infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
17,791 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

202 Commits (cd842df3e233a539aa2b1291deeae729dc05a91f)

Author SHA1 Message Date
James Lee 3e0747f5d2 Randomize guid and payload filename 2012-04-16 12:09:25 -06:00
James Lee 810d496ade Chmod the payload executable 
Makes native payloads work on non-windows, thanks mihi!
 2012-04-11 12:48:14 -06:00
Tod Beardsley cbc12560a5 Leading tabs, not spaces 
There's a coding style in here that will make msftidy.rb cry, and
that's:

```
varfoo = %q|
    stuff
      thats
        html
|
```

Usually, you want something like

varfoo = ""
varfoo << %q|    stuff|
varfoo << %q|      thats|
varfoo << %q|        html|

That said, the Description field is usually written as tab-intended
multiline %q{} enclosures, so that's what I'll do here to make
msftidy.rb happy.
 2012-04-10 14:25:00 -05:00
Tod Beardsley cdc020ba9f Trailing space on xpi bootstrap module 2012-04-10 14:24:08 -05:00
Tod Beardsley 3cb7cbe994 Adding another ref and a disclosuredate to mihi's XPI module 
Calling the disclosure date 2007 since TippingPoint published a blog
post back then about this XPI confirm-and-install vector.
 2012-04-10 13:59:21 -05:00
sinn3r 0e1fff2c4b Change the output style to comply with egyp7's expectations. 2012-04-10 13:42:52 -05:00
sinn3r 76c12fe7e6 Whitespace cleanup 2012-04-10 13:22:10 -05:00
Michael Schierl 705cf41858 Add firefox_xpi_bootstrapped_addon exploit 
This is similar to java_signed_applet as it does not exploit a vulnerability, but
hope that the user will trust the addon.
 2012-04-10 13:39:54 +02:00
James Lee 974d95b175 Both of these are obsoleted by java_atomicreferencearray 2012-04-03 18:23:42 -06:00
sinn3r bd5f43c918 Add another good reference by @mihi42 2012-04-01 01:30:50 -05:00
sinn3r bab4cddd83 Add Jeroen Frijters for finding/reporting the bug 2012-03-31 03:01:09 -05:00
James Lee cc54a260f5 Merge remote branch 'upstream/master' 2012-03-30 14:31:12 -06:00
James Lee 0547369966 Add bap support for flash mp4 and new java bug 
Also fixes a silly issue where adobe_flash_mp4_cprt was adding the
/test.mp4 resource after every request instead of just once at startup.
 2012-03-30 12:59:07 -06:00
Steve Tornio ae21c05e69 add osvdb ref 2012-03-30 07:26:07 -05:00
sinn3r e018c6604f Modify CVE-2012-0507 2012-03-30 02:06:56 -05:00
sinn3r 791ebdb679 Add CVE-2012-0507 (Java) 2012-03-29 10:31:14 -05:00
sinn3r aeb691bbee Massive whitespace cleanup 2012-03-18 00:07:27 -05:00
HD Moore ceb4888772 Fix up the boilerplate comment to use a better url 2012-02-20 19:40:50 -06:00
HD Moore af56807668 Cleanup the titles of many exploit modules 2012-02-20 19:25:55 -06:00
Steve Tornio 2bb97791f7 Update OSVDF refs for servu module. 
* Added osvdb ref to servu module.
* Fixed rhino entry in osvdb, removed comment from module.

Squashed commit of the following:

commit 80ce65253f51e07a0bcb8900402a1b3d59eaeaa1
Author: Steve Tornio <swtornio@gmail.com>
Date:   Fri Dec 2 07:44:28 2011 -0600

    add osvdb ref

commit 558f20d84dd705b57b7f807a5ea3815e17b6f9f5
Author: Steve Tornio <swtornio@gmail.com>
Date:   Wed Nov 30 08:15:20 2011 -0600

    fixed in osvdb

[Closes #39]
 2011-12-02 13:21:41 -05:00
sinn3r 93a419c76b Having nothing on the webpage may probably confuse some novice users. But I do like stealth. 2011-12-01 03:02:35 -06:00
sinn3r f26f6da74b Add CVE-2011-3544 (feature #6023) Java Rhino exploit 2011-11-29 18:05:20 -06:00
Rob Fuller c411c216c0 Solved most of msftidy issues with the /modules directory 2011-11-28 17:10:29 -06:00
Wei Chen e767214411 Fix: whitespaces, svn propset, author e-mail format 
git-svn-id: file:///home/svn/framework3/trunk@14175 4d416f70-5f16-0410-b530-b9f4589650da
 2011-11-06 22:02:26 +00:00
Tod Beardsley c336d063da Mostly file format (unix linefeeds) and File.open() calls using binary. Fixed ranking for mozilla_nstreerange and disclosure and BID # for tugzip. 
git-svn-id: file:///home/svn/framework3/trunk@13971 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-17 04:20:53 +00:00
Tod Beardsley 30ac88694f More msftidy fixes. Now I'm going to get a little more surgical to get this to move faster. 
git-svn-id: file:///home/svn/framework3/trunk@13963 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-17 02:58:53 +00:00
James Lee d58d061735 complain if the given applet name is not formatted correctly, fixes #5082 
git-svn-id: file:///home/svn/framework3/trunk@13389 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-28 17:46:36 +00:00
Matt Weeks 1162aafa1e p function causes problems with rpc. 
git-svn-id: file:///home/svn/framework3/trunk@13184 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-15 18:45:05 +00:00
James Lee 8e5311cb61 File.read is not binary safe. replace it with File.open in a few places where it matters. 
git-svn-id: file:///home/svn/framework3/trunk@12957 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-16 22:02:00 +00:00
James Lee ea5dc1c85c use the right uri for our jar when other webserver modules are running 
git-svn-id: file:///home/svn/framework3/trunk@12944 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-14 23:57:10 +00:00
HD Moore 85f5e5fb98 Fix the disclosure date to match when signing was made available to the masses 
git-svn-id: file:///home/svn/framework3/trunk@12891 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-09 17:08:05 +00:00
HD Moore c3c061334d Add a "disclosure date" (applets were included in the first java release) and changing the title. 
git-svn-id: file:///home/svn/framework3/trunk@12883 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-08 03:31:49 +00:00
James Lee 1c4bf118e8 add a version check 
git-svn-id: file:///home/svn/framework3/trunk@12847 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-03 23:47:44 +00:00
James Lee 5b91eadb87 fix the string replacement and do it at setup time instead of for every request 
git-svn-id: file:///home/svn/framework3/trunk@12747 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-27 19:36:12 +00:00
James Lee cd3f306ef2 clarify info a bit; make APPLETNAME option actually do something. 
git-svn-id: file:///home/svn/framework3/trunk@12746 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-27 19:13:47 +00:00
James Lee 5a54a408f5 stupid debugging stuff 
git-svn-id: file:///home/svn/framework3/trunk@12736 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-26 19:10:54 +00:00
James Lee c5781ae515 add support for PKCS12 (.pfx) cert/key files and cert chains in PEM files 
git-svn-id: file:///home/svn/framework3/trunk@12735 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-26 17:52:12 +00:00
James Lee 11a1b5dcad fix the requires for java signing. 
git-svn-id: file:///home/svn/framework3/trunk@12719 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-25 18:02:02 +00:00
James Lee 812bae9df9 add support for signing applets (or any other jar) with openssl. this removes the need for a dependency on RJB 
git-svn-id: file:///home/svn/framework3/trunk@12718 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-25 16:45:20 +00:00
James Lee ef48240606 Make it obvious which exploit is handling a request 
git-svn-id: file:///home/svn/framework3/trunk@12693 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-23 17:05:44 +00:00
James Lee 04efaf9281 referencing navigator.javaEnabled breaks ie6, only check navigator.javaEnabled(); 
git-svn-id: file:///home/svn/framework3/trunk@12655 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-17 22:44:39 +00:00
David Rude a8b6c43636 reverting the disclosure dates for now need to clean up the patch 
git-svn-id: file:///home/svn/framework3/trunk@12540 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-04 20:43:19 +00:00
David Rude 3b7ea08f6a Fixes a ton of Disclosure Date discrepencies in various modules, thanks a ton to Michael Baker for spending the time to ensure accuracy 
git-svn-id: file:///home/svn/framework3/trunk@12539 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-04 19:17:31 +00:00
Wei Chen 6d71990dfc Disclosure date change 
git-svn-id: file:///home/svn/framework3/trunk@12390 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-21 15:40:59 +00:00
Joshua Drake d2374a435f add .jar extension, thx for the contribution! 
git-svn-id: file:///home/svn/framework3/trunk@12285 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-09 17:03:41 +00:00
Joshua Drake 287f4c87fe style compliance fixes 
git-svn-id: file:///home/svn/framework3/trunk@11516 4d416f70-5f16-0410-b530-b9f4589650da
 2011-01-08 01:13:26 +00:00
James Lee fd1fb44bfc add targets for windows and linux 
git-svn-id: file:///home/svn/framework3/trunk@11345 4d416f70-5f16-0410-b530-b9f4589650da
 2010-12-15 22:46:22 +00:00
James Lee 05d073c467 move the evil-looking metasploit.PayloadApplet to the more inocuous SiteLoader.class, re-enable rjb compiling for the applet class 
git-svn-id: file:///home/svn/framework3/trunk@11249 4d416f70-5f16-0410-b530-b9f4589650da
 2010-12-07 20:43:53 +00:00
James Lee 62a425f6b6 add rjb signing back in to java_signed_applet 
git-svn-id: file:///home/svn/framework3/trunk@11186 4d416f70-5f16-0410-b530-b9f4589650da
 2010-12-01 01:29:08 +00:00
James Lee 191c4e8eb7 make java_signed_applet work with generic java payloads, but keep the default target as Windows/x86 since it is by far the most common victim. 
git-svn-id: file:///home/svn/framework3/trunk@11172 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-30 03:50:40 +00:00
Joshua Drake 1d8e1e332c add better error reporting 
git-svn-id: file:///home/svn/framework3/trunk@11120 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-24 01:11:49 +00:00
Joshua Drake 3992eb7ef8 Mass RE-update: fix all framework URL references 
git-svn-id: file:///home/svn/framework3/trunk@10998 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-11 22:43:22 +00:00
Joshua Drake 9fc6f2f3a3 Mass update: fix all framework URL references 
git-svn-id: file:///home/svn/framework3/trunk@10996 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-11 22:25:13 +00:00
James Lee 8c1f0713db regenerate the payload so we get the correct *lhost* 
git-svn-id: file:///home/svn/framework3/trunk@10490 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-27 00:09:17 +00:00
James Lee 4fbb0653a1 regenerate the payload so we get the correct rhost 
git-svn-id: file:///home/svn/framework3/trunk@10488 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-26 23:55:03 +00:00
Joshua Drake 4590844871 tons of indentation fixes, some other style tweaks 
git-svn-id: file:///home/svn/framework3/trunk@10394 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-20 08:06:27 +00:00
Joshua Drake 19db412383 convert remaining EXE generation to use the mixin, fixes #2017 
git-svn-id: file:///home/svn/framework3/trunk@10389 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-20 04:38:13 +00:00
James Lee a9a312fa66 typo 
git-svn-id: file:///home/svn/framework3/trunk@10257 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-08 15:23:04 +00:00
James Lee 85126af521 add an exploit module for cve-2010-0094, thanks Matthias Kaiser. 
git-svn-id: file:///home/svn/framework3/trunk@10255 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-08 08:20:55 +00:00
Joshua Drake aac956db50 style compliance fixes 
git-svn-id: file:///home/svn/framework3/trunk@10128 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-24 18:22:48 +00:00
James Lee 2e13a330fa typo'd Matthias' name. i suck 
git-svn-id: file:///home/svn/framework3/trunk@10113 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-23 18:49:35 +00:00
James Lee 90e89622c6 make it a little easier to distinguish these two from their output 
git-svn-id: file:///home/svn/framework3/trunk@10096 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-21 07:53:25 +00:00
James Lee 7381ab8b6d duh, dont actually need this 
git-svn-id: file:///home/svn/framework3/trunk@10093 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-21 07:19:49 +00:00
James Lee 6b08dfed61 Add exploit module for cve-2010-08040. This is an awesome bug and my description field doesn't do it justice 
git-svn-id: file:///home/svn/framework3/trunk@10092 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-21 06:38:29 +00:00
James Lee 56396a6d8b add java support to browser_autopwn 
git-svn-id: file:///home/svn/framework3/trunk@10089 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-20 20:49:33 +00:00
Joshua Drake 2545410bc7 make exe template names more consistent 
git-svn-id: file:///home/svn/framework3/trunk@10065 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-19 21:08:51 +00:00
James Lee e1ed341136 remove debug prints 
git-svn-id: file:///home/svn/framework3/trunk@9938 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-27 21:05:41 +00:00
Joshua Drake f6033b9bd6 change some print_status to print_error, rename a few msft modules using msb convention 
git-svn-id: file:///home/svn/framework3/trunk@9929 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-25 21:37:54 +00:00
Joshua Drake 2482a83526 style compliance fixes 
git-svn-id: file:///home/svn/framework3/trunk@9927 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-25 19:14:00 +00:00
Steve Tornio 018af7f690 add osvdb ref 
git-svn-id: file:///home/svn/framework3/trunk@9906 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-21 21:09:54 +00:00
James Lee 08d705c1db add java meterpreter and update java_calendar_deserialize to be able to use it, see #406 
git-svn-id: file:///home/svn/framework3/trunk@9874 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-20 00:53:24 +00:00
James Lee 9891ea5374 Typo which caused this exploit never to get run in browser_autopwn 
git-svn-id: file:///home/svn/framework3/trunk@9802 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-13 09:03:56 +00:00
James Lee 9f37d46f7b minimize autopwn settings 
git-svn-id: file:///home/svn/framework3/trunk@9784 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-11 23:21:04 +00:00
James Lee 28e40bdc9f add java_calendar_deserialize to browser_autopwn 
git-svn-id: file:///home/svn/framework3/trunk@9783 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-11 23:16:51 +00:00
Joshua Drake 7d945ed9dc add lots of disclosure dates from OSVDB 
git-svn-id: file:///home/svn/framework3/trunk@9669 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-03 03:13:45 +00:00
Joshua Drake fa505a4069 various fixes, mostly consistency changes to disclosure dates 
git-svn-id: file:///home/svn/framework3/trunk@9525 4d416f70-5f16-0410-b530-b9f4589650da
 2010-06-15 07:18:08 +00:00
Joshua Drake 128e0515ef stop perpetuating the ambiguity! 
git-svn-id: file:///home/svn/framework3/trunk@9262 4d416f70-5f16-0410-b530-b9f4589650da
 2010-05-09 17:45:00 +00:00
James Lee e70dabf3e3 warn and remove commas from CERTCN to prevent a crash bug in Rjb's keytool, fixes 1543 
git-svn-id: file:///home/svn/framework3/trunk@9241 4d416f70-5f16-0410-b530-b9f4589650da
 2010-05-07 18:19:50 +00:00
Joshua Drake 0ea6eca4bc big module whitespace/formatting cleanup pass 
git-svn-id: file:///home/svn/framework3/trunk@9179 4d416f70-5f16-0410-b530-b9f4589650da
 2010-04-30 08:40:19 +00:00
natron b5ee26770b Cameled all vars on accident, uncameling regular opts. Also, broke native osx payload, oops. 
git-svn-id: file:///home/svn/framework3/trunk@8970 4d416f70-5f16-0410-b530-b9f4589650da
 2010-04-01 05:15:26 +00:00
natron c1fa8d60f7 Expose exe :template and :insert via advanced options plus formatting changes. Thanks MarkBagget for the kick in the pants and the example options to to_win32pe\! 
git-svn-id: file:///home/svn/framework3/trunk@8966 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-31 22:05:32 +00:00
Joshua Drake b419a40c45 finished periodic missing CVE reference check (hint vulns w/o CVEs here!) 
also some minor cleanups here and there

git-svn-id: file:///home/svn/framework3/trunk@8762 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-10 05:58:01 +00:00
natron 5b3c87c9c5 Add option to save java code to file. 
git-svn-id: file:///home/svn/framework3/trunk@8557 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-19 05:11:56 +00:00
natron 3ecabe1be9 Adds static signed jar and user messages letting them know. 
git-svn-id: file:///home/svn/framework3/trunk@8328 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-29 19:47:40 +00:00
natron 69ad365b46 Added STDERR to pure java payload, cleaned up user's view. 
git-svn-id: file:///home/svn/framework3/trunk@8308 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-28 22:53:36 +00:00
natron 9891d60dfc Move applet generation up for slight speed improvement and less spamminess to the user. 
git-svn-id: file:///home/svn/framework3/trunk@8281 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-27 23:15:36 +00:00
natron 5e4442a4d4 Fix a bug missed due to caching issues. 
git-svn-id: file:///home/svn/framework3/trunk@8276 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-27 20:58:13 +00:00
natron c135462768 <@jduck> natron: you need some svn keywords magic 
git-svn-id: file:///home/svn/framework3/trunk@8274 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-27 20:20:32 +00:00
natron cd5e5880d2 Initial commit of Msf::Exploit::Java mixin and multi/browser/java_signed_applet exploit. 
git-svn-id: file:///home/svn/framework3/trunk@8267 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-27 19:46:39 +00:00
Joshua Drake 310be42bfa try not to repeatedly load static files - see #694 
git-svn-id: file:///home/svn/framework3/trunk@8166 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-19 19:12:42 +00:00
Joshua Drake 5ef4545a1b fd.read -> fd.read(fd.stat.size) 
git-svn-id: file:///home/svn/framework3/trunk@7903 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-17 05:22:40 +00:00
Joshua Drake b37c34579b add exploit module for cve-2009-3869 
NOTE: no policy change is required for this exploit to succeed.



git-svn-id: file:///home/svn/framework3/trunk@7899 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-17 04:52:40 +00:00
James Lee 115899d24d add minver and maxver. slightly tricky because the vuln affects moz 1.7 and ff 1.0 
git-svn-id: file:///home/svn/framework3/trunk@7886 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-15 21:54:24 +00:00
James Lee 008c72e255 add proper version 
git-svn-id: file:///home/svn/framework3/trunk@7885 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-15 21:49:32 +00:00
Joshua Drake 56c2d32b1e typo fix 
git-svn-id: file:///home/svn/framework3/trunk@7883 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-15 20:37:15 +00:00
James Lee 48c3709a25 correct maxver 
git-svn-id: file:///home/svn/framework3/trunk@7879 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-15 18:46:53 +00:00
James Lee 0cf566c0b9 fixes 688. better return address for greater reliability, works against FF-1.0.4 and Moz-1.7.1 on XPSP3 and 2kAS-SP0 
git-svn-id: file:///home/svn/framework3/trunk@7865 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-14 23:27:28 +00:00
Joshua Drake f1a975a14e fix typo, remove automatic target 
git-svn-id: file:///home/svn/framework3/trunk@7834 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-12 21:44:04 +00:00
Joshua Drake 34408c5e3e add exploit module for CVE-2009-3867 (JRE getSoundbank) 
git-svn-id: file:///home/svn/framework3/trunk@7827 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-11 21:18:31 +00:00
Joshua Drake ff83f1cd2f add ranking to every exploit module, pfew! 
git-svn-id: file:///home/svn/framework3/trunk@7724 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-06 05:50:37 +00:00