Commit Graph

1176 Commits (9bcf5eadb7c7d02bf392255ae15dca72b2289804)

Author SHA1 Message Date
sinn3r cdc425e4eb Update some checks 2014-01-24 12:08:23 -06:00
sinn3r 7f560a4b41 Oops, I broke this module 2014-01-22 11:23:18 -06:00
sinn3r 646f7835a3 Saving progress 2014-01-21 17:14:55 -06:00
sinn3r 85396b7af2 Saving progress
Progress group 4: Making sure these checks comply with the new
guidelines. Please read: "How to write a check() method" found in
the wiki.
2014-01-21 14:10:35 -06:00
sinn3r 689999c8b8 Saving progress
Progress group 3: Making sure these checks comply with the new
guidelines. Please read: "How to write a check() method" found in
the wiki.
2014-01-21 13:03:36 -06:00
jvazquez-r7 e2fa581b8c Delete empty line 2014-01-17 22:05:14 -06:00
sinn3r 57318ef009 Fix nil bug in jboss_invoke_deploy.rb
If there is a connection timeout, the module shouldn't access the
"code" method because that does not exist.
2014-01-17 11:47:18 -06:00
sinn3r bc9c865c25
Land #2865 - js payload to firefox_svg_plugin & add BA support for FF JS exploits 2014-01-13 11:17:36 -06:00
jvazquez-r7 95a5d12345 Merge #2835, #2836, #2837, #2838, #2839, #2840, #2841, #2842 into one branch 2014-01-13 10:57:09 -06:00
Joe Vennix b3b04c4159 Fix both firefox js exploits to use browser_autopwn. 2014-01-11 17:34:38 -06:00
sinn3r cacd7ff9d4
Land #2827 - Add firefox js xpcom payloads for universal ff shells 2014-01-10 14:29:32 -06:00
Niel Nielsen e79ccb08cb Update rails_secret_deserialization.rb
When using aws-sdk with Ruby 2.1.0-rc1, many "Digest::Digest is deprecated; use Digest" warnings are printed.
Even in Ruby 1.8.7-p374, OpenSSL::Digest::Digest is only provided for backward compatibility.
2014-01-07 21:41:15 +01:00
Joe Vennix 1057cbafee Remove deprecated linksys module. 2014-01-07 10:22:35 -06:00
Tod Beardsley c0a82ec091
Avoid specific versions in module names
They tend to be a lie and give people the idea that only that version is
vulnerable.
2014-01-06 13:47:24 -06:00
Joe Vennix 06fb2139b0 Digging around to get shell_command_token to work. 2014-01-02 14:05:06 -06:00
jvazquez-r7 1b893a5c26 Add module for CVE-2013-3214, CVE-2013-3215 2014-01-02 11:25:52 -06:00
Joe Vennix 1b0e99b448 Update proto_crmfrequest module. 2014-01-02 10:48:28 -06:00
Joe Vennix 694cb11025 Add firefox platform, architecture, and payload.
* Enables chrome privilege exploits in firefox to run a javascript cmd
shell session without touching the disk.
* Adds a spec for the addon_generator.
2014-01-02 10:48:28 -06:00
jvazquez-r7 7f9f4ba4db Make gsubs compliant with the new indentation standard 2013-12-31 11:06:53 -06:00
David Maloney c3fd657bde Missing config false flag
the sshexec exploit was missing the flag
that tells net:ssh to not use the user's
local config . This can cuase ugly problem

MSP-9262
2013-12-30 14:28:15 -06:00
sinn3r 9c484dd0a3
Land #2786 - HP SiteScope issueSiebelCmd Remote Code Execution 2013-12-23 02:34:01 -06:00
sinn3r 5b647ba6f8 Change description
Pre-auth is implied.
2013-12-23 02:33:17 -06:00
jvazquez-r7 4816abe63b Add module for ZDI-13-263 2013-12-19 17:48:52 -06:00
Joe Vennix 8e27e87c81 Use the right disclosure date. 2013-12-19 12:58:52 -06:00
Joe Vennix 955dfe5d29 msftidy it up. 2013-12-19 12:53:58 -06:00
Joe Vennix b50bbc2f84 Update module to use sinn3r's beautiful browserexploitserver. 2013-12-19 12:49:24 -06:00
Joe Vennix eb08a30293 Update description with new version support. 2013-12-19 02:08:55 -06:00
Joe Vennix 5ee6c77901 Add a patch for 15.x support.
* Also add authors i forgot, oops
2013-12-19 02:05:45 -06:00
Joe Vennix 2add2acc8f Use a smaller key size, harder to spot. 2013-12-18 21:02:23 -06:00
Joe Vennix 8d183d8afc Update versions, 4.0.1 does not work on windows. 2013-12-18 20:57:47 -06:00
Joe Vennix cb390bee7d Move comment. 2013-12-18 20:37:33 -06:00
Joe Vennix 23b5254ea1 Fix include reference. 2013-12-18 20:35:43 -06:00
Joe Vennix 5255f8da12 Clean up code. Test version support.
* Using #get in Object#defineProperty call makes the payload execute immediately
on all supported browsers I tested.
* Moved Ranking to Excellent since it is now 100% reliable.
2013-12-18 20:30:08 -06:00
Joe Vennix 64273fe41d Move addon datastore options into mixin. 2013-12-18 14:42:01 -06:00
Joe Vennix ca2de73879 It helps to actually commit the exploit. 2013-12-18 14:31:42 -06:00
Joe Vennix 1235615f5f Add firefox 15 chrome privilege exploit.
* Moves the logic for generating a firefox addon into its own mixin
* Updates the firefox_xpi_bootstrapped_addon module to use the mixin
* Module only works if you move your mouse 1px in any direction.
2013-12-18 14:30:35 -06:00
Tod Beardsley 040619c373
Minor description changes
No code changes (one comment made on play_youtube to suggest xdg-open
rather than firefox for linux targets).
2013-12-16 14:57:33 -06:00
William Vu ff9cb481fb Land #2464, fixes for llmnr_response and friends
Fixed conflict in lib/msf/core/exploit/http/server.rb.
2013-12-10 13:41:45 -06:00
jvazquez-r7 3d5501326b
Land #2743, @Mekanismen's exploit for CVE-2013-0632 2013-12-10 10:00:30 -06:00
jvazquez-r7 30960e973f Do minor cleanup on coldfusion_rds 2013-12-10 09:59:36 -06:00
Mekanismen 9a6e504bfe fixed path error and description 2013-12-10 09:05:34 +01:00
Mekanismen 313a98b084 moved coldfusion_rds to multi directory and fixed a bug 2013-12-10 08:45:27 +01:00
jvazquez-r7 f77784cd0d
Land #2723, @denandz's module for OSVDB-100423 2013-12-06 17:32:07 -06:00
jvazquez-r7 3729c53690 Move uptime_file_upload to the correct location 2013-12-06 15:57:52 -06:00
sinn3r 230db6451b Remove @peer for modules that use HttpClient
The HttpClient mixin has a peer() method, therefore these modules
should not have to make their own. Also new module writers won't
repeat the same old code again.
2013-12-03 12:58:16 -06:00
Tod Beardsley 55847ce074
Fixup for release
Notably, adds a description for the module landed in #2709.
2013-12-02 16:19:05 -06:00
jvazquez-r7 41f8a34683 Use attempts 2013-12-02 08:43:22 -06:00
jvazquez-r7 433d21730e Add ATTEMPTS option 2013-12-02 08:42:25 -06:00
jvazquez-r7 b9192c64aa Fix @wchen-r7's feedback 2013-12-01 19:55:53 -06:00
jvazquez-r7 3417c4442a Make check really better 2013-11-30 09:47:34 -06:00