infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
21,904 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

3679 Commits (ddbd5858e07c1a35f7792788a3e1d15121a569ec)

Author SHA1 Message Date
Meatballs c5daf939d1 Stabs tabassassin 2013-09-05 20:36:52 +01:00
Tab Assassin d0360733d7 Retab changes for PR #2282 2013-09-05 14:05:34 -05:00
Tab Assassin 49dface180 Merge for retab 2013-09-05 14:05:28 -05:00
Meatballs 9787bb80e7 Address @jlee-r7's feedback 2013-09-05 19:57:05 +01:00
Tab Assassin 845bf7146b Retab changes for PR #2304 2013-09-05 13:41:25 -05:00
Tab Assassin adf9ff356c Merge for retab 2013-09-05 13:41:23 -05:00
jvazquez-r7 5c06a471f9 Get the call result 2013-09-05 08:33:35 -05:00
jvazquez-r7 3681955f68 Use Msf::Config.data_directory 2013-09-05 08:28:50 -05:00
jvazquez-r7 6b1d7545d6 Refactor, avoid duplicate code 2013-09-05 08:26:49 -05:00
jvazquez-r7 b6245eea72 Update target info 2013-09-04 16:43:26 -05:00
jvazquez-r7 34b3ee5e17 Update ranking and description 2013-09-04 16:10:15 -05:00
jvazquez-r7 94125a434b Add module for ZDI-13-205 2013-09-04 15:57:22 -05:00
Meatballs 3066e7e19d ReverseConnectRetries ftw 2013-09-04 00:16:19 +01:00
Meatballs a8e77c56bd Updates 2013-09-03 22:46:20 +01:00
Meatballs ac0c493cf9 Merge branch 'master' of github.com:rapid7/metasploit-framework into local_win_priv_keyring 2013-09-03 21:33:11 +01:00
Tab Assassin 84aaf2334a Retab new material 2013-09-03 11:47:26 -05:00
Tab Assassin 0c1e6546af Update from master 2013-09-03 11:45:39 -05:00
Tod Beardsley ca8dacb93b Minor module description updates for grammar. 2013-09-03 10:31:45 -05:00
sinn3r ac0b14e793 Add the missing CVE reference 
Was looking at all the 2013 exploit modules for missing CVE references
 2013-08-31 18:54:16 -05:00
sinn3r 0736677a01 Land #2299 - Add powershell support & removes ADODB.Stream requirement 2013-08-31 00:32:23 -05:00
Tab Assassin 41e4375e43 Retab modules 2013-08-30 16:28:54 -05:00
jvazquez-r7 5b32c63a42 Land #2308, @wchen-r7's exploit for MS13-059 2013-08-30 10:59:36 -05:00
jvazquez-r7 ea8cd2dc46 Update authors list 2013-08-30 10:52:39 -05:00
sinn3r a283f1d4fa Correct module title 2013-08-30 10:50:35 -05:00
sinn3r f4e09100bd Correct file name 2013-08-30 10:50:05 -05:00
sinn3r 38dbab9dd0 Fix typos 2013-08-30 10:43:26 -05:00
sinn3r 0a1b078bd8 Add CVE-2013-3184 (MS13-058) CFlatMarkupPointer Use After Free 
Please see module description for more info.
 2013-08-30 03:16:28 -05:00
jvazquez-r7 657be3a3d9 Fix typo 2013-08-29 14:42:59 -05:00
jvazquez-r7 4a6bf1da7f Add module for ZDI-13-207 2013-08-29 14:09:45 -05:00
James Lee 63adde2429 Fix load order in posts, hopefully forever 2013-08-29 13:37:50 -05:00
Meatballs a12f5092dd Encode the powershell cmd 2013-08-28 22:37:11 +01:00
Meatballs aa0563244b Update unsafe scripting module 2013-08-28 22:30:46 +01:00
sinn3r b0226cab79 Land #2290 - HP LoadRunner lrFileIOService ActiveX Vulnerability 2013-08-27 11:19:43 -05:00
jvazquez-r7 997c5e5516 Land #2291, @todb-r7's patch for oracle_endeca_exec's requires 2013-08-27 11:01:21 -05:00
Tod Beardsley 15b741bb5f Require the powershell mixin explicitly 2013-08-27 10:36:51 -05:00
jvazquez-r7 f59f57e148 Randomize object id 2013-08-27 10:35:06 -05:00
jvazquez-r7 66fa1b41aa Fix logic to spray correctly IE9 2013-08-27 09:57:55 -05:00
sinn3r 7a4d781538 Land #2274 - Firefox XMLSerializer Use After Free 2013-08-26 20:53:42 -05:00
violet 4cbdf38377 updated contact info 
MASTER OF DISASTER

ULTRA LASER

:::::::-.  :::::::..        :::::::-.      ...         ...     .        :
 ;;,   `';,;;;;``;;;;        ;;,   `';, .;;;;;;;.   .;;;;;;;.  ;;,.    ;;;
 `[[     [[ [[[,/[[['        `[[     [[,[[     \[[,,[[     \[[,[[[[, ,[[[[,
  $$,    $$ $$$$$$c           $$,    $$$$$,     $$$$$$,     $$$$$$$$$$$"$$$
  888_,o8P' 888b "88bo,d8b    888_,o8P'"888,_ _,88P"888,_ _,88P888 Y88" 888o
  MMMMP"`   MMMM   "W" YMP    MMMMP"`    "YMMMMMP"   "YMMMMMP" MMM  M'  "MMM
 2013-08-26 16:14:49 -07:00
Tod Beardsley 6b15a079ea Update for grammar in descriptions on new modules. 2013-08-26 14:52:51 -05:00
Meatballs 05f1622fcb Fix require 2013-08-26 16:21:18 +01:00
Meatballs 3b9ded5a8e BypassUAC now checks if the process is LowIntegrityLevel 
and fails if so. Some small improvements made to Post::Priv
and BypassUAC module.
 2013-08-26 13:54:55 +01:00
jvazquez-r7 f8d1d29648 Add module for ZDI-13-182 2013-08-25 23:07:08 -05:00
jvazquez-r7 82cf812311 Switch to PrependMigrate 2013-08-24 10:46:04 -05:00
sinn3r 7b5e98d57e Land #2269 - Oracle Endeca Server Remote Command Execution 2013-08-23 15:40:31 -05:00
jvazquez-r7 ad214da3de Switch to powershell to exec payload 2013-08-23 14:39:29 -05:00
jvazquez-r7 a45f49e3b7 Use a new Ranking 2013-08-23 08:49:58 -05:00
jvazquez-r7 ff6ad30be0 Add module for ZDI-13-006 2013-08-22 18:15:35 -05:00
jvazquez-r7 965e2d88fe Use normalize_uri 2013-08-21 16:49:24 -05:00
jvazquez-r7 b72566b8aa Add module for ZDI-13-190 2013-08-21 12:47:47 -05:00
Tod Beardsley ca313806ae Trivial grammar and word choice fixes for modules 2013-08-19 13:24:42 -05:00
Steve Tornio abd4fb778f add osvdb ref for chasys overflow 2013-08-18 06:35:28 -05:00
sinn3r a75a4906f2 Description update 2013-08-16 23:28:24 -05:00
jvazquez-r7 a8cc15db20 Add module for ZDI-13-178 2013-08-16 18:13:18 -05:00
HD Moore 6c1ba9c9c9 Switch to Failure vs Exploit::Failure 2013-08-15 14:14:46 -05:00
sinn3r 98e0053dc6 Fix indent level 2013-08-14 13:07:01 -05:00
bcoles 7145a85fb4 Add MiniWeb (Build 300) Arbitrary File Upload 2013-08-15 01:01:46 +09:30
jvazquez-r7 31cbc270fd Favor unless over if for negative condition 2013-08-13 08:46:12 -05:00
jvazquez-r7 bc9a26d4ee Fix condition 2013-08-12 23:05:26 -05:00
jvazquez-r7 568181de84 Add sthetic spaces 2013-08-12 22:33:34 -05:00
jvazquez-r7 6d70d4924e Land #2206, @PsychoSpy module for OSVDB 94097 2013-08-12 22:27:03 -05:00
jvazquez-r7 7981601eb8 Do final cleanup on intrasrv_bof 2013-08-12 22:24:53 -05:00
sinn3r 2d3c2c1c87 Set default target to 0 because there's only one 2013-08-12 20:01:23 -05:00
sinn3r c0335cee26 Land #2214 - CVE-2013-3928: Chasys Draw IES Buffer Overflow 2013-08-12 19:16:02 -05:00
sinn3r 7562324d96 Land #2210 - CVE-2013-5019: Ultra Mini HTTPD Stack Buffer Overflow 2013-08-12 19:13:58 -05:00
sinn3r 51d9c59dcd Extra tabs, bye 2013-08-12 19:13:20 -05:00
Nathan Einwechter db78ffcc46 ... 2013-08-12 18:21:10 -04:00
Nathan Einwechter 49bcec5c92 Additional cleanup 2013-08-12 18:20:03 -04:00
jvazquez-r7 b3f229ff59 Add module for CVE-2013-3928 2013-08-12 17:18:30 -05:00
Nathan Einwechter 7014322dfd Code cleanup 2013-08-12 18:16:00 -04:00
Nathan Einwechter 264fe32705 Added new badchars 2013-08-12 18:08:49 -04:00
Nathan Einwechter bbc93b2a58 msftidy 2013-08-12 15:14:01 -04:00
Nathan Einwechter 28f030494e Use tcp mixin/clean corrupt bytes 2013-08-12 15:12:15 -04:00
jvazquez-r7 8ac01d3b8e Fix description and make it aggressive 2013-08-12 11:19:25 -05:00
Nathan Einwechter 7854c452d2 Added more payload padding 2013-08-12 11:10:10 -04:00
Nathan Einwechter 9f33a59dc2 Fix target ret 2013-08-12 11:04:55 -04:00
Nathan Einwechter 6f96445b42 Change target ret/cleanup 2013-08-12 10:13:48 -04:00
Nathan Einwechter a35d548979 Use HttpClient 2013-08-12 10:01:01 -04:00
bcoles d63d7bc7da Add Open-FTPD 1.2 Writable Directory Traversal Execution 2013-08-12 08:49:49 +09:30
Nathan Einwechter 896320ed42 fix typo 2013-08-11 16:48:43 -04:00
Nathan Einwechter 4b14fa53e0 tidy debugs 2013-08-11 16:39:41 -04:00
Nathan Einwechter 90ef224c46 Implement CVE-2012-5019 2013-08-11 16:33:40 -04:00
Nathan Einwechter 185ef2ecae msftidy 2013-08-10 16:01:44 -04:00
Nathan Einwechter 6fe4e3dd0e Added Intrasrv 1.0 BOF 2013-08-10 15:56:07 -04:00
sinn3r 5128458c90 Land #2201 - Better check for ppr_flatten_rec 2013-08-09 14:44:23 -05:00
sinn3r 021c358159 Land #2203 - Fix regex for x64 detection 2013-08-09 13:23:38 -05:00
Sagi Shahar 7178633140 Fixed architecture detection in bypassuac modules 2013-08-09 03:42:02 +02:00
Meatballs 318280fea7 Add 7/2k8 RTM versions 2013-08-08 20:02:14 +01:00
Meatballs d64352652f Adds unsupported Vista versions 2013-08-08 19:58:40 +01:00
Meatballs 08c32c250f File versions 2013-08-08 19:42:14 +01:00
sinn3r a03d71d60e Land #2181 - More targets for hp_sys_mgmt_exec 
Thanks mwulftange!
 2013-08-08 13:35:33 -05:00
jvazquez-r7 0f975da5f4 Update target info and something else... 2013-08-07 16:00:06 -05:00
jvazquez-r7 d1beb313f6 Add module for 2013-1690 2013-08-07 15:36:54 -05:00
jvazquez-r7 9790181dd2 Land #2176, @wchen-r7's fix for [TestRM #8272] 2013-08-05 13:10:25 -05:00
Tod Beardsley 40f015f596 Avoid require race with powershell 2013-08-05 09:56:32 -05:00
Tod Beardsley a885ff9bcc Use consistent caps for 'PowerShell' 2013-08-05 09:33:49 -05:00
Tod Beardsley 5ea67586c8 Rewrite description for MS13-005 
The first part of the description was copy-pasted from

http://packetstormsecurity.com/files/122588/ms13_005_hwnd_broadcast.rb.txt

which contained some grammatical errors. Please try to avoid cribbing
other researchers' descriptions directly for Metasploit modules.
 2013-08-05 09:29:29 -05:00
Tod Beardsley e7206af5b5 OSVDB and comment doc fixes 2013-08-05 09:08:17 -05:00
Markus Wulftange 8cc07cc571 Merge Linux and Windows exploit in multi platform exploit 2013-08-02 18:49:03 +02:00
Ruslaideemin f927d1d7d3 Increase exploit reliability 
From some limited testing, it appears that this exploit is
missing \x0d\x0a in the bad chars. If the generated payload / hunter
or egg contain that combination, it seems to cause reliability issues
and exploitation fails.

The home page for this software can be found at
http://www.leighb.com/intrasrv.htm
 2013-08-02 09:06:20 +10:00
Markus Wulftange 4a127c2ed2 Add hp_sys_mgmt_exec module for Linux and enhance module for Windows 
The hp_sys_mgmt_exec module for Linux is a port of the Windows module with minor changes due to the requirement of quotes. It also uses Perl instead of PHP as PHP may not always be in the environment PATH. Although the Windows module works perfectly, it now uses the same technique to encode the command (thankfully, PHP adopted major syntax characteristics and functions from Perl).
 2013-07-31 22:05:25 +02:00
sinn3r 8c47f1df2d We don't need this option anymore 2013-07-31 03:30:34 -05:00
sinn3r af0046658b Change the way file is stored 2013-07-31 03:28:24 -05:00
Tod Beardsley 7e539332db Reverting disaster merge to 593363c5f with diff 
There was a disaster of a merge at 6f37cf22eb that is particularly
difficult to untangle (it was a bad merge from a long-running local
branch).

What this commit does is simulate a hard reset, by doing thing:

 git checkout -b reset-hard-ohmu
 git reset --hard 593363c5f9
 git checkout upstream-master
 git checkout -b revert-via-diff
 git diff --no-prefix upstream-master..reset-hard-ohmy > patch
 patch -p0 < patch

Since there was one binary change, also did this:

 git checkout upstream-master data/exploits/CVE-2012-1535/Main.swf

Now we have one commit that puts everything back. It screws up
file-level history a little, but it's at least at a point where we can
move on with our lives. Sorry.
 2013-07-29 21:47:52 -05:00
jvazquez-r7 05be76ecb7 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-29 16:41:22 -05:00
sinn3r ab75d00f8a Land #2169 - Description update 2013-07-29 14:24:57 -05:00
Meatballs 7801eadbc2 psh description 2013-07-29 19:14:12 +01:00
jvazquez-r7 455569aee8 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-29 12:10:12 -05:00
jvazquez-r7 3a05993f16 Make msftidy happy and warn user about long times 2013-07-29 11:45:30 -05:00
Tod Beardsley 37312f2aa9 Module, singular 2013-07-29 10:58:36 -05:00
Tod Beardsley 11e9cca855 Spelling and description touch ups. 2013-07-29 10:57:19 -05:00
Meatballs 234e49d982 Add type technique 2013-07-26 23:33:16 +01:00
jvazquez-r7 805a9675a7 Modify the check for Integrity Level and Allow dropt o fs 2013-07-26 14:54:50 -05:00
Meatballs 12a58c730a Small fix 2013-07-26 10:15:47 +01:00
Meatballs 6a13ed0371 Missing include 2013-07-26 03:18:17 +01:00
Meatballs 72b8891ba3 Check for low integrity 2013-07-26 03:16:45 +01:00
Meatballs 030640d5bc back to cmd 2013-07-26 03:00:36 +01:00
Meatballs d3f3e5d63e Working with psh download 2013-07-26 02:29:55 +01:00
Meatballs b99ad41a64 Add api constants and tidy 2013-07-26 01:48:39 +01:00
Meatballs 0235e6803d Initial working 2013-07-25 23:24:11 +01:00
jvazquez-r7 5014919198 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-25 09:02:20 -05:00
Sean Verity dff35c0820 Minor update to Target Selection. Refer to comments on #2128. 2013-07-24 19:02:47 -04:00
Sean Verity d478df520f Merge remote-tracking branch 'rapid7/master' 
Starting fresh.
 2013-07-24 18:31:53 -04:00
jvazquez-r7 e9a4f6d5da Merge branch 'dll_fix' of https://github.com/Meatballs1/metasploit-framework 2013-07-24 14:00:52 -05:00
Meatballs 44cae75af1 Cleanup 2013-07-24 19:52:59 +01:00
jvazquez-r7 dbad1a5e4c Clean up description 2013-07-24 12:02:33 -05:00
jvazquez-r7 18dbdb828f Land #2133, @Meatballs1's exploit for PSH Web Delivery 2013-07-24 12:01:37 -05:00
Meatballs f79d3f7591 Shorten cmd 2013-07-24 17:48:03 +01:00
jvazquez-r7 47c21dfe85 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-24 11:42:11 -05:00
Meatballs 8103baf21a Update title 2013-07-24 17:29:23 +01:00
Meatballs 18ac83bec1 Final updates and tidy 2013-07-24 17:28:19 +01:00
jvazquez-r7 b0c17fdebc Land #2002, @jlee-r7's patch for better handling uri resources 2013-07-23 15:49:21 -05:00
jvazquez-r7 99a345f8d1 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-22 13:54:26 -05:00
Tod Beardsley 164153f1e6 Minor updates to titles and descriptions 2013-07-22 13:04:54 -05:00
jvazquez-r7 15b0e39617 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-21 13:47:40 -05:00
sinn3r e7e712fa01 EOL fix 2013-07-20 19:54:05 -05:00
sinn3r ab515fb66d Add the file format version of CVE-2013-1017 2013-07-20 19:50:09 -05:00
Meatballs fe405d2187 Tidyup info 2013-07-19 23:50:59 +01:00
Meatballs 6fab3f6308 Add powershell cmdline 2013-07-19 23:24:54 +01:00
Meatballs d1fdcfff91 Initial commit 2013-07-19 19:33:55 +01:00
Sean Verity f16ed32848 Added '2003 R2 SP2' to target selection 2013-07-19 09:57:09 -04:00
jvazquez-r7 bdfad076b4 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-18 15:43:58 -05:00
jvazquez-r7 cb108a8253 Add module for ZDI-13-147 2013-07-18 15:37:11 -05:00
jvazquez-r7 efb8591a49 Update apple_quicktime_rdrf references 2013-07-18 13:57:31 -05:00
jvazquez-r7 1a5e0e10a5 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-18 13:53:57 -05:00
sinn3r b90e1d54e2 Land #2117 - HP Managed Printing Administration jobAcct Command Exec 2013-07-18 13:21:11 -05:00
sinn3r 280529f885 Make some changes to the description 2013-07-18 13:20:36 -05:00
jvazquez-r7 52079c960f Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-18 12:52:42 -05:00
sinn3r b94cde1d65 Name change for pyoor 2013-07-18 10:50:25 -05:00
jvazquez-r7 104edd8e93 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-18 10:38:53 -05:00
jvazquez-r7 3780b1b59f Add module for ZDI-11-352 2013-07-18 09:39:55 -05:00
jvazquez-r7 bf023f261a Delete comma 2013-07-17 20:46:03 -05:00
jvazquez-r7 7ee4855345 Fix msftidy and delete duplicate stack adjustment 2013-07-17 20:45:54 -05:00
sinn3r 6713fb1609 Fix typos 2013-07-17 18:06:40 -05:00
sinn3r 9ae7c80b15 Add more targets plus some other corrections 2013-07-17 14:43:41 -05:00
sinn3r c85b994c07 Add CVE-2013-1017: Apple Quicktime Invalid Atom Length BoF 
This module exploits a vulnerability found in Apple Quicktime. The
flaw is triggered when Quicktime fails to properly handle the data
length for certain atoms such as 'rdrf' or 'dref' in the Alis record,
which may result a buffer overflow by loading a specially crafted .mov
file, and allows arbitrary code execution under the context of the user.
 2013-07-17 13:45:05 -05:00
jvazquez-r7 c7361043ae up to date 2013-07-17 11:47:06 -05:00
jvazquez-r7 11f8b351c0 Merge branch 'nvidia' of https://github.com/Meatballs1/metasploit-framework 2013-07-17 11:44:42 -05:00
jvazquez-r7 19b11cd6e2 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-15 08:23:38 -05:00
James Lee 94f8b1d177 Land #2073, psexec_psh 2013-07-12 16:14:17 -05:00
James Lee f81369a10d Don't make promises about AV detection 2013-07-12 16:13:02 -05:00
James Lee bc88732400 Prints don't need to be rescued 2013-07-12 15:56:04 -05:00
jvazquez-r7 e2f6218104 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-12 08:38:08 -05:00
sinn3r 529471ed53 Land #2081 - MediaCoder .M3U Buffer Overflow 2013-07-11 23:57:43 -05:00
sinn3r 1341d6ec6b Remove extra commas and try to keep a line in 100 columns 2013-07-11 23:54:54 -05:00
jvazquez-r7 937642762f Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-11 15:20:33 -05:00
sinn3r 1cf65623d6 Small desc update 2013-07-11 13:20:39 -05:00
jvazquez-r7 d9107d2bd9 Add module for CVE-2013-3248 2013-07-11 12:30:08 -05:00
modpr0be 16c9effcb4 make msftidy happy 2013-07-11 00:32:32 +07:00
modpr0be 8de88cbd05 change target from win7 sp1 to win7 sp0, fix description 2013-07-11 00:14:30 +07:00
jvazquez-r7 64b2f3f7a0 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-08 16:55:39 -05:00
Tod Beardsley 8d7396d60a Minor description changes on new modules 2013-07-08 16:24:40 -05:00
jvazquez-r7 6a9a9ac20a Merge branch 'module-mediacoder-m3u' of https://github.com/modpr0be/metasploit-framework 2013-07-08 15:53:36 -05:00
jvazquez-r7 8ab8eb8e59 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-08 15:52:31 -05:00
modpr0be b2a18c37ee add dll references for rop 2013-07-09 03:20:05 +07:00
jvazquez-r7 3f874f504c Use metadata 2013-07-08 09:25:02 -05:00
jvazquez-r7 512dd7d15a Update title 2013-07-08 09:11:31 -05:00
jvazquez-r7 c60aeaa202 Add module for CVE-2013-3482 2013-07-08 09:11:10 -05:00
modpr0be ed6d88a28b credit to mona.py for rop 2013-07-07 18:07:05 +07:00
modpr0be ecb2667401 remove seh mixin and fix the rop nop address 2013-07-06 23:08:51 +07:00
Meatballs fc5e5a5aad Fixup description 2013-07-06 09:29:32 +01:00
Meatballs 22601e6cc7 Exit process when complete 2013-07-06 09:27:27 +01:00
modpr0be 23d2bfc915 add more author 2013-07-06 11:52:16 +07:00
modpr0be b8354d3d6c Added MediaCoder exploit module 2013-07-06 11:07:11 +07:00
Meatballs 0e84886bce Spawn 32bit process 2013-07-05 22:56:21 +01:00
Meatballs 2bfe8b3b29 msftidy 2013-07-05 22:35:22 +01:00
Meatballs 5dc2492b20 Renamed module 2013-07-05 22:32:15 +01:00
Meatballs 0ce3fe2e7c Added service status checks to Post::Windows::Services 
Added QueryServiceStatus to Railgun Advapi32 Definitions
Added Checks to module
 2013-07-05 22:25:04 +01:00
Meatballs 66c2b79177 Initial commit 2013-07-05 19:48:27 +01:00
jvazquez-r7 7f645807f6 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-05 10:25:41 -05:00
jvazquez-r7 ad94f434ab Avoid a fix address for the final userland payload 2013-07-05 10:21:11 -05:00
Meatballs 479664b5aa Remove redundant file 2013-07-04 12:07:14 +01:00
Meatballs cd159960e1 Tidy 2013-07-04 12:02:32 +01:00
Meatballs 9c1a43a417 Check payload arch 2013-07-04 11:46:34 +01:00
Meatballs 83bc32abb4 Remove Exploit::Exe 2013-07-04 11:01:01 +01:00
Meatballs 7d6a78bf1f Remove report aux 2013-07-04 10:36:32 +01:00
Meatballs 555140b85a Add warning for persist 2013-07-04 10:30:03 +01:00
Meatballs 44cdc0a1c8 Move options to lib 2013-07-04 10:25:37 +01:00
Meatballs 1368c1c27f Move options to lib 2013-07-04 10:25:08 +01:00
Meatballs 8590720890 Use fail_with 2013-07-04 10:21:24 +01:00
Meatballs 3eab7107b8 Remove opt supplied by lib 2013-07-04 10:16:03 +01:00
Meatballs 7d273b2c8b Refactor to psexec lib 2013-07-04 10:11:13 +01:00
Meatballs 1569a15856 Msf license 2013-07-04 10:08:29 +01:00
Meatballs 052c23b980 Add missing require 2013-07-04 09:58:48 +01:00
Meatballs 6fa60be76f Merge branch 'psexec_psh' of https://github.com/sempervictus/metasploit-framework into psexec_psh 2013-07-04 09:42:18 +01:00
sinn3r 226f4dd8cc Use execute_shellcode for novell_client_nicm.rb 2013-07-03 13:57:41 -05:00
sinn3r f9cfba9021 Use execute_shellcode for novell_client_nwfs.rb 2013-07-03 13:55:50 -05:00
jvazquez-r7 6e44cb56bf Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-03 12:44:47 -05:00
jvazquez-r7 2f77e8626f Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-03 11:56:25 -05:00
sinn3r 7ef5695867 [FixRM:#8129] - Remove invalid metasploit.com references 
These "metasploit.com" references aren't related to the vulns,
shouldn't be in them.
 2013-07-03 11:52:10 -05:00
g0tmi1k 2a6056fd2a exploits/s4u_persistence~Fixed typos+default values 2013-07-03 00:38:50 +01:00
jvazquez-r7 146d1eb27d Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-02 10:06:00 -05:00
jvazquez-r7 1110aefe49 Land #2038, @modpr0be exploit for ABBS Audio Media Player 2013-07-01 23:20:50 -05:00
modpr0be 2e5398470b remove additional junk, tested and not needed 2013-07-02 09:23:42 +07:00
jvazquez-r7 72f19181d1 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-01 16:38:19 -05:00
modpr0be 9b8bfa6290 change last junk from rand_text_alpha_upper to rand_text 2013-07-01 23:49:19 +07:00
modpr0be c631778a38 make a nice way to fill the rest of buffer 2013-07-01 23:39:08 +07:00
sinn3r dbce1b36e5 Land #2036 - CVE-2013-3660 
Thx Tavis, Keebie4e, and Meatballs
 2013-07-01 10:55:51 -05:00
modpr0be 478beee38b remove unnecessary option and make msftidy happy 2013-07-01 18:51:47 +07:00
modpr0be f16d097c00 clean version, tested on winxp sp3 and win7 sp1 2013-07-01 18:35:50 +07:00
jvazquez-r7 f58f481399 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-30 22:36:46 -05:00
modpr0be e0ae71e874 minor fixing in the exploit module description 2013-07-01 03:27:06 +07:00
modpr0be 007fddb6bf remove SEH function, not needed 2013-07-01 03:13:20 +07:00
modpr0be 1e4b69ab03 Added abbs amp exploit module 2013-07-01 03:08:22 +07:00
jvazquez-r7 a2b8daf149 Modify fail message when exploitation doen't success 2013-06-29 10:45:13 -05:00
jvazquez-r7 a5c3f4ca9b Modify ruby code according to comments 2013-06-29 08:54:00 -05:00
jvazquez-r7 427e26c4dc Fix current_pid 2013-06-28 21:36:49 -05:00
jvazquez-r7 32ae7ec2fa Fix error description and bad variable usage 2013-06-28 21:30:33 -05:00
jvazquez-r7 fb67002df9 Switch from print_error to print_warning 2013-06-28 21:29:20 -05:00
jvazquez-r7 3ab948209b Fix module according to @wchen-r7 feedback 2013-06-28 20:44:42 -05:00
jvazquez-r7 00416f3430 Add a new print_status 2013-06-28 18:23:49 -05:00
jvazquez-r7 7725937461 Add Module for cve-2013-3660 2013-06-28 18:18:21 -05:00
jvazquez-r7 90b30dc317 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-26 14:31:52 -05:00
Steve Tornio 6ea622c45e reference updates 2013-06-26 09:44:56 -05:00
jvazquez-r7 7ab4d4dcc4 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-25 17:34:29 -05:00
Steve Tornio 5b71013dde reference updates 2013-06-25 13:41:22 -05:00
jvazquez-r7 0c306260be Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-25 09:13:01 -05:00
William Vu d6374ddfff Land #2020, CVE and OSVDB update 2013-06-25 08:17:54 -05:00
sinn3r 4df943d1a2 CVE and OSVDB update 2013-06-25 02:06:20 -05:00
jvazquez-r7 795dd6a02a Add module for OSVDB 93718 2013-06-24 23:51:28 -05:00
jvazquez-r7 ca8ce363b8 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-24 16:32:55 -05:00
sinn3r b3d90c68a4 Land #2008 - More OSVDB refs 2013-06-24 01:53:29 -05:00
jvazquez-r7 31fcb911f2 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-23 21:41:10 -05:00
Steve Tornio a920127f8c reference updates for several modules 2013-06-23 20:43:34 -05:00
sinn3r 5b0092ff39 Land #2006 - Ref updates 2013-06-23 18:26:48 -05:00
jvazquez-r7 2150d9efb0 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-22 12:06:18 -05:00
Steve Tornio 427f063c48 fix formatting 2013-06-22 07:32:29 -05:00
Steve Tornio 1e25dedb66 fix formatting 2013-06-22 07:31:47 -05:00
Steve Tornio 14850cd387 reference updates for multiple modules 2013-06-22 07:28:04 -05:00
sinn3r de659326ce Land #2003 - Novell Client 4.91 SP4 nwfs.sys Local Privilege Escalation 2013-06-21 21:52:32 -05:00
sinn3r 5de7fff685 Credit 2013-06-21 21:38:40 -05:00
Markus Wulftange afa0e6c42a Use CmdStagerVBS instead of CmdStagerTFTP 
By using `php.exe` as stager, the bad characters can be completely
bypassed. This allows the use of the CmdStagerVBS, which should be
working on all supported Windows systems.
 2013-06-22 01:13:03 +02:00
jvazquez-r7 f106b6db50 Add comment with the component version 2013-06-21 17:38:30 -05:00
jvazquez-r7 5fe9a80bf0 Add module for OSVDB 46578 2013-06-21 17:31:40 -05:00
James Lee 2c12a43e77 Add a method for dealing with hardcoded URIs 2013-06-21 15:48:02 -05:00
jvazquez-r7 785639148c Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-20 17:18:42 -05:00
sinn3r 8dfe9b5318 Add login feature 2013-06-20 04:16:23 -05:00
sinn3r ebde05b783 Improve check 2013-06-20 03:18:33 -05:00
sinn3r 20621d17de Add CVE-2013-3576 - HP System Management Homepage exploit 2013-06-20 03:08:42 -05:00
jvazquez-r7 9e3053f24d Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-18 10:00:44 -05:00
jvazquez-r7 aa134b0bcc Land #1973, @wchen-r7's fix to handle ftp auth correctly 2013-06-18 09:34:55 -05:00
jvazquez-r7 ae1a3e3ca1 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-17 20:39:31 -05:00
Tod Beardsley 4ca9a88324 Tidying up grammar and titles 2013-06-17 16:49:14 -05:00
sinn3r 820f589df0 Missed this one. 2013-06-17 15:52:53 -05:00
sinn3r 163d3e771b Handle connect_login return value properly 
Some modules ignore connect_login's return value, which may result
an EOF if send_cmd() is used later on.  All the modules fixed are
the ones require auth according to the module description, or
CVE/vendor/OSVDB info.
 2013-06-17 15:48:34 -05:00
jvazquez-r7 11bf17b0d6 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-15 11:55:22 -05:00
William Vu bd17e67f75 Land #1960, lower ranking for MS13-009 2013-06-14 15:28:06 -05:00
sinn3r 2abf70a1ca Lower ranking for MS13-009 
We haven't been able to make this one more reliable, so todb suggests
we lower the ranking first.
 2013-06-14 15:24:43 -05:00
sinn3r d35c3469e8 Fix typo 
EDB reference
 2013-06-14 15:16:20 -05:00
jvazquez-r7 2d083be8e7 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-14 13:28:44 -05:00
sinn3r 0d384d23b8 Land #1954 - Fix resource_uri and mp4 file path 2013-06-14 13:15:17 -05:00
jvazquez-r7 060261bb3b Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-14 13:15:13 -05:00
sinn3r 933ac88b44 Missing the file param that's needed to download the mp4 2013-06-14 13:13:48 -05:00
sinn3r d2df3234f4 Land #1955 - mozilla_mchannel.rb undefined agent variable 2013-06-14 11:14:20 -05:00
sinn3r 223807d0df Land #1956 - fix regex error for mozilla_reduceright.rb 2013-06-14 11:09:49 -05:00
jvazquez-r7 86258e32b1 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-13 16:05:03 -05:00
sinn3r 0440c03c7a Land #1934 - Fix UltraISO Exploit File Creation 2013-06-13 13:57:09 -05:00
jvazquez-r7 95118895d6 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-13 13:05:42 -05:00
jvazquez-r7 81813a78fc Fix module Name 2013-06-13 11:55:23 -05:00
jvazquez-r7 707bc33148 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-13 10:17:28 -05:00
jvazquez-r7 eaba8e7b59 up to date 2013-06-12 15:44:00 -05:00
jvazquez-r7 afb2f83238 Add module for CVE-2012-1533 2013-06-12 14:40:53 -05:00
jvazquez-r7 c38eabe481 Fix description, code and perform test 2013-06-12 11:07:03 -05:00
jvazquez-r7 5c8053491f Add DEP bypass for ntdll ms12-001 2013-06-12 10:41:05 -05:00
jvazquez-r7 a1c7961cbc Suport js obfuscation for the trigger 2013-06-12 08:06:12 -05:00
jvazquez-r7 5240c6e164 Add module for MS13-037 CVE-2013-2551 2013-06-12 07:37:57 -05:00
jvazquez-r7 9ea58ba165 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-11 10:40:01 -05:00
sinn3r 081baad68c Remove variable 'overflow' because it's not used 
The 'overflow' variable isn't needed
 2013-06-11 02:26:45 -05:00
Ruslaideemin ca0ab8d6ee maxthon_history_xcs.rb - fix User-agent string 
request.headers['User-agent'] is incorrect, it should be
request.headers['User-Agent'].

Downloaded following version from oldapps.com to confirm
the exploit code is wrong.

Supported Systems Windows 98, 2000 (Maxthon 2.5.15 Build
  1000), XP, Vista, 7, 8
MD5 Checksum F3791637C886A46940876211209F82F4
SHA1 Checksum 039BB218245E5DC1BAB0F57298C68AC487F86323

Release Date 20 October, 2011 (2 years ago )
 2013-06-11 13:37:21 +10:00
jvazquez-r7 69c25014ae Make msftidy happy 2013-06-13 18:58:38 -05:00
sinn3r 12801430e3 Update both ultraiso files to the right fix 2013-06-13 18:44:19 -05:00
Ruslaideemin 4e41e871bb mozilla_reduceright.rb - fix regex error. 
[] is character class, and will match on 1, 6, 7, and |.
Where as (16|17) will match on either 16, or 17.

irb(main):053:0> y = /Firefox\/3\.6\.[16|17]/
=> /Firefox\/3\.6\.[16|17]/
irb(main):054:0> x = "Firefox/3.6.13"
=> "Firefox/3.6.13"
irb(main):055:0> x =~ y
=> 0
irb(main):056:0> y = /Firefox\/3\.6\.(16|17)/
=> /Firefox\/3\.6\.(16|17)/
irb(main):057:0> x =~ y
=> nil
 2013-06-11 11:52:27 +10:00
Ruslaideemin 996171b35f mozilla_mchannel.rb undefined agent variable 
If the TARGET is chosen instead of using the default
automatic, the agent variable will be undefined, which
causes the exploit to fail.
 2013-06-11 10:43:47 +10:00
jvazquez-r7 72b871d762 up to date 2013-06-10 16:37:05 -05:00
Ruslaideemin d91b412661 adobe_flash_sps.rb - resource_uri vs get_resource 
resource_uri will randomize the returned uri unless
datastore['URIPATH"] is set.

get_resource will return the currently used reosurce_uri

Since the incorrect type is used, this exploit is completely broken.

Tested fix with both URIPATH set to / and unset, and it works after
redirect.
 2013-06-11 07:13:02 +10:00
jvazquez-r7 9c44ea0c61 up to date 2013-06-10 13:02:01 -05:00
jvazquez-r7 b20a38add4 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-10 12:22:52 -05:00
sinn3r 0895184e1f Land #1932 - Actually support OUTPUTPATH datastore option 2013-06-10 11:22:28 -05:00
Tod Beardsley f58e279066 Cleanup on module names, descriptions. 2013-06-10 10:52:22 -05:00
Ruslaideemin cd64e3593c Fix UltraISO file creation 
This makes file creation where datastore['FILENAME'] is not used when
a different filename is required, and ends up creating files in the
wrong place.
 2013-06-09 12:37:34 +10:00
Ruslaideemin c6b4290fea Fix UltraISO Exploit File Creation 
Both ultraiso_ccd.rb and ultraiso_cue.rb use File.open to create
files, instead of using the create_file() function. This leads
to files being created in the wrong directory.

We work around this by dynamically changing the
file_format_filename function to return the corrected filename.
 2013-06-09 09:51:15 +10:00
Ruslaideemin cb79aa252a Fix output path in ms10_004_textbytesatom.rb 
ms10_004_textbytesatom.rb does not write to the local data directory,
instead it writes to the metasploit path (at least, that's where I
started msfrpcd).

This fixes it by using Msf::Config.local_directory
 2013-06-09 07:28:48 +10:00
jvazquez-r7 9c27a294cb Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-07 13:01:37 -05:00
jvazquez-r7 a157e65802 Land #1916, @wchen-r7's exploit for Synactics PDF 2013-06-07 12:11:45 -05:00
sinn3r ea2895ac13 Change to AverageRanking 
Just to play with the firing order for Browser Autopwn, this one
should fire as late as possible.
 2013-06-07 12:08:51 -05:00
sinn3r 9c7b446532 Updates description about default browser setting 2013-06-07 11:58:31 -05:00
sinn3r f3421f2c3a Fix different landings 2013-06-07 10:26:04 -05:00
jvazquez-r7 0fb77cb4a7 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-07 08:44:07 -05:00
sinn3r da4b18c6a1 [FixRM:#8012] - Fix message data type to int 
This patch makes sure s.message is actually an int, that way we can
properly stop or enable the service.
 2013-06-06 23:49:14 -05:00
sinn3r e559824dc8 Remove whitespace 2013-06-06 20:08:50 -05:00
sinn3r d3e57ffc46 Add OSVDB-93754: Synactis PDF In-The-Box ConnectToSynactic Stack Buffer Overflow 
This module exploits a vulnerability found in Synactis' PDF In-The-Box ActiveX
component, specifically PDF_IN_1.ocx.  When a long string of data is given
to the ConnectToSynactis function, which is meant to be used for the ldCmdLine
argument of a WinExec call, a strcpy routine can end up overwriting a TRegistry
class pointer saved on the stack, and results in arbitrary code execution under the
context of the user.
 2013-06-06 20:05:08 -05:00
jvazquez-r7 e5a17ba227 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-05 09:41:23 -05:00
sinn3r 6d3dcf0cef Land #1912 - Fixed check for Admins SID in whoami /group output 2013-06-05 02:55:38 -05:00
sinn3r a3b25fd7c9 Land #1909 - Novell Zenworks Mobile Device Managment exploit & auxiliary 2013-06-05 02:45:45 -05:00
sinn3r 0c1d46c465 Add more references 2013-06-05 02:43:43 -05:00
sinn3r 46aa6d38f8 Add a check for it 2013-06-05 02:41:03 -05:00
sinn3r a270d37306 Take apart the version detection code 2013-06-05 02:34:35 -05:00
sinn3r 25fe03b981 People like this format better: IP:PORT - Message 2013-06-05 02:26:18 -05:00
sinn3r 02e29fff66 Make msftidy happy 2013-06-05 02:25:08 -05:00
sinn3r 35459f2657 Small name change, don't mind me 2013-06-05 02:18:11 -05:00
sinn3r 227fa4d779 Homie needs a default target 2013-06-05 02:16:59 -05:00
cbgabriel 1032663cd4 Fixed check for Administrators SID in whoami /group output 2013-06-04 18:34:06 -04:00
steponequit ed4766dc46 initial commit of novell mdm modules 2013-06-04 09:20:10 -07:00
jvazquez-r7 a5f9ed890b Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-03 16:23:12 -05:00
jvazquez-r7 30a019e422 Land #1891, @wchen-r7's improve for ie_cgenericelement_uaf 2013-06-03 15:35:43 -05:00
jvazquez-r7 4079484968 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-03 15:27:36 -05:00
Tod Beardsley 4cf682691c New module title and description fixes 2013-06-03 14:40:38 -05:00
sinn3r cb33c5685f Landing #1890 - Oracle WebCenter Content openWebdav() vulnerability 2013-06-02 12:35:40 -05:00
sinn3r cc951e3412 Modifies the exploit a little for better stability 
This patch makes sure the LFH is enabled before the CGenericElement
object is created.  Triggers is also modified a little.
 2013-06-02 03:02:42 -05:00
jvazquez-r7 f68d35f251 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-01 17:09:23 -05:00
jvazquez-r7 5939ca8ce4 Add analysis at the end of the module 2013-06-01 15:59:17 -05:00
jvazquez-r7 9be8971bb0 Add module for ZDI-13-094 2013-06-01 15:44:01 -05:00
Steve Tornio 8671ae9de7 add osvdb ref 2013-06-01 14:27:50 -05:00
jvazquez-r7 d42ac02e3e Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-31 23:01:05 -05:00
jvazquez-r7 f8e9535c39 Add ZDI reference 2013-05-31 20:50:53 -05:00
jvazquez-r7 3a360caba1 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-31 19:03:21 -05:00
James Lee 4f6d80c813 Land #1804, user-settable filename for psexec 2013-05-31 13:34:52 -05:00
James Lee 5964d36c40 Fix a syntax error 
Also uses a prettier syntax for setting the filename (ternary operators
are hard to read).
 2013-05-31 13:31:36 -05:00
jvazquez-r7 70037fdbed Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-30 15:02:34 -05:00
jvazquez-r7 d0489b5d1e Delete some commas 2013-05-30 14:25:53 -05:00
jvazquez-r7 6abb591428 Do minor cleanup for lianja_db_net 2013-05-30 14:25:05 -05:00
Spencer McIntyre 70e1379338 Use msvcrt in ropdb for stability. 2013-05-30 11:13:22 -04:00
Spencer McIntyre c3ab1ed2a5 Exploit module for Lianja SQL 1.0.0RC5.1 2013-05-29 08:48:41 -04:00
jvazquez-r7 66ea59b03f Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-28 15:22:46 -05:00
sinn3r d16d316658 Fixes mssql_findandsampledata & ms11_006_creat esizeddibsection 
[FixRM:7987]
[FixRM:7986]
 2013-05-28 11:15:17 -05:00
jvazquez-r7 e678b2c5d8 Add module for CVE-2012-5946 2013-05-26 00:21:20 -05:00
darknight007 57b7e4ec44 Update ms11_006_createsizeddibsection.rb 2013-05-25 13:14:41 +06:00
jvazquez-r7 0dee5ae94d Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-22 12:54:44 -05:00
sinn3r ecb9d1d7fa Landing #1848 - AdobeCollabSync Buffer Overflow on Adobe Reader X 2013-05-22 12:24:42 -05:00
jvazquez-r7 53cb493bc9 Fix @jlee-r7's feedback 2013-05-20 18:44:21 -05:00