Commit Graph

1373 Commits (c23be2bb79d9b5e90b5171681c3371cd5c05e3d2)

Author SHA1 Message Date
wchen-r7 31279291c2 Resolve merge conflict for ie_unsafe_scripting.rb 2016-03-17 14:42:36 -05:00
wchen-r7 b1b68294bb Update class name 2016-03-17 14:41:23 -05:00
wchen-r7 7b2d717280 Change ranking to manual and restore BAP2 count to 21
Since the exploit requires the target to be configured manually,
it feel more appropriate to be ManualRanking.
2016-03-17 14:39:28 -05:00
James Lee 1375600780
Land #6644, datastore validation on assignment 2016-03-17 11:16:12 -05:00
Brent Cook d70308f76e undo logic changes in adobe_flas_otf_font 2016-03-16 09:52:21 -05:00
Christian Mehlmauer 3123175ac7
use MetasploitModule as a class name 2016-03-08 14:02:44 +01:00
Brent Cook f703fa21d6 Revert "change Metasploit3 class names"
This reverts commit 666ae14259.
2016-03-07 13:19:55 -06:00
Brent Cook 44990e9721 Revert "change Metasploit4 class names"
This reverts commit 3da9535e22.
2016-03-07 13:19:48 -06:00
Christian Mehlmauer 3da9535e22
change Metasploit4 class names 2016-03-07 09:57:22 +01:00
Christian Mehlmauer 666ae14259
change Metasploit3 class names 2016-03-07 09:56:58 +01:00
Brent Cook c7c0e12bb3 remove various module hacks for the datastore defaults not preserving types 2016-03-05 23:11:39 -06:00
wchen-r7 6188da054d Remove // 2016-02-25 22:20:48 -06:00
wchen-r7 4cea6c0236 Update ie_unsafe_scripting to use BrowserExploitServer
This patch updates the ie_unsafe_scripting exploit to use the
BrowserExploitServer mixin in order to implement a JavaScript check.
The JS check allows the exploit to determine whether or not it is
in the poorly configured zone before firing.

It also adds another datastore option to carefully avoid IEs that
come with Protected Mode enabled by default. This is even though
IE allows unsafe ActiveX, PM could still block the malicious VBS or
Powershell execution by showing a security prompt. This is not ideal
during BrowserAutopwn.

And finally, since BAP2 can automatically load this exploit, we
bump the MaxExploitCount to 22 to continue favoring the
adobe_flash_uncompress_zlib_uninitialized module to be on the
default list.

Resolves #6341 for the purpose of better user experience.
2016-02-04 15:12:57 -06:00
Jon Hart 27a6aa0be1
Fix current msftidy warnings about PACKETSTORM vs URL 2015-12-24 09:05:02 -08:00
wchen-r7 591da3c97e Please use exploit/multi/browser/adobe_flash_pixel_bender_bof
Time to say goodbye to:
exploits/windows/browser/adobe_flash_pixel_bender_bof.rb

Please use:
exploit/multi/browser/adobe_flash_pixel_bender_bof

Reason: The replacement supports multiple platforms, so better.
2015-11-24 20:37:57 -06:00
Louis Sato 2bd792f693
remove .rb file extension 2015-10-30 15:26:45 -05:00
wchen-r7 82e600a53a Suggest the correct replacement for the deprecated module
The deprecated module has been suggesting the wrong replacement,
it should be exploits/multi/browser/adobe_flash_pixel_bender_bof.rb
2015-10-29 16:24:29 -05:00
wchen-r7 da52c36687 Put back some links 2015-10-29 15:48:47 -05:00
wchen-r7 154fb585f4 Remove bad references (dead links)
These links are no longer available. They are dead links.
2015-10-27 12:41:32 -05:00
HD Moore cd65478d29
Land #5826, swap ExitFunction -> EXITFUNC 2015-09-01 13:58:12 -05:00
Christian Mehlmauer 115f409fef
change exitfunc to thread 2015-09-01 10:48:07 +02:00
Christian Mehlmauer 5398bf78eb
change exitfunc to thread 2015-09-01 10:46:54 +02:00
HD Moore 42e08cbe07 Fix bad use of get_profile (now browser_profile) 2015-08-14 19:50:42 -05:00
Christian Mehlmauer 80a22412d9 use EXITFUNC instead of ExitFunction 2015-08-13 21:22:32 +02:00
HD Moore a7b5890dc5 Fix URIPATH=/ and stack trace on missing ntdll version match 2015-07-25 15:39:20 -07:00
wchen-r7 29defc979b Fix #5740, remove variable ROP for adobe_flashplayer_flash10o 2015-07-17 16:57:37 -05:00
wchen-r7 e638d85f30
Merge branch 'upstream-master' into bapv2 2015-07-12 02:01:09 -05:00
wchen-r7 c37b60de7b Do some print_status with ms14_064 2015-07-07 00:57:37 -05:00
wchen-r7 8051a99f4a
Merge branch 'upstream-master' into bapv2 2015-07-01 18:45:42 -05:00
William Vu 3632cc44c5 Fix nil error when target not found 2015-06-30 11:48:41 -05:00
wchen-r7 9da99a8265
Merge branch 'upstream-master' into bapv2 2015-06-19 11:36:27 -05:00
wchen-r7 13a3f2781d Change ExcellentRanking to GoodRanking for MS14-064
The ms14_064_ole_code_execution exploit's ranking is being lowered
to GoodRanking because of these two reasons:

1. The vulnerable component isn't in Internet Explorer. And BES can't
   check it so the exploit still fires even if the target is patched.
2. Although rare, we've seen the exploit crashing IE, and since this
   is a memory curruption type of bug, it should not be in Excellent
   ranking anyway.
2015-06-18 13:07:44 -05:00
William Vu 8d640a0c8f
Land #5527, multi/handler -> exploit/multi/handler 2015-06-15 10:23:26 -05:00
wchen-r7 17b8ddc68a
Land #5524, adobe_flash_pixel_bender_bof in flash renderer 2015-06-15 02:42:16 -05:00
g0tmi1k a53ca53a6a Fix inconstancy - multi/handler 2015-06-12 21:23:51 +01:00
jvazquez-r7 8ed13b1d1b
Add linux support for CVE-2014-0515 2015-06-11 16:18:50 -05:00
wchen-r7 ae21b0c260
Land #5523, adobe_flash_domain_memory_uaf in the flash renderer 2015-06-10 16:59:19 -05:00
wchen-r7 4c5b1fbcef
Land #5522, adobe_flash_worker_byte_array_uaf in the flash renderer 2015-06-10 14:49:41 -05:00
jvazquez-r7 6c7ee10520 Update to use the new flash Exploiter 2015-06-10 13:52:43 -05:00
wchen-r7 d622c782ef
Land #5519, adobe_flash_uncompress_zlib_uninitialized in the flash renderer 2015-06-10 11:52:47 -05:00
jvazquez-r7 fb531d0069
Update version coverage 2015-06-10 09:38:00 -05:00
jvazquez-r7 a6fe383852
Use AS Exploiter 2015-06-10 09:32:52 -05:00
jvazquez-r7 e5d6c9a3cb Make last code cleanup 2015-06-09 16:01:57 -05:00
jvazquez-r7 cf8c6b510b
Debug version working 2015-06-09 15:46:21 -05:00
jvazquez-r7 b7f0fad72f
Modify CVE-2014-0569 to use the flash exploitation code 2015-06-09 11:31:39 -05:00
wchen-r7 ee13a215e9
Merge branch 'upstream-master' into bapv2 2015-06-05 14:09:07 -05:00
jvazquez-r7 318f67fcda
update descriptions 2015-06-05 09:01:20 -05:00
wchen-r7 69968fc9f1 Merge branch 'upstream-master' into bapv2 2015-06-04 23:36:24 -05:00
jvazquez-r7 02181addc5
Update CVE-2014-0556 2015-06-04 18:23:50 -05:00
wchen-r7 e83677d29d rm deprecated mod 2015-05-29 17:43:26 -05:00