8ed13b1d1b
Add linux support for CVE-2014-0515
2015-06-11 16:18:50 -05:00
ae21b0c260
Land #5523 , adobe_flash_domain_memory_uaf in the flash renderer
2015-06-10 16:59:19 -05:00
4c5b1fbcef
Land #5522 , adobe_flash_worker_byte_array_uaf in the flash renderer
2015-06-10 14:49:41 -05:00
7527aa4f34
Disable debug
2015-06-10 14:07:18 -05:00
6c7ee10520
Update to use the new flash Exploiter
2015-06-10 13:52:43 -05:00
7fba64ed14
Allow more search space
2015-06-10 12:26:53 -05:00
ecbddc6ef8
Play with memory al little bit better
2015-06-10 11:54:57 -05:00
d622c782ef
Land #5519 , adobe_flash_uncompress_zlib_uninitialized in the flash renderer
2015-06-10 11:52:47 -05:00
2b4fe96cfd
Tweak Heap Spray
2015-06-10 10:56:24 -05:00
a6fe383852
Use AS Exploiter
2015-06-10 09:32:52 -05:00
e5d6c9a3cb
Make last code cleanup
2015-06-09 16:01:57 -05:00
cf8c6b510b
Debug version working
2015-06-09 15:46:21 -05:00
39851d277d
Unset debug flag
2015-06-09 11:36:09 -05:00
b7f0fad72f
Modify CVE-2014-0569 to use the flash exploitation code
2015-06-09 11:31:39 -05:00
b291d41b76
Quick hack to remove hard-coded offsets
2015-06-05 13:19:41 +10:00
02181addc5
Update CVE-2014-0556
2015-06-04 18:23:50 -05:00
23df66bf3a
Land #5481 , no powershell. exec shellcode from the renderer process.
2015-06-04 15:45:09 -05:00
ab68d8429b
Add more targets
2015-06-04 12:11:53 -05:00
80cb70cacf
Add support for Windows 8.1/Firefox
2015-06-03 22:46:04 -05:00
74117a7a52
Allow to execute payload from the flash renderer
2015-06-03 16:33:41 -05:00
455a3b6b9d
Add butchered version of CVE-2015-1701
2015-06-03 21:48:23 +10:00
e9714bfc82
Solve conflics
2015-05-27 23:22:00 -05:00
e749733eb6
Land #5419 , Fix Base64 decoding on ActionScript
2015-05-27 23:13:51 -05:00
e5d42850c1
Add support for Linux to CVE-2015-0336
2015-05-27 17:05:10 -05:00
801deeaddf
Fix CVE-2015-0336
2015-05-27 15:42:06 -05:00
bd1bdf22b5
Fix CVE-2015-0359
2015-05-26 17:27:20 -05:00
19c7445d9d
Fix CVE-2015-0336
2015-05-26 17:20:49 -05:00
23d244b1fa
Fix CVE-2015-0313
2015-05-26 16:11:44 -05:00
5c8c5aef37
Fix CVE-2014-8440
2015-05-26 16:05:08 -05:00
d78d04e070
Fix CVE-2014-0569
2015-05-26 15:49:22 -05:00
e0a1fa4ef6
Fix indentation
2015-05-26 15:38:56 -05:00
1742876757
Fix CVE-2014-0556
2015-05-26 15:30:39 -05:00
3e122fe87c
Fix b64 decoding
2015-05-26 15:15:33 -05:00
29ccc8367b
Add More messages
2015-05-26 14:47:47 -05:00
1bf1c37cfa
Add exception handling
2015-05-26 14:31:07 -05:00
fb8a927941
Hardcode params
2015-05-26 14:20:43 -05:00
f119da94ca
Add one more message
2015-05-26 14:14:38 -05:00
15533fabe6
Log messages
2015-05-26 14:08:24 -05:00
91357ee45b
Improve reliability
2015-05-26 13:47:33 -05:00
f35d7a85d3
Adjust numbers
2015-05-21 15:56:11 -05:00
80d4f3cfb0
Update swf
2015-05-21 14:55:00 -05:00
8d6cbf0568
Make adobe_flash_uncompress_zlib_af multiplatform
2015-05-20 18:57:37 -05:00
c0b995cc97
new changes
2015-05-19 16:18:06 +01:00
b513304756
new changes
2015-05-19 15:47:30 +01:00
0cda746bfb
Updated size
2015-05-19 14:08:59 +01:00
811c45ab90
new
2015-05-19 14:06:41 +01:00
d4798a2500
Fix spacinG
2015-05-11 09:04:03 +01:00
c916021fc5
SSL Support for Powershell Payloads
2015-05-10 21:45:59 +01:00
51bb4b5a9b
Add module for CVE-2015-0359
2015-05-07 17:00:00 -05:00
582919acac
Add module for CVE-2015-0336
2015-05-05 17:25:19 -05:00
dbba466b5b
Add module for CVE-2014-8440
2015-04-29 17:52:04 -05:00
76e68fcf4c
session info
2015-04-26 20:13:18 +01:00
aa4dc78cba
updates to author comments in powershell script
2015-04-25 08:47:17 +01:00
19aa668f99
updates to include reverse and bind
2015-04-22 20:41:19 +01:00
b0d50dc2be
Create our own Rex connection to the endpoint
...
Ensure powershell process closes when module completes
Add a windows cmd interact payload
2015-04-19 23:41:28 +01:00
8bd0da580d
Move script out of module
2015-04-19 21:12:44 +01:00
28fac60c81
Add module for CVE-2015-0556
2015-04-15 14:08:16 -05:00
3313dac30f
Land #5119 , @wvu's addition of the OSX rootpipe privesc exploit.
...
orts
borts
2015-04-10 12:38:25 -05:00
c4b7b32745
Add Rootpipe exploit
2015-04-10 11:22:00 -05:00
91f5d0af5a
Add module for CVE-2014-0569
...
* Adobe flash, Integer overflow on casi32
2015-04-09 19:37:26 -05:00
11c6f3fdca
Do reliable resolution of kernel32
2015-03-29 15:52:13 -05:00
f84a46df63
Add module for CVE-2015-0313
2015-03-27 18:51:13 -05:00
076f15f933
Land #4792 @jakxx Publish It PUI file exploit
2015-03-18 20:59:54 -04:00
085e6cc815
Implemented Recommended Changes
...
-corrected spelling error
-set only option to required
-dumped header data to included file
-Used Rex for jmp values
2015-03-17 16:39:56 -04:00
bb81107e51
Land #4927 , @wchen-r7's exploit for Flash PCRE CVE-2015-0318
2015-03-13 23:58:05 -05:00
0ee0a0da1c
This seems to work
2015-03-13 04:43:06 -05:00
0c3329f69e
Back on track
2015-03-12 15:26:55 -05:00
215c209f88
Land #4901 , CVE-2014-0311, Flash ByteArray Uncompress UAF
2015-03-11 14:04:17 -05:00
43b90610b1
Temp
2015-03-11 13:53:34 -05:00
2a9d6e64e2
Starting point for CVE-2015-0318
2015-03-11 09:58:41 -05:00
cb72b26874
Add module for CVE-2014-0311
2015-03-09 16:52:23 -05:00
d7295959ca
Remove open-uri usage in msf.
2015-03-05 23:45:28 -06:00
b90639fd66
Land #4726 , X360 Software actvx buffer overflow
2015-02-17 11:41:23 -06:00
1f4fdb5d18
Update from master
2015-02-10 10:47:17 -06:00
511f637b31
Call CollectGarbage
2015-02-09 14:44:31 -06:00
af405eeb7d
Land #4287 , @timwr's exploit form CVS-2014-3153
2015-02-09 10:33:14 -06:00
0e4f3b0e80
added built data/exploits/CVE-2014-3153.elf
2015-02-09 09:50:31 -06:00
a46a53acaf
Provide more space for the payload
2015-02-06 14:49:49 -06:00
414349972f
Fix comment
2015-02-06 11:34:20 -06:00
b5e230f838
Add javascript exploit
2015-02-06 11:04:59 -06:00
aa7f7d4d81
Add DLL source code
2015-02-01 19:59:10 -06:00
d211488e5d
Add Initial version
2015-02-01 19:47:58 -06:00
f9dccda75d
Delete unused files
2015-01-22 18:00:31 -06:00
74e8e057dd
Use RDL
2015-01-09 19:02:08 -06:00
fce564cde2
Meh, not the debug build. Should be the release build.
2015-01-08 22:06:07 -06:00
14c54cbc22
Update DLL
2015-01-08 21:36:02 -06:00
d3738f0d1a
Add DLL
2015-01-08 17:17:55 -06:00
7a2c9c4c0d
Land #4263 , @jvennix-r7's OSX Mavericks root privilege escalation
...
* Msf module for the Ian Beer exploit
2014-11-30 21:13:07 -06:00
7772da5e3f
Change paths, add makefile and compile
2014-11-30 21:06:11 -06:00
f5f32fac06
Add token fiddling from nishang
2014-11-28 23:02:59 +00:00
48a5123607
Merge remote-tracking branch 'upstream/master' into pr4233_powerdump
2014-11-27 20:08:11 +00:00
7a3fb12124
Add an OSX privilege escalation from Google's Project Zero.
2014-11-25 12:34:16 -06:00
830af7f95e
identified instances of tabs vs spaces in the original
...
identified 16 instances in the original code where tab was used vs spaces. updated to keep consistent.
2014-11-25 12:17:43 -06:00
705bd42b41
tab to space change - line 296
2014-11-22 14:48:44 -06:00
900aa9cd6b
powerdump.ps1 bug - corrupt hash fix
...
Fixed the bug where the hashes are not being extracted correctly when LM is disabled and history is enabled.
Rather than relying on length, LM and NT headers are checked. Four bytes at 0xa0 show if LM exists and four bytes at 0xac show if NT exists. Details on this known issue can be found in the following whitepaper from blackhat:
https://media.blackhat.com/bh-us-12/Briefings/Reynolds/BH_US_12_Reynods_Stamp_Out_Hash_WP.pdf
2014-11-18 23:10:57 -06:00
c35dc2e6b3
Add module for CVE-2014-6352
2014-11-12 01:10:49 -06:00
c2391bf011
Add an R in /Info for the trailer dictionary to make it readable
2014-11-05 22:28:37 -06:00
1b2554bc0d
Add a default template for CVE-2010-1240 PDF exploit
2014-11-05 17:08:38 -06:00
f43a6e9be0
Use PDWORD_PTR and DWORD_PTR
2014-10-31 17:35:50 -05:00
8e547e27b3
Use correct types
2014-10-31 12:37:21 -05:00
6574db5dbb
Fix the 64 bits code
2014-10-30 17:01:59 -05:00
03a84a1de3
Search the AccessToken
2014-10-30 12:17:03 -05:00
908094c3d3
Remove debug, treat warnings as errors
2014-10-28 09:04:02 +10:00
0a03b2dd48
Final code tidy
2014-10-28 08:59:33 +10:00
042d29b1d6
Compile binaries in house
2014-10-27 12:18:33 -05:00
4406972b46
Do version checking minor cleanup
2014-10-27 09:32:42 -05:00
0aaebc7872
Make GetPtiCurrent USER32 independent
2014-10-26 18:51:02 -05:00
34697a2240
Delete 'callback3' also from 32 bits version
2014-10-26 17:28:35 -05:00
7416c00416
Initial addition of x64 target for cve-2014-4113
2014-10-26 16:54:42 -04:00
a75186d770
Add module for CVE-2014-4113
2014-10-23 18:51:30 -05:00
bf8dce574a
Add ppsx template
2014-10-16 17:55:22 -05:00
7793ed4fea
Add some common UXSS scripts.
2014-09-09 02:31:27 -05:00
ce5d3b12e7
Land #3403 - MS13-097 Registry Symlink IE Sandbox Escape
2014-06-26 13:48:28 -05:00
b8a2cf776b
Do test
2014-06-03 09:52:01 -05:00
05ed2340dc
Use powershell
2014-06-03 09:29:04 -05:00
f918bcc631
Use powershell instead of mshta
2014-06-03 09:01:56 -05:00
1dbd36a3dd
Check for the .NET dfsvc and use %windir%
2014-05-30 09:02:43 -05:00
e145298c13
Add module for CVE-2014-0257
2014-05-29 11:45:19 -05:00
6e122e683a
Add module for CVE-2013-5045
2014-05-29 11:42:54 -05:00
5fd732d24a
Add module for CVE-2014-0515
2014-05-07 17:13:16 -05:00
6bfc9a8aa0
Land #3333 - Adobe Flash Player Integer Underflow Remote Code Execution
2014-05-05 10:39:26 -05:00
7e37939bf2
Land #3090 - Windows NTUserMessageCall Win32k Kernel Pool Overflow (Schlamperei)
2014-05-04 16:41:17 +10:00
b4c7c5ed1f
Add module for CVE-2014-0497
2014-05-03 20:04:46 -05:00
06c8082187
Use signed binary
2014-05-02 14:45:14 +01:00
60e7e9f515
Add module for CVE-2013-5331
2014-04-27 10:40:46 -05:00
5c0664fb3b
Land #3292 - Mac OS X NFS Mount Privilege Escalation Exploit
2014-04-24 13:43:20 -05:00
143aede19c
Add osx nfs_mount module.
2014-04-23 02:32:42 -05:00
acb12a8bef
Beautify and fix both ruby an AS
2014-04-17 23:32:29 -05:00
91d9f9ea7f
Update from master
2014-04-17 15:32:49 -05:00
749e141fc8
Do first clean up
2014-04-17 15:31:56 -05:00
abd76c5000
Add module for CVE-2014-0322
2014-04-15 17:55:24 -05:00
85197dffe6
MS14-017 Word RTF listoverridecount memory corruption
2014-04-08 14:44:20 -04:00
409787346e
Bring build tools up to date, change some project settings
...
This commit brings the source into line with the general format/settings
that are used in other exploits.
2014-03-14 22:57:16 +10:00
6309c4a193
Metasploit LLC transferred assets to Rapid7
...
The license texts should reflect this.
2014-03-13 09:47:52 -05:00
2a1e96165c
Adding MS013-058 for Windows7 x86
2014-03-06 18:39:34 +00:00
a87f604c98
Merge remote-tracking branch 'upstream/master' into mediawiki
2014-02-10 21:43:56 +00:00
78e1683f2d
Add binary compiled on vs2013
2014-02-10 13:52:27 -06:00
01f41a209c
Remove the DLL and add make.msbuild for easier compiling.
2014-02-07 10:05:05 -05:00
cc32c877a9
Add CVE-2013-3881 win32k Null Page exploit
2014-02-06 17:23:38 -05:00
486a9d5e19
Use msf branded djvu
2014-02-01 00:37:28 +00:00
766c408d86
Add CVE-2013-0634: Adobe Flash Player 11.5 memory corruption
2014-01-18 11:07:11 -05:00
0c82817445
Final changes before PR
2013-12-15 01:12:49 +00:00
db29af0f97
First batch of submodule refactorings
2013-12-15 01:12:48 +00:00
3d1646d18e
Exit process when complete
2013-12-15 01:12:47 +00:00
c6623b380a
Initial commit
2013-12-15 01:12:45 +00:00
defc0ebe5c
ppr_flatten_rec update, RDI submodule, and refactor
...
This commit contains a few changes for the ppr_flatten_rec local windows
exploit. First, the exploit binary itself:
* Updated to use the RDI submodule.
* Updated to build with VS2013.
* Updated to generate a binary called `ppr_flatten_rc.x86.dll`.
* Invocation of the exploit requires address of the payload to run.
Second, the module in MSF behaved a little strange. I expected it to create
a new session with system privs and leave the existing session alone. This
wasn't the case. It used to create an instance of notepad, migrate the
_existing_ session to it, and run the exploit from there. This behaviour
didn't seem to be consistent with other local exploits. The changes
include:
* Existing session is now left alone, only used as a proxy.
* New notepad instance has exploit reflectively loaded.
* New notepad instance has payload directly injected.
* Exploit invocation takes the payload address as a parameter.
* A wait is added as the exploit is slow to run (nature of the exploit).
* Payloads are executed on successful exploit.
2013-11-27 20:44:18 +10:00
6cb63cdad6
Land #2679 , @wchen-r7's exploit for cve-2013-3906
2013-11-25 22:04:26 -06:00
25eb13cb3c
Small fix to interface
2013-11-22 17:02:08 -06:00
136c18c070
Add binary objects for MS13-022
2013-11-22 16:45:07 -06:00
94e13a0b8a
Initial commit of CVE-2013-3906
2013-11-19 23:10:32 -06:00
506a4d9e67
Remove genericity, x64 and renamed stuff
...
As per discussion on the github issue, the following changes were made:
* Project renamed from elevate to kitrap0d, implying that this is not
intended to be a generic local priv esc exploit container.
* Container DLL no longer generic, always calls the kitrap0d exploit.
* Removal of all x64 code and project configurations.
* Invocation of the exploit changed so that the address of the payload
is passed in to the exploit entry point. The exploit is now responsible
for executing the payload if the exploit is successful. This removes
the possibility of the payload getting executed when the exploit fails.
* Source moved to the appropriate CVE folder.
* Binary moved to the appropriate CVE folder.
* Little bit of source rejigging to tidy things up.
2013-11-14 12:22:53 +10:00
2e8d19edcf
Retab all the things (except external/)
2013-09-30 13:47:53 -05:00
94125a434b
Add module for ZDI-13-205
2013-09-04 15:57:22 -05:00
795ad70eab
Change directory names
2013-08-15 22:52:42 -05:00
cc5804f5f3
Add Port for OSVDB 96277
2013-08-15 18:34:51 -05:00
9f5f191a6b
Add Main.swf from 593363c
2013-07-29 21:53:40 -05:00
c7361043ae
up to date
2013-07-17 11:47:06 -05:00
11f8b351c0
Merge branch 'nvidia' of https://github.com/Meatballs1/metasploit-framework
2013-07-17 11:44:42 -05:00
22601e6cc7
Exit process when complete
2013-07-06 09:27:27 +01:00
66c2b79177
Initial commit
2013-07-05 19:48:27 +01:00
72f19181d1
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-01 16:38:19 -05:00
a4d353fcb3
Clean a little more the VS project
2013-06-29 15:15:27 -05:00
6878534d4b
Clean Visual Studio Project
2013-06-29 09:20:40 -05:00
7725937461
Add Module for cve-2013-3660
2013-06-28 18:18:21 -05:00
3c1af8217b
Land #2011 , @matthiaskaiser's exploit for cve-2013-2460
2013-06-26 14:35:22 -05:00
81a2d9d1d5
Merge branch 'module_java_jre17_provider_skeleton' of https://github.com/matthiaskaiser/metasploit-framework
2013-06-26 14:32:59 -05:00
d25e1ba44e
Make fixes proposed by review and clean
2013-06-25 12:58:00 -05:00
1ade467ac9
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-25 11:10:43 -05:00
b32513b1b8
Fix CVE-2013-2171 with @jlee-r7 feedback
2013-06-25 10:40:55 -05:00
3244013b1f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-25 09:48:20 -05:00
6780566a54
Add CVE-2013-2171: FreeBSD 9 Address Space Manipulation Module
2013-06-24 11:50:21 -05:00
8a96b7f9f2
added Java7u21 RCE module
...
Click2Play bypass doesn't seem to work anymore.
2013-06-24 02:04:38 -04:00
9d0047ff74
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-07 16:44:52 -05:00
7090d4609b
Add module for CVE-2013-1488
2013-06-07 13:38:41 -05:00
d5cf6c1fbc
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-05-23 12:37:54 -05:00
81ad280107
Landing #1856 - CVE-2013-0758 Firefox <= 17.0.1 + Flash RCE
...
Chained exploit using CVE-2013-0758 and CVE-2013-0757
2013-05-23 12:21:10 -05:00
4d5c4f68cb
Initial commit, works on three OSes, but automatic mode fails.
2013-05-15 23:32:02 -05:00
b6365db0b5
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-22 09:38:32 -05:00
19f2e72dbb
Added module for Java 7u17 sandboxy bypass
2013-04-20 01:43:13 -05:00
6cd6a7d6b9
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-03-28 12:16:18 +01:00
c225d8244e
Added module for CVE-2013-1493
2013-03-26 22:30:18 +01:00
74b58185cd
up to date
2013-03-12 16:48:11 +01:00
d7b89a2228
added security level bypass
2013-02-20 17:50:47 +01:00
d88ad80116
Added first version of cve-2013-0431
2013-02-20 16:39:53 +01:00
c8778587f5
rename the xml template for s4u
2013-02-18 15:25:03 +01:00
be0feecf8f
Merge branch 's4u_persistence' of https://github.com/smilingraccoon/metasploit-framework into smilingraccoon-s4u_persistence
2013-02-18 15:22:37 +01:00
3a499b1a6d
added s4u_persistence.rb
2013-02-10 14:22:36 -05:00
24de0d2274
Data files moved. Updated to use Rex::zip and Msf::Exploit::FILEFORMAT
2013-02-04 13:37:09 +01:00
807bd6e88a
Merge branch 'java_jre17_glassfish_averagerangestatisticimpl' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-java_jre17_glassfish_averagerangestatisticimpl
2013-01-22 15:33:39 +01:00
78279a0397
Added new module for cve-2012-5076
2013-01-17 21:27:47 +01:00
d0b9808fc7
Added module for CVE-2012-5088
2013-01-17 21:14:49 +01:00
51f3f59d2f
cve and references available
2013-01-11 00:54:53 +01:00
876d889d82
added exploit for j7u10 0day
2013-01-10 20:30:43 +01:00
133ad04452
Cleanup of #1062
2012-12-07 11:55:48 +01:00
b7f304f0db
added build exec_payload.msi
2012-11-28 21:51:01 +01:00
5076198ba2
fixing bperry comments
2012-11-11 20:18:19 +01:00
8619c5291b
Added module for CVE-2012-5076
2012-11-11 17:05:51 +01:00
c30ada5eac
Adds temp vbs mod and tweaked decoder stub
2012-11-04 12:49:15 -06:00
b4485fdb2b
added chm templates
2012-10-10 19:21:47 +02:00
2b6aa6bbdb
Added Exploit for deployfilerepository via JMX
2012-09-03 13:50:16 -04:00
363c0913ae
changed dir names according to CVE
2012-08-28 16:33:01 +02:00
52ca1083c2
Added java_jre17_exec
2012-08-27 11:25:04 +02:00
f715527423
Improve CVE-2012-1535
2012-08-21 19:58:21 -05:00
13df1480c8
Add exploit for CVE-2012-1535
2012-08-17 12:16:54 -05:00
430351fe79
Better handle of module cache when db_connect is run manually
2012-07-10 23:56:48 -05:00
e9ac90f7b0
added CVE-2012-1723
2012-07-10 12:20:37 +10:00
414214eb9d
Permissions.
2012-06-28 11:42:37 -05:00
6ec990ed85
Merge branch 'Openfire-auth-bypass' of https://github.com/h0ng10/metasploit-framework into h0ng10-Openfire-auth-bypass
2012-06-27 23:09:26 +02:00
428ae21928
Changed readme.html file (was from the statistics plugin)
2012-06-26 12:03:52 -04:00
6cc8390da9
Module rewrite, included Java support, direct upload, plugin deletion
2012-06-26 11:56:44 -04:00
6a91626d94
Permissions
2012-06-25 00:36:39 -05:00
65197e79e2
added Exploit for CVE-2008-6508 (Openfire Auth bypass)
2012-06-24 07:35:38 -04:00
b891e868f5
Added actionscript and swf needed
2012-06-23 08:36:35 +02:00
d7d314862f
Need the trigger to actually make it work, duh!
2012-06-22 23:16:12 -05:00
572fb4cb0c
Permissions fix
2012-06-21 15:39:17 -05:00
fcf42d3e7b
added adobe flashplayer array indexing exploit (CVE-2011-2110)
2012-06-20 12:52:37 +10:00
5922ec1f7a
Permissions
2012-06-12 15:20:25 -05:00
4743c9fb33
Add MS12-005 (CVE-2012-0013) exploit
2012-06-10 01:08:28 -05:00
e8af6882eb
Permissions
2012-06-06 20:05:29 -05:00
93741770e2
Added module for CVE-2011-3400
2012-06-05 18:21:55 +02:00
287d68f304
added module for CVE-2008-0320
2012-05-23 17:14:11 +02:00
14d8ba00af
Added batik svg java module
2012-05-17 16:48:38 +02:00
7a05f3eab4
Mark failed logins as inactive
2012-05-08 16:51:22 -06:00
318b14af4c
Fix improper reporting and stack traces when we missed a banner
...
Also makes sure we delete the session if we got a 221 response, even if
we haven't seen a login yet.
2012-05-08 16:40:56 -06:00
1eec1cebb5
Fix improper reporting
...
:proto is always tcp, udp, etc., name is the higher layer name
2012-05-08 16:39:32 -06:00
536fa39ae8
Keep the client and the server on tracked tcp sessions
2012-05-08 16:38:12 -06:00
452cead1e9
Merge psnuffle ntlmv2 support from Alex Malateaux
...
Testing this with smbclient requires setting "client ntlmv2 auth = yes"
in /etc/samba/smb.conf
Squashed commit of the following:
commit 7acc32f5f00914fed355a080ca237543448f80ca
Author: Alexandre Maloteaux <a.maloteaux@gmail.com>
Date: Thu Apr 12 01:52:49 2012 +0100
psnuffle : move protocol filtering in load function
commit 9c9ae9711c760b4f072271b7e5993f9bf8366671
Author: Alexandre Maloteaux <a.maloteaux@gmail.com>
Date: Thu Apr 12 01:50:48 2012 +0100
psnuffle : add hash exctratiopn from smbv2 session
[Closes #327 ]
2012-05-08 13:41:42 -06:00
f6005ba06e
Permission change, ignore
2012-04-23 13:42:18 -05:00
9a00823828
Merge branch '0a2940-CVE-2008-5499_adobe_flashplayer_aslaunch'
2012-04-19 18:08:22 -05:00
18d83ee6c1
Permissions fix for modicon_ladder.apx
2012-04-12 14:26:27 -05:00
654701f1b2
new file: data/exploits/CVE-2008-5499.swf
...
new file: external/source/exploits/CVE-2008-5499/Exploit.as
new file: modules/exploits/linux/browser/adobe_flashplayer_aslaunch.rb
2012-04-10 20:58:22 +01:00
14d9953634
Adding DigitalBond SCADA modules
2012-04-05 12:35:48 -05:00
ab269ac4ec
Permissions fix for exploit jar file
2012-04-02 09:27:35 -05:00
025d905c01
Compiled jar with -target 1.2 so it works on older JVMs
2012-03-30 17:05:20 -06:00
e018c6604f
Modify CVE-2012-0507
2012-03-30 02:06:56 -05:00
bec8d40a6c
File permissions fix
2012-03-29 16:24:31 -05:00
791ebdb679
Add CVE-2012-0507 (Java)
2012-03-29 10:31:14 -05:00
c8c73b076d
Permisssions (ignore)
2012-03-08 16:16:13 -06:00
3e6cbe9486
Add source code to the player
2012-03-08 15:23:10 -06:00
b0db18674c
Test out new player code
2012-03-08 15:05:12 -06:00
f2eab70c3f
Add swf file for CVE-2012-0754
2012-03-07 19:23:11 -06:00
d3fad51f3a
Fix my screwup in winscp for servicename
2012-02-21 20:31:52 -06:00
e69037959f
Added CVE-2010-0842
2012-02-15 23:32:31 +01:00
1e811aed02
Adds scriptjunkie's multilingual admin fie for pxexploit
...
Also removes duplicated code between external/source/exploits/pxesploit
and external/source/pxesploit.
[Closes #63 ]
Squashed commit of the following:
commit 325f52527233ded1bf6506c366ec8cb9efdc2610
Author: scriptjunkie <scriptjunkie@scriptjunkie.us>
Date: Fri Dec 16 12:14:18 2011 -0600
Jetzt auf Deutsch! y español! 中國人!
[update pxexploit to resolve administrators' group name rather than assume the English 'Administrators']
Also remove duplicate/old pxexploit source code from the tree.
2011-12-23 12:24:45 -06:00
d939e33f1e
Allows for Loot and Tasks to be imported from an MSF ZIP.
...
This should bring any loots and tasks along with
everything else when doing an improt from an MSF ZIP file.
2011-12-05 22:30:34 -05:00
c5302e13ac
Slight changes
2011-12-01 03:02:08 -06:00
f64f0eefda
Add class file for CVE-2011-3544
2011-11-29 18:06:20 -06:00
30d1451159
Consolidation of the Axis2 Deployer Exploits
...
Fixes #5276
2011-11-22 08:47:53 -08:00
3185b3471b
Add template for CVE-2010-0822
2011-11-21 11:36:27 -06:00
8d58ea227f
Add UAC bypass to default pxesploit attack.
2011-11-16 08:16:22 -08:00
jvazquez-r7
wchen-r7
OJ
benpturner
Meatballs
joev
William Vu
Spencer McIntyre
jakxx
Brent Cook
Joe Vennix
Peter Marszalik
Tod Beardsley
kyuzo
dukeBarman
Tab Assassin
jvazquez-r7
Matthias Kaiser
smilingraccoon
SphaZ
David Maloney
h0ng10
sinn3r
HD Moore
LittleLightLittleFire
Tod Beardsley
Steven Seeley
James Lee
Alexandre Maloteaux
0a2940
David Maloney
juan
scriptjunkie