Roberto Soares
0ba03f7a06
Fix words.
2015-09-09 21:27:57 -03:00
Roberto Soares
bc3f5b43ab
Removerd WordPress mixin.
2015-09-09 21:26:15 -03:00
Roberto Soares
4e31dd4e9f
Add curesec team as vuln discovery.
2015-09-09 21:13:51 -03:00
Roberto Soares
6336301df3
Add Nibbleblog File Upload Vulnerability
2015-09-09 21:05:36 -03:00
Roberto Soares
d3aa61d6a0
Move bolt_file_upload.rb to exploits/multi/http
2015-09-09 13:41:44 -03:00
Roberto Soares
2800ecae07
Fix alignment.
2015-09-09 01:21:08 -03:00
Roberto Soares
48bd2c72a0
Add fail_with method and other improvements
2015-09-09 01:11:35 -03:00
Roberto Soares
f08cf97224
Check method implemented
2015-09-08 23:54:20 -03:00
Roberto Soares
6de0c9584d
Fix some improvements
2015-09-08 23:15:42 -03:00
JT
31a8907385
Update simple_backdoors_exec.rb
2015-09-09 08:30:21 +08:00
jvazquez-r7
329e6f4633
Fix title
2015-09-08 15:31:14 -05:00
JT
4e23bba14c
Update simple_backdoors_exec.rb
...
removing the parenthesis for the if statements
2015-09-08 15:47:38 +08:00
JT
002aada59d
Update simple_backdoors_exec.rb
...
changed shell to res
2015-09-08 14:54:26 +08:00
JT
467f9a8353
Update simple_backdoors_exec.rb
2015-09-08 14:45:54 +08:00
JT
37c28ddefb
Update simple_backdoors_exec.rb
...
Updated the description
2015-09-08 13:42:12 +08:00
JT
0f8123ee23
Simple Backdoor Shell Remote Code Execution
2015-09-08 13:08:47 +08:00
samvartaka
0a0e7ab4ba
This is a modification to the original poisonivy_bof.rb exploit
...
module removing the need for bruteforce in the case of an unknown
server password by (ab)using the challenge-response as an encryption
oracle, making it more reliable. The vulnerability has also been confirmed
in versions 2.2.0 up to 2.3.1 and additional targets for these versions
have been added as well.
See http://samvartaka.github.io/malware/2015/09/07/poison-ivy-reliable-exploitation/
for details.
## Console output
Below is an example of the new functionality (PIVY C2 server password is
set to 'prettysecure' and unknown to attacker). Exploitation of versions 2.3.0 and 2.3.1
is similar.
### Version 2.3.2 (unknown password)
```
msf > use windows/misc/poisonivy_bof
msf exploit(poisonivy_bof) > set RHOST 192.168.0.103
RHOST => 192.168.0.103
msf exploit(poisonivy_bof) > check
[*] Vulnerable Poison Ivy C&C version 2.3.1/2.3.2 detected.
[*] 192.168.0.103:3460 - The target appears to be vulnerable.
msf exploit(poisonivy_bof) > set PAYLOAD windows/shell_bind_tcp
PAYLOAD => windows/shell_bind_tcp
msf exploit(poisonivy_bof) > exploit
[*] Started bind handler
[*] Performing handshake...
[*] Sending exploit...
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\winxp\Desktop\Poison Ivy\Poison Ivy 2.3.2>
```
### Version 2.2.0 (unknown password)
```
msf exploit(poisonivy_bof) > check
[*] Vulnerable Poison Ivy C&C version 2.2.0 detected.
[*] 192.168.0.103:3460 - The target appears to be vulnerable.
msf exploit(poisonivy_bof) > show targets
Exploit targets:
Id Name
-- ----
0 Poison Ivy 2.2.0 on Windows XP SP3 / Windows 7 SP1
1 Poison Ivy 2.3.0 on Windows XP SP3 / Windows 7 SP1
2 Poison Ivy 2.3.1, 2.3.2 on Windows XP SP3 / Windows 7 SP1
msf exploit(poisonivy_bof) > set TARGET 0
TARGET => 0
msf exploit(poisonivy_bof) > exploit
[*] Started bind handler
[*] Performing handshake...
[*] Sending exploit...
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\winxp\Desktop\Poison Ivy\Poison Ivy 2.2.0>
```
2015-09-07 17:48:28 +02:00
xistence
1d492e4b25
Lots of X11 protocol changes
2015-09-06 15:55:16 +07:00
JT
2f8dc7fdab
Update w3tw0rk_exec.rb
...
changed response to res
2015-09-05 14:21:07 +08:00
jvazquez-r7
23ab702ec4
Land #5631 , @blincoln682F048A's module for Endian Firewall Proxy
...
* Exploit CVE-2015-5082
2015-09-04 16:28:32 -05:00
jvazquez-r7
2abfcd00b1
Use snake_case
2015-09-04 16:27:09 -05:00
jvazquez-r7
15aa5de991
Use Rex::MIME::Message
2015-09-04 16:26:53 -05:00
jvazquez-r7
adcd3c1e29
Use static max length
2015-09-04 16:18:55 -05:00
jvazquez-r7
1ebc25092f
Delete some comments
2015-09-04 16:18:15 -05:00
Roberto Soares
cc405957db
Add some improvements
2015-09-04 16:02:30 -03:00
Roberto Soares
4531d17cab
Added the rest of the code
2015-09-04 15:37:42 -03:00
Roberto Soares
b9ba12e42a
Added get_token method.
2015-09-04 15:27:28 -03:00
Roberto Soares
6f4f8e34b4
Added method bolt_login.
2015-09-04 10:45:15 -03:00
wchen-r7
d55757350d
Use the latest credential API, no more report_auth_info
2015-09-04 03:04:14 -05:00
Roberto Soares
a195f5bb9e
Initial commit - Skeleton
2015-09-04 04:09:16 -03:00
jvazquez-r7
ef6df5bc26
Use get_target_arch
2015-09-03 16:30:46 -05:00
jvazquez-r7
2588439246
Add references for the win32k info leak
2015-09-03 15:35:41 -05:00
James Lee
b2c401696b
Add certutil support.
...
Tested while landing #5736
2015-09-03 14:24:37 -05:00
James Lee
1e6a1f6d05
Revert "Fix spec like I shoulda done before landing #5736"
...
This reverts commit 956c8e550d
.
Conflicts:
spec/lib/rex/exploitation/cmdstager/certutil_spec.rb
2015-09-03 14:18:55 -05:00
James Lee
b4547711f3
Add certutil support.
...
Tested while landing #5736
2015-09-03 13:27:10 -05:00
jvazquez-r7
697a6cd335
Rescue the process execute
2015-09-03 13:03:36 -05:00
jvazquez-r7
80a1e32339
Set Manual Ranking
2015-09-03 12:24:45 -05:00
HD Moore
9b51352c62
Land #5639 , adds registry persistence
2015-09-03 11:26:38 -05:00
jvazquez-r7
dbe901915e
Improve version detection
2015-09-03 09:54:38 -05:00
jvazquez-r7
de25a6c23c
Add metadata
2015-09-02 18:32:45 -05:00
jvazquez-r7
8f70ec8256
Fix Disclosure date
2015-09-02 18:21:36 -05:00
jvazquez-r7
b912e3ce65
Add exploit template
2015-09-02 17:28:35 -05:00
HD Moore
4090c2c8ea
Land #5880 , adds ScriptHost UAC bypass for Win7/2008
2015-09-02 14:14:18 -05:00
Meatballs
582cc795ac
Remove newlines
2015-09-02 19:42:04 +01:00
HD Moore
43d3e69fb2
Land #5917 , update local exploit checks
2015-09-02 12:55:45 -05:00
HD Moore
95b9208a63
Change recv to get_once to avoid indefinite hangs, cosmetic tweaks.
2015-09-02 10:30:19 -05:00
xistence
a81a9e0ef8
Added TIME_WAIT for GUI windows
2015-09-02 16:55:20 +07:00
Meatballs
8f25a006a8
Change to automatic target
2015-09-02 09:13:25 +01:00
wchen-r7
4275a65407
Update local exploit checks to follow the guidelines.
...
Please see wiki "How to write a check() method" to learn how
these checkcodes are determined.
2015-09-01 23:26:45 -05:00
Meatballs
27775fbe58
Restrict to 7 and 2k8
2015-09-01 22:23:37 +01:00
HD Moore
cd65478d29
Land #5826 , swap ExitFunction -> EXITFUNC
2015-09-01 13:58:12 -05:00
Christian Mehlmauer
bfc24aea16
change exitfunc to thread
2015-09-01 10:52:25 +02:00
Christian Mehlmauer
115f409fef
change exitfunc to thread
2015-09-01 10:48:07 +02:00
Christian Mehlmauer
5398bf78eb
change exitfunc to thread
2015-09-01 10:46:54 +02:00
Christian Mehlmauer
3e613dc333
change exitfunc to thread
2015-09-01 10:43:45 +02:00
Christian Mehlmauer
648c034d17
change exitfunc to thread
2015-09-01 10:42:15 +02:00
Brent Cook
d670a62000
Land #5822 , migrate obsolete payload compatibility options
2015-08-31 15:20:20 -05:00
wchen-r7
9364982467
Land #5665 , Add osx rootpipe entitlements exploit for 10.10.3
2015-08-28 13:33:16 -05:00
wchen-r7
e45347e745
Explain why vulnerable
2015-08-28 13:26:01 -05:00
wchen-r7
423d52476d
Normal options should be all caps
2015-08-28 13:24:23 -05:00
Muhamad Fadzil Ramli
1b4f4fd225
remove url reference
2015-08-27 19:47:37 +08:00
jvazquez-r7
da4b360202
Fix typo
2015-08-26 15:29:34 -05:00
jvazquez-r7
5d0ed797a3
Update DLL
2015-08-26 15:15:32 -05:00
jvazquez-r7
dd529013f6
Update ruby side
2015-08-26 15:12:09 -05:00
JT
ff868f9704
Update w3tw0rk_exec.rb
2015-08-26 23:51:09 +08:00
JT
3f6c04a445
Update w3tw0rk_exec.rb
2015-08-26 23:48:31 +08:00
JT
16341d34a2
Update w3tw0rk_exec.rb
2015-08-26 23:34:29 +08:00
JT
892f427664
Update w3tw0rk_exec.rb
...
removed w3tw0rk_login
2015-08-26 09:18:15 +08:00
JT
6edba2cdc8
Update w3tw0rk_exec.rb
2015-08-26 09:11:30 +08:00
JT
c77226c354
Update w3tw0rk_exec.rb
2015-08-26 01:28:07 +08:00
JT
25fb325410
w3tw0rk / Pitbul IRC Bot Remote Code Execution
2015-08-26 01:22:55 +08:00
Brent Cook
b1ef560264
Merge payload_inject 64-bit inject fix from @Meatballs1
2015-08-24 09:26:00 -05:00
Muhamad Fadzil Ramli
03b1ad7491
add reference info
2015-08-24 11:18:26 +08:00
Muhamad Fadzil Ramli
73cb1383d2
amend banner info for check
2015-08-24 10:55:43 +08:00
Meatballs
1c91b126f1
X64 compat for payload_inject
2015-08-23 22:03:57 +01:00
Meatballs
228087dced
Initial working scripthost bypass uac
2015-08-23 20:16:15 +01:00
Muhamad Fadzil Ramli
7587319602
run rubocop & msftidy
2015-08-23 23:32:30 +08:00
Muhamad Fadzil Ramli
a5daa5c9be
added module descriptions
2015-08-23 23:12:41 +08:00
Muhamad Fadzil Ramli
91a7531af8
konica minolta ftp server post auth cwd command exploit
2015-08-23 21:49:26 +08:00
wchen-r7
dc1e7e02b6
Land #5853 , Firefox 35-36 RCE one-click exploi
2015-08-20 13:27:21 -05:00
wchen-r7
45c7e4760a
Support x64 payloads
2015-08-20 02:09:58 -05:00
Brent Cook
6b94513a37
Land #5860 , add tpwn OS X local kernel exploit ( https://github.com/kpwn/tpwn )
2015-08-17 17:41:04 -05:00
William Vu
26165ea93f
Add tpwn module
2015-08-17 17:11:11 -05:00
Brent Cook
b17d8f8d49
Land #5768 , update modules to use metasploit-credential
2015-08-17 17:08:58 -05:00
joev
98e2d074c3
Add disclosure date.
2015-08-15 20:09:41 -05:00
joev
a133e98ba5
Adds a ff 35-36 RCE vector based off the recent ff bug.
2015-08-15 20:02:00 -05:00
HD Moore
42e08cbe07
Fix bad use of get_profile (now browser_profile)
2015-08-14 19:50:42 -05:00
jvazquez-r7
c02df6b39d
Land #5800 , @bperry's Symantec Endpoint Protection Manager RCE module
2015-08-14 17:03:48 -05:00
jvazquez-r7
b33abd72ce
Complete description
2015-08-14 17:03:21 -05:00
jvazquez-r7
4aa3be7ba2
Do ruby fixing and use FileDropper
2015-08-14 17:00:27 -05:00
Spencer McIntyre
33f1324fa9
Land #5813 , @jakxx adds VideoCharge SEH file exploit
2015-08-13 18:01:25 -04:00
jakxx
e9d3289c23
EXITFUNC caps
2015-08-13 17:25:31 -04:00
jakxx
6e1c714b2b
Update to leverage auto-NOP generation
2015-08-13 17:24:18 -04:00
jakxx
361624161b
msftidy
2015-08-13 16:27:27 -04:00
jakxx
03eb2d71b2
Add watermark fileformat exploit
2015-08-13 16:26:17 -04:00
William Vu
f19186adda
Land #5841 , homm3_h3m default target change
2015-08-13 14:54:58 -05:00
Tod Beardsley
02c6ea31bb
Use the more recent HD version as default target
2015-08-13 14:42:21 -05:00
Christian Mehlmauer
80a22412d9
use EXITFUNC instead of ExitFunction
2015-08-13 21:22:32 +02:00
William Vu
605a14350f
Land #5833 , sshexec improvements
2015-08-13 14:16:22 -05:00
William Vu
3bd6c4cee4
Add a comma
2015-08-13 14:16:09 -05:00
Mo Sadek
677ec341dd
Land #5839 , pre-bloggery cleanup edits
2015-08-13 13:43:57 -05:00
William Vu
c94a185610
Land #5697 , Werkzeug debug RCE
2015-08-13 13:32:27 -05:00
William Vu
d54ee19ce9
Clean up module
2015-08-13 13:32:22 -05:00
Tod Beardsley
bb4116ed9d
Avoid msftidy.rb rule breaking on missing newline
2015-08-13 12:38:05 -05:00
jakxx
e7566d6aee
Adding print_status line
2015-08-12 16:08:04 -04:00
Spencer McIntyre
28fbb7cdde
Update the description of the sshexec module
2015-08-12 16:05:09 -04:00
Spencer McIntyre
dfe2bbf1e9
Add a python target to the sshexec module
2015-08-12 15:46:47 -04:00
Christian Mehlmauer
979d7e6be3
improve module
2015-08-12 15:37:37 +02:00
jakxx
2b225b2e7e
Added changes per feedback
...
Updated to include and use seh mixin
changed offset and space for reliability
got rand_text buffer junk working
removed double spaces and stupid fillers in file data
2015-08-12 01:34:45 -04:00
jakxx
4c28cae5d1
updated to include recommendation from @zerosteiner
2015-08-10 18:38:23 -04:00
jvazquez-r7
203c231b74
Fix #5659 : Update CMD exploits payload compatibility options
2015-08-10 17:12:59 -05:00
jakxx
23f51bf265
specify junk data
2015-08-07 18:04:11 -04:00
jakxx
28ad0fccbd
Added VideoCharge Studio File Format Exploit
2015-08-07 15:54:32 -04:00
Brandon Perry
74ed8cf0c9
actually that didn't work
2015-08-02 18:57:13 -05:00
Brandon Perry
06754c36a4
unless, not if not
2015-08-02 18:51:23 -05:00
Brandon Perry
527eaea6ec
single quotes and some error handling
2015-08-02 18:25:17 -05:00
Brandon Perry
a33724667c
small code cleanup
2015-08-02 16:36:41 -05:00
Brandon Perry
830aee8aa5
check if cookie is actually returned, and if not, fail
2015-08-02 15:22:40 -05:00
Brandon Perry
a534008ba6
add some status lines
2015-08-02 15:03:59 -05:00
Brandon Perry
fe20bc88ad
remove badchars
2015-08-02 11:37:06 -05:00
Brandon Perry
f7ceec36d0
set default RPORT and SSL
2015-08-02 08:59:36 -05:00
Brandon Perry
a33dff637d
exploit cve 2015-1489 to get SYSTEM
2015-08-02 08:31:03 -05:00
Brandon Perry
12ac6d81fa
add markus as the discoverer specifically
2015-08-02 08:17:12 -05:00
Brandon Perry
e70ec8c07b
no need to store res for the later requests
2015-08-01 18:00:35 -05:00
Brandon Perry
272d75e437
check res before calling get_cookies
2015-08-01 17:58:41 -05:00
Meatballs
6f31183904
Fix VSS Persistance to check integrity level
2015-08-01 23:13:05 +01:00
Brandon Perry
47e86000ee
randomize the file names
2015-08-01 16:50:06 -05:00
Brandon Perry
2bfc8e59be
remove printline
2015-08-01 16:43:31 -05:00
Brandon Perry
0067d25180
add the sepm auth bypass rce module
2015-08-01 16:40:03 -05:00
Meatballs
a6a8117e46
Revert "Land #5777 , fix #4558 vss_persistence"
...
This reverts commit ba4b2fbbea
, reversing
changes made to affc86bfd9
.
2015-08-01 22:35:24 +01:00
h00die
eab9b3bf5b
interpolation fix on secret
2015-08-01 14:39:12 -04:00
h00die
ceb49a51a6
thanks @espreto for help
2015-08-01 11:11:37 -04:00
wchen-r7
ba4b2fbbea
Land #5777 , fix #4558 vss_persistence
2015-07-31 16:46:01 -05:00
jvazquez-r7
1ec960d8f9
Make the time to write flush configurable
2015-07-31 16:43:43 -05:00
wchen-r7
672d83eaae
Land #5789 , Heroes of Might and Magic III .h3m Map File Buffer Overflow
2015-07-31 15:43:43 -05:00
aakerblom
7c5e5f0f22
add crc32 forging for Heroes III demo target
2015-08-01 04:53:49 -07:00
aakerblom
7af83a112d
fix unreliable address
2015-08-01 04:52:50 -07:00
aakerblom
908d6f946f
added target Heroes III Demo 1.0.0.0
2015-07-31 18:19:37 -07:00
aakerblom
16042cd45b
fix variable names in comment
2015-07-31 18:16:15 -07:00
aakerblom
66c92aae5d
fix documentation
2015-07-31 17:12:50 -07:00
aakerblom
6fdd2f91ce
rescue only Errno::ENOENT
2015-07-31 13:54:29 -07:00
aakerblom
6671df6672
add documentation
2015-07-31 13:53:56 -07:00
aakerblom
013201bd99
remove unneeded require
2015-07-31 13:49:27 -07:00
aakerblom
12a6bdb67b
Add Heroes of Might and Magic III .h3m map file Buffer Overflow module
2015-07-31 02:06:47 -07:00
aakerblom
d4c8d5884c
Fix a small typo
2015-07-31 11:47:46 -07:00
wchen-r7
54c5c6ea38
Another update
2015-07-29 14:31:35 -05:00
wchen-r7
768de00214
Automatically pass arch & platform from cmdstager
...
This allows the cmdstager mixin to automatically pass the arch
and platform information without changing the modules. This should
address the following tickets:
Fix #5727
Fix #5718
Fix #5761
2015-07-27 14:17:21 -05:00
jvazquez-r7
bf6975c01a
Fix #4558 by restoring the old wmicexec
2015-07-27 14:04:10 -05:00
wchen-r7
2d0a26ea8b
Land #5774 , Fix URIPATH=/ and stack trace on missing ntdll version match
2015-07-25 17:54:49 -05:00
HD Moore
a7b5890dc5
Fix URIPATH=/ and stack trace on missing ntdll version match
2015-07-25 15:39:20 -07:00
h00die
4561241609
updates per @jvazquez-r7 comments
2015-07-24 20:34:40 -04:00
jvazquez-r7
2c9183fa56
Return check code
2015-07-24 16:14:43 -05:00
jvazquez-r7
a163606513
Delete unused SLEEP option
2015-07-24 15:29:56 -05:00
jvazquez-r7
1b1ac09d2a
Merge to solve conflicts
2015-07-24 15:24:29 -05:00
William Vu
10783d60cd
Land #5763 , generate_payload_exe merged opts fix
2015-07-24 10:56:29 -05:00
William Vu
50c9293aab
Land #5758 , OS X DYLD_PRINT_TO_FILE privesc
2015-07-23 13:21:23 -05:00
William Vu
c1a9628332
Fix some fixes
...
So you can fix while you fix.
2015-07-23 12:59:20 -05:00
Tod Beardsley
6ededbd7a7
Un-ticking the output
2015-07-23 12:23:56 -05:00
Tod Beardsley
9d8dd2f8bd
FIxup pr #5758
2015-07-23 12:21:36 -05:00
wchen-r7
6720a57659
Fix #5761 , pass the correct arch and platform for exe generation
...
Fix #5761
2015-07-23 01:34:44 -05:00
joev
165cb195bf
Remove python dependency, add credit URL.
2015-07-21 22:48:23 -05:00
joev
3013ab4724
Add osx root privilege escalation.
2015-07-21 21:50:55 -05:00
William Vu
928c82c96e
Land #5745 , undefined variable "rop" fix
2015-07-21 11:01:49 -05:00
Tod Beardsley
cadb03bac0
Fix my own blasted typo, ty @wvu-r7
2015-07-20 17:14:34 -05:00
Tod Beardsley
2052b4ef56
Fixed the HT leak attribution a little
2015-07-20 16:36:47 -05:00
Tod Beardsley
f7c11d0852
More cleanups
...
Edited modules/exploits/multi/browser/adobe_flash_hacking_team_uaf.rb
first landed in #5678 , adobe_flash_hacking_team_uaf.rb
Edited
modules/exploits/multi/browser/adobe_flash_opaque_background_uaf.rb
first landed in #5698 , Adobe Flash CVE-2015-5122 opaqueBackground
Edited modules/exploits/multi/http/sysaid_auth_file_upload.rb first
landed in #5471 , @pedrib's module for SysAid CVE-2015-2994
Edited modules/exploits/multi/http/sysaid_rdslogs_file_upload.rb first
landed in #5473 Correct spelling of sysaid module
2015-07-20 16:29:49 -05:00
Tod Beardsley
ab6204ca2e
Correct spelling of sysaid module
...
First landed in #5473 .
2015-07-20 16:21:50 -05:00
Pedro Ribeiro
3fe165a265
Remove whitespace at the end
2015-07-18 20:18:34 +01:00
Pedro Ribeiro
70a2247941
Pick target is not needed...
2015-07-18 20:12:49 +01:00
Pedro Ribeiro
7483e77bba
Fix Linux target by trying again if exploit fails
2015-07-18 20:12:13 +01:00
wchen-r7
29defc979b
Fix #5740 , remove variable ROP for adobe_flashplayer_flash10o
2015-07-17 16:57:37 -05:00
wchen-r7
7113c801b1
Land #5732 , reliability update for adobe_flash_hacking_team_uaf
2015-07-17 16:43:39 -05:00
wchen-r7
837eb9ea38
Land #5742 , better quality coverage for adobe_flash_opaque_background_uaf
2015-07-17 16:25:14 -05:00
wchen-r7
f77f7d6916
Bump rank
2015-07-17 16:23:27 -05:00
wchen-r7
0bd1dc017e
Update coverage information
2015-07-17 16:23:00 -05:00
jvazquez-r7
4e6b00fe31
Land #5473 , @pedrib's exploit for Sysaid CVE-2015-2994
...
* sysaid rdslogs arbitrary file upload
2015-07-17 12:10:40 -05:00
jvazquez-r7
00adbd7f64
Fix quotes
2015-07-17 12:09:54 -05:00
jvazquez-r7
57c4a3387b
Fix paths for windows and cleanup
2015-07-17 12:09:18 -05:00
jvazquez-r7
46ffb97c1c
Land #5471 , @pedrib's module for SysAid CVE-2015-2994
...
* sysaid arbitrary file upload
2015-07-17 11:27:22 -05:00
jvazquez-r7
309a86ec57
Do code cleanup
2015-07-17 11:26:54 -05:00
jvazquez-r7
255d8ed096
Improve adobe_flash_opaque_background_uaf
2015-07-16 14:56:32 -05:00
jvazquez-r7
b504f0be8e
Update adobe_flash_hacking_team_uaf
2015-07-15 18:18:04 -05:00
William Vu
ea4a7d98b9
Land #5728 , Arch specification for psexec
2015-07-15 15:36:27 +00:00
jvazquez-r7
886ca47dfb
Land #5650 , @wchen-r7's browser autopwn 2
2015-07-15 10:21:44 -05:00
Christian Mehlmauer
b31c637c1b
Land #5533 , DSP-W110 cookie command injection
2015-07-15 11:22:33 +02:00
Christian Mehlmauer
21375edcb2
final cleanup
2015-07-15 11:21:39 +02:00
Brent Cook
a7d866bc83
specify the 'Arch' values that psexec supports
2015-07-14 15:45:52 -06:00
h00die
57f62ffa76
changed URI to TARGETURI as per comments
2015-07-13 20:18:45 -04:00
William Vu
405261df4f
Land #5710 , php_wordpress_total_cache removal
...
Deprecated.
2015-07-13 18:33:12 +00:00
William Vu
3feef639b9
Land #5711 , php_wordpress_optimizepress removal
...
Deprecated.
2015-07-13 18:32:37 +00:00
William Vu
6e12cbf98f
Land #5712 , php_wordpress_lastpost removal
...
Deprecated.
2015-07-13 18:31:31 +00:00
William Vu
dd188b1943
Land #5713 , php_wordpress_infusionsoft removal
...
Deprecated.
2015-07-13 18:31:01 +00:00
wchen-r7
4960e64597
Remove php_wordpress_foxypress, use wp_foxypress_upload
...
Please use exploit/unix/webapp/wp_foxypress_upload instead.
2015-07-13 12:53:34 -05:00
wchen-r7
dfbeb24a8f
Remove php_wordpress_infusionsoft, use wp_infusionsoft_upload
...
Please use exploit/unix/webapp/wp_infusionsoft_upload instead.
2015-07-13 12:51:48 -05:00
wchen-r7
b80427aed2
Remove php_wordpress_lastpost, use wp_lastpost_exec instead.
...
Please use exploit/unix/webapp/wp_lastpost_exec instead
2015-07-13 12:49:27 -05:00
wchen-r7
90cc3f7891
Remove php_wordpress_optimizepress, use wp_optimizepress_upload
...
Please use exploit/unix/webapp/wp_optimizepress_upload instead.
2015-07-13 12:45:39 -05:00
wchen-r7
4177cdacd6
Remove php_wordpress_total_cache, please use wp_total_cache_exec
...
The time is up for exploit/unix/webapp/php_wordpress_total_cache,
please use exploit/unix/webapp/wp_total_cache_exec instead.
2015-07-13 12:41:29 -05:00
wchen-r7
e638d85f30
Merge branch 'upstream-master' into bapv2
2015-07-12 02:01:09 -05:00
h00die
8819674522
updated per feedback from PR
2015-07-11 21:03:02 -04:00
wchen-r7
f7ce6dcc9f
We agreed to Normal
2015-07-11 02:07:18 -05:00