Commit Graph

22073 Commits (dba0e9bf77a623f278aa0b36fddd07c9c6a1daf8)

Author SHA1 Message Date
sinn3r 2f6a77861a
Land #2731 - vBulletin nodeid SQL injection (exploit) 2013-12-09 02:22:07 -06:00
sinn3r feca3efafb
Land #2728 - vBulletin Password Collector via nodeid SQL Injection 2013-12-09 02:12:42 -06:00
sinn3r 92412279ae Account for failed cred gathering attempts
Sometimes the SQL error doesn't contain the info we need.
2013-12-09 02:11:46 -06:00
Joe Vennix cd66cca8a1 Make browser autopwn datastore use OptRegexp. 2013-12-08 17:46:33 -06:00
Joe Vennix df76651834 Make sure loot is named correctly. 2013-12-08 14:31:18 -06:00
Joe Vennix 7f3ab14179 Make pipe part of /bin/bash cmd. 2013-12-08 14:27:28 -06:00
Joe Vennix 9b34a8f1ad Supports 10.3 2013-12-08 14:26:16 -06:00
Joe Vennix f981a04918 Fix MATCHUSER bug.
* Also add spacing and indentation for better readability.
* Refactors grab_shadow_blob method.
2013-12-08 14:21:48 -06:00
Meatballs 45a0ac9e68
Land #2602, Windows Extended API
Retrieve clipboard data
Retrieve window handles
Retrieve service information
2013-12-08 19:01:35 +00:00
Meatballs e5a92a18a5
and expand path 2013-12-08 19:01:03 +00:00
Meatballs 3c67f1c6a9
Fix file download 2013-12-08 18:57:10 +00:00
Joe Vennix eacab1b2ad Fix description, kill dead constant. 2013-12-07 22:28:16 -06:00
Joe Vennix 969f45fd32 Refactor OSX hashdump post module.
* Adds support for MATCHUSER regex option
* Adds support for OSX 10.8 and 10.9 hashes (PBKDF2)
* DRYs up a bunch of older code, adds lots of helper fns
* Ends up shaving off ~20 lines
2013-12-07 22:22:23 -06:00
dmaloney-r7 0c5d748fca Merge pull request #1103 from scriptjunkie/dllinjectfix
Support silent shellcode injection into DLLs
2013-12-07 19:47:34 -08:00
scriptjunkie f4636c46a6
Removing unused endjunk, sections_end, cert_entry 2013-12-07 20:55:51 -06:00
scriptjunkie 77e9996501
Mitigate metasm relocation error by disabling ASLR
Deal with import error by actually using the GetProcAddress code.
2013-12-07 20:54:13 -06:00
scriptjunkie 8d33138489 Support silent shellcode injection into DLLs
Only run code on DLL_PROCESS_ATTACH, preventing infinite loop otherwise:
Added code would create thread -> calls DLL entry point -> calling added code...
2013-12-07 19:44:17 -06:00
Joe Vennix c6eac67ab5 Kill meterpreter support for osx media modules.
There is some bug that I haven't been able to track down that causes the
osx call to run the event queue to just hang on latest OSX + Java/python
meterpreter. I tried rewriting these modules using OSX's new Media API,
but I run into the same problem. Until I find a solution, we should mark
these shell-only.
2013-12-07 17:46:26 -06:00
joev c51e9036ae
Merge branch 'land_mipsbe_xor_encoder' into upstream-master 2013-12-07 17:28:57 -06:00
jvazquez-r7 75fb38fe8d
Land #2724, @wchen-r7 and @jvennix-r7's module for CVE-2013-6414 2013-12-07 14:26:46 -06:00
jvazquez-r7 fdebfe3d2f Add references 2013-12-07 14:25:58 -06:00
jvazquez-r7 f77784cd0d
Land #2723, @denandz's module for OSVDB-100423 2013-12-06 17:32:07 -06:00
DoI 3ed293a1d0 Merge pull request #1 from jvazquez-r7/review_2723
Review uptime_file_upload
2013-12-06 15:29:15 -08:00
jvazquez-r7 3729c53690 Move uptime_file_upload to the correct location 2013-12-06 15:57:52 -06:00
jvazquez-r7 2ff9c31747 Do minor clean up on uptime_file_upload 2013-12-06 15:57:22 -06:00
sinn3r adc241faf8 Last one, I say 2013-12-06 15:52:42 -06:00
sinn3r 17193e06a9 Last commit, I swear 2013-12-06 15:49:44 -06:00
sinn3r 58a70779ac Final update 2013-12-06 15:48:59 -06:00
sinn3r 9f5768ae37 Another update 2013-12-06 14:53:35 -06:00
sinn3r af16f11784 Another update 2013-12-06 14:39:26 -06:00
jvazquez-r7 d47292ba10 Add module for CVE-2013-3522 2013-12-06 13:50:12 -06:00
sinn3r 87e77b358e Use the correct URI 2013-12-06 12:08:19 -06:00
sinn3r 5d4acfa274 Plenty of changes 2013-12-06 11:57:02 -06:00
bmerinofe 5e5fd6b01a Unless replaced 2013-12-06 15:01:35 +01:00
Meatballs 6f02744d46
Land #2730 Typo in mswin_tiff_overflow 2013-12-06 12:32:37 +00:00
Meatballs 3aebe968bb
Land #2721 Reflective DLL Mixin
Adds support to load a dll and identify the ReflectiveLoader offset.
Adds support to inject dll into process and execute it.

Updates kitrap0d, ppr_flatten_rec, reflective_dll_inject modules and
payload modules to use above features.
2013-12-06 12:26:51 +00:00
sinn3r d0adc193b3
Land #2729 - Allow manual self-destruct via "kill -s" 2013-12-06 01:29:48 -06:00
sinn3r 89ef1d4720 Fix a typo in mswin_tiff_overflow 2013-12-06 00:44:12 -06:00
OJ e90b7641ca Allow self-destruct via "kill -s"
HTTP(s) payloads don't exit cleanly at the moment. This is an issue that's
being addressed through other work. However, there's a need to be able to
terminate the current HTTP(s) session forcably.

This commit add a -s option to kill, which (when specified) will kill
the current session.
2013-12-06 14:56:19 +10:00
OJ bea0f8c18e Change client to session in tests 2013-12-06 13:43:47 +10:00
OJ 4ca48308c1 Fix downloading of files 2013-12-06 13:40:20 +10:00
DoI 3d327363af uptime_file_upload code tidy-ups 2013-12-06 13:45:22 +13:00
OJ 155836ddf9 Adjusted style as per egypt's points 2013-12-06 10:08:38 +10:00
sinn3r c07686988c random uri 2013-12-05 18:07:24 -06:00
OJ 73d3ea699f Remove the last redundant error check 2013-12-06 09:32:21 +10:00
OJ ccbf305de1 Remove exception stuff from the payloads 2013-12-06 09:26:46 +10:00
jvazquez-r7 e4c6413643
Land #2718, @wchen-r7's deletion of @peer on HttpClient modules 2013-12-05 17:25:59 -06:00
OJ 5a0a2217dc Add exception if DLL isn't RDI enabled 2013-12-06 09:18:08 +10:00
jvazquez-r7 f2f8c08c8e Use blank? method 2013-12-05 16:36:44 -06:00
OJ 2cb991cace Shuffle RDI stuff into more appropriate structure
Now broken into two modules, one for loading RDI DLLs off disk and
finding the loader function offset, and another for doing the process
specific stuff of loading into the target.
2013-12-06 08:25:24 +10:00