1bfe1ad140
More demos
2016-02-17 19:04:06 -06:00
76f2c917ee
Allow no GITHUB_OAUTH_TOKEN, and gsub for demo
2016-02-17 15:38:30 -06:00
714106174e
Do external erb template
2016-02-17 14:27:29 -06:00
b0cfb4aacf
Add info -d to show module documentation in .md
2016-02-16 22:44:03 -06:00
aeb1d80e0d
Adding top 100 adobe passwords
2016-02-11 08:55:45 +08:00
b3e8bd1dab
Updated zsploit screens to use std msf colors
...
Using Rex::Ui::Text::Colors now instead of ansi codes
Thanks to @mainframed for the quick turnaround
2016-02-09 12:01:25 -06:00
90e37ea749
Added three cool new mainframe themed screens
...
Thanks to *Solider of Fortran* @mainframed for his amazing original artwork!
These set of 3 limited edition, original, one-of-a-kind screens will modernize
your msf installation to the 1960s and beyond. No seriously they are super cool
and now that metasploit-framework supports System Z - it seemed only fitting.
2016-01-20 06:10:51 -06:00
7f9b804060
Land #6410 , remove JtR binaries, update for independent framework releases
2016-01-06 14:16:49 -06:00
97ae09729c
Add john.conf to data dir as referenced by: lib/metasploit/framework/jtr/cracker.rb
2016-01-06 13:00:05 -06:00
ae57bce262
Adding wordlists back to path
2016-01-06 12:54:25 -06:00
bf764deefb
Add SCADA Default UserPass List
...
This list was based on SCADAPASS: https://github.com/scadastrangelove/SCADAPASS
2016-01-06 12:25:29 +08:00
be340774ea
Land #6432 , Piata SSH scanner wordlist
2016-01-05 10:15:17 -06:00
66e2d945d8
Add more SAP ICM paths
2016-01-05 13:05:46 +08:00
913e8ec525
Update piata_ssh_userpass.txt
2016-01-05 11:28:54 +08:00
713828d0b6
Add piata wordlist
...
Add user and pass wordlist from Piata Mass SSH scanner
2016-01-05 11:27:04 +08:00
8090bbc750
Changes to support framework as a gem
2015-12-30 11:00:45 -06:00
5f5b3ec6a1
Add MS15-134 Microsoft Windows Media Center MCL Information Disclosure
...
CVE-2015-6127
2015-12-17 22:41:58 -06:00
eb4611642d
Add Jenkins CLI Java serialization exploit module
...
CVE-2015-8103
2015-12-11 14:57:10 -06:00
c301c7c7b0
use wav with sounds plugin for windows / linux compat
2015-12-08 16:20:44 -06:00
d44224142e
Update audio files
2015-11-25 23:41:18 -06:00
776455d10a
Add another sound and event
...
Add sound: "We've got a shell"
Add event on_session_fail
2015-11-25 22:46:51 -06:00
af8c557fa9
Add the MP3s
2015-11-25 18:09:27 -06:00
fa32f43ee4
Muts says "Try harder!" or "Excellent" for the sounds plugin
...
With the sounds plugin, muts will say "excellent!" when a session
is received. If a session is terminated (either exited or lost),
muts will say "try harder!"
2015-11-25 18:06:58 -06:00
8703987535
Add HTTPS and new transport support for hop
2015-11-11 21:25:23 -06:00
9c347fbaae
Land #6195 , remove ff buildid from os.js
2015-11-05 15:01:15 -06:00
2f65405a4e
Fix missing brace and indent level
2015-11-05 14:30:26 -06:00
1f73bbe7ca
Remove obsolete files in data/gui/
2015-11-02 10:44:47 -06:00
d90f87449a
Fix merge
2015-09-22 16:55:01 -05:00
7d2a2a8b64
Fix issues with using hop for new core
2015-09-22 16:54:02 -05:00
48b06a2cd9
Fixed no detection error
2015-09-18 10:48:24 -05:00
858d3f5a55
Closes #3936 , Remove Firefox buildid from os.js
2015-09-16 16:04:22 -05:00
c7afe4f663
Land #5930 , MS15-078 (atmfd.dll buffer overflow)
2015-09-16 15:33:38 -05:00
9626596f85
Clean template code
2015-09-12 13:43:05 -05:00
53f995b9c3
Do first prototype
2015-09-10 19:35:26 -05:00
30cb93b4df
Land #5940 , @hmoore-r7's fixes for busybox post modules
2015-09-08 15:12:23 -05:00
122d57fc20
Land #5945 , Add auto-accept to osx/enum_keychain
2015-09-08 10:56:08 -05:00
1b320bae6a
Add auto-accept to osx/enum_keychain.
2015-09-07 21:17:49 -05:00
091c4d5214
Expand and reorder
2015-09-05 22:51:32 -05:00
76d74576db
Remove FTP-only default credentials
2015-09-05 22:39:51 -05:00
21b69b9430
Remove HP MPE/iX password defaults
2015-09-05 22:38:30 -05:00
eaf51a2113
Land #5722 , @vallejocc's busybox work
2015-09-04 13:36:44 -05:00
b39575928e
Update reflective exploit
2015-09-03 11:01:41 -05:00
b912e3ce65
Add exploit template
2015-09-02 17:28:35 -05:00
4090c2c8ea
Land #5880 , adds ScriptHost UAC bypass for Win7/2008
2015-09-02 14:14:18 -05:00
1b778d0650
Land #5898 , use gem version of php & python meterp
2015-08-31 16:16:36 -05:00
30830ad9e5
Land #5262 , fix webcam_chat and tidy adjacent code
2015-08-31 14:21:24 -05:00
a51d3df753
typo
2015-08-31 14:18:55 -05:00
9364982467
Land #5665 , Add osx rootpipe entitlements exploit for 10.10.3
2015-08-28 13:33:16 -05:00
11db9c2112
Land #5896 , Update ms15_004_tswbproxy to use a Reflective DLL
2015-08-27 17:11:26 -05:00
593f501571
finish move of php / python meterpreters to metasploit-payloads
2015-08-27 11:34:22 -05:00
a2d5511e39
Land #5379 , new post modules to load into powershell sessions
2015-08-26 17:11:40 -05:00
5d0ed797a3
Update DLL
2015-08-26 15:15:32 -05:00
228087dced
Initial working scripthost bypass uac
2015-08-23 20:16:15 +01:00
129edd8b2e
Original bypass script
2015-08-23 19:46:24 +01:00
d54249370b
Move tpwn source to external/source/exploits
2015-08-17 18:27:47 -05:00
efc980074c
Add tpwn exploit files
2015-08-17 17:11:07 -05:00
5dd015150c
Land #5748 , refactor google geolocate, add wlan_geolocate and send_sms to android meterpreter
2015-08-16 10:58:17 -05:00
1db376bed8
check if a process still exists before deleting it
2015-08-15 19:46:04 -05:00
5ff61ca5f3
Added modules to jailbreak and control remotely BusyBox based devices. It was added to a word list with default credentials typically used by commercial routers.
2015-08-10 18:29:41 +02:00
121fe1adda
Land #5654 : Python Meterpreter Transport
2015-07-22 10:39:06 +10:00
7113c801b1
Land #5732 , reliability update for adobe_flash_hacking_team_uaf
2015-07-17 16:43:39 -05:00
837eb9ea38
Land #5742 , better quality coverage for adobe_flash_opaque_background_uaf
2015-07-17 16:25:14 -05:00
255d8ed096
Improve adobe_flash_opaque_background_uaf
2015-07-16 14:56:32 -05:00
010e48919e
Pymet immediately change transports on tcp failure
2015-07-16 11:00:43 -04:00
0cb5000e48
Pymet use incremental backoff for http recv pkt
2015-07-16 10:29:36 -04:00
986463e489
Fix killav post module, handle errors, better output
2015-07-16 11:35:01 +10:00
8bead8fd87
av_list.txt
...
it's the av_list.txt, i sure hope this works.
2015-07-15 20:26:42 -04:00
831cb904a9
Pymet fix the new transport position
2015-07-15 19:45:34 -04:00
a637921305
Update swf
2015-07-15 18:35:41 -05:00
b504f0be8e
Update adobe_flash_hacking_team_uaf
2015-07-15 18:18:04 -05:00
18cb55f1fa
Pymet fix transport automatic roll over
2015-07-14 15:18:11 -04:00
00da619556
Pymet fix previous transport index logic
2015-07-14 14:32:57 -04:00
9f48853e00
Pymet fix the order in which transports are added
2015-07-14 14:26:27 -04:00
d6565a9aee
Merge branch 'bes_flash' into bapv2_flash_test
2015-07-14 00:34:54 -05:00
b72ba7f51c
Add AS2 flash detection code
2015-07-13 18:26:02 -05:00
8fb6bedd94
Delete as3 detecotr
2015-07-13 18:23:39 -05:00
9116460cb0
Add prototype with AS3
2015-07-13 16:33:55 -05:00
299978d0e2
Put again old exploiter
2015-07-11 00:36:32 -05:00
63005a3b92
Add module for flash CVE-2015-5122
...
* Just a fast port for the exploit leaked
* Just tested on win7sp1 / IE11
2015-07-11 00:28:55 -05:00
3d630de353
Replace with a real CVE number
2015-07-07 14:44:12 -05:00
2cdaace42f
Land #5678 , Land adobe_flash_hacking_team_uaf.r
2015-07-07 12:34:59 -05:00
d9aacf2d41
Add module for hacking team flash exploit
2015-07-07 11:19:48 -05:00
9e2e64bba1
Land #5644 , Windows 10 Detection for os.js
2015-07-06 16:19:06 -05:00
2a89e248d7
Pymet fix send uuid logic for Python 3.x
2015-07-06 11:20:34 -04:00
c993c70006
Remove sleep(), clean up WritableDir usage.
2015-07-05 18:59:00 -05:00
a8b56bb44a
Oops, need to include the binary files.
2015-07-05 18:24:45 -05:00
841fbddfc6
Pymet fix packet polling interval
2015-07-02 11:51:53 -04:00
0af397217c
Merge pymet transport feature into fresh branch
2015-07-02 08:43:13 -04:00
6ab7c314de
Pymet fix reverse_tcp transport for IPv6 addresses
2015-07-02 08:33:11 -04:00
dbe239bc75
Pymet fix transport next and prev for one transport
2015-07-02 08:23:02 -04:00
482247771d
Add a fingerprint for Windows 10 + IE11
2015-07-01 18:06:25 -05:00
cd688437ac
Add support for Windows 10 for os.js
...
Resolves #4248
2015-07-01 15:02:22 -05:00
b1b21c4bef
Pymet fixes for Python 3.x
2015-07-01 14:32:12 -04:00
1de94a6865
Add module for CVE-2015-3113
2015-07-01 13:13:57 -05:00
2a891c50eb
Pymet transport stabilty and correction
2015-07-01 11:12:30 -04:00
4b5b7c8a27
Pymet support for core_transport_remove
2015-06-30 15:46:33 -04:00
6a45e19636
Pymet fix bind and tcp socket cleanup logic
2015-06-30 15:25:23 -04:00
3d49781230
Pymet support for core_transport_sleep
2015-06-29 18:34:35 -04:00
9a8ffacfd1
Pymet transport changing improvements
2015-06-29 14:00:07 -04:00
00742ea924
Pymet cleaner transport switching with responses
2015-06-28 13:16:00 -04:00
f6fa462bdc
Pymet support for changing transports
2015-06-27 20:57:45 -04:00
175d9cdcb1
Pymet support for creating and listing transports
2015-06-26 16:52:55 -04:00
79185e91c6
Refactor the pymet to use transport objects
2015-06-26 14:56:31 -04:00
7aae9b210e
Add pymet support for core_enumextcmd
2015-06-26 11:32:51 -04:00
ee0377ca16
Add module for CVE-2015-3105
2015-06-25 13:35:01 -05:00
ae41f2bfa0
Update exploit binaries for ms15-051
2015-06-25 09:33:15 +10:00
e75287875b
hack android-specific commands back to life
2015-06-22 20:41:58 -05:00
3686accadd
Merge branch 'upstream/master' into cve-2015-1701
2015-06-22 07:52:17 +10:00
04901baab8
Land #5572 @todb-r7's adds snowden's password to unix_passwords.txt
2015-06-19 17:01:22 -05:00
b580f93c22
New password from Snowden
2015-06-19 15:37:48 -05:00
d116f1efd5
Land #5566 , @wchen-r7 fixes #5565 modifying os.js
2015-06-19 11:07:00 -05:00
308cad8c40
Fix #5565 , Fix os.js service pack detection
...
Fix #5565
2015-06-18 18:51:16 -05:00
de1542e589
Add module for CVE-2015-3090
2015-06-18 12:36:14 -05:00
17b8ddc68a
Land #5524 , adobe_flash_pixel_bender_bof in flash renderer
2015-06-15 02:42:16 -05:00
72672fc8f7
Delete debug
2015-06-11 17:39:36 -05:00
8ed13b1d1b
Add linux support for CVE-2014-0515
2015-06-11 16:18:50 -05:00
ae21b0c260
Land #5523 , adobe_flash_domain_memory_uaf in the flash renderer
2015-06-10 16:59:19 -05:00
4c5b1fbcef
Land #5522 , adobe_flash_worker_byte_array_uaf in the flash renderer
2015-06-10 14:49:41 -05:00
7527aa4f34
Disable debug
2015-06-10 14:07:18 -05:00
6c7ee10520
Update to use the new flash Exploiter
2015-06-10 13:52:43 -05:00
7fba64ed14
Allow more search space
2015-06-10 12:26:53 -05:00
ecbddc6ef8
Play with memory al little bit better
2015-06-10 11:54:57 -05:00
d622c782ef
Land #5519 , adobe_flash_uncompress_zlib_uninitialized in the flash renderer
2015-06-10 11:52:47 -05:00
2b4fe96cfd
Tweak Heap Spray
2015-06-10 10:56:24 -05:00
a6fe383852
Use AS Exploiter
2015-06-10 09:32:52 -05:00
e5d6c9a3cb
Make last code cleanup
2015-06-09 16:01:57 -05:00
cf8c6b510b
Debug version working
2015-06-09 15:46:21 -05:00
39851d277d
Unset debug flag
2015-06-09 11:36:09 -05:00
b7f0fad72f
Modify CVE-2014-0569 to use the flash exploitation code
2015-06-09 11:31:39 -05:00
f29b38b602
Add the top 20 keyboard patterns as passwords
...
See https://wpengine.com/unmasked/ for lots more, but this
covers the gif at
https://wpengine.com/unmasked/assets/images/commonkeyboardpatterns.gif
2015-06-05 16:46:08 -05:00
b291d41b76
Quick hack to remove hard-coded offsets
2015-06-05 13:19:41 +10:00
02181addc5
Update CVE-2014-0556
2015-06-04 18:23:50 -05:00
23df66bf3a
Land #5481 , no powershell. exec shellcode from the renderer process.
2015-06-04 15:45:09 -05:00
ab68d8429b
Add more targets
2015-06-04 12:11:53 -05:00
80cb70cacf
Add support for Windows 8.1/Firefox
2015-06-03 22:46:04 -05:00
74117a7a52
Allow to execute payload from the flash renderer
2015-06-03 16:33:41 -05:00
455a3b6b9d
Add butchered version of CVE-2015-1701
2015-06-03 21:48:23 +10:00
64e86165ef
remove android meterpreter bins, update to payloads 1.0.2
...
This switches us to using the Android payload files from the
metasploit-payloads gem
2015-06-01 09:14:31 -05:00
7d5af66fa0
Merge branch 'master' into land-5367-uuid-stagers
2015-05-29 13:00:35 -05:00
737559bcbb
Land #5180 , VBA Powershell for Office Macro
2015-05-28 19:55:27 -05:00
e9714bfc82
Solve conflics
2015-05-27 23:22:00 -05:00
e749733eb6
Land #5419 , Fix Base64 decoding on ActionScript
2015-05-27 23:13:51 -05:00
e5d42850c1
Add support for Linux to CVE-2015-0336
2015-05-27 17:05:10 -05:00
801deeaddf
Fix CVE-2015-0336
2015-05-27 15:42:06 -05:00
bd1bdf22b5
Fix CVE-2015-0359
2015-05-26 17:27:20 -05:00
19c7445d9d
Fix CVE-2015-0336
2015-05-26 17:20:49 -05:00
23d244b1fa
Fix CVE-2015-0313
2015-05-26 16:11:44 -05:00
5c8c5aef37
Fix CVE-2014-8440
2015-05-26 16:05:08 -05:00
d78d04e070
Fix CVE-2014-0569
2015-05-26 15:49:22 -05:00
e0a1fa4ef6
Fix indentation
2015-05-26 15:38:56 -05:00
1742876757
Fix CVE-2014-0556
2015-05-26 15:30:39 -05:00
3e122fe87c
Fix b64 decoding
2015-05-26 15:15:33 -05:00
29ccc8367b
Add More messages
2015-05-26 14:47:47 -05:00
1bf1c37cfa
Add exception handling
2015-05-26 14:31:07 -05:00
fb8a927941
Hardcode params
2015-05-26 14:20:43 -05:00
f119da94ca
Add one more message
2015-05-26 14:14:38 -05:00
15533fabe6
Log messages
2015-05-26 14:08:24 -05:00
91357ee45b
Improve reliability
2015-05-26 13:47:33 -05:00
9e50114082
Merge branch 'upstream/master' into uuid-stagers
2015-05-25 11:22:35 +10:00
1c73c190fc
Add machine_id support to windows php meterp
2015-05-22 14:55:29 +10:00
f35d7a85d3
Adjust numbers
2015-05-21 15:56:11 -05:00
80d4f3cfb0
Update swf
2015-05-21 14:55:00 -05:00
8d6cbf0568
Make adobe_flash_uncompress_zlib_af multiplatform
2015-05-20 18:57:37 -05:00
c0b995cc97
new changes
2015-05-19 16:18:06 +01:00
b513304756
new changes
2015-05-19 15:47:30 +01:00
0cda746bfb
Updated size
2015-05-19 14:08:59 +01:00
811c45ab90
new
2015-05-19 14:06:41 +01:00
24526c2ef9
Removed unused data files
2015-05-18 21:46:05 +10:00
9296a024e2
PHP meterpreter refactoring in prep for uuid work
2015-05-18 17:40:48 +10:00
0d56b3ee66
Stage UUIDs, generation options, php and python meterp uuid
2015-05-18 13:29:46 +10:00
5cf6d28c34
Land #5426 , use RAW for TLV hash binary data
2015-05-15 11:54:45 -05:00
25099dd877
Land #5212 , HTA Powershell template
2015-05-15 11:49:07 -05:00
3bc3614be6
Do a check for powershell.exe before running it.
2015-05-15 11:48:21 -05:00
c614f6059d
Merge branch 'master' into land-5326-
2015-05-15 11:29:54 -05:00
d4798a2500
Fix spacinG
2015-05-11 09:04:03 +01:00
c916021fc5
SSL Support for Powershell Payloads
2015-05-10 21:45:59 +01:00
d3ba84b378
Add TLV_TYPE_FILE_HASH
2015-05-10 14:18:16 +01:00
c103779eab
Land #5080 , @bcook-r7's 'ls' and 'download' meterpreter improvements
2015-05-08 18:02:16 -05:00
71518ef613
Land #5303 , metasploit-payloads Java binaries
2015-05-07 22:39:54 -05:00
51bb4b5a9b
Add module for CVE-2015-0359
2015-05-07 17:00:00 -05:00
582919acac
Add module for CVE-2015-0336
2015-05-05 17:25:19 -05:00
f0c989c1b5
remove java payloads and jars
2015-05-05 15:01:00 -05:00
05e4af8162
Land #5214 , initial meterpreter session recovery support
2015-05-04 16:25:27 -05:00
cda7dc3494
remove old posix meterpreter bins
2015-05-04 09:44:37 -05:00
d934027b3b
expand glob match
2015-05-04 03:56:15 -05:00
c5c7242374
teach pymet how to glob on ls as well
2015-05-04 03:56:14 -05:00
17e54fff1f
Land #5275 , Flash CVE-2014-8440
2015-04-30 12:14:06 -05:00
cbaaea2ce4
Land #5278 , D-Link Telnet passwords
2015-04-30 11:23:33 -05:00
dbba466b5b
Add module for CVE-2014-8440
2015-04-29 17:52:04 -05:00
f2b50e1e2f
removed empty line
2015-04-27 05:29:47 +02:00
1fd601510c
Lands #5194 , merges in PowerShell session support & initial payloads
2015-04-26 16:01:51 -05:00
76e68fcf4c
session info
2015-04-26 20:13:18 +01:00
f74d385b6a
dlink telnet passwords added from firmware.re
2015-04-26 02:29:30 +02:00
aa4dc78cba
updates to author comments in powershell script
2015-04-25 08:47:17 +01:00
19aa668f99
updates to include reverse and bind
2015-04-22 20:41:19 +01:00
5140b8cf9c
fix crash on fork with OSX Python meterpreter using SystemConfiguration
...
Calling into SystemConfiguration before forking seems to allow the child
process to use it without a null pointer dereference.
2015-04-21 17:17:27 -05:00
381f6ffe0a
HTA Powershell template
2015-04-20 23:19:54 +01:00
b0d50dc2be
Create our own Rex connection to the endpoint
...
Ensure powershell process closes when module completes
Add a windows cmd interact payload
2015-04-19 23:41:28 +01:00
8bd0da580d
Move script out of module
2015-04-19 21:12:44 +01:00
b229e87940
Create VBA powershell
2015-04-17 16:52:12 +01:00
15eef6e8de
Dont fork on OSX
2015-04-17 11:43:07 +01:00
28fac60c81
Add module for CVE-2015-0556
2015-04-15 14:08:16 -05:00
8d1126eaa5
Land #5129 , x64 BSD prepend stubs 'n' stuff
2015-04-14 01:24:50 -05:00
2d3614f647
Implement x64 BSD exec and exe template.
...
- Fixes bug in CachedSize due to all options being set
- Adds new payload to payload_spec.
2015-04-12 12:17:25 -05:00
3313dac30f
Land #5119 , @wvu's addition of the OSX rootpipe privesc exploit.
...
orts
borts
2015-04-10 12:38:25 -05:00
c4b7b32745
Add Rootpipe exploit
2015-04-10 11:22:00 -05:00
91f5d0af5a
Add module for CVE-2014-0569
...
* Adobe flash, Integer overflow on casi32
2015-04-09 19:37:26 -05:00
2977cbd42a
Merge branch 'upstream/master' into dynamic-transport
2015-04-07 14:30:48 +10:00
0d78834083
update meterpreter binaries
2015-04-03 05:47:18 -05:00
fc44f5b1f4
Merge branch 'upstrea/master' into dynamic-transport
...
Small merge required with the https payload proxy changes.
2015-04-03 10:14:48 +10:00
ec2f9e3c05
Add SSH root password 'arcsight' for HP ArcSight Logger
...
The default password for root is 'arcsight'
2015-04-02 11:04:07 -05:00
47fa97816d
Code fixes as per suggestions, fix build
...
* Use of `ERROR_FAILURE_WINDOWS` in python meterpreter.
* Moving of constants/logic to client_core instead of
command_dispatcher.
* Fix spec include.
2015-04-02 09:05:38 +10:00
293cbfc8f3
Slightly wanged one of the text bubbles
2015-04-01 06:46:50 -05:00
01bdf54487
Merge branch 'upstream/master' into dynamic-transport
2015-04-01 18:53:20 +10:00
02383d4e90
Add machine_id functionality to python meterpreter
2015-04-01 17:50:50 +10:00
34d637c7b8
Needs more ponies
2015-03-31 13:59:37 -05:00
8ea1ffc6ff
Land #5030 , CVE-2015-0313 Flash Exploit
2015-03-30 11:31:53 -05:00
11c6f3fdca
Do reliable resolution of kernel32
2015-03-29 15:52:13 -05:00
f84a46df63
Add module for CVE-2015-0313
2015-03-27 18:51:13 -05:00
10e8cefd6d
Pymet dont validate ssl certs for 2.7.9/3.4.3
2015-03-25 19:49:42 -04:00
7282968d8a
Python reverse HTTPS stager
2015-03-21 12:43:14 -04:00
b29d2b5e84
do not die if the uid/gid of a file is > 65535
...
The meterpreter stat command is a little broken in that it assumes uid/gids
16-bit. Prevent this from erroring with python meterpreter on a system with a
large uid/gid.
2015-03-20 22:34:01 -05:00
8608569964
Pymet support for creating and renaming unicode paths
2015-03-20 08:49:23 -04:00
bac2e7c5f8
Pymet improved unicode support for working directories
2015-03-19 18:31:42 -04:00
f9bf4e3100
Fix pymet for unicode files and directories
...
Closes #4958
2015-03-19 17:23:00 -04:00
35d29f5d08
update linux meterpreter bins
2015-03-18 23:24:32 -05:00
076f15f933
Land #4792 @jakxx Publish It PUI file exploit
2015-03-18 20:59:54 -04:00
085e6cc815
Implemented Recommended Changes
...
-corrected spelling error
-set only option to required
-dumped header data to included file
-Used Rex for jmp values
2015-03-17 16:39:56 -04:00
bb81107e51
Land #4927 , @wchen-r7's exploit for Flash PCRE CVE-2015-0318
2015-03-13 23:58:05 -05:00
0ee0a0da1c
This seems to work
2015-03-13 04:43:06 -05:00
0c3329f69e
Back on track
2015-03-12 15:26:55 -05:00
215c209f88
Land #4901 , CVE-2014-0311, Flash ByteArray Uncompress UAF
2015-03-11 14:04:17 -05:00
43b90610b1
Temp
2015-03-11 13:53:34 -05:00
2a9d6e64e2
Starting point for CVE-2015-0318
2015-03-11 09:58:41 -05:00
cb72b26874
Add module for CVE-2014-0311
2015-03-09 16:52:23 -05:00
df80d56fda
Land #4898 , prefer URI to open-uri
2015-03-09 09:14:10 -05:00
d7295959ca
Remove open-uri usage in msf.
2015-03-05 23:45:28 -06:00
64fd818364
Land #4411 , @bcook-r7's support for direct, atomic registry key access in meterpreter
2015-03-04 10:01:33 -06:00
0988c5e691
use the correct implementation for query_value_direct
2015-03-03 22:29:23 -06:00
c498ba64e4
Added a new pair of default Tomcat credentials. QLogic's QConvergeConsole comes with a bundled Tomcat with a hard-coded username and password for the manager app.
2015-02-19 15:08:50 -06:00
b90639fd66
Land #4726 , X360 Software actvx buffer overflow
2015-02-17 11:41:23 -06:00
0597d2defb
Land #4560 , Massive Java RMI update
2015-02-17 10:07:07 -06:00
cf0589f8c6
add support for direct reg access to pymeterpreter
...
When testing this, I found that the python meterpreter hangs running the
following, with or without these changes.
```
use exploit/multi/handler
set payload python/meterpreter/reverse_tcp
set PythonMeterpreterDebug true
set lhost 192.168.43.1
exploit -j
sleep 5
use exploit/windows/local/trusted_service_path
set SESSION 1
check
```
This turned out to be that pymeterpreter ate all the rest of the data in the
recv socket by consuming 4k unconditionally. This would only be exposed if
there were multiple simultaneous requests so the recv buffer filled beyond a
single request, e.g. when using the registry enumeration functions.
2015-02-17 06:11:20 -06:00
7e9a331087
remove unused .class files
...
These were added for multi/browser/java_signed_applet, but the class
files are already packaged in a jar file, which is what is actually
used.
2015-02-12 16:08:29 -06:00
7ab7add721
bump meterpreter_bins to 0.0.14, update Linux binaries.
...
Hopefully the last manual build before packaging the Linux bins into
meterpreter_bins as well.
This includes all of the fixes and improvements over the past month.
rapid7/meterpreter#116
rapid7/meterpreter#117
rapid7/meterpreter#121
rapid7/meterpreter#124
2015-02-10 12:43:47 -06:00
1f4fdb5d18
Update from master
2015-02-10 10:47:17 -06:00
511f637b31
Call CollectGarbage
2015-02-09 14:44:31 -06:00
af405eeb7d
Land #4287 , @timwr's exploit form CVS-2014-3153
2015-02-09 10:33:14 -06:00
0e4f3b0e80
added built data/exploits/CVE-2014-3153.elf
2015-02-09 09:50:31 -06:00
a46a53acaf
Provide more space for the payload
2015-02-06 14:49:49 -06:00
wchen-r7
Jay Turla
Bigendian Smalls
Brent Cook
Chris Doughty
William Vu
dmohanty-r7
scriptjunkie
Louis Sato
James Lee
Mo Sadek
jvazquez-r7
joev
HD Moore
Meatballs
jvicente
OJ
Spencer McIntyre
Marc-Andre Meloche
Tod Beardsley
benpturner
Tim
m-1-k-3
jakxx
Ferenc Spala
