Commit Graph

6604 Commits (d5b32e31f84d4b3ec0c4b813234ee8e4469534d2)

Author SHA1 Message Date
HD Moore d5b32e31f8 Fix a typo where platform was 'windows' not 'win'
This was reported by dracu on freenode
2014-06-11 15:10:33 -05:00
jvazquez-r7 a554b25855 Use EXITFUNC 2014-06-10 09:51:06 -05:00
Brendan Coles 6bef6edb81 Update efs_easychatserver_username.rb
Add targets for versions 2.0 to 3.1.
Add install path detection for junk size calculation.
Add version detection for auto targeting.
2014-06-08 06:36:18 +10:00
Meatballs bf1a665259
Land #2657, Dynamic generation of windows service executable functions
Allows a user to specify non service executables as EXE::Template as
long as the file has enough size to store the payload.
2014-06-07 13:28:20 +01:00
Tod Beardsley d0d389598a
Land #3086, Android Java Meterpreter updates
w00t.
2014-06-02 17:28:38 -05:00
Tod Beardsley b136765ef7
Nuke extra space at EOL 2014-06-02 14:22:01 -05:00
Tod Beardsley ea383b4139
Make print/descs/case consistent 2014-06-02 13:20:01 -05:00
sinn3r 3a3d038904
Land #3397 - ElasticSearch Dynamic Script Arbitrary Java Execution 2014-05-29 12:21:21 -05:00
sinn3r dfa61b316e A bit of description change 2014-05-29 12:20:40 -05:00
William Vu 53ab2aefaa
Land #3386, a few datastore msftidy error fixes 2014-05-29 10:44:37 -05:00
William Vu 8a2236ecbb
Fix the last of the Set-Cookie msftidy warnings 2014-05-29 04:42:49 -05:00
jvazquez-r7 7a29ae5f36 Add module for CVE-2014-3120 2014-05-27 18:01:16 -05:00
William Vu 352e14c21a
Land #3391, all vars_get msftidy warning fixes 2014-05-26 23:41:46 -05:00
Christian Mehlmauer da0a9f66ea
Resolved all msftidy vars_get warnings 2014-05-25 19:29:39 +02:00
Christian Mehlmauer df97c66ff5
Fixed check 2014-05-24 00:37:52 +02:00
Christian Mehlmauer 8d4d40b8ba
Resolved some Set-Cookie warnings 2014-05-24 00:34:46 +02:00
Tod Beardsley efffbf751a
PHP module shouldnt zap CMD option (@wchen-r7)
As far as I can tell, there is no purpose for this cleanup. No other CMD
exec module takes pains to clear out CMD after run, and it looks like a
bad idea -- what happens when you rexploit?
2014-05-23 15:09:18 -05:00
mercd 28459299b2 Update ibstat_path.rb
Add interface detection, defaulting to en0.
2014-05-22 14:16:04 -07:00
jvazquez-r7 b9464e626e Delete unnecessary line 2014-05-21 10:18:03 -05:00
jvazquez-r7 af415c941b [SeeRM #8803] Avoid false positives when checking fb_cnct_group 2014-05-20 18:44:28 -05:00
Jonas Vestberg 7cabfacfa3 Test adobe_flash_pixel_bender_bof on Safari 5.1.7
Added browser-requirement for Safari after successful test using Safari 5.1.7 with Adobe Flash Player 13.0.0.182 running on Windows 7 SP1.
2014-05-20 01:43:19 +02:00
Meatballs 52b182d212
Add a small note to bypassuac_injection concerning EXE::Custom 2014-05-19 22:00:35 +01:00
Meatballs b84379ab3b
Note about EXE::Custom 2014-05-19 22:00:09 +01:00
Tod Beardsley 0ef2e07012
Minor desc and status updates, cosmetic 2014-05-19 08:59:54 -05:00
sinn3r bf52c0b888
Land #3364 - Symantec Workspace Streaming Arbitrary File Upload 2014-05-19 00:25:33 -05:00
jvazquez-r7 2fb0dbb7f8 Delete debug print_status 2014-05-18 23:34:04 -05:00
jvazquez-r7 975cdcb537 Allow exploitation also on FF 2014-05-18 23:24:01 -05:00
Jonas Vestberg 033757812d Updates to adobe_flash_pixel_bender_bof:
1. Added embed-element to work with IE11 (and Firefox). Removed browser-requirements for ActiveX (clsid and method).
2. Added Cache-Control header on SWF-download to avoid AV-detection (no disk caching = no antivirus-analysis :).

Testing performed:
Successfully tested with Adobe Flash Player 13.0.0.182 with IE9, IE10 and IE11 running on Windows 7SP1. (Exploit will trigger on FF29, although sandboxed.)
2014-05-18 22:43:51 +02:00
jvazquez-r7 1b68abe955 Add module for ZDI-14-127 2014-05-15 13:41:52 -05:00
William Vu 750b6fc218
Land #3348, some Ruby warning fixes 2014-05-14 01:25:10 -05:00
William Vu c421b8e512
Change if not to unless 2014-05-14 01:24:29 -05:00
Christian Mehlmauer df4b832019
Resolved some more Set-Cookie warnings 2014-05-13 22:56:12 +02:00
agix 1a3b319262 rebase to use the mixin psexec 2014-05-13 16:04:40 +02:00
agix d3f2414d09 Fix merging typo 2014-05-13 16:04:40 +02:00
Florian Gaultier 808f87d213 SERVICE_DESCRIPTION doesn't concern this PR 2014-05-13 16:04:39 +02:00
Florian Gaultier 6332957bd2 Try to add SERVICE_DESCRIPTION options to psexec, but it doesn't seem to work... 2014-05-13 16:04:39 +02:00
Florian Gaultier 5ecebc3427 Add options `SERVICE_NAME` and `SERVICE_DISPLAYNAME` to psexec and correct service payload generation 2014-05-13 16:04:37 +02:00
Florian Gaultier ca7a2c7a36 Add string_to_pushes to use non fixed size service_name 2014-05-13 16:04:37 +02:00
Florian Gaultier 513f3de0f8 new service exe creation refreshed 2014-05-13 16:04:36 +02:00
Jeff Jarmoc 638ae477d9 Fix up spec. Rex::Proto::Http::ClientRequest handles & and = outside of Rex::Text::uri_encode, so mode doesn't affect them.
Fix erroneous typo char.
2014-05-12 12:10:30 -05:00
Jeff Jarmoc 5f523e8a04 Rex::Text::uri_encode - make 'hex-all' really mean all.
'hex-all' encoding was previously ignoring slashes.
This pull adds 'hex-noslashes' mode which carries forward the previous functionality, and replaces all existing references to 'hex-all' with 'hex-noslashes'  It then adds a replacement 'hex-all' mode, which really encodes *ALL* characters.
2014-05-12 11:26:27 -05:00
Christian Mehlmauer 557cd56d92 fixed some ruby warnings 2014-05-10 23:31:02 +02:00
Tim Wright a60558061c
re-enable x86 stager 2014-05-10 19:58:19 +01:00
Christian Mehlmauer dee6b53175 fix java payload struts module 2014-05-10 00:19:40 +02:00
jvazquez-r7 6f837715f9
Land #3343, @FireFart's new uri encoding for struts_code_exec_parameters 2014-05-09 14:37:58 -05:00
jvazquez-r7 38f3a19673 Try to beautify description 2014-05-09 14:35:06 -05:00
Christian Mehlmauer 43a85fc645 additional GET parameters 2014-05-09 21:21:04 +02:00
Christian Mehlmauer ad83921a85 additional GET parameters 2014-05-09 21:15:28 +02:00
jvazquez-r7 f56ea01988 Add module 2014-05-09 10:27:41 -05:00
Christian Mehlmauer 53fde675e7 randomize meh parameter 2014-05-09 10:38:19 +02:00