1e811aed02
Adds scriptjunkie's multilingual admin fie for pxexploit
...
Also removes duplicated code between external/source/exploits/pxesploit
and external/source/pxesploit.
[Closes #63 ]
Squashed commit of the following:
commit 325f52527233ded1bf6506c366ec8cb9efdc2610
Author: scriptjunkie <scriptjunkie@scriptjunkie.us>
Date: Fri Dec 16 12:14:18 2011 -0600
Jetzt auf Deutsch! y español! 中國人!
[update pxexploit to resolve administrators' group name rather than assume the English 'Administrators']
Also remove duplicate/old pxexploit source code from the tree.
2011-12-23 12:24:45 -06:00
d939e33f1e
Allows for Loot and Tasks to be imported from an MSF ZIP.
...
This should bring any loots and tasks along with
everything else when doing an improt from an MSF ZIP file.
2011-12-05 22:30:34 -05:00
c5302e13ac
Slight changes
2011-12-01 03:02:08 -06:00
f64f0eefda
Add class file for CVE-2011-3544
2011-11-29 18:06:20 -06:00
30d1451159
Consolidation of the Axis2 Deployer Exploits
...
Fixes #5276
2011-11-22 08:47:53 -08:00
3185b3471b
Add template for CVE-2010-0822
2011-11-21 11:36:27 -06:00
8d58ea227f
Add UAC bypass to default pxesploit attack.
2011-11-16 08:16:22 -08:00
96766edfd0
Permission changes (to sync)
2011-11-10 19:48:32 -06:00
aeaea65896
Add template file for ms11-021
...
git-svn-id: file:///home/svn/framework3/trunk@14168 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-05 23:04:54 +00:00
2f2421badc
initial coverage of the pnsize bug (fileformat)
...
git-svn-id: file:///home/svn/framework3/trunk@13691 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-03 21:17:58 +00:00
0b72c931b6
Adds the nsepa.ocx ActiveX control for CVE-2011-2882
...
git-svn-id: file:///home/svn/framework3/trunk@13668 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-30 22:23:27 +00:00
ce9db06589
Add localboot config for PXE.
...
git-svn-id: file:///home/svn/framework3/trunk@13628 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-24 21:26:41 +00:00
5559eec7c9
Add trigger file for MS10-026
...
git-svn-id: file:///home/svn/framework3/trunk@13545 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-12 19:01:59 +00:00
f12742a05f
Better cleanup for PXE attacks.
...
git-svn-id: file:///home/svn/framework3/trunk@13518 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-11 02:57:02 +00:00
b2733c04db
More PXE dust for extra magic!
...
git-svn-id: file:///home/svn/framework3/trunk@13493 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-05 17:10:27 +00:00
b9bb5c454d
psnuffle : add a smb protocol decoder
...
git-svn-id: file:///home/svn/framework3/trunk@13375 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-27 18:06:28 +00:00
c54e18d757
Fixes #5038 . Removes all instances of Racket objects, as far as I can tell. If I missed any through my mighty grep -ril racket . statement, please reopen!
...
git-svn-id: file:///home/svn/framework3/trunk@13342 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-26 01:29:21 +00:00
338a13baac
Fix minor error.
...
git-svn-id: file:///home/svn/framework3/trunk@13167 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-14 02:36:42 +00:00
d1b971c5f2
no need for a static sig anymore
...
git-svn-id: file:///home/svn/framework3/trunk@12835 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-03 00:13:44 +00:00
971b6f96f6
pxesploit update; compatibility with x64, compatibility with different windows versions.
...
Still no custom payload yet.
git-svn-id: file:///home/svn/framework3/trunk@12430 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-25 02:51:07 +00:00
ce2687cafe
Added swf trigger file
...
git-svn-id: file:///home/svn/framework3/trunk@12329 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-16 02:08:03 +00:00
8c614a9296
made the shellcode request random to avoid signatures
...
git-svn-id: file:///home/svn/framework3/trunk@12148 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-26 16:00:52 +00:00
ff3659aa37
Lots of work to make this a lot more reliable =)
...
git-svn-id: file:///home/svn/framework3/trunk@12146 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-26 06:35:28 +00:00
bdccc67d1d
Added Crash file for CVE-2010-3275 (VLC AMV file)
...
git-svn-id: file:///home/svn/framework3/trunk@12136 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-25 21:01:30 +00:00
9895d01d51
Moving lib_mysqludf_sys*.dll to a more obvious subdirectory of the exploit binaries.
...
git-svn-id: file:///home/svn/framework3/trunk@12128 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-24 17:48:19 +00:00
b1178686cf
Fixes #3988 . Adds a command execution module for PostgreSQL by uploading a UDF library and adding sys_exec() as a temporary function. Requires the target to be Windows, uses Bernardo Damele A. G.'s binaries.
...
Also fixes a typo in the arguments to handler which clears up a heretofore mysterious exception (see exploit.rb).
git-svn-id: file:///home/svn/framework3/trunk@12111 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 19:36:07 +00:00
d7266b6551
Add CVE-2011-0609 exploit for Adobe Flash
...
git-svn-id: file:///home/svn/framework3/trunk@12089 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 04:31:48 +00:00
fb6107ffb5
enable java payloads, currently via one-off method
...
git-svn-id: file:///home/svn/framework3/trunk@12012 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-17 23:57:11 +00:00
4644110962
add exploit for cve-2010-4452, currently windows only and no payloads :(
...
git-svn-id: file:///home/svn/framework3/trunk@11982 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-16 04:50:25 +00:00
42531e097f
Fixes #3916 . Adds a module for mysql delivery of a payload via a UDF, using Bernardo's quite excellent UDF libraries.
...
git-svn-id: file:///home/svn/framework3/trunk@11899 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-08 22:42:26 +00:00
05d073c467
move the evil-looking metasploit.PayloadApplet to the more inocuous SiteLoader.class, re-enable rjb compiling for the applet class
...
git-svn-id: file:///home/svn/framework3/trunk@11249 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-07 20:43:53 +00:00
fbd340aae8
add an adodb based cmdstager, fixes #1431
...
git-svn-id: file:///home/svn/framework3/trunk@11247 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-07 18:51:12 +00:00
191c4e8eb7
make java_signed_applet work with generic java payloads, but keep the default target as Windows/x86 since it is by far the most common victim.
...
git-svn-id: file:///home/svn/framework3/trunk@11172 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-30 03:50:40 +00:00
6f7af42667
add an exploit for cve-2010-3563, thanks Matthias Kaiser
...
git-svn-id: file:///home/svn/framework3/trunk@11078 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-19 23:02:35 +00:00
c492737f0f
Fixed format issue
...
git-svn-id: file:///home/svn/framework3/trunk@11032 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-14 02:37:37 +00:00
089ace9726
update the static-signed jar for java_signed_applet, fixes #3015
...
git-svn-id: file:///home/svn/framework3/trunk@10993 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-11 21:00:29 +00:00
b572414eac
add exploit for cve-2010-3654
...
git-svn-id: file:///home/svn/framework3/trunk@10857 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-01 22:34:13 +00:00
21f16f63a1
style compliance fixes
...
git-svn-id: file:///home/svn/framework3/trunk@10855 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-01 21:45:49 +00:00
6bd75bb2d5
add shockwave exploit from abysssec/rel1k
...
git-svn-id: file:///home/svn/framework3/trunk@10779 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-22 03:15:22 +00:00
f997b37245
remove the kitrap0d meterpreter script in favor of the "getsystem" implementation, fixes #800 , fixes #801
...
git-svn-id: file:///home/svn/framework3/trunk@10739 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-18 23:57:41 +00:00
f88033f0cc
Merge in R3L1K's Powershell enhancements and powerdump code (hashdump through powershell)
...
git-svn-id: file:///home/svn/framework3/trunk@10721 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-17 17:39:43 +00:00
eaf8ef00d0
add initial version of cve-2010-2883 exploit
...
git-svn-id: file:///home/svn/framework3/trunk@10263 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-08 23:05:18 +00:00
85126af521
add an exploit module for cve-2010-0094, thanks Matthias Kaiser.
...
git-svn-id: file:///home/svn/framework3/trunk@10255 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-08 08:20:55 +00:00
7381ab8b6d
duh, dont actually need this
...
git-svn-id: file:///home/svn/framework3/trunk@10093 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-21 07:19:49 +00:00
6b08dfed61
Add exploit module for cve-2010-08040. This is an awesome bug and my description field doesn't do it justice
...
git-svn-id: file:///home/svn/framework3/trunk@10092 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-21 06:38:29 +00:00
4f148f9374
oops, add updateX data files, see #2329
...
git-svn-id: file:///home/svn/framework3/trunk@9964 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-06 19:43:25 +00:00
119f9328fc
remove debug prints. =/
...
git-svn-id: file:///home/svn/framework3/trunk@9875 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-20 00:57:03 +00:00
08d705c1db
add java meterpreter and update java_calendar_deserialize to be able to use it, see #406
...
git-svn-id: file:///home/svn/framework3/trunk@9874 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-20 00:53:24 +00:00
74b30535c4
oops, forgot swf
...
git-svn-id: file:///home/svn/framework3/trunk@9474 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-10 20:14:45 +00:00
6d1e7bdaa5
big commit - lots of cmdstager changes
...
created 4 cmd stagers (instead of just one): CmdStagerVBS, CmdStagerDebugAsm, CmdStagerDebugWrite, CmdStagerTFTP
created a TFTPServer mixin
created Msf::Exploit::EXE mixin to generate executables
updated all uses of CmdStager to use CmdStagerVBS for the time being
add exploit for cve-2001-0333 using CmdStagerTFTP
updated tftp server to wait for transfers to finish (up to 30 seconds) before shutting down
write debug.exe stager stub in 16-bit assembly (used in CmdStagerDebugAsm)
git-svn-id: file:///home/svn/framework3/trunk@9375 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-26 22:39:56 +00:00
scriptjunkie
David Maloney
sinn3r
HD Moore
Wei Chen
Mario Ceballos
David Rude
amaloteaux
Tod Beardsley
James Lee
Joshua Drake
Carlos Perez