HD Moore
c8c73b076d
Permisssions (ignore)
2012-03-08 16:16:13 -06:00
HD Moore
3e6cbe9486
Add source code to the player
2012-03-08 15:23:10 -06:00
HD Moore
b0db18674c
Test out new player code
2012-03-08 15:05:12 -06:00
sinn3r
f2eab70c3f
Add swf file for CVE-2012-0754
2012-03-07 19:23:11 -06:00
David Maloney
d3fad51f3a
Fix my screwup in winscp for servicename
2012-02-21 20:31:52 -06:00
juan
e69037959f
Added CVE-2010-0842
2012-02-15 23:32:31 +01:00
scriptjunkie
1e811aed02
Adds scriptjunkie's multilingual admin fie for pxexploit
...
Also removes duplicated code between external/source/exploits/pxesploit
and external/source/pxesploit.
[Closes #63 ]
Squashed commit of the following:
commit 325f52527233ded1bf6506c366ec8cb9efdc2610
Author: scriptjunkie <scriptjunkie@scriptjunkie.us>
Date: Fri Dec 16 12:14:18 2011 -0600
Jetzt auf Deutsch! y español! 中國人!
[update pxexploit to resolve administrators' group name rather than assume the English 'Administrators']
Also remove duplicate/old pxexploit source code from the tree.
2011-12-23 12:24:45 -06:00
David Maloney
d939e33f1e
Allows for Loot and Tasks to be imported from an MSF ZIP.
...
This should bring any loots and tasks along with
everything else when doing an improt from an MSF ZIP file.
2011-12-05 22:30:34 -05:00
sinn3r
c5302e13ac
Slight changes
2011-12-01 03:02:08 -06:00
sinn3r
f64f0eefda
Add class file for CVE-2011-3544
2011-11-29 18:06:20 -06:00
David Maloney
30d1451159
Consolidation of the Axis2 Deployer Exploits
...
Fixes #5276
2011-11-22 08:47:53 -08:00
sinn3r
3185b3471b
Add template for CVE-2010-0822
2011-11-21 11:36:27 -06:00
scriptjunkie
8d58ea227f
Add UAC bypass to default pxesploit attack.
2011-11-16 08:16:22 -08:00
HD Moore
96766edfd0
Permission changes (to sync)
2011-11-10 19:48:32 -06:00
Wei Chen
aeaea65896
Add template file for ms11-021
...
git-svn-id: file:///home/svn/framework3/trunk@14168 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-05 23:04:54 +00:00
Mario Ceballos
2f2421badc
initial coverage of the pnsize bug (fileformat)
...
git-svn-id: file:///home/svn/framework3/trunk@13691 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-03 21:17:58 +00:00
David Rude
0b72c931b6
Adds the nsepa.ocx ActiveX control for CVE-2011-2882
...
git-svn-id: file:///home/svn/framework3/trunk@13668 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-30 22:23:27 +00:00
Matt Weeks
ce9db06589
Add localboot config for PXE.
...
git-svn-id: file:///home/svn/framework3/trunk@13628 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-24 21:26:41 +00:00
Wei Chen
5559eec7c9
Add trigger file for MS10-026
...
git-svn-id: file:///home/svn/framework3/trunk@13545 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-12 19:01:59 +00:00
Matt Weeks
f12742a05f
Better cleanup for PXE attacks.
...
git-svn-id: file:///home/svn/framework3/trunk@13518 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-11 02:57:02 +00:00
Matt Weeks
b2733c04db
More PXE dust for extra magic!
...
git-svn-id: file:///home/svn/framework3/trunk@13493 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-05 17:10:27 +00:00
amaloteaux
b9bb5c454d
psnuffle : add a smb protocol decoder
...
git-svn-id: file:///home/svn/framework3/trunk@13375 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-27 18:06:28 +00:00
Tod Beardsley
c54e18d757
Fixes #5038 . Removes all instances of Racket objects, as far as I can tell. If I missed any through my mighty grep -ril racket . statement, please reopen!
...
git-svn-id: file:///home/svn/framework3/trunk@13342 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-26 01:29:21 +00:00
Matt Weeks
338a13baac
Fix minor error.
...
git-svn-id: file:///home/svn/framework3/trunk@13167 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-14 02:36:42 +00:00
James Lee
d1b971c5f2
no need for a static sig anymore
...
git-svn-id: file:///home/svn/framework3/trunk@12835 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-03 00:13:44 +00:00
Matt Weeks
971b6f96f6
pxesploit update; compatibility with x64, compatibility with different windows versions.
...
Still no custom payload yet.
git-svn-id: file:///home/svn/framework3/trunk@12430 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-25 02:51:07 +00:00
Wei Chen
ce2687cafe
Added swf trigger file
...
git-svn-id: file:///home/svn/framework3/trunk@12329 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-16 02:08:03 +00:00
David Rude
8c614a9296
made the shellcode request random to avoid signatures
...
git-svn-id: file:///home/svn/framework3/trunk@12148 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-26 16:00:52 +00:00
David Rude
ff3659aa37
Lots of work to make this a lot more reliable =)
...
git-svn-id: file:///home/svn/framework3/trunk@12146 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-26 06:35:28 +00:00
Wei Chen
bdccc67d1d
Added Crash file for CVE-2010-3275 (VLC AMV file)
...
git-svn-id: file:///home/svn/framework3/trunk@12136 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-25 21:01:30 +00:00
Tod Beardsley
9895d01d51
Moving lib_mysqludf_sys*.dll to a more obvious subdirectory of the exploit binaries.
...
git-svn-id: file:///home/svn/framework3/trunk@12128 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-24 17:48:19 +00:00
Tod Beardsley
b1178686cf
Fixes #3988 . Adds a command execution module for PostgreSQL by uploading a UDF library and adding sys_exec() as a temporary function. Requires the target to be Windows, uses Bernardo Damele A. G.'s binaries.
...
Also fixes a typo in the arguments to handler which clears up a heretofore mysterious exception (see exploit.rb).
git-svn-id: file:///home/svn/framework3/trunk@12111 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 19:36:07 +00:00
David Rude
d7266b6551
Add CVE-2011-0609 exploit for Adobe Flash
...
git-svn-id: file:///home/svn/framework3/trunk@12089 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 04:31:48 +00:00
Joshua Drake
fb6107ffb5
enable java payloads, currently via one-off method
...
git-svn-id: file:///home/svn/framework3/trunk@12012 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-17 23:57:11 +00:00
Joshua Drake
4644110962
add exploit for cve-2010-4452, currently windows only and no payloads :(
...
git-svn-id: file:///home/svn/framework3/trunk@11982 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-16 04:50:25 +00:00
Tod Beardsley
42531e097f
Fixes #3916 . Adds a module for mysql delivery of a payload via a UDF, using Bernardo's quite excellent UDF libraries.
...
git-svn-id: file:///home/svn/framework3/trunk@11899 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-08 22:42:26 +00:00
James Lee
05d073c467
move the evil-looking metasploit.PayloadApplet to the more inocuous SiteLoader.class, re-enable rjb compiling for the applet class
...
git-svn-id: file:///home/svn/framework3/trunk@11249 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-07 20:43:53 +00:00
Joshua Drake
fbd340aae8
add an adodb based cmdstager, fixes #1431
...
git-svn-id: file:///home/svn/framework3/trunk@11247 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-07 18:51:12 +00:00
James Lee
191c4e8eb7
make java_signed_applet work with generic java payloads, but keep the default target as Windows/x86 since it is by far the most common victim.
...
git-svn-id: file:///home/svn/framework3/trunk@11172 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-30 03:50:40 +00:00
James Lee
6f7af42667
add an exploit for cve-2010-3563, thanks Matthias Kaiser
...
git-svn-id: file:///home/svn/framework3/trunk@11078 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-19 23:02:35 +00:00
Carlos Perez
c492737f0f
Fixed format issue
...
git-svn-id: file:///home/svn/framework3/trunk@11032 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-14 02:37:37 +00:00
James Lee
089ace9726
update the static-signed jar for java_signed_applet, fixes #3015
...
git-svn-id: file:///home/svn/framework3/trunk@10993 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-11 21:00:29 +00:00
Joshua Drake
b572414eac
add exploit for cve-2010-3654
...
git-svn-id: file:///home/svn/framework3/trunk@10857 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-01 22:34:13 +00:00
Joshua Drake
21f16f63a1
style compliance fixes
...
git-svn-id: file:///home/svn/framework3/trunk@10855 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-01 21:45:49 +00:00
Joshua Drake
6bd75bb2d5
add shockwave exploit from abysssec/rel1k
...
git-svn-id: file:///home/svn/framework3/trunk@10779 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-22 03:15:22 +00:00
Joshua Drake
f997b37245
remove the kitrap0d meterpreter script in favor of the "getsystem" implementation, fixes #800 , fixes #801
...
git-svn-id: file:///home/svn/framework3/trunk@10739 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-18 23:57:41 +00:00
HD Moore
f88033f0cc
Merge in R3L1K's Powershell enhancements and powerdump code (hashdump through powershell)
...
git-svn-id: file:///home/svn/framework3/trunk@10721 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-17 17:39:43 +00:00
Joshua Drake
eaf8ef00d0
add initial version of cve-2010-2883 exploit
...
git-svn-id: file:///home/svn/framework3/trunk@10263 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-08 23:05:18 +00:00
James Lee
85126af521
add an exploit module for cve-2010-0094, thanks Matthias Kaiser.
...
git-svn-id: file:///home/svn/framework3/trunk@10255 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-08 08:20:55 +00:00
James Lee
7381ab8b6d
duh, dont actually need this
...
git-svn-id: file:///home/svn/framework3/trunk@10093 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-21 07:19:49 +00:00
James Lee
6b08dfed61
Add exploit module for cve-2010-08040. This is an awesome bug and my description field doesn't do it justice
...
git-svn-id: file:///home/svn/framework3/trunk@10092 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-21 06:38:29 +00:00
Joshua Drake
4f148f9374
oops, add updateX data files, see #2329
...
git-svn-id: file:///home/svn/framework3/trunk@9964 4d416f70-5f16-0410-b530-b9f4589650da
2010-08-06 19:43:25 +00:00
James Lee
119f9328fc
remove debug prints. =/
...
git-svn-id: file:///home/svn/framework3/trunk@9875 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-20 00:57:03 +00:00
James Lee
08d705c1db
add java meterpreter and update java_calendar_deserialize to be able to use it, see #406
...
git-svn-id: file:///home/svn/framework3/trunk@9874 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-20 00:53:24 +00:00
Joshua Drake
74b30535c4
oops, forgot swf
...
git-svn-id: file:///home/svn/framework3/trunk@9474 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-10 20:14:45 +00:00
Joshua Drake
6d1e7bdaa5
big commit - lots of cmdstager changes
...
created 4 cmd stagers (instead of just one): CmdStagerVBS, CmdStagerDebugAsm, CmdStagerDebugWrite, CmdStagerTFTP
created a TFTPServer mixin
created Msf::Exploit::EXE mixin to generate executables
updated all uses of CmdStager to use CmdStagerVBS for the time being
add exploit for cve-2001-0333 using CmdStagerTFTP
updated tftp server to wait for transfers to finish (up to 30 seconds) before shutting down
write debug.exe stager stub in 16-bit assembly (used in CmdStagerDebugAsm)
git-svn-id: file:///home/svn/framework3/trunk@9375 4d416f70-5f16-0410-b530-b9f4589650da
2010-05-26 22:39:56 +00:00
Joshua Drake
879a92ffbf
change WriteLine to Write
...
git-svn-id: file:///home/svn/framework3/trunk@9089 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-16 00:24:56 +00:00
Joshua Drake
d370ab62c6
don't wait for shell.run to finish
...
git-svn-id: file:///home/svn/framework3/trunk@8718 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-04 22:33:16 +00:00
Joshua Drake
cc9113397c
add exploit for IE Windows Help vulnerability
...
git-svn-id: file:///home/svn/framework3/trunk@8682 4d416f70-5f16-0410-b530-b9f4589650da
2010-03-01 23:14:20 +00:00
Joshua Drake
4800d6841c
commit cmd stager stuff from bannedit
...
git-svn-id: file:///home/svn/framework3/trunk@8518 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-16 16:38:19 +00:00
HD Moore
85c59038ed
Add rsnake's RFI index
...
git-svn-id: file:///home/svn/framework3/trunk@8504 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-15 15:37:04 +00:00
Joshua Drake
f82c53db2a
move 70k binary to data/exploits instead of hex encoded in the exploit
...
git-svn-id: file:///home/svn/framework3/trunk@8446 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-10 23:17:19 +00:00
natron
3ecabe1be9
Adds static signed jar and user messages letting them know.
...
git-svn-id: file:///home/svn/framework3/trunk@8328 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-29 19:47:40 +00:00
natron
69ad365b46
Added STDERR to pure java payload, cleaned up user's view.
...
git-svn-id: file:///home/svn/framework3/trunk@8308 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 22:53:36 +00:00
natron
cd5e5880d2
Initial commit of Msf::Exploit::Java mixin and multi/browser/java_signed_applet exploit.
...
git-svn-id: file:///home/svn/framework3/trunk@8267 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 19:46:39 +00:00
HD Moore
cf26fcb9ad
Fixes #784 . Adds .NET server support
...
git-svn-id: file:///home/svn/framework3/trunk@8256 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 07:02:07 +00:00
HD Moore
9ea99c37a8
Updated DLL (Win7 - Trap)
...
git-svn-id: file:///home/svn/framework3/trunk@8244 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-26 20:25:30 +00:00
HD Moore
4b637c4912
Updated with new target system, signature for 2000 SP4, fixed SP4 usage, but the priv esclation is non-functional, use twunk16/debug depending on what is available.
...
git-svn-id: file:///home/svn/framework3/trunk@8240 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-26 19:13:28 +00:00
HD Moore
a898901ad3
Switch to twunk_16 for Windows 7 compatibility
...
git-svn-id: file:///home/svn/framework3/trunk@8230 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-25 18:07:48 +00:00
HD Moore
9a27a8dc01
Check the new binaries back in
...
git-svn-id: file:///home/svn/framework3/trunk@8227 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-25 16:56:41 +00:00
HD Moore
8058fb22e8
Purge these copies until the secondary thread issue is fixed
...
git-svn-id: file:///home/svn/framework3/trunk@8180 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-20 13:36:48 +00:00
HD Moore
2574416a29
Add the associated binaries
...
git-svn-id: file:///home/svn/framework3/trunk@8169 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-19 22:31:06 +00:00
Joshua Drake
b37c34579b
add exploit module for cve-2009-3869
...
NOTE: no policy change is required for this exploit to succeed.
git-svn-id: file:///home/svn/framework3/trunk@7899 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-17 04:52:40 +00:00
Joshua Drake
255724d640
compile java applet with 1.3, Fixes #685
...
git-svn-id: file:///home/svn/framework3/trunk@7850 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-14 17:26:19 +00:00
Joshua Drake
34408c5e3e
add exploit module for CVE-2009-3867 (JRE getSoundbank)
...
git-svn-id: file:///home/svn/framework3/trunk@7827 4d416f70-5f16-0410-b530-b9f4589650da
2009-12-11 21:18:31 +00:00
HD Moore
c44bcf3299
Add the stub site/dns lists for airpwn/dnspwn
...
git-svn-id: file:///home/svn/framework3/trunk@7491 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-13 19:17:14 +00:00
HD Moore
d892264ad7
Adds a DoS proof of concept for MS09-065 (EOT)
...
git-svn-id: file:///home/svn/framework3/trunk@7470 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-11 23:48:53 +00:00
HD Moore
80a262f991
Fixes #423 . Using /s on a regex forces an encoding that cant match random binary gibberish
...
git-svn-id: file:///home/svn/framework3/trunk@7322 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-02 17:59:45 +00:00
HD Moore
5f57666f44
Woops! Commit the h2b script needed for mssql_payload
...
git-svn-id: file:///home/svn/framework3/trunk@7166 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-15 13:52:14 +00:00
HD Moore
2247b483d9
Updated pSnuffle sniffer code from _MAX_
...
git-svn-id: file:///home/svn/framework3/trunk@6965 4d416f70-5f16-0410-b530-b9f4589650da
2009-08-19 14:07:33 +00:00
HD Moore
5e74e80c89
Update psnuffle modules to use payload_data
...
git-svn-id: file:///home/svn/framework3/trunk@6899 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-25 14:11:55 +00:00
HD Moore
be6bb23b5e
Psnuffle modules
...
git-svn-id: file:///home/svn/framework3/trunk@6824 4d416f70-5f16-0410-b530-b9f4589650da
2009-07-17 20:39:06 +00:00
HD Moore
b8efb1bbf9
Add Stephen Fewer's shiny exploit for the Java deserialization flaw
...
git-svn-id: file:///home/svn/framework3/trunk@6664 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-16 17:19:44 +00:00
HD Moore
962e8688f2
Changing the default sites list, adding more entries
...
git-svn-id: file:///home/svn/framework3/trunk@5619 4d416f70-5f16-0410-b530-b9f4589650da
2008-08-08 06:01:10 +00:00
HD Moore
cc8ae206b6
First batch of karmetasploit updates
...
git-svn-id: file:///home/svn/framework3/trunk@5618 4d416f70-5f16-0410-b530-b9f4589650da
2008-08-08 06:00:30 +00:00
HD Moore
cd33fcca2c
New loading screen
...
git-svn-id: file:///home/svn/framework3/trunk@5617 4d416f70-5f16-0410-b530-b9f4589650da
2008-08-08 05:16:15 +00:00
HD Moore
4b626e5359
Updated forms
...
git-svn-id: file:///home/svn/framework3/trunk@5552 4d416f70-5f16-0410-b530-b9f4589650da
2008-07-14 05:35:57 +00:00
HD Moore
77f7be3e75
New, cleaner form snippets
...
git-svn-id: file:///home/svn/framework3/trunk@5493 4d416f70-5f16-0410-b530-b9f4589650da
2008-04-23 04:17:30 +00:00
HD Moore
231529d684
Nuke these for now, need to rebuild
...
git-svn-id: file:///home/svn/framework3/trunk@5492 4d416f70-5f16-0410-b530-b9f4589650da
2008-04-23 03:44:24 +00:00
HD Moore
84d921633b
Fun with saved passwords
...
git-svn-id: file:///home/svn/framework3/trunk@5490 4d416f70-5f16-0410-b530-b9f4589650da
2008-04-22 18:48:21 +00:00
HD Moore
2eb50c4bb7
Top 500 sites from alexa
...
git-svn-id: file:///home/svn/framework3/trunk@5489 4d416f70-5f16-0410-b530-b9f4589650da
2008-04-21 22:52:51 +00:00
HD Moore
e237177e6d
Remove the JS function
...
git-svn-id: file:///home/svn/framework3/trunk@5488 4d416f70-5f16-0410-b530-b9f4589650da
2008-04-21 22:47:26 +00:00
HD Moore
2084024822
Small bugfixes to HTTP capture
...
git-svn-id: file:///home/svn/framework3/trunk@5486 4d416f70-5f16-0410-b530-b9f4589650da
2008-04-21 21:49:10 +00:00
HD Moore
929888a714
Configurable HTTP capture service
...
git-svn-id: file:///home/svn/framework3/trunk@5484 4d416f70-5f16-0410-b530-b9f4589650da
2008-04-21 21:04:11 +00:00
HD Moore
9b343c7149
New mail.app exploit for leopard
...
git-svn-id: file:///home/svn/framework3/trunk@5209 4d416f70-5f16-0410-b530-b9f4589650da
2007-11-28 22:23:31 +00:00
HD Moore
41088c3ea4
First version of the iPhone libtiff exploit
...
git-svn-id: file:///home/svn/framework3/trunk@5144 4d416f70-5f16-0410-b530-b9f4589650da
2007-10-14 22:15:41 +00:00
HD Moore
d35adad50e
Revision 1, still some bugs to work out
...
git-svn-id: file:///home/svn/framework3/trunk@4977 4d416f70-5f16-0410-b530-b9f4589650da
2007-05-29 22:56:18 +00:00
HD Moore
d09046a5b9
Accessing res['header'] is now case insensitive for HTTP responses
...
Added the Google Appliance exploit
git-svn-id: file:///home/svn/framework3/trunk@4259 4d416f70-5f16-0410-b530-b9f4589650da
2007-01-05 05:22:39 +00:00