d380435113
This commit adds support for implementing the SMBFileServer Module
...
within Rex, allowing exploit modules to create a payload to be sent
to an SMBFileServer instance. This can be useful in cases where
you would find DLL injection in an system which will read files
over a UNC share, or other instances where a payload can be delivered
over SMB.
This code borrows heavily from the ms13_071_theme module written
by Juan Vazquez, however I have performed a fair amount of protocol
analysis and debugging to provide support for delivering an arbitrary
MSF payload over UNC.
The main differences being the presence of functions to support:
-SMB CMD Trans Query Path Info (Basic and Standard)
- SMB CMD Trans Query File Info (Standard and Internal)
This code can be considered "alpha", as I have only implemented support
for the SMB functions discovered during development of an exploit of an
arbitrary DLL injection into a server performing a "LoadLibraryA" call.*
However, this provides a basis upon which additional SMB functions can
be implemented to extend delivery of payloads over SMB.
A separate commit will expose the SMBFileServer Module within
./lib/msf/core/exploit/smb.rb
* This exploit will be committed separately once a fix has been confirmed
by the vendor.
2014-03-07 15:00:45 +00:00
ebee365fce
Land #2742 , report_vuln for MongoDB no auth
2014-03-06 19:34:45 -05:00
84f280d74f
Use a more descriptive MongoDB vulnerability title
2014-03-06 19:20:52 -05:00
ee0aa20955
Land #3013 , Metasm update
2014-03-06 14:15:42 -06:00
3c2eb29762
Land #3068 - require msf/core/exploit/powershell
2014-03-05 21:32:10 -06:00
df2bdad4f9
Include 'msf/core/exploit/powershell'
...
Prevent:
```
[-] /pentest/exploit/metasploit-framework/modules/exploits/windows/misc/hp_dataprotector_exec_bar.rb: NameError uninitialized constant Msf::Exploit::Powershell
```
2014-03-06 12:57:43 +11:00
9d0743ae85
Land #3030 - SolidWorks Workgroup PDM 2014 pdmwService.exe Arbitrary File Write
2014-03-05 16:34:54 -06:00
2015c56699
Land #3066 - HP Data Protector Backup Client Service Remote Code Execution
2014-03-05 16:18:28 -06:00
096d6ad951
Land #3055 , heapLib2 integration
2014-03-05 15:48:13 -06:00
1ea35887db
Add OSVDB reference
2014-03-06 01:40:15 +10:30
4e9350a82b
Add module for ZDI-14-008
2014-03-05 03:25:13 -06:00
a1aef92652
Land #2431 - In-memory bypass uac
2014-03-05 11:15:54 +10:00
7cb6e7e261
Land #3057 - MantisBT Admin SQL Injection Arbitrary File Read
2014-03-04 17:52:29 -06:00
f0e97207b7
Fix email format
2014-03-04 17:51:24 -06:00
caaa419ef8
Land #3054 - Fix crash in osx/x64/exec on 10.9 Mavericks
2014-03-04 15:24:02 -06:00
4c4a931fa4
Land #3064 , naughty talk cleanup
2014-03-04 15:01:34 -06:00
f50d6c8709
Remove a couple more instances of "shit"
2014-03-04 15:00:48 -06:00
a3d72567f3
That one, too.
2014-03-04 14:38:25 -06:00
60d0667d9f
Land #3063 , make CONTRIBUTING and HACKING useful
2014-03-04 14:36:12 -06:00
6e88bbd827
No need for that kind of language
2014-03-04 14:34:50 -06:00
9338b43e22
Merge remote-tracking branch 'origin/pr/5' into feature/contributing
2014-03-04 14:21:17 -06:00
d27b47a078
Update HACKING along with CONTRIBUTING.md
2014-03-04 14:12:42 -06:00
45086d01ce
Add a link to common coding mistakes
2014-03-04 14:06:34 -06:00
c86764d414
update default password to root
2014-03-04 11:55:30 -08:00
3491a93f0a
Add note about descriptive titles in bug reports
2014-03-04 13:16:55 -06:00
3bbb2d628e
Add note about topic branches
2014-03-04 13:05:50 -06:00
79aa14235a
Add note about the 50/72 rule
2014-03-04 12:46:42 -06:00
e8979ff892
Add note about PR titles
2014-03-04 12:44:12 -06:00
ca23f07da7
Change HTTP link to HTTPS
...
Doesn't redirect by default.
2014-03-04 12:22:14 -06:00
f8fb74a6d8
Add more examples of good contributions
2014-03-04 12:19:34 -06:00
2b06791ea6
updates regarding PR comments
2014-03-04 10:08:31 -08:00
e638c3d50a
Land #3058 - Prevent jsobfu from generating reserved js keywords
2014-03-04 11:43:39 -06:00
e30238fe0d
Land #3062 , unused arg fix for vmware_mount
2014-03-04 11:37:41 -06:00
68205fa43c
Actually use the argument
2014-03-04 11:30:42 -06:00
f8310b86d1
Land #3059 - ALLPlayer M3U Buffer Overfloww
2014-03-04 11:29:52 -06:00
db76962b4a
Land #2764 , WMIC Post Mixin changes
...
lands Meatballs WMIC changes
2014-03-04 10:21:46 -06:00
72c6b995de
adjust timeout for shadowcopy
...
WMIC defaults to 10 sec timeout but shadowcopy
often needs longer.
2014-03-04 10:18:59 -06:00
a3523bdcb9
Update mantisbt_admin_sqli.rb
...
remove extra new line and fix author line
2014-03-04 08:44:53 -06:00
704d54fa0b
Add missing period
2014-03-04 02:42:13 -06:00
59dccdf94c
Add an example of a good PR
2014-03-04 02:38:47 -06:00
d8314d36ab
Add note about reporting vulns
2014-03-04 02:27:06 -06:00
2a87973d3c
Use be instead of eq.
2014-03-03 21:55:12 -06:00
a382b78f80
Oops, $ and _ need to be in the spec.
...
* Repeats the random check 20 times for each spec.
2014-03-03 21:54:09 -06:00
f0868c35bf
Land #3050 - Fix tained perl payloads
2014-03-04 10:05:47 +10:00
408fedef93
Add module for OSVDB-98283
2014-03-04 00:51:01 +01:00
6c3b667152
Kill extra comma.
2014-03-03 16:48:02 -06:00
bfecf9525d
Add Rex::RandomIdentifierGenerator.
2014-03-03 16:43:49 -06:00
43715eeb7f
Blame @OJ
...
He changed the clipboard API underneat me.
2014-03-03 22:06:05 +00:00
32d83887d3
Merge remote-tracking branch 'upstream/master' into wmic_post
2014-03-03 21:56:31 +00:00
e8b10db73b
Dropped a space.
2014-03-03 15:48:44 -06:00
Matthew Hall
Spencer McIntyre
William Vu
sinn3r
Brendan Coles
jvazquez-r7
OJ
Tod Beardsley
Brandon Perry
James Lee
David Maloney
Brandon Perry
Joe Vennix
sgabe
Meatballs