94f114b69a
Fix typos
2012-05-23 10:22:52 -05:00
7a4f1a111b
Merge branch 'cve-2008-0320_openoffice_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-cve-2008-0320_openoffice_bof
2012-05-23 10:20:16 -05:00
287d68f304
added module for CVE-2008-0320
2012-05-23 17:14:11 +02:00
a37e98f159
Updating release from master.
2012-05-22 14:12:08 -05:00
c4b64a51f7
Added reference to vendor advisory
2012-05-22 13:22:26 -05:00
c823e8099e
randomization when possible for flexnet_lmgrd_bof
2012-05-22 08:32:10 +02:00
cafe803217
Fix typos
2012-05-21 16:32:33 -05:00
72b1f113ce
Added module for ZDI-12-052
2012-05-21 16:32:33 -05:00
675dfe4e14
Don't keep the weblogi return codes secret
2012-05-21 11:27:24 -05:00
1fc7597a56
Msftidy fixes.
...
Fixed up activecollab_chat, batik_svg_java, and foxit_reader_launch
All whitespace fixes.
2012-05-21 10:59:52 -05:00
822e109b1f
Merge pull request #398 from wchen-r7/foxit_reader_launch
...
CVE-2009-0837 by bannedit - Foxit Reader 3 Launch Action BoF
2012-05-20 07:58:29 -07:00
f9bcb95952
Correct EDB references
2012-05-19 02:24:29 -05:00
e4f80a1fab
Francisco is the the one who found it according to advisory
2012-05-18 17:12:52 -05:00
41aac751e9
Add CVE-2009-0837 by bannedit - Foxit Reader 3 Launch Action Buffer Overflow
...
This was added last year, but yanked due to some reliability issues.
bannedit gave me the updated version recently, and the issue he was having
appears to be resolved.
There is no good P/P/R to use in XP SP3, so that system isn't supported.
2012-05-18 13:25:51 -05:00
bedf010676
description modified
2012-05-18 01:23:09 +02:00
e7f5bf132c
trying to improve bea weblogic connector bof
2012-05-18 01:13:56 +02:00
c0d17734ed
Improve run-on sentences.
2012-05-17 15:00:00 -05:00
32a0596a03
Merge branch 'oracle_bea_post_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-oracle_bea_post_bof
2012-05-17 14:52:10 -05:00
c4ab521d7b
better tab indentation
2012-05-17 21:41:31 +02:00
0b35ab6a75
If the target isn't support, make sure we warn the user
2012-05-17 12:34:17 -05:00
a21e832336
fingerprinting bea connector with Transfer-Encoding
2012-05-17 19:21:16 +02:00
952ada1742
Fix broken target (variable naming)
2012-05-17 11:37:49 -05:00
9a5e4d6500
Added target BEA Weblogic 8.1 SP4
2012-05-17 11:07:22 +02:00
445bd90afb
Added module for CVE-2008-3257
2012-05-17 10:28:18 +02:00
b89e77c842
Add Spanish dir path. Thanks Miguel
2012-05-15 19:27:48 -05:00
f5698f4bdc
Msftidy on mozilla_attribchildremoved.rb
...
was executable, had bad spacing.
2012-05-15 15:45:07 -05:00
82885cc6e5
Fixing author tags
...
Ensuring a space between name and email.
2012-05-15 15:45:07 -05:00
898398fd54
Fixing author tags
...
Ensuring a space between name and email.
2012-05-15 15:43:53 -05:00
9b3f602910
Msftidy on mozilla_attribchildremoved.rb
...
was executable, had bad spacing.
2012-05-15 15:39:30 -05:00
d54a228f65
Correct version number
2012-05-15 01:16:41 -05:00
7690e86a89
add osvdb ref
2012-05-14 07:14:10 -05:00
bcfa96ced8
add osvdb ref
2012-05-14 07:13:49 -05:00
d2c26f989c
Cleanup whitespace
2012-05-13 04:42:22 -05:00
c1fbf1f931
Merge branch 'mozilla_attribchildremoved' of https://github.com/corelanc0d3r/metasploit-framework into corelanc0d3r-mozilla_attribchildremoved
2012-05-13 04:37:49 -05:00
dd42c3096e
added exploit for Firefox 8&9 AttributeChildRemoved UAF
2012-05-13 11:31:46 +02:00
5d8fbefc3d
Merge pull request #378 from wchen-r7/distinct
...
Add OSVDB-80984 - Distinct TFTP Directory traversal
2012-05-11 13:14:19 -07:00
653d7e5923
Add OSVDB-80984
2012-05-11 15:07:31 -05:00
7eabce8872
Add comment for PrependEncoder
2012-05-10 12:18:50 -05:00
65800f7c6e
Whitespace on solarwinds
2012-05-09 12:47:22 -05:00
ce16ab662c
Cosmetic changes. Also lower the rank for now, because I picked up a state where it can be less stable.
2012-05-08 00:22:19 -05:00
22585ad935
Merge branch 'firefox_exploit' of https://github.com/lincoln-corelan/metasploit-framework into lincoln-corelan-firefox_exploit
2012-05-08 00:00:03 -05:00
b8227b8a2e
Firefox Exploit
2012-05-07 19:41:03 -07:00
f6c88377f4
Fixes #362 by changing the exitfunction arguments to be the correct type
2012-05-07 02:41:08 -05:00
ba4ae384d7
add osvdb ref
2012-05-05 10:14:07 -05:00
d5d35551ab
Add EDB reference
2012-05-04 00:11:29 -05:00
25b11a02b5
Update the comment for check()
2012-05-03 20:37:36 -05:00
4bf674ece6
Pff, and of course, I had to make a typo on that one
2012-05-03 20:34:52 -05:00
1a4d3f849c
A little change to the description
2012-05-03 20:33:28 -05:00
7ca69f00b0
Add Solarwinds Storage Manager 5.1.0 SQL Injection (code execution)
2012-05-03 20:24:42 -05:00
3e72f555ae
Forgot... I don't need to print the client's IP manually anymore
2012-05-01 12:56:03 -05:00
3099236059
We no longer have to print the client's IP, because it's now a built-in feature.
2012-05-01 12:47:55 -05:00
01b0d85526
module for cve-2012-1775 added
2012-05-01 16:39:30 +02:00
5fec29e6b7
Add McAfee Virtual Technician ActiveX MVTControl vulnerability
2012-04-30 16:23:52 -05:00
fd2e4c12a2
Fix possible "can't convert Fixnum into String" error
2012-04-30 13:49:53 -05:00
cc76438a75
Merge branch 'jlee-r7-http-print-standardization'
2012-04-25 15:38:46 -05:00
711fb73048
Fix more print_*
2012-04-25 15:01:50 -05:00
9189dea4e4
Merge branch 'http-print-standardization' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-http-print-standardization
2012-04-25 13:53:30 -05:00
9c9b74cae2
Small change with the description
2012-04-24 15:47:31 -05:00
ecd7762df9
Merge branch 'shadow-exploit-module' of https://github.com/b0telh0/metasploit-framework into b0telh0-shadow-exploit-module
2012-04-24 15:30:09 -05:00
5bf5e8888d
Minor changes
2012-04-24 13:48:45 -05:00
e57ba79402
Merge branch 'cve-2012-0158_mscomctl_bof' of https://github.com/juanvazquez/metasploit-framework into juanvazquez-cve-2012-0158_mscomctl_bof
2012-04-24 13:46:24 -05:00
4c72193922
Fix undefined method `[something]' for nil:NilClass
2012-04-24 01:46:03 -05:00
cca97f2989
added module for CVE-2012-0158
2012-04-23 22:59:25 +02:00
90a7458b56
Lower the rank a little to favor other modules in BAP
2012-04-23 15:15:08 -05:00
66ecf28451
Shadow stream recorder exploit.
2012-04-22 19:19:40 -03:00
9cdd8912c5
Remove spurious cli.peerhost in output
2012-04-20 13:31:42 -06:00
37e75dc644
Make this description a little more sense
2012-04-20 12:25:51 -05:00
c68a775106
Fix EDB references
2012-04-19 23:53:32 -05:00
12bf301d2b
Correct file name
2012-04-19 21:17:19 -05:00
05459ca3ff
Change module description
2012-04-19 21:17:19 -05:00
072faa65ec
Massive code cleanup
2012-04-19 21:17:19 -05:00
93134e6fd2
Change default target
2012-04-19 21:17:19 -05:00
47ecd36805
Implemented Changes suggested by wchen-r7 (sinn3r)
2012-04-19 21:17:19 -05:00
feb625cab0
Updated module
2012-04-19 21:17:19 -05:00
8caec4777f
TFTPserverST addition
2012-04-19 21:17:18 -05:00
93390fa6e2
Fix metadata and some cosmetic stuff
2012-04-19 19:12:27 -05:00
bce6c9abcf
Verify checksum to avoid jumping to a corrupt payload
2012-04-19 18:52:43 -05:00
ae7c2acf9d
Merge branch 'xradio-exploit-module' of https://github.com/b0telh0/metasploit-framework into b0telh0-xradio-exploit-module
2012-04-19 18:09:20 -05:00
8d1d63dda8
Correct OSVDB reference, thanks modpr0be
2012-04-19 12:04:11 -05:00
7071c30b4b
These modules don't really print anything out with print_status(), which makes it weird to look now that we've implemented egypt's output style changes
2012-04-18 16:07:41 -05:00
0e45b6c06c
Avoid printing ip:port twice
2012-04-18 16:01:10 -05:00
1f577b24b2
Merge branch 'rapid7' into http-print-standardization
2012-04-18 08:51:42 -06:00
f3ebe284ca
Minor cosmetic changes
2012-04-18 02:38:25 -05:00
15539c633b
Merge branch 'chap0-gsm' of https://github.com/chap0/metasploit-framework into chap0-chap0-gsm
2012-04-18 02:32:42 -05:00
e52f40daf1
Cosmetic changes
2012-04-18 02:25:43 -05:00
01beddc609
Merge branch 'cyberlink' of https://github.com/mrmee/metasploit-framework into mrmee-cyberlink
...
Conflicts:
modules/exploits/windows/fileformat/cyberlink_p2g_bof.rb
2012-04-18 02:03:59 -05:00
862869e4f2
Strip ms03_020_ie_objecttype from Browser AutoPwn because:
...
1. We have newer browser modules that can replace it, and already do.
2. It uses an egghunter that we don't favor in BAP
3. It uses system addresses, which we no longer favor.
2012-04-17 22:26:14 -05:00
f9b2fe89b2
Merge branch 'rapid7' into http-print-standardization
...
Conflicts:
modules/exploits/windows/browser/apple_quicktime_marshaled_punk.rb
modules/exploits/windows/browser/apple_quicktime_rtsp.rb
modules/exploits/windows/browser/apple_quicktime_smil_debug.rb
2012-04-17 19:15:06 -06:00
f9a48ace48
Switch to using :method, see previous commit
2012-04-17 18:48:14 -06:00
eedf4520be
Merge branch 'rapid7' into bap-refactor
2012-04-17 16:20:11 -06:00
0fccc67774
Add MS12-004 to BAP
2012-04-17 16:40:32 -05:00
02c3b7df7a
'cli' should be 'client'
2012-04-17 07:13:17 -05:00
1a0c8e5d42
'cli' should be 'client'
2012-04-17 07:12:08 -05:00
dd7caa5186
'cli' should be 'client'
2012-04-17 07:10:32 -05:00
1e2203867c
Repair 'no encoders encoded the buffer successfully' issues
2012-04-16 13:43:25 -05:00
4bcbdc54c9
Cutting over rails3 to master.
...
This switches the Metasploit Framework to a Rails 3 backend. If you run
into new problems (especially around Active Record or your postgresql
gem) you should try first updating your Ruby installation to 1.9.3 and
use a more recent 'pg' gem.
If that fails, we'd love to see your bug report (just drop all the
detail you can into an issue on GitHub). In the meantime, you can
checkout the rails2 branch, which was branched from master immediately
before this cutover.
Squashed commit of the following:
commit 5802ec851580341c6717dfea529027c12678d35f
Author: HD Moore <hd_moore@rapid7.com>
Date: Sun Apr 15 23:30:12 2012 -0500
Enable MSF_BUNDLE_GEMS mode by default (set to N/F/0 to disable)
commit 8102f98dce9eb0c73c4374e40dce09af7b51d060
Author: HD Moore <hd_moore@rapid7.com>
Date: Sun Apr 15 23:30:03 2012 -0500
Add a method to expand win32 file paths
commit bda6479d154cf75572dd5de8b66bfde661a55de9
Author: HD Moore <hd_moore@rapid7.com>
Date: Sun Apr 15 18:53:44 2012 -0500
Fix 1.8.x compatibility
commit 101ce4eb17bfdf755ef8c0a5198174668b6cd6fd
Author: HD Moore <hd_moore@rapid7.com>
Date: Sun Apr 15 18:40:59 2012 -0500
Use verbose instead of stringio
commit 5db467ffb593488285576d183b1662093e454b3e
Author: HD Moore <hd_moore@rapid7.com>
Date: Sun Apr 15 18:30:06 2012 -0500
Hide the iconv warning, were stuck with it due to EBCDIC support
commit 63b9cb20eb6a61daf4effb4c8d2761c16ff0c4e0
Author: HD Moore <hd_moore@rapid7.com>
Date: Sun Apr 15 18:29:58 2012 -0500
Dont use GEM_HOME by default
commit ca49271c22c314a4465fff934334df18c704cbc0
Author: HD Moore <hd_moore@rapid7.com>
Date: Sun Apr 15 18:23:34 2012 -0500
Move Gemfile to root (there be dragons, lets find them) and catch failed bundler loads
commit 34af04076a068e9f60c5526045ddbba5fca359fd
Author: HD Moore <hd_moore@rapid7.com>
Date: Sun Apr 15 18:18:29 2012 -0500
Fallback to bundler when not running inside of a installer env
commit ed1066a4f3f12fae7d4afc03eb1ab70ffe2f9cf3
Author: HD Moore <hd_moore@rapid7.com>
Date: Sun Apr 15 16:26:55 2012 -0500
Remove a mess of gems that were not actually required
commit 21290a73926809e9049a59359449168f740d13d2
Author: HD Moore <hd_moore@rapid7.com>
Date: Sun Apr 15 15:59:10 2012 -0500
Hack around a gem() call that is well-intentioned but an obstacle in this case
commit 8e414a8bfab9641c81088d22f73033be5b37a700
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Apr 15 15:06:08 2012 -0500
Ruby, come on. Ducktype this. Please.
Use interpolated strings to get the to_s behavior you don't get with
just plussing.
commit 0fa92c58750f8f84edbecfaab72cd2da5062743f
Author: HD Moore <hd_moore@rapid7.com>
Date: Sun Apr 15 15:05:42 2012 -0500
Add new eventmachine/thin gems
commit 819d5e7d45e0a16741d3852df3ed110b4d7abc44
Author: HD Moore <hd_moore@rapid7.com>
Date: Sun Apr 15 15:01:18 2012 -0500
Purge (reimport in a second)
commit ea6f3f6c434537ca15b6c6674e31081e27ce7f86
Author: HD Moore <hd_moore@rapid7.com>
Date: Sun Apr 15 14:54:42 2012 -0500
Cleanup uncessary .so files (ext vs lib)
commit d219330a3cc563e9da9f01fade016c9ed8cda21c
Author: HD Moore <hd_moore@rapid7.com>
Date: Sun Apr 15 14:53:02 2012 -0500
PG gems built against the older installation environment
commit d6e590cfa331ae7b25313ff1471c6148a6b36f3b
Author: HD Moore <hd_moore@rapid7.com>
Date: Sun Apr 15 14:06:35 2012 -0500
Rename to include the version
commit a893de222b97ce1222a55324f1811b0262aae2d0
Author: HD Moore <hd_moore@rapid7.com>
Date: Sun Apr 15 13:56:47 2012 -0500
Detect older installation environments and load the arch-lib directories into the search path
commit 6444bba0a421921e2ebe2df2323277a586f9736f
Author: HD Moore <hd_moore@rapid7.com>
Date: Sun Apr 15 13:49:25 2012 -0500
Merge in windows gems
commit 95efbcfde220917bc7ee08e6083d7b383240d185
Author: Tod Beardsley <todb@metasploit.com>
Date: Sun Apr 15 13:49:33 2012 -0500
Report_vuln shouldn't use :include in finder
find_or_create_by doesn't take :include as a param.
commit c5f99eb87f0874ef7d32fa42828841c9a714b787
Author: David Maloney <DMaloney@rapid7.com>
Date: Sun Apr 15 12:44:09 2012 -0500
One more msised Mdm namespace issue
commit 2184e2bbc3dd9b0993e8f21d2811a65a0c694d68
Author: David Maloney <DMaloney@rapid7.com>
Date: Sun Apr 15 12:33:41 2012 -0500
Fixes some mroe Mdm namespace confusion
Fixes #6626
commit 10cee17f391f398bb2be3409137ff7348c7a66ee
Author: HD Moore <hd_moore@rapid7.com>
Date: Sun Apr 15 03:40:44 2012 -0500
Add robots gem (required by webscan)
commit 327e674c83850101364c9cca8f8d16da1de3dfb5
Author: HD Moore <hd_moore@rapid7.com>
Date: Sun Apr 15 03:39:05 2012 -0500
Fix missing error checks
commit a5a24641866e47e611d7636a3f19ba3b3ed10ac5
Author: HD Moore <hd_moore@rapid7.com>
Date: Sun Apr 15 01:15:37 2012 -0500
Reorder requires and add a method for injecting a new migration path
commit 250a5fa5ae8cb05807af022aa4168907772c15f8
Author: HD Moore <hd_moore@rapid7.com>
Date: Sun Apr 15 00:56:09 2012 -0500
Remove missing constant (use string) and add gemcache cleaner
commit 37ad6063fce0a41dddedb857fa49aa2c4834a508
Merge: d47ee82 4be0361b8129f9a26e8446b9a219
2012-04-15 23:35:38 -05:00
fdd8afea88
minor changes
2012-04-15 22:58:58 -03:00
5bb087d9a7
Exploit module for xRadio Buffer Overflow.
2012-04-15 19:16:11 -03:00
9b2797f707
better randomization
2012-04-15 12:16:51 +10:00
50e36d3fb0
cyberlink Power2Go name attribute stack buffer overflow
2012-04-14 17:57:22 +10:00
4be0361f69
These modules shouldn't be here, sorry
2012-04-14 02:12:45 -05:00
c6a6b79c23
gsm sim 5.15 module, can get the download to test here >
...
download.cnet.com/GSM-SIM-Utility/3000-18508_4-10396246.html
2012-04-13 22:12:48 -07:00
5cbf447a13
Correct OSVDB reference, thanks Daniel
2012-04-13 23:34:44 -05:00
cdd49bf16a
fixed references, describe target better
2012-04-13 11:23:28 +10:00
c851722d50
fixed the description...
2012-04-13 11:18:24 +10:00
9b0c211160
exploit for cyberlinks Power2Go application. I find this software installed by default on alot of HP notebooks along with the CD installer. Not quite sure this was exploited earlier..
2012-04-13 11:07:36 +10:00
762324e286
Merge remote-tracking branch 'upstream/master'
2012-04-13 10:26:12 +10:00
d31771d7f9
Randomize as many nops as possible without making the exploit too unstable
2012-04-12 03:45:13 -05:00
0d739a1a51
Module rename. Cleanup whitespace. Fix typos.
2012-04-12 03:45:12 -05:00
14f85e406f
exploit for Quest InTrust 10.4.x Annotation Objects ActiveX Control AnnotateX.dll Uninitialized Pointer Remote Code Execution
2012-04-12 03:45:12 -05:00
846be0e983
exploit for Quest InTrust 10.4.x Annotation Objects ActiveX Control AnnotateX.dll Uninitialized Pointer Remote Code Execution
2012-04-12 13:10:18 +10:00
b077efb7f0
Missed one.
2012-04-11 00:30:18 -06:00
d0eb383655
Un-standardize printing in browser modules
...
This is now handled by the HttpServer mixin
2012-04-11 00:26:25 -06:00
28534d5f6e
Merge branch 'rapid7' into bap-refactor
2012-04-10 12:42:27 -06:00
2de0c801d9
Add vulnerable version numbers to the description
2012-04-09 14:41:42 -06:00
246ebca940
added module for CVE-2012-0198
2012-04-09 20:45:27 +02:00
bef12478fc
Merge branch 'bap-refactor' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-bap-refactor
2012-04-09 09:58:22 -05:00
037fbf655e
Standardize the print format for modules used by browser autopwn
2012-04-09 01:57:50 -06:00
3ca440089e
Add checks for .NET requisites
...
Also standardizes print_status format to look nicer with lots of cilents
2012-04-09 01:23:44 -06:00
a6b106e867
Remove autopwn support for enjoysapgui_comp_download
...
No automatic targeting, the payload doesn't execute immediately, and
requires the browser be running as Admin. Bascially just not a great
candidate for being run automatically.
2012-04-09 01:05:37 -06:00
409ba3139b
Add bap checks for blackice exploit
2012-04-09 00:50:04 -06:00
5fefb47b7f
Some cosmetic changes
2012-04-09 01:43:20 -05:00
95dbb8a818
Merge branch 'snort-dce-rpc' of https://github.com/carmaa/metasploit-framework into carmaa-snort-dce-rpc
2012-04-09 00:17:44 -05:00
da1cb2b81d
ActiveX controls require IE
2012-04-08 22:07:09 -06:00
ce0de02a2a
Modified for 8-space tabs
2012-04-08 16:09:28 -04:00
89c1894e07
Minor formatting changes, tabs etc. and comments for clarity
2012-04-08 15:45:23 -04:00
05eba0ab4c
Cosmetic changes, mostly :-)
2012-04-07 14:47:23 -05:00
938d5d0a75
added references for cve-2012-1196
2012-04-07 20:22:59 +02:00
ee7bce5995
deletion of the ASP script
2012-04-07 20:19:45 +02:00
8761d39190
exploit module added for CVE-2012-1195
2012-04-07 19:04:17 +02:00
b2e0acd92a
Tidied up the exploit
2012-04-06 20:41:54 -04:00
56b10d4d23
Merge branch 'CVE-2012-0270_csound_getnum_bof' of https://github.com/juanvazquez/metasploit-framework into juanvazquez-CVE-2012-0270_csound_getnum_bof
2012-04-06 02:28:26 -05:00
68c81e3ae0
Add OSVDB-80661 TRENDnet SecurView ActiveX BoF
2012-04-06 02:26:04 -05:00
b184a6dc5c
Exploit for Snort CVE-2006-5276 on Windows
2012-04-05 19:46:56 -04:00
5c6856539e
.idea dir deleted
2012-04-05 22:46:43 +02:00
955de5a68c
comment fixed
2012-04-05 22:46:13 +02:00
c5f73d3d7a
added module for CVE-2012-0270_csound_getnum_bof
2012-04-05 22:35:42 +02:00
eb39b5f6aa
Msftidy on netop
2012-04-05 10:33:57 -05:00
c79060915a
Add Chap0's netop exploit
2012-04-03 11:51:58 -05:00
48d6157d6e
New NetOp Guest msf module http://www.netop.com/
2012-04-02 16:53:51 -07:00
0547369966
Add bap support for flash mp4 and new java bug
...
Also fixes a silly issue where adobe_flash_mp4_cprt was adding the
/test.mp4 resource after every request instead of just once at startup.
2012-03-30 12:59:07 -06:00
72cfbaa4d1
forgot to add renamed module
2012-03-28 14:29:31 -06:00
df116185d4
modifications recommended by sinn3r
2012-03-28 14:29:31 -06:00
0aaa2b78bd
cve-2008-0610 windows exploit module
2012-03-28 14:29:31 -06:00
e1783acd6f
Adding newline to end of ricoh_dl_bof.rb
2012-03-23 16:31:11 -05:00
71462bc73d
Merging in freepbx_callmenum.rb and ricoh_dl_bof.rb
...
[Closes #266 ]
2012-03-23 16:23:36 -05:00
fbfd308d79
This actually shouldn't go it now because it's still being code reviewed
2012-03-23 15:32:24 -05:00
47493af103
Merge pull request #259 from todb-r7/edb-2
...
Convert Exploit-DB references to first-tier "EDB-12345" references
2012-03-23 12:09:07 -07:00
fef1e31e2a
Merge branch 'olliwolli-3cdaemonsp3'
2012-03-23 08:52:19 -05:00
20f0a58c6a
Minor fixes
2012-03-23 08:23:30 -05:00
30a3d8bb96
Add Windows SP3 to targets.
2012-03-23 13:52:18 +01:00
6625d97599
Add Ricoh DC DL-10 FTP Buffer Overflow
2012-03-22 15:30:00 -05:00
0a24c354db
Update ms10-002 with dyphens
2012-03-21 19:19:20 -05:00
7d12a3ad3a
Manual fixup on remaining exploit-db references
2012-03-21 16:43:21 -05:00
2f3bbdc00c
Sed replacement of exploit-db links with EDB refs
...
This is the result of:
find modules/ -name \*.rb -exec sed -i -e 's#\x27URL\x27,
\x27http://www.exploit-db.com/exploits/ \([0-9]\+\).*\x27#\x27EDB\x27,
\1#' modules/*.rb {} \
2012-03-21 16:43:21 -05:00
2c16eb29b6
Add CVE-2010-0248 Internet Explorer Object Handling Use After Free exploit
2012-03-21 16:11:26 -05:00
da963fc8b2
Adding OSVDB for dell_webcam_crazytalk.rb
2012-03-20 07:52:50 -05:00
e325469f6e
Grammar fix for dell_webcam_crazytalk module
2012-03-20 07:43:02 -05:00
f4dac59894
Add Dell Webcam CrazyTalk component BackImage overflow exploit
2012-03-20 03:46:37 -05:00
aeb691bbee
Massive whitespace cleanup
2012-03-18 00:07:27 -05:00
e3f2610985
Msftidy run through on the easy stuff.
...
Still have some hits, but that requires a little more code contortion to
fix.
2012-03-15 17:06:20 -05:00
9144c33345
MSFTidy check for capitalization in modules
...
And also fixes up a dozen or so failing modules.
2012-03-15 16:38:12 -05:00
ecb1fda682
Add OSVDB-79651: NetDecision 4.5 HTTP Server Buffer Overflow
2012-03-14 05:13:22 -05:00
1cf25e58d5
merge description change
2012-03-12 17:22:01 -05:00
7d95132eab
Use a cleaner way to calculate JRE ROP's NEG value
2012-03-11 17:27:47 -05:00
6c19466de8
Change output style
2012-03-11 13:59:18 -05:00
25a1552fbd
Dynamic VirtualProtect dwSize. Change output style.
2012-03-11 13:49:46 -05:00
b0e7c048c9
This module fits the GoodRanking description
2012-03-10 00:50:41 -06:00
1d5bad469c
Add Windows 7 SP1 target
2012-03-10 00:11:25 -06:00
1ae779157d
Disable Nops so we don't get an ugly crash after getting a shell
2012-03-08 18:56:58 -06:00
1e4d4a5ba0
Removing EncoderType from flash module
...
Also not very useful
2012-03-08 16:57:41 -06:00
302a42a495
Fixing up print statements
...
Dropping the ROP prints since they're not all that useful.
2012-03-08 16:56:44 -06:00
1396fc19bd
Fixup bad merge on flash mp4
2012-03-08 16:52:53 -06:00
cb04e47304
Attempt #2 : there's no cli in get_payload
2012-03-08 16:47:49 -06:00
3563fe1b36
The encoder "issue" was just a misconfig on my side. Also there's no cli in get_payload.
2012-03-08 16:41:32 -06:00
fee2e1eff9
Minor spray size change
2012-03-08 16:19:51 -06:00
12395c719f
Remove debugging code
2012-03-08 16:16:42 -06:00
87274987c1
Remove the now obsolete text about SWF_PLAYER
2012-03-08 16:16:13 -06:00
181fdb7365
A small title change
2012-03-08 16:10:16 -06:00
1271368b6f
Redirect to a trailing slash to make sure relative resources load
...
properly
2012-03-08 15:37:06 -06:00
b0db18674c
Test out new player code
2012-03-08 15:05:12 -06:00
eb847a3dfb
Add a nicer prefix to the target selection message
2012-03-08 13:46:14 -06:00
5b566b43b4
Catching an update from @hdmoore-r7
...
wrt the nuclear option.
2012-03-08 12:08:39 -06:00
edb3f19c12
A little more padding for Win Vista target
2012-03-08 12:04:04 -06:00
18962e1180
Checking in the new Flash exploit to the release
...
Using the checkout master directly:
git checkout master external/source/exploits/CVE-2012-0754/Exploit.as
git checkout master
modules/exploits/windows/browser/adobe_flash_mp4_cprt.rb
2012-03-08 11:55:01 -06:00
86fc45810b
Remove the resource during cleanup
2012-03-07 23:04:53 -06:00
b4e0daf3ca
Small tweaks to the adobe mp4 exploit
2012-03-07 22:53:47 -06:00
9ece7b08fc
Add vendor's advisory as a reference
2012-03-08 00:46:34 -06:00
5f92bff697
Make sure no encoder will break the exploit again
2012-03-08 00:44:57 -06:00
2e94b97c82
Fix description
2012-03-07 23:59:51 -06:00
57376a976d
Fixes descriptions on new modules.
...
Fixing up grammar and removing some editorial verbiage.
2012-03-07 09:18:47 -06:00
0550b77522
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-03-07 20:04:04 -06:00
3b4ed13aee
Fix typo
2012-03-07 20:03:46 -06:00
33460b6bf4
Fixups on the Adobe Flash exploit description
...
Massaged the lines about the phishing campagin use in the wild.
2012-03-07 19:37:49 -06:00
c76f43c066
Add CVE-2012-0754: Adobe Flash Player MP4 cprt overflow
2012-03-07 19:24:00 -06:00
f97dc8dee7
Fix spelling of the IBM product iSeries
...
Was I-Series.
2012-03-07 15:24:15 -06:00
7dfba9c00d
Merge branch 'master' of github.com:rapid7/metasploit-framework
2012-03-07 14:51:39 -06:00
0ee7788028
Add a check to detect the vulnerable version of Sysax SSH
2012-03-07 14:51:21 -06:00
ba2bf194fd
Fixes descriptions on new modules.
...
Fixing up grammar and removing some editorial verbiage.
2012-03-07 09:17:22 -06:00
2b9acb61ad
Clean up some incosistent verbosity
...
Modules should use `vprint_*` instead of `print... if
datastore["VERBOSE"]` or similar constructs
2012-03-06 12:01:20 -07:00
99177e9d5e
Small commit to fix bad reference and old comment
2012-03-06 01:44:26 -06:00
70162fde73
A few more author typos
2012-03-05 13:28:46 -07:00
4b1e67f94f
Add ROP target for Win2k3 SP1 and SP2
2012-03-04 17:18:34 -06:00
8f93a5abbb
add osvdb ref
2012-03-03 12:28:30 -06:00
fa916d863d
Add Sysax SSH buffer overflow exploit
2012-03-03 10:11:51 -06:00
67f788768d
Fix tabs
2012-03-01 22:31:08 -06:00
fd2d9ae0ea
Add MP4 file generating function. Update the description regarding exploit usage.
2012-03-01 22:24:35 -06:00
b1b2ec2c7d
Merge branch 'CVE-2008-5036_vlc_realtext' of https://github.com/juanvazquez/metasploit-framework into juanvazquez-CVE-2008-5036_vlc_realtext
2012-03-01 21:13:33 -06:00
8bad0033d3
Update description
2012-03-01 19:16:29 -06:00
0bc26c1665
Add CVE-2009-4656: DJ Studio .pls buffer overflow
2012-03-01 19:09:25 -06:00
f1a6d8f535
Added exploit module for CVE-2008-5036
2012-03-01 23:06:40 +01:00
5a5e5eab95
Add msvcrt ROP target for IE8
2012-03-01 15:23:41 -06:00
2d802750e3
fix osvdb ref
2012-03-01 08:07:11 -06:00
256fee3626
add osvdb ref
2012-03-01 08:06:53 -06:00
4369f73c7a
Msftidy fixes on new modules
...
Dropped a cryptic year reference from jducks' java module, found a
spurious space in thelightcosine's telnet module.
2012-02-29 10:42:43 -06:00
74cdb5dabc
It's a two-space tab, not one space. OMG.
2012-02-29 10:13:29 -06:00
986807e525
Add CVE-2012-0201 IBM Personal Communications .ws buffer overflow
2012-02-28 19:01:54 -06:00
5560087006
Add OSVDB 79438 Asus Net4Switch ActiveX Buffer Overflow
2012-02-28 18:58:28 -06:00
339fb8d266
eh, I mean Win2k3 SP0 to SP1
2012-02-23 17:33:49 -06:00
e262d7a7ff
Add CVE-2012-0500 Sun Java Web Start exploit
2012-02-23 13:30:45 -06:00
08fb03276f
add osvdb ref
2012-02-23 07:39:31 -06:00
144fa0dc0e
Comment what \x0b\x04 is for
2012-02-22 22:59:43 -06:00
291e083d65
Add CVE-2011-5001: TrendMicro Control Manager 5.5 CmdProcessor Stack Bof
2012-02-22 19:44:47 -06:00
d6310829ea
Added module for CVE-2008-1602
2012-02-21 22:36:57 +01:00
4a631e463c
Module title normalization
...
Module titles should read like titles. For
capitalization rules in English, see:
http://owl.english.purdue.edu/owl/resource/592/01/
The only exceptions are function names (like 'thisFunc()') and specific
filenames (like thisfile.ocx).
2012-02-21 11:07:44 -06:00
ceb4888772
Fix up the boilerplate comment to use a better url
2012-02-20 19:40:50 -06:00
ab92e38628
Small cosmetic change to module descriptions
2012-02-20 19:29:51 -06:00
af56807668
Cleanup the titles of many exploit modules
2012-02-20 19:25:55 -06:00
dc4bade78c
Use OptEnum to validate delivery method
2012-02-17 21:03:05 -06:00
d2444e1cf6
fix a few typos
2012-02-16 03:10:22 -06:00
e69037959f
Added CVE-2010-0842
2012-02-15 23:32:31 +01:00
829040d527
A bunch of msftidy fixes, no functional changes.
2012-02-10 19:44:03 -06:00
daca3e93a5
add osvdb ref
2012-02-10 07:05:42 -06:00
782fcb040d
add osvdb ref
2012-02-10 07:05:26 -06:00
1a240648fa
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-02-10 06:51:02 -06:00
5ea20a332b
Clearly I had the wrong disclosure date. This one is based on Adobe's security bulletin.
2012-02-10 00:13:39 -06:00
e5ea2961f5
Add CVE-2011-2140 Adobe Flash SequenceParameterSetNALUnit (mp4) bof
2012-02-10 00:10:28 -06:00
2bd330da33
Add ZDI-12-009 Citrix Provisioning Services 5.6 streamprocess buffer overflow exploit
2012-02-10 00:06:48 -06:00
d90fe9b9b7
add osvdb ref
2012-02-02 13:43:03 -06:00
aa44eb955e
Correct author e-mail format
2012-02-02 11:27:43 -06:00
6b29af5c23
Add user-agent check. Auto-migrate.
2012-02-02 03:11:10 -06:00
6be65acfe2
Merge branch 'CVE-2008-2551_c6_DownloaderActiveX' of https://github.com/juanvazquez/metasploit-framework into juanvazquez-CVE-2008-2551_c6_DownloaderActiveX
2012-02-02 02:54:02 -06:00
de675c349a
Upgrade exploit rank, because it fits the description
2012-02-02 02:49:06 -06:00
28b4f4b60d
Add Sunway ForceControl NetDBServer.exe Buffer Overflow (Feature #6331 )
2012-02-02 02:43:32 -06:00
82eacbe2fd
Added module for CVE-2008-2551
2012-02-01 23:26:28 +01:00
e371f0f64c
MSFTidy commits
...
Whitespace fixes, grammar fixes, and breaking up a multiline SOAP
request.
Squashed commit of the following:
commit 2dfd2472f7afc1a05d3647c7ace0d031797c03d9
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:58:53 2012 -0600
Break up the multiline SOAP thing
commit 747e62c5be2e6ba99f70c03ecd436fc444fda99e
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:48:16 2012 -0600
More whitespace and indent
commit 12c42aa1efdbf633773096418172e60277162e22
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:39:36 2012 -0600
Whitespace fixes
commit 32d57444132fef3306ba2bc42743bfa063e498df
Author: Tod Beardsley <todb@metasploit.com>
Date: Wed Feb 1 10:35:37 2012 -0600
Grammar fixes for new modules.
2012-02-01 10:59:58 -06:00
47c7f47f4e
Merge branch 'master' of r7.github.com:rapid7/metasploit-framework
2012-01-31 20:38:30 -06:00
d9ee43d3dc
add disclosure date
2012-01-31 20:38:05 -06:00
a814a9dce7
add disclosure date
2012-01-31 20:35:58 -06:00
0ba7557865
Fix typo in seattlelab_pass.rb exploit.
...
Also remove the $ from the end of the regex which stopped
the exploit from being executed.
2012-01-31 21:09:51 +01:00
1dec4c0c45
These modules should use vprint_xxx() instead of print_xxx() ... if datastore['VERBOSE']
2012-01-30 13:08:35 -06:00
fbac9a7239
Forgot to remove this comment
2012-01-28 13:18:15 -06:00
7b866eee86
Use the proper function for verbose prints
2012-01-27 12:50:01 -06:00
64651e52a8
Credit Shane of X-Force for the discovery
2012-01-27 11:18:34 -06:00
b4e2228404
Fix exitfunc option name
2012-01-27 09:15:31 -06:00
298b94d397
Add MS12-004 MIDI Heap Overflow Remote Code Execution Exploit (CVE-2012-003)
2012-01-27 03:48:39 -06:00
3952a06292
Minor changes
2012-01-26 11:35:43 -06:00
1af6740b24
Initial checking of hp_magentservice module
2012-01-25 13:04:30 -05:00
f6a6963726
Msftidy run over the recent changed+added modules
2012-01-24 15:52:41 -06:00
292332d355
Add some error handling for tns_version method
2012-01-19 13:03:19 -06:00
8ce47ab832
Changing license for KillBill module
...
Talked with Solar Eclipse, and he's consented to change his module
license from GPL to BSD, thus striking a blow for freedom. Thanks!
2012-01-19 11:39:56 -06:00
d6e8f0b54d
Add Felipe as an author (plus a reference) because looks like the PoC originally came from him.
2012-01-18 13:33:27 -06:00
064a71fb1d
Add CVE-2011-3167 HP OpenView NNM exploit (Feature #6245 )
2012-01-18 12:05:18 -06:00
e4ed3c968d
Add OSVDB and BID references
2012-01-17 18:16:47 -06:00
75f543f3eb
Hilarious, I forgot to change the disclosure date.
2012-01-17 18:11:18 -06:00
2e8122dc88
Better MSF style compliance
2012-01-17 14:54:50 -06:00
a682e68073
Add CVE-2011-4786 HP Easy Printer Care XMLCacheMgr exploit (Feature #6246 )
2012-01-17 12:28:47 -06:00
4f16caed0f
Change naming style for MS type bug
2012-01-17 03:00:07 -06:00
c15e7da0b8
Add ZDI-12-012 McAfee SaaS ShowReport code execution
2012-01-16 18:44:11 -06:00
4689421201
Correct variable naming style
2012-01-16 16:03:48 -06:00
11fc423339
Merge pull request #102 from cbgabriel/bsplayer-m3u
...
modules/exploits/windows/fileformat/bsplayer_m3u.rb
2012-01-16 11:24:48 -08:00
bd31f3f480
add osvdb ref
2012-01-13 13:21:33 -06:00
2eb35728f6
Randomize nops
2012-01-12 18:37:25 -06:00
ffe81584d1
updated author
2012-01-12 19:02:34 -05:00
e42e0004a9
Merge branch 'ms05_054_onload' of https://github.com/SamSharps/metasploit-framework into SamSharps-ms05_054_onload
2012-01-12 17:46:50 -06:00
a8ef3417b5
Fixed the date
2012-01-12 20:54:55 -06:00
e75e23b963
Removed more unused variables and fixed some formatting
2012-01-12 18:13:28 -06:00
f22f54034a
Removed unused variables
2012-01-12 18:05:54 -06:00
87ee6905df
Modified exploit to not need egg hunter shellcode
2012-01-12 18:01:22 -06:00
ad0b745b31
new file: modules/exploits/windows/fileformat/bsplayer_m3u.rb
2012-01-12 16:12:43 -05:00
092b226cce
Updating tns_auth_sesskey to use a user-supplied SID
...
Applying the patch suggested by Lukas, here: http://mail.metasploit.com/pipermail/framework/2012-January/008374.html
2012-01-11 07:31:36 -06:00
7e25f9a6cc
Death to unicode
...
Apologies to the authors whose names I am now intentionally misspelling.
Maybe in another 10 years, we can guarantee that all terminals and
machine parsers are okay with unicode suddenly popping up in strings.
Also adds a check in msftidy for stray unicode.
2012-01-10 14:54:55 -06:00
bc9014e912
Add new v3.4 target by Michael Coppola (Feature #6207 )
2012-01-09 23:51:11 -06:00
8eee54d1d0
Add e-mail addr for corelanc0d3r (found it in auxiliary/fuzzers/ftp/client_ftp.rb)
2012-01-09 14:23:37 -06:00
2f9d563067
Update reference
2012-01-09 02:14:29 -06:00
9cf2af6a94
Adds exploit/windows/htt/xampp_webdav_upload_php
...
This exploit abuses weak default passwords on XAMPP
for windows to uplaod a php payload and execute it.
Fixes #2170
2012-01-06 12:00:14 -08:00
06414c2413
changed author to my actual name
2012-01-06 01:03:20 -06:00
b26ed37467
Added description, urls, and another author
2012-01-06 00:47:01 -06:00
5c05cebaf7
Added ms05_054_onload.rb IE 6 SP 2 exploit - CVE-2005-1790
2012-01-06 00:16:45 -06:00
f3a9bc2dad
Added ms05_054_onload.rb IE 6 SP 2 exploit - CVE-2005-1790
2012-01-06 00:12:28 -06:00
8cced0a91e
Add CVE-2011-2462 Adobe Reader U3D exploit
2012-01-04 03:49:49 -06:00
958ffe6e1d
Fix stack trace from unknown agents
2012-01-02 03:41:49 -06:00
7bfdc9eff4
add osvdb ref
2012-01-01 09:10:10 -06:00
d9db03dba6
Add CoCSoft StreamDown buffer overflow (Feature #6168 ; no CVE or OSVDB ref)
2011-12-30 10:16:29 -06:00
b202c29153
Correct e-mail format
2011-12-29 11:27:10 -06:00
d484e18300
Add e-mail for tecr0c
2011-12-29 11:14:15 -06:00
9972f42953
Add e-mail for mr_me for consistency
2011-12-29 11:01:38 -06:00
0e3370f1fe
Grammar and spelling on splunk and oracle exploits
2011-12-28 13:42:56 -06:00
4215ef3ae1
add osvdb ref
2011-12-24 06:54:39 -06:00
69570dada6
Add CVE-2008-2161 OpenTFTP SP 1.4 Buffer Overflow by steponequit
2011-12-23 16:28:36 -06:00
84c6739921
added initial opentftp 1.4 windows exploit
2011-12-23 11:27:11 -06:00
41697440c7
Add Oracle Job Scheduler Command Execution (CreateProcessA) - Feature #6079
2011-12-23 01:22:39 -06:00
baaa1f6c82
Add US-Cert references to all these SCADA modules. The refers are based on this list:
...
http://www.scadahacker.com/resources/msf-scada.html
2011-12-20 14:07:29 -06:00
b58097a2a7
Remove junk() because it's never used
2011-12-17 01:28:07 -06:00
fae80f8d49
typo
2011-12-16 11:10:46 -06:00
1712f2aa22
add osvdb ref
2011-12-14 07:23:11 -06:00
fea4bfb85c
Repair dead milw0rm link to exploit-db
2011-12-13 16:13:53 -06:00
c1a4c4e584
Repair dead milw0rm link to exploit-db
2011-12-13 16:13:34 -06:00
acef9de711
Repair dead milw0rm link to exploit-db
2011-12-13 16:13:15 -06:00
d246bfa4da
Credit Luigi Auriemma for the original discovery/poc, not Celil
2011-12-13 15:20:26 -06:00
a8fad72fce
Merge branch 'msftidy_fixup'
...
Merging a local msftidy cleanup branch, adding a new optional msftidy
test to check for 1.8 compat and cleaning up some whitespace /
file.open()'s.
2011-12-12 17:55:21 -06:00
f402b8598b
Whitespace and File.open binary mode cleanups.
...
Fixes some recent modules: dns_fuzzer, shodan_search,
avidphoneticindexer, and win_privs.
2011-12-12 17:31:28 -06:00
bacdbb90d7
ugh, stack overflow != stack buffer overflow. Also, metadata format fix.
2011-12-12 15:23:32 -06:00
5af5137241
Add CoDeSys SCADA bof module ( #6083 )
2011-12-12 15:21:15 -06:00
4736cb1cbe
Merge pull request #48 from swtornio/master
...
add osvdb ref
2011-12-11 20:37:43 -08:00
1ae12e3a23
Remove the default target, since module doesn't fingerprint the service
...
pack, this can only end in tears.
2011-12-10 13:31:05 -06:00
b521602d82
add osvdb ref
2011-12-10 07:49:50 -06:00
0e2101e4c1
Correct author name
2011-12-07 00:24:16 -06:00
92c1065508
Add CVE-2004-1626 (Ability FTP Server). OSCP l337-fu :-)
2011-12-06 18:52:42 -06:00
e524215b55
WTH, the date format is wrong
2011-12-04 15:23:31 -06:00
b75799d18d
=add osvdb ref
2011-12-02 16:50:42 -06:00
83f12c6fe0
=add osvdb ref
2011-12-02 16:46:01 -06:00
c8634390b7
Add CCMPlayer m3u exploit (Feature #6029 )
2011-12-02 16:27:59 -06:00
f4b755c319
Add License comment (author already put 'MSF_LICENSE' in there). Also drop rank, because it doesn't cover so many targets
2011-12-02 15:00:39 -06:00
cd2bb027bf
Merge branch 'master' of github.com:rapid7/metasploit-framework
2011-12-02 14:54:53 -06:00
895a509bd3
Add Avid Media Composer 5.5 (Feature #6035 )
2011-12-02 14:53:26 -06:00
2bb97791f7
Update OSVDF refs for servu module.
...
* Added osvdb ref to servu module.
* Fixed rhino entry in osvdb, removed comment from module.
Squashed commit of the following:
commit 80ce65253f51e07a0bcb8900402a1b3d59eaeaa1
Author: Steve Tornio <swtornio@gmail.com>
Date: Fri Dec 2 07:44:28 2011 -0600
add osvdb ref
commit 558f20d84dd705b57b7f807a5ea3815e17b6f9f5
Author: Steve Tornio <swtornio@gmail.com>
Date: Wed Nov 30 08:15:20 2011 -0600
fixed in osvdb
[Closes #39 ]
2011-12-02 13:21:41 -05:00
2858cae296
Some quick corrections to tidy things up
2011-11-29 19:57:08 -08:00
be88f483a3
More Accurate Vulnerability Check
2011-11-29 18:38:00 -08:00
0dda948265
New Exploit for the Serv-U FTP Buffer overflow
...
from CVE 2004-2111
2011-11-29 17:34:01 -08:00
f503bd9488
Fixes #5749 by converting to unix-style linefeeds and forcing jtr modules to read files as binary, and updating msftidy to allow for r+b as a ghetto append.
2011-11-28 17:52:34 -06:00
c411c216c0
Solved most of msftidy issues with the /modules directory
2011-11-28 17:10:29 -06:00
e11ca43c37
Add feature #5680
2011-11-21 12:39:45 -06:00
76846aa578
Add MS10-038 (CVE-2010-0822) exploit
2011-11-21 11:36:47 -06:00
28a079f308
Add credit to the appropriate researcher
2011-11-20 02:32:45 -06:00
95d639ccf7
Change target index and names. Also retested on XP all the way to Win 7, IE 6 to IE8.
2011-11-20 01:44:52 -06:00
9c2fab0921
Add CVE-2010-0356 (Viscom Movie Player Pro) by tecr0c
2011-11-19 20:40:04 -06:00
30f13984ea
Add wireshark console.lua exploit (CVE-2011-3360)
2011-11-18 21:24:48 -06:00
fea42dbdee
Add feature #5872
2011-11-16 12:26:54 -06:00
c8142043e9
Fixes to credential handling to downcase usernames whenever they are not case sensitive.
...
Also report_auth_info now checks to see if a non-case sensitive version of the cred
may already exist.
2011-11-14 22:50:52 -08:00
2536cf0308
Add feature #5779
2011-11-14 01:49:26 -06:00
a0c9297500
add osvdb ref
2011-11-12 06:01:41 -06:00
170c4f5451
Fix author email format
2011-11-12 01:53:25 -06:00
b8b8732d85
Correct disclosure date
2011-11-12 01:12:28 -06:00
ed5bae6441
oops, I don't need that extra comment
2011-11-12 01:04:00 -06:00
84c5268ab4
Add Aviosoft DTV exploit
2011-11-12 01:02:40 -06:00
f54b622ad3
Added BID ref for amlibweb module.
2011-11-11 12:04:40 +11:00
c569ec4a33
Don't really need a revision # in source
2011-11-09 22:10:52 -06:00
32bb3af298
Add feature #5946
2011-11-09 21:49:34 -06:00
fdf13e5e0e
Fixes #5927
...
git-svn-id: file:///home/svn/framework3/trunk@14196 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-08 21:45:17 +00:00
c4fa5b4674
Fix #5937 . Vista is currently taken down because it's not stable enough.
...
git-svn-id: file:///home/svn/framework3/trunk@14188 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-08 09:35:18 +00:00
0b981b0db0
Add OSVDB reference
...
git-svn-id: file:///home/svn/framework3/trunk@14179 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-07 02:01:42 +00:00
e767214411
Fix: whitespaces, svn propset, author e-mail format
...
git-svn-id: file:///home/svn/framework3/trunk@14175 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-06 22:02:26 +00:00
49dddf1396
Yeah, don't really need the bottom comment anymore
...
git-svn-id: file:///home/svn/framework3/trunk@14172 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-06 20:16:34 +00:00
43a22d3fa0
Add Office 2007 SP2 target, thanks Juan
...
git-svn-id: file:///home/svn/framework3/trunk@14171 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-06 17:33:29 +00:00
1a2f60f4c0
Add MS11-021 ( #5917 )
...
git-svn-id: file:///home/svn/framework3/trunk@14169 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-05 23:05:42 +00:00
155c3ff9ac
whitespace
...
git-svn-id: file:///home/svn/framework3/trunk@14157 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-04 17:17:10 +00:00
7a07e069da
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@14156 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-04 14:15:00 +00:00
3d6f631780
Upgrade mini_stream as a remote module. Account for all variables that affect the offset to EIP. Also digital1 = Ron.
...
git-svn-id: file:///home/svn/framework3/trunk@14155 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-04 08:20:43 +00:00
b809f00979
Add NJStar MiniSMTP bof (Feature #5901 )
...
git-svn-id: file:///home/svn/framework3/trunk@14135 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-01 08:19:55 +00:00
0890cca02a
much needed patch worked like a champ in my enviroment.
...
git-svn-id: file:///home/svn/framework3/trunk@14132 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-31 20:37:30 +00:00
3eff1cfaa5
This exploit does not work at all, and could not be fixed in time. See #5854
...
git-svn-id: file:///home/svn/framework3/trunk@14088 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-27 01:47:48 +00:00
7b099bbaef
remove Rex::Text.pattern_create()
...
git-svn-id: file:///home/svn/framework3/trunk@14076 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-26 22:16:26 +00:00
ded364c8ef
Feature #5621
...
git-svn-id: file:///home/svn/framework3/trunk@14075 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-26 21:25:46 +00:00
086af94b5d
Adds Foxit PDF Reader Exploit CVE-2009-0837
...
git-svn-id: file:///home/svn/framework3/trunk@14069 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-25 20:15:12 +00:00
32cde1d45a
don't use the pattern creator
...
git-svn-id: file:///home/svn/framework3/trunk@14050 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-24 19:43:54 +00:00
fa2355a766
Damn comma
...
git-svn-id: file:///home/svn/framework3/trunk@14048 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-24 16:42:07 +00:00
68286561f5
Add #5742
...
git-svn-id: file:///home/svn/framework3/trunk@14047 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-24 16:38:02 +00:00
c0d362bd83
Fix tabs, and the correct the bottom comment
...
git-svn-id: file:///home/svn/framework3/trunk@14041 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-24 01:39:11 +00:00
a8d62ae01a
Add feature #5592 (Cytel Studio)
...
git-svn-id: file:///home/svn/framework3/trunk@14040 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-24 01:37:32 +00:00
7bfa29ace4
clean up exploit HTML print_status
...
git-svn-id: file:///home/svn/framework3/trunk@14036 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-23 14:21:57 +00:00
62c8c6ea9f
big msftidy pass, ping me if there are issues
...
git-svn-id: file:///home/svn/framework3/trunk@14034 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-23 11:56:13 +00:00
27cba3d7ec
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@14020 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-21 11:50:59 +00:00
06aa776a77
Bleh, fix BID reference
...
git-svn-id: file:///home/svn/framework3/trunk@14016 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-20 17:40:21 +00:00
e5f7bfceaf
Add HP Power Manager module by ipax, thx!
...
git-svn-id: file:///home/svn/framework3/trunk@14015 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-20 17:29:48 +00:00
091b9779e2
Add commas
...
git-svn-id: file:///home/svn/framework3/trunk@14007 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-19 20:41:09 +00:00
521aec205b
Return on error
...
git-svn-id: file:///home/svn/framework3/trunk@14006 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-19 19:55:04 +00:00
0f1ba8dcf1
Change user agent check
...
git-svn-id: file:///home/svn/framework3/trunk@13993 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 15:48:03 +00:00
e4290e40c4
Fix the check to not report empty user/pass
...
git-svn-id: file:///home/svn/framework3/trunk@13989 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 09:10:00 +00:00
8e4f4a2672
Add CVE-2011-1774 (Safari libxslt arbitrary file creation)
...
git-svn-id: file:///home/svn/framework3/trunk@13987 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 07:39:50 +00:00
fbbec1fa92
This exploit falls between NormalRanking to GoodRanking. I'll class it as Normal for now.
...
git-svn-id: file:///home/svn/framework3/trunk@13984 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 03:48:10 +00:00
975cc52bac
Fix spelling errors
...
git-svn-id: file:///home/svn/framework3/trunk@13983 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 00:54:05 +00:00
0304702b14
Mention where the getpc code is from, request by corelanc0d3r
...
git-svn-id: file:///home/svn/framework3/trunk@13974 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 14:56:44 +00:00
c336d063da
Mostly file format (unix linefeeds) and File.open() calls using binary. Fixed ranking for mozilla_nstreerange and disclosure and BID # for tugzip.
...
git-svn-id: file:///home/svn/framework3/trunk@13971 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 04:20:53 +00:00
3c36b0c975
Msftidy: knocking out all those trailing spaces. Screw those guys.
...
git-svn-id: file:///home/svn/framework3/trunk@13967 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 03:49:49 +00:00
39a4488da5
Patch #5740 for Firefox Array.reduceRight() exploit
...
git-svn-id: file:///home/svn/framework3/trunk@13958 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-16 20:28:15 +00:00
d059670d67
Fixes #5570 , commits TecR0c's exploit module, after running through msftidy.rb. Thanks!
...
git-svn-id: file:///home/svn/framework3/trunk@13952 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-16 15:47:04 +00:00
594b0687c7
Fix CVE reference format
...
git-svn-id: file:///home/svn/framework3/trunk@13950 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-16 09:55:07 +00:00
cf8524b1b4
Fixes #5414 by applying Joshua Taylor's patch that corrects bad reference types
...
git-svn-id: file:///home/svn/framework3/trunk@13949 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-16 09:53:53 +00:00
020abd926b
A handful of rankings changes, also converting whitespace.
...
git-svn-id: file:///home/svn/framework3/trunk@13941 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 22:58:20 +00:00
14d7db1641
Add disclosure dates to all the exploit modules that didn't have one
...
git-svn-id: file:///home/svn/framework3/trunk@13938 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 21:09:17 +00:00
1adb31747d
This module is missing a ranking. Adding one.
...
git-svn-id: file:///home/svn/framework3/trunk@13936 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 20:35:18 +00:00
2b746b3505
This module never got a ranking, adding one
...
git-svn-id: file:///home/svn/framework3/trunk@13934 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 20:07:59 +00:00
4f4c0bc0be
Add CVE-2011-2371 Firefox Array.reduceRight() vuln
...
git-svn-id: file:///home/svn/framework3/trunk@13909 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-13 03:16:15 +00:00
90a426cec6
Add PcVue 10 LoadObject/SaveObject vuln (Feature #5647 )
...
git-svn-id: file:///home/svn/framework3/trunk@13889 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-12 10:57:31 +00:00
6578874439
don't bother escaping a tick
...
git-svn-id: file:///home/svn/framework3/trunk@13887 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-12 01:45:10 +00:00
c1b1917dce
Change correct name for Lincoln. Also, this is feature #5646
...
git-svn-id: file:///home/svn/framework3/trunk@13868 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-11 03:30:14 +00:00
e3111e0261
Add CVE-2008-4779
...
git-svn-id: file:///home/svn/framework3/trunk@13867 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-11 03:28:08 +00:00
f54939cda9
Change target name and description. The module works on multiple systems.
...
git-svn-id: file:///home/svn/framework3/trunk@13853 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-10 16:47:33 +00:00
8488343e46
Add CVE-2011-2595 (Feature #5645 )
...
git-svn-id: file:///home/svn/framework3/trunk@13852 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-10 16:11:05 +00:00
756aafd7f2
Add CVE and OSVDB refs
...
git-svn-id: file:///home/svn/framework3/trunk@13848 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-09 22:56:17 +00:00
eab8a2434b
fix typo in description
...
git-svn-id: file:///home/svn/framework3/trunk@13845 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-09 19:39:15 +00:00
487ee5b46e
Does not work against Win 7 SP0/SP1 and Windows Server 2003 SP2. Definitely not an universal target.
...
git-svn-id: file:///home/svn/framework3/trunk@13841 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-09 05:36:42 +00:00
a3cc25615d
Add bug #5505 (scriptftp_list module)
...
git-svn-id: file:///home/svn/framework3/trunk@13839 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-09 04:17:03 +00:00
3d8a18cfd1
Fix tab indent
...
git-svn-id: file:///home/svn/framework3/trunk@13836 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-08 18:39:23 +00:00
2e7edeff81
See #3585 : Happy Third Birthday MS08-067!
...
Adds an AlwaysOn DEP bypass for XP SP2 and SP3
git-svn-id: file:///home/svn/framework3/trunk@13835 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-08 07:26:37 +00:00
93f8d73b0c
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@13810 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-02 17:03:23 +00:00
711bfa7d53
initial coverage for ca total defense sqli
...
git-svn-id: file:///home/svn/framework3/trunk@13809 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-02 15:53:44 +00:00
2b3a277124
Found an instance that causes the win 7 target to fail. This fix corrects it.
...
git-svn-id: file:///home/svn/framework3/trunk@13797 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-27 08:55:07 +00:00
de9e99bd3d
Fix some TOCTOU confusion and database errors.
...
git-svn-id: file:///home/svn/framework3/trunk@13779 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-23 15:12:19 +00:00
ec6f290fbd
Add Windows 7 target and all kinds of stuff.
...
git-svn-id: file:///home/svn/framework3/trunk@13775 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-22 17:40:35 +00:00
e93341f9f1
add cve and osvdb refs
...
git-svn-id: file:///home/svn/framework3/trunk@13768 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-21 11:55:56 +00:00
5d4f68a6f2
Fix JS
...
git-svn-id: file:///home/svn/framework3/trunk@13767 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-21 03:13:45 +00:00
936f3de84c
This simple math would do the trick
...
git-svn-id: file:///home/svn/framework3/trunk@13766 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-20 18:56:21 +00:00
742edf1ad1
Add eSignal and eSignal Pro exploit
...
git-svn-id: file:///home/svn/framework3/trunk@13765 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-20 17:39:53 +00:00
3318b132c8
add x90c's email address
...
git-svn-id: file:///home/svn/framework3/trunk@13757 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-19 19:40:48 +00:00
ee09c028a0
add cve and osvdb refs
...
git-svn-id: file:///home/svn/framework3/trunk@13756 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-19 11:38:49 +00:00
1d2ddc55e8
Add UI for PXE attack reset.
...
git-svn-id: file:///home/svn/framework3/trunk@13753 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-18 20:44:16 +00:00
f4be092ac1
include the CVE with more details that definitely applies to this bug, in addition to the ambiguous one that may or may not
...
git-svn-id: file:///home/svn/framework3/trunk@13751 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-18 03:57:27 +00:00
bf315b09ed
Add DAQFactory bof
...
git-svn-id: file:///home/svn/framework3/trunk@13750 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-18 02:45:55 +00:00
10c76f66ba
Adding an extra print line to adobe_cooltype_sing that clearly displays the user-agent.
...
git-svn-id: file:///home/svn/framework3/trunk@13748 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-17 20:12:51 +00:00
56025609f0
Add fix commit url to reference. Thx jduck!
...
git-svn-id: file:///home/svn/framework3/trunk@13745 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-17 06:48:33 +00:00
2ebef435a0
Add CVE-2011-2950 Real Player heap overflow
...
git-svn-id: file:///home/svn/framework3/trunk@13738 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-16 19:22:29 +00:00
6443ee024c
Add Measuresoft ScadaPro exploit
...
git-svn-id: file:///home/svn/framework3/trunk@13737 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-16 08:23:59 +00:00
7569cad178
Correct variable use in heap spray js function
...
git-svn-id: file:///home/svn/framework3/trunk@13735 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-15 22:37:13 +00:00
70fa0e630b
Add Windows 7 + IE 8 target. Also use a different approach to get code execution.
...
git-svn-id: file:///home/svn/framework3/trunk@13734 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-15 20:51:01 +00:00
de98758f2b
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@13728 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-13 20:10:28 +00:00
9e5d07b201
Add ScadaTEC ScadaPhone bof
...
git-svn-id: file:///home/svn/framework3/trunk@13727 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-13 17:25:03 +00:00
e6ce90c551
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@13724 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-12 21:42:36 +00:00
8b8388ed44
Add CVE-2011-3322 Procyon Core Server HMI
...
git-svn-id: file:///home/svn/framework3/trunk@13721 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-12 17:54:31 +00:00
e597891a1f
Add support for DEP bypass
...
git-svn-id: file:///home/svn/framework3/trunk@13711 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-09 18:15:50 +00:00
e31acef6e9
whitespace cleanup
...
git-svn-id: file:///home/svn/framework3/trunk@13702 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-07 15:30:08 +00:00
6f28911d3d
added patch from joshua taylor.
...
git-svn-id: file:///home/svn/framework3/trunk@13698 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-06 19:58:40 +00:00
819e673b88
Mention about the RSA attack in the description, also add a reference for it
...
git-svn-id: file:///home/svn/framework3/trunk@13697 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-06 17:22:00 +00:00
7fb4a3c571
Fix up the disablenops syntax
...
git-svn-id: file:///home/svn/framework3/trunk@13694 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-05 16:27:04 +00:00
2f2421badc
initial coverage of the pnsize bug (fileformat)
...
git-svn-id: file:///home/svn/framework3/trunk@13691 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-03 21:17:58 +00:00
44ba7e80d5
This module still works against 2.5 (most current as of Sept 2 2011)
...
git-svn-id: file:///home/svn/framework3/trunk@13688 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-03 04:52:04 +00:00
8a070b81a2
Add the noobfuscation arg to the heaplib call
...
git-svn-id: file:///home/svn/framework3/trunk@13675 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-01 09:00:20 +00:00
4e92190fa8
Add additional references, correct disclosure date
...
git-svn-id: file:///home/svn/framework3/trunk@13673 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-01 05:20:47 +00:00
717b0eddee
Add DVD X plf playlist buffer overflow
...
git-svn-id: file:///home/svn/framework3/trunk@13672 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-01 05:14:21 +00:00
22dc0ed551
Fix disclosure date
...
git-svn-id: file:///home/svn/framework3/trunk@13670 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-31 00:15:46 +00:00
c5fe6ed503
Reset the target to allow for multiple client connections
...
git-svn-id: file:///home/svn/framework3/trunk@13669 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-30 22:29:14 +00:00
70dffd6afb
Adds Citrix Gateway ActiveX Stack Based Buffer Overflow module
...
git-svn-id: file:///home/svn/framework3/trunk@13666 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-30 22:22:32 +00:00
6853221762
Fixes #5313 by adding logging support to pivoted PXE attacks, and displaying results as the module runs.
...
git-svn-id: file:///home/svn/framework3/trunk@13646 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-27 15:46:49 +00:00
f9e651d382
Report to DB too.
...
git-svn-id: file:///home/svn/framework3/trunk@13640 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-25 22:56:22 +00:00
23b4f4ed98
Address #5313 for locally-launched PXE attacks.
...
git-svn-id: file:///home/svn/framework3/trunk@13639 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-25 22:48:33 +00:00
9cfba23558
psexec: allow o upload payload in a subfolder
...
git-svn-id: file:///home/svn/framework3/trunk@13638 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-25 22:30:46 +00:00
06c3dabe31
Fixes #5312 for pivoted PXE attacks.
...
git-svn-id: file:///home/svn/framework3/trunk@13634 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-25 02:07:35 +00:00
b331073851
cleaned up some column width issues, added on_new_session clean up code to remove files
...
git-svn-id: file:///home/svn/framework3/trunk@13599 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-20 17:47:03 +00:00
6723c7fb3e
Minor metadata format fix
...
git-svn-id: file:///home/svn/framework3/trunk@13593 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-20 00:11:22 +00:00
8fbd81a0f0
Add HP Easy Printer xmlsimpleaccessor exploit
...
git-svn-id: file:///home/svn/framework3/trunk@13592 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-19 23:49:45 +00:00
aef764de08
working on moving things referenced in Feature #653 . added different param for secure backup
...
git-svn-id: file:///home/svn/framework3/trunk@13591 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-19 18:35:29 +00:00
fe53151324
fix tabs
...
git-svn-id: file:///home/svn/framework3/trunk@13590 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-19 16:58:50 +00:00
056adf7063
Add Win 7 target
...
git-svn-id: file:///home/svn/framework3/trunk@13589 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-19 16:57:19 +00:00
2a62ac35ac
Fix bug #5267
...
git-svn-id: file:///home/svn/framework3/trunk@13573 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-17 06:14:51 +00:00
6c58dad979
ugh, why the extra spaces
...
git-svn-id: file:///home/svn/framework3/trunk@13566 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-15 15:34:49 +00:00
eaa5cf6b5d
Use heaplib on IE 8, allow obfuscation as an option
...
git-svn-id: file:///home/svn/framework3/trunk@13565 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-15 15:32:17 +00:00
55d60a1af2
Allow JavaScript obfuscation as an option
...
git-svn-id: file:///home/svn/framework3/trunk@13556 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-13 02:28:49 +00:00
c29a4d5ea3
Specify UUID offset for the custom .Net binary
...
git-svn-id: file:///home/svn/framework3/trunk@13555 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-13 02:15:05 +00:00
f8bf910fbb
missing var
...
git-svn-id: file:///home/svn/framework3/trunk@13554 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-13 02:05:08 +00:00
8bf7a9990b
Improve javascript obfuscation, and allow it as an option
...
git-svn-id: file:///home/svn/framework3/trunk@13553 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-12 23:03:11 +00:00
20f4280d9f
Exploit is much more reliable than before, it gets a promotion
...
git-svn-id: file:///home/svn/framework3/trunk@13549 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-12 19:17:23 +00:00
bfc59e4c62
Add MS10-026 exploit
...
git-svn-id: file:///home/svn/framework3/trunk@13547 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-12 19:04:25 +00:00
3b04e7bd9e
Add routine to check target before exploiting it
...
git-svn-id: file:///home/svn/framework3/trunk@13535 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-11 23:05:45 +00:00
0d9908435a
Allow JavaScript obfuscation as an option
...
git-svn-id: file:///home/svn/framework3/trunk@13533 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-11 22:18:25 +00:00
456aeeb90b
Allow JavaScript obfuscation as an option
...
git-svn-id: file:///home/svn/framework3/trunk@13530 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-11 18:47:21 +00:00
4ac431948a
Allow JavaScript obfuscation as an option
...
git-svn-id: file:///home/svn/framework3/trunk@13524 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-11 15:50:43 +00:00
a1526e86b8
Use heaplib to spray, and use obfuscation as an option
...
git-svn-id: file:///home/svn/framework3/trunk@13523 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-11 15:25:14 +00:00
a6a444930e
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@13522 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-11 11:17:30 +00:00
950a4215a0
Fix a problem where resp.index() might return nil
...
git-svn-id: file:///home/svn/framework3/trunk@13521 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-11 09:03:19 +00:00
6a89cf5859
Add TeeChart Professional ActiveX exploit
...
git-svn-id: file:///home/svn/framework3/trunk@13520 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-11 08:41:30 +00:00
dad6103944
Fix documentation to match change; will only affect windows.
...
git-svn-id: file:///home/svn/framework3/trunk@13519 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-11 03:05:58 +00:00
f12742a05f
Better cleanup for PXE attacks.
...
git-svn-id: file:///home/svn/framework3/trunk@13518 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-11 02:57:02 +00:00
58198f37ba
Fix reference link
...
git-svn-id: file:///home/svn/framework3/trunk@13513 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-10 18:58:20 +00:00
8dc4228ee0
Fix very minor typo
...
git-svn-id: file:///home/svn/framework3/trunk@13508 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-10 17:05:49 +00:00
3b1769d621
Add Mozilla Firefox 3.6.16 mChannel Use After Free exploit by Rh0
...
git-svn-id: file:///home/svn/framework3/trunk@13507 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-10 05:58:02 +00:00
b2733c04db
More PXE dust for extra magic!
...
git-svn-id: file:///home/svn/framework3/trunk@13493 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-05 17:10:27 +00:00
a0168d59a8
Minor fix to comply with the 100 columns per line guideline
...
git-svn-id: file:///home/svn/framework3/trunk@13467 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-01 21:20:29 +00:00
bee7fba3c8
Small typo fix and some minor formatting
...
git-svn-id: file:///home/svn/framework3/trunk@13466 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-01 19:34:01 +00:00
118ca372b3
adding CA Arcserve D2D GWT Credential Information Disclosure module
...
git-svn-id: file:///home/svn/framework3/trunk@13465 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-01 14:40:52 +00:00
df52bfaa4f
Ensure that we check for pcaprub before doing much anything else for those modules that actually require it. In some cases, that means moving open_pcap() up to be the first method call, in others, insert check_pcaprub_loaded first. Also removes a few cases of redundant checking (the Capture mixin does all this already anyway).
...
git-svn-id: file:///home/svn/framework3/trunk@13381 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-27 20:21:47 +00:00
6fc59d5287
Fill in BID reference
...
git-svn-id: file:///home/svn/framework3/trunk@13330 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-24 19:42:40 +00:00
6bf90f884e
Fix debug mode and some extra tabs in JS
...
git-svn-id: file:///home/svn/framework3/trunk@13325 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-24 00:22:29 +00:00
f47a2c7565
Format dictatorship round 2: Fix author e-mail format for all exploit modules
...
git-svn-id: file:///home/svn/framework3/trunk@13297 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-22 20:17:58 +00:00
25c89c2e7a
Put the short jmp in there
...
git-svn-id: file:///home/svn/framework3/trunk@13224 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-19 15:07:00 +00:00
7dbb56b38b
No longer default a target for XP systems; some obscure builds of XP Embedded SP1 have a different offset and not good way to differentiate
...
git-svn-id: file:///home/svn/framework3/trunk@13214 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-19 01:40:26 +00:00
3ca9b51984
oops, a little mistake in the description
...
git-svn-id: file:///home/svn/framework3/trunk@13212 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-18 20:46:08 +00:00
821e9dd68b
Updated metadata, merged code with #4923 . Thx Joff.
...
git-svn-id: file:///home/svn/framework3/trunk@13211 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-18 20:39:27 +00:00
764bb36f44
Wait a little longer for a session (5 seconds)
...
git-svn-id: file:///home/svn/framework3/trunk@13208 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-18 16:05:51 +00:00
8887fe86b8
Either the offset or the env page moves around for this exploit on some non-english systems, do not default the target for 2003 SP0
...
git-svn-id: file:///home/svn/framework3/trunk@13206 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-18 14:59:55 +00:00
2eeffc39fc
Add Iconics GENESIS32 GenBroker exploit by lincoln and corelanc0d3r
...
git-svn-id: file:///home/svn/framework3/trunk@13197 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-17 15:01:46 +00:00
681563adc9
Fix that extra tab in the description
...
git-svn-id: file:///home/svn/framework3/trunk@13194 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-16 05:21:20 +00:00
2e93ba06ba
Add HP NNM ToolBar.exe exploit aganist the OvOSLocale cookie parameter
...
git-svn-id: file:///home/svn/framework3/trunk@13193 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-16 05:14:33 +00:00
86b40e894b
Make room for another exploit against ToolBar.exe
...
git-svn-id: file:///home/svn/framework3/trunk@13192 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-16 04:45:21 +00:00
c412a836ed
add VERBOSE option to all modules and vprint_* methods to use it
...
git-svn-id: file:///home/svn/framework3/trunk@13183 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-15 15:33:35 +00:00
9278b0a5f5
add osvdb ref
...
git-svn-id: file:///home/svn/framework3/trunk@13152 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-11 06:59:00 +00:00
94aea207d3
Remove extra tabs and spaces
...
git-svn-id: file:///home/svn/framework3/trunk@13148 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-10 21:10:45 +00:00
9892eb39eb
Syntax fix
...
git-svn-id: file:///home/svn/framework3/trunk@13147 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-10 20:50:52 +00:00
32a7eb0000
svn propset
...
git-svn-id: file:///home/svn/framework3/trunk@13146 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-10 19:19:00 +00:00
7958516549
Adds Xeros Firefox nstreerange exploit
...
git-svn-id: file:///home/svn/framework3/trunk@13143 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-10 17:12:53 +00:00
sinn3r
jvazquez-r7
Tod Beardsley
Jeff Jarmoc
sinn3r
Steve Tornio
Peter Van Eeckhoutte (corelanc0d3r)
lincoln-corelan
HD Moore
juan
Leonardo Botelho
James Lee
unknown
Steven Seeley
chap0
Carsten Maartmann-Moe
Kurtis Miller
Tod Beardsley
Oliver-Tobias Ripka
Jonathan Cran
Joshua J. Drake
Oliver-Tobias Ripka
Christopher McBee
root
root
Sam Sharps
David Maloney
sam
steponequit
Rob Fuller
Patrick Webster
Wei Chen
Matt Weeks
James Lee
Mario Ceballos
David Rude
amaloteaux