e8a3984c85
Fix ROP NOP address and reduce/remove NOPs
2014-02-11 00:29:37 +01:00
08b6f74fb4
Add module for CVE-2010-2343
2014-02-10 20:46:09 +01:00
47b9bfaffc
Use opts hash for adobe_pdf_embedded_exe
...
https://dev.metasploit.com/redmine/issues/8498
2014-01-24 20:16:53 -06:00
16b8b58a84
Fix the dwSize parameter
2014-01-24 11:38:57 +01:00
8f6dcd7545
Add some randomization to the ROP chain
2014-01-24 10:28:59 +01:00
021aa77f5f
Add module for BID-46926
2014-01-24 01:48:21 +01:00
b4280f2876
Very minor code formatting
2014-01-14 13:35:00 +01:00
e7cc3a2345
Removed unnecessary target
2014-01-13 13:17:16 +01:00
26d17c03b1
Replaced ROP chain
2014-01-13 02:54:49 +01:00
d657a2efd3
Added DEP Bypass
2014-01-11 20:31:28 +01:00
72d15645df
Added more references
2014-01-11 20:30:50 +01:00
8449005b2a
Fixed CVE identifier.
2014-01-10 23:45:34 +01:00
cd38f1ec5d
Minor touchups to recent modules.
2014-01-03 13:39:14 -06:00
2d25781cf0
Land #2804 for real (thanks, @jvazquez-r7!)
...
It was the wrong time to mess with my workflow.
2014-01-02 16:39:02 -06:00
67a796021d
Land #2804 , IBM Forms Viewer 4.0 exploit
2014-01-02 16:10:02 -06:00
eaeb457d5e
Fix disclosure date and newline as pointed by @wvu-r7
2014-01-02 16:08:44 -06:00
d291cd92d7
Land #2817 , icofx_bof random things
2014-01-01 22:01:48 -06:00
b4439a263b
Make things random
2013-12-31 16:06:25 -06:00
184bd1e0b2
Land #2815 - Change gsub hardtabs
2013-12-31 15:58:21 -06:00
2252a037a5
Fix disclosure date
2013-12-31 14:51:43 -06:00
3775b6ce91
Add module for CVE-2013-4988
2013-12-31 14:43:45 -06:00
841f67d392
Make adobe_reader_u3d also compliant
2013-12-31 11:07:31 -06:00
7f9f4ba4db
Make gsubs compliant with the new indentation standard
2013-12-31 11:06:53 -06:00
57d60c66f9
Add masqform version as comment
2013-12-27 10:59:23 -06:00
341e3c0370
Use rexml
2013-12-27 10:55:36 -06:00
ee35f9ac30
Add module for zdi-13-274
2013-12-27 10:20:44 -06:00
367dce505b
Minor details
2013-12-24 00:39:15 -06:00
f687a14539
Added support for opening via menu.
2013-12-24 03:12:49 +01:00
287271cf98
Fixed date format.
2013-12-22 01:32:16 +01:00
0ac495fef8
Replaced hex with plain text.
2013-12-22 01:31:37 +01:00
44ab583611
Added newline to end of file.
2013-12-20 22:40:45 +01:00
62f71f6282
Added module for CVE-2013-6877
2013-12-20 22:37:09 +01:00
f88a3a55b6
More slight updates.
2013-12-16 15:05:39 -06:00
04b7e8b174
Fix module title and add vendor patch information
2013-12-16 14:59:00 -06:00
533accaa87
Add module for CVE-2013-3346
2013-12-16 14:13:47 -06:00
ba1a70b72e
Update Microsoft patch information
2013-12-13 15:59:15 -06:00
89ef1d4720
Fix a typo in mswin_tiff_overflow
2013-12-06 00:44:12 -06:00
671c0d9473
Fix nokogiri typo
...
[SeeRM #8730 ]
2013-11-26 10:54:31 -06:00
0079413e81
Full revert the change
2013-11-25 22:04:02 -06:00
fa97c9fa7c
Revert this change
2013-11-25 20:54:39 -06:00
3247106626
Heap spray adjustment by @jvazquez-r7
2013-11-25 20:50:53 -06:00
4c249bb6e9
Fix heap spray
2013-11-25 20:06:42 -06:00
385381cde2
Change target address
...
This one tends to work better with our boxes
2013-11-25 17:21:39 -06:00
9987ec0883
Hmm, change ranking
2013-11-23 00:51:58 -06:00
6ccc3e3c48
Make payload execution more stable
2013-11-23 00:47:45 -06:00
d748fd4003
Final commit
2013-11-22 23:35:26 -06:00
f871452b97
Slightly change the description
...
Because it isn't that slow
2013-11-22 19:27:00 -06:00
eddedd4746
Working version
2013-11-22 19:14:56 -06:00
c8fd761c53
Progress
2013-11-22 16:57:29 -06:00
953a96fc2e
This one looks promising
2013-11-22 12:27:10 -06:00
8476ca872e
More progress
2013-11-22 11:53:57 -06:00
f1d181afc7
Progress
2013-11-22 04:51:55 -06:00
6d5c1c230c
Progress
2013-11-22 03:55:40 -06:00
4d2253fe35
Diet
2013-11-22 02:25:09 -06:00
8382d31f46
More progress
2013-11-21 18:48:12 -06:00
56d1c545e7
Oh look, more code
2013-11-21 14:42:07 -06:00
ddd5b0abb9
More progress
2013-11-21 04:27:41 -06:00
e13e457d8f
Progress
2013-11-20 17:11:13 -06:00
94e13a0b8a
Initial commit of CVE-2013-3906
2013-11-19 23:10:32 -06:00
89d0b3c41c
Return the splat and require on a module.
2013-11-15 12:19:53 -06:00
2c485c509e
Fix caps on module titles (first pass)
2013-11-15 00:03:42 -06:00
84572c58a8
Minor fixup for release
...
* Adds some new refs.
* Fixes a typo in a module desc.
* Fixes a weird slash continuation for string building (See #2589 )
2013-11-04 12:10:38 -06:00
9f81aeb4ad
Fix style
2013-10-29 14:55:16 -05:00
5af42f2c28
Add short comment on why the padding is necessary
2013-10-29 11:46:10 -05:00
e368cb0a5e
Add Win7 SP1 to WinXP SP3 target
2013-10-29 10:45:14 -05:00
ea7bba4035
Add Beetel Connection Manager NetConfig.ini BOF
2013-10-28 22:52:02 -05:00
2aed8a3aea
Update modules to use new ZDI reference
2013-10-21 15:13:46 -05:00
032da9be10
Land #2426 - make use of Msf::Config.data_directory
2013-10-21 13:07:33 -05:00
07ab53ab39
Merge from master to clear conflict
...
Conflicts:
modules/exploits/windows/brightstor/tape_engine_8A.rb
modules/exploits/windows/fileformat/a-pdf_wav_to_mp3.rb
2013-10-17 13:29:24 -05:00
f1a67ecafe
Remove overdue deprecated modules
...
[See PT #56795804 ]
[See PT #56796034 ]
2013-10-16 17:02:28 -05:00
ba2c52c5de
Fixed up some more weird splat formatting.
2013-10-16 16:25:48 -05:00
c83262f4bd
Resplat another common boilerplate.
2013-10-15 14:07:48 -05:00
23d058067a
Redo the boilerplate / splat
...
[SeeRM #8496 ]
2013-10-15 13:51:57 -05:00
c460f943f7
Merge branch 'master' into data_dir
...
Conflicts:
modules/exploits/windows/local/always_install_elevated.rb
plugins/sounds.rb
scripts/meterpreter/powerdump.rb
scripts/shell/spawn_meterpreter.rb
2013-10-02 20:17:11 +01:00
23b0c3b723
Add Metasploit blog references
...
These modules have blogs from the Rapid7 community, we should add them.
2013-10-01 20:50:16 -05:00
7ba846ca24
Find and replace
2013-09-26 20:34:48 +01:00
2656c63459
Knock out a Unicode character
2013-09-23 14:22:11 -05:00
4bff8f2cdc
Update descriptions for clarity.
2013-09-23 13:48:23 -05:00
8417b916c7
Complete MS13-071 Information
2013-09-21 21:22:34 -05:00
955365d605
Land #2391 - MS13-071 Microsoft Windows Theme File Handling Vulnerability
2013-09-19 22:21:09 -05:00
9b486e1dbb
Add comment about the smb_* methods
2013-09-19 13:23:46 -05:00
60d448f600
Add minor cleanup
2013-09-18 14:10:13 -05:00
68647c7363
Add module for MS13-071
2013-09-18 13:40:35 -05:00
8728a9a3b7
Bumping out deprecation date
...
Pray I don't alter the deprecation date further.
2013-09-18 11:00:35 -05:00
76f27ecde8
Require the deprecation mixin in all modules
...
Because rememberin to require it, and hoping against a race is not how we
roll any more.
2013-09-12 15:49:33 -05:00
761042f14b
require the deprecated mixin
2013-09-12 15:42:01 -05:00
968f299772
Deprecate A-PDF exploit for filename change
...
See PT 56796034
See PT 56795804
2013-09-12 15:30:26 -05:00
41e4375e43
Retab modules
2013-08-30 16:28:54 -05:00
abd4fb778f
add osvdb ref for chasys overflow
2013-08-18 06:35:28 -05:00
6c1ba9c9c9
Switch to Failure vs Exploit::Failure
2013-08-15 14:14:46 -05:00
b3f229ff59
Add module for CVE-2013-3928
2013-08-12 17:18:30 -05:00
8c47f1df2d
We don't need this option anymore
2013-07-31 03:30:34 -05:00
af0046658b
Change the way file is stored
2013-07-31 03:28:24 -05:00
164153f1e6
Minor updates to titles and descriptions
2013-07-22 13:04:54 -05:00
e7e712fa01
EOL fix
2013-07-20 19:54:05 -05:00
ab515fb66d
Add the file format version of CVE-2013-1017
2013-07-20 19:50:09 -05:00
529471ed53
Land #2081 - MediaCoder .M3U Buffer Overflow
2013-07-11 23:57:43 -05:00
1341d6ec6b
Remove extra commas and try to keep a line in 100 columns
2013-07-11 23:54:54 -05:00
1cf65623d6
Small desc update
2013-07-11 13:20:39 -05:00
d9107d2bd9
Add module for CVE-2013-3248
2013-07-11 12:30:08 -05:00
16c9effcb4
make msftidy happy
2013-07-11 00:32:32 +07:00
8de88cbd05
change target from win7 sp1 to win7 sp0, fix description
2013-07-11 00:14:30 +07:00
8d7396d60a
Minor description changes on new modules
2013-07-08 16:24:40 -05:00
b2a18c37ee
add dll references for rop
2013-07-09 03:20:05 +07:00
3f874f504c
Use metadata
2013-07-08 09:25:02 -05:00
512dd7d15a
Update title
2013-07-08 09:11:31 -05:00
c60aeaa202
Add module for CVE-2013-3482
2013-07-08 09:11:10 -05:00
ed6d88a28b
credit to mona.py for rop
2013-07-07 18:07:05 +07:00
ecb2667401
remove seh mixin and fix the rop nop address
2013-07-06 23:08:51 +07:00
23d2bfc915
add more author
2013-07-06 11:52:16 +07:00
b8354d3d6c
Added MediaCoder exploit module
2013-07-06 11:07:11 +07:00
7ef5695867
[FixRM:#8129] - Remove invalid metasploit.com references
...
These "metasploit.com" references aren't related to the vulns,
shouldn't be in them.
2013-07-03 11:52:10 -05:00
1110aefe49
Land #2038 , @modpr0be exploit for ABBS Audio Media Player
2013-07-01 23:20:50 -05:00
2e5398470b
remove additional junk, tested and not needed
2013-07-02 09:23:42 +07:00
9b8bfa6290
change last junk from rand_text_alpha_upper to rand_text
2013-07-01 23:49:19 +07:00
c631778a38
make a nice way to fill the rest of buffer
2013-07-01 23:39:08 +07:00
478beee38b
remove unnecessary option and make msftidy happy
2013-07-01 18:51:47 +07:00
f16d097c00
clean version, tested on winxp sp3 and win7 sp1
2013-07-01 18:35:50 +07:00
e0ae71e874
minor fixing in the exploit module description
2013-07-01 03:27:06 +07:00
007fddb6bf
remove SEH function, not needed
2013-07-01 03:13:20 +07:00
1e4b69ab03
Added abbs amp exploit module
2013-07-01 03:08:22 +07:00
6ea622c45e
reference updates
2013-06-26 09:44:56 -05:00
427f063c48
fix formatting
2013-06-22 07:32:29 -05:00
1e25dedb66
fix formatting
2013-06-22 07:31:47 -05:00
14850cd387
reference updates for multiple modules
2013-06-22 07:28:04 -05:00
d35c3469e8
Fix typo
...
EDB reference
2013-06-14 15:16:20 -05:00
69c25014ae
Make msftidy happy
2013-06-13 18:58:38 -05:00
12801430e3
Update both ultraiso files to the right fix
2013-06-13 18:44:19 -05:00
0440c03c7a
Land #1934 - Fix UltraISO Exploit File Creation
2013-06-13 13:57:09 -05:00
cd64e3593c
Fix UltraISO file creation
...
This makes file creation where datastore['FILENAME'] is not used when
a different filename is required, and ends up creating files in the
wrong place.
2013-06-09 12:37:34 +10:00
c6b4290fea
Fix UltraISO Exploit File Creation
...
Both ultraiso_ccd.rb and ultraiso_cue.rb use File.open to create
files, instead of using the create_file() function. This leads
to files being created in the wrong directory.
We work around this by dynamically changing the
file_format_filename function to return the corrected filename.
2013-06-09 09:51:15 +10:00
cb79aa252a
Fix output path in ms10_004_textbytesatom.rb
...
ms10_004_textbytesatom.rb does not write to the local data directory,
instead it writes to the metasploit path (at least, that's where I
started msfrpcd).
This fixes it by using Msf::Config.local_directory
2013-06-09 07:28:48 +10:00
57b7e4ec44
Update ms11_006_createsizeddibsection.rb
2013-05-25 13:14:41 +06:00
1aa80cd35e
Add module for CVE-2013-0726
2013-05-08 13:48:48 -05:00
13202a3273
Add OSVDB reference
2013-05-03 09:46:29 -05:00
a95de101e7
Delete extra line
2013-05-02 22:04:27 -05:00
6210b42912
Port EDB 25141 to msf
2013-05-02 22:00:43 -05:00
051e31c19f
Merge branch 'kingview_kingmess_kvl' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-kingview_kingmess_kvl
2013-03-22 13:00:38 -05:00
0c0d15024a
No tabs for these
2013-03-19 08:39:47 -05:00
4aab1cc5df
delete debug code
2013-03-18 16:28:39 +01:00
dffec1cd41
added module for cve-2012-4914
2013-03-17 21:12:40 +01:00
456e4449e5
definitely the free trial of 6.53 is also vulnerable
2013-03-13 20:29:07 +01:00
5345af87f2
better description according to advisory
2013-03-13 20:25:13 +01:00
5339c6f76e
better target description according to advisory
2013-03-13 20:23:22 +01:00
50083996ff
better target description
2013-03-13 20:13:09 +01:00
a2755820cb
Added module for CVE-2012-4711
2013-03-13 20:07:58 +01:00
2160718250
Fix file header comment
...
[See #1555 ]
2013-03-07 17:53:19 -06:00
0186e290d3
Merge branch 'ovftool_format_string_fileformat' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-ovftool_format_string_fileformat
2013-02-05 15:13:51 -06:00
135718a97b
Added module for cve-2012-3569, fileformat version
2013-02-04 16:36:33 +01:00
e8def29b4f
Dropping all twitter handles
...
Also adds "pbot" as an accepted lowercase word. This will come up pretty
routinley for functions and stuff.
2013-02-01 16:33:52 -06:00
8f2dd8e2ce
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
25aaf7a676
msftidy: Remove $Id$
2013-01-04 00:41:44 +01:00
771460fa4c
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-12-26 11:35:52 -06:00
8223df375d
Avoid making the title sound too generic.
2012-12-26 11:15:37 -06:00
0b2ea3e55e
Fix weird tabs vs spaces prob
2012-12-26 11:14:48 -06:00
e895ccb6b1
added random string functions
2012-12-25 18:13:02 +01:00
fec989026f
Added module for CVE-2012-5691
2012-12-25 18:05:10 +01:00
38f0886058
James has more modules that need to be updated.
...
e-mail update.
2012-12-24 17:51:58 -06:00
d2885d9045
Correct US Cert references
2012-12-13 14:19:53 -06:00
9d52048d7f
Forgot to remove this after badchar analysis
2012-11-30 02:17:08 -06:00
37f731fe7d
Add OSVDB-80896 BlazeVideo HDTV Player Pro 6.6 Buffer Overflow
2012-11-30 02:14:22 -06:00
de016780b8
Rename the PAYLOAD_TYPE datastore option
...
This datastore option conflicts with a reserved option in Pro causing
this module to fail in Pro.
2012-11-15 14:42:31 -06:00
f1423bf0b4
If a message is clearly a warning, then use print_warning
2012-10-24 00:44:53 -05:00
910644400d
References EDB cleanup
...
All other types of references use String arguments, but approximately half
of the EDB references use Fixnums. Fix this by using Strings here too.
2012-10-23 21:02:09 +02:00
5b18a34ad4
References cleanup
...
Uppercase MSB, spaces in URLs.
2012-10-22 22:37:01 +02:00
e9f7873afc
Version cleanup
...
Remove all values that are neither 0 nor $Revision$.
2012-10-22 20:57:02 +02:00
39f2cbfc3c
Older targets confirmed for CoolType SING
2012-09-12 16:51:51 -05:00
61bf15114a
deregistering FILENAME option
2012-09-10 23:14:14 +02:00
199fbaf33d
use a static filename
2012-09-10 23:08:21 +02:00
cb975ce0a2
cleanup plus documentation for the maki template
2012-09-10 22:48:04 +02:00
607c0f023a
added edb references
2012-09-10 17:30:31 +02:00
b813e4e650
Added module for CVE-2009-1831
2012-09-10 16:46:16 +02:00
caae54a7ca
added osvdb reference
2012-09-07 16:56:37 +02:00
c572c20831
Description updated to explain conditions
2012-09-07 11:18:54 +02:00
86036737ca
Apparently this app has two different names
...
People may either call the app "ActiveFax", or "ActFax". Include
both names in there to allow the module to be more searchable.
2012-09-06 18:38:03 -05:00
4985cb0982
Added module for ActFac SYSTEM Local bof
2012-09-07 00:45:08 +02:00
783ffb13c2
Add Adobe security bulletin references
2012-09-04 00:07:53 -05:00
d106a1150e
Be more clear that we dislike certain PDF templates
2012-08-31 14:07:58 -05:00
d56ac81a57
Recapitalizing GlobalSCAPE
...
According to
http://kb.globalscape.com/Search.aspx?Keywords=globalscape
this seems to be the preferred capitalization.
2012-08-15 13:25:35 -05:00
bfe2ed0737
Minor title update
2012-08-14 12:14:13 -05:00
1ec7f03352
Changes proposed by todb: description, author email, zip data random
2012-08-14 18:45:05 +02:00
3c79509780
Added module for BID 46375
2012-08-14 18:15:29 +02:00
c2cc4b3b15
juan author name updated
2012-08-06 18:59:16 +02:00
d2e1f4b448
Added module for OSVDB 83745
2012-07-25 19:24:09 +02:00
260cea934d
Add more reference
2012-07-05 16:48:43 -05:00
2874768539
Also add juan as author. And links to the vulnerable setup.
2012-06-30 13:12:13 -05:00
5dbfb7b9aa
last cleanup
2012-06-30 14:18:25 +02:00
19d476122b
versions affected corrected
2012-06-29 20:23:17 +02:00
533111c6da
irfanview_jpeg2000_bof: review of pull req #543
2012-06-29 20:13:02 +02:00
196e1b7f70
Update title & description to match what ZDI has.
...
ZDI publishes a new advisory that's closer to what we actually
see in a debugger. So we update the reference, as well as the
description + title to better match up theirs.
2012-06-29 11:10:28 -05:00
5efb459616
updated zdi reference
2012-06-29 16:36:11 +02:00
e5dd6fc672
Update milw0rm references.
...
milw0rm.com is long gone, so all milw0rm references are just
a bunch of broken links. Change to exploit-db instead.
2012-06-28 14:27:12 -05:00
7dcdd205bb
Update CVEs for fileformat exploits
2012-06-28 00:21:03 -05:00
2f733ff8b9
Add CVE-2012-0663 Apple QuickTime TeXML Exploit
2012-06-27 14:41:45 -05:00
9ea6d84a7a
Make it clear the exploit doesn't like certain PDF formats
...
If the exploit cannot fetch certain xref fields, we warn the user
we don't like their PDF, and recommend them to try a different
one.
2012-06-26 16:32:10 -05:00
b966dda980
Update missing CVE reference
2012-06-26 01:26:09 -05:00
7698b2994d
Correct OSVDB typo
2012-06-25 18:32:35 -05:00
fb7f6b49f0
This mega-diff adds better error classification to existing modules
2012-06-19 12:59:15 -05:00
80d46580ec
One last minor change for metadata format
2012-06-14 21:48:24 -05:00
82799f2601
Some final touchup
...
This commit includes the following changes:
* Description change
* Additional references
* More testing
* Format change
* Other minor stuff
2012-06-14 21:46:38 -05:00
sgabe
William Vu
Tod Beardsley
jvazquez-r7
sinn3r
jvazquez-r7
Meatballs
Tab Assassin
Steve Tornio
HD Moore
modpr0be
Ruslaideemin
darknight007
sinn3r
James Lee
Tod Beardsley
Christian Mehlmauer
David Maloney
Michael Schierl