServer mixin 2013-11-12 17:33:12 -06:00
sinn3r fbe1b92c8f Good bye get_resource 2013-11-12 17:25:55 -06:00
William Vu da25785eba
Land #2350, shell_bind_tcp_random_port for Linux 2013-11-12 16:06:37 -06:00
sinn3r 970e70a853
Land #2626 - Add wordpress scanner 2013-11-12 11:30:23 -06:00
sinn3r 6a28f1f2a7
Change 4-space tabs to 2-space tabs 2013-11-12 11:29:28 -06:00
sinn3r 683b2ad626
Land #2628 - Fix a handful of msftidy warnings, and XXX SSL 2013-11-12 11:12:56 -06:00
Tod Beardsley 1f1b26b311
Update the .mailmap 2013-11-12 07:14:02 -06:00
OJ 40f58ce534
Finalise the local exploit for kitrap0d
The exploit now properly injects the DLL using RDI and invokes the
exploit based on a parameter passed by the Ruby module. The elevate
code is 'generic' with a goal of possibly supporting more exploits
down the track.

New sessions are now created with the SYSTEM creds, rather than
modifying the existing session. This is now inline with how things
are done with other local modules.
2013-11-12 23:01:24 +10:00
Peter Toth b722fee15c added OSX module screen_capture 2013-11-12 12:32:30 +01:00
Peter Toth 31e5611472 Restored database.example 2013-11-12 09:23:10 +01:00
Peter Toth 6b7b2fd51b Initial environment config for development 2013-11-12 09:09:09 +01:00