Commit Graph

18814 Commits (97caf1d084b24b12e201fba5c9e4a1a3f006275b)

Author SHA1 Message Date
jvazquez-r7 6468eb51b2
Do changes to have into account powershell sesions are not cmd sessions 2015-10-02 15:26:42 -05:00
brent morris 5eff3e5637 Removed hard tabs 2015-10-02 14:34:00 -04:00
brent morris 4ee7ba05aa Removing hard tabs test 2015-10-02 14:31:46 -04:00
brent morris 6406a66bc0 Remove Ranking 2015-10-02 14:24:46 -04:00
brent morris 9f71fd9bfd Formatting ZPanel Exploit 2015-10-02 14:23:07 -04:00
brent morris 89a50c20d0 Added Zpanel Exploit 2015-10-02 13:29:53 -04:00
William Vu a773627d26
Land #5946, simple_backdoors_exec module 2015-10-02 11:18:29 -05:00
William Vu 5b8f98ee06
Land #6022, zemra_panel_rce module 2015-10-02 11:18:09 -05:00
Pedro Ribeiro 659a09f7d2 Create manageengine_sd_uploader.rb 2015-10-02 16:04:05 +01:00
jvazquez-r7 1f26ec1252
Land #6018, @pedrib's module for Kaseya VSA ZDI-15-448 2015-10-02 08:58:43 -05:00
jvazquez-r7 75d2a24a0a
Land #6019, @pedrib's Kaseya VSA ZDI-15-449 exploit 2015-10-02 08:51:28 -05:00
Pedro Ribeiro d334dc237f Update kaseya_master_admin.rb 2015-10-02 13:21:28 +01:00
Pedro Ribeiro cbbeef0f53 Update kaseya_uploader.rb 2015-10-02 13:20:59 +01:00
JT 33916997a4 Update zemra_panel_rce.rb
revised the name and the description
2015-10-02 09:49:59 +08:00
JT fa1391de87 Update simple_backdoors_exec.rb
Updating the code as suggested
2015-10-02 07:53:15 +08:00
JT 501325d9f4 Update zemra_panel_rce.rb 2015-10-02 06:48:34 +08:00
Brent Cook 55f6fe7037
Land #5510, update x86/alpha* encoders to be SaveRegister aware 2015-10-01 15:07:10 -05:00
Brent Cook d551f421f8
Land #5799, refactor WinSCP module and library code to be more useful and flexible 2015-10-01 14:35:10 -05:00
jvazquez-r7 1b21cd9481
Do code cleanup 2015-10-01 13:37:18 -05:00
jvazquez-r7 a88a6c5580
Add WebPges to the paths 2015-10-01 13:22:56 -05:00
jvazquez-r7 f9a9a45cf8
Do code cleanup 2015-10-01 13:20:40 -05:00
jvazquez-r7 5f590b8c2e
Land #6032, @h0ng10 adds reference to java_jmx_server 2015-10-01 13:07:08 -05:00
Hans-Martin Münch (h0ng10) 30101153fa Remove spaces 2015-10-01 18:56:37 +02:00
jvazquez-r7 c35e99664e
Land #6003, @earthquake's x86-64 pushq signedness error fixed 2015-10-01 11:52:28 -05:00
jvazquez-r7 aa01383361
Fix comment 2015-10-01 11:51:45 -05:00
Hans-Martin Münch (h0ng10) 41cf0ef676 Add reference for CVE-2015-2342 - VMWare VCenter JMX RMI RCE 2015-10-01 18:43:21 +02:00
jvazquez-r7 195418b262
Update the sin_family on bind_tcp_small 2015-10-01 11:22:59 -05:00
JT 2802b3ca43 Update zemra_panel_rce.rb
sticking res
2015-10-02 00:00:30 +08:00
William Vu 2ab779ad3d
Land #6010, capture_sendto fixes 2015-10-01 10:54:24 -05:00
JT 5c5f3a4e7f Update zemra_panel_rce.rb
called http_send_command right away :)
2015-10-01 23:39:36 +08:00
William Vu 0bacb3db67
Land #6029, Win10 support for bypassuac_injection 2015-10-01 10:17:34 -05:00
jvazquez-r7 77ce7ef5f0
Save 3 more bytes on shell_bind_ipv6_tcp 2015-10-01 09:45:02 -05:00
jvazquez-r7 4efb3bf26c
Save 3 more bytes on shell_bind_tcp_small 2015-10-01 09:42:35 -05:00
jvazquez-r7 04879ed752
Save two bytes on shell_bind_ipv6_tcp 2015-10-01 09:33:22 -05:00
jvazquez-r7 88eecca4b1
Save two bytes on shell_bind_tcp_small 2015-10-01 09:29:39 -05:00
JT 66560d5339 Update zemra_panel_rce.rb 2015-10-01 19:16:23 +08:00
William Vu 2e2d27d53a
Land #5935, final creds refactor 2015-10-01 00:25:14 -05:00
William Vu 8866b15f3b Fix creds reporting 2015-10-01 00:24:43 -05:00
William Vu 494b9cf75f Clean up module
Prefer TARGETURI and full_uri.
2015-09-30 22:37:03 -05:00
OJ 7451cf390c Add Windows 10 "support" to bypassuac_injection 2015-10-01 11:16:18 +10:00
Jake Yamaki 2e5999a119 Missed colon for output standardization 2015-09-30 16:41:46 -04:00
Jake Yamaki 3d41b4046c Standardize output and include full uri 2015-09-30 16:33:15 -04:00
Jake Yamaki 1bfa087518 Add IP to testing results
When specifying multiple hosts the resulting output is useless because you don't know which bypass goes to what IP address
2015-09-30 15:22:24 -04:00
JT a7fa939fda Zemra Botnet C2 Web Panel Remote Code Execution
This module exploits the C2 web panel of Zemra Botnet which contains a backdoor inside its leaked source code. Zemra is a crimeware bot that can be used to conduct DDoS attacks and is detected by Symantec as Backdoor.Zemra.
2015-09-30 19:24:21 +08:00
JT 2de6c77fa2 Update simple_backdoors_exec.rb 2015-09-30 18:11:05 +08:00
jakxx 47c79071eb fix indention and typo 2015-09-29 22:41:36 -04:00
jakxx f18e1d69a1 Add x64 ret address and add to buffer 2015-09-29 22:36:30 -04:00
Brent Cook 54f9a3b25a
Land #6013, add mainframe as a platform and architecture 2015-09-29 13:28:23 -05:00
Pedro Ribeiro 61c922c24d Create kaseya_uploader.rb 2015-09-29 11:56:34 +01:00
Pedro Ribeiro 8af5a8e310 Create exploit for Kaseya privilege escalation 2015-09-29 11:51:21 +01:00
JT 46adceec8f Update simple_backdoors_exec.rb 2015-09-29 10:40:28 +08:00
JT dd650409e4 Update simple_backdoors_exec.rb 2015-09-29 08:05:13 +08:00
OJ b608abffbc Update payload cache sizes for x64 windows 2015-09-29 09:03:57 +10:00
jvazquez-r7 269641a0ff
Update vmauthd_login to have into account advanced TCP options 2015-09-28 14:38:35 -05:00
jvazquez-r7 2f46335c90
Update brocade_enbale_login to have into account advanced TCP options 2015-09-28 14:36:23 -05:00
jvazquez-r7 adb76a9223
Update telnet_login to have into account advanced TCP options 2015-09-28 14:35:58 -05:00
jvazquez-r7 0eed30ce05
Update pop3_login to have into account advanced TCP options 2015-09-28 14:29:50 -05:00
jvazquez-r7 d02193aaeb
Update mysql_login to have into account advanced TCP options 2015-09-28 14:28:32 -05:00
jvazquez-r7 0abb387c1a Update mssql_login to have into account advanced TCP options 2015-09-28 14:22:19 -05:00
jvazquez-r7 df3e4e8afd
Update ftp_login to have into account advanced TCP options 2015-09-28 14:18:05 -05:00
jvazquez-r7 a99e44b43a
Update vnc_login to have into account advanced TCP options 2015-09-28 14:13:08 -05:00
jvazquez-r7 4d8f0a6ec4
Update db2_auth to have into account advanced Tcp options 2015-09-28 14:10:55 -05:00
jvazquez-r7 07b44fccb9
Update AFP login scanner to have into account advanced options 2015-09-28 14:03:55 -05:00
jvazquez-r7 1e4e5c5bae
Update ACPP login scanner to have into account advanced options 2015-09-28 13:50:20 -05:00
bigendian smalls a47557b9c1
Upd. multi/handler to include mainframe platform
Quick update to multi handler so it recognizes mainframe platform based
modules
2015-09-28 11:14:08 -05:00
Jon Hart 96e4e883ae
Fix #6008 for wireshark_lwres_getaddrbyname_loop 2015-09-27 14:56:11 -07:00
Jon Hart bd2f73f40a
Fix #6008 for wireshark_lwres_getaddrbyname 2015-09-27 14:55:19 -07:00
Jon Hart bbd08b84e5
Fix #6008 for snort_dce_rpc 2015-09-27 14:53:40 -07:00
Jon Hart 989fe49750
Fix #6008 for synflood 2015-09-27 14:50:59 -07:00
Jon Hart 7ad7db7442
Fix #6008 for rogue_send. Correctly. 2015-09-27 14:48:58 -07:00
Jon Hart 7b026676f1
Fix #6008 for avahi_portzero 2015-09-27 14:47:05 -07:00
Jon Hart 20ddb65ff8
Fix #6008 for bnat_scan 2015-09-27 14:18:51 -07:00
Jon Hart 06a10e136a
Fix #6008 for rogue_send 2015-09-27 14:12:23 -07:00
Jon Hart d3a41323b8
Fix #6008 for ipidseq.rb 2015-09-27 14:05:05 -07:00
Jon Hart 5b1ee8c8ca
Fix #6008 for syn.rb 2015-09-27 13:54:11 -07:00
Jon Hart 3888b793bd
Fix #6008 for ack.rb 2015-09-27 13:53:47 -07:00
Jon Hart 766829c939
Fix #6008 for xmas.rb 2015-09-27 13:46:00 -07:00
jvazquez-r7 b206de7708
Land #5981, @xistence's ManageEngine EventLog Analyzer Remote Code Execution exploit 2015-09-27 00:42:17 -05:00
jvazquez-r7 55f573b4c9
Do code cleanup 2015-09-27 00:33:40 -05:00
jvazquez-r7 c85913fd12
Land #5983, @jhart-r7's SOAP PortMapping UPnP auxiliary module 2015-09-26 15:47:04 -05:00
Brent Cook f3451eef75
Land #5380, pageantjacker, an SSH agent proxy 2015-09-26 10:52:44 -04:00
Brent Cook 46ed129966 update to metasploit-payloads 1.0.14 2015-09-26 10:50:20 -04:00
jvazquez-r7 f6f3efea75
print the body as verbose 2015-09-25 13:51:18 -05:00
jvazquez-r7 80c9cd4e6f
Restore required option 2015-09-25 13:41:27 -05:00
jvazquez-r7 e4e9609bc2
Use single quotes 2015-09-25 13:35:38 -05:00
jvazquez-r7 a5698ebce0
Fix metadata 2015-09-25 13:34:16 -05:00
jvazquez-r7 c8880e8ad6
Move local exploit to correct location 2015-09-25 11:37:38 -05:00
jvazquez-r7 6b46316a56
Do watchguard_local_privesc code cleaning 2015-09-25 11:35:21 -05:00
jvazquez-r7 c79671821d Update with master changes 2015-09-25 10:47:37 -05:00
jvazquez-r7 e87d99a65f
Fixing blocking option 2015-09-25 10:45:19 -05:00
jvazquez-r7 890ac92957
Warn about incorrect payload 2015-09-25 10:10:08 -05:00
jvazquez-r7 19b577b30a
Do some code style fixes to watchguard_cmd_exec 2015-09-25 09:51:00 -05:00
jvazquez-r7 b35da0d91d
Avoid USERNAME and PASSWORD datastore options collisions 2015-09-25 09:36:47 -05:00
jvazquez-r7 52c4be7e8e
Fix description 2015-09-25 09:35:30 -05:00
Balazs Bucsay a863409734 x86-64 pushq signedness error fixed. Signed port numbers (2bytes) were not working properly. Fix means +6bytes in shellcode length 2015-09-24 13:07:02 +02:00
JT e185277ac5 Update simple_backdoors_exec.rb 2015-09-24 14:14:23 +08:00
JT 56a551313c Update simple_backdoors_exec.rb 2015-09-24 13:54:40 +08:00
JT 192369607d Update simple_backdoors_exec.rb
updated the string 'echo me' to a random text
2015-09-24 13:49:33 +08:00
Brent Cook 9519eef55d
Land #5993, handle ADSI exceptions nicely 2015-09-23 22:56:44 -05:00
Meatballs 66c9222968
Make web_delivery proxy aware 2015-09-23 20:45:51 +01:00
Daniel Jensen 3dd917fd56 Altered the module to use the primer callback, and refactored some code to remove useless functions etc 2015-09-24 00:20:13 +12:00
Stuart 853d822992 Merge pull request #1 from bcook-r7/land-5380-pageantjacker
update pageantjacker to run as part of extapi
2015-09-23 09:45:53 +01:00
William Vu 44fa188e71
Land #5984, android_mercury_parseuri module 2015-09-23 02:44:53 -05:00
William Vu d798ef0885
Land #5893, w3tw0rk/Pitbul RCE module 2015-09-23 02:41:01 -05:00
jvazquez-r7 2b7ffdc312
Use datastore advanced options used by smb_login 2015-09-21 17:48:05 -05:00
William Vu 8106bcc320 Clean up module 2015-09-21 14:37:54 -05:00
jvazquez-r7 415fa3a244
Fix #5968, some modules not handling Rex::Post::Meterpreter::RequestError exceptions
* Related to the usage of ADSI on unsupported OSes
2015-09-21 14:33:00 -05:00
Stuart Morgan cdd39f52b1 Merge branch 'master' of https://github.com/rapid7/metasploit-framework into pageant_extension 2015-09-21 14:34:56 +02:00
Stuart Morgan e8e4f66aaa Merge branch 'master' of ssh://github.com/stufus/metasploit-framework into pageant_extension 2015-09-21 14:34:38 +02:00
Brent Cook 61e7e1d094 update pageantjacker to run as part of extapi 2015-09-20 20:25:00 -05:00
wchen-r7 fd190eb56b
Land #5882, Add Konica Minolta FTP Utility 1.00 CWD command module 2015-09-18 11:10:20 -05:00
wchen-r7 0aea4a8b00 An SEH? A SEH? 2015-09-18 11:09:52 -05:00
wchen-r7 060acbc496 newline 2015-09-17 11:39:39 -05:00
wchen-r7 08b5b8ebb2 Add ADDITIONAL_FILES option 2015-09-17 11:30:58 -05:00
joevennix 0d94b8a48f Make andorid_mercury_parseuri better 2015-09-17 09:59:31 -05:00
Jon Hart 0113cbd353
Nokogiri::XML::Builder instead 2015-09-16 19:53:33 -07:00
jvazquez-r7 927785cfe4
Lan #5783, @jabra-'s module to disclose passwords from grup policy preferences 2015-09-16 21:00:03 -05:00
jvazquez-r7 adab9f9548
Do final cleanup 2015-09-16 20:59:32 -05:00
jvazquez-r7 4d0d806e1d
Do minor cleanup 2015-09-16 19:30:40 -05:00
Brent Cook d2a17074b1
update payload sizes 2015-09-16 17:24:41 -05:00
jvazquez-r7 46168e816b Merge for retab 2015-09-16 17:13:08 -05:00
jvazquez-r7 ab8d12e1ac
Land #5943, @samvartaka's awesome improvement of poisonivy_bof 2015-09-16 16:35:04 -05:00
jvazquez-r7 af1cdd6dea
Return Appears 2015-09-16 16:34:43 -05:00
jvazquez-r7 402044a770
Delete comma 2015-09-16 16:23:43 -05:00
jvazquez-r7 75c6ace1d0
Use single quotes 2015-09-16 16:23:10 -05:00
jvazquez-r7 88fdc9f123
Clean exploit method 2015-09-16 16:14:21 -05:00
jvazquez-r7 d6a637bd15
Do code cleaning on the check method 2015-09-16 16:12:28 -05:00
wchen-r7 c7afe4f663
Land #5930, MS15-078 (atmfd.dll buffer overflow) 2015-09-16 15:33:38 -05:00
jvazquez-r7 688a5c9123
Land #5972, @xistence's portmapper amplification scanner 2015-09-16 14:58:19 -05:00
jvazquez-r7 8ae884c1fc Do code cleanup 2015-09-16 14:46:27 -05:00
jvazquez-r7 37d42428bc
Land #5980, @xistence exploit for ManageEngine OpManager 2015-09-16 13:19:49 -05:00
jvazquez-r7 8f755db850
Update version 2015-09-16 13:19:16 -05:00
jvazquez-r7 1b50dfc367
Change module location 2015-09-16 11:43:09 -05:00
jvazquez-r7 122103b197
Do minor metadata cleanup 2015-09-16 11:41:23 -05:00
jvazquez-r7 aead0618c7
Avoid the WAIT option 2015-09-16 11:37:49 -05:00
wchen-r7 b4aab70d18 Fix another typo 2015-09-16 11:34:22 -05:00
wchen-r7 bef658f699 typo 2015-09-16 11:32:09 -05:00
jvazquez-r7 0010b418d0
Do minor code cleanup 2015-09-16 11:31:15 -05:00
jvazquez-r7 f3b6606709
Fix check method 2015-09-16 11:26:15 -05:00
Daniel Jensen 7985d0d7cb Removed privesc functionality, this has been moved to another module. Renamed module 2015-09-16 23:29:26 +12:00
Daniel Jensen bdd90655e4 Split off privesc into a seperate module 2015-09-16 23:11:32 +12:00
wchen-r7 63bb0cd0ec Add Android Mercury Browser Intent URI Scheme & Traversal 2015-09-16 00:48:57 -05:00
jvazquez-r7 24af3fa12e
Add rop chains 2015-09-15 14:46:45 -05:00
Mo Sadek e911d60195
Land #5967, nil bug fix in SSO gather module 2015-09-15 10:25:50 -05:00
William Vu abe65cd400
Land #5974, java_jmx_server start order fix 2015-09-15 01:33:44 -05:00
xistence c99444a52e ManageEngine EventLog Analyzer Remote Code Execution 2015-09-15 07:29:16 +07:00
xistence 7bf2f158c4 ManageEngine OpManager Remote Code Execution 2015-09-15 07:24:32 +07:00
JT 9e6d3940b3 Update simple_backdoors_exec.rb 2015-09-13 23:30:14 +08:00
wchen-r7 ae5aa8f542 No FILE_CONTENTS option 2015-09-12 23:32:02 -05:00
Daniel Jensen 4e22fce7ef Switched to using Rex MD5 function 2015-09-13 16:23:23 +12:00
xistence 0657fdbaa7 Replaced RPORT 2015-09-13 09:19:05 +07:00
xistence 521636a016 Small changes 2015-09-13 08:31:19 +07:00
jvazquez-r7 0d52a0617c
Verify win32k 6.3.9600.17837 is working 2015-09-12 15:27:50 -05:00
jvazquez-r7 9626596f85
Clean template code 2015-09-12 13:43:05 -05:00
Hans-Martin Münch (h0ng10) 0c4604734e Webserver starts at the beginning, stops at the end 2015-09-12 19:42:31 +02:00
xistence 79e3a7f84b Portmap amplification scanner 2015-09-12 16:25:06 +07:00
xistence dc8d1f6e6a Small changes 2015-09-12 13:08:58 +07:00
wchen-r7 01053095f9 Add MS15-100 Microsoft Windows Media Center MCL Vulnerability 2015-09-11 15:05:06 -05:00
William Vu 5f9f66cc1f Fix nil bug in SSO gather module 2015-09-11 02:21:01 -05:00
William Vu a1a7471154
Land #5949, is_root? for remove_lock_root 2015-09-11 02:09:14 -05:00
wchen-r7 e9e4b60102 move require 'msf/core/post/android' to post.rb 2015-09-11 01:58:12 -05:00
wchen-r7 f2ccca97e0 Move require 'msf/core/post/android' to post.rb 2015-09-11 01:56:21 -05:00
jvazquez-r7 53f995b9c3
Do first prototype 2015-09-10 19:35:26 -05:00
wchen-r7 017832be88
Land #5953, Add Bolt CMS File Upload Vulnerability 2015-09-10 18:29:13 -05:00
wchen-r7 602a12a1af typo 2015-09-10 18:28:42 -05:00
wchen-r7 94aea34d5b
Land #5965, Show the Shodan error message if no result are found 2015-09-10 17:39:25 -05:00
HD Moore cddf72cd57 Show errors when no results are found 2015-09-10 14:05:40 -07:00
wchen-r7 90ef9c11c9 Support meterpreter for OS X post modules 2015-09-10 15:57:43 -05:00
Roberto Soares 68521da2ce Fix check method. 2015-09-10 04:40:12 -03:00
Roberto Soares 4566f47ac5 Fix check method. 2015-09-10 03:56:46 -03:00
Roberto Soares 0ba03f7a06 Fix words. 2015-09-09 21:27:57 -03:00
Roberto Soares bc3f5b43ab Removerd WordPress mixin. 2015-09-09 21:26:15 -03:00
Roberto Soares 4e31dd4e9f Add curesec team as vuln discovery. 2015-09-09 21:13:51 -03:00
Roberto Soares 6336301df3 Add Nibbleblog File Upload Vulnerability 2015-09-09 21:05:36 -03:00
Roberto Soares d3aa61d6a0 Move bolt_file_upload.rb to exploits/multi/http 2015-09-09 13:41:44 -03:00
Roberto Soares 2800ecae07 Fix alignment. 2015-09-09 01:21:08 -03:00
Roberto Soares 48bd2c72a0 Add fail_with method and other improvements 2015-09-09 01:11:35 -03:00
Roberto Soares f08cf97224 Check method implemented 2015-09-08 23:54:20 -03:00
Roberto Soares 6de0c9584d Fix some improvements 2015-09-08 23:15:42 -03:00
JT 31a8907385 Update simple_backdoors_exec.rb 2015-09-09 08:30:21 +08:00
jvazquez-r7 329e6f4633
Fix title 2015-09-08 15:31:14 -05:00
jvazquez-r7 30cb93b4df
Land #5940, @hmoore-r7's fixes for busybox post modules 2015-09-08 15:12:23 -05:00
wchen-r7 122d57fc20
Land #5945, Add auto-accept to osx/enum_keychain 2015-09-08 10:56:08 -05:00
wchen-r7 13afbc4eae Properly check root for remove_lock_root (android post module)
This uses the Msf::Post::Android::Priv mixin.
2015-09-08 10:40:08 -05:00
JT 4e23bba14c Update simple_backdoors_exec.rb
removing the parenthesis for the if statements
2015-09-08 15:47:38 +08:00
JT 002aada59d Update simple_backdoors_exec.rb
changed shell to res
2015-09-08 14:54:26 +08:00
JT 467f9a8353 Update simple_backdoors_exec.rb 2015-09-08 14:45:54 +08:00
JT 37c28ddefb Update simple_backdoors_exec.rb
Updated the description
2015-09-08 13:42:12 +08:00
JT 0f8123ee23 Simple Backdoor Shell Remote Code Execution 2015-09-08 13:08:47 +08:00
joev 1b320bae6a Add auto-accept to osx/enum_keychain. 2015-09-07 21:17:49 -05:00
samvartaka 0a0e7ab4ba This is a modification to the original poisonivy_bof.rb exploit
module removing the need for bruteforce in the case of an unknown
server password by (ab)using the challenge-response as an encryption
oracle, making it more reliable. The vulnerability has also been confirmed
in versions 2.2.0 up to 2.3.1 and additional targets for these versions
have been added as well.

See http://samvartaka.github.io/malware/2015/09/07/poison-ivy-reliable-exploitation/
for details.

## Console output

Below is an example of the new functionality (PIVY C2 server password is
set to 'prettysecure' and unknown to attacker). Exploitation of versions 2.3.0 and 2.3.1
is similar.

### Version 2.3.2 (unknown password)

```
msf > use windows/misc/poisonivy_bof
msf exploit(poisonivy_bof) > set RHOST 192.168.0.103
RHOST => 192.168.0.103
msf exploit(poisonivy_bof) > check

[*] Vulnerable Poison Ivy C&C version 2.3.1/2.3.2 detected.
[*] 192.168.0.103:3460 - The target appears to be vulnerable.
msf exploit(poisonivy_bof) > set PAYLOAD windows/shell_bind_tcp
PAYLOAD => windows/shell_bind_tcp
msf exploit(poisonivy_bof) > exploit

[*] Started bind handler
[*] Performing handshake...
[*] Sending exploit...

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\winxp\Desktop\Poison Ivy\Poison Ivy 2.3.2>
```

### Version 2.2.0 (unknown password)

```
msf exploit(poisonivy_bof) > check

[*] Vulnerable Poison Ivy C&C version 2.2.0 detected.
[*] 192.168.0.103:3460 - The target appears to be vulnerable.

msf exploit(poisonivy_bof) > show targets

Exploit targets:

   Id  Name
   --  ----
   0   Poison Ivy 2.2.0 on Windows XP SP3 / Windows 7 SP1
   1   Poison Ivy 2.3.0 on Windows XP SP3 / Windows 7 SP1
   2   Poison Ivy 2.3.1, 2.3.2 on Windows XP SP3 / Windows 7 SP1

msf exploit(poisonivy_bof) > set TARGET 0
TARGET => 0

msf exploit(poisonivy_bof) > exploit

[*] Started bind handler
[*] Performing handshake...
[*] Sending exploit...

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\winxp\Desktop\Poison Ivy\Poison Ivy 2.2.0>
```
2015-09-07 17:48:28 +02:00
xistence 1d492e4b25 Lots of X11 protocol changes 2015-09-06 15:55:16 +07:00
HD Moore ec5cbc842e Cosmetic cleanups 2015-09-05 22:56:11 -05:00
HD Moore 8c0b0ad377 Fix up jailbreak commands & regex for success detection 2015-09-05 22:54:07 -05:00
JT 2f8dc7fdab Update w3tw0rk_exec.rb
changed response to res
2015-09-05 14:21:07 +08:00
jvazquez-r7 23ab702ec4
Land #5631, @blincoln682F048A's module for Endian Firewall Proxy
* Exploit CVE-2015-5082
2015-09-04 16:28:32 -05:00
jvazquez-r7 2abfcd00b1
Use snake_case 2015-09-04 16:27:09 -05:00
jvazquez-r7 15aa5de991
Use Rex::MIME::Message 2015-09-04 16:26:53 -05:00
jvazquez-r7 adcd3c1e29
Use static max length 2015-09-04 16:18:55 -05:00
jvazquez-r7 1ebc25092f
Delete some comments 2015-09-04 16:18:15 -05:00