William Vu
70139d05ea
Fix missed title
2013-11-25 22:46:35 -06:00
jvazquez-r7
6cb63cdad6
Land #2679 , @wchen-r7's exploit for cve-2013-3906
2013-11-25 22:04:26 -06:00
jvazquez-r7
0079413e81
Full revert the change
2013-11-25 22:04:02 -06:00
sinn3r
fa97c9fa7c
Revert this change
2013-11-25 20:54:39 -06:00
sinn3r
3247106626
Heap spray adjustment by @jvazquez-r7
2013-11-25 20:50:53 -06:00
jvazquez-r7
4c249bb6e9
Fix heap spray
2013-11-25 20:06:42 -06:00
OJ
1a65566005
Add the getenv command which pulls env vars from the victim
...
This command will allow the attacker to grab environment variables from the
target, if they exist. Calling this function allows for one or more values
to be passed in, which should match the name of the variable required. If
the variable is found, it is returned. If it is not found, the variable
is not returned (ie. it's not present in the resulting hash).
Note 1: POSIX environment vars are case-senstive, whereas Windows is not.
Note 2: POSIX doesn't seem to cough up user environment vars, it only returns
system vars. I'm not sure why this is, but it could be because of the way
we do linking on POSIX.
2013-11-26 10:05:50 +10:00
sinn3r
385381cde2
Change target address
...
This one tends to work better with our boxes
2013-11-25 17:21:39 -06:00
jvazquez-r7
a7e6a79b15
Land #2685 , @wchen-r7's update for the word injector description
2013-11-25 15:47:57 -06:00
William Vu
c7c97c9543
Land #2688 , TaskManager spec timeout increase
2013-11-25 15:42:43 -06:00
jvazquez-r7
92807d0399
Land #2676 , @todb-r7 module for CVE-2013-4164
2013-11-25 15:40:33 -06:00
sinn3r
57f4f68559
Land #2652 - Apache Roller OGNL Injection
2013-11-25 15:14:35 -06:00
sinn3r
8005826160
Land #2644 - MS13-090 CardSpaceClaimCollection vuln
2013-11-25 13:06:09 -06:00
sinn3r
4773270ff0
Land #2677 - MS12-022 COALineDashStyleArray vuln
2013-11-25 12:58:45 -06:00
Tod Beardsley
23448b58e7
Remove timeout checkers that are rescued anyway
2013-11-25 12:37:23 -06:00
Tod Beardsley
f311b0cd1e
Add user-controlled verbs.
...
GET, HEAD, POST, and PROPFIND were tested on WebRick, all successful.
2013-11-25 12:29:05 -06:00
Tod Beardsley
764fd09cc3
Increase duration timeout task manager
...
Sometimes, Jenkins or Travis is slow, and can't hit that 1 second
timeout. This increases to 5 seconds to account for local slowness.
2013-11-25 10:26:51 -06:00
jvazquez-r7
cc60ca2e2a
Fix module title
2013-11-25 09:33:43 -06:00
jvazquez-r7
cc261d2c25
Land #2670 , @juushya's aux brute forcer mod for OpenMind
2013-11-25 09:29:41 -06:00
Karn Ganeshen
e157ff73d3
Oracle ILOM Login utility
2013-11-25 13:55:31 +05:30
bcoles
a03cfce74c
Add table prefix and doc root as fallback options
2013-11-25 17:44:26 +10:30
sinn3r
48578c3bc0
Update description about suitable targets
...
The same technique work for Microsoft Office 2013 as well. Tested.
2013-11-24 23:02:37 -06:00
jvazquez-r7
49441875f3
Land #2683 , @wchen-r7's module name consistency fix
2013-11-24 16:51:22 -06:00
Meatballs
b015dd4f1c
Land #2532 Enum LSA Secrets
...
With refactoring of common methods from smart_hashdump, hashdump,
cachedump to Windows::Post::Privs
2013-11-24 18:09:33 +00:00
sinn3r
ce8b63f240
Update module name to stay consistent
...
This module is under the windows/gather, so must be named the same
way like the rest.
2013-11-24 01:01:29 -06:00
sinn3r
fc14a6c149
Land #2576 - NETGEAR ReadyNAS Perl Code Evaluation Vulnerability
2013-11-24 00:47:14 -06:00
jvazquez-r7
31b4e72196
Switch to soft tabs the cs code
2013-11-23 23:06:52 -06:00
bcoles
d8700314e7
Add Kimai v0.9.2 'db_restore.php' SQL Injection module
2013-11-24 02:32:16 +10:30
sinn3r
9987ec0883
Hmm, change ranking
2013-11-23 00:51:58 -06:00
sinn3r
6ccc3e3c48
Make payload execution more stable
2013-11-23 00:47:45 -06:00
William Vu
8e23119e17
Land #2678 , DB_ALL_CREDS should default to false
2013-11-22 23:42:00 -06:00
sinn3r
d748fd4003
Final commit
2013-11-22 23:35:26 -06:00
Tod Beardsley
8fc0a8199e
DB_ALL_CREDS should be disabled by default
...
[SeeRM #8699 ]
2013-11-22 22:16:40 -06:00
sinn3r
f871452b97
Slightly change the description
...
Because it isn't that slow
2013-11-22 19:27:00 -06:00
sinn3r
eddedd4746
Working version
2013-11-22 19:14:56 -06:00
jvazquez-r7
9f539bafae
Add README on the source code dir
2013-11-22 17:56:05 -06:00
jvazquez-r7
7e4487b93b
Update description
2013-11-22 17:37:23 -06:00
jvazquez-r7
25eb13cb3c
Small fix to interface
2013-11-22 17:02:08 -06:00
sinn3r
c8fd761c53
Progress
2013-11-22 16:57:29 -06:00
jvazquez-r7
288a1080db
Add MS13-022 Silverlight app code
2013-11-22 16:53:06 -06:00
Tod Beardsley
6a28aa298e
Module for CVE-2013-4164
...
So far, just a DoS. So far, just tested on recent Rails with Webrick and
Thin front ends -- would love to see some testing on ngix/apache with
passenger/mod_rails but I don't have it set up at the moment.
2013-11-22 16:51:02 -06:00
jvazquez-r7
136c18c070
Add binary objects for MS13-022
2013-11-22 16:45:07 -06:00
jvazquez-r7
a7ad107e88
Add ruby code for ms13-022
2013-11-22 16:41:56 -06:00
Karn Ganeshen
266de2d27f
Updated
2013-11-23 00:01:03 +03:00
William Vu
d670b7c972
Land #2674 , Ruby 1.9.3-p484 (CVE-2013-4164)
2013-11-22 13:21:32 -06:00
sinn3r
953a96fc2e
This one looks promising
2013-11-22 12:27:10 -06:00
Tod Beardsley
b69a67251f
Revert CVE-2013-4164 test
...
This reverts commit 7688211009
.
2013-11-22 12:26:51 -06:00
Tod Beardsley
994d4e94c6
Revert "Force Travis to Ruby 1.9.3-p484"
...
This reverts commit 25b0c86855
.
2013-11-22 12:26:05 -06:00
Tod Beardsley
25b0c86855
Force Travis to Ruby 1.9.3-p484
2013-11-22 12:21:29 -06:00
Tod Beardsley
7688211009
Add a test for CVE-2013-4164. Will crash old Ruby!
...
If you are not on a recent version of Ruby, you will segfault.
2013-11-22 12:14:51 -06:00