Matt Miller
6cfab21bcb
fixes for Vista, brute forcing
...
git-svn-id: file:///home/svn/framework3/trunk@4598 4d416f70-5f16-0410-b530-b9f4589650da
2007-04-01 20:33:35 +00:00
HD Moore
86f4bfd514
This module should be ready for the stable tree...
...
git-svn-id: file:///home/svn/framework3/trunk@4597 4d416f70-5f16-0410-b530-b9f4589650da
2007-04-01 19:00:32 +00:00
HD Moore
24ba17aceb
This module now defaults to using all targets at once :-)
...
git-svn-id: file:///home/svn/framework3/trunk@4596 4d416f70-5f16-0410-b530-b9f4589650da
2007-04-01 18:25:14 +00:00
HD Moore
e707423987
Too early this morning...
...
git-svn-id: file:///home/svn/framework3/trunk@4595 4d416f70-5f16-0410-b530-b9f4589650da
2007-04-01 18:02:22 +00:00
HD Moore
3a8d90bb62
Woops, introduced a typo
...
git-svn-id: file:///home/svn/framework3/trunk@4594 4d416f70-5f16-0410-b530-b9f4589650da
2007-04-01 18:01:58 +00:00
HD Moore
0cc8db610b
Merged in skape's Vista support, cleaned things up
...
git-svn-id: file:///home/svn/framework3/trunk@4593 4d416f70-5f16-0410-b530-b9f4589650da
2007-04-01 17:58:12 +00:00
HD Moore
3858b33e9c
Comitting with a slightly better name and more information
...
git-svn-id: file:///home/svn/framework3/trunk@4592 4d416f70-5f16-0410-b530-b9f4589650da
2007-03-31 15:26:23 +00:00
HD Moore
473c2c98f9
Rename 1
...
git-svn-id: file:///home/svn/framework3/trunk@4591 4d416f70-5f16-0410-b530-b9f4589650da
2007-03-31 15:25:55 +00:00
HD Moore
f8cdcb8ac8
This adds support for the new ANI exploit module and updates the apple/realplayer modules to include the proper svn:keywords
...
git-svn-id: file:///home/svn/framework3/trunk@4588 4d416f70-5f16-0410-b530-b9f4589650da
2007-03-31 05:29:37 +00:00
Mario Ceballos
c9de2f34b4
added exploit module easyfilesharing_pass.rb
...
git-svn-id: file:///home/svn/framework3/trunk@4579 4d416f70-5f16-0410-b530-b9f4589650da
2007-03-26 21:20:27 +00:00
Mario Ceballos
179f08aee9
added exploit module wftpd_size.rb
...
git-svn-id: file:///home/svn/framework3/trunk@4578 4d416f70-5f16-0410-b530-b9f4589650da
2007-03-26 21:18:44 +00:00
Mario Ceballos
7da1b8f473
module clean up.
...
git-svn-id: file:///home/svn/framework3/trunk@4577 4d416f70-5f16-0410-b530-b9f4589650da
2007-03-26 21:17:40 +00:00
Mario Ceballos
fcb4fb8832
added exploit module mercury_login.rb
...
git-svn-id: file:///home/svn/framework3/trunk@4576 4d416f70-5f16-0410-b530-b9f4589650da
2007-03-26 21:16:26 +00:00
HD Moore
d446bd2520
Remove incomplete exploit, fixes #46
...
git-svn-id: file:///home/svn/framework3/trunk@4562 4d416f70-5f16-0410-b530-b9f4589650da
2007-03-25 05:26:48 +00:00
HD Moore
d14221898d
Merge in the new generic PHP exploit with new targets
...
Added type definitions to HTTP::Client
git-svn-id: file:///home/svn/framework3/trunk@4537 4d416f70-5f16-0410-b530-b9f4589650da
2007-03-17 20:10:57 +00:00
HD Moore
207b1aec83
Removed the two app-specific modules and replaced with a generic module
...
git-svn-id: file:///home/svn/framework3/trunk@4535 4d416f70-5f16-0410-b530-b9f4589650da
2007-03-17 18:55:25 +00:00
HD Moore
bd0210c863
Updated the check() function to also look at the Server. Added a PunBB module.
...
git-svn-id: file:///home/svn/framework3/trunk@4534 4d416f70-5f16-0410-b530-b9f4589650da
2007-03-17 18:08:41 +00:00
HD Moore
d17b153e23
Adds check() support to this module
...
git-svn-id: file:///home/svn/framework3/trunk@4533 4d416f70-5f16-0410-b530-b9f4589650da
2007-03-17 04:43:25 +00:00
HD Moore
3e4434c650
Adds Windows 2003 SP0 support, fixes #57
...
git-svn-id: file:///home/svn/framework3/trunk@4532 4d416f70-5f16-0410-b530-b9f4589650da
2007-03-12 13:19:28 +00:00
Mario Ceballos
87a49aba03
fixed some spacing.. sorry bout that!
...
git-svn-id: file:///home/svn/framework3/trunk@4530 4d416f70-5f16-0410-b530-b9f4589650da
2007-03-12 01:15:45 +00:00
HD Moore
f915504cfa
Fix #53 , use Author, not Authors
...
git-svn-id: file:///home/svn/framework3/trunk@4529 4d416f70-5f16-0410-b530-b9f4589650da
2007-03-12 01:08:18 +00:00
Mario Ceballos
6c82219b81
module clean-up, fixes #36
...
git-svn-id: file:///home/svn/framework3/trunk@4528 4d416f70-5f16-0410-b530-b9f4589650da
2007-03-12 01:07:57 +00:00
Matt Miller
f8f191c9db
authors vs author typo, fixes #53
...
git-svn-id: file:///home/svn/framework3/trunk@4527 4d416f70-5f16-0410-b530-b9f4589650da
2007-03-12 00:58:57 +00:00
HD Moore
4e78e6dae0
Added some targetting notes
...
git-svn-id: file:///home/svn/framework3/trunk@4519 4d416f70-5f16-0410-b530-b9f4589650da
2007-03-11 16:30:23 +00:00
HD Moore
4600da9b8e
Tag-team effort by hdm and gml (based on stefan's PoC)
...
git-svn-id: file:///home/svn/framework3/trunk@4515 4d416f70-5f16-0410-b530-b9f4589650da
2007-03-11 01:03:02 +00:00
HD Moore
9408d89b79
Complete rewrite of nsiislog_post, fixes #41
...
git-svn-id: file:///home/svn/framework3/trunk@4514 4d416f70-5f16-0410-b530-b9f4589650da
2007-03-10 07:23:25 +00:00
HD Moore
db198485a4
This fixes #44 . The XP string was missing NDR encoding and null termination.
...
git-svn-id: file:///home/svn/framework3/trunk@4511 4d416f70-5f16-0410-b530-b9f4589650da
2007-03-10 03:28:05 +00:00
HD Moore
851328fbae
Fixes a typo where an empty 'when' was used instead of an 'else', fixes #50
...
git-svn-id: file:///home/svn/framework3/trunk@4510 4d416f70-5f16-0410-b530-b9f4589650da
2007-03-10 03:06:38 +00:00
HD Moore
539a8cdead
Fix a typo
...
git-svn-id: file:///home/svn/framework3/trunk@4508 4d416f70-5f16-0410-b530-b9f4589650da
2007-03-09 06:05:22 +00:00
HD Moore
a978507ed6
Resolves a typo, fixes #45
...
git-svn-id: file:///home/svn/framework3/trunk@4505 4d416f70-5f16-0410-b530-b9f4589650da
2007-03-08 13:54:11 +00:00
HD Moore
ac66c2d0e3
Resolves a typo in the class name, fixes #47
...
git-svn-id: file:///home/svn/framework3/trunk@4504 4d416f70-5f16-0410-b530-b9f4589650da
2007-03-08 13:46:33 +00:00
HD Moore
24a6597ff9
Includes another patch from solar, fixes #34 , this should actually work for everyone else's system now :-)
...
git-svn-id: file:///home/svn/framework3/trunk@4502 4d416f70-5f16-0410-b530-b9f4589650da
2007-03-06 13:29:17 +00:00
Mario Ceballos
8281a031b1
quick patch
...
git-svn-id: file:///home/svn/framework3/trunk@4501 4d416f70-5f16-0410-b530-b9f4589650da
2007-03-06 01:43:48 +00:00
Mario Ceballos
36ae1a736e
added exploit module nmap_stor.rb
...
git-svn-id: file:///home/svn/framework3/trunk@4499 4d416f70-5f16-0410-b530-b9f4589650da
2007-03-01 12:44:47 +00:00
Matt Miller
d42194e14a
updated modules to use base class rand_xxx methods
...
git-svn-id: file:///home/svn/framework3/trunk@4498 4d416f70-5f16-0410-b530-b9f4589650da
2007-03-01 08:21:36 +00:00
Matt Miller
99f9fb5353
add advanced option to control exiting after a session is created
...
git-svn-id: file:///home/svn/framework3/trunk@4488 4d416f70-5f16-0410-b530-b9f4589650da
2007-02-27 18:57:47 +00:00
HD Moore
ac84768d8b
This fixes #34 by using the appropriate field to calculate the seh offset.
...
git-svn-id: file:///home/svn/framework3/trunk@4487 4d416f70-5f16-0410-b530-b9f4589650da
2007-02-27 09:38:47 +00:00
HD Moore
05bd9125ce
This fixes #40 by defining the buf variable
...
git-svn-id: file:///home/svn/framework3/trunk@4486 4d416f70-5f16-0410-b530-b9f4589650da
2007-02-27 09:33:26 +00:00
HD Moore
64a868ee46
Woops, forgot to remove some debugging information
...
git-svn-id: file:///home/svn/framework3/trunk@4485 4d416f70-5f16-0410-b530-b9f4589650da
2007-02-27 09:32:19 +00:00
HD Moore
06899ee895
This should fix #39 , the exploit will detect when the DLL is not installed
...
git-svn-id: file:///home/svn/framework3/trunk@4484 4d416f70-5f16-0410-b530-b9f4589650da
2007-02-27 09:31:54 +00:00
HD Moore
a99c6b4f22
Hopefully this fixes #38 , I think it was just a dumb error during porting (missing / from the exploit uri)
...
git-svn-id: file:///home/svn/framework3/trunk@4482 4d416f70-5f16-0410-b530-b9f4589650da
2007-02-27 09:16:40 +00:00
HD Moore
5858cbdc7e
This fixes #37 . This module needs an overhaul to match the new HTTP options.
...
git-svn-id: file:///home/svn/framework3/trunk@4480 4d416f70-5f16-0410-b530-b9f4589650da
2007-02-27 08:58:45 +00:00
HD Moore
6fe02e7fd8
Use a default platform
...
git-svn-id: file:///home/svn/framework3/trunk@4475 4d416f70-5f16-0410-b530-b9f4589650da
2007-02-26 10:46:52 +00:00
HD Moore
2602891506
Update the check method to use the new API, fixes #30
...
git-svn-id: file:///home/svn/framework3/trunk@4460 4d416f70-5f16-0410-b530-b9f4589650da
2007-02-22 07:34:03 +00:00
HD Moore
819e24edd6
Fix a typo during port, this fixes #29 .
...
git-svn-id: file:///home/svn/framework3/trunk@4458 4d416f70-5f16-0410-b530-b9f4589650da
2007-02-22 07:19:41 +00:00
HD Moore
1795e6637d
fixes #28 (thanks alex!)
...
git-svn-id: file:///home/svn/framework3/trunk@4451 4d416f70-5f16-0410-b530-b9f4589650da
2007-02-21 03:34:41 +00:00
HD Moore
a3030f2a01
fix #18
...
git-svn-id: file:///home/svn/framework3/trunk@4445 4d416f70-5f16-0410-b530-b9f4589650da
2007-02-19 15:28:47 +00:00
HD Moore
abbeb2e87e
Adding an Id tag and a standard header to all modules
...
git-svn-id: file:///home/svn/framework3/trunk@4419 4d416f70-5f16-0410-b530-b9f4589650da
2007-02-18 00:10:39 +00:00
Mario Ceballos
255d1ca4ce
added exploit module fuser.rb
...
git-svn-id: file:///home/svn/framework3/trunk@4406 4d416f70-5f16-0410-b530-b9f4589650da
2007-02-17 13:52:50 +00:00
HD Moore
839ac9fc38
Do not exit after a session is obtained
...
git-svn-id: file:///home/svn/framework3/trunk@4396 4d416f70-5f16-0410-b530-b9f4589650da
2007-02-15 22:17:50 +00:00
Mario Ceballos
3b732cc4ba
rm'd...
...
git-svn-id: file:///home/svn/framework3/trunk@4391 4d416f70-5f16-0410-b530-b9f4589650da
2007-02-15 19:15:54 +00:00
Mario Ceballos
baff366a9a
rm'd..
...
git-svn-id: file:///home/svn/framework3/trunk@4390 4d416f70-5f16-0410-b530-b9f4589650da
2007-02-15 19:15:31 +00:00
Mario Ceballos
9418e3d1bc
renamed....
...
git-svn-id: file:///home/svn/framework3/trunk@4389 4d416f70-5f16-0410-b530-b9f4589650da
2007-02-15 19:13:35 +00:00
Mario Ceballos
1985df06f5
renamed...
...
git-svn-id: file:///home/svn/framework3/trunk@4388 4d416f70-5f16-0410-b530-b9f4589650da
2007-02-15 19:08:55 +00:00
HD Moore
e67f32c9e5
slightly less stupidity (thanks solar!)
...
git-svn-id: file:///home/svn/framework3/trunk@4360 4d416f70-5f16-0410-b530-b9f4589650da
2007-02-11 22:37:44 +00:00
HD Moore
a0c125e118
A new port of my 2.x createobject exploit
...
git-svn-id: file:///home/svn/framework3/trunk@4345 4d416f70-5f16-0410-b530-b9f4589650da
2007-02-10 19:41:54 +00:00
Mario Ceballos
011d3784b3
added exploit module lgserver.rb.
...
git-svn-id: file:///home/svn/framework3/trunk@4317 4d416f70-5f16-0410-b530-b9f4589650da
2007-02-04 01:58:50 +00:00
Mario Ceballos
10a288240b
added exploit module novell_netmail_auth.rb.
...
git-svn-id: file:///home/svn/framework3/trunk@4312 4d416f70-5f16-0410-b530-b9f4589650da
2007-02-03 13:11:01 +00:00
Mario Ceballos
fe2b668918
added exploit module realplayer_smil.rb.
...
git-svn-id: file:///home/svn/framework3/trunk@4311 4d416f70-5f16-0410-b530-b9f4589650da
2007-02-03 13:10:31 +00:00
Mario Ceballos
4678cfc7b8
added exploit module apple_itunes_playlist.rb.
...
git-svn-id: file:///home/svn/framework3/trunk@4310 4d416f70-5f16-0410-b530-b9f4589650da
2007-02-03 13:09:45 +00:00
Mario Ceballos
378101697e
added support for BrightStor ARCserve r11.5 SP2 in messege_engine.rb.
...
git-svn-id: file:///home/svn/framework3/trunk@4306 4d416f70-5f16-0410-b530-b9f4589650da
2007-01-31 23:36:24 +00:00
Mario Ceballos
5045de795a
added some NDR stuff to messege_engine.rb
...
git-svn-id: file:///home/svn/framework3/trunk@4304 4d416f70-5f16-0410-b530-b9f4589650da
2007-01-30 12:09:23 +00:00
Matt Miller
114050ef6b
foo
...
git-svn-id: file:///home/svn/framework3/trunk@4302 4d416f70-5f16-0410-b530-b9f4589650da
2007-01-30 04:11:14 +00:00
Mario Ceballos
7e4484db77
added exploit module messege_engine.rb, much more reliable than the heap vector....
...
git-svn-id: file:///home/svn/framework3/trunk@4301 4d416f70-5f16-0410-b530-b9f4589650da
2007-01-30 01:23:48 +00:00
Mario Ceballos
b165dfb535
fixed the BID.
...
git-svn-id: file:///home/svn/framework3/trunk@4300 4d416f70-5f16-0410-b530-b9f4589650da
2007-01-29 13:58:10 +00:00
Mario Ceballos
694a356509
added exploit module messege_engine_heap.rb
...
git-svn-id: file:///home/svn/framework3/trunk@4299 4d416f70-5f16-0410-b530-b9f4589650da
2007-01-29 01:15:33 +00:00
Matt Miller
52f27ab10b
poptop ported
...
git-svn-id: file:///home/svn/framework3/trunk@4297 4d416f70-5f16-0410-b530-b9f4589650da
2007-01-28 19:02:22 +00:00
HD Moore
f8d730a9b7
Exploit port by Diaul
...
git-svn-id: file:///home/svn/framework3/trunk@4296 4d416f70-5f16-0410-b530-b9f4589650da
2007-01-26 23:55:01 +00:00
Mario Ceballos
a621971326
"Windows version and SP independent." ....
...
git-svn-id: file:///home/svn/framework3/trunk@4295 4d416f70-5f16-0410-b530-b9f4589650da
2007-01-25 23:08:32 +00:00
Mario Ceballos
764cbc7a67
sorry about that, added EXITFUNC for exploit module tape_engine.rb.
...
git-svn-id: file:///home/svn/framework3/trunk@4282 4d416f70-5f16-0410-b530-b9f4589650da
2007-01-18 12:58:31 +00:00
Mario Ceballos
9db5f3faff
added exploit module tape_engine.rb
...
git-svn-id: file:///home/svn/framework3/trunk@4280 4d416f70-5f16-0410-b530-b9f4589650da
2007-01-18 02:57:52 +00:00
Matt Miller
9dd4cbb337
port mailenable
...
git-svn-id: file:///home/svn/framework3/trunk@4273 4d416f70-5f16-0410-b530-b9f4589650da
2007-01-07 23:33:03 +00:00
Matt Miller
9abd1353d6
ported privatewire
...
git-svn-id: file:///home/svn/framework3/trunk@4272 4d416f70-5f16-0410-b530-b9f4589650da
2007-01-07 07:54:30 +00:00
Matt Miller
28ef83cbe3
blackice port
...
git-svn-id: file:///home/svn/framework3/trunk@4269 4d416f70-5f16-0410-b530-b9f4589650da
2007-01-07 07:27:51 +00:00
Matt Miller
94348ea6c1
seattelab
...
git-svn-id: file:///home/svn/framework3/trunk@4267 4d416f70-5f16-0410-b530-b9f4589650da
2007-01-07 06:27:17 +00:00
HD Moore
b278bef22d
Reference updates
...
git-svn-id: file:///home/svn/framework3/trunk@4266 4d416f70-5f16-0410-b530-b9f4589650da
2007-01-05 14:44:09 +00:00
Matt Miller
8185f67cbd
svnserve date
...
git-svn-id: file:///home/svn/framework3/trunk@4264 4d416f70-5f16-0410-b530-b9f4589650da
2007-01-05 06:36:26 +00:00
HD Moore
9dc2148eb9
Moved the other web app bugs into the right place, added php_wordpress_lastpost
...
git-svn-id: file:///home/svn/framework3/trunk@4262 4d416f70-5f16-0410-b530-b9f4589650da
2007-01-05 05:58:13 +00:00
HD Moore
752cc9f978
Added the PAJAX exploit
...
git-svn-id: file:///home/svn/framework3/trunk@4261 4d416f70-5f16-0410-b530-b9f4589650da
2007-01-05 05:38:28 +00:00
HD Moore
d09046a5b9
Accessing res['header'] is now case insensitive for HTTP responses
...
Added the Google Appliance exploit
git-svn-id: file:///home/svn/framework3/trunk@4259 4d416f70-5f16-0410-b530-b9f4589650da
2007-01-05 05:22:39 +00:00
HD Moore
de5c27e39f
Exploit ports
...
git-svn-id: file:///home/svn/framework3/trunk@4257 4d416f70-5f16-0410-b530-b9f4589650da
2007-01-05 04:28:32 +00:00
HD Moore
8fd09e3880
Renamed
...
git-svn-id: file:///home/svn/framework3/trunk@4256 4d416f70-5f16-0410-b530-b9f4589650da
2007-01-05 03:48:16 +00:00
HD Moore
e936701a5a
Updates
...
git-svn-id: file:///home/svn/framework3/trunk@4255 4d416f70-5f16-0410-b530-b9f4589650da
2007-01-05 03:47:44 +00:00
Mario Ceballos
2f5d44b91a
added exploit module apple_quicktime_rtsp.rb
...
git-svn-id: file:///home/svn/framework3/trunk@4250 4d416f70-5f16-0410-b530-b9f4589650da
2007-01-02 17:51:43 +00:00
Mario Ceballos
d1a1086ab6
added exploit module novell_netmail_subscribe.rb
...
git-svn-id: file:///home/svn/framework3/trunk@4249 4d416f70-5f16-0410-b530-b9f4589650da
2007-01-01 14:13:16 +00:00
Mario Ceballos
c4060f2e51
added exploit module novell_netmail_status.rb
...
git-svn-id: file:///home/svn/framework3/trunk@4248 4d416f70-5f16-0410-b530-b9f4589650da
2007-01-01 14:12:48 +00:00
Mario Ceballos
ad5f37c5dd
added exploit module novell_netmail_append.rb
...
git-svn-id: file:///home/svn/framework3/trunk@4247 4d416f70-5f16-0410-b530-b9f4589650da
2007-01-01 14:12:22 +00:00
Mario Ceballos
84c7edbbc5
ported mercur_imap_select_overflow.pm, untested.
...
git-svn-id: file:///home/svn/framework3/trunk@4245 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-31 00:10:16 +00:00
HD Moore
b221af7791
Integration of the new HTTP Client API
...
git-svn-id: file:///home/svn/framework3/trunk@4241 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-28 23:42:36 +00:00
HD Moore
e60e7bede3
No longer use the HTTP API
...
git-svn-id: file:///home/svn/framework3/trunk@4240 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-28 20:22:22 +00:00
Matt Miller
1c12ab1178
switch to use rex for base64
...
git-svn-id: file:///home/svn/framework3/trunk@4239 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-28 19:58:57 +00:00
Matt Miller
0a52601435
ported, untested
...
git-svn-id: file:///home/svn/framework3/trunk@4233 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-28 06:17:56 +00:00
Matt Miller
49567c1d0e
ported, untested
...
git-svn-id: file:///home/svn/framework3/trunk@4231 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-28 05:57:39 +00:00
Mario Ceballos
fb589f976d
added exploit module mercur_login.rb. nice little pre-auth as a result of
...
porting the mercur_imap_select_overflow.pm module.
git-svn-id: file:///home/svn/framework3/trunk@4229 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-27 22:43:39 +00:00
Mario Ceballos
8a67eb81f9
port of wmailserver_smtp
...
git-svn-id: file:///home/svn/framework3/trunk@4227 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-23 18:32:21 +00:00
Mario Ceballos
bc27c8707b
port of badblue_ext_overflow
...
git-svn-id: file:///home/svn/framework3/trunk@4226 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-23 18:31:57 +00:00
HD Moore
bac6d34ded
Change the automatic target to be more consistent with the other modules
...
git-svn-id: file:///home/svn/framework3/trunk@4219 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-18 19:13:24 +00:00
HD Moore
b2fbf8eb54
Addition of the isComponentInstalled() exploit and updates to the createTextRange() module
...
git-svn-id: file:///home/svn/framework3/trunk@4218 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-17 08:03:43 +00:00
HD Moore
5dc9f27618
Slight cleanups -- still not ready for real use
...
git-svn-id: file:///home/svn/framework3/trunk@4216 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-17 08:02:35 +00:00
HD Moore
ffc626675b
Initial support for PHP payloads
...
git-svn-id: file:///home/svn/framework3/trunk@4215 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-17 07:57:51 +00:00
HD Moore
8a922d0641
Always use IO.read vs IO.readlines.join
...
git-svn-id: file:///home/svn/framework3/trunk@4211 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-17 07:00:44 +00:00
HD Moore
a8776d85df
Renamed to match the new MSB number
...
git-svn-id: file:///home/svn/framework3/trunk@4209 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-17 02:37:45 +00:00
HD Moore
6fef5abeda
Resolve a crash bug in the send_response_html() method
...
Add the MS06_013 CreateTextRange() exploit
git-svn-id: file:///home/svn/framework3/trunk@4208 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-17 02:34:27 +00:00
Mario Ceballos
0675398f2b
more ports
...
git-svn-id: file:///home/svn/framework3/trunk@4206 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-15 15:28:00 +00:00
Mario Ceballos
bd43475166
fixed spacing shizzle.
...
git-svn-id: file:///home/svn/framework3/trunk@4205 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-14 22:46:50 +00:00
Mario Ceballos
529b808fc9
module clean up for ultravnc_client.rb
...
git-svn-id: file:///home/svn/framework3/trunk@4204 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-14 22:39:58 +00:00
Mario Ceballos
cfdd264f2d
module clean up for realvnc_client.rb
...
git-svn-id: file:///home/svn/framework3/trunk@4203 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-14 22:39:36 +00:00
Mario Ceballos
da040e19ad
port of realvnc/ultravnc modules
...
git-svn-id: file:///home/svn/framework3/trunk@4201 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-14 19:41:37 +00:00
Mario Ceballos
4de57e8543
port 2.x to 3.0
...
git-svn-id: file:///home/svn/framework3/trunk@4199 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-14 13:50:59 +00:00
Matt Miller
fb161fc3dd
ported putty exploit, untested
...
git-svn-id: file:///home/svn/framework3/trunk@4198 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-14 02:20:21 +00:00
Matt Miller
ac8ded39a4
softcart port
...
git-svn-id: file:///home/svn/framework3/trunk@4195 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-14 01:49:49 +00:00
Mario Ceballos
6a4ffe6e60
fix variable name in ipswitch_wug_maincfgret.rb
...
git-svn-id: file:///home/svn/framework3/trunk@4194 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-14 01:03:47 +00:00
Matt Miller
6ea76fdfbc
squid ntlm authenticate ported, fixed bugs in brute force mixni
...
git-svn-id: file:///home/svn/framework3/trunk@4192 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-14 00:23:56 +00:00
HD Moore
0a3dce3cd2
Modifications from diaul
...
git-svn-id: file:///home/svn/framework3/trunk@4188 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-13 05:46:13 +00:00
Mario Ceballos
fafeb896c1
added yet another mailenable module. mailenable_login.rb
...
git-svn-id: file:///home/svn/framework3/trunk@4187 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-11 19:21:17 +00:00
Mario Ceballos
603f58a90c
since i installed the previous stuff, thought i'd clean up another module.
...
git-svn-id: file:///home/svn/framework3/trunk@4185 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-10 22:21:47 +00:00
Mario Ceballos
6edfda8d62
port of freeftpd_key_exchange.pm to freeftpd_key_exchange.rb
...
git-svn-id: file:///home/svn/framework3/trunk@4183 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-10 16:58:05 +00:00
HD Moore
98e48c2f77
Module cleanup
...
git-svn-id: file:///home/svn/framework3/trunk@4180 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-10 08:21:35 +00:00
HD Moore
6298019847
Module cleanups
...
git-svn-id: file:///home/svn/framework3/trunk@4178 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-10 08:21:00 +00:00
HD Moore
ea204ee0ff
API change for the HTML mixin, the send_response method is no longer overloaded, instead exploits must call send_response_html to enable HTML evasion. The old method caused problems when a exploit needed HTML and non-HTML response capabilities
...
git-svn-id: file:///home/svn/framework3/trunk@4173 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-10 03:26:53 +00:00
HD Moore
206683eebd
Changed Html to HTML
...
git-svn-id: file:///home/svn/framework3/trunk@4169 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-10 02:55:02 +00:00
HD Moore
c30219a7cb
Use the right default port
...
git-svn-id: file:///home/svn/framework3/trunk@4165 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-04 14:07:31 +00:00
HD Moore
9c7cdef7de
Fixes to "extra" commands provided by the auxiliary modules
...
git-svn-id: file:///home/svn/framework3/trunk@4161 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-03 17:46:34 +00:00
pusscat
c619cc6a12
Much closer, but the egg hunter never seems to find the eggs :(
...
git-svn-id: file:///home/svn/framework3/trunk@4158 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-01 16:39:25 +00:00
pusscat
dc0ad61c85
Done, but only works with a few payloads >.>
...
git-svn-id: file:///home/svn/framework3/trunk@4157 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-01 16:38:07 +00:00
HD Moore
20a0f0b86c
self->self.class for the register_options function
...
git-svn-id: file:///home/svn/framework3/trunk@4156 4d416f70-5f16-0410-b530-b9f4589650da
2006-12-01 14:03:24 +00:00
Mario Ceballos
2244630b69
added bid id, and cleaned up exploit buffer for threectftpsvc_long_mode.rb.
...
git-svn-id: file:///home/svn/framework3/trunk@4155 4d416f70-5f16-0410-b530-b9f4589650da
2006-11-29 13:46:14 +00:00
HD Moore
810f80612b
Reference updates
...
git-svn-id: file:///home/svn/framework3/trunk@4154 4d416f70-5f16-0410-b530-b9f4589650da
2006-11-28 17:18:43 +00:00
Mario Ceballos
84f7a28fc7
added exploit module threectftpsvc_long_mode.rb
...
git-svn-id: file:///home/svn/framework3/trunk@4153 4d416f70-5f16-0410-b530-b9f4589650da
2006-11-28 14:41:35 +00:00
Mario Ceballos
55e0b973b1
removed XPSP1 target in xmplay_asx.rb and replaced it with an XPSP2
...
target.
git-svn-id: file:///home/svn/framework3/trunk@4152 4d416f70-5f16-0410-b530-b9f4589650da
2006-11-26 20:00:08 +00:00
Mario Ceballos
296144fa9c
added exploit module xmplay_asx.rb
...
git-svn-id: file:///home/svn/framework3/trunk@4151 4d416f70-5f16-0410-b530-b9f4589650da
2006-11-24 01:12:05 +00:00
HD Moore
7bf91d6760
Updates to the dlink exploit, shiny new netgear exploit
...
git-svn-id: file:///home/svn/framework3/trunk@4146 4d416f70-5f16-0410-b530-b9f4589650da
2006-11-16 06:00:21 +00:00
HD Moore
5c0176e2dd
Better credit to Gil in the comments, made ADDR_DST do something
...
git-svn-id: file:///home/svn/framework3/trunk@4141 4d416f70-5f16-0410-b530-b9f4589650da
2006-11-15 21:23:03 +00:00
pusscat
2ce2ff8a3a
Trying to add this again...
...
git-svn-id: file:///home/svn/framework3/trunk@4140 4d416f70-5f16-0410-b530-b9f4589650da
2006-11-15 19:04:37 +00:00
pusscat
3c8315d2ad
Boyahh muthahfuckers.
...
git-svn-id: file:///home/svn/framework3/trunk@4139 4d416f70-5f16-0410-b530-b9f4589650da
2006-11-15 17:27:36 +00:00
Mario Ceballos
6117311fe0
fixed spacing...
...
git-svn-id: file:///home/svn/framework3/trunk@4138 4d416f70-5f16-0410-b530-b9f4589650da
2006-11-15 01:04:34 +00:00
Mario Ceballos
dbb3cf8482
fixed spacing...
...
git-svn-id: file:///home/svn/framework3/trunk@4137 4d416f70-5f16-0410-b530-b9f4589650da
2006-11-15 01:02:04 +00:00
Mario Ceballos
dd8c1d3ffe
fixed spacing ...
...
git-svn-id: file:///home/svn/framework3/trunk@4136 4d416f70-5f16-0410-b530-b9f4589650da
2006-11-14 01:44:57 +00:00
Mario Ceballos
c2afef0978
fixed spacing..
...
git-svn-id: file:///home/svn/framework3/trunk@4135 4d416f70-5f16-0410-b530-b9f4589650da
2006-11-14 01:43:42 +00:00
HD Moore
8863474c57
Release time :-)
...
git-svn-id: file:///home/svn/framework3/trunk@4134 4d416f70-5f16-0410-b530-b9f4589650da
2006-11-13 17:03:34 +00:00
Mario Ceballos
313fb089fb
added exploit module cesarftp_mkd.rb, with spacing fixed ;)
...
git-svn-id: file:///home/svn/framework3/trunk@4131 4d416f70-5f16-0410-b530-b9f4589650da
2006-11-12 15:57:37 +00:00
Mario Ceballos
e65978b86d
added exploit module navicopa_get_overflow.rb, with spacing fixed ;)
...
git-svn-id: file:///home/svn/framework3/trunk@4130 4d416f70-5f16-0410-b530-b9f4589650da
2006-11-12 15:55:06 +00:00
HD Moore
03927d92ff
Cosmetic and exit when a session is created
...
git-svn-id: file:///home/svn/framework3/trunk@4125 4d416f70-5f16-0410-b530-b9f4589650da
2006-11-11 10:05:20 +00:00
HD Moore
3d546243a6
Minor cosmetic change
...
git-svn-id: file:///home/svn/framework3/trunk@4124 4d416f70-5f16-0410-b530-b9f4589650da
2006-11-11 05:00:23 +00:00
HD Moore
7cdcf9b269
First kernel remote for Metasploit 3!
...
git-svn-id: file:///home/svn/framework3/trunk@4123 4d416f70-5f16-0410-b530-b9f4589650da
2006-11-11 04:56:11 +00:00
Matt Miller
364df6eac1
fixed MC spacing
...
git-svn-id: file:///home/svn/framework3/trunk@4118 4d416f70-5f16-0410-b530-b9f4589650da
2006-11-09 17:32:56 +00:00
Mario Ceballos
820ef5d853
added exploit module goodtech_telnet.rb
...
git-svn-id: file:///home/svn/framework3/trunk@4116 4d416f70-5f16-0410-b530-b9f4589650da
2006-11-08 23:26:16 +00:00
Mario Ceballos
e659032c35
added exploit module mirc_irc_url.rb
...
git-svn-id: file:///home/svn/framework3/trunk@4104 4d416f70-5f16-0410-b530-b9f4589650da
2006-11-03 19:35:42 +00:00
Mario Ceballos
51a85bc4fb
fixed type :(
...
git-svn-id: file:///home/svn/framework3/trunk@4103 4d416f70-5f16-0410-b530-b9f4589650da
2006-11-02 12:20:05 +00:00
Mario Ceballos
000f8d2e2b
add exploit module aim_triton_cseq.rb
...
git-svn-id: file:///home/svn/framework3/trunk@4102 4d416f70-5f16-0410-b530-b9f4589650da
2006-11-02 01:16:40 +00:00
Mario Ceballos
4330ed57e0
added exploit module sipxphone_cseq.rb
...
git-svn-id: file:///home/svn/framework3/trunk@4097 4d416f70-5f16-0410-b530-b9f4589650da
2006-11-01 12:14:54 +00:00
Mario Ceballos
1823a3df8e
added exploit module ipswitch_wug_maincfgret.rb
...
git-svn-id: file:///home/svn/framework3/trunk@4096 4d416f70-5f16-0410-b530-b9f4589650da
2006-11-01 12:14:17 +00:00
HD Moore
b4742a1252
Bug fixes to SMB OS detection
...
git-svn-id: file:///home/svn/framework3/trunk@4084 4d416f70-5f16-0410-b530-b9f4589650da
2006-10-29 16:35:37 +00:00
Mario Ceballos
2f071d49f5
added exploit module edirectory_host.rb
...
git-svn-id: file:///home/svn/framework3/trunk@4060 4d416f70-5f16-0410-b530-b9f4589650da
2006-10-27 14:25:42 +00:00
Mario Ceballos
a2cc409833
added exploit module oracle9i_xdb_pass.rb
...
git-svn-id: file:///home/svn/framework3/trunk@4059 4d416f70-5f16-0410-b530-b9f4589650da
2006-10-26 13:17:43 +00:00
Mario Ceballos
2b0ad5de47
added exploit module eudora_list.rb.
...
git-svn-id: file:///home/svn/framework3/trunk@4054 4d416f70-5f16-0410-b530-b9f4589650da
2006-10-25 22:03:40 +00:00
Matt Miller
2c5cf95d0f
removed modules that don't currently function
...
git-svn-id: file:///home/svn/framework3/trunk@4052 4d416f70-5f16-0410-b530-b9f4589650da
2006-10-25 13:29:25 +00:00
Matt Miller
a164297f2a
updated target name
...
git-svn-id: file:///home/svn/framework3/trunk@4046 4d416f70-5f16-0410-b530-b9f4589650da
2006-10-17 01:59:09 +00:00
Matt Miller
465ea3c677
initial integration of basic kernel-mode payload support
...
git-svn-id: file:///home/svn/framework3/trunk@4044 4d416f70-5f16-0410-b530-b9f4589650da
2006-10-16 23:59:14 +00:00
HD Moore
667adc68e9
Import from MC
...
git-svn-id: file:///home/svn/framework3/trunk@4024 4d416f70-5f16-0410-b530-b9f4589650da
2006-10-15 07:58:48 +00:00
HD Moore
b5fb11ac91
Added by LMH
...
git-svn-id: file:///home/svn/framework3/trunk@4022 4d416f70-5f16-0410-b530-b9f4589650da
2006-10-15 07:53:19 +00:00
Matt Miller
b354c82258
ypops overflow ported
...
git-svn-id: file:///home/svn/framework3/trunk@4021 4d416f70-5f16-0410-b530-b9f4589650da
2006-10-12 03:24:31 +00:00
Matt Miller
f1fb05690f
misc bugfixes in the http subsystem
...
git-svn-id: file:///home/svn/framework3/trunk@4019 4d416f70-5f16-0410-b530-b9f4589650da
2006-10-11 09:27:39 +00:00
Matt Miller
7f981714a6
ported realserver describe exploit
...
git-svn-id: file:///home/svn/framework3/trunk@4018 4d416f70-5f16-0410-b530-b9f4589650da
2006-10-11 09:18:01 +00:00
Matt Miller
abf2e057c8
apache chunked encoding win32 port
...
git-svn-id: file:///home/svn/framework3/trunk@4017 4d416f70-5f16-0410-b530-b9f4589650da
2006-10-11 08:31:54 +00:00
HD Moore
33d594e887
Code from MC
...
git-svn-id: file:///home/svn/framework3/trunk@4016 4d416f70-5f16-0410-b530-b9f4589650da
2006-10-10 19:33:49 +00:00
Matt Miller
b477547a3d
partial fix for mod cache issue? committed vlad's new stagers
...
git-svn-id: file:///home/svn/framework3/trunk@4013 4d416f70-5f16-0410-b530-b9f4589650da
2006-10-10 06:44:15 +00:00
Matt Miller
56780bed66
ia webmail port, not tested
...
git-svn-id: file:///home/svn/framework3/trunk@4009 4d416f70-5f16-0410-b530-b9f4589650da
2006-10-03 05:42:34 +00:00
HD Moore
634fbd3205
Evasion and bug fixes
...
git-svn-id: file:///home/svn/framework3/trunk@3979 4d416f70-5f16-0410-b530-b9f4589650da
2006-09-27 04:06:33 +00:00
HD Moore
f2ed69b991
User-Agent detection for VML exploit.
...
Randomization for the setSlice() exploit
git-svn-id: file:///home/svn/framework3/trunk@3978 4d416f70-5f16-0410-b530-b9f4589650da
2006-09-27 04:01:22 +00:00
HD Moore
432337a331
Exploit module for the new VML fill method.
...
git-svn-id: file:///home/svn/framework3/trunk@3977 4d416f70-5f16-0410-b530-b9f4589650da
2006-09-27 03:52:54 +00:00
HD Moore
e73a959d46
New exploit module from MC
...
git-svn-id: file:///home/svn/framework3/trunk@3976 4d416f70-5f16-0410-b530-b9f4589650da
2006-09-27 03:23:23 +00:00
HD Moore
0e917a21eb
New exploit module from MC
...
git-svn-id: file:///home/svn/framework3/trunk@3975 4d416f70-5f16-0410-b530-b9f4589650da
2006-09-27 03:18:57 +00:00
HD Moore
7c09ab1191
Update from MC:
...
it needed the
'PrependEncoder' for some help. I also just cleaned up the exploit()
a bit.
git-svn-id: file:///home/svn/framework3/trunk@3946 4d416f70-5f16-0410-b530-b9f4589650da
2006-09-24 17:49:46 +00:00
HD Moore
c2ef34a420
autoexploit magic
...
git-svn-id: file:///home/svn/framework3/trunk@3914 4d416f70-5f16-0410-b530-b9f4589650da
2006-09-18 00:54:29 +00:00
HD Moore
6d04cd15a8
Move non-exploit into auxiliary
...
git-svn-id: file:///home/svn/framework3/trunk@3913 4d416f70-5f16-0410-b530-b9f4589650da
2006-09-18 00:33:16 +00:00
HD Moore
e892e6d0c3
Disable the auto exploitation
...
git-svn-id: file:///home/svn/framework3/trunk@3912 4d416f70-5f16-0410-b530-b9f4589650da
2006-09-18 00:30:29 +00:00
HD Moore
c3876b6dd6
Updates for the autopwn stuff...
...
git-svn-id: file:///home/svn/framework3/trunk@3906 4d416f70-5f16-0410-b530-b9f4589650da
2006-09-17 08:00:37 +00:00
HD Moore
f2cbcedf4d
Break the loop when a session is created
...
git-svn-id: file:///home/svn/framework3/trunk@3890 4d416f70-5f16-0410-b530-b9f4589650da
2006-09-14 06:22:24 +00:00
HD Moore
4c37fe428d
A replacement for payload_handler
...
git-svn-id: file:///home/svn/framework3/trunk@3889 4d416f70-5f16-0410-b530-b9f4589650da
2006-09-14 06:09:46 +00:00
HD Moore
41c81a1e12
Consistency changes for exploit titles and additional references
...
git-svn-id: file:///home/svn/framework3/trunk@3878 4d416f70-5f16-0410-b530-b9f4589650da
2006-09-13 06:49:39 +00:00
HD Moore
c62905f475
More cosmetic fixes, plus some removal of static string
...
git-svn-id: file:///home/svn/framework3/trunk@3877 4d416f70-5f16-0410-b530-b9f4589650da
2006-09-13 06:30:54 +00:00
HD Moore
e52fda25fd
Consistency in naming conventions
...
git-svn-id: file:///home/svn/framework3/trunk@3876 4d416f70-5f16-0410-b530-b9f4589650da
2006-09-13 06:28:35 +00:00
HD Moore
1902b1809d
Consistency fixes for IIS modules
...
git-svn-id: file:///home/svn/framework3/trunk@3875 4d416f70-5f16-0410-b530-b9f4589650da
2006-09-13 06:25:40 +00:00
HD Moore
339b5193f3
More modules from MC
...
git-svn-id: file:///home/svn/framework3/trunk@3874 4d416f70-5f16-0410-b530-b9f4589650da
2006-09-13 06:20:05 +00:00
HD Moore
78e482fd0b
Bugfix reported by MC
...
git-svn-id: file:///home/svn/framework3/trunk@3873 4d416f70-5f16-0410-b530-b9f4589650da
2006-09-13 05:40:09 +00:00
HD Moore
a82dce4d5b
Import from 2.6, bug fix to transfermode
...
git-svn-id: file:///home/svn/framework3/trunk@3872 4d416f70-5f16-0410-b530-b9f4589650da
2006-09-12 06:05:23 +00:00
HD Moore
abe9027abb
More modules from MC
...
git-svn-id: file:///home/svn/framework3/trunk@3870 4d416f70-5f16-0410-b530-b9f4589650da
2006-09-12 05:58:09 +00:00
HD Moore
0b438ae5b4
Two new modules from MC
...
git-svn-id: file:///home/svn/framework3/trunk@3868 4d416f70-5f16-0410-b530-b9f4589650da
2006-09-12 05:46:42 +00:00
HD Moore
667897ee25
Remove commented block of debugging code
...
git-svn-id: file:///home/svn/framework3/trunk@3864 4d416f70-5f16-0410-b530-b9f4589650da
2006-09-10 05:11:39 +00:00
HD Moore
47039ff3fa
First round of bugfixes for encoders. Alphanumeric encoders no longer default the BufferRegister option, since this can lead to non-compatible exploits falling through to these encoders, selecting them, and then crashing. The new method uses a dynamic (not quite poly) geteip generator, that while not yet alphanumeric compatible, it handles most of the known use cases. Remaining items:
...
1) Figure out how to handle unicode geteip (unicode encoded, alphanum probably)
2) Add keys to the unicode payloads to force a corresponding keyu on the exploit side to enable
git-svn-id: file:///home/svn/framework3/trunk@3863 4d416f70-5f16-0410-b530-b9f4589650da
2006-09-10 05:10:48 +00:00
HD Moore
f02cf4576e
New exploit from MC
...
git-svn-id: file:///home/svn/framework3/trunk@3857 4d416f70-5f16-0410-b530-b9f4589650da
2006-09-08 18:35:30 +00:00
pusscat
73678e2375
Add PoC DoS for the ms06-019 exchange modprops vuln - crashes HEAVILY dependant on modprops used and current heap state :(
...
git-svn-id: file:///home/svn/framework3/trunk@3856 4d416f70-5f16-0410-b530-b9f4589650da
2006-09-06 17:45:17 +00:00
Matt Miller
ea06abe5bb
support for generic payloads
...
git-svn-id: file:///home/svn/framework3/trunk@3843 4d416f70-5f16-0410-b530-b9f4589650da
2006-08-26 02:13:25 +00:00
Matt Miller
a230c3f800
credit
...
git-svn-id: file:///home/svn/framework3/trunk@3831 4d416f70-5f16-0410-b530-b9f4589650da
2006-08-14 09:00:50 +00:00
Matt Miller
a724d42aa0
added mcafee mcsubmgr exploit, added functional avoid utf8 encoder
...
git-svn-id: file:///home/svn/framework3/trunk@3830 4d416f70-5f16-0410-b530-b9f4589650da
2006-08-14 08:55:37 +00:00
HD Moore
7bab6241e6
Port of the 2.x version
...
git-svn-id: file:///home/svn/framework3/trunk@3826 4d416f70-5f16-0410-b530-b9f4589650da
2006-08-13 04:19:28 +00:00
Matt Miller
86c400a8bd
sup
...
git-svn-id: file:///home/svn/framework3/trunk@3809 4d416f70-5f16-0410-b530-b9f4589650da
2006-08-08 18:39:49 +00:00
HD Moore
13260cc003
Minor changes, LSASS still broked
...
git-svn-id: file:///home/svn/framework3/trunk@3805 4d416f70-5f16-0410-b530-b9f4589650da
2006-08-05 18:18:27 +00:00
HD Moore
6a821b59f9
Removed alert() :-)
...
git-svn-id: file:///home/svn/framework3/trunk@3785 4d416f70-5f16-0410-b530-b9f4589650da
2006-07-31 02:51:43 +00:00