a5bace2425
Land #2485 - Removed extra bracket for scripts/meterpreter/vnc.rb
...
g0tmi1k's version was outdated, so I merged from my branch instead.
2013-10-08 10:17:49 -05:00
db92709d33
Remove extra bracket
2013-10-08 10:17:08 -05:00
2593c06e7c
Land #2412 , @mwulftange's printf cmd stager
2013-10-08 09:08:29 -05:00
6f7d513f6e
Another clean up and simplification of CmdStagerPrintf
2013-10-08 07:22:09 +02:00
8b9ac746db
Land #2481 , deprecate linksys cmd exec module
2013-10-07 20:44:04 -05:00
c10f0253bc
Land #2472 - Clean up the way Apple Safari UXSS aux module does data collection
2013-10-07 15:47:28 -05:00
e0ce444896
Merging release back to master
2013-10-07 15:33:16 -05:00
f7f6abc1dd
Land #2479 - Add Joev to the wolfpack
2013-10-07 15:30:23 -05:00
4ba001d6dd
Put my short name to prevent conflicts.
2013-10-07 14:10:47 -05:00
ec6516d87c
Deprecate misnamed module.
...
* Renames to a linux linksys module.
2013-10-07 14:06:13 -05:00
61e02f3d79
Merge 'upstream-master' into release
...
Picks up #2480 as well.
2013-10-07 13:52:04 -05:00
0991b72a0e
Land #2480 , @todb-r7's changes for weekly update
2013-10-07 13:19:00 -05:00
5c5cf6dc57
Merge 'upstream-master' into release
...
Preliminary cut for release
2013-10-07 13:15:09 -05:00
219bef41a7
Decaps Siemens (consistent with other modules)
2013-10-07 13:12:32 -05:00
3215453522
Empty commit to trigger a close on #2476
...
If this commit lands, it'll close #2476 because it accomplishes the same
thing.
[Closes #2476 ]
2013-10-07 12:51:34 -05:00
4266b88a20
Move author name to just 'joev'
...
[See #2476 ]
2013-10-07 12:50:04 -05:00
ff6dec5eee
Promote joev to a first class citizen
...
[See #2476 ]
2013-10-07 12:40:43 -05:00
293927aff0
msftidy fix for coldfusion exploit
2013-10-07 12:22:48 -05:00
47e7a2de83
Kill stray debugger statement.
2013-10-06 19:32:22 -05:00
c2a81907ba
Clean up the way Apple Safari UXSS aux module does data collection.
...
[FIXRM #7918 ]
2013-10-06 19:28:16 -05:00
5aa3709ca2
Land #2467 , @wchen-r7's code to allow dynamic size paylods on ropdb
2013-10-06 18:18:13 -05:00
991e82a78a
Land #2470 - Continue to run UAC level is 0
2013-10-05 23:20:55 -05:00
0799766faa
Fix UAC is not enabled, no reason to run module when UAC is enabled and vulnerable
...
The new changes when calling uac_level = open_key.query_value('ConsentPromptBehaviorAdmin') breaks UAC on Windows 7 and Windows 8 and shows that UAC is not enabled when it is:
Here is prior to the change on a fully patched Windows 8 machine:
msf exploit(bypassuac) > exploit
[*] Started reverse handler on 172.16.21.156:4444
[*] UAC is Enabled, checking level...
[-] UAC is not enabled, no reason to run module
[-] Run exploit/windows/local/ask to elevate
msf exploit(bypassuac) >
Here's the module when running with the most recent changes that are being proposed:
[*] Started reverse handler on 172.16.21.156:4444
[*] UAC is Enabled, checking level...
[!] Could not determine UAC level - attempting anyways...
[*] Checking admin status...
[+] Part of Administrators group! Continuing...
[*] Uploading the bypass UAC executable to the filesystem...
[*] Meterpreter stager executable 73802 bytes long being uploaded..
[*] Uploaded the agent to the filesystem....
[*] Sending stage (770048 bytes) to 172.16.21.128
[*] Meterpreter session 6 opened (172.16.21.156:4444 -> 172.16.21.128:49394) at 2013-10-05 15:49:23 -0400
meterpreter >
With the new changes and not having a return on when 0 (will not always return 0 - just in certain cases where you cannot query) - it works.
2013-10-05 15:56:55 -04:00
875e086d94
Land #2469 , @bcoles exploit for FlashChat
2013-10-05 14:51:49 -05:00
24efb55ba9
Clean flashchat_upload_exec
2013-10-05 14:50:51 -05:00
08243b277a
Add FlashChat Arbitrary File Upload exploit module
2013-10-05 22:30:38 +09:30
836ff24998
Clean and fix CmdStagerPrintf
...
Clean up of the CmdStagerPrintf as discussed in mwulftange#1
2013-10-05 10:39:55 +02:00
a8de9d5c8b
Land #2459 - Add HP LoadRunner magentproc.exe Overflow
2013-10-04 19:45:44 -05:00
f9eccae391
Land #2466 , don't try to lockout SMB
2013-10-04 16:47:26 -05:00
d6c74cd0ed
Land #2463 , fixes to gestoip
2013-10-04 16:43:37 -05:00
813013fef5
Make defaults sane for the lockoutable smb_login
...
See #2376
2013-10-04 15:53:16 -05:00
77cbb7cd19
Update function documentation
2013-10-04 15:18:27 -05:00
113f89e40f
First set of fixes for gestioip_exec
2013-10-04 13:29:27 -05:00
299dfe73f1
Land #2460 , @xistence's exploit for clipbucket
2013-10-04 12:26:30 -05:00
8e0a4e08a2
Fix author order
2013-10-04 12:25:38 -05:00
ff72f0af62
Land #2461 , GestioIP module
2013-10-04 11:07:08 -05:00
9b79bb99e0
Add references, correct disclosure date
2013-10-04 09:59:26 -05:00
ab786d1466
Imply authentication when a password is set
2013-10-04 09:54:04 -05:00
0112d6253c
add gestio ip module
2013-10-04 06:39:30 -07:00
db11e88255
Land #2321 , @juushya's aux module for Sentry CDU enumeration
2013-10-04 08:35:54 -05:00
41e87d83a6
Add rspec for Rex::Exploitation::RopDb
2013-10-04 00:54:07 -05:00
81d4a8b8c1
added clipbucket_upload_exec RCE
2013-10-04 11:43:38 +07:00
bc8604f151
Use safe_negate_size for hxds
2013-10-03 23:15:29 -05:00
63d7b8c309
Use safe_negate_size for java
2013-10-03 23:13:57 -05:00
ab62af220b
Use safe_negate_size key for msvcrt (XP)
2013-10-03 23:12:58 -05:00
29d1c75d1c
Update RopDb mixin to allow dynamic payload size for neg
...
This adds a new key to allow a "safe" integer value to NEG. "Safe"
means the value does not have any null bytes after the NEG instruction,
which is typically used to calculate the payload size.
2013-10-03 23:09:23 -05:00
9df676ca7e
Land #2447 , @wchen-r7's new msvcrt ROP chains without nulls
2013-10-03 22:38:29 -05:00
646429b4dd
Put ready to pull request
2013-10-03 22:15:17 -05:00
5971fe87f5
Improve reliability
2013-10-03 17:19:53 -05:00
39eb20e33a
Add module for ZDI-13-169
2013-10-03 16:52:20 -05:00
sinn3r
jvazquez-r7
Markus Wulftange
Tod Beardsley
joev
trustedsec
bcoles
James Lee
Brandon Perry
xistence