Commit Graph

1834 Commits (9bce08b8134f02be65a19e2178bd2324edb859de)

Author SHA1 Message Date
sinn3r ec2f9e3c05 Add SSH root password 'arcsight' for HP ArcSight Logger
The default password for root is 'arcsight'
2015-04-02 11:04:07 -05:00
Tod Beardsley 293cbfc8f3
Slightly wanged one of the text bubbles 2015-04-01 06:46:50 -05:00
Tod Beardsley 34d637c7b8
Needs more ponies 2015-03-31 13:59:37 -05:00
sinn3r 8ea1ffc6ff
Land #5030, CVE-2015-0313 Flash Exploit 2015-03-30 11:31:53 -05:00
jvazquez-r7 11c6f3fdca
Do reliable resolution of kernel32 2015-03-29 15:52:13 -05:00
jvazquez-r7 f84a46df63
Add module for CVE-2015-0313 2015-03-27 18:51:13 -05:00
Spencer McIntyre 10e8cefd6d Pymet dont validate ssl certs for 2.7.9/3.4.3 2015-03-25 19:49:42 -04:00
Spencer McIntyre 7282968d8a Python reverse HTTPS stager 2015-03-21 12:43:14 -04:00
Brent Cook b29d2b5e84 do not die if the uid/gid of a file is > 65535
The meterpreter stat command is a little broken in that it assumes uid/gids
16-bit. Prevent this from erroring with python meterpreter on a system with a
large uid/gid.
2015-03-20 22:34:01 -05:00
Spencer McIntyre 8608569964 Pymet support for creating and renaming unicode paths 2015-03-20 08:49:23 -04:00
Spencer McIntyre bac2e7c5f8 Pymet improved unicode support for working directories 2015-03-19 18:31:42 -04:00
Spencer McIntyre f9bf4e3100 Fix pymet for unicode files and directories
Closes #4958
2015-03-19 17:23:00 -04:00
Brent Cook 35d29f5d08 update linux meterpreter bins 2015-03-18 23:24:32 -05:00
Spencer McIntyre 076f15f933
Land #4792 @jakxx Publish It PUI file exploit 2015-03-18 20:59:54 -04:00
jakxx 085e6cc815 Implemented Recommended Changes
-corrected spelling error
-set only option to required
-dumped header data to included file
-Used Rex for jmp values
2015-03-17 16:39:56 -04:00
jvazquez-r7 bb81107e51 Land #4927, @wchen-r7's exploit for Flash PCRE CVE-2015-0318 2015-03-13 23:58:05 -05:00
sinn3r 0ee0a0da1c This seems to work 2015-03-13 04:43:06 -05:00
sinn3r 0c3329f69e Back on track 2015-03-12 15:26:55 -05:00
sinn3r 215c209f88
Land #4901, CVE-2014-0311, Flash ByteArray Uncompress UAF 2015-03-11 14:04:17 -05:00
sinn3r 43b90610b1 Temp 2015-03-11 13:53:34 -05:00
sinn3r 2a9d6e64e2 Starting point for CVE-2015-0318 2015-03-11 09:58:41 -05:00
jvazquez-r7 cb72b26874 Add module for CVE-2014-0311 2015-03-09 16:52:23 -05:00
Tod Beardsley df80d56fda
Land #4898, prefer URI to open-uri 2015-03-09 09:14:10 -05:00
joev d7295959ca Remove open-uri usage in msf. 2015-03-05 23:45:28 -06:00
jvazquez-r7 64fd818364
Land #4411, @bcook-r7's support for direct, atomic registry key access in meterpreter 2015-03-04 10:01:33 -06:00
Brent Cook 0988c5e691 use the correct implementation for query_value_direct 2015-03-03 22:29:23 -06:00
Ferenc Spala c498ba64e4 Added a new pair of default Tomcat credentials. QLogic's QConvergeConsole comes with a bundled Tomcat with a hard-coded username and password for the manager app. 2015-02-19 15:08:50 -06:00
sinn3r b90639fd66
Land #4726, X360 Software actvx buffer overflow 2015-02-17 11:41:23 -06:00
sinn3r 0597d2defb
Land #4560, Massive Java RMI update 2015-02-17 10:07:07 -06:00
Brent Cook cf0589f8c6 add support for direct reg access to pymeterpreter
When testing this, I found that the python meterpreter hangs running the
following, with or without these changes.

```
use exploit/multi/handler
set payload python/meterpreter/reverse_tcp
set PythonMeterpreterDebug true
set lhost 192.168.43.1
exploit -j
sleep 5
use exploit/windows/local/trusted_service_path
set SESSION 1
check
```

This turned out to be that pymeterpreter ate all the rest of the data in the
recv socket by consuming 4k unconditionally. This would only be exposed if
there were multiple simultaneous requests so the recv buffer filled beyond a
single request, e.g. when using the registry enumeration functions.
2015-02-17 06:11:20 -06:00
Brent Cook 7e9a331087 remove unused .class files
These were added for multi/browser/java_signed_applet, but the class
files are already packaged in a jar file, which is what is actually
used.
2015-02-12 16:08:29 -06:00
Brent Cook 7ab7add721 bump meterpreter_bins to 0.0.14, update Linux binaries.
Hopefully the last manual build before packaging the Linux bins into
meterpreter_bins as well.

This includes all of the fixes and improvements over the past month.

 rapid7/meterpreter#116
 rapid7/meterpreter#117
 rapid7/meterpreter#121
 rapid7/meterpreter#124
2015-02-10 12:43:47 -06:00
jvazquez-r7 1f4fdb5d18
Update from master 2015-02-10 10:47:17 -06:00
jvazquez-r7 511f637b31 Call CollectGarbage 2015-02-09 14:44:31 -06:00
Brent Cook af405eeb7d
Land #4287, @timwr's exploit form CVS-2014-3153 2015-02-09 10:33:14 -06:00
Brent Cook 0e4f3b0e80 added built data/exploits/CVE-2014-3153.elf 2015-02-09 09:50:31 -06:00
jvazquez-r7 a46a53acaf Provide more space for the payload 2015-02-06 14:49:49 -06:00
jvazquez-r7 414349972f Fix comment 2015-02-06 11:34:20 -06:00
jvazquez-r7 b5e230f838 Add javascript exploit 2015-02-06 11:04:59 -06:00
scriptjunkie 5b2eb986c9
Land #4678 Add post module to phish credentials 2015-02-04 23:43:02 -06:00
Brent Cook 2fdeeb3b13 Rebuilt Java Payloads with the latest NDK/SDK and meterpreter-javapayload
Fix rapid7/meterpreter#95, rebuilt with all outstanding PRs from
rapid7/metasploit-javapayload.
2015-02-02 13:09:15 -06:00
jvazquez-r7 aa7f7d4d81 Add DLL source code 2015-02-01 19:59:10 -06:00
jvazquez-r7 d211488e5d Add Initial version 2015-02-01 19:47:58 -06:00
wez3 25ac9c1ed9 Add post module to phish windows user credentials 2015-01-30 19:50:04 +01:00
jvazquez-r7 f9dccda75d Delete unused files 2015-01-22 18:00:31 -06:00
William Vu 75e04705d5
Land #4624, Firefox 33-35 os.js support 2015-01-22 13:35:47 -06:00
Joe Vennix 5bfb88d55c
Update os.js to detect newer firefox versions. 2015-01-21 16:12:17 -06:00
Brent Cook 94fda6e617
Land #4600, jvazquez-r7's Linux meterpreter bins 2015-01-20 09:38:35 -06:00
sinn3r 76746eb209 New password from Hathaway 2015-01-19 21:45:47 -06:00
eyalgr f12c6a1624 Update meterpreter.py
Read until exactly pkt_length bytes
2015-01-18 15:45:28 +02:00