infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,729 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

2314 Commits (d8a5af7084a7c5bbee52cb056bc66f2bac2dee74)

Author SHA1 Message Date
Joshua J. Drake 958ffe6e1d Fix stack trace from unknown agents 2012-01-02 03:41:49 -06:00
Steve Tornio 7bfdc9eff4 add osvdb ref 2012-01-01 09:10:10 -06:00
sinn3r d9db03dba6 Add CoCSoft StreamDown buffer overflow (Feature #6168; no CVE or OSVDB ref) 2011-12-30 10:16:29 -06:00
sinn3r b202c29153 Correct e-mail format 2011-12-29 11:27:10 -06:00
sinn3r d484e18300 Add e-mail for tecr0c 2011-12-29 11:14:15 -06:00
sinn3r 9972f42953 Add e-mail for mr_me for consistency 2011-12-29 11:01:38 -06:00
Tod Beardsley 0e3370f1fe Grammar and spelling on splunk and oracle exploits 2011-12-28 13:42:56 -06:00
Steve Tornio 4215ef3ae1 add osvdb ref 2011-12-24 06:54:39 -06:00
steponequit 69570dada6 Add CVE-2008-2161 OpenTFTP SP 1.4 Buffer Overflow by steponequit 2011-12-23 16:28:36 -06:00
steponequit 84c6739921 added initial opentftp 1.4 windows exploit 2011-12-23 11:27:11 -06:00
sinn3r 41697440c7 Add Oracle Job Scheduler Command Execution (CreateProcessA) - Feature #6079 2011-12-23 01:22:39 -06:00
sinn3r baaa1f6c82 Add US-Cert references to all these SCADA modules. The refers are based on this list: 
http://www.scadahacker.com/resources/msf-scada.html
 2011-12-20 14:07:29 -06:00
sinn3r b58097a2a7 Remove junk() because it's never used 2011-12-17 01:28:07 -06:00
sinn3r fae80f8d49 typo 2011-12-16 11:10:46 -06:00
Steve Tornio 1712f2aa22 add osvdb ref 2011-12-14 07:23:11 -06:00
sinn3r fea4bfb85c Repair dead milw0rm link to exploit-db 2011-12-13 16:13:53 -06:00
sinn3r c1a4c4e584 Repair dead milw0rm link to exploit-db 2011-12-13 16:13:34 -06:00
sinn3r acef9de711 Repair dead milw0rm link to exploit-db 2011-12-13 16:13:15 -06:00
sinn3r d246bfa4da Credit Luigi Auriemma for the original discovery/poc, not Celil 2011-12-13 15:20:26 -06:00
Tod Beardsley a8fad72fce Merge branch 'msftidy_fixup' 
Merging a local msftidy cleanup branch, adding a new optional msftidy
test to check for 1.8 compat and cleaning up some whitespace /
file.open()'s.
 2011-12-12 17:55:21 -06:00
Tod Beardsley f402b8598b Whitespace and File.open binary mode cleanups. 
Fixes some recent modules: dns_fuzzer, shodan_search,
avidphoneticindexer, and win_privs.
 2011-12-12 17:31:28 -06:00
sinn3r bacdbb90d7 ugh, stack overflow != stack buffer overflow. Also, metadata format fix. 2011-12-12 15:23:32 -06:00
sinn3r 5af5137241 Add CoDeSys SCADA bof module (#6083) 2011-12-12 15:21:15 -06:00
HD Moore 4736cb1cbe Merge pull request #48 from swtornio/master 
add osvdb ref
 2011-12-11 20:37:43 -08:00
HD Moore 1ae12e3a23 Remove the default target, since module doesn't fingerprint the service 
pack, this can only end in tears.
 2011-12-10 13:31:05 -06:00
Steve Tornio b521602d82 add osvdb ref 2011-12-10 07:49:50 -06:00
sinn3r 0e2101e4c1 Correct author name 2011-12-07 00:24:16 -06:00
sinn3r 92c1065508 Add CVE-2004-1626 (Ability FTP Server). OSCP l337-fu :-) 2011-12-06 18:52:42 -06:00
sinn3r e524215b55 WTH, the date format is wrong 2011-12-04 15:23:31 -06:00
Steve Tornio b75799d18d =add osvdb ref 2011-12-02 16:50:42 -06:00
Steve Tornio 83f12c6fe0 =add osvdb ref 2011-12-02 16:46:01 -06:00
sinn3r c8634390b7 Add CCMPlayer m3u exploit (Feature #6029) 2011-12-02 16:27:59 -06:00
sinn3r f4b755c319 Add License comment (author already put 'MSF_LICENSE' in there). Also drop rank, because it doesn't cover so many targets 2011-12-02 15:00:39 -06:00
sinn3r cd2bb027bf Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-12-02 14:54:53 -06:00
sinn3r 895a509bd3 Add Avid Media Composer 5.5 (Feature #6035) 2011-12-02 14:53:26 -06:00
Steve Tornio 2bb97791f7 Update OSVDF refs for servu module. 
* Added osvdb ref to servu module.
* Fixed rhino entry in osvdb, removed comment from module.

Squashed commit of the following:

commit 80ce65253f51e07a0bcb8900402a1b3d59eaeaa1
Author: Steve Tornio <swtornio@gmail.com>
Date:   Fri Dec 2 07:44:28 2011 -0600

    add osvdb ref

commit 558f20d84dd705b57b7f807a5ea3815e17b6f9f5
Author: Steve Tornio <swtornio@gmail.com>
Date:   Wed Nov 30 08:15:20 2011 -0600

    fixed in osvdb

[Closes #39]
 2011-12-02 13:21:41 -05:00
David Maloney 2858cae296 Some quick corrections to tidy things up 2011-11-29 19:57:08 -08:00
David Maloney be88f483a3 More Accurate Vulnerability Check 2011-11-29 18:38:00 -08:00
David Maloney 0dda948265 New Exploit for the Serv-U FTP Buffer overflow 
from CVE 2004-2111
 2011-11-29 17:34:01 -08:00
Tod Beardsley f503bd9488 Fixes #5749 by converting to unix-style linefeeds and forcing jtr modules to read files as binary, and updating msftidy to allow for r+b as a ghetto append. 2011-11-28 17:52:34 -06:00
Rob Fuller c411c216c0 Solved most of msftidy issues with the /modules directory 2011-11-28 17:10:29 -06:00
sinn3r e11ca43c37 Add feature #5680 2011-11-21 12:39:45 -06:00
sinn3r 76846aa578 Add MS10-038 (CVE-2010-0822) exploit 2011-11-21 11:36:47 -06:00
sinn3r 28a079f308 Add credit to the appropriate researcher 2011-11-20 02:32:45 -06:00
sinn3r 95d639ccf7 Change target index and names. Also retested on XP all the way to Win 7, IE 6 to IE8. 2011-11-20 01:44:52 -06:00
sinn3r 9c2fab0921 Add CVE-2010-0356 (Viscom Movie Player Pro) by tecr0c 2011-11-19 20:40:04 -06:00
sinn3r 30f13984ea Add wireshark console.lua exploit (CVE-2011-3360) 2011-11-18 21:24:48 -06:00
sinn3r fea42dbdee Add feature #5872 2011-11-16 12:26:54 -06:00
David Maloney c8142043e9 Fixes to credential handling to downcase usernames whenever they are not case sensitive. 
Also report_auth_info now checks to see if a non-case sensitive version of the cred
may already exist.
 2011-11-14 22:50:52 -08:00
sinn3r 2536cf0308 Add feature #5779 2011-11-14 01:49:26 -06:00
Steve Tornio a0c9297500 add osvdb ref 2011-11-12 06:01:41 -06:00
sinn3r 170c4f5451 Fix author email format 2011-11-12 01:53:25 -06:00
sinn3r b8b8732d85 Correct disclosure date 2011-11-12 01:12:28 -06:00
sinn3r ed5bae6441 oops, I don't need that extra comment 2011-11-12 01:04:00 -06:00
sinn3r 84c5268ab4 Add Aviosoft DTV exploit 2011-11-12 01:02:40 -06:00
Patrick Webster f54b622ad3 Added BID ref for amlibweb module. 2011-11-11 12:04:40 +11:00
wchen-r7 c569ec4a33 Don't really need a revision # in source 2011-11-09 22:10:52 -06:00
Wei Chen 32bb3af298 Add feature #5946 2011-11-09 21:49:34 -06:00
Matt Weeks fdf13e5e0e Fixes #5927 
git-svn-id: file:///home/svn/framework3/trunk@14196 4d416f70-5f16-0410-b530-b9f4589650da
 2011-11-08 21:45:17 +00:00
Wei Chen c4fa5b4674 Fix #5937. Vista is currently taken down because it's not stable enough. 
git-svn-id: file:///home/svn/framework3/trunk@14188 4d416f70-5f16-0410-b530-b9f4589650da
 2011-11-08 09:35:18 +00:00
Wei Chen 0b981b0db0 Add OSVDB reference 
git-svn-id: file:///home/svn/framework3/trunk@14179 4d416f70-5f16-0410-b530-b9f4589650da
 2011-11-07 02:01:42 +00:00
Wei Chen e767214411 Fix: whitespaces, svn propset, author e-mail format 
git-svn-id: file:///home/svn/framework3/trunk@14175 4d416f70-5f16-0410-b530-b9f4589650da
 2011-11-06 22:02:26 +00:00
Wei Chen 49dddf1396 Yeah, don't really need the bottom comment anymore 
git-svn-id: file:///home/svn/framework3/trunk@14172 4d416f70-5f16-0410-b530-b9f4589650da
 2011-11-06 20:16:34 +00:00
Wei Chen 43a22d3fa0 Add Office 2007 SP2 target, thanks Juan 
git-svn-id: file:///home/svn/framework3/trunk@14171 4d416f70-5f16-0410-b530-b9f4589650da
 2011-11-06 17:33:29 +00:00
Wei Chen 1a2f60f4c0 Add MS11-021 (#5917) 
git-svn-id: file:///home/svn/framework3/trunk@14169 4d416f70-5f16-0410-b530-b9f4589650da
 2011-11-05 23:05:42 +00:00
James Lee 155c3ff9ac whitespace 
git-svn-id: file:///home/svn/framework3/trunk@14157 4d416f70-5f16-0410-b530-b9f4589650da
 2011-11-04 17:17:10 +00:00
Steve Tornio 7a07e069da add osvdb ref 
git-svn-id: file:///home/svn/framework3/trunk@14156 4d416f70-5f16-0410-b530-b9f4589650da
 2011-11-04 14:15:00 +00:00
Wei Chen 3d6f631780 Upgrade mini_stream as a remote module. Account for all variables that affect the offset to EIP. Also digital1 = Ron. 
git-svn-id: file:///home/svn/framework3/trunk@14155 4d416f70-5f16-0410-b530-b9f4589650da
 2011-11-04 08:20:43 +00:00
Wei Chen b809f00979 Add NJStar MiniSMTP bof (Feature #5901) 
git-svn-id: file:///home/svn/framework3/trunk@14135 4d416f70-5f16-0410-b530-b9f4589650da
 2011-11-01 08:19:55 +00:00
Mario Ceballos 0890cca02a much needed patch worked like a champ in my enviroment. 
git-svn-id: file:///home/svn/framework3/trunk@14132 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-31 20:37:30 +00:00
Wei Chen 3eff1cfaa5 This exploit does not work at all, and could not be fixed in time. See #5854 
git-svn-id: file:///home/svn/framework3/trunk@14088 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-27 01:47:48 +00:00
Mario Ceballos 7b099bbaef remove Rex::Text.pattern_create() 
git-svn-id: file:///home/svn/framework3/trunk@14076 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-26 22:16:26 +00:00
Wei Chen ded364c8ef Feature #5621 
git-svn-id: file:///home/svn/framework3/trunk@14075 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-26 21:25:46 +00:00
David Rude 086af94b5d Adds Foxit PDF Reader Exploit CVE-2009-0837 
git-svn-id: file:///home/svn/framework3/trunk@14069 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-25 20:15:12 +00:00
Joshua Drake 32cde1d45a don't use the pattern creator 
git-svn-id: file:///home/svn/framework3/trunk@14050 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-24 19:43:54 +00:00
Wei Chen fa2355a766 Damn comma 
git-svn-id: file:///home/svn/framework3/trunk@14048 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-24 16:42:07 +00:00
Wei Chen 68286561f5 Add #5742 
git-svn-id: file:///home/svn/framework3/trunk@14047 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-24 16:38:02 +00:00
Wei Chen c0d362bd83 Fix tabs, and the correct the bottom comment 
git-svn-id: file:///home/svn/framework3/trunk@14041 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-24 01:39:11 +00:00
Wei Chen a8d62ae01a Add feature #5592 (Cytel Studio) 
git-svn-id: file:///home/svn/framework3/trunk@14040 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-24 01:37:32 +00:00
Joshua Drake 7bfa29ace4 clean up exploit HTML print_status 
git-svn-id: file:///home/svn/framework3/trunk@14036 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-23 14:21:57 +00:00
Joshua Drake 62c8c6ea9f big msftidy pass, ping me if there are issues 
git-svn-id: file:///home/svn/framework3/trunk@14034 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-23 11:56:13 +00:00
Steve Tornio 27cba3d7ec add osvdb ref 
git-svn-id: file:///home/svn/framework3/trunk@14020 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-21 11:50:59 +00:00
Wei Chen 06aa776a77 Bleh, fix BID reference 
git-svn-id: file:///home/svn/framework3/trunk@14016 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-20 17:40:21 +00:00
Wei Chen e5f7bfceaf Add HP Power Manager module by ipax, thx! 
git-svn-id: file:///home/svn/framework3/trunk@14015 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-20 17:29:48 +00:00
David Rude 091b9779e2 Add commas 
git-svn-id: file:///home/svn/framework3/trunk@14007 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-19 20:41:09 +00:00
David Rude 521aec205b Return on error 
git-svn-id: file:///home/svn/framework3/trunk@14006 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-19 19:55:04 +00:00
Wei Chen 0f1ba8dcf1 Change user agent check 
git-svn-id: file:///home/svn/framework3/trunk@13993 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-18 15:48:03 +00:00
HD Moore e4290e40c4 Fix the check to not report empty user/pass 
git-svn-id: file:///home/svn/framework3/trunk@13989 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-18 09:10:00 +00:00
Wei Chen 8e4f4a2672 Add CVE-2011-1774 (Safari libxslt arbitrary file creation) 
git-svn-id: file:///home/svn/framework3/trunk@13987 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-18 07:39:50 +00:00
Wei Chen fbbec1fa92 This exploit falls between NormalRanking to GoodRanking. I'll class it as Normal for now. 
git-svn-id: file:///home/svn/framework3/trunk@13984 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-18 03:48:10 +00:00
Wei Chen 975cc52bac Fix spelling errors 
git-svn-id: file:///home/svn/framework3/trunk@13983 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-18 00:54:05 +00:00
Wei Chen 0304702b14 Mention where the getpc code is from, request by corelanc0d3r 
git-svn-id: file:///home/svn/framework3/trunk@13974 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-17 14:56:44 +00:00
Tod Beardsley c336d063da Mostly file format (unix linefeeds) and File.open() calls using binary. Fixed ranking for mozilla_nstreerange and disclosure and BID # for tugzip. 
git-svn-id: file:///home/svn/framework3/trunk@13971 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-17 04:20:53 +00:00
Tod Beardsley 3c36b0c975 Msftidy: knocking out all those trailing spaces. Screw those guys. 
git-svn-id: file:///home/svn/framework3/trunk@13967 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-17 03:49:49 +00:00
Wei Chen 39a4488da5 Patch #5740 for Firefox Array.reduceRight() exploit 
git-svn-id: file:///home/svn/framework3/trunk@13958 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-16 20:28:15 +00:00
Tod Beardsley d059670d67 Fixes #5570, commits TecR0c's exploit module, after running through msftidy.rb. Thanks! 
git-svn-id: file:///home/svn/framework3/trunk@13952 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-16 15:47:04 +00:00
HD Moore 594b0687c7 Fix CVE reference format 
git-svn-id: file:///home/svn/framework3/trunk@13950 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-16 09:55:07 +00:00
HD Moore cf8524b1b4 Fixes #5414 by applying Joshua Taylor's patch that corrects bad reference types 
git-svn-id: file:///home/svn/framework3/trunk@13949 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-16 09:53:53 +00:00
Tod Beardsley 020abd926b A handful of rankings changes, also converting whitespace. 
git-svn-id: file:///home/svn/framework3/trunk@13941 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-15 22:58:20 +00:00
Wei Chen 14d7db1641 Add disclosure dates to all the exploit modules that didn't have one 
git-svn-id: file:///home/svn/framework3/trunk@13938 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-15 21:09:17 +00:00
Wei Chen 1adb31747d This module is missing a ranking. Adding one. 
git-svn-id: file:///home/svn/framework3/trunk@13936 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-15 20:35:18 +00:00
Wei Chen 2b746b3505 This module never got a ranking, adding one 
git-svn-id: file:///home/svn/framework3/trunk@13934 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-15 20:07:59 +00:00
Wei Chen 4f4c0bc0be Add CVE-2011-2371 Firefox Array.reduceRight() vuln 
git-svn-id: file:///home/svn/framework3/trunk@13909 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-13 03:16:15 +00:00
Wei Chen 90a426cec6 Add PcVue 10 LoadObject/SaveObject vuln (Feature #5647) 
git-svn-id: file:///home/svn/framework3/trunk@13889 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-12 10:57:31 +00:00
James Lee 6578874439 don't bother escaping a tick 
git-svn-id: file:///home/svn/framework3/trunk@13887 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-12 01:45:10 +00:00
Wei Chen c1b1917dce Change correct name for Lincoln. Also, this is feature #5646 
git-svn-id: file:///home/svn/framework3/trunk@13868 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-11 03:30:14 +00:00
Wei Chen e3111e0261 Add CVE-2008-4779 
git-svn-id: file:///home/svn/framework3/trunk@13867 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-11 03:28:08 +00:00
Wei Chen f54939cda9 Change target name and description. The module works on multiple systems. 
git-svn-id: file:///home/svn/framework3/trunk@13853 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-10 16:47:33 +00:00
Wei Chen 8488343e46 Add CVE-2011-2595 (Feature #5645) 
git-svn-id: file:///home/svn/framework3/trunk@13852 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-10 16:11:05 +00:00
Wei Chen 756aafd7f2 Add CVE and OSVDB refs 
git-svn-id: file:///home/svn/framework3/trunk@13848 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-09 22:56:17 +00:00
Joshua Drake eab8a2434b fix typo in description 
git-svn-id: file:///home/svn/framework3/trunk@13845 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-09 19:39:15 +00:00
Wei Chen 487ee5b46e Does not work against Win 7 SP0/SP1 and Windows Server 2003 SP2. Definitely not an universal target. 
git-svn-id: file:///home/svn/framework3/trunk@13841 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-09 05:36:42 +00:00
Wei Chen a3cc25615d Add bug #5505 (scriptftp_list module) 
git-svn-id: file:///home/svn/framework3/trunk@13839 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-09 04:17:03 +00:00
HD Moore 3d8a18cfd1 Fix tab indent 
git-svn-id: file:///home/svn/framework3/trunk@13836 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-08 18:39:23 +00:00
Joshua Drake 2e7edeff81 See #3585: Happy Third Birthday MS08-067! 
Adds an AlwaysOn DEP bypass for XP SP2 and SP3

git-svn-id: file:///home/svn/framework3/trunk@13835 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-08 07:26:37 +00:00
Steve Tornio 93f8d73b0c add osvdb ref 
git-svn-id: file:///home/svn/framework3/trunk@13810 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-02 17:03:23 +00:00
Mario Ceballos 711bfa7d53 initial coverage for ca total defense sqli 
git-svn-id: file:///home/svn/framework3/trunk@13809 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-02 15:53:44 +00:00
Wei Chen 2b3a277124 Found an instance that causes the win 7 target to fail. This fix corrects it. 
git-svn-id: file:///home/svn/framework3/trunk@13797 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-27 08:55:07 +00:00
Matt Weeks de9e99bd3d Fix some TOCTOU confusion and database errors. 
git-svn-id: file:///home/svn/framework3/trunk@13779 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-23 15:12:19 +00:00
Wei Chen ec6f290fbd Add Windows 7 target and all kinds of stuff. 
git-svn-id: file:///home/svn/framework3/trunk@13775 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-22 17:40:35 +00:00
Steve Tornio e93341f9f1 add cve and osvdb refs 
git-svn-id: file:///home/svn/framework3/trunk@13768 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-21 11:55:56 +00:00
Wei Chen 5d4f68a6f2 Fix JS 
git-svn-id: file:///home/svn/framework3/trunk@13767 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-21 03:13:45 +00:00
Wei Chen 936f3de84c This simple math would do the trick 
git-svn-id: file:///home/svn/framework3/trunk@13766 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-20 18:56:21 +00:00
Wei Chen 742edf1ad1 Add eSignal and eSignal Pro exploit 
git-svn-id: file:///home/svn/framework3/trunk@13765 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-20 17:39:53 +00:00
Joshua Drake 3318b132c8 add x90c's email address 
git-svn-id: file:///home/svn/framework3/trunk@13757 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-19 19:40:48 +00:00
Steve Tornio ee09c028a0 add cve and osvdb refs 
git-svn-id: file:///home/svn/framework3/trunk@13756 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-19 11:38:49 +00:00
Matt Weeks 1d2ddc55e8 Add UI for PXE attack reset. 
git-svn-id: file:///home/svn/framework3/trunk@13753 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-18 20:44:16 +00:00
James Lee f4be092ac1 include the CVE with more details that definitely applies to this bug, in addition to the ambiguous one that may or may not 
git-svn-id: file:///home/svn/framework3/trunk@13751 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-18 03:57:27 +00:00
Wei Chen bf315b09ed Add DAQFactory bof 
git-svn-id: file:///home/svn/framework3/trunk@13750 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-18 02:45:55 +00:00
Tod Beardsley 10c76f66ba Adding an extra print line to adobe_cooltype_sing that clearly displays the user-agent. 
git-svn-id: file:///home/svn/framework3/trunk@13748 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-17 20:12:51 +00:00
Wei Chen 56025609f0 Add fix commit url to reference. Thx jduck! 
git-svn-id: file:///home/svn/framework3/trunk@13745 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-17 06:48:33 +00:00
Wei Chen 2ebef435a0 Add CVE-2011-2950 Real Player heap overflow 
git-svn-id: file:///home/svn/framework3/trunk@13738 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-16 19:22:29 +00:00
Wei Chen 6443ee024c Add Measuresoft ScadaPro exploit 
git-svn-id: file:///home/svn/framework3/trunk@13737 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-16 08:23:59 +00:00
Wei Chen 7569cad178 Correct variable use in heap spray js function 
git-svn-id: file:///home/svn/framework3/trunk@13735 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-15 22:37:13 +00:00
Wei Chen 70fa0e630b Add Windows 7 + IE 8 target. Also use a different approach to get code execution. 
git-svn-id: file:///home/svn/framework3/trunk@13734 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-15 20:51:01 +00:00
Steve Tornio de98758f2b add osvdb ref 
git-svn-id: file:///home/svn/framework3/trunk@13728 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-13 20:10:28 +00:00
Wei Chen 9e5d07b201 Add ScadaTEC ScadaPhone bof 
git-svn-id: file:///home/svn/framework3/trunk@13727 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-13 17:25:03 +00:00
Steve Tornio e6ce90c551 add osvdb ref 
git-svn-id: file:///home/svn/framework3/trunk@13724 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-12 21:42:36 +00:00
Wei Chen 8b8388ed44 Add CVE-2011-3322 Procyon Core Server HMI 
git-svn-id: file:///home/svn/framework3/trunk@13721 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-12 17:54:31 +00:00
Wei Chen e597891a1f Add support for DEP bypass 
git-svn-id: file:///home/svn/framework3/trunk@13711 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-09 18:15:50 +00:00
James Lee e31acef6e9 whitespace cleanup 
git-svn-id: file:///home/svn/framework3/trunk@13702 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-07 15:30:08 +00:00
Mario Ceballos 6f28911d3d added patch from joshua taylor. 
git-svn-id: file:///home/svn/framework3/trunk@13698 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-06 19:58:40 +00:00
Wei Chen 819e673b88 Mention about the RSA attack in the description, also add a reference for it 
git-svn-id: file:///home/svn/framework3/trunk@13697 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-06 17:22:00 +00:00
HD Moore 7fb4a3c571 Fix up the disablenops syntax 
git-svn-id: file:///home/svn/framework3/trunk@13694 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-05 16:27:04 +00:00
Mario Ceballos 2f2421badc initial coverage of the pnsize bug (fileformat) 
git-svn-id: file:///home/svn/framework3/trunk@13691 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-03 21:17:58 +00:00
Wei Chen 44ba7e80d5 This module still works against 2.5 (most current as of Sept 2 2011) 
git-svn-id: file:///home/svn/framework3/trunk@13688 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-03 04:52:04 +00:00
David Rude 8a070b81a2 Add the noobfuscation arg to the heaplib call 
git-svn-id: file:///home/svn/framework3/trunk@13675 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-01 09:00:20 +00:00
Wei Chen 4e92190fa8 Add additional references, correct disclosure date 
git-svn-id: file:///home/svn/framework3/trunk@13673 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-01 05:20:47 +00:00
Wei Chen 717b0eddee Add DVD X plf playlist buffer overflow 
git-svn-id: file:///home/svn/framework3/trunk@13672 4d416f70-5f16-0410-b530-b9f4589650da
 2011-09-01 05:14:21 +00:00
Wei Chen 22dc0ed551 Fix disclosure date 
git-svn-id: file:///home/svn/framework3/trunk@13670 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-31 00:15:46 +00:00
David Rude c5fe6ed503 Reset the target to allow for multiple client connections 
git-svn-id: file:///home/svn/framework3/trunk@13669 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-30 22:29:14 +00:00
David Rude 70dffd6afb Adds Citrix Gateway ActiveX Stack Based Buffer Overflow module 
git-svn-id: file:///home/svn/framework3/trunk@13666 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-30 22:22:32 +00:00
Matt Weeks 6853221762 Fixes #5313 by adding logging support to pivoted PXE attacks, and displaying results as the module runs. 
git-svn-id: file:///home/svn/framework3/trunk@13646 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-27 15:46:49 +00:00
Matt Weeks f9e651d382 Report to DB too. 
git-svn-id: file:///home/svn/framework3/trunk@13640 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-25 22:56:22 +00:00
Matt Weeks 23b4f4ed98 Address #5313 for locally-launched PXE attacks. 
git-svn-id: file:///home/svn/framework3/trunk@13639 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-25 22:48:33 +00:00
amaloteaux 9cfba23558 psexec: allow o upload payload in a subfolder 
git-svn-id: file:///home/svn/framework3/trunk@13638 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-25 22:30:46 +00:00
Matt Weeks 06c3dabe31 Fixes #5312 for pivoted PXE attacks. 
git-svn-id: file:///home/svn/framework3/trunk@13634 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-25 02:07:35 +00:00
David Rude b331073851 cleaned up some column width issues, added on_new_session clean up code to remove files 
git-svn-id: file:///home/svn/framework3/trunk@13599 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-20 17:47:03 +00:00
Wei Chen 6723c7fb3e Minor metadata format fix 
git-svn-id: file:///home/svn/framework3/trunk@13593 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-20 00:11:22 +00:00
Wei Chen 8fbd81a0f0 Add HP Easy Printer xmlsimpleaccessor exploit 
git-svn-id: file:///home/svn/framework3/trunk@13592 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-19 23:49:45 +00:00
Mario Ceballos aef764de08 working on moving things referenced in Feature #653. added different param for secure backup 
git-svn-id: file:///home/svn/framework3/trunk@13591 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-19 18:35:29 +00:00
Wei Chen fe53151324 fix tabs 
git-svn-id: file:///home/svn/framework3/trunk@13590 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-19 16:58:50 +00:00
Wei Chen 056adf7063 Add Win 7 target 
git-svn-id: file:///home/svn/framework3/trunk@13589 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-19 16:57:19 +00:00
Wei Chen 2a62ac35ac Fix bug #5267 
git-svn-id: file:///home/svn/framework3/trunk@13573 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-17 06:14:51 +00:00
Wei Chen 6c58dad979 ugh, why the extra spaces 
git-svn-id: file:///home/svn/framework3/trunk@13566 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-15 15:34:49 +00:00
Wei Chen eaa5cf6b5d Use heaplib on IE 8, allow obfuscation as an option 
git-svn-id: file:///home/svn/framework3/trunk@13565 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-15 15:32:17 +00:00
Wei Chen 55d60a1af2 Allow JavaScript obfuscation as an option 
git-svn-id: file:///home/svn/framework3/trunk@13556 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-13 02:28:49 +00:00
Wei Chen c29a4d5ea3 Specify UUID offset for the custom .Net binary 
git-svn-id: file:///home/svn/framework3/trunk@13555 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-13 02:15:05 +00:00
Wei Chen f8bf910fbb missing var 
git-svn-id: file:///home/svn/framework3/trunk@13554 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-13 02:05:08 +00:00
Wei Chen 8bf7a9990b Improve javascript obfuscation, and allow it as an option 
git-svn-id: file:///home/svn/framework3/trunk@13553 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-12 23:03:11 +00:00
Wei Chen 20f4280d9f Exploit is much more reliable than before, it gets a promotion 
git-svn-id: file:///home/svn/framework3/trunk@13549 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-12 19:17:23 +00:00
Wei Chen bfc59e4c62 Add MS10-026 exploit 
git-svn-id: file:///home/svn/framework3/trunk@13547 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-12 19:04:25 +00:00
Wei Chen 3b04e7bd9e Add routine to check target before exploiting it 
git-svn-id: file:///home/svn/framework3/trunk@13535 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-11 23:05:45 +00:00
Wei Chen 0d9908435a Allow JavaScript obfuscation as an option 
git-svn-id: file:///home/svn/framework3/trunk@13533 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-11 22:18:25 +00:00
Wei Chen 456aeeb90b Allow JavaScript obfuscation as an option 
git-svn-id: file:///home/svn/framework3/trunk@13530 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-11 18:47:21 +00:00
Wei Chen 4ac431948a Allow JavaScript obfuscation as an option 
git-svn-id: file:///home/svn/framework3/trunk@13524 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-11 15:50:43 +00:00
Wei Chen a1526e86b8 Use heaplib to spray, and use obfuscation as an option 
git-svn-id: file:///home/svn/framework3/trunk@13523 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-11 15:25:14 +00:00
Steve Tornio a6a444930e add osvdb ref 
git-svn-id: file:///home/svn/framework3/trunk@13522 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-11 11:17:30 +00:00
Wei Chen 950a4215a0 Fix a problem where resp.index() might return nil 
git-svn-id: file:///home/svn/framework3/trunk@13521 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-11 09:03:19 +00:00
Wei Chen 6a89cf5859 Add TeeChart Professional ActiveX exploit 
git-svn-id: file:///home/svn/framework3/trunk@13520 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-11 08:41:30 +00:00
Matt Weeks dad6103944 Fix documentation to match change; will only affect windows. 
git-svn-id: file:///home/svn/framework3/trunk@13519 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-11 03:05:58 +00:00
Matt Weeks f12742a05f Better cleanup for PXE attacks. 
git-svn-id: file:///home/svn/framework3/trunk@13518 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-11 02:57:02 +00:00
Wei Chen 58198f37ba Fix reference link 
git-svn-id: file:///home/svn/framework3/trunk@13513 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-10 18:58:20 +00:00
Wei Chen 8dc4228ee0 Fix very minor typo 
git-svn-id: file:///home/svn/framework3/trunk@13508 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-10 17:05:49 +00:00
Wei Chen 3b1769d621 Add Mozilla Firefox 3.6.16 mChannel Use After Free exploit by Rh0 
git-svn-id: file:///home/svn/framework3/trunk@13507 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-10 05:58:02 +00:00
Matt Weeks b2733c04db More PXE dust for extra magic! 
git-svn-id: file:///home/svn/framework3/trunk@13493 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-05 17:10:27 +00:00
Wei Chen a0168d59a8 Minor fix to comply with the 100 columns per line guideline 
git-svn-id: file:///home/svn/framework3/trunk@13467 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-01 21:20:29 +00:00
David Rude bee7fba3c8 Small typo fix and some minor formatting 
git-svn-id: file:///home/svn/framework3/trunk@13466 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-01 19:34:01 +00:00
David Rude 118ca372b3 adding CA Arcserve D2D GWT Credential Information Disclosure module 
git-svn-id: file:///home/svn/framework3/trunk@13465 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-01 14:40:52 +00:00
Tod Beardsley df52bfaa4f Ensure that we check for pcaprub before doing much anything else for those modules that actually require it. In some cases, that means moving open_pcap() up to be the first method call, in others, insert check_pcaprub_loaded first. Also removes a few cases of redundant checking (the Capture mixin does all this already anyway). 
git-svn-id: file:///home/svn/framework3/trunk@13381 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-27 20:21:47 +00:00
Wei Chen 6fc59d5287 Fill in BID reference 
git-svn-id: file:///home/svn/framework3/trunk@13330 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-24 19:42:40 +00:00
Wei Chen 6bf90f884e Fix debug mode and some extra tabs in JS 
git-svn-id: file:///home/svn/framework3/trunk@13325 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-24 00:22:29 +00:00
Wei Chen f47a2c7565 Format dictatorship round 2: Fix author e-mail format for all exploit modules 
git-svn-id: file:///home/svn/framework3/trunk@13297 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-22 20:17:58 +00:00
Wei Chen 25c89c2e7a Put the short jmp in there 
git-svn-id: file:///home/svn/framework3/trunk@13224 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-19 15:07:00 +00:00
HD Moore 7dbb56b38b No longer default a target for XP systems; some obscure builds of XP Embedded SP1 have a different offset and not good way to differentiate 
git-svn-id: file:///home/svn/framework3/trunk@13214 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-19 01:40:26 +00:00
Wei Chen 3ca9b51984 oops, a little mistake in the description 
git-svn-id: file:///home/svn/framework3/trunk@13212 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-18 20:46:08 +00:00
Wei Chen 821e9dd68b Updated metadata, merged code with #4923. Thx Joff. 
git-svn-id: file:///home/svn/framework3/trunk@13211 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-18 20:39:27 +00:00
HD Moore 764bb36f44 Wait a little longer for a session (5 seconds) 
git-svn-id: file:///home/svn/framework3/trunk@13208 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-18 16:05:51 +00:00
HD Moore 8887fe86b8 Either the offset or the env page moves around for this exploit on some non-english systems, do not default the target for 2003 SP0 
git-svn-id: file:///home/svn/framework3/trunk@13206 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-18 14:59:55 +00:00
Wei Chen 2eeffc39fc Add Iconics GENESIS32 GenBroker exploit by lincoln and corelanc0d3r 
git-svn-id: file:///home/svn/framework3/trunk@13197 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-17 15:01:46 +00:00
Wei Chen 681563adc9 Fix that extra tab in the description 
git-svn-id: file:///home/svn/framework3/trunk@13194 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-16 05:21:20 +00:00
Wei Chen 2e93ba06ba Add HP NNM ToolBar.exe exploit aganist the OvOSLocale cookie parameter 
git-svn-id: file:///home/svn/framework3/trunk@13193 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-16 05:14:33 +00:00
Wei Chen 86b40e894b Make room for another exploit against ToolBar.exe 
git-svn-id: file:///home/svn/framework3/trunk@13192 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-16 04:45:21 +00:00
James Lee c412a836ed add VERBOSE option to all modules and vprint_* methods to use it 
git-svn-id: file:///home/svn/framework3/trunk@13183 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-15 15:33:35 +00:00
Steve Tornio 9278b0a5f5 add osvdb ref 
git-svn-id: file:///home/svn/framework3/trunk@13152 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-11 06:59:00 +00:00
Wei Chen 94aea207d3 Remove extra tabs and spaces 
git-svn-id: file:///home/svn/framework3/trunk@13148 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-10 21:10:45 +00:00
Wei Chen 9892eb39eb Syntax fix 
git-svn-id: file:///home/svn/framework3/trunk@13147 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-10 20:50:52 +00:00
Wei Chen 32a7eb0000 svn propset 
git-svn-id: file:///home/svn/framework3/trunk@13146 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-10 19:19:00 +00:00
David Rude 7958516549 Adds Xeros Firefox nstreerange exploit 
git-svn-id: file:///home/svn/framework3/trunk@13143 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-10 17:12:53 +00:00
Wei Chen 5b69b52ec4 "InitialAutoRunScript" is more like it 
git-svn-id: file:///home/svn/framework3/trunk@13142 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-10 07:28:12 +00:00
Wei Chen 6448daf571 MS10-018, y u no InitialAutoRunScript 
git-svn-id: file:///home/svn/framework3/trunk@13141 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-10 07:02:38 +00:00
Wei Chen 15f82402af I changed my mind. The ATTEMPTS options is required. 
git-svn-id: file:///home/svn/framework3/trunk@13137 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-09 04:10:52 +00:00
Wei Chen 1246fd5731 Added Blue Coat Authentication Authorization Agent exploit 
git-svn-id: file:///home/svn/framework3/trunk@13134 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-09 01:40:29 +00:00
Steve Tornio 94640b6bc4 add osvdb refs 
git-svn-id: file:///home/svn/framework3/trunk@13115 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-07 11:54:54 +00:00
Wei Chen 47e6c4a89f Added #4870 - MicroP .mppl buffer overflow exploit 
git-svn-id: file:///home/svn/framework3/trunk@13114 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-07 06:29:37 +00:00
HD Moore 78f2525fdc Fixes #4879 by adding a new target from bperry 
git-svn-id: file:///home/svn/framework3/trunk@13110 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-07 03:33:04 +00:00
Wei Chen 1058948419 Updated ROP, no more hardcoded ntdll addresses 
git-svn-id: file:///home/svn/framework3/trunk@13106 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-06 07:22:24 +00:00
Wei Chen 7589f8d2f1 Updated target name that works against multiple systems (thx corelanc0d3r) 
git-svn-id: file:///home/svn/framework3/trunk@13105 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-06 01:59:24 +00:00
Wei Chen 1e4dfaf6de Change author name for dookie 
git-svn-id: file:///home/svn/framework3/trunk@13096 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-04 22:33:47 +00:00
Wei Chen 2f6b89516a Added HP Data Protector omniinet buffer overflow with opcode 20 
git-svn-id: file:///home/svn/framework3/trunk@13092 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-04 17:02:40 +00:00
HD Moore db6b8c3545 Probably time to fess up :) 
git-svn-id: file:///home/svn/framework3/trunk@13088 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-02 01:09:46 +00:00
Wei Chen dbd04d754a Change to a better P/P/R, tested on 4 different machines. Thx fdiskyou. 
git-svn-id: file:///home/svn/framework3/trunk@13081 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-01 22:26:12 +00:00
Mario Ceballos b6e1c6a967 add exploit module hp_omniinet_3.rb 
git-svn-id: file:///home/svn/framework3/trunk@13080 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-01 17:07:38 +00:00
Wei Chen fc33b1d20e '\x00' isn't the same as "\x00" 
git-svn-id: file:///home/svn/framework3/trunk@13051 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-28 19:45:51 +00:00
Wei Chen 73dc5c605b Change ranking. Because looks like it works better than "average" 
git-svn-id: file:///home/svn/framework3/trunk@13042 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-27 18:00:12 +00:00
Wei Chen e6995b4912 Added ZDI-11-023 Citrix Provisioning Services bof exploit (Feature #4798) 
git-svn-id: file:///home/svn/framework3/trunk@13041 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-27 17:54:18 +00:00
Wei Chen 1b25cf3c43 Using SEH instead of egghunter. Verified again on Win2k3. thx to MC. 
git-svn-id: file:///home/svn/framework3/trunk@13036 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-26 19:28:14 +00:00
Wei Chen 6325515ca7 Minor name change 
git-svn-id: file:///home/svn/framework3/trunk@13034 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-26 16:09:53 +00:00
Wei Chen 07f415f4e0 Forgot to switch back to random paddings 
git-svn-id: file:///home/svn/framework3/trunk@13033 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-26 16:06:39 +00:00
Wei Chen f0e6159a35 Minor name change for the exploit 
git-svn-id: file:///home/svn/framework3/trunk@13031 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-26 06:01:21 +00:00
Wei Chen 13b2209f3d Added Microsoft Visio DXF File Buffer Overflow Exploit by Juan 
git-svn-id: file:///home/svn/framework3/trunk@13030 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-26 05:59:37 +00:00
Wei Chen 0cf51f8d5a Exploit name change. Also, this thing doesn't use seh. 
git-svn-id: file:///home/svn/framework3/trunk@13026 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-25 14:25:45 +00:00
Steve Tornio 27eb48f650 add osvdb ref 
git-svn-id: file:///home/svn/framework3/trunk@13025 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-25 11:27:55 +00:00
Wei Chen f16f850fc6 Added Siemens FactoryLink 8 csservice.exe (port 7580) 
git-svn-id: file:///home/svn/framework3/trunk@13019 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-25 00:54:18 +00:00
David Rude 37b7345fea Adds Ranking and Fileformat version of the Lotus Notes LZH Exploit 
git-svn-id: file:///home/svn/framework3/trunk@13015 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-23 15:43:54 +00:00
Steve Tornio 59943cb367 add osvdb and cve refs 
git-svn-id: file:///home/svn/framework3/trunk@13014 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-23 12:05:09 +00:00
David Rude 7b5860d0ab Fix a bug if the RHOST length is 15 or longer 
git-svn-id: file:///home/svn/framework3/trunk@13013 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-23 09:58:50 +00:00
David Rude df8bf68722 Adds Lotus Notes .lzh Autonomy Keyview Exploit 
git-svn-id: file:///home/svn/framework3/trunk@13012 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-23 09:51:16 +00:00
Wei Chen 1223275330 Change ranking for now until we have a better solution for SP3 
git-svn-id: file:///home/svn/framework3/trunk@13009 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-23 01:04:29 +00:00
Wei Chen bd62c13fb0 Added RealWin SCADA Server DATAC Login Buffer Overflow (Feature #4787)) 
git-svn-id: file:///home/svn/framework3/trunk@13007 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-22 22:36:55 +00:00
James Lee 57cf0b04a7 stack overflow != stack buffer overflow 
git-svn-id: file:///home/svn/framework3/trunk@13001 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-21 23:27:16 +00:00
Steve Tornio 465bc8ce88 add osvdb ref 
git-svn-id: file:///home/svn/framework3/trunk@13000 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-21 22:42:53 +00:00
Mario Ceballos a5a1f1587f add another scada module. winlog_runtime.rb 
git-svn-id: file:///home/svn/framework3/trunk@12999 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-21 21:48:30 +00:00
Wei Chen 0400a72ab0 RCA, description update, and some text randomness 
git-svn-id: file:///home/svn/framework3/trunk@12998 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-21 21:08:57 +00:00
Joshua Drake 69963a45ab Fixes #4752 - Auto-detect the windows directory and use it for subsequent requests 
git-svn-id: file:///home/svn/framework3/trunk@12997 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-21 18:55:28 +00:00
Steve Tornio 03464a168e add osvdb ref 
git-svn-id: file:///home/svn/framework3/trunk@12996 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-21 18:02:35 +00:00
David Rude d796f523a6 Adds FactorLink vrn.exe exploit from hal 
git-svn-id: file:///home/svn/framework3/trunk@12995 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-21 13:20:18 +00:00
Wei Chen fdbc038bd0 Add BlackIce Cover Page ActiveX downloadimagefileurl exploit 
git-svn-id: file:///home/svn/framework3/trunk@12992 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-21 02:51:39 +00:00
Steve Tornio 8ee3bf7f54 add cve, osvdb and bugtraq id. 
git-svn-id: file:///home/svn/framework3/trunk@12978 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-20 11:07:22 +00:00
HD Moore 3831e49455 See #4506 for Macro handling 
git-svn-id: file:///home/svn/framework3/trunk@12977 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-20 07:23:16 +00:00
Wei Chen 0b30256203 Add licensing 
git-svn-id: file:///home/svn/framework3/trunk@12975 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-20 04:01:47 +00:00
Wei Chen eff703b3ad Add SCADA Realwin On_FC_CONNECT_FCS_a_FILE buffer overflow 
git-svn-id: file:///home/svn/framework3/trunk@12974 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-20 00:37:13 +00:00
Steve Tornio 650762517f update CVE and OSVDB to match what the author said 
git-svn-id: file:///home/svn/framework3/trunk@12964 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-17 17:35:57 +00:00
Steve Tornio 7c47b48f5b add osvdb ref 
git-svn-id: file:///home/svn/framework3/trunk@12962 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-17 01:56:20 +00:00
Wei Chen 23cc89482b CVE correction, thanks Kurt. 
git-svn-id: file:///home/svn/framework3/trunk@12961 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-17 00:56:11 +00:00
Wei Chen eae350b88b CVE-2011-1260 seems to be the right one 
git-svn-id: file:///home/svn/framework3/trunk@12959 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-16 22:27:10 +00:00
Wei Chen 0a04835138 Added MS11-050 by d0c_s4vage 
git-svn-id: file:///home/svn/framework3/trunk@12956 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-16 21:19:12 +00:00
HD Moore d11e1f3294 Make all keywords consistent for modules. 
git-svn-id: file:///home/svn/framework3/trunk@12936 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-13 03:38:31 +00:00
David Rude 04d280fdd0 minor fixes 
git-svn-id: file:///home/svn/framework3/trunk@12925 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-12 00:04:55 +00:00
David Rude ee7454c5e6 Added IBM Tivoli Endpoint Manager HTTP POST query buffer overflow exploit 
git-svn-id: file:///home/svn/framework3/trunk@12922 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-11 23:48:18 +00:00
Steve Tornio 579d823070 add osvdb and cve refs 
git-svn-id: file:///home/svn/framework3/trunk@12893 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-09 20:44:52 +00:00
David Rude 247251ac07 Remove references to OUTPUTPATH options, unless files are created using a different method 
git-svn-id: file:///home/svn/framework3/trunk@12892 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-09 19:51:56 +00:00
Wei Chen 24bb7c3d8d 7-Technologies IGSS v9.0 Rename command buffer overflow 
git-svn-id: file:///home/svn/framework3/trunk@12886 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-09 06:04:04 +00:00
David Rude e2820918ad adds Windows XP SP3 target and updates the reference link 
git-svn-id: file:///home/svn/framework3/trunk@12873 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-06 20:29:02 +00:00
David Rude b9e398c706 adds support for SSL 
git-svn-id: file:///home/svn/framework3/trunk@12872 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-06 20:15:51 +00:00
David Rude 31a659e55a Fixed this up to use the new JS obfuscation hotness thanks to egyp7s rkelly fu! 
git-svn-id: file:///home/svn/framework3/trunk@12871 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-06 19:49:33 +00:00
Steve Tornio 377a18030a add osvdb ref 
git-svn-id: file:///home/svn/framework3/trunk@12869 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-06 19:06:18 +00:00
David Rude 3d7715ce60 Added Cisco AnyConnect VPN Client ActiveX download and execute exploit 
git-svn-id: file:///home/svn/framework3/trunk@12868 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-06 18:52:26 +00:00
Wei Chen 2e861a2fa8 Added CVE 
git-svn-id: file:///home/svn/framework3/trunk@12865 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-06 02:35:40 +00:00
James Lee bee19278d7 add a new javascript obfuscation engine using rkelly for parsing. use it in browser_autopwn and ms10_018_ie_behaviors. see #1003 
git-svn-id: file:///home/svn/framework3/trunk@12839 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-03 00:36:26 +00:00
Steve Tornio 6890ec5610 add cve and osvdb refs 
git-svn-id: file:///home/svn/framework3/trunk@12816 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-02 12:24:25 +00:00
David Rude bfdb3a2a36 Added GoldenFTP exploit 
git-svn-id: file:///home/svn/framework3/trunk@12812 4d416f70-5f16-0410-b530-b9f4589650da
 2011-06-02 01:10:22 +00:00
Steve Tornio f43368ebe4 add osvdb refs 
git-svn-id: file:///home/svn/framework3/trunk@12779 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-31 14:33:19 +00:00
Wei Chen 396e476a03 Updated description, documented packet header a bit 
git-svn-id: file:///home/svn/framework3/trunk@12774 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-30 21:17:35 +00:00
Wei Chen b950219b0d Fix typo 
git-svn-id: file:///home/svn/framework3/trunk@12773 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-30 21:06:56 +00:00
Wei Chen 4d044ee592 Added 7-Technologies IGSS 9.0 Write File / EXE packet handling exploit 
git-svn-id: file:///home/svn/framework3/trunk@12772 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-30 21:00:49 +00:00
Jonathan Cran ef7a7adc1e escape slashes, thanks aushack 
git-svn-id: file:///home/svn/framework3/trunk@12738 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-27 06:14:52 +00:00
Steve Tornio 782b1c6dd6 add stratsec ref, update disclosure to match public timeline 
git-svn-id: file:///home/svn/framework3/trunk@12716 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-25 13:57:12 +00:00
Wei Chen c1233db428 ugh! It's visiwavereport.exe, not visiwave.exe. 
git-svn-id: file:///home/svn/framework3/trunk@12711 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-25 04:48:25 +00:00
Wei Chen 0c60fe5a4b Couldn't help but patch-diff it and updated the description again 
git-svn-id: file:///home/svn/framework3/trunk@12710 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-25 04:45:17 +00:00
Wei Chen 6b6c6b2f64 We're actually not using 'Ret', it is removed. 
git-svn-id: file:///home/svn/framework3/trunk@12706 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-24 23:15:06 +00:00
Wei Chen af4b8bfef6 RCA done, the new description explains what really happens that causes the vulnerability. 
git-svn-id: file:///home/svn/framework3/trunk@12705 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-24 22:58:10 +00:00
Wei Chen f80c66ee8f Disclosure date is actually May 10 2011, confirmed by Mr_Me. 
git-svn-id: file:///home/svn/framework3/trunk@12698 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-23 23:55:03 +00:00
Steve Tornio fd6a3def6e add osvdb ref 
git-svn-id: file:///home/svn/framework3/trunk@12695 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-23 19:50:57 +00:00
Wei Chen d900892da8 Disclosure date change. '2007' wouldn't make sense now, would it? 
git-svn-id: file:///home/svn/framework3/trunk@12692 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-23 16:30:07 +00:00
Wei Chen 8089d10618 Added VisiWave Site Survey Report buffer overflow exploit 
git-svn-id: file:///home/svn/framework3/trunk@12691 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-23 16:28:38 +00:00
Steve Tornio 28d5febfad add osvdb ref 
git-svn-id: file:///home/svn/framework3/trunk@12688 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-22 23:41:15 +00:00
Wei Chen e916a61eec Date format fix 
git-svn-id: file:///home/svn/framework3/trunk@12685 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-22 22:09:52 +00:00
Wei Chen d9c0d1c941 Added Magix Musik Maker 16 buffer overflow exploit 
git-svn-id: file:///home/svn/framework3/trunk@12684 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-22 22:08:09 +00:00
James Lee 36983436db play a little nicer with browser autopwn by not spraying the heap if creating the vulnerable object failed 
git-svn-id: file:///home/svn/framework3/trunk@12667 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-19 19:45:14 +00:00
James Lee 0b88468617 out with the new, in with the old. css_clip is pretty unreliable in my tests, go back to using ie_behaviors in browser autopwn 
git-svn-id: file:///home/svn/framework3/trunk@12663 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-19 16:33:55 +00:00
Wei Chen f9c49ef9ce Comment update (this is still for the egghunter fix: bug #4552) 
git-svn-id: file:///home/svn/framework3/trunk@12657 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-18 19:50:22 +00:00
Wei Chen 6345fec06c checksum support for egghunter disabled, because not enough room for it. See r4552. 
git-svn-id: file:///home/svn/framework3/trunk@12656 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-18 19:48:06 +00:00
Steve Tornio 72692d27f7 add osvdb ref 
git-svn-id: file:///home/svn/framework3/trunk@12643 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-17 11:28:25 +00:00
Wei Chen 4f56444f2c Fix for nops 
git-svn-id: file:///home/svn/framework3/trunk@12639 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-16 19:30:17 +00:00
Wei Chen 95700687de Added IGSS 9 buffer overflow 
git-svn-id: file:///home/svn/framework3/trunk@12638 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-16 19:02:05 +00:00
Wei Chen 40894c3726 Moving Iconics webhmi activeX exploit from browser to scada directory 
git-svn-id: file:///home/svn/framework3/trunk@12584 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-11 20:45:54 +00:00
Steve Tornio d0c93f7e49 add osvdb ref 
git-svn-id: file:///home/svn/framework3/trunk@12582 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-11 11:33:16 +00:00
Wei Chen 5d59d819ac Added SPlayer Content-Type bof 
git-svn-id: file:///home/svn/framework3/trunk@12581 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-11 00:18:11 +00:00
Steve Tornio b84df80983 add osvdb ref 
git-svn-id: file:///home/svn/framework3/trunk@12576 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-10 19:16:07 +00:00
Wei Chen 105b5799af Added ICONICS WebHMI ActiveX SetActiveXGuid bof 
git-svn-id: file:///home/svn/framework3/trunk@12573 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-10 18:07:15 +00:00
Steve Tornio c87ba8f026 add osvdb ref 
git-svn-id: file:///home/svn/framework3/trunk@12557 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-06 19:33:01 +00:00
Joshua Drake 5b8e4707cc Add an exploit for CVE-2011-1574 (libmodplug via VLC 1.1.8) 
git-svn-id: file:///home/svn/framework3/trunk@12544 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-06 15:29:07 +00:00
Wei Chen 8d78a47e45 get_resource() added to 'src' parameter 
git-svn-id: file:///home/svn/framework3/trunk@12543 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-05 22:10:30 +00:00
David Rude c80d454dd7 fixes some logic which restricted the use of other windows targets 
git-svn-id: file:///home/svn/framework3/trunk@12542 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-05 15:11:46 +00:00
David Rude a8b6c43636 reverting the disclosure dates for now need to clean up the patch 
git-svn-id: file:///home/svn/framework3/trunk@12540 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-04 20:43:19 +00:00
David Rude 3b7ea08f6a Fixes a ton of Disclosure Date discrepencies in various modules, thanks a ton to Michael Baker for spending the time to ensure accuracy 
git-svn-id: file:///home/svn/framework3/trunk@12539 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-04 19:17:31 +00:00
Steve Tornio fdd9b361bb add osvdb ref 
git-svn-id: file:///home/svn/framework3/trunk@12532 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-03 11:40:09 +00:00
Wei Chen 9c619c3a40 Added mjm quickplayer s3m bof 
git-svn-id: file:///home/svn/framework3/trunk@12474 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-30 02:37:14 +00:00
Wei Chen 72af607aef Added MJM Coreplayer s3m bof 
git-svn-id: file:///home/svn/framework3/trunk@12473 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-30 02:36:14 +00:00
Mario Ceballos be2f68afbd this method doesnt work with a licensed install. 
git-svn-id: file:///home/svn/framework3/trunk@12470 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-29 22:17:40 +00:00
Wei Chen 8fa4443a68 Added Subtitle Processor 7.7.1 bof 
git-svn-id: file:///home/svn/framework3/trunk@12461 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-28 08:12:32 +00:00
Mario Ceballos be83842dff added exploit module emc_homebase_exec.rb 
git-svn-id: file:///home/svn/framework3/trunk@12458 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-27 20:29:27 +00:00
Wei Chen f59db11f0e Fixed typo in description. Thanks ragecyr. 
git-svn-id: file:///home/svn/framework3/trunk@12456 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-27 16:54:49 +00:00
Wei Chen a31ac81b57 Added eZip Wizard 3.0 Stack Buffer Overflow 
git-svn-id: file:///home/svn/framework3/trunk@12428 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-25 01:06:34 +00:00
Wei Chen 2772be9125 Small offset change for Win 7 target requested by sd 
git-svn-id: file:///home/svn/framework3/trunk@12422 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-24 03:50:55 +00:00
Wei Chen c5d51cf810 Disclosure date change 
git-svn-id: file:///home/svn/framework3/trunk@12391 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-21 15:45:07 +00:00
Wei Chen 7ef79e3ca5 Changed disclosure date 
git-svn-id: file:///home/svn/framework3/trunk@12389 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-21 15:34:01 +00:00
Mario Ceballos 31f2afc033 fix date 
git-svn-id: file:///home/svn/framework3/trunk@12388 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-21 11:12:34 +00:00
Wei Chen cb491e35d2 Changed disclosure date 
git-svn-id: file:///home/svn/framework3/trunk@12384 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-21 02:10:40 +00:00
Wei Chen 458d8cccb8 Modified heap spray routine. Added IE 8 target for XP SP3. 
git-svn-id: file:///home/svn/framework3/trunk@12383 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-20 21:55:33 +00:00
amaloteaux a08bef0a47 allow the wireshark dect dissector exploit to be used remotly 
git-svn-id: file:///home/svn/framework3/trunk@12376 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-20 16:36:48 +00:00
Wei Chen 488c6de9df Description change again 
git-svn-id: file:///home/svn/framework3/trunk@12371 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-19 16:41:58 +00:00
Wei Chen 4b7595b8e4 Updated the size of the pcap file. Description also udpated. 
git-svn-id: file:///home/svn/framework3/trunk@12369 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-19 16:34:17 +00:00
Wei Chen 6d0bfaaa57 Updated author 
git-svn-id: file:///home/svn/framework3/trunk@12368 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-19 15:23:49 +00:00
Steve Tornio 0859bb18a7 add cve and osvdb refs 
git-svn-id: file:///home/svn/framework3/trunk@12365 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-19 11:32:17 +00:00
Wei Chen 90668a9913 Date format fix 
git-svn-id: file:///home/svn/framework3/trunk@12364 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-19 07:53:58 +00:00
Wei Chen 9d40da6bbb Title change 
git-svn-id: file:///home/svn/framework3/trunk@12363 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-19 06:43:05 +00:00
Wei Chen 9c60889f02 Added Wireshark packet-dect memcpy overflow (.pcap) 
git-svn-id: file:///home/svn/framework3/trunk@12362 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-19 06:41:57 +00:00
Wei Chen d4dd84536d Added Win 7 target 
git-svn-id: file:///home/svn/framework3/trunk@12361 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-19 03:10:36 +00:00
HD Moore b94d09cdf1 Try a little harder to make this module more reliable through TCP proxies 
git-svn-id: file:///home/svn/framework3/trunk@12359 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-18 20:53:21 +00:00
Wei Chen c28e7259ac Added CVE-2011-0611 Adobe Flash 0day 
git-svn-id: file:///home/svn/framework3/trunk@12330 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-16 02:09:33 +00:00
Wei Chen 9ac36d6e0a Forgot to change two other hardcoded junks to random alpha bytes 
git-svn-id: file:///home/svn/framework3/trunk@12322 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-14 23:28:58 +00:00
Wei Chen b81d87173f Added mr_me's Win XP SP3 + DEP target 
git-svn-id: file:///home/svn/framework3/trunk@12320 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-14 23:08:47 +00:00
James Lee b5e0962e3e return the appropriate check codes instead of just printing stuff. add some error checks to avoid stack traces against samba and non-existant hosts 
git-svn-id: file:///home/svn/framework3/trunk@12314 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-13 23:26:07 +00:00
Steve Tornio 79e84a46e9 add cve & osvdb refs 
git-svn-id: file:///home/svn/framework3/trunk@12306 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-12 11:04:29 +00:00
Wei Chen 33249bea32 Changed 0x90 nops to make_nops() instead 
git-svn-id: file:///home/svn/framework3/trunk@12305 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-11 23:32:41 +00:00
Wei Chen 3dec79f346 Format fix again 
git-svn-id: file:///home/svn/framework3/trunk@12304 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-11 23:24:12 +00:00
Wei Chen e5068838ff Last format fix 
git-svn-id: file:///home/svn/framework3/trunk@12301 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-11 22:31:27 +00:00
Wei Chen 300989db5f Format issue fix 
git-svn-id: file:///home/svn/framework3/trunk@12299 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-11 22:28:38 +00:00
Wei Chen eea7a0e743 Added Video Spirit vlsprj buffer overflow exploit 
git-svn-id: file:///home/svn/framework3/trunk@12296 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-11 22:09:23 +00:00
David Rude 39f4c0c42f Added MS08-067 check method thanks staylor =) 
git-svn-id: file:///home/svn/framework3/trunk@12294 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-11 16:32:59 +00:00
Patrick Webster e9e8026832 Fixed author name in modules for myself. 
git-svn-id: file:///home/svn/framework3/trunk@12292 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-11 02:25:36 +00:00
Wei Chen ffe6868d22 Updated vbs stager temp var 
git-svn-id: file:///home/svn/framework3/trunk@12286 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-09 18:24:43 +00:00
Wei Chen c31603beac Updated: Using random nops and padding 
git-svn-id: file:///home/svn/framework3/trunk@12284 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-08 23:09:31 +00:00
Wei Chen 8b0605c418 Added AOL Desktop 9.6 rtx buffer overflow 
git-svn-id: file:///home/svn/framework3/trunk@12283 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-08 23:03:30 +00:00
David Rude 82f5206bc7 change the filename to reflect the vendor 
git-svn-id: file:///home/svn/framework3/trunk@12281 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-08 14:06:10 +00:00
Steve Tornio a8947662db old file hanging around 
git-svn-id: file:///home/svn/framework3/trunk@12280 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-08 13:28:57 +00:00
Steve Tornio bb26593da7 add osvdb ref. rename file to correct typo 
git-svn-id: file:///home/svn/framework3/trunk@12279 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-08 12:41:18 +00:00
Wei Chen 717fb83fc9 Added RealNetworks RealGames ActiveX exec arbitrary code execution 
git-svn-id: file:///home/svn/framework3/trunk@12276 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-08 02:39:11 +00:00
David Rude 53790c1afb Change Vendor name, forgot one target uri fixup 
git-svn-id: file:///home/svn/framework3/trunk@12275 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-07 23:31:12 +00:00
David Rude 892e241853 Added Netflow Apps Manager Remote Code Execution exploit 
git-svn-id: file:///home/svn/framework3/trunk@12272 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-07 21:01:34 +00:00
Wei Chen 904b02c44f Need to track who committed what 
git-svn-id: file:///home/svn/framework3/trunk@12271 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-07 21:01:20 +00:00
Wei Chen b90d6fc16f Modified the heap spraying function. Each block size should be more consistent now. 
git-svn-id: file:///home/svn/framework3/trunk@12264 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-07 07:27:38 +00:00
Wei Chen 1c5f1f9d24 Fixed typo 
git-svn-id: file:///home/svn/framework3/trunk@12263 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-07 06:15:47 +00:00
Wei Chen 97a9056a1a Added CVE-2010-3407 (IBM Lotus Domino iCalendar SMTP) 
git-svn-id: file:///home/svn/framework3/trunk@12236 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-04 17:43:34 +00:00
amaloteaux 8e61c108d3 typo fix 
git-svn-id: file:///home/svn/framework3/trunk@12229 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-03 23:11:02 +00:00
Joshua Drake 8a627758f3 update description to remove blurb about ATSVC pipe, since it is no longer used 
git-svn-id: file:///home/svn/framework3/trunk@12226 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-03 20:53:54 +00:00
James Lee 6dd44fa516 massive keywords cleanup 
git-svn-id: file:///home/svn/framework3/trunk@12196 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-01 00:51:33 +00:00
Wei Chen 045e75c0b6 Added ret addr for win server 2003 sp2 donated by Polar Bear 
git-svn-id: file:///home/svn/framework3/trunk@12183 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-30 16:24:52 +00:00
HD Moore 9594829357 Remove the no longer needed require 
git-svn-id: file:///home/svn/framework3/trunk@12181 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-29 18:11:39 +00:00
HD Moore e0e8d986e7 Fix up psexec by adding a reqwuire for the wbemexec mixin 
git-svn-id: file:///home/svn/framework3/trunk@12180 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-29 16:35:26 +00:00
HD Moore 904dd863d1 Remove the WBEM mixin until its actually checked in 
git-svn-id: file:///home/svn/framework3/trunk@12179 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-29 15:26:08 +00:00
amaloteaux 3a6a02e43c add wbem exec method for psexec as optional, fix #3972, thanks to pbk-df3 for patch 
git-svn-id: file:///home/svn/framework3/trunk@12171 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-29 01:07:32 +00:00
Joshua Drake 0882f18ec0 add fix commit diff and fix broken cve reference 
git-svn-id: file:///home/svn/framework3/trunk@12166 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-28 03:04:54 +00:00
Joshua Drake 24fd896bfb add OSVDB reference back, conflict handling fail! 
git-svn-id: file:///home/svn/framework3/trunk@12165 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-28 03:02:46 +00:00
Wei Chen 214751379f Updated: using get_resource() instead of datastore['URIPATH'] 
git-svn-id: file:///home/svn/framework3/trunk@12156 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-27 03:56:45 +00:00
Wei Chen 25ca59b56f Added Win Vista and debug target 
git-svn-id: file:///home/svn/framework3/trunk@12153 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-26 23:22:51 +00:00
David Rude 349512f48d Updated exploit ranking and description to reflect the new ranking 
git-svn-id: file:///home/svn/framework3/trunk@12151 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-26 19:33:38 +00:00
Steve Tornio 81fae13258 add osvdb ref 
git-svn-id: file:///home/svn/framework3/trunk@12147 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-26 12:05:48 +00:00
David Rude ff3659aa37 Lots of work to make this a lot more reliable =) 
git-svn-id: file:///home/svn/framework3/trunk@12146 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-26 06:35:28 +00:00
Wei Chen eb7df0be8e Updated how the trigger file should be loaded... the proper way. 
git-svn-id: file:///home/svn/framework3/trunk@12140 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-26 00:07:36 +00:00
Wei Chen 77ceadc6ad Updated description and how the trigger file loads 
git-svn-id: file:///home/svn/framework3/trunk@12139 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-25 22:49:11 +00:00
Wei Chen 08f210ac52 Added CVE-2010-3275 (VLC AMV vulnerability) 
git-svn-id: file:///home/svn/framework3/trunk@12137 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-25 21:03:12 +00:00
Tod Beardsley fa062b8f32 Sets the cmd stager's temp directory to "." which makes all the writes go to the local data directory for postgresql. This avoids the slashes issue reported by troulouliou and keeps all the uploaded files in one place for somewhat easier cleanup. 
git-svn-id: file:///home/svn/framework3/trunk@12135 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-25 19:42:36 +00:00
Steve Tornio 5b79e6b4ec add osvdb ref 
git-svn-id: file:///home/svn/framework3/trunk@12132 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-25 11:28:57 +00:00
Mario Ceballos c162c0f429 added exploit module hp_nnm_getnnmdata_hostname.rb. now 49 on the list. 
git-svn-id: file:///home/svn/framework3/trunk@12131 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-25 00:46:59 +00:00
Wei Chen aa24f29a03 Fixed nops 
git-svn-id: file:///home/svn/framework3/trunk@12124 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-24 13:51:13 +00:00
Wei Chen c9eef9ffe5 Fixed typo 
git-svn-id: file:///home/svn/framework3/trunk@12123 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-24 13:31:58 +00:00
Wei Chen a05866385f Added target 7.50, provided by MC 
git-svn-id: file:///home/svn/framework3/trunk@12122 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-24 02:48:04 +00:00
Steve Tornio d9dd2a3058 add osvdb ref 
git-svn-id: file:///home/svn/framework3/trunk@12121 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-24 00:49:33 +00:00
Mario Ceballos 342d55ac00 heh, a couple for the hp_nnm party. add exploit modules hp_nnm_getnnmdata_icount.rb hp_nnm_getnnmdata_maxage.rb 
git-svn-id: file:///home/svn/framework3/trunk@12117 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-23 21:57:16 +00:00
Wei Chen 1a42a87a65 Added 2011-0267 (exploiting "schdParams" of HP NNM's nnmRptConfig.exe) 
git-svn-id: file:///home/svn/framework3/trunk@12116 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-23 21:35:13 +00:00
Tod Beardsley a3f68b97a6 Fix for 1.8.7 compatability, where regexes need escaped plusses. 
git-svn-id: file:///home/svn/framework3/trunk@12115 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-23 21:24:09 +00:00
amaloteaux 46cf938475 fix typo 
git-svn-id: file:///home/svn/framework3/trunk@12112 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-23 20:47:49 +00:00
Tod Beardsley b1178686cf Fixes #3988. Adds a command execution module for PostgreSQL by uploading a UDF library and adding sys_exec() as a temporary function. Requires the target to be Windows, uses Bernardo Damele A. G.'s binaries. 
Also fixes a typo in the arguments to handler which clears up a heretofore mysterious exception (see exploit.rb).



git-svn-id: file:///home/svn/framework3/trunk@12111 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-23 19:36:07 +00:00
amaloteaux c0a0e3f217 small fix 
git-svn-id: file:///home/svn/framework3/trunk@12110 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-23 19:02:38 +00:00
amaloteaux e706051bda psexec : allow exploit to succeed on any r/w share 
git-svn-id: file:///home/svn/framework3/trunk@12109 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-23 18:53:32 +00:00
Joshua Drake 6fa39eb32c merge my work on cve-2010-2703 
git-svn-id: file:///home/svn/framework3/trunk@12101 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-23 16:04:45 +00:00
Joshua Drake efd7b84cc5 change rank / add http fingerprint 
git-svn-id: file:///home/svn/framework3/trunk@12100 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-23 16:02:53 +00:00
Joshua Drake dd5e7f9286 merge in my wacky cve-2010-2709 work 
git-svn-id: file:///home/svn/framework3/trunk@12099 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-23 15:55:52 +00:00
Joshua Drake 1460d161da add exploit for cve-2010-1552 
git-svn-id: file:///home/svn/framework3/trunk@12098 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-23 15:47:20 +00:00
Joshua Drake 11e442ed47 add exploit for cve-2010-1964 
git-svn-id: file:///home/svn/framework3/trunk@12097 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-23 15:45:48 +00:00
Joshua Drake 6920376237 add exploit for cve-2010-1961 
git-svn-id: file:///home/svn/framework3/trunk@12096 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-23 15:44:55 +00:00
Joshua Drake 46cd08e1aa add exploit for cve-2010-1960 
git-svn-id: file:///home/svn/framework3/trunk@12095 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-23 15:43:25 +00:00
Steve Tornio 89ec6ab5da add osvdb ref 
git-svn-id: file:///home/svn/framework3/trunk@12092 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-23 11:19:45 +00:00
David Rude 8233030184 opps removed mixin require as well 
git-svn-id: file:///home/svn/framework3/trunk@12091 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-23 04:41:48 +00:00
David Rude f8534f06dd opps removed mixin reference =) 
git-svn-id: file:///home/svn/framework3/trunk@12090 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-23 04:40:38 +00:00
David Rude d7266b6551 Add CVE-2011-0609 exploit for Adobe Flash 
git-svn-id: file:///home/svn/framework3/trunk@12089 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-23 04:31:48 +00:00
Wei Chen 422e5ae7b1 gone. 
git-svn-id: file:///home/svn/framework3/trunk@12088 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-23 03:45:01 +00:00
Wei Chen c8ca48388d filenamed fix 
git-svn-id: file:///home/svn/framework3/trunk@12085 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-23 03:37:18 +00:00
Wei Chen 1a34d81aab Added CVE-2010-2703 
git-svn-id: file:///home/svn/framework3/trunk@12083 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-23 03:23:06 +00:00
Wei Chen 92d52daea8 Added NNM webappmon.exe OvJavaLocale overflow 
git-svn-id: file:///home/svn/framework3/trunk@12082 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-23 03:21:56 +00:00
Wei Chen 74e0d2f43e Added HP NNM nnmRptConfig nameParams overflow 
git-svn-id: file:///home/svn/framework3/trunk@12081 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-23 03:20:24 +00:00
Joshua Drake 586c1f9305 oops, broke the LIBPATH option 
git-svn-id: file:///home/svn/framework3/trunk@12015 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-18 01:18:18 +00:00
Joshua Drake f4fe3f11b0 enable bind payloads, thx hdm :) 
git-svn-id: file:///home/svn/framework3/trunk@12014 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-18 00:52:58 +00:00
Steve Tornio 4992deed21 add osvdb ref 
git-svn-id: file:///home/svn/framework3/trunk@12013 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-18 00:16:06 +00:00
Joshua Drake fb6107ffb5 enable java payloads, currently via one-off method 
git-svn-id: file:///home/svn/framework3/trunk@12012 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-17 23:57:11 +00:00
David Rude 36b83cde6f Added exploit for CVE-2010-3747 RealPlayer CDDA URI Code Execution 
git-svn-id: file:///home/svn/framework3/trunk@12009 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-17 15:42:28 +00:00
David Rude 382e63e16e fixed a typo in javascript 
git-svn-id: file:///home/svn/framework3/trunk@12007 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-17 04:40:36 +00:00
Wei Chen 5800608356 Not ready to be part of msf repo, killing it 
git-svn-id: file:///home/svn/framework3/trunk@11993 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-16 20:42:56 +00:00
HD Moore f317d60e04 Fix a few cosmetic issues with the kingview module 
git-svn-id: file:///home/svn/framework3/trunk@11991 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-16 18:04:15 +00:00
Wei Chen 26bee16b5c I should probably add myself as an author. 
git-svn-id: file:///home/svn/framework3/trunk@11990 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-16 16:45:12 +00:00
Mario Ceballos dfd2df6b47 puts this in the appropiate place 
git-svn-id: file:///home/svn/framework3/trunk@11987 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-16 10:22:07 +00:00
Steve Tornio 78d4822d27 add osvdb ref 
git-svn-id: file:///home/svn/framework3/trunk@11986 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-16 10:15:54 +00:00
David Rude eeb1aae9d0 Added Japanese NO NX Target 
git-svn-id: file:///home/svn/framework3/trunk@11985 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-16 07:58:50 +00:00
Joshua Drake 4a1e59be8d oops =D 
git-svn-id: file:///home/svn/framework3/trunk@11983 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-16 05:01:29 +00:00
Joshua Drake 4644110962 add exploit for cve-2010-4452, currently windows only and no payloads :( 
git-svn-id: file:///home/svn/framework3/trunk@11982 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-16 04:50:25 +00:00
Wei Chen 7308a032f9 Added kingview historysvr exploit. by rick2600 & Dillon. 
git-svn-id: file:///home/svn/framework3/trunk@11980 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-16 02:46:20 +00:00
Wei Chen e1ff12292f wrong directory 
git-svn-id: file:///home/svn/framework3/trunk@11978 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-16 02:44:50 +00:00
Wei Chen 36c05de02e Added kingview historysvr exploit. By rick2600 and Dillon. 
git-svn-id: file:///home/svn/framework3/trunk@11977 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-16 02:39:45 +00:00
Mario Ceballos 6d3d0adf93 added exploit module coldfusion_traversal.rb from webDEViL 
git-svn-id: file:///home/svn/framework3/trunk@11974 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-16 01:38:16 +00:00
Steve Tornio abcce881b2 add osvdb ref 
git-svn-id: file:///home/svn/framework3/trunk@11969 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-15 21:56:11 +00:00
Mario Ceballos 8189a1f7a9 added exploit module hp_openview_insight_backdoor.rb 
git-svn-id: file:///home/svn/framework3/trunk@11968 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-15 21:22:07 +00:00
Steve Tornio 45e29834be add osvdb ref 
git-svn-id: file:///home/svn/framework3/trunk@11955 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-14 12:01:55 +00:00
David Rude 76ee9353aa changed exploit ranking to better reflect the privileges required 
git-svn-id: file:///home/svn/framework3/trunk@11954 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-14 10:54:13 +00:00
David Rude a63534107b minor style fix 
git-svn-id: file:///home/svn/framework3/trunk@11953 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-14 05:57:51 +00:00
David Rude 994e6eb450 Exploit for Foxit PDF Reader createDataObject() file write vulnerability 
git-svn-id: file:///home/svn/framework3/trunk@11952 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-14 05:36:33 +00:00
Wei Chen ed6f8b5a78 Updated: Made a slight adjustment to the code format 
git-svn-id: file:///home/svn/framework3/trunk@11945 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-13 07:27:19 +00:00
Wei Chen 74aab1efe4 Added mr_me's kolibri web server head buffer overflow 
git-svn-id: file:///home/svn/framework3/trunk@11944 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-13 07:18:36 +00:00
amaloteaux dce7dd13fe type fix on psexec 
git-svn-id: file:///home/svn/framework3/trunk@11926 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-10 18:46:58 +00:00
Jonathan Cran 79da0ead08 applying description update from zeknox -- thanks! 
git-svn-id: file:///home/svn/framework3/trunk@11923 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-10 05:36:17 +00:00
Tod Beardsley 42531e097f Fixes #3916. Adds a module for mysql delivery of a payload via a UDF, using Bernardo's quite excellent UDF libraries. 
git-svn-id: file:///home/svn/framework3/trunk@11899 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-08 22:42:26 +00:00
amaloteaux 5f6995e8d3 enable ntlmv2 and signing for smb client stack (pth implementation is coming), fixes #11678 and #152 
git-svn-id: file:///home/svn/framework3/trunk@11893 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-07 19:57:53 +00:00
David Rude 695963dde7 Fixed references 
git-svn-id: file:///home/svn/framework3/trunk@11888 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-07 02:28:15 +00:00
David Rude b51c9f8397 oops forgot a , =) 
git-svn-id: file:///home/svn/framework3/trunk@11887 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-06 20:42:37 +00:00
David Rude 6dc0596870 Added Novell iPrint GetDriverSettings <= 5.52 exploit from mr_me thanks 
git-svn-id: file:///home/svn/framework3/trunk@11886 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-06 20:27:06 +00:00
David Rude cdba0d532c Adds a ret for Windows Server 2003 thanks to securityxxpert 
git-svn-id: file:///home/svn/framework3/trunk@11882 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-05 21:00:57 +00:00
Joshua Drake dee18a8995 add office 2007 msxml5 targets from SAHA! THX 
git-svn-id: file:///home/svn/framework3/trunk@11875 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-04 08:39:48 +00:00
Mario Ceballos aa859e2f68 force ordinal payload 
git-svn-id: file:///home/svn/framework3/trunk@11799 4d416f70-5f16-0410-b530-b9f4589650da
 2011-02-23 00:58:54 +00:00
Joshua Drake 8ef05017b8 style compliance fixes, naughty naughty 
git-svn-id: file:///home/svn/framework3/trunk@11796 4d416f70-5f16-0410-b530-b9f4589650da
 2011-02-22 20:49:44 +00:00
Matt Weeks c322534907 Add exploit for CVE-2010-3765, firefox interleaved document.write and appendChild calls. 
git-svn-id: file:///home/svn/framework3/trunk@11773 4d416f70-5f16-0410-b530-b9f4589650da
 2011-02-18 02:23:10 +00:00
Joshua Drake 160c683f18 Add WbemExec mixin, modify MS10-061 to use MOF technique 
git-svn-id: file:///home/svn/framework3/trunk@11766 4d416f70-5f16-0410-b530-b9f4589650da
 2011-02-17 19:22:11 +00:00
Joshua Drake 41f0c2eaa5 typo 
git-svn-id: file:///home/svn/framework3/trunk@11762 4d416f70-5f16-0410-b530-b9f4589650da
 2011-02-17 03:56:15 +00:00
Joshua Drake 8c8b181ffb Update ms11_xxx modules to reflect bulletin release, minor style fixes 
git-svn-id: file:///home/svn/framework3/trunk@11730 4d416f70-5f16-0410-b530-b9f4589650da
 2011-02-08 23:31:44 +00:00
Joshua Drake dafeecdc96 Small fix from Dan Rosenberg 
git-svn-id: file:///home/svn/framework3/trunk@11725 4d416f70-5f16-0410-b530-b9f4589650da
 2011-02-08 18:22:36 +00:00
Joshua Drake 7d72db3e8e More updates from Dan Rosenburg -- Works with DEP now! 
git-svn-id: file:///home/svn/framework3/trunk@11724 4d416f70-5f16-0410-b530-b9f4589650da
 2011-02-08 17:50:05 +00:00
Joshua Drake e06d4d52fe convert VLC module to FileFormat, adjust spray 
git-svn-id: file:///home/svn/framework3/trunk@11705 4d416f70-5f16-0410-b530-b9f4589650da
 2011-02-03 18:16:40 +00:00
Joshua Drake acf9b2088d remove half-browser half-fileformat /misc/ version, but preserve differences in comments in fileformat version 
git-svn-id: file:///home/svn/framework3/trunk@11701 4d416f70-5f16-0410-b530-b9f4589650da
 2011-02-02 21:47:02 +00:00
Joshua Drake 3ac076c20a add exploit for VLC media player WebM processing from Dan Rosenburg 
git-svn-id: file:///home/svn/framework3/trunk@11692 4d416f70-5f16-0410-b530-b9f4589650da
 2011-02-01 18:54:24 +00:00
Joshua Drake a62f1922b3 fix typos, lol? 
git-svn-id: file:///home/svn/framework3/trunk@11662 4d416f70-5f16-0410-b530-b9f4589650da
 2011-01-28 23:56:35 +00:00
Joshua Drake 9682091cca Add SQLI version of MSSQL Payload from Rodrigo Marcos! 
git-svn-id: file:///home/svn/framework3/trunk@11655 4d416f70-5f16-0410-b530-b9f4589650da
 2011-01-27 16:48:07 +00:00
Joshua Drake 81ff9483bf add ms09-004 exploit via sql injection from Rodrigo Marcos 
git-svn-id: file:///home/svn/framework3/trunk@11631 4d416f70-5f16-0410-b530-b9f4589650da
 2011-01-24 19:37:58 +00:00
James Lee d7cda0f85a accept a client argument for get_uri() 
git-svn-id: file:///home/svn/framework3/trunk@11623 4d416f70-5f16-0410-b530-b9f4589650da
 2011-01-22 00:16:57 +00:00
Joshua Drake ae33e3ac71 Fixes #3571, normalize 2k3r2 and fix language defaulting 
git-svn-id: file:///home/svn/framework3/trunk@11614 4d416f70-5f16-0410-b530-b9f4589650da
 2011-01-21 04:09:48 +00:00
James Lee f3bda46333 doesn't work on IE8, fixes #3566, thanks Hauke Mehrtens for the patch 
git-svn-id: file:///home/svn/framework3/trunk@11610 4d416f70-5f16-0410-b530-b9f4589650da
 2011-01-20 19:30:59 +00:00
Joshua Drake b6b9b83dd7 add CVE reference 
git-svn-id: file:///home/svn/framework3/trunk@11579 4d416f70-5f16-0410-b530-b9f4589650da
 2011-01-14 16:25:37 +00:00
Joshua Drake ffbea6199f Do not wait for the DCERPC call to timeout 
git-svn-id: file:///home/svn/framework3/trunk@11545 4d416f70-5f16-0410-b530-b9f4589650da
 2011-01-11 17:56:27 +00:00
Joshua Drake 739604ea12 Fixes #3469, silly typo 
git-svn-id: file:///home/svn/framework3/trunk@11520 4d416f70-5f16-0410-b530-b9f4589650da
 2011-01-08 05:58:55 +00:00
Joshua Drake d994f595fe remove unused vars 
git-svn-id: file:///home/svn/framework3/trunk@11517 4d416f70-5f16-0410-b530-b9f4589650da
 2011-01-08 01:59:10 +00:00
Joshua Drake 287f4c87fe style compliance fixes 
git-svn-id: file:///home/svn/framework3/trunk@11516 4d416f70-5f16-0410-b530-b9f4589650da
 2011-01-08 01:13:26 +00:00
Joshua Drake 19e8a6a5b1 switch AutoRunScript for InitialAutoRunScript, oops 
git-svn-id: file:///home/svn/framework3/trunk@11513 4d416f70-5f16-0410-b530-b9f4589650da
 2011-01-08 00:25:44 +00:00
Joshua Drake 452ab6f301 updated description 
git-svn-id: file:///home/svn/framework3/trunk@11506 4d416f70-5f16-0410-b530-b9f4589650da
 2011-01-07 17:51:34 +00:00
Joshua Drake f7e70e8d42 add an automatic target and now includes Office XP SP3 
git-svn-id: file:///home/svn/framework3/trunk@11505 4d416f70-5f16-0410-b530-b9f4589650da
 2011-01-07 17:48:29 +00:00
Jonathan Cran a206ed8418 clarifying wmi tools are not installed by default 
git-svn-id: file:///home/svn/framework3/trunk@11481 4d416f70-5f16-0410-b530-b9f4589650da
 2011-01-06 05:27:37 +00:00
Joshua Drake bc7a8e3b47 fix silly merge conflict data in HTML 
git-svn-id: file:///home/svn/framework3/trunk@11479 4d416f70-5f16-0410-b530-b9f4589650da
 2011-01-05 22:52:54 +00:00
Joshua Drake f0202c3350 add MSFT advisory references 
git-svn-id: file:///home/svn/framework3/trunk@11473 4d416f70-5f16-0410-b530-b9f4589650da
 2011-01-04 23:00:45 +00:00
James Lee 1735dc8cb2 add bid reference, thanks jjarmoc 
git-svn-id: file:///home/svn/framework3/trunk@11472 4d416f70-5f16-0410-b530-b9f4589650da
 2011-01-04 22:08:33 +00:00
Joshua Drake 152eb80710 fix debug target, adjust File reference 
git-svn-id: file:///home/svn/framework3/trunk@11469 4d416f70-5f16-0410-b530-b9f4589650da
 2011-01-04 16:55:58 +00:00
Steve Tornio 4a1f45c633 add osvdb ref 
git-svn-id: file:///home/svn/framework3/trunk@11467 4d416f70-5f16-0410-b530-b9f4589650da
 2011-01-04 16:15:43 +00:00
Joshua Drake 4fc19971ae add exploit for cve-2010-3970 
git-svn-id: file:///home/svn/framework3/trunk@11466 4d416f70-5f16-0410-b530-b9f4589650da
 2011-01-04 15:30:29 +00:00
Joshua Drake a59dcc512b switch target to p/p/r that works on multiple versions 
git-svn-id: file:///home/svn/framework3/trunk@11459 4d416f70-5f16-0410-b530-b9f4589650da
 2011-01-02 09:56:43 +00:00
Joshua Drake 540bd3692c add fileformat exploit for cve-2010-3333 
git-svn-id: file:///home/svn/framework3/trunk@11450 4d416f70-5f16-0410-b530-b9f4589650da
 2010-12-29 20:30:50 +00:00
Joshua Drake 08df4dac3b randomize import styles, patch from jjarmoc 
git-svn-id: file:///home/svn/framework3/trunk@11443 4d416f70-5f16-0410-b530-b9f4589650da
 2010-12-29 16:49:20 +00:00
Joshua Drake b3bfb5834e change credit to passerby 
git-svn-id: file:///home/svn/framework3/trunk@11427 4d416f70-5f16-0410-b530-b9f4589650da
 2010-12-28 17:10:19 +00:00
HD Moore a8cb5ee259 Updated return address from Tyler Reguly 
git-svn-id: file:///home/svn/framework3/trunk@11407 4d416f70-5f16-0410-b530-b9f4589650da
 2010-12-25 06:01:12 +00:00
Joshua Drake 5f5d2992ce add reference to 0x557 slides (for .NET 2.0 rop) 
git-svn-id: file:///home/svn/framework3/trunk@11405 4d416f70-5f16-0410-b530-b9f4589650da
 2010-12-23 01:36:54 +00:00
Joshua Drake cdfe03ce43 add MSFT advisory and CVE 
git-svn-id: file:///home/svn/framework3/trunk@11404 4d416f70-5f16-0410-b530-b9f4589650da
 2010-12-23 01:30:43 +00:00
Steve Tornio 09b00739fb add osvdb ref 
git-svn-id: file:///home/svn/framework3/trunk@11402 4d416f70-5f16-0410-b530-b9f4589650da
 2010-12-22 22:21:56 +00:00
Joshua Drake 4ddd78c4de add a couple targets 
git-svn-id: file:///home/svn/framework3/trunk@11399 4d416f70-5f16-0410-b530-b9f4589650da
 2010-12-22 19:14:29 +00:00
Joshua Drake 0f24d1955c minor corrections, use .NET 2.0 ROP :) 
git-svn-id: file:///home/svn/framework3/trunk@11398 4d416f70-5f16-0410-b530-b9f4589650da
 2010-12-22 18:26:18 +00:00
Joshua Drake 44c8a71dcf minor clean ups 
git-svn-id: file:///home/svn/framework3/trunk@11397 4d416f70-5f16-0410-b530-b9f4589650da
 2010-12-22 18:23:16 +00:00
Mario Ceballos 1407d7f1d5 revert back. little more reliable. 
git-svn-id: file:///home/svn/framework3/trunk@11396 4d416f70-5f16-0410-b530-b9f4589650da
 2010-12-22 17:40:13 +00:00
Mario Ceballos d89c60f2de add exploit module wmi_admintools.rb 
git-svn-id: file:///home/svn/framework3/trunk@11395 4d416f70-5f16-0410-b530-b9f4589650da
 2010-12-22 14:35:36 +00:00
Joshua Drake 5fb2bfc969 fix super busted mssql_payload some more 
git-svn-id: file:///home/svn/framework3/trunk@11392 4d416f70-5f16-0410-b530-b9f4589650da
 2010-12-21 20:36:34 +00:00
Joshua Drake 7db17e323e fix super busted mssql_payload, oops 
git-svn-id: file:///home/svn/framework3/trunk@11391 4d416f70-5f16-0410-b530-b9f4589650da
 2010-12-21 20:20:20 +00:00
Joshua Drake c4c0cabccb switch to .NET 2.0 ROP, Merry Xmas! 
git-svn-id: file:///home/svn/framework3/trunk@11390 4d416f70-5f16-0410-b530-b9f4589650da
 2010-12-21 19:24:19 +00:00
Joshua Drake 5d2f26b41b add exploit for unpatched IE css import bug 
git-svn-id: file:///home/svn/framework3/trunk@11383 4d416f70-5f16-0410-b530-b9f4589650da
 2010-12-20 16:34:07 +00:00
Joshua Drake b8b0e1af97 fix typo 
git-svn-id: file:///home/svn/framework3/trunk@11380 4d416f70-5f16-0410-b530-b9f4589650da
 2010-12-20 09:11:45 +00:00
James Lee f1c13e24a6 remove erroneous OUTPUTPATH overriding the sane one from the fileformat mixin 
git-svn-id: file:///home/svn/framework3/trunk@11353 4d416f70-5f16-0410-b530-b9f4589650da
 2010-12-16 20:11:01 +00:00
Joshua Drake 6a5ebf2d91 fix nil access 
git-svn-id: file:///home/svn/framework3/trunk@11344 4d416f70-5f16-0410-b530-b9f4589650da
 2010-12-15 19:49:40 +00:00
James Lee f15e6e5e62 update autopwn, replace ms10-018 behaviors with ms10-090 css clip. 
git-svn-id: file:///home/svn/framework3/trunk@11333 4d416f70-5f16-0410-b530-b9f4589650da
 2010-12-14 18:53:22 +00:00
Joshua Drake af56bebfa1 note ms10-090 bulletin 
git-svn-id: file:///home/svn/framework3/trunk@11331 4d416f70-5f16-0410-b530-b9f4589650da
 2010-12-14 18:41:20 +00:00
Joshua Drake 6a4e52f667 Account for SEH offset depending on the path 
git-svn-id: file:///home/svn/framework3/trunk@11282 4d416f70-5f16-0410-b530-b9f4589650da
 2010-12-10 23:35:58 +00:00
Tod Beardsley 0204cedca6 Makes the print_status displays more consistent between smb_login and psexec by moving some of the domain display functions up into exploit/smb proper. 
git-svn-id: file:///home/svn/framework3/trunk@11204 4d416f70-5f16-0410-b530-b9f4589650da
 2010-12-02 17:29:26 +00:00
James Lee 3fdfb3e945 syntax errors 
git-svn-id: file:///home/svn/framework3/trunk@11195 4d416f70-5f16-0410-b530-b9f4589650da
 2010-12-01 19:26:57 +00:00
Joshua Drake 9156509c58 clarify authors list 
git-svn-id: file:///home/svn/framework3/trunk@11192 4d416f70-5f16-0410-b530-b9f4589650da
 2010-12-01 16:23:04 +00:00
Steve Tornio e6f640bc17 add cve and osvdb refs 
git-svn-id: file:///home/svn/framework3/trunk@11189 4d416f70-5f16-0410-b530-b9f4589650da
 2010-12-01 03:18:05 +00:00
Mario Ceballos 14ea7a85bb svn keywords 
git-svn-id: file:///home/svn/framework3/trunk@11188 4d416f70-5f16-0410-b530-b9f4589650da
 2010-12-01 02:03:25 +00:00
Mario Ceballos 5ed387aa38 added exploit module enjoysapgui_comp_download.rb 
git-svn-id: file:///home/svn/framework3/trunk@11187 4d416f70-5f16-0410-b530-b9f4589650da
 2010-12-01 02:01:46 +00:00