Commit Graph

2015 Commits (afe3168a363355aecb64e1dd20db20512b728e3e)

Author SHA1 Message Date
James Lee 0547369966 Add bap support for flash mp4 and new java bug
Also fixes a silly issue where adobe_flash_mp4_cprt was adding the
/test.mp4 resource after every request instead of just once at startup.
2012-03-30 12:59:07 -06:00
Kurtis Miller 72cfbaa4d1 forgot to add renamed module 2012-03-28 14:29:31 -06:00
Kurtis Miller df116185d4 modifications recommended by sinn3r 2012-03-28 14:29:31 -06:00
Kurtis Miller 0aaa2b78bd cve-2008-0610 windows exploit module 2012-03-28 14:29:31 -06:00
Tod Beardsley e1783acd6f Adding newline to end of ricoh_dl_bof.rb 2012-03-23 16:31:11 -05:00
wchen-r7 71462bc73d Merging in freepbx_callmenum.rb and ricoh_dl_bof.rb
[Closes #266]
2012-03-23 16:23:36 -05:00
sinn3r fbfd308d79 This actually shouldn't go it now because it's still being code reviewed 2012-03-23 15:32:24 -05:00
Tod Beardsley 47493af103 Merge pull request #259 from todb-r7/edb-2
Convert Exploit-DB references to first-tier "EDB-12345" references
2012-03-23 12:09:07 -07:00
sinn3r fef1e31e2a Merge branch 'olliwolli-3cdaemonsp3' 2012-03-23 08:52:19 -05:00
sinn3r 20f0a58c6a Minor fixes 2012-03-23 08:23:30 -05:00
Oliver-Tobias Ripka 30a3d8bb96 Add Windows SP3 to targets. 2012-03-23 13:52:18 +01:00
sinn3r 6625d97599 Add Ricoh DC DL-10 FTP Buffer Overflow 2012-03-22 15:30:00 -05:00
sinn3r 0a24c354db Update ms10-002 with dyphens 2012-03-21 19:19:20 -05:00
Tod Beardsley 7d12a3ad3a Manual fixup on remaining exploit-db references 2012-03-21 16:43:21 -05:00
Tod Beardsley 2f3bbdc00c Sed replacement of exploit-db links with EDB refs
This is the result of:

find modules/ -name \*.rb -exec sed -i -e 's#\x27URL\x27,
\x27http://www.exploit-db.com/exploits/\([0-9]\+\).*\x27#\x27EDB\x27,
\1#' modules/*.rb {} \
2012-03-21 16:43:21 -05:00
sinn3r 2c16eb29b6 Add CVE-2010-0248 Internet Explorer Object Handling Use After Free exploit 2012-03-21 16:11:26 -05:00
Tod Beardsley da963fc8b2 Adding OSVDB for dell_webcam_crazytalk.rb 2012-03-20 07:52:50 -05:00
Tod Beardsley e325469f6e Grammar fix for dell_webcam_crazytalk module 2012-03-20 07:43:02 -05:00
sinn3r f4dac59894 Add Dell Webcam CrazyTalk component BackImage overflow exploit 2012-03-20 03:46:37 -05:00
sinn3r aeb691bbee Massive whitespace cleanup 2012-03-18 00:07:27 -05:00
Tod Beardsley e3f2610985 Msftidy run through on the easy stuff.
Still have some hits, but that requires a little more code contortion to
fix.
2012-03-15 17:06:20 -05:00
Tod Beardsley 9144c33345 MSFTidy check for capitalization in modules
And also fixes up a dozen or so failing modules.
2012-03-15 16:38:12 -05:00
sinn3r ecb1fda682 Add OSVDB-79651: NetDecision 4.5 HTTP Server Buffer Overflow 2012-03-14 05:13:22 -05:00
Jonathan Cran 1cf25e58d5 merge description change 2012-03-12 17:22:01 -05:00
sinn3r 7d95132eab Use a cleaner way to calculate JRE ROP's NEG value 2012-03-11 17:27:47 -05:00
sinn3r 6c19466de8 Change output style 2012-03-11 13:59:18 -05:00
sinn3r 25a1552fbd Dynamic VirtualProtect dwSize. Change output style. 2012-03-11 13:49:46 -05:00
sinn3r b0e7c048c9 This module fits the GoodRanking description 2012-03-10 00:50:41 -06:00
sinn3r 1d5bad469c Add Windows 7 SP1 target 2012-03-10 00:11:25 -06:00
sinn3r 1ae779157d Disable Nops so we don't get an ugly crash after getting a shell 2012-03-08 18:56:58 -06:00
Tod Beardsley 1e4d4a5ba0 Removing EncoderType from flash module
Also not very useful
2012-03-08 16:57:41 -06:00
Tod Beardsley 302a42a495 Fixing up print statements
Dropping the ROP prints since they're not all that useful.
2012-03-08 16:56:44 -06:00
Tod Beardsley 1396fc19bd Fixup bad merge on flash mp4 2012-03-08 16:52:53 -06:00
sinn3r cb04e47304 Attempt #2: there's no cli in get_payload 2012-03-08 16:47:49 -06:00
sinn3r 3563fe1b36 The encoder "issue" was just a misconfig on my side. Also there's no cli in get_payload. 2012-03-08 16:41:32 -06:00
sinn3r fee2e1eff9 Minor spray size change 2012-03-08 16:19:51 -06:00
HD Moore 12395c719f Remove debugging code 2012-03-08 16:16:42 -06:00
HD Moore 87274987c1 Remove the now obsolete text about SWF_PLAYER 2012-03-08 16:16:13 -06:00
sinn3r 181fdb7365 A small title change 2012-03-08 16:10:16 -06:00
HD Moore 1271368b6f Redirect to a trailing slash to make sure relative resources load
properly
2012-03-08 15:37:06 -06:00
HD Moore b0db18674c Test out new player code 2012-03-08 15:05:12 -06:00
HD Moore eb847a3dfb Add a nicer prefix to the target selection message 2012-03-08 13:46:14 -06:00
Tod Beardsley 5b566b43b4 Catching an update from @hdmoore-r7
wrt the nuclear option.
2012-03-08 12:08:39 -06:00
sinn3r edb3f19c12 A little more padding for Win Vista target 2012-03-08 12:04:04 -06:00
Tod Beardsley 18962e1180 Checking in the new Flash exploit to the release
Using the checkout master directly:

 git checkout master external/source/exploits/CVE-2012-0754/Exploit.as
 git checkout master
modules/exploits/windows/browser/adobe_flash_mp4_cprt.rb
2012-03-08 11:55:01 -06:00
HD Moore 86fc45810b Remove the resource during cleanup 2012-03-07 23:04:53 -06:00
HD Moore b4e0daf3ca Small tweaks to the adobe mp4 exploit 2012-03-07 22:53:47 -06:00
sinn3r 9ece7b08fc Add vendor's advisory as a reference 2012-03-08 00:46:34 -06:00
sinn3r 5f92bff697 Make sure no encoder will break the exploit again 2012-03-08 00:44:57 -06:00
sinn3r 2e94b97c82 Fix description 2012-03-07 23:59:51 -06:00