Commit Graph

3888 Commits (c72c96f0e037ad4b66ce44549b329c1487b1f99d)

Author SHA1 Message Date
Tod Beardsley cfdd64d5b1
Title, description grammar and spelling 2014-03-24 12:16:59 -05:00
jvazquez-r7 a5afd929b4 Land #3120, @wchen-r7's exploit for CVE-2014-0307 2014-03-20 11:16:40 -05:00
jvazquez-r7 8cb7bc3cbe Fix typo 2014-03-20 11:13:57 -05:00
sinn3r c5158a3ccc Update CVE 2014-03-19 22:13:23 -05:00
Tod Beardsley d27264b402
Land #2782, fix expand_path abuse 2014-03-19 08:41:28 -05:00
sinn3r 2e76faa076 Add MS14-012 Internet Explorer Use-After-Free Exploit Module
Add MS14-012 IE UAF.
2014-03-18 17:55:56 -05:00
Tod Beardsley 8f2124f5da
Minor updates for release
Fixes some title/desc action.
Adds a print_status on the firefox module so it's not just silent.
Avoids the use of "puts" in the description b/c this freaks out msftidy
(it's a false positive but easily worked around).
2014-03-17 13:26:26 -05:00
David Maloney da0c37cee2
Land #2684, Meatballs PSExec refactor 2014-03-14 13:01:20 -05:00
sinn3r 243fa4f56a
Land #2910 - MPlayer Lite M3U Buffer Overflow 2014-03-13 14:13:17 -05:00
sinn3r e832be9eeb Update description and change ranking
The exploit requires the targeted user to open the malicious in
specific ways.
2014-03-13 14:09:37 -05:00
William Vu 517f264000 Add last chunk of fixes 2014-03-11 12:46:44 -05:00
William Vu 25ebb05093 Add next chunk of fixes
Going roughly a third at a time.
2014-03-11 12:23:59 -05:00
OJ 3ea3968d88
Merge branch 'upstream/master' into stop_abusing_expand_path
Conflicts:
	lib/msf/core/post/windows/shadowcopy.rb
	modules/exploits/windows/local/bypassuac.rb
	modules/post/windows/gather/wmic_command.rb
	modules/post/windows/manage/persistence.rb
2014-03-11 23:13:39 +10:00
jvazquez-r7 bc8590dbb9 Change DoS module location 2014-03-10 16:12:20 +01:00
jvazquez-r7 1061036cb9 Use nick instead of name 2014-03-10 16:11:58 +01:00
Tod Beardsley 5485028501
Add 3 Yokogawa SCADA vulns
These represent our part for public disclosure of the issues listed
here:

http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0001E.pdf

Yokogawa is calling these YSAR-14-0001E, and I think that they map
thusly:

YSAR-14-0001E Vulnerability 1 :: R7-2013-19.1
YSAR-14-0001E Vulnerability 2 :: R7-2013-19.3
YSAR-14-0001E Vulnerability 3 :: R7-2013-19.4

@jvazquez-r7 if you could confirm, I'd be delighted to land these and
get your disclosure blog post published at:

https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilities

Thanks for all the work on these!
2014-03-10 09:33:54 -05:00
Brendan Coles df2bdad4f9 Include 'msf/core/exploit/powershell'
Prevent:

```
[-] 	/pentest/exploit/metasploit-framework/modules/exploits/windows/misc/hp_dataprotector_exec_bar.rb: NameError uninitialized constant Msf::Exploit::Powershell
```
2014-03-06 12:57:43 +11:00
sinn3r 9d0743ae85
Land #3030 - SolidWorks Workgroup PDM 2014 pdmwService.exe Arbitrary File Write 2014-03-05 16:34:54 -06:00
bcoles 1ea35887db Add OSVDB reference 2014-03-06 01:40:15 +10:30
jvazquez-r7 4e9350a82b Add module for ZDI-14-008 2014-03-05 03:25:13 -06:00
OJ a1aef92652
Land #2431 - In-memory bypass uac 2014-03-05 11:15:54 +10:00
sinn3r f8310b86d1
Land #3059 - ALLPlayer M3U Buffer Overfloww 2014-03-04 11:29:52 -06:00
David Maloney db76962b4a
Land #2764, WMIC Post Mixin changes
lands Meatballs WMIC changes
2014-03-04 10:21:46 -06:00
sgabe 408fedef93 Add module for OSVDB-98283 2014-03-04 00:51:01 +01:00
Meatballs 32d83887d3
Merge remote-tracking branch 'upstream/master' into wmic_post 2014-03-03 21:56:31 +00:00
Tod Beardsley de6be50d64
Minor cleanup and finger-wagging about a for loop 2014-03-03 14:12:22 -06:00
bcoles f008c77f26 Write payload to startup for Vista+ 2014-03-02 18:10:10 +10:30
Meatballs 63751c1d1a
Small msftidies 2014-02-28 22:18:59 +00:00
OJ 7117d50fa4
Land #3028 - bypassuac revamp 2014-02-28 09:12:02 +10:00
sinn3r f531d61255
Land #3036 - Total Video Player buffer overflow 2014-02-27 14:28:53 -06:00
sinn3r 7625dc4880 Fix syntax error due to the missing , 2014-02-27 14:25:52 -06:00
sinn3r 49ded452a9 Add OSVDB reference 2014-02-27 14:22:56 -06:00
sinn3r e72250f08f Rename Total Video Player module
The filename shouldn't include the version, because the exploit should
be able to target multiple versions if it has to.
2014-02-27 14:20:26 -06:00
David Maloney b952b103bd
cleanup tior and .tmp files
bypassuac module now also cleans
the tior.exe and all the .tmp files so we have a
clean environemnt afterwards
2014-02-27 13:18:34 -06:00
David Maloney f66709b5bb
make bypassuac module clean itself up
since the IO redirection hangs our original process
we have the moudle wait for the session then kills
the spawning process and delete the exe we dropped
2014-02-27 12:54:40 -06:00
David Maloney a8e0c3c255
remove copypasta mistake 2014-02-27 10:05:53 -06:00
Fr330wn4g3 63f74bddae 2° update total_video_player_131_ini_bof 2014-02-27 16:41:35 +01:00
David Maloney 96b611104e cleanup methods in bypassuac module
apply the same sort of method cleanup as in
Meatballs injection based module.
2014-02-26 11:00:55 -06:00
Fr330wn4g3 b81642d8ad Update total_video_player_131_ini_bof 2014-02-26 11:37:04 +01:00
Fr330wn4g3 a7cacec0c3 Add module for EDB 29799 2014-02-25 23:07:28 +01:00
jvazquez-r7 96ffb1db47 Delete extra comma 2014-02-25 15:29:46 -06:00
jvazquez-r7 cb18639b66 Add small fixes and clean up 2014-02-25 15:25:01 -06:00
jvazquez-r7 1d4b2ea60d Add module for ZDI-14-015 2014-02-25 15:07:09 -06:00
jvazquez-r7 a45c8c2b4a
Land #3029, @xistence Symantec endpoint exploit 2014-02-25 07:59:35 -06:00
jvazquez-r7 bfe0fdb776 Move module 2014-02-25 07:58:00 -06:00
xistence ab167baf56 Added randomness instead of payload and xxe keywords 2014-02-25 15:23:10 +07:00
jvazquez-r7 4908d80d6c Clean up module 2014-02-24 16:00:54 -06:00
jvazquez-r7 c9f0885c54 Apply @jlee-r7's feedback 2014-02-24 10:49:13 -06:00
bcoles a29c6cd2b4 Add SolidWorks Workgroup PDM 2014 pdmwService.exe Arbitrary File Write 2014-02-25 02:57:25 +10:30
xistence 5485759353 Added Symantec Endpoint Protection Manager RCE 2014-02-24 15:04:37 +07:00