Matthew Hall
dfb6711ad7
Modify primer to utilise file_contents macro.
2015-03-04 09:51:01 +00:00
Matthew Hall
a5d748d19e
Modify primer to utilise file_contents macro.
2015-03-04 09:50:28 +00:00
Matthew Hall
0d56f5b6e6
Modify primer to utilise file_contents macro.
2015-03-04 09:49:17 +00:00
jvazquez-r7
80b76436bb
Land #4831 , @wchen-r7's update for MS14-064 exploit
...
* Support Windows XP with VBScript technique
2015-03-03 19:19:49 -06:00
sinn3r
7591e9ece3
Unbreak the comment
2015-03-03 19:14:18 -06:00
sinn3r
79e7bf7f9c
Update comments and description
2015-03-03 19:13:15 -06:00
William Vu
aa1e1a5269
Fix duplicate hash key "Platform"
...
In modules/exploits/windows/mssql/mssql_linkcrawler.rb.
2015-02-24 05:19:56 -06:00
William Vu
57642377cc
Fix duplicate hash key "MinNops"
...
In modules/exploits/windows/backupexec/name_service.rb.
2015-02-24 05:19:55 -06:00
William Vu
f2c96b4fdd
Fix duplicate hash key "DefaultOptions"
...
In modules/exploits/windows/browser/ntr_activex_stopmodule.rb.
2015-02-24 05:19:54 -06:00
William Vu
b671c9b496
Fix duplicate hash key "DefaultOptions"
...
In modules/exploits/windows/browser/oracle_autovue_setmarkupmode.rb.
2015-02-24 05:19:53 -06:00
William Vu
2e90f266fa
Fix duplicate hash key "massage_array"
...
In modules/exploits/windows/browser/ms13_090_cardspacesigninhelper.rb.
2015-02-24 05:19:52 -06:00
William Vu
e618c2f112
Fix duplicate hash key "DefaultOptions"
...
In modules/exploits/windows/browser/cisco_playerpt_setsource_surl.rb.
2015-02-24 05:19:51 -06:00
William Vu
2ffa368c18
Fix duplicate hash key "DefaultOptions"
...
In modules/exploits/windows/browser/ntr_activex_check_bof.rb.
2015-02-24 05:19:50 -06:00
William Vu
a8f0af4409
Fix duplicate hash key "DefaultOptions"
...
In modules/exploits/windows/browser/cisco_playerpt_setsource.rb.
2015-02-24 05:19:49 -06:00
William Vu
ff73b4d51a
Fix duplicate hash key "DefaultOptions"
...
In modules/exploits/windows/local/pxeexploit.rb.
2015-02-24 05:19:48 -06:00
William Vu
53e45498ca
Fix duplicate hash key "DefaultOptions"
...
In modules/exploits/windows/http/hp_pcm_snac_update_certificates.rb.
2015-02-24 05:19:47 -06:00
William Vu
943ff2da75
Fix duplicate hash key "DefaultOptions"
...
In modules/exploits/windows/http/hp_pcm_snac_update_domain.rb.
2015-02-24 05:19:46 -06:00
William Vu
6aa3952c91
Fix duplicate hash key "Platform"
...
In modules/exploits/windows/scada/winlog_runtime_2.rb.
2015-02-24 05:19:45 -06:00
sinn3r
8d17aa04ee
Update the title too
2015-02-24 00:46:35 -06:00
sinn3r
578a545b22
Update MS14-064 for Windows XP
2015-02-23 23:08:13 -06:00
William Vu
933c4a05b4
Land #4814 , ms04_011_pct improved error messages
2015-02-22 23:51:14 -06:00
sinn3r
aa8a82f44f
Update MS15-001 reference
2015-02-21 08:39:21 -06:00
jvazquez-r7
ef62e1fc04
Land #4798 , @wchen-r7's deletion of x64 support on ms13_022_silverlight_script_object
...
* Ungenuine support, well deleted
2015-02-21 01:11:09 -06:00
jvazquez-r7
ef990223d5
Move arch out of target
2015-02-21 01:10:35 -06:00
sinn3r
441c301fd3
Fix #4458 , more informative errors for ms04_011
...
Fix #4458
2015-02-21 00:32:20 -06:00
Brent Cook
b624278f9d
Merge branch 'master' into land-4706-smb_reflector
2015-02-20 10:26:04 -06:00
Matthew Hall
e6ecdde451
Modify SMB generation code to use primer based on #3074 changes to
...
implement Msf::Exploit::Remote::SMB::Server::Share as a mixin.
2015-02-20 11:35:22 +00:00
Matthew Hall
4963992b17
Modify SMB generation code to use primer based on #3074 changes to
...
implement Msf::Exploit::Remote::SMB::Server::Share as a mixin.
2015-02-20 11:31:15 +00:00
Matthew Hall
da829d9ea9
Modify SMB generation code to use primer based on #3074 changes to
...
implement Msf::Exploit::Remote::SMB::Server::Share as a mixin.
2015-02-20 11:29:09 +00:00
Matthew Hall
9aef561fd3
Modify SMB generation code to use primer based on #3074 changes to
...
implement Msf::Exploit::Remote::SMB::Server::Share as a mixin.
2015-02-20 11:28:35 +00:00
Matthew Hall
34f4ae782d
Modify SMB generation code to use primer based on #3074 changes to
...
implement Msf::Exploit::Remote::SMB::Server::Share as a mixin.
2015-02-20 11:26:19 +00:00
Matthew Hall
1751921ede
Modify SMB generation code to use primer based on #3074 changes to
...
implement Msf::Exploit::Remote::SMB::Server::Share as a mixin.
2015-02-20 11:01:38 +00:00
sinn3r
036a6089eb
Drop ungenuine x64 support in ms13_022_silverlight_script_object
...
The MS13-022 exploit does not actually run as x64. IE by default
still runs x86 so BES will always automatically select that target.
If IE forces x64 (which can be done manually), the BES detection
code will see it as ARCH_X86_64, and the payload generator will
still end up generating a x86 payload anyway.
If the user actually chooses a x64 payload, such as
windows/x64/meterpreter/reverse_tcp, the exploit is going to crash
because you can't run x64 shellcode on an x86 architecture.
2015-02-19 10:39:43 -06:00
jakxx
44a7e7e4bc
publish-it fileformat exploit
2015-02-18 13:22:54 -05:00
Jay Smith
e40772efe2
Fixed open device issue for non-priv users
...
Fixed the open_device call to work for users without Administrator
privileges
2015-02-18 12:44:58 -05:00
sinn3r
6acbe64dbd
The MSB reference in the title is wrong
...
It should be MS13-022.
MS12-022 is MSFT Expression Design.
2015-02-17 14:56:14 -06:00
sinn3r
b90639fd66
Land #4726 , X360 Software actvx buffer overflow
2015-02-17 11:41:23 -06:00
Matthew Hall
666b8e3e72
Add timeout to connection handler
2015-02-17 17:27:03 +00:00
Matthew Hall
728cfafe4d
cleanups
2015-02-17 17:27:03 +00:00
Matthew Hall
e4bab60007
Generic HTTP DLL Injection Exploit Module
...
This is an example implementation of using the
Msf::Exploit::Remote::SMBFileServer module to perform
arbitrary DLL injection over SMB.
2015-02-17 17:27:03 +00:00
Matthew Hall
c86caacf95
Merge branch 'master' into module-exploitsmbdllserver
...
Conflicts:
lib/msf/core/exploit/smb.rb
2015-02-17 17:16:09 +00:00
Matthew Hall
9f04e3bcf0
Merge branch 'master' into hp_dataprotector_dll_cmd_exec
2015-02-17 17:06:40 +00:00
Matthew Hall
afca27dae5
Merge branch 'master' into cve-2014-0094
2015-02-17 17:06:21 +00:00
jvazquez-r7
0372b08d83
Fix mixin usage on modules
2015-02-13 17:17:59 -06:00
sinn3r
b197b98ab9
Land #4759 , fix ms09_067_excel_featheader
2015-02-13 13:25:15 -06:00
jvazquez-r7
3ae3d56caa
Land #4745 , fixes #4711 , BrowserAutoPwn failing due to getpeername
2015-02-12 16:51:09 -06:00
jvazquez-r7
92422c7b9a
Save the output file on local_directory
2015-02-12 16:16:21 -06:00
sinn3r
05d2703a98
Explain why obfuscation is disabled
2015-02-12 14:00:01 -06:00
Tod Beardsley
c156ed62a9
on, not of.
2015-02-12 12:56:53 -06:00
Tod Beardsley
d89eda65fa
Moar fixes, thanks @wvu-r7
...
See #4755
2015-02-12 12:46:38 -06:00
Tod Beardsley
e78d08e20d
Fix up titles, descriptions
2015-02-12 12:11:40 -06:00
sinn3r
50c72125a4
::Errno::EINVAL, disable obfuscation, revoke ms14-064
2015-02-12 11:54:01 -06:00
William Vu
309159d876
Land #4753 , updated ms14_070_tcpip_ioctl info
2015-02-12 09:57:29 -06:00
Spencer McIntyre
8ab469d3bd
Update ms14-070 module information and references
2015-02-12 09:51:01 -05:00
William Vu
b894050bba
Fix local/pxeexploit datastore
2015-02-11 12:19:56 -06:00
sinn3r
d23c9b552f
Trade MS12-004 for MS13-090 against Windows XP BrowserAutoPwn
2015-02-10 18:58:56 -06:00
jvazquez-r7
5687028f09
Land #4671 , @earthquake's exploit for achat buffer overflow
2015-02-09 17:50:09 -06:00
jvazquez-r7
6165d623ff
Change module filename
2015-02-09 17:39:55 -06:00
jvazquez-r7
eb0741d7a7
Modify reference
2015-02-09 17:39:18 -06:00
jvazquez-r7
86f3bcad11
Do minor cleanup
2015-02-09 17:33:05 -06:00
Balazs Bucsay
ac6879cfe1
proper payload encoding from now on
2015-02-09 23:36:35 +01:00
Balazs Bucsay
c7880ab4e1
hex strings related explanations
2015-02-09 23:21:38 +01:00
Balazs Bucsay
9891026d30
sleep changed to Rex::sleep
2015-02-09 22:33:41 +01:00
jvazquez-r7
831a1494ac
Keep default behavior for modules forcing Msf::Encoder::Type::AlphanumUpper
2015-02-08 18:29:25 -06:00
jvazquez-r7
3e7e9ae99b
Keep default behavior for modules forcing Msf::Encoder::Type::AlphanumMixed
2015-02-08 18:22:11 -06:00
jvazquez-r7
87775c6ee4
Fix description
2015-02-06 23:55:27 -06:00
jvazquez-r7
76387eebe0
Use File.open
2015-02-06 21:35:07 -06:00
jvazquez-r7
f6933ed02c
Add module for EDB-35948
2015-02-06 11:05:29 -06:00
Tod Beardsley
036cb77dd0
Land #4709 , fixed up some datastore mangling
2015-02-05 21:22:38 -06:00
Spencer McIntyre
4e0a62cb3a
Land #4664 , MS14-070 Server 2003 tcpip.sys priv esc
2015-02-05 18:49:15 -05:00
Spencer McIntyre
a359fe9acc
Minor fixup on the ms14-070 module description
2015-02-05 18:41:58 -05:00
Spencer McIntyre
dc13446536
Forgot to comment ret instruction
2015-02-05 14:09:01 -05:00
Spencer McIntyre
5a39ba32f6
Make the ret instruction for token stealing optional
2015-02-05 14:00:38 -05:00
Spencer McIntyre
dabc163076
Modify the shellcode stub to save the process
2015-02-05 13:54:52 -05:00
Tod Beardsley
c633c710bc
Mostly caps/grammar/spelling, GoodRanking on MBAM
2015-02-05 12:36:47 -06:00
William Vu
b43522a2b8
Fix scadapro_cmdexe datastore
2015-02-05 02:54:03 -06:00
William Vu
a12d1244b9
Fix zenworks_helplauncher_exec datastore
2015-02-05 02:53:47 -06:00
William Vu
148ffaf55f
Fix real_arcade_installerdlg datastore
2015-02-05 02:53:38 -06:00
Spencer McIntyre
aebf5056ac
Dont compare a string to an integer
2015-02-04 16:55:43 -05:00
Tod Beardsley
47d4acd91d
Land #4605 , Malwarebytes fake update exploit
2015-02-04 10:28:17 -06:00
jvazquez-r7
c366e7777d
Delete ternary operators
2015-02-03 17:43:00 -06:00
jvazquez-r7
34717d166d
Fix typo
2015-02-03 17:12:54 -06:00
jvazquez-r7
82eeec0946
Delete comments
2015-02-03 15:25:52 -06:00
jvazquez-r7
52616a069a
Add support for NTLMSSP
2015-02-03 15:25:02 -06:00
Tod Beardsley
b5794db973
Spelling
2015-02-03 14:10:47 -06:00
Tod Beardsley
edd5ec3b0d
Refactor and rename of @sgabe's module
...
Renamed because it's not just MBAM, and having malwarebytes in the name
is more memorable anyway.
This refactor's @sgabe's original module to prefer if/else over
unless/else, clearly labelling variables, and wrapping up discrete
functionality into specific methods, and adds an OSVDB and the original
discoverer's URL.
2015-02-03 14:08:25 -06:00
William Vu
d5c61c01f5
Land #4694 , uninit Rex::OLE fix
2015-02-02 05:33:40 -06:00
sinn3r
9112e70187
Fix #4693 - Uninit Rex::OLE in MS14-064 exploits
...
Fix #4693
2015-02-02 00:20:34 -06:00
jvazquez-r7
d211488e5d
Add Initial version
2015-02-01 19:47:58 -06:00
Balazs Bucsay
64ab11c6ba
Add Achat Beta v0.150 RCE for Win7/XPSP3
2015-01-29 23:20:31 +01:00
Jay Smith
6c529f8f6b
Addressed feedback from @OJ and @zeroSteiner
2015-01-29 11:57:03 -05:00
Jay Smith
064ca2d02e
Updated version checking
2015-01-28 18:25:30 -05:00
sinn3r
0f88d0ad75
Change print_* to vprint_*
...
According to our wiki doc, all print_* should be vprint_* for check()
2015-01-28 15:44:14 -06:00
James Lee
51764eb207
Add a check() for mssql_payload
2015-01-28 13:44:16 -06:00
Jay Smith
37c08128dc
Add in MS14-070 Priv Escalation for Windows 2003
2015-01-28 13:24:39 -05:00
sinn3r
bb9c961847
Change description a bit
2015-01-27 12:14:55 -06:00
sinn3r
2dedaee9ca
Working version after the upgrade
2015-01-27 12:02:36 -06:00
Meatballs
c9ca85fba8
Bail out as SYSTEM
2015-01-27 17:23:57 +00:00
Meatballs
b7e9c69f72
Fix x64 injection
2015-01-27 16:34:06 +00:00
Meatballs
215a590940
Refactor and fixes for post module
2015-01-27 16:14:59 +00:00
Meatballs
ea25869312
Refactor to common module
2015-01-27 10:47:02 +00:00
sinn3r
9e3388df34
Use BES for MS13-037 and default to ntdll
2015-01-27 00:18:36 -06:00
Tod Beardsley
bae19405a7
Various grammar, spelling, word choice fixes
2015-01-26 11:00:07 -06:00
Meatballs
93537765d0
Add TODO
2015-01-26 15:59:22 +00:00
Meatballs
5ae65a723f
Initial
2015-01-26 15:57:52 +00:00
sinn3r
f5916eba6d
Move modules/exploits/windows/misc/psh_web_delivery.rb
...
This module was scheduled to be removed on 10/23/2014.
Please use exploit/multi/script/web_delivery instead.
2015-01-26 00:28:40 -06:00
sinn3r
bbcc2eb07d
Move modules/exploits/windows/misc/pxecploit.rb
...
This module was scheduled to be removed on 10/31/2014.
Please use exploits/windows/local/pxeexploit instead.
2015-01-26 00:25:02 -06:00
sgabe
dbe5dd77e3
Enforce update to real versions
2015-01-25 10:53:14 +01:00
Gabor Seljan
2680e76e26
Remove wrong references
2015-01-25 00:17:30 +01:00
sgabe
affc661524
Add module for CVE-2014-4936
2015-01-18 17:18:05 +01:00
Brent Cook
a2a1a90678
Land #4316 , Meatballs1 streamlines payload execution for exploits/windows/local/wmi
...
also fixes a typo bug in WMIC
2015-01-16 11:16:22 -06:00
Brent Cook
c1e604f201
Land #4562 : wchen-r7's CVE addition
2015-01-15 14:34:37 -06:00
Brent Cook
47cd5a3e59
Land #4562 , wchen-r7's Win8 NtApphelpCacheControl privilege escalation
2015-01-15 13:52:07 -06:00
sinn3r
09eaf80a90
Add CVE
2015-01-15 13:22:00 -06:00
sgabe
68dc3ce876
Minor code formatting
2015-01-15 19:33:08 +01:00
sinn3r
57904773e7
Configurable resource
2015-01-15 10:28:03 -06:00
Gabor Seljan
ef0be946b1
Use HttpServer instead of TcpServer
2015-01-15 10:39:17 +01:00
sgabe
da0fce1ea8
Add module for CVE-2014-2206
2015-01-14 22:04:30 +01:00
sinn3r
7876401419
Land #4476 - Lexmark MarkVision Enterprise Arbitrary File Upload
2015-01-12 10:44:23 -06:00
sinn3r
34bbc5be90
print error message about limitation
2015-01-11 20:12:40 -06:00
sinn3r
46d1616994
Hello ARCH_X86_64
2015-01-10 06:16:22 -06:00
sinn3r
3c8be9e36d
Just x86
2015-01-09 19:12:51 -06:00
sinn3r
74e8e057dd
Use RDL
2015-01-09 19:02:08 -06:00
jvazquez-r7
d65ed54e0c
Check STARTUP_FOLDER option
2015-01-09 12:21:01 -06:00
jvazquez-r7
2c633e403e
Do code cleanup
2015-01-09 12:07:59 -06:00
jvazquez-r7
d52e9d4e21
Fix metadata again
2015-01-09 11:20:00 -06:00
jvazquez-r7
9dbf163fe7
Do minor style fixes
2015-01-09 11:17:16 -06:00
jvazquez-r7
8f09e0c20c
Fix metadata by copying the mysql_mof data
2015-01-09 11:15:32 -06:00
jvazquez-r7
da6496fee1
Test landing #2156 into up to date branch
2015-01-09 11:04:47 -06:00
sinn3r
ee5c249c89
Add EDB reference
2015-01-09 00:19:12 -06:00
sinn3r
75de792558
Add a basic check
2015-01-09 00:03:39 -06:00
sinn3r
4911127fe2
Match the title and change the description a little bit
2015-01-08 21:48:01 -06:00
sinn3r
b7b3ae4d2a
A little randomness
2015-01-08 21:25:55 -06:00
sinn3r
b65013c5c5
Another update
2015-01-08 18:39:04 -06:00
sinn3r
b2ff5425bc
Some changes
2015-01-08 18:33:30 -06:00
sinn3r
53e6f42d99
This works
2015-01-08 17:57:14 -06:00
sinn3r
7ed6b3117a
Update
2015-01-08 17:18:14 -06:00
Brent Cook
fb5170e8b3
Land #2766 , Meatballs1's refactoring of ExtAPI services
...
- Many code duplications are eliminated from modules in favor of shared
implementations in the framework.
- Paths are properly quoted in shell operations and duplicate operations are
squashed.
- Various subtle bugs in error handling are fixed.
- Error handling is simpler.
- Windows services API is revised and modules are updated to use it.
- various API docs added
- railgun API constants are organized and readable now.
2015-01-08 16:54:01 -06:00
sinn3r
0e6c7181b1
"Stash" it
2015-01-08 14:13:14 -06:00
Meatballs
a9fee9c022
Fall back to runas if UAC disabled
2015-01-08 11:07:57 +00:00
OJ
844460dd87
Update bypass UAC to work on 8.1 and 2012
...
This commit contains a bunch of work that comes from Meatballs1 and
Lesage, and updates the bypassuac_inject module so that it works on
Windows 8.x and Windows 2012. Almost zero of the code in this module
can be attributed to me. Most of it comes from Ben's work.
I did do some code tidying, adjustment of style, etc. but other than
that it's all down to other people.
2015-01-08 15:39:19 +10:00
Meatballs
0b0ac1455a
Merge remote-tracking branch 'upstream/master' into extapi_service_post
...
Conflicts:
test/modules/post/test/services.rb
2015-01-07 20:53:34 +00:00
sinn3r
c60b6969bc
Oh so that's it
2015-01-07 10:39:46 -06:00
sinn3r
2ed05869b8
Make Msf::Exploit::PDF follow the Ruby method naming convention
...
Just changing method names.
It will actually also fix #4520
2015-01-06 12:42:06 -06:00
William Vu
f2710f6ba7
Land #4443 , BulletProof FTP client exploit
2015-01-06 02:10:42 -06:00
William Vu
482cfb8d59
Clean up some stuff
2015-01-06 02:10:25 -06:00
Meatballs
dd5c638ab0
Merge remote-tracking branch 'upstream/master' into extapi_service_post
2015-01-05 22:18:44 +00:00
sinn3r
44dfa746eb
Resolve #4513 - Change #inspect to #to_s
...
Resolve #4513
2015-01-05 11:50:51 -06:00
sinn3r
d45cdd61aa
Resolve #4507 - respond_to? + send = evil
...
Since Ruby 2.1, the respond_to? method is more strict because it does
not check protected methods. So when you use send(), clearly you're
ignoring this type of access control. The patch is meant to preserve
this behavior to avoid potential breakage.
Resolve #4507
2015-01-02 13:29:17 -06:00
sinn3r
3c755a6dfa
Template
2015-01-02 11:31:28 -06:00
sinn3r
48919eadb6
Land #4444 - i-FTP BoF
2014-12-30 12:38:28 -06:00
jvazquez-r7
d2af956b16
Do minor cleanups
2014-12-29 10:39:51 -06:00
jvazquez-r7
9f98fd4d87
Info leak webapp ROOT so we can cleanup
2014-12-27 08:47:51 -06:00
jvazquez-r7
5afd2d7f4b
Add module for ZDI-14-410
2014-12-26 20:40:28 -06:00
jvazquez-r7
655cfdd416
Land #4321 , @wchen-r7's fixes #4246 ms01_026_dbldecode undef method
2014-12-26 12:48:29 -06:00
Gabor Seljan
0b85a81b01
Use REXML to generate exploit file
2014-12-24 19:23:28 +01:00
jvazquez-r7
ebb05a64ea
Land #4357 , @Meatballs1 Kerberos Support for current_user_psexec
2014-12-23 20:38:31 -06:00
Matthew Hall
9af5b03105
correct disclosure date
2014-12-22 12:42:52 +00:00
Matthew Hall
d1bbfae786
delete duplicate
2014-12-22 12:40:14 +00:00
Matthew Hall
b09d60b589
cleanups
2014-12-22 11:08:51 +00:00
Matthew Hall
77780022dc
cleanups
2014-12-22 11:07:50 +00:00
Jon Cave
44084b4ef6
Correct Microsoft security bulletin for ppr_flatten_rec
2014-12-22 10:40:23 +00:00
Gabor Seljan
9be95eacb8
Use %Q for double-quoted string
2014-12-22 07:37:32 +01:00
sgabe
bb33a91110
Update description to be a little more descriptive
2014-12-21 19:31:58 +01:00
sgabe
cd02e61a57
Add module for OSVDB-114279
2014-12-21 17:00:45 +01:00
sgabe
9f97b55a4b
Add module for CVE-2014-2973
2014-12-20 18:38:22 +01:00
Tod Beardsley
d3050de862
Remove references to Redmine in code
...
See #4400 . This should be all of them, except for, of course, the module
that targets Redmine itself.
Note that this also updates the README.md with more current information
as well.
2014-12-19 17:27:08 -06:00
Matthew Hall
e7da23e8e5
modules/exploits/windows/misc/hp_dataprotector_dll_cmd_exec.rb
2014-12-17 15:25:13 +00:00
David Maloney
f237c56a13
This oracle scheduler exploit hangs if not vuln
...
When this exploit gets run against a system that isn't vulnerable
it can hang for a signifigant ammount of time. This change uses the check
method on the exploit to see whether it should proceed. Don't try to exploit
the host if it's not vulnerable.
2014-12-16 09:42:42 -06:00
Sean Verity
9a0ed723d1
Adds error handling for drive letter enumeration
2014-12-14 12:56:20 -05:00
Sean Verity
0c5f4ce4ee
Removed the handler-ish code
2014-12-13 22:18:41 -05:00
Sean Verity
2addd0fdc4
Fixed name, removed tabs, updated license
2014-12-13 20:37:19 -05:00
jvazquez-r7
b1453afb52
Land #4297 , fixes #4293 , Use OperatingSystems::Match::WINDOWS
...
* instead of Msf::OperatingSystems::WINDOWS
2014-12-12 18:19:58 -06:00
HD Moore
4fc4866fd8
Merge code in from #2395
2014-12-12 16:22:51 -06:00
Tod Beardsley
488f46c8a1
Land #4324 , payload_exe rightening.
...
Fixes #4323 , but /not/ #4246 .
2014-12-12 15:04:57 -06:00
HD Moore
50b734f996
Add Portuguese target, lands #3961 (also reorders targets)
2014-12-12 14:23:02 -06:00
Christian Mehlmauer
0f27c63720
fix msftidy warnings
2014-12-12 13:16:21 +01:00
Jon Hart
65b316cd8c
Land #4372
2014-12-11 18:48:16 -08:00
Christian Mehlmauer
544f75e7be
fix invalid URI scheme, closes #4362
2014-12-11 23:34:10 +01:00
Christian Mehlmauer
de88908493
code style
2014-12-11 23:30:20 +01:00
Tod Beardsley
0eea9a02a1
Land #3144 , psexec refactoring
2014-12-10 17:30:39 -06:00
Meatballs
c813c117db
Use DNS names
2014-12-10 22:25:44 +00:00
Matthew Hall
ea08fc0767
modules/exploits/windows/misc/hp_dataprotector_dll_cmd_exec.rb
2014-12-10 10:28:38 +00:00
Matthew Hall
c97a3d9e2e
modules/exploits/windows/misc/hp_dataprotector_dll_cmd_exec.rb
2014-12-10 09:14:01 +00:00
Matthew Hall
60edda4ff1
add hp data protector exploit
2014-12-09 14:12:37 +00:00
William Vu
2f98a46241
Land #4314 , @todb-r7's module cleanup
2014-12-05 14:05:09 -06:00
sinn3r
7ae786a53b
Add a comment as an excuse to tag the issue
...
Fix #4246
... so it will automatically close the ticket.
2014-12-05 11:26:26 -06:00
sinn3r
f25e3ebaaf
Fix #4246 - More undef 'payload_exe' in other modules
...
Root cause: payload_exe is an accessor in the TFPT command stager
mixin, you need stager_instance in order to retreive that info.
2014-12-05 11:19:58 -06:00
sinn3r
e3f7398acd
Fix #4246 - Access payload_exe information correctly
...
This fixes an undef method 'payload_exe' error. We broke this when
all modules started using Msf::Exploit::CmdStager as the only source
to get a command stager payload. The problem with that is "payload_exe"
is an accessor in CmdStagerTFTP, not in CmdStager, so when the module
wants to access that, we trigger the undef method error.
To be exact, this is the actual commit that broke it:
7ced5927d8
Fix #4246
2014-12-05 02:08:13 -06:00
Meatballs
b634bde8a1
Lateral movement through PSRemoting
2014-12-04 22:06:28 +00:00
Jon Hart
52851d59c0
Update GATEWAY to GATEWAY_PROBE_HOST, add GATEWAY_PROBE_PORT
2014-12-04 13:26:16 -08:00
Jon Hart
6bd56ac225
Update any modules that deregistered NETMASK
2014-12-04 13:22:06 -08:00
Meatballs
e471271231
Move comment
2014-12-04 20:24:37 +00:00
Meatballs
c14ba11e79
If extapi dont stage payload
2014-12-04 20:17:48 +00:00
Tod Beardsley
79f2708a6e
Slight fixes to grammar/desc/whitespace
...
Note that the format_all_drives module had a pile of CRLFs that should
have been caught by msftidy. Not sure why it didn't.
2014-12-04 13:11:33 -06:00
sinn3r
2fcbcc0c26
Resolve merge conflict for ie_setmousecapture_uaf ( #4213 )
...
Conflicts:
modules/exploits/windows/browser/ie_setmousecapture_uaf.rb
2014-12-03 14:12:15 -06:00
sinn3r
a631ee65f6
Fix #4293 - Use OperatingSystems::Match::WINDOWS
...
Fix #4293 . Modules should use OperatingSystems::Match::WINDOWS
instead of Msf::OperatingSystems::WINDOWS, because the second
won't match anything anymore.
2014-12-02 13:46:27 -06:00
sinn3r
a88ee0911a
Fix os detection
...
See #3373
2014-12-02 01:15:55 -06:00
sinn3r
a42c7a81e7
Fix os detection
...
See #4283
2014-12-02 01:13:51 -06:00
sinn3r
0f973fdf2b
Fix #4284 - Typo "neline" causing the exploit to break
...
"neline" isn't supposed to be there at all.
2014-12-01 01:24:30 -06:00
sinn3r
2a7d4ed963
Touchup
2014-11-28 10:12:05 -06:00
spdfire
583494c0db
use BrowserExploitServer
2014-11-24 18:49:27 +01:00
spdfire
08a67d78c5
module for CVE-2014-6332.
2014-11-24 08:25:18 +01:00
Meatballs
1d0d5582c1
Remove datastore options
2014-11-19 15:05:36 +00:00
Meatballs
7004c501f8
Merge remote-tracking branch 'upstream/master' into psexec_refactor_round2
...
Conflicts:
modules/exploits/windows/smb/psexec.rb
2014-11-19 14:40:50 +00:00
Jon Hart
60e31cb342
Allow sunrpc_create to raise on its own
2014-11-18 12:17:10 -08:00
jvazquez-r7
7daedac399
Land #3972 @jhart-r7's post gather module for remmina Remmina
...
* Gather credentials managed with Remmina
2014-11-17 16:44:41 -06:00
jvazquez-r7
145e610c0f
Avoid shadowing new method
2014-11-17 12:22:30 -06:00
William Vu
91ba25a898
Land #4208 , psexec delay fix
2014-11-17 11:35:56 -06:00
HD Moore
9fe4994492
Chris McNab has been working with MITRE to add these CVEs
...
These CVEs are not live yet, but have been confirmed by cve-assign
t
2014-11-16 18:42:53 -06:00
Rich Lundeen
27d5ed624f
fix for IE9 exploit config
2014-11-14 17:21:59 -08:00
Rich Lundeen
17ab0cf96e
ADD winxpIE8 exploit for MS13-080
2014-11-14 17:16:51 -08:00
sinn3r
e194d5490d
See #4162 - Don't delay before deleting a file via SMB
...
So I was looking at issue #4162 , and on my box I was seeing this
problem of the exploit failing to delete the payload in C:\Windows,
and the error was "Rex::Proto::SMB::Exceptions::NoReply The SMB
server did not reply to our request". I ended up removing the sleep(),
and that got it to function properly again. The box was a Win 7 SP1.
I also tested other Winodws boxes such as Win XP SP3, Windows Server
2008 SP2 and not having the sleep() doesn't seem to break anything.
So I don't even know why someone had to add the sleep() in the first
place.
2014-11-14 15:45:37 -06:00
Tod Beardsley
dd1920edd6
Minor typos and grammar fixes
2014-11-13 14:48:23 -06:00
jvazquez-r7
31f3aa1f6d
Refactor create packager methods
2014-11-13 01:16:15 -06:00
jvazquez-r7
38a96e3cfc
Update target info
2014-11-13 00:56:42 -06:00
jvazquez-r7
e25b6145f9
Add module for MS14-064 bypassing UAC through python for windows
2014-11-13 00:56:10 -06:00
jvazquez-r7
c35dc2e6b3
Add module for CVE-2014-6352
2014-11-12 01:10:49 -06:00
sinn3r
0dbfecba36
Better method name
...
Should be srvhost, not lhost
2014-11-07 02:23:34 -06:00
sinn3r
579481e5f8
Explain why I did this
...
Also tagging Fix #4133
2014-11-06 14:25:11 -06:00
sinn3r
f210ade253
Use SRVHOST for msvidctl_mpeg2
2014-11-06 14:23:21 -06:00
jvazquez-r7
54c1e13a98
Land #4140 , @wchen-r7's default template for adobe_pdf_embedded_exe
...
* Fixes #4134
* Adds a default PDF template
2014-11-05 20:21:14 -06:00
sinn3r
1b2554bc0d
Add a default template for CVE-2010-1240 PDF exploit
2014-11-05 17:08:38 -06:00
sinn3r
9a27984ac1
switch from error to switch
2014-11-03 13:56:41 -06:00
sinn3r
a823ca6b2f
Add support for HTTP authentication. And more informative.
2014-11-03 13:46:53 -06:00
jvazquez-r7
6574db5dbb
Fix the 64 bits code
2014-10-30 17:01:59 -05:00
Meatballs
4f61710c9a
Merge remote-tracking branch 'upstream/master' into psexec_refactor_round2
2014-10-28 20:26:44 +00:00
jvazquez-r7
5e0993d756
Add OJ as author
2014-10-28 09:58:34 -05:00
Spencer McIntyre
830f631da4
Make the check routine less strict
2014-10-27 12:51:20 -04:00
Spencer McIntyre
46b1abac4a
More robust check routine for cve-2014-4113
2014-10-27 11:19:12 -04:00
jvazquez-r7
4406972b46
Do version checking minor cleanup
2014-10-27 09:32:42 -05:00
jvazquez-r7
c319ea91b3
Delete verbose print
2014-10-26 17:31:19 -05:00
jvazquez-r7
34697a2240
Delete 'callback3' also from 32 bits version
2014-10-26 17:28:35 -05:00
Spencer McIntyre
7416c00416
Initial addition of x64 target for cve-2014-4113
2014-10-26 16:54:42 -04:00
jvazquez-r7
a75186d770
Add module for CVE-2014-4113
2014-10-23 18:51:30 -05:00
Tod Beardsley
6812b8fa82
Typo and grammar
2014-10-20 11:02:09 -05:00
sinn3r
d1523c59a9
Land #3965 - BMC Track-It! Arbitrary File Upload
2014-10-17 19:47:42 -05:00
sinn3r
8b5a33c23f
Land #4044 - MS14-060 "Sandworm"
2014-10-17 16:46:32 -05:00
jvazquez-r7
70f8e8d306
Update description
2014-10-17 16:17:00 -05:00
jvazquez-r7
e52241bfe3
Update target info
2014-10-17 16:14:54 -05:00
sinn3r
ef1556eb62
Another update
2014-10-17 13:56:37 -05:00
jvazquez-r7
8fa648744c
Add @wchen-r7's unc regex
2014-10-17 13:46:13 -05:00
URI Assassin
35d3bbf74d
Fix up comment splats with the correct URI
...
See the complaint on #4039 . This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
jvazquez-r7
e5903562ee
Delete bad/incomplete validation method
2014-10-17 10:36:01 -05:00
sinn3r
a79427a659
I shoulda checked before git commit
2014-10-17 00:54:45 -05:00
sinn3r
4c0048f26a
Update description
2014-10-17 00:46:17 -05:00
jvazquez-r7
1d16bd5c77
Fix vulnerability discoverer
2014-10-16 18:01:45 -05:00
jvazquez-r7
807f1e3560
Fix target name
2014-10-16 17:58:45 -05:00
jvazquez-r7
c1f9ccda64
Fix ruby
2014-10-16 17:55:00 -05:00
jvazquez-r7
e40642799e
Add sandworm module
2014-10-16 16:37:37 -05:00