infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
36,031 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

764 Commits (9f4f478d2ddc021fcc1a810bee7f42030a243566)

Author SHA1 Message Date
Ken Smith 66b1c79da9 Update rop chain for versions 6.2 and 6.1 2014-04-21 13:27:14 -04:00
Ken Smith c99f6654e8 Added target 6.1 to module 2014-04-11 09:59:11 -04:00
Spencer McIntyre 3f6c8afbe3 Fix typo of MSCOMCTL not MCCOMCTL 2014-04-08 14:52:18 -04:00
Spencer McIntyre 85197dffe6 MS14-017 Word RTF listoverridecount memory corruption 2014-04-08 14:44:20 -04:00
Tod Beardsley 7572d6612e
Spelling and grammar on new release modules 2014-04-07 12:18:13 -05:00
jvazquez-r7 56bd35c8ce Add module for WinRAR spoofing vulnerability 2014-04-07 09:21:49 -05:00
sinn3r d7ca537a41 Microsoft module name changes 
So after making changes for MSIE modules (see #3161), I decided to
take a look at all MS modules, and then I ended up changing all of
them. Reason is the same: if you list modules in an ordered list
, this is a little bit easier to see for your eyes.
 2014-03-28 20:56:53 -05:00
Tod Beardsley 8f2124f5da
Minor updates for release 
Fixes some title/desc action.
Adds a print_status on the firefox module so it's not just silent.
Avoids the use of "puts" in the description b/c this freaks out msftidy
(it's a false positive but easily worked around).
 2014-03-17 13:26:26 -05:00
sinn3r 243fa4f56a
Land #2910 - MPlayer Lite M3U Buffer Overflow 2014-03-13 14:13:17 -05:00
sinn3r e832be9eeb Update description and change ranking 
The exploit requires the targeted user to open the malicious in
specific ways.
 2014-03-13 14:09:37 -05:00
William Vu 25ebb05093 Add next chunk of fixes 
Going roughly a third at a time.
 2014-03-11 12:23:59 -05:00
sgabe 408fedef93 Add module for OSVDB-98283 2014-03-04 00:51:01 +01:00
Tod Beardsley de6be50d64
Minor cleanup and finger-wagging about a for loop 2014-03-03 14:12:22 -06:00
Meatballs 63751c1d1a
Small msftidies 2014-02-28 22:18:59 +00:00
sinn3r 7625dc4880 Fix syntax error due to the missing , 2014-02-27 14:25:52 -06:00
sinn3r 49ded452a9 Add OSVDB reference 2014-02-27 14:22:56 -06:00
sinn3r e72250f08f Rename Total Video Player module 
The filename shouldn't include the version, because the exploit should
be able to target multiple versions if it has to.
 2014-02-27 14:20:26 -06:00
Fr330wn4g3 63f74bddae 2° update total_video_player_131_ini_bof 2014-02-27 16:41:35 +01:00
Fr330wn4g3 b81642d8ad Update total_video_player_131_ini_bof 2014-02-26 11:37:04 +01:00
Fr330wn4g3 a7cacec0c3 Add module for EDB 29799 2014-02-25 23:07:28 +01:00
Tod Beardsley 721e153c7f
Land #3005 to the fixup-release branch 
Prefer the intel on #3005 over my own made up 0day guess. Thanks @wvu!

Conflicts:
	modules/exploits/windows/fileformat/audiotran_pls_1424.rb
 2014-02-18 14:08:54 -06:00
Tod Beardsley a863d0a526
Pre-release fixes, including msftidy errors. 2014-02-18 14:02:37 -06:00
William Vu 28dc742bcf Fix references and disclosure date 2014-02-18 13:59:58 -06:00
Philip OKeefe 98958bc7bc Making audiotran_pls_1424 more readable and adding comments 2014-02-17 13:40:03 -05:00
Philip OKeefe c60ea58257 added audiotran_pls_1424 fileformat for Windows 2014-02-16 16:20:50 -05:00
jvazquez-r7 9845970e12 Use pop#ret to jump over the overwritten seh 2014-02-12 08:10:14 -06:00
sgabe 11513d94f5 Add Juan as author 2014-02-12 12:17:02 +01:00
sgabe 3283880d65 Partially revert "Replace unnecessary NOP sled with random text" to improve reliability. 
This partially reverts commit 12471660e9.
 2014-02-12 12:09:16 +01:00
sgabe 7195416a04 Increase the size of the NOP sled 2014-02-12 02:35:53 +01:00
sgabe 3f09456ce8 Minor code formatting 2014-02-11 23:53:04 +01:00
sgabe 7fc3511ba9 Remove unnecessary NOPs 2014-02-11 23:48:54 +01:00
sgabe 12471660e9 Replace unnecessary NOP sled with random text 2014-02-11 23:48:04 +01:00
sgabe 184ccb9e1e Fix payload size 2014-02-11 23:42:58 +01:00
jvazquez-r7 3717374896 Fix and improve reliability 2014-02-11 10:44:58 -06:00
sgabe e8a3984c85 Fix ROP NOP address and reduce/remove NOPs 2014-02-11 00:29:37 +01:00
sgabe 08b6f74fb4 Add module for CVE-2010-2343 2014-02-10 20:46:09 +01:00
William Vu 47b9bfaffc Use opts hash for adobe_pdf_embedded_exe 
https://dev.metasploit.com/redmine/issues/8498
 2014-01-24 20:16:53 -06:00
sgabe 16b8b58a84 Fix the dwSize parameter 2014-01-24 11:38:57 +01:00
sgabe 8f6dcd7545 Add some randomization to the ROP chain 2014-01-24 10:28:59 +01:00
sgabe 021aa77f5f Add module for BID-46926 2014-01-24 01:48:21 +01:00
sgabe b4280f2876 Very minor code formatting 2014-01-14 13:35:00 +01:00
sgabe e7cc3a2345 Removed unnecessary target 2014-01-13 13:17:16 +01:00
sgabe 26d17c03b1 Replaced ROP chain 2014-01-13 02:54:49 +01:00
sgabe d657a2efd3 Added DEP Bypass 2014-01-11 20:31:28 +01:00
sgabe 72d15645df Added more references 2014-01-11 20:30:50 +01:00
sgabe 8449005b2a Fixed CVE identifier. 2014-01-10 23:45:34 +01:00
Tod Beardsley cd38f1ec5d
Minor touchups to recent modules. 2014-01-03 13:39:14 -06:00
William Vu 2d25781cf0
Land #2804 for real (thanks, @jvazquez-r7!) 
It was the wrong time to mess with my workflow.
 2014-01-02 16:39:02 -06:00
William Vu 67a796021d
Land #2804, IBM Forms Viewer 4.0 exploit 2014-01-02 16:10:02 -06:00
jvazquez-r7 eaeb457d5e Fix disclosure date and newline as pointed by @wvu-r7 2014-01-02 16:08:44 -06:00
William Vu d291cd92d7
Land #2817, icofx_bof random things 2014-01-01 22:01:48 -06:00
jvazquez-r7 b4439a263b Make things random 2013-12-31 16:06:25 -06:00
sinn3r 184bd1e0b2
Land #2815 - Change gsub hardtabs 2013-12-31 15:58:21 -06:00
jvazquez-r7 2252a037a5 Fix disclosure date 2013-12-31 14:51:43 -06:00
jvazquez-r7 3775b6ce91 Add module for CVE-2013-4988 2013-12-31 14:43:45 -06:00
jvazquez-r7 841f67d392 Make adobe_reader_u3d also compliant 2013-12-31 11:07:31 -06:00
jvazquez-r7 7f9f4ba4db Make gsubs compliant with the new indentation standard 2013-12-31 11:06:53 -06:00
jvazquez-r7 57d60c66f9 Add masqform version as comment 2013-12-27 10:59:23 -06:00
jvazquez-r7 341e3c0370 Use rexml 2013-12-27 10:55:36 -06:00
jvazquez-r7 ee35f9ac30 Add module for zdi-13-274 2013-12-27 10:20:44 -06:00
sinn3r 367dce505b Minor details 2013-12-24 00:39:15 -06:00
sgabe f687a14539 Added support for opening via menu. 2013-12-24 03:12:49 +01:00
sgabe 287271cf98 Fixed date format. 2013-12-22 01:32:16 +01:00
sgabe 0ac495fef8 Replaced hex with plain text. 2013-12-22 01:31:37 +01:00
sgabe 44ab583611 Added newline to end of file. 2013-12-20 22:40:45 +01:00
sgabe 62f71f6282 Added module for CVE-2013-6877 2013-12-20 22:37:09 +01:00
Tod Beardsley f88a3a55b6
More slight updates. 2013-12-16 15:05:39 -06:00
sinn3r 04b7e8b174 Fix module title and add vendor patch information 2013-12-16 14:59:00 -06:00
jvazquez-r7 533accaa87 Add module for CVE-2013-3346 2013-12-16 14:13:47 -06:00
sinn3r ba1a70b72e Update Microsoft patch information 2013-12-13 15:59:15 -06:00
sinn3r 89ef1d4720 Fix a typo in mswin_tiff_overflow 2013-12-06 00:44:12 -06:00
Tod Beardsley 671c0d9473
Fix nokogiri typo 
[SeeRM #8730]
 2013-11-26 10:54:31 -06:00
jvazquez-r7 0079413e81 Full revert the change 2013-11-25 22:04:02 -06:00
sinn3r fa97c9fa7c Revert this change 2013-11-25 20:54:39 -06:00
sinn3r 3247106626 Heap spray adjustment by @jvazquez-r7 2013-11-25 20:50:53 -06:00
jvazquez-r7 4c249bb6e9 Fix heap spray 2013-11-25 20:06:42 -06:00
sinn3r 385381cde2 Change target address 
This one tends to work better with our boxes
 2013-11-25 17:21:39 -06:00
sinn3r 9987ec0883 Hmm, change ranking 2013-11-23 00:51:58 -06:00
sinn3r 6ccc3e3c48 Make payload execution more stable 2013-11-23 00:47:45 -06:00
sinn3r d748fd4003 Final commit 2013-11-22 23:35:26 -06:00
sinn3r f871452b97 Slightly change the description 
Because it isn't that slow
 2013-11-22 19:27:00 -06:00
sinn3r eddedd4746 Working version 2013-11-22 19:14:56 -06:00
sinn3r c8fd761c53 Progress 2013-11-22 16:57:29 -06:00
sinn3r 953a96fc2e This one looks promising 2013-11-22 12:27:10 -06:00
sinn3r 8476ca872e More progress 2013-11-22 11:53:57 -06:00
sinn3r f1d181afc7 Progress 2013-11-22 04:51:55 -06:00
sinn3r 6d5c1c230c Progress 2013-11-22 03:55:40 -06:00
sinn3r 4d2253fe35 Diet 2013-11-22 02:25:09 -06:00
sinn3r 8382d31f46 More progress 2013-11-21 18:48:12 -06:00
sinn3r 56d1c545e7 Oh look, more code 2013-11-21 14:42:07 -06:00
sinn3r ddd5b0abb9 More progress 2013-11-21 04:27:41 -06:00
sinn3r e13e457d8f Progress 2013-11-20 17:11:13 -06:00
sinn3r 94e13a0b8a Initial commit of CVE-2013-3906 2013-11-19 23:10:32 -06:00
Tod Beardsley 89d0b3c41c
Return the splat and require on a module. 2013-11-15 12:19:53 -06:00
William Vu 2c485c509e Fix caps on module titles (first pass) 2013-11-15 00:03:42 -06:00
Tod Beardsley 84572c58a8
Minor fixup for release 
* Adds some new refs.
  * Fixes a typo in a module desc.
  * Fixes a weird slash continuation for string building (See #2589)
 2013-11-04 12:10:38 -06:00
jvazquez-r7 9f81aeb4ad Fix style 2013-10-29 14:55:16 -05:00
William Vu 5af42f2c28 Add short comment on why the padding is necessary 2013-10-29 11:46:10 -05:00
William Vu e368cb0a5e Add Win7 SP1 to WinXP SP3 target 2013-10-29 10:45:14 -05:00
William Vu ea7bba4035 Add Beetel Connection Manager NetConfig.ini BOF 2013-10-28 22:52:02 -05:00
William Vu 2aed8a3aea Update modules to use new ZDI reference 2013-10-21 15:13:46 -05:00
sinn3r 032da9be10
Land #2426 - make use of Msf::Config.data_directory 2013-10-21 13:07:33 -05:00
Tod Beardsley 07ab53ab39
Merge from master to clear conflict 
Conflicts:
	modules/exploits/windows/brightstor/tape_engine_8A.rb
	modules/exploits/windows/fileformat/a-pdf_wav_to_mp3.rb
 2013-10-17 13:29:24 -05:00
Tod Beardsley f1a67ecafe
Remove overdue deprecated modules 
[See PT #56795804]
[See PT #56796034]
 2013-10-16 17:02:28 -05:00
Tod Beardsley ba2c52c5de
Fixed up some more weird splat formatting. 2013-10-16 16:25:48 -05:00
Tod Beardsley c83262f4bd
Resplat another common boilerplate. 2013-10-15 14:07:48 -05:00
Tod Beardsley 23d058067a
Redo the boilerplate / splat 
[SeeRM #8496]
 2013-10-15 13:51:57 -05:00
Meatballs c460f943f7
Merge branch 'master' into data_dir 
Conflicts:
	modules/exploits/windows/local/always_install_elevated.rb
	plugins/sounds.rb
	scripts/meterpreter/powerdump.rb
	scripts/shell/spawn_meterpreter.rb
 2013-10-02 20:17:11 +01:00
sinn3r 23b0c3b723 Add Metasploit blog references 
These modules have blogs from the Rapid7 community, we should add them.
 2013-10-01 20:50:16 -05:00
Meatballs 7ba846ca24 Find and replace 2013-09-26 20:34:48 +01:00
Tod Beardsley 2656c63459 Knock out a Unicode character 2013-09-23 14:22:11 -05:00
Tod Beardsley 4bff8f2cdc Update descriptions for clarity. 2013-09-23 13:48:23 -05:00
jvazquez-r7 8417b916c7 Complete MS13-071 Information 2013-09-21 21:22:34 -05:00
sinn3r 955365d605 Land #2391 - MS13-071 Microsoft Windows Theme File Handling Vulnerability 2013-09-19 22:21:09 -05:00
jvazquez-r7 9b486e1dbb Add comment about the smb_* methods 2013-09-19 13:23:46 -05:00
jvazquez-r7 60d448f600 Add minor cleanup 2013-09-18 14:10:13 -05:00
jvazquez-r7 68647c7363 Add module for MS13-071 2013-09-18 13:40:35 -05:00
Tod Beardsley 8728a9a3b7 Bumping out deprecation date 
Pray I don't alter the deprecation date further.
 2013-09-18 11:00:35 -05:00
Tod Beardsley 76f27ecde8 Require the deprecation mixin in all modules 
Because rememberin to require it, and hoping against a race is not how we
roll any more.
 2013-09-12 15:49:33 -05:00
Tod Beardsley 761042f14b require the deprecated mixin 2013-09-12 15:42:01 -05:00
Tod Beardsley 968f299772 Deprecate A-PDF exploit for filename change 
See PT 56796034
See PT 56795804
 2013-09-12 15:30:26 -05:00
Tab Assassin 41e4375e43 Retab modules 2013-08-30 16:28:54 -05:00
Steve Tornio abd4fb778f add osvdb ref for chasys overflow 2013-08-18 06:35:28 -05:00
HD Moore 6c1ba9c9c9 Switch to Failure vs Exploit::Failure 2013-08-15 14:14:46 -05:00
jvazquez-r7 b3f229ff59 Add module for CVE-2013-3928 2013-08-12 17:18:30 -05:00
sinn3r 8c47f1df2d We don't need this option anymore 2013-07-31 03:30:34 -05:00
sinn3r af0046658b Change the way file is stored 2013-07-31 03:28:24 -05:00
Tod Beardsley 164153f1e6 Minor updates to titles and descriptions 2013-07-22 13:04:54 -05:00
sinn3r e7e712fa01 EOL fix 2013-07-20 19:54:05 -05:00
sinn3r ab515fb66d Add the file format version of CVE-2013-1017 2013-07-20 19:50:09 -05:00
sinn3r 529471ed53 Land #2081 - MediaCoder .M3U Buffer Overflow 2013-07-11 23:57:43 -05:00
sinn3r 1341d6ec6b Remove extra commas and try to keep a line in 100 columns 2013-07-11 23:54:54 -05:00
sinn3r 1cf65623d6 Small desc update 2013-07-11 13:20:39 -05:00
jvazquez-r7 d9107d2bd9 Add module for CVE-2013-3248 2013-07-11 12:30:08 -05:00
modpr0be 16c9effcb4 make msftidy happy 2013-07-11 00:32:32 +07:00
modpr0be 8de88cbd05 change target from win7 sp1 to win7 sp0, fix description 2013-07-11 00:14:30 +07:00
Tod Beardsley 8d7396d60a Minor description changes on new modules 2013-07-08 16:24:40 -05:00
modpr0be b2a18c37ee add dll references for rop 2013-07-09 03:20:05 +07:00
jvazquez-r7 3f874f504c Use metadata 2013-07-08 09:25:02 -05:00
jvazquez-r7 512dd7d15a Update title 2013-07-08 09:11:31 -05:00
jvazquez-r7 c60aeaa202 Add module for CVE-2013-3482 2013-07-08 09:11:10 -05:00
modpr0be ed6d88a28b credit to mona.py for rop 2013-07-07 18:07:05 +07:00
modpr0be ecb2667401 remove seh mixin and fix the rop nop address 2013-07-06 23:08:51 +07:00
modpr0be 23d2bfc915 add more author 2013-07-06 11:52:16 +07:00
modpr0be b8354d3d6c Added MediaCoder exploit module 2013-07-06 11:07:11 +07:00
sinn3r 7ef5695867 [FixRM:#8129] - Remove invalid metasploit.com references 
These "metasploit.com" references aren't related to the vulns,
shouldn't be in them.
 2013-07-03 11:52:10 -05:00
jvazquez-r7 1110aefe49 Land #2038, @modpr0be exploit for ABBS Audio Media Player 2013-07-01 23:20:50 -05:00
modpr0be 2e5398470b remove additional junk, tested and not needed 2013-07-02 09:23:42 +07:00
modpr0be 9b8bfa6290 change last junk from rand_text_alpha_upper to rand_text 2013-07-01 23:49:19 +07:00
modpr0be c631778a38 make a nice way to fill the rest of buffer 2013-07-01 23:39:08 +07:00