Commit Graph

248 Commits (d1e8b160c7021529451cda3086ae03fa5ca012f1)

Author SHA1 Message Date
HD Moore c8c73b076d Permisssions (ignore) 2012-03-08 16:16:13 -06:00
HD Moore 3e6cbe9486 Add source code to the player 2012-03-08 15:23:10 -06:00
HD Moore b0db18674c Test out new player code 2012-03-08 15:05:12 -06:00
sinn3r f2eab70c3f Add swf file for CVE-2012-0754 2012-03-07 19:23:11 -06:00
David Maloney d3fad51f3a Fix my screwup in winscp for servicename 2012-02-21 20:31:52 -06:00
juan e69037959f Added CVE-2010-0842 2012-02-15 23:32:31 +01:00
scriptjunkie 1e811aed02 Adds scriptjunkie's multilingual admin fie for pxexploit
Also removes duplicated code between external/source/exploits/pxesploit
and external/source/pxesploit.

[Closes #63]

Squashed commit of the following:

commit 325f52527233ded1bf6506c366ec8cb9efdc2610
Author: scriptjunkie <scriptjunkie@scriptjunkie.us>
Date:   Fri Dec 16 12:14:18 2011 -0600

    Jetzt auf Deutsch! y español! 中國人!
    [update pxexploit to resolve administrators' group name rather than assume the English 'Administrators']
    Also remove duplicate/old pxexploit source code from the tree.
2011-12-23 12:24:45 -06:00
David Maloney d939e33f1e Allows for Loot and Tasks to be imported from an MSF ZIP.
This should bring any loots and tasks along with
everything else when doing an improt from an MSF ZIP file.
2011-12-05 22:30:34 -05:00
sinn3r c5302e13ac Slight changes 2011-12-01 03:02:08 -06:00
sinn3r f64f0eefda Add class file for CVE-2011-3544 2011-11-29 18:06:20 -06:00
David Maloney 30d1451159 Consolidation of the Axis2 Deployer Exploits
Fixes #5276
2011-11-22 08:47:53 -08:00
sinn3r 3185b3471b Add template for CVE-2010-0822 2011-11-21 11:36:27 -06:00
scriptjunkie 8d58ea227f Add UAC bypass to default pxesploit attack. 2011-11-16 08:16:22 -08:00
HD Moore 96766edfd0 Permission changes (to sync) 2011-11-10 19:48:32 -06:00
Wei Chen aeaea65896 Add template file for ms11-021
git-svn-id: file:///home/svn/framework3/trunk@14168 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-05 23:04:54 +00:00
Mario Ceballos 2f2421badc initial coverage of the pnsize bug (fileformat)
git-svn-id: file:///home/svn/framework3/trunk@13691 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-03 21:17:58 +00:00
David Rude 0b72c931b6 Adds the nsepa.ocx ActiveX control for CVE-2011-2882
git-svn-id: file:///home/svn/framework3/trunk@13668 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-30 22:23:27 +00:00
Matt Weeks ce9db06589 Add localboot config for PXE.
git-svn-id: file:///home/svn/framework3/trunk@13628 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-24 21:26:41 +00:00
Wei Chen 5559eec7c9 Add trigger file for MS10-026
git-svn-id: file:///home/svn/framework3/trunk@13545 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-12 19:01:59 +00:00
Matt Weeks f12742a05f Better cleanup for PXE attacks.
git-svn-id: file:///home/svn/framework3/trunk@13518 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-11 02:57:02 +00:00
Matt Weeks b2733c04db More PXE dust for extra magic!
git-svn-id: file:///home/svn/framework3/trunk@13493 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-05 17:10:27 +00:00
amaloteaux b9bb5c454d psnuffle : add a smb protocol decoder
git-svn-id: file:///home/svn/framework3/trunk@13375 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-27 18:06:28 +00:00
Tod Beardsley c54e18d757 Fixes #5038. Removes all instances of Racket objects, as far as I can tell. If I missed any through my mighty grep -ril racket . statement, please reopen!
git-svn-id: file:///home/svn/framework3/trunk@13342 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-26 01:29:21 +00:00
Matt Weeks 338a13baac Fix minor error.
git-svn-id: file:///home/svn/framework3/trunk@13167 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-14 02:36:42 +00:00
James Lee d1b971c5f2 no need for a static sig anymore
git-svn-id: file:///home/svn/framework3/trunk@12835 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-03 00:13:44 +00:00
Matt Weeks 971b6f96f6 pxesploit update; compatibility with x64, compatibility with different windows versions.
Still no custom payload yet.



git-svn-id: file:///home/svn/framework3/trunk@12430 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-25 02:51:07 +00:00
Wei Chen ce2687cafe Added swf trigger file
git-svn-id: file:///home/svn/framework3/trunk@12329 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-16 02:08:03 +00:00
David Rude 8c614a9296 made the shellcode request random to avoid signatures
git-svn-id: file:///home/svn/framework3/trunk@12148 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-26 16:00:52 +00:00
David Rude ff3659aa37 Lots of work to make this a lot more reliable =)
git-svn-id: file:///home/svn/framework3/trunk@12146 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-26 06:35:28 +00:00
Wei Chen bdccc67d1d Added Crash file for CVE-2010-3275 (VLC AMV file)
git-svn-id: file:///home/svn/framework3/trunk@12136 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-25 21:01:30 +00:00
Tod Beardsley 9895d01d51 Moving lib_mysqludf_sys*.dll to a more obvious subdirectory of the exploit binaries.
git-svn-id: file:///home/svn/framework3/trunk@12128 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-24 17:48:19 +00:00
Tod Beardsley b1178686cf Fixes #3988. Adds a command execution module for PostgreSQL by uploading a UDF library and adding sys_exec() as a temporary function. Requires the target to be Windows, uses Bernardo Damele A. G.'s binaries.
Also fixes a typo in the arguments to handler which clears up a heretofore mysterious exception (see exploit.rb).



git-svn-id: file:///home/svn/framework3/trunk@12111 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 19:36:07 +00:00
David Rude d7266b6551 Add CVE-2011-0609 exploit for Adobe Flash
git-svn-id: file:///home/svn/framework3/trunk@12089 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 04:31:48 +00:00
Joshua Drake fb6107ffb5 enable java payloads, currently via one-off method
git-svn-id: file:///home/svn/framework3/trunk@12012 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-17 23:57:11 +00:00
Joshua Drake 4644110962 add exploit for cve-2010-4452, currently windows only and no payloads :(
git-svn-id: file:///home/svn/framework3/trunk@11982 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-16 04:50:25 +00:00
Tod Beardsley 42531e097f Fixes #3916. Adds a module for mysql delivery of a payload via a UDF, using Bernardo's quite excellent UDF libraries.
git-svn-id: file:///home/svn/framework3/trunk@11899 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-08 22:42:26 +00:00
James Lee 05d073c467 move the evil-looking metasploit.PayloadApplet to the more inocuous SiteLoader.class, re-enable rjb compiling for the applet class
git-svn-id: file:///home/svn/framework3/trunk@11249 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-07 20:43:53 +00:00
Joshua Drake fbd340aae8 add an adodb based cmdstager, fixes #1431
git-svn-id: file:///home/svn/framework3/trunk@11247 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-07 18:51:12 +00:00
James Lee 191c4e8eb7 make java_signed_applet work with generic java payloads, but keep the default target as Windows/x86 since it is by far the most common victim.
git-svn-id: file:///home/svn/framework3/trunk@11172 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-30 03:50:40 +00:00
James Lee 6f7af42667 add an exploit for cve-2010-3563, thanks Matthias Kaiser
git-svn-id: file:///home/svn/framework3/trunk@11078 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-19 23:02:35 +00:00
Carlos Perez c492737f0f Fixed format issue
git-svn-id: file:///home/svn/framework3/trunk@11032 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-14 02:37:37 +00:00
James Lee 089ace9726 update the static-signed jar for java_signed_applet, fixes #3015
git-svn-id: file:///home/svn/framework3/trunk@10993 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-11 21:00:29 +00:00
Joshua Drake b572414eac add exploit for cve-2010-3654
git-svn-id: file:///home/svn/framework3/trunk@10857 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-01 22:34:13 +00:00
Joshua Drake 21f16f63a1 style compliance fixes
git-svn-id: file:///home/svn/framework3/trunk@10855 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-01 21:45:49 +00:00
Joshua Drake 6bd75bb2d5 add shockwave exploit from abysssec/rel1k
git-svn-id: file:///home/svn/framework3/trunk@10779 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-22 03:15:22 +00:00
Joshua Drake f997b37245 remove the kitrap0d meterpreter script in favor of the "getsystem" implementation, fixes #800, fixes #801
git-svn-id: file:///home/svn/framework3/trunk@10739 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-18 23:57:41 +00:00
HD Moore f88033f0cc Merge in R3L1K's Powershell enhancements and powerdump code (hashdump through powershell)
git-svn-id: file:///home/svn/framework3/trunk@10721 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-17 17:39:43 +00:00
Joshua Drake eaf8ef00d0 add initial version of cve-2010-2883 exploit
git-svn-id: file:///home/svn/framework3/trunk@10263 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-08 23:05:18 +00:00
James Lee 85126af521 add an exploit module for cve-2010-0094, thanks Matthias Kaiser.
git-svn-id: file:///home/svn/framework3/trunk@10255 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-08 08:20:55 +00:00
James Lee 7381ab8b6d duh, dont actually need this
git-svn-id: file:///home/svn/framework3/trunk@10093 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-21 07:19:49 +00:00
James Lee 6b08dfed61 Add exploit module for cve-2010-08040. This is an awesome bug and my description field doesn't do it justice
git-svn-id: file:///home/svn/framework3/trunk@10092 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-21 06:38:29 +00:00
Joshua Drake 4f148f9374 oops, add updateX data files, see #2329
git-svn-id: file:///home/svn/framework3/trunk@9964 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-06 19:43:25 +00:00
James Lee 119f9328fc remove debug prints. =/
git-svn-id: file:///home/svn/framework3/trunk@9875 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-20 00:57:03 +00:00
James Lee 08d705c1db add java meterpreter and update java_calendar_deserialize to be able to use it, see #406
git-svn-id: file:///home/svn/framework3/trunk@9874 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-20 00:53:24 +00:00
Joshua Drake 74b30535c4 oops, forgot swf
git-svn-id: file:///home/svn/framework3/trunk@9474 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-10 20:14:45 +00:00
Joshua Drake 6d1e7bdaa5 big commit - lots of cmdstager changes
created 4 cmd stagers (instead of just one): CmdStagerVBS, CmdStagerDebugAsm, CmdStagerDebugWrite, CmdStagerTFTP
created a TFTPServer mixin
created Msf::Exploit::EXE mixin to generate executables
updated all uses of CmdStager to use CmdStagerVBS for the time being
add exploit for cve-2001-0333 using CmdStagerTFTP
updated tftp server to wait for transfers to finish (up to 30 seconds) before shutting down
write debug.exe stager stub in 16-bit assembly (used in CmdStagerDebugAsm)


git-svn-id: file:///home/svn/framework3/trunk@9375 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-26 22:39:56 +00:00
Joshua Drake 879a92ffbf change WriteLine to Write
git-svn-id: file:///home/svn/framework3/trunk@9089 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-16 00:24:56 +00:00
Joshua Drake d370ab62c6 don't wait for shell.run to finish
git-svn-id: file:///home/svn/framework3/trunk@8718 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-04 22:33:16 +00:00
Joshua Drake cc9113397c add exploit for IE Windows Help vulnerability
git-svn-id: file:///home/svn/framework3/trunk@8682 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-01 23:14:20 +00:00
Joshua Drake 4800d6841c commit cmd stager stuff from bannedit
git-svn-id: file:///home/svn/framework3/trunk@8518 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-16 16:38:19 +00:00
HD Moore 85c59038ed Add rsnake's RFI index
git-svn-id: file:///home/svn/framework3/trunk@8504 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-15 15:37:04 +00:00
Joshua Drake f82c53db2a move 70k binary to data/exploits instead of hex encoded in the exploit
git-svn-id: file:///home/svn/framework3/trunk@8446 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-10 23:17:19 +00:00
natron 3ecabe1be9 Adds static signed jar and user messages letting them know.
git-svn-id: file:///home/svn/framework3/trunk@8328 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-29 19:47:40 +00:00
natron 69ad365b46 Added STDERR to pure java payload, cleaned up user's view.
git-svn-id: file:///home/svn/framework3/trunk@8308 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 22:53:36 +00:00
natron cd5e5880d2 Initial commit of Msf::Exploit::Java mixin and multi/browser/java_signed_applet exploit.
git-svn-id: file:///home/svn/framework3/trunk@8267 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 19:46:39 +00:00
HD Moore cf26fcb9ad Fixes #784. Adds .NET server support
git-svn-id: file:///home/svn/framework3/trunk@8256 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 07:02:07 +00:00
HD Moore 9ea99c37a8 Updated DLL (Win7 - Trap)
git-svn-id: file:///home/svn/framework3/trunk@8244 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-26 20:25:30 +00:00
HD Moore 4b637c4912 Updated with new target system, signature for 2000 SP4, fixed SP4 usage, but the priv esclation is non-functional, use twunk16/debug depending on what is available.
git-svn-id: file:///home/svn/framework3/trunk@8240 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-26 19:13:28 +00:00
HD Moore a898901ad3 Switch to twunk_16 for Windows 7 compatibility
git-svn-id: file:///home/svn/framework3/trunk@8230 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-25 18:07:48 +00:00
HD Moore 9a27a8dc01 Check the new binaries back in
git-svn-id: file:///home/svn/framework3/trunk@8227 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-25 16:56:41 +00:00
HD Moore 8058fb22e8 Purge these copies until the secondary thread issue is fixed
git-svn-id: file:///home/svn/framework3/trunk@8180 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-20 13:36:48 +00:00
HD Moore 2574416a29 Add the associated binaries
git-svn-id: file:///home/svn/framework3/trunk@8169 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-19 22:31:06 +00:00
Joshua Drake b37c34579b add exploit module for cve-2009-3869
NOTE: no policy change is required for this exploit to succeed.



git-svn-id: file:///home/svn/framework3/trunk@7899 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-17 04:52:40 +00:00
Joshua Drake 255724d640 compile java applet with 1.3, Fixes #685
git-svn-id: file:///home/svn/framework3/trunk@7850 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 17:26:19 +00:00
Joshua Drake 34408c5e3e add exploit module for CVE-2009-3867 (JRE getSoundbank)
git-svn-id: file:///home/svn/framework3/trunk@7827 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-11 21:18:31 +00:00
HD Moore c44bcf3299 Add the stub site/dns lists for airpwn/dnspwn
git-svn-id: file:///home/svn/framework3/trunk@7491 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-13 19:17:14 +00:00
HD Moore d892264ad7 Adds a DoS proof of concept for MS09-065 (EOT)
git-svn-id: file:///home/svn/framework3/trunk@7470 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-11 23:48:53 +00:00
HD Moore 80a262f991 Fixes #423. Using /s on a regex forces an encoding that cant match random binary gibberish
git-svn-id: file:///home/svn/framework3/trunk@7322 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-02 17:59:45 +00:00
HD Moore 5f57666f44 Woops! Commit the h2b script needed for mssql_payload
git-svn-id: file:///home/svn/framework3/trunk@7166 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-15 13:52:14 +00:00
HD Moore 2247b483d9 Updated pSnuffle sniffer code from _MAX_
git-svn-id: file:///home/svn/framework3/trunk@6965 4d416f70-5f16-0410-b530-b9f4589650da
2009-08-19 14:07:33 +00:00
HD Moore 5e74e80c89 Update psnuffle modules to use payload_data
git-svn-id: file:///home/svn/framework3/trunk@6899 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-25 14:11:55 +00:00
HD Moore be6bb23b5e Psnuffle modules
git-svn-id: file:///home/svn/framework3/trunk@6824 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-17 20:39:06 +00:00
HD Moore b8efb1bbf9 Add Stephen Fewer's shiny exploit for the Java deserialization flaw
git-svn-id: file:///home/svn/framework3/trunk@6664 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-16 17:19:44 +00:00
HD Moore 962e8688f2 Changing the default sites list, adding more entries
git-svn-id: file:///home/svn/framework3/trunk@5619 4d416f70-5f16-0410-b530-b9f4589650da
2008-08-08 06:01:10 +00:00
HD Moore cc8ae206b6 First batch of karmetasploit updates
git-svn-id: file:///home/svn/framework3/trunk@5618 4d416f70-5f16-0410-b530-b9f4589650da
2008-08-08 06:00:30 +00:00
HD Moore cd33fcca2c New loading screen
git-svn-id: file:///home/svn/framework3/trunk@5617 4d416f70-5f16-0410-b530-b9f4589650da
2008-08-08 05:16:15 +00:00
HD Moore 4b626e5359 Updated forms
git-svn-id: file:///home/svn/framework3/trunk@5552 4d416f70-5f16-0410-b530-b9f4589650da
2008-07-14 05:35:57 +00:00
HD Moore 77f7be3e75 New, cleaner form snippets
git-svn-id: file:///home/svn/framework3/trunk@5493 4d416f70-5f16-0410-b530-b9f4589650da
2008-04-23 04:17:30 +00:00
HD Moore 231529d684 Nuke these for now, need to rebuild
git-svn-id: file:///home/svn/framework3/trunk@5492 4d416f70-5f16-0410-b530-b9f4589650da
2008-04-23 03:44:24 +00:00
HD Moore 84d921633b Fun with saved passwords
git-svn-id: file:///home/svn/framework3/trunk@5490 4d416f70-5f16-0410-b530-b9f4589650da
2008-04-22 18:48:21 +00:00
HD Moore 2eb50c4bb7 Top 500 sites from alexa
git-svn-id: file:///home/svn/framework3/trunk@5489 4d416f70-5f16-0410-b530-b9f4589650da
2008-04-21 22:52:51 +00:00
HD Moore e237177e6d Remove the JS function
git-svn-id: file:///home/svn/framework3/trunk@5488 4d416f70-5f16-0410-b530-b9f4589650da
2008-04-21 22:47:26 +00:00
HD Moore 2084024822 Small bugfixes to HTTP capture
git-svn-id: file:///home/svn/framework3/trunk@5486 4d416f70-5f16-0410-b530-b9f4589650da
2008-04-21 21:49:10 +00:00
HD Moore 929888a714 Configurable HTTP capture service
git-svn-id: file:///home/svn/framework3/trunk@5484 4d416f70-5f16-0410-b530-b9f4589650da
2008-04-21 21:04:11 +00:00
HD Moore 9b343c7149 New mail.app exploit for leopard
git-svn-id: file:///home/svn/framework3/trunk@5209 4d416f70-5f16-0410-b530-b9f4589650da
2007-11-28 22:23:31 +00:00
HD Moore 41088c3ea4 First version of the iPhone libtiff exploit
git-svn-id: file:///home/svn/framework3/trunk@5144 4d416f70-5f16-0410-b530-b9f4589650da
2007-10-14 22:15:41 +00:00
HD Moore d35adad50e Revision 1, still some bugs to work out
git-svn-id: file:///home/svn/framework3/trunk@4977 4d416f70-5f16-0410-b530-b9f4589650da
2007-05-29 22:56:18 +00:00
HD Moore d09046a5b9 Accessing res['header'] is now case insensitive for HTTP responses
Added the Google Appliance exploit



git-svn-id: file:///home/svn/framework3/trunk@4259 4d416f70-5f16-0410-b530-b9f4589650da
2007-01-05 05:22:39 +00:00