973bdc3fe0
Land #2411 , @todb-r7's pre-week release module touchups
2013-09-23 14:30:24 -05:00
2656c63459
Knock out a Unicode character
2013-09-23 14:22:11 -05:00
99f145cbff
Don't split the post requires
2013-09-23 14:02:43 -05:00
4bff8f2cdc
Update descriptions for clarity.
2013-09-23 13:48:23 -05:00
a46ac7533d
Land #2407 , require fix for current_user_psexec
2013-09-23 11:57:19 -05:00
1fc849bdd5
Land #2188 , @m-1-k-3's module for OSVDB 90221
2013-09-23 11:44:43 -05:00
71d74655f9
Modify description
2013-09-23 11:44:04 -05:00
801dda2b09
Change PayloadType to NodeJS.
2013-09-23 11:31:45 -05:00
df2c4b3f7a
Land #2408 - Update MS13-071 info
2013-09-23 10:24:32 -05:00
8d50cc5099
Land #2406 , rbenv-comapt .ruby-version
2013-09-23 07:17:54 -05:00
6429219a1d
added ZeroShell RC2 RCE
2013-09-22 15:13:55 +07:00
64156a1e09
Merge pull request #1 from jvazquez-r7/review-pr2379
...
Clean up Astium exploit
2013-09-21 22:22:37 -07:00
8417b916c7
Complete MS13-071 Information
2013-09-21 21:22:34 -05:00
6b06ed0df1
Update current_user_psexec.rb
2013-09-22 03:07:17 +05:00
079eec0aea
Compile.bat and gitignore
2013-09-21 13:14:01 +01:00
695fdf836c
Generate NonUAC MSIs
2013-09-21 13:13:18 +01:00
85ea9ca05a
Merge branch 'master' of github.com:rapid7/metasploit-framework into msi_payload
2013-09-21 12:49:38 +01:00
1bd1c3587d
No UAC prompt MSI
2013-09-21 12:47:58 +01:00
4f3b737c8c
Fixed the .ruby-version file to not have the word "ruby" in it, since
...
it produces a warning whenever you use ruby
2013-09-20 21:59:31 -05:00
a08d195308
Add Node.js as a platform.
...
* Fix some whitespace issues in platform.rb
2013-09-20 18:14:01 -05:00
49f15fbea4
Removes PayloadType from exploit module.
2013-09-20 18:01:55 -05:00
8381bf8646
Land #2404 - Add powershell support for current_user_psexec
2013-09-20 17:14:55 -05:00
96364c78f8
Need to catch RequestError too
...
Because a meterpreter session may throw that
2013-09-20 17:13:35 -05:00
59a201a8d3
Land #2334 , @tkrpata and @jvennix-r7's patch for sudo_password_bypass
2013-09-20 17:01:19 -05:00
fb8d0dc887
Write the return
2013-09-20 17:00:07 -05:00
b6c7116890
Land #1778 - Mimikatz Fix for table.print and x86 warning
2013-09-20 16:13:53 -05:00
3cdddb8ff3
New meterpreter binaries for ip resolv feature
...
* New meterpreter binaries that include the IP resolve feature.
* Updated .gitignore to correctly match pivot file name.
2013-09-21 07:12:40 +10:00
2591be503b
Psh support
2013-09-20 22:07:42 +01:00
ace8e85227
Land #2403 - Complete CmdStagerEcho code doc
2013-09-20 15:03:46 -05:00
4ad9bd53f0
Land #2354 , @jlee-r7's patch for loading problems on test post modules
2013-09-20 13:44:10 -05:00
87f75e1065
Complete CmdStagerEcho code doc
2013-09-20 13:24:53 -05:00
29649b9a04
Land #2388 , @dummys's exploit for CVE-2013-5696
2013-09-20 13:03:01 -05:00
8922d0fc7f
Fix small bugs on glpi_install_rce
2013-09-20 13:01:41 -05:00
b24ae6e80c
Clean glpi_install_rce
2013-09-20 12:58:23 -05:00
bb7b57cad9
Land #2370 - PCMAN FTP Server post-auth stack buffer overflow
2013-09-20 12:29:10 -05:00
feb76ea767
Modify check
...
Since auth is required, check function needs to look into that too
2013-09-20 12:28:21 -05:00
2d6c76d0ad
Rename pcman module
...
Because this is clearly a msf module, we don't need 'msf' as a
filename. The shorter the better.
2013-09-20 12:18:24 -05:00
6690e35761
Account for username length
...
Username is part of the overflowing string, need to account for that
2013-09-20 12:17:34 -05:00
9d67cbb4db
Retabbed
2013-09-20 11:58:53 -05:00
3dd75db584
Address feedback
2013-09-20 17:20:42 +01:00
85152c4281
Land #2400 - Add OSVDB reference for openemr_sqli_privesc_upload
2013-09-20 10:39:06 -05:00
ec393cfcc0
Land #2401 , @wchen-r7's exploit for cve-2013-3205
2013-09-20 10:29:02 -05:00
6f5e528699
Remove author, all the credits go to corelanc0der and sinn3r
2013-09-20 10:27:37 -05:00
83f54d71ea
Add MS13-069 (CVE-2013-3205) IE ccaret object use-after-free
...
This module exploits a use-after-free vulnerability found in Internet Explorer,
specifically in how the browser handles the caret (text cursor) object. In IE's
standards mode, the caret handling's vulnerable state can be triggered by first
setting up an editable page with an input field, and then we can force the caret
to update in an onbeforeeditfocus event by setting the body's innerHTML property.
In this event handler, mshtml!CCaret::`vftable' can be freed using a document.write()
function, however, mshtml!CCaret::UpdateScreenCaret remains unaware aware of this
change, and still uses the same reference to the CCaret object. When the function
tries to use this invalid reference to call a virtual function at offset 0x2c, it
finally results a crash. Precise control of the freed object allows arbitrary code
execution under the context of the user.
The vuln works against IE8 on Win 7, but the current version of the custom spray
doesn't actually work well against that target. More work is needed before we can
add that target for sure. The reason a custom spray is needed is because the
document.write() function erases the typical spray routines we use like
js_property_spray, or the heaplib + substring one. Tried using an iframe too,
but onbeforeeditfocus event doesn't seem to work well in an iframe (does not
fire when innerHTML is used.)
2013-09-20 10:20:35 -05:00
bad6f2279d
Add OSVDB reference for openemr_sqli_privesc_upload
2013-09-20 09:41:23 -05:00
032b9115a0
removed the old exploit
2013-09-20 10:53:52 +02:00
187ab16467
many change in the code and replace at the correct place the module
2013-09-20 10:45:10 +02:00
7d17eef7a7
Updated several msftidy [WARNING] Spaces at EOL issues.
2013-09-19 20:35:08 -07:00
c3976e8315
Land #2364 - Update retab util
2013-09-19 22:24:45 -05:00
955365d605
Land #2391 - MS13-071 Microsoft Windows Theme File Handling Vulnerability
2013-09-19 22:21:09 -05:00
jvazquez-r7
Tod Beardsley
William Vu
Joe Vennix
sinn3r
xistence
darknight007
Meatballs
Matt Andreko
OJ
dummys
Rick Flores (nanotechz9l)