Commit Graph

4763 Commits (e3d1a34c663cd7e9285d59d5c315f66703539280)

Author SHA1 Message Date
Meatballs ea25869312
Refactor to common module 2015-01-27 10:47:02 +00:00
sinn3r 9e3388df34 Use BES for MS13-037 and default to ntdll 2015-01-27 00:18:36 -06:00
Tod Beardsley bae19405a7
Various grammar, spelling, word choice fixes 2015-01-26 11:00:07 -06:00
Meatballs 93537765d0
Add TODO 2015-01-26 15:59:22 +00:00
Meatballs 5ae65a723f
Initial 2015-01-26 15:57:52 +00:00
sinn3r f5916eba6d Move modules/exploits/windows/misc/psh_web_delivery.rb
This module was scheduled to be removed on 10/23/2014.
Please use exploit/multi/script/web_delivery instead.
2015-01-26 00:28:40 -06:00
sinn3r bbcc2eb07d Move modules/exploits/windows/misc/pxecploit.rb
This module was scheduled to be removed on 10/31/2014.
Please use exploits/windows/local/pxeexploit instead.
2015-01-26 00:25:02 -06:00
sgabe dbe5dd77e3 Enforce update to real versions 2015-01-25 10:53:14 +01:00
Gabor Seljan 2680e76e26 Remove wrong references 2015-01-25 00:17:30 +01:00
sgabe affc661524 Add module for CVE-2014-4936 2015-01-18 17:18:05 +01:00
Brent Cook a2a1a90678
Land #4316, Meatballs1 streamlines payload execution for exploits/windows/local/wmi
also fixes a typo bug in WMIC
2015-01-16 11:16:22 -06:00
Brent Cook c1e604f201
Land #4562: wchen-r7's CVE addition 2015-01-15 14:34:37 -06:00
Brent Cook 47cd5a3e59
Land #4562, wchen-r7's Win8 NtApphelpCacheControl privilege escalation 2015-01-15 13:52:07 -06:00
sinn3r 09eaf80a90 Add CVE 2015-01-15 13:22:00 -06:00
sgabe 68dc3ce876 Minor code formatting 2015-01-15 19:33:08 +01:00
sinn3r 57904773e7 Configurable resource 2015-01-15 10:28:03 -06:00
Gabor Seljan ef0be946b1 Use HttpServer instead of TcpServer 2015-01-15 10:39:17 +01:00
sgabe da0fce1ea8 Add module for CVE-2014-2206 2015-01-14 22:04:30 +01:00
sinn3r 7876401419
Land #4476 - Lexmark MarkVision Enterprise Arbitrary File Upload 2015-01-12 10:44:23 -06:00
sinn3r 34bbc5be90 print error message about limitation 2015-01-11 20:12:40 -06:00
sinn3r 46d1616994 Hello ARCH_X86_64 2015-01-10 06:16:22 -06:00
sinn3r 3c8be9e36d Just x86 2015-01-09 19:12:51 -06:00
sinn3r 74e8e057dd Use RDL 2015-01-09 19:02:08 -06:00
jvazquez-r7 d65ed54e0c Check STARTUP_FOLDER option 2015-01-09 12:21:01 -06:00
jvazquez-r7 2c633e403e Do code cleanup 2015-01-09 12:07:59 -06:00
jvazquez-r7 d52e9d4e21 Fix metadata again 2015-01-09 11:20:00 -06:00
jvazquez-r7 9dbf163fe7 Do minor style fixes 2015-01-09 11:17:16 -06:00
jvazquez-r7 8f09e0c20c Fix metadata by copying the mysql_mof data 2015-01-09 11:15:32 -06:00
jvazquez-r7 da6496fee1
Test landing #2156 into up to date branch 2015-01-09 11:04:47 -06:00
sinn3r ee5c249c89 Add EDB reference 2015-01-09 00:19:12 -06:00
sinn3r 75de792558 Add a basic check 2015-01-09 00:03:39 -06:00
sinn3r 4911127fe2 Match the title and change the description a little bit 2015-01-08 21:48:01 -06:00
sinn3r b7b3ae4d2a A little randomness 2015-01-08 21:25:55 -06:00
sinn3r b65013c5c5 Another update 2015-01-08 18:39:04 -06:00
sinn3r b2ff5425bc Some changes 2015-01-08 18:33:30 -06:00
sinn3r 53e6f42d99 This works 2015-01-08 17:57:14 -06:00
sinn3r 7ed6b3117a Update 2015-01-08 17:18:14 -06:00
Brent Cook fb5170e8b3
Land #2766, Meatballs1's refactoring of ExtAPI services
- Many code duplications are eliminated from modules in favor of shared
   implementations in the framework.
 - Paths are properly quoted in shell operations and duplicate operations are
   squashed.
 - Various subtle bugs in error handling are fixed.
 - Error handling is simpler.
 - Windows services API is revised and modules are updated to use it.
 - various API docs added
 - railgun API constants are organized and readable now.
2015-01-08 16:54:01 -06:00
sinn3r 0e6c7181b1 "Stash" it 2015-01-08 14:13:14 -06:00
Meatballs a9fee9c022
Fall back to runas if UAC disabled 2015-01-08 11:07:57 +00:00
OJ 844460dd87
Update bypass UAC to work on 8.1 and 2012
This commit contains a bunch of work that comes from Meatballs1 and
Lesage, and updates the bypassuac_inject module so that it works on
Windows 8.x and Windows 2012. Almost zero of the code in this module
can be attributed to me. Most of it comes from Ben's work.

I did do some code tidying, adjustment of style, etc. but other than
that it's all down to other people.
2015-01-08 15:39:19 +10:00
Meatballs 0b0ac1455a
Merge remote-tracking branch 'upstream/master' into extapi_service_post
Conflicts:
	test/modules/post/test/services.rb
2015-01-07 20:53:34 +00:00
sinn3r c60b6969bc Oh so that's it 2015-01-07 10:39:46 -06:00
sinn3r 2ed05869b8 Make Msf::Exploit::PDF follow the Ruby method naming convention
Just changing method names.

It will actually also fix #4520
2015-01-06 12:42:06 -06:00
William Vu f2710f6ba7
Land #4443, BulletProof FTP client exploit 2015-01-06 02:10:42 -06:00
William Vu 482cfb8d59
Clean up some stuff 2015-01-06 02:10:25 -06:00
Meatballs dd5c638ab0
Merge remote-tracking branch 'upstream/master' into extapi_service_post 2015-01-05 22:18:44 +00:00
sinn3r 44dfa746eb Resolve #4513 - Change #inspect to #to_s
Resolve #4513
2015-01-05 11:50:51 -06:00
sinn3r d45cdd61aa Resolve #4507 - respond_to? + send = evil
Since Ruby 2.1, the respond_to? method is more strict because it does
not check protected methods. So when you use send(), clearly you're
ignoring this type of access control. The patch is meant to preserve
this behavior to avoid potential breakage.

Resolve #4507
2015-01-02 13:29:17 -06:00
sinn3r 3c755a6dfa Template 2015-01-02 11:31:28 -06:00
sinn3r 48919eadb6
Land #4444 - i-FTP BoF 2014-12-30 12:38:28 -06:00
jvazquez-r7 d2af956b16 Do minor cleanups 2014-12-29 10:39:51 -06:00
jvazquez-r7 9f98fd4d87 Info leak webapp ROOT so we can cleanup 2014-12-27 08:47:51 -06:00
jvazquez-r7 5afd2d7f4b Add module for ZDI-14-410 2014-12-26 20:40:28 -06:00
jvazquez-r7 655cfdd416
Land #4321, @wchen-r7's fixes #4246 ms01_026_dbldecode undef method 2014-12-26 12:48:29 -06:00
Gabor Seljan 0b85a81b01 Use REXML to generate exploit file 2014-12-24 19:23:28 +01:00
jvazquez-r7 ebb05a64ea
Land #4357, @Meatballs1 Kerberos Support for current_user_psexec 2014-12-23 20:38:31 -06:00
Matthew Hall 9af5b03105 correct disclosure date 2014-12-22 12:42:52 +00:00
Matthew Hall d1bbfae786 delete duplicate 2014-12-22 12:40:14 +00:00
Matthew Hall b09d60b589 cleanups 2014-12-22 11:08:51 +00:00
Matthew Hall 77780022dc cleanups 2014-12-22 11:07:50 +00:00
Jon Cave 44084b4ef6 Correct Microsoft security bulletin for ppr_flatten_rec 2014-12-22 10:40:23 +00:00
Gabor Seljan 9be95eacb8 Use %Q for double-quoted string 2014-12-22 07:37:32 +01:00
sgabe bb33a91110 Update description to be a little more descriptive 2014-12-21 19:31:58 +01:00
sgabe cd02e61a57 Add module for OSVDB-114279 2014-12-21 17:00:45 +01:00
sgabe 9f97b55a4b Add module for CVE-2014-2973 2014-12-20 18:38:22 +01:00
Tod Beardsley d3050de862
Remove references to Redmine in code
See #4400. This should be all of them, except for, of course, the module
that targets Redmine itself.

Note that this also updates the README.md with more current information
as well.
2014-12-19 17:27:08 -06:00
Matthew Hall e7da23e8e5 modules/exploits/windows/misc/hp_dataprotector_dll_cmd_exec.rb 2014-12-17 15:25:13 +00:00
David Maloney f237c56a13
This oracle scheduler exploit hangs if not vuln
When this exploit gets run against a system that isn't vulnerable
it can hang for a signifigant ammount of time. This change uses the check
method on the exploit to see whether it should proceed. Don't try to exploit
the host if it's not vulnerable.
2014-12-16 09:42:42 -06:00
Sean Verity 9a0ed723d1 Adds error handling for drive letter enumeration 2014-12-14 12:56:20 -05:00
Sean Verity 0c5f4ce4ee Removed the handler-ish code 2014-12-13 22:18:41 -05:00
Sean Verity 2addd0fdc4 Fixed name, removed tabs, updated license 2014-12-13 20:37:19 -05:00
jvazquez-r7 b1453afb52
Land #4297, fixes #4293, Use OperatingSystems::Match::WINDOWS
* instead of Msf::OperatingSystems::WINDOWS
2014-12-12 18:19:58 -06:00
HD Moore 4fc4866fd8 Merge code in from #2395 2014-12-12 16:22:51 -06:00
Tod Beardsley 488f46c8a1
Land #4324, payload_exe rightening.
Fixes #4323, but /not/ #4246.
2014-12-12 15:04:57 -06:00
HD Moore 50b734f996 Add Portuguese target, lands #3961 (also reorders targets) 2014-12-12 14:23:02 -06:00
Christian Mehlmauer 0f27c63720
fix msftidy warnings 2014-12-12 13:16:21 +01:00
Jon Hart 65b316cd8c
Land #4372 2014-12-11 18:48:16 -08:00
Christian Mehlmauer 544f75e7be
fix invalid URI scheme, closes #4362 2014-12-11 23:34:10 +01:00
Christian Mehlmauer de88908493
code style 2014-12-11 23:30:20 +01:00
Tod Beardsley 0eea9a02a1
Land #3144, psexec refactoring 2014-12-10 17:30:39 -06:00
Meatballs c813c117db
Use DNS names 2014-12-10 22:25:44 +00:00
Matthew Hall ea08fc0767 modules/exploits/windows/misc/hp_dataprotector_dll_cmd_exec.rb 2014-12-10 10:28:38 +00:00
Matthew Hall c97a3d9e2e modules/exploits/windows/misc/hp_dataprotector_dll_cmd_exec.rb 2014-12-10 09:14:01 +00:00
Matthew Hall 60edda4ff1 add hp data protector exploit 2014-12-09 14:12:37 +00:00
William Vu 2f98a46241
Land #4314, @todb-r7's module cleanup 2014-12-05 14:05:09 -06:00
sinn3r 7ae786a53b Add a comment as an excuse to tag the issue
Fix #4246

... so it will automatically close the ticket.
2014-12-05 11:26:26 -06:00
sinn3r f25e3ebaaf Fix #4246 - More undef 'payload_exe' in other modules
Root cause: payload_exe is an accessor in the TFPT command stager
mixin, you need stager_instance in order to retreive that info.
2014-12-05 11:19:58 -06:00
sinn3r e3f7398acd Fix #4246 - Access payload_exe information correctly
This fixes an undef method 'payload_exe' error. We broke this when
all modules started using Msf::Exploit::CmdStager as the only source
to get a command stager payload. The problem with that is "payload_exe"
is an accessor in CmdStagerTFTP, not in CmdStager, so when the module
wants to access that, we trigger the undef method error.

To be exact, this is the actual commit that broke it:
7ced5927d8

Fix #4246
2014-12-05 02:08:13 -06:00
Meatballs b634bde8a1
Lateral movement through PSRemoting 2014-12-04 22:06:28 +00:00
Jon Hart 52851d59c0
Update GATEWAY to GATEWAY_PROBE_HOST, add GATEWAY_PROBE_PORT 2014-12-04 13:26:16 -08:00
Jon Hart 6bd56ac225
Update any modules that deregistered NETMASK 2014-12-04 13:22:06 -08:00
Meatballs e471271231
Move comment 2014-12-04 20:24:37 +00:00
Meatballs c14ba11e79
If extapi dont stage payload 2014-12-04 20:17:48 +00:00
Tod Beardsley 79f2708a6e
Slight fixes to grammar/desc/whitespace
Note that the format_all_drives module had a pile of CRLFs that should
have been caught by msftidy. Not sure why it didn't.
2014-12-04 13:11:33 -06:00
sinn3r 2fcbcc0c26 Resolve merge conflict for ie_setmousecapture_uaf (#4213)
Conflicts:
	modules/exploits/windows/browser/ie_setmousecapture_uaf.rb
2014-12-03 14:12:15 -06:00
sinn3r a631ee65f6 Fix #4293 - Use OperatingSystems::Match::WINDOWS
Fix #4293. Modules should use OperatingSystems::Match::WINDOWS
instead of Msf::OperatingSystems::WINDOWS, because the second
won't match anything anymore.
2014-12-02 13:46:27 -06:00
sinn3r a88ee0911a Fix os detection
See #3373
2014-12-02 01:15:55 -06:00
sinn3r a42c7a81e7 Fix os detection
See #4283
2014-12-02 01:13:51 -06:00
sinn3r 0f973fdf2b Fix #4284 - Typo "neline" causing the exploit to break
"neline" isn't supposed to be there at all.
2014-12-01 01:24:30 -06:00
sinn3r 2a7d4ed963 Touchup 2014-11-28 10:12:05 -06:00
spdfire 583494c0db use BrowserExploitServer 2014-11-24 18:49:27 +01:00
spdfire 08a67d78c5 module for CVE-2014-6332. 2014-11-24 08:25:18 +01:00
Meatballs 1d0d5582c1 Remove datastore options 2014-11-19 15:05:36 +00:00
Meatballs 7004c501f8
Merge remote-tracking branch 'upstream/master' into psexec_refactor_round2
Conflicts:
	modules/exploits/windows/smb/psexec.rb
2014-11-19 14:40:50 +00:00
Jon Hart 60e31cb342 Allow sunrpc_create to raise on its own 2014-11-18 12:17:10 -08:00
jvazquez-r7 7daedac399
Land #3972 @jhart-r7's post gather module for remmina Remmina
* Gather credentials managed with Remmina
2014-11-17 16:44:41 -06:00
jvazquez-r7 145e610c0f Avoid shadowing new method 2014-11-17 12:22:30 -06:00
William Vu 91ba25a898
Land #4208, psexec delay fix 2014-11-17 11:35:56 -06:00
HD Moore 9fe4994492 Chris McNab has been working with MITRE to add these CVEs
These CVEs are not live yet, but have been confirmed by cve-assign
t
2014-11-16 18:42:53 -06:00
Rich Lundeen 27d5ed624f fix for IE9 exploit config 2014-11-14 17:21:59 -08:00
Rich Lundeen 17ab0cf96e ADD winxpIE8 exploit for MS13-080 2014-11-14 17:16:51 -08:00
sinn3r e194d5490d See #4162 - Don't delay before deleting a file via SMB
So I was looking at issue #4162, and on my box I was seeing this
problem of the exploit failing to delete the payload in C:\Windows,
and the error was "Rex::Proto::SMB::Exceptions::NoReply The SMB
server did not reply to our request". I ended up removing the sleep(),
and that got it to function properly again. The box was a Win 7 SP1.

I also tested other Winodws boxes such as Win XP SP3, Windows Server
2008 SP2 and not having the sleep() doesn't seem to break anything.
So I don't even know why someone had to add the sleep() in the first
place.
2014-11-14 15:45:37 -06:00
Tod Beardsley dd1920edd6
Minor typos and grammar fixes 2014-11-13 14:48:23 -06:00
jvazquez-r7 31f3aa1f6d Refactor create packager methods 2014-11-13 01:16:15 -06:00
jvazquez-r7 38a96e3cfc Update target info 2014-11-13 00:56:42 -06:00
jvazquez-r7 e25b6145f9 Add module for MS14-064 bypassing UAC through python for windows 2014-11-13 00:56:10 -06:00
jvazquez-r7 c35dc2e6b3 Add module for CVE-2014-6352 2014-11-12 01:10:49 -06:00
sinn3r 0dbfecba36 Better method name
Should be srvhost, not lhost
2014-11-07 02:23:34 -06:00
sinn3r 579481e5f8 Explain why I did this
Also tagging Fix #4133
2014-11-06 14:25:11 -06:00
sinn3r f210ade253 Use SRVHOST for msvidctl_mpeg2 2014-11-06 14:23:21 -06:00
jvazquez-r7 54c1e13a98
Land #4140, @wchen-r7's default template for adobe_pdf_embedded_exe
* Fixes #4134
* Adds a default PDF template
2014-11-05 20:21:14 -06:00
sinn3r 1b2554bc0d Add a default template for CVE-2010-1240 PDF exploit 2014-11-05 17:08:38 -06:00
sinn3r 9a27984ac1 switch from error to switch 2014-11-03 13:56:41 -06:00
sinn3r a823ca6b2f Add support for HTTP authentication. And more informative. 2014-11-03 13:46:53 -06:00
jvazquez-r7 6574db5dbb Fix the 64 bits code 2014-10-30 17:01:59 -05:00
Meatballs 4f61710c9a
Merge remote-tracking branch 'upstream/master' into psexec_refactor_round2 2014-10-28 20:26:44 +00:00
jvazquez-r7 5e0993d756
Add OJ as author 2014-10-28 09:58:34 -05:00
Spencer McIntyre 830f631da4 Make the check routine less strict 2014-10-27 12:51:20 -04:00
Spencer McIntyre 46b1abac4a More robust check routine for cve-2014-4113 2014-10-27 11:19:12 -04:00
jvazquez-r7 4406972b46 Do version checking minor cleanup 2014-10-27 09:32:42 -05:00
jvazquez-r7 c319ea91b3 Delete verbose print 2014-10-26 17:31:19 -05:00
jvazquez-r7 34697a2240 Delete 'callback3' also from 32 bits version 2014-10-26 17:28:35 -05:00
Spencer McIntyre 7416c00416 Initial addition of x64 target for cve-2014-4113 2014-10-26 16:54:42 -04:00
jvazquez-r7 a75186d770 Add module for CVE-2014-4113 2014-10-23 18:51:30 -05:00
Tod Beardsley 6812b8fa82
Typo and grammar 2014-10-20 11:02:09 -05:00
sinn3r d1523c59a9
Land #3965 - BMC Track-It! Arbitrary File Upload 2014-10-17 19:47:42 -05:00
sinn3r 8b5a33c23f
Land #4044 - MS14-060 "Sandworm" 2014-10-17 16:46:32 -05:00
jvazquez-r7 70f8e8d306 Update description 2014-10-17 16:17:00 -05:00
jvazquez-r7 e52241bfe3 Update target info 2014-10-17 16:14:54 -05:00
sinn3r ef1556eb62 Another update 2014-10-17 13:56:37 -05:00
jvazquez-r7 8fa648744c Add @wchen-r7's unc regex 2014-10-17 13:46:13 -05:00
URI Assassin 35d3bbf74d
Fix up comment splats with the correct URI
See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
jvazquez-r7 e5903562ee Delete bad/incomplete validation method 2014-10-17 10:36:01 -05:00
sinn3r a79427a659 I shoulda checked before git commit 2014-10-17 00:54:45 -05:00
sinn3r 4c0048f26a Update description 2014-10-17 00:46:17 -05:00
jvazquez-r7 1d16bd5c77 Fix vulnerability discoverer 2014-10-16 18:01:45 -05:00
jvazquez-r7 807f1e3560 Fix target name 2014-10-16 17:58:45 -05:00
jvazquez-r7 c1f9ccda64 Fix ruby 2014-10-16 17:55:00 -05:00
jvazquez-r7 e40642799e Add sandworm module 2014-10-16 16:37:37 -05:00
Tod Beardsley 9f6008e275
A couple OSVDB updates for recent modules 2014-10-14 13:39:36 -05:00
Tod Beardsley 4f8801eeba
Land #3651, local Bluetooth exploit a @KoreLogic
This started life as #3653. I'll take this out of unstable as well,
since it got there on commit b10cbe4f
2014-10-14 13:13:34 -05:00
Tod Beardsley b1223165d4
Trivial grammar fixes 2014-10-14 12:00:50 -05:00
Pedro Ribeiro 4b7a446547 ... and restore use of the complicated socket 2014-10-09 18:30:45 +01:00
Pedro Ribeiro c78651fccc Use numbers for version tracking 2014-10-09 18:29:27 +01:00
Jay Smith 7dd6a4d0d9
Merge in changes from @todb-r7. 2014-10-08 13:25:44 -04:00
jvazquez-r7 411f6c8b2d
Land #3793, @mfadzilr's exploit for CVE-2014-6287, HFS remote code execution 2014-10-08 12:16:09 -05:00
jvazquez-r7 98b69e095c Use %TEMP% and update ranking 2014-10-08 12:12:00 -05:00
jvazquez-r7 d90fe4f724 Improve check method 2014-10-08 12:03:16 -05:00
jvazquez-r7 25344aeb6a Change filename 2014-10-08 11:55:33 -05:00
jvazquez-r7 909f88680b Make exploit aggressive 2014-10-08 11:08:01 -05:00
jvazquez-r7 d02f0dc4b9 Make minor cleanup 2014-10-08 10:36:56 -05:00
jvazquez-r7 d913bf1c35 Fix metadata 2014-10-08 10:29:59 -05:00
Pedro Ribeiro 0a9795216a Add OSVDB id and full disclosure URL 2014-10-08 08:25:41 +01:00
Pedro Ribeiro d328b2c29d Add exploit for Track-It! file upload vuln 2014-10-07 23:50:10 +01:00
James Lee a65ee6cf30
Land #3373, recog
Conflicts:
	Gemfile
	Gemfile.lock
	data/js/detect/os.js
	lib/msf/core/exploit/remote/browser_exploit_server.rb
	modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-10-03 18:05:58 -05:00
sinn3r b17396931f Fixes #3876 - Move pxeexploit to local directory 2014-09-30 17:16:13 -05:00
Meatballs d5959d6bd6
Land #2585, Refactor Bypassuac with Runas Mixin 2014-09-28 09:24:22 +01:00
sinn3r 11b9a8a6ae
Land #3814 - Advantech WebAccess dvs.ocx GetColor BoF 2014-09-23 15:06:21 -05:00
jvazquez-r7 b021ff4399 Add noche tags 2014-09-23 13:11:06 -05:00
jvazquez-r7 5c6236e874 Fix rop chain to allow VirtualAlloc when end of stack is too close 2014-09-23 13:08:26 -05:00
sinn3r 31ecbfdc4e
Land #3756 - EMC AlphaStor Device Manager Opcode 0x75 Command Injection 2014-09-23 12:57:46 -05:00
mfadzilr a2a2ca550e add test result on different windows version 2014-09-20 20:06:30 +08:00
mfadzilr dd71c666dc added osvdb reference and software download url, use FileDropper method
for cleanup
2014-09-20 15:31:28 +08:00
mfadzilr 19ed594e98 using FileDropper method for cleanup 2014-09-20 10:52:21 +08:00
mfadzilr 677d035ce8 added proper regex for check function
add comment for changed code
2014-09-19 11:30:51 +08:00
jvazquez-r7 64ac1e6b26 Rand padding 2014-09-17 08:09:09 -05:00
jvazquez-r7 e593a4c898 Add comment about gadgets origin 2014-09-16 16:38:03 -05:00
jvazquez-r7 80f02c2a05 Make module ready to go 2014-09-16 15:18:11 -05:00
mfadzilr 978803e9d8 add proper regex 2014-09-16 21:49:02 +08:00
mfadzilr 783b03efb6 change line 84 as mubix advice, update disclosure date according to
bugtraq security list.
2014-09-15 17:21:05 +08:00
mfadzilr 9860ed340e run msftidy, make correction for CVE format and space at EOL (line 77) 2014-09-15 13:13:25 +08:00
mfadzilr f1d3c44f4f exploit module for HTTP File Server version 2.3b, exploiting HFS scripting commands 'save' and 'exec'. 2014-09-15 12:59:27 +08:00
mfadzilr 74ef83812a update module vulnerability information 2014-09-15 01:43:18 +08:00
mfadzilr 8b4b66fcaa initial test 2014-09-14 12:26:02 +08:00
jvazquez-r7 3a6066792d Work in rop chain... 2014-09-13 17:38:19 -05:00
jvazquez-r7 e2ef927177 Add first version for ZDI-14-255 2014-09-12 08:57:54 -05:00
sinn3r 0a6ce1f305
Land #3727 - SolarWinds Storage Manager exploit AND Msf::Payload::JSP 2014-09-09 17:21:03 -05:00
jvazquez-r7 df278dd2dc Conver to exploit 2014-09-05 14:47:33 -05:00
jvazquez-r7 d4a8b7e00d Move to exploits 2014-09-05 10:38:28 -05:00
jvazquez-r7 d041ee6629 Delete exploit modules from this branch 2014-09-05 10:29:24 -05:00
jvazquez-r7 f063dcf0f4
Land #3741, @pedrib's module for CVE-2014-5005 Desktop Central file upload 2014-09-04 15:44:21 -05:00
jvazquez-r7 f466b112df Minor cleaning on check 2014-09-04 15:43:59 -05:00
jvazquez-r7 74b8e8eb40 Change module filename 2014-09-04 15:39:34 -05:00
jvazquez-r7 7563c0bd0e Use Gem::Version 2014-09-04 14:40:13 -05:00
jvazquez-r7 2615a7a3be Favor \&\& and || operands 2014-09-04 14:35:37 -05:00
Pedro Ribeiro f0e3fa18a3 Restore the original filename 2014-09-03 21:32:05 +01:00
Pedro Ribeiro d69049008c Refactor and rename desktopcentra_file_upload
- Rewrite check method
- Declare that v7 is also exploitable (tested and it works)
- Rename to dc_agentlogupload_file_upload to match the other DC module's naming convention
- Add CVE / OSVDB / Full disclosure references
2014-09-02 23:12:33 +01:00
Pedro Ribeiro 05856016c9 Add exploit for CVE-2014-5005 2014-09-02 23:09:10 +01:00
jvazquez-r7 8b1791da22 Modify modules to keep old behavior 2014-08-31 01:18:53 -05:00
Spencer McIntyre 1cdf1c2c6e
Land #3709, @nnam's wing ftp admin console cmd exec 2014-08-29 13:46:01 -04:00
Spencer McIntyre 8095b4893c Rename and apply rubocop style to wing_ftp_admin_exec 2014-08-29 13:42:11 -04:00
nnam 02bbd53b82 Fix failure messages for check(). 2014-08-28 12:09:35 -07:00
Nicholas Nam 6c90a50e47 Handle res.nil case in check(). Revert check for res.nil in
execute_command() because it was failing prior to the reverse_shell
connecting.
2014-08-28 10:57:52 -07:00
Nicholas Nam 0788ce9745 Removed unused require and import. Handle the res.nil case in
execute_command() and authenticate().
2014-08-28 10:30:30 -07:00
jvazquez-r7 9d3d25a3b3 Solve conflicts 2014-08-28 10:19:12 -05:00
William Vu 9f6a40dfd6
Fix bad pack in mswin_tiff_overflow
Reported by @egyjuzer in #3706.
2014-08-26 11:14:44 -05:00
Nicholas Nam 40b66fae33 Add Wing FTP Server post-auth remote command execution module 2014-08-26 07:28:41 -07:00
Meatballs d2bc0baa87
Merge remote-tracking branch 'upstream/master' into extapi_service_post
Conflicts:
	lib/msf/core/post/windows/services.rb
2014-08-24 19:46:19 +01:00
Brandon Turner 05f0d09828
Merge branch staging/electro-release into master
On August 15, shuckins-r7 merged the Metasploit 4.10.0 branch
(staging/electro-release) into master.  Rather than merging with
history, he squashed all history into two commits (see
149c3ecc63 and
82760bf5b3).

We want to preserve history (for things like git blame, git log, etc.).
So on August 22, we reverted the commits above (see
19ba7772f3).

This merge commit merges the staging/electro-release branch
(62b81d6814) into master
(48f0743d1b).  It ensures that any changes
committed to master since the original squashed merge are retained.

As a side effect, you may see this merge commit in history/blame for the
time period between August 15 and August 22.
2014-08-22 10:50:38 -05:00
Brandon Turner 19ba7772f3
Revert "Various merge resolutions from master <- staging"
This reverts commit 149c3ecc63.

Conflicts:
	lib/metasploit/framework/command/base.rb
	lib/metasploit/framework/common_engine.rb
	lib/metasploit/framework/require.rb
	lib/msf/core/modules/namespace.rb
	modules/auxiliary/analyze/jtr_postgres_fast.rb
	modules/auxiliary/scanner/smb/smb_login.rb
	msfconsole
2014-08-22 10:17:44 -05:00
inkrypto 7e2d474a26 Ranking, Version, Spacing Edit 2014-08-22 11:06:42 -04:00
Tod Beardsley cad281494f
Minor caps, grammar, desc fixes 2014-08-18 13:35:34 -05:00
HD Moore d8e82b9394 Lands #3655, fixes pack operators
the commit.
he commit.
2014-08-17 17:25:52 -05:00
HD Moore 6d92d701d7 Merge feature/recog into post-electro master for this PR 2014-08-16 01:19:08 -05:00
Meatballs 0cc3bdfb35
Moar bad packs 2014-08-15 21:11:37 +01:00
inkrypto 7972da350d Files move to appropriate directories and have proper formatting 2014-08-15 14:37:29 -04:00
Samuel Huckins 149c3ecc63
Various merge resolutions from master <- staging
* --ask option ported to new location
* --version option now works
* MSF version updated
* All specs passing
2014-08-15 11:33:31 -05:00
Jay Smith b55f425ec0
Merge in changes from @todb-r7. 2014-08-14 17:22:07 -04:00
sinn3r f91116a8e8
Land #3634 - Virtual box 3D Acceleration OpenGL Host escape 2014-08-13 20:08:13 -05:00
jvazquez-r7 127d094a8d Dont share once device is opened 2014-08-13 16:13:38 -05:00
Meatballs 05a198bc96
Correct spelling 2014-08-13 14:06:25 +01:00
Meatballs 4a01c27ed4
Use get_env and good pack specifier 2014-08-13 10:59:22 +01:00
jvazquez-r7 da4b572a0d Change module name 2014-08-12 17:17:26 -05:00
jvazquez-r7 3eccc12f50 Switch from vprint to print 2014-08-12 17:11:24 -05:00
jvazquez-r7 f203fdebcb Use Msf::Exploit::Local::WindowsKernel 2014-08-12 17:09:39 -05:00
jvazquez-r7 e1debd68ad Merge to update 2014-08-12 16:21:39 -05:00
jvazquez-r7 183b27ee27 There is only one target 2014-08-12 16:14:41 -05:00
jvazquez-r7 c8e4048c19 Some style fixes 2014-08-12 16:11:31 -05:00
jvazquez-r7 ea3d2f727b Dont fail_with while checking 2014-08-12 16:09:59 -05:00
jvazquez-r7 042423088c Make sure which the full payload is used 2014-08-12 11:41:29 -05:00
Meatballs 351b687759
Land #3612, Windows Local Kernel exploits refactor 2014-08-10 22:05:06 +01:00
jvazquez-r7 486b5523ee Refactor set_version 2014-08-09 02:17:07 -05:00
jvazquez-r7 d959affd6e Delete debug message 2014-08-09 01:58:42 -05:00
jvazquez-r7 da04b43861 Add module for CVE-2014-0983 2014-08-09 01:56:38 -05:00
jvazquez-r7 b259e5b464 Update description again 2014-08-07 09:21:25 -05:00
jvazquez-r7 4af0eca330 Update target description 2014-08-07 09:11:01 -05:00
Brandon Turner 91bb0b6e10 Metasploit Framework 4.9.3-2014072301
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJT0CeVAAoJEJMMBVMNnmqO/7AP/0CBRHjtgiR9VnFKSQ+iWTQV
 iPNMBevn0mpSRq/gpoKCeFBZ6b+YQYrOLXDKVk62VV9LCslkr/P8LW8ul+m+JtB0
 mM6V5esUXM1XhgGEyTnTLRx6BR/WQU1RHlb56ae3nZjQlwCuH/5zEmcy5toZxpsY
 6HO46zE0GGBoLr/VgyYlfT08bfoQ+ICyJN0H5ixoovCc3iW0K1MNqLMfdani8zBJ
 gYJaMysV7XtepumWWQMSC+b/EuertdXXzWDy2bwe0Q3cQXNXzrkPAvtMqucWG+gy
 783OLKCPtVoEZiX87xAptkwmVCRdNGPclaWH7YRZDAh1tqBfRQUg72V/TIrOHCP1
 /lYO7yp5pBQg+1UNnpH+xI2YePFfYdHpYDNT5FSQGOnQjJg30ll4SqCm7cVmo2h5
 BRSYXkPCsQeXGaFarxGERNb8e+qN/WzSrHzY45tQw8mDuhg94tlf3VtDag3FXxhj
 zCxd6bu+tdboVm7FERS85T46kxzmeIycZ4p+Sf7d8gXitl2RKbBdKFNDi1gzeK1T
 yN7bDl4sL7qtDgZLXjFrnyC8vXyAqIrAgmFr2JywMBRm6TiCGQvgnrs+sScU3RFU
 W2tblGbKQq+CwDeC59uQPqxRkm72SMUrKX9448VEQ+9XbKE3TMQ5Q4qCxmnw31Op
 aJ0QgKJz8thZgafZc89I
 =e1z9
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCgAGBQJT4pb8AAoJEA+Ckxyj7hsHn+8P/3FlEYCmoqQ/JzsVtmP3Yi4Q
 gBRva+crY831mCCQXFrPJBvWfmy5HOzVh+Zh7zWF0GQ1WuuMppHfR5ARFVwmiDs3
 qwndhXwziDzBnznf0JKSgT5eJsH23s/ots1lyWymKJvPuT6hn6MRAHUawgnNmYR9
 ttnawmHvCM9Iha2oz3nmkLcNd+83bdBfEWi5l8AQ7jJxwMC2/8VPpMscVVwXqPzd
 CoQugAYZW5VeaEiGio5+19Ix9EPkIDvs6wnfGBtfPfeaOIDZV4XOFoIFUtEeZd5o
 olvEpYvdqscy4Qujzn4C++3wX3bUxkIbHTJHgrKmlD83dI7Cu1JH716G+yfLoJo0
 pQBWTGeWYKEh6leK/9J5Bo1/tOJ/ylbcbvH0Y0tmdu4icHar6uYe1QBrCB9xIdh1
 F+xo4guYnVo616DXJQSwjIye83b5dBxACrfA3bqCnFVFgTM5jXGV1cqiBgs9Dl++
 tIDPgUJkCe/bIdQ7PntlGRzxKihHahlxhCa++YaGKqSq7gXie8Rl4qgloIrbfNZ/
 z3XsoOLNdbMGO7ip88Zjwq4Khj5WZu7ijfCtXO7GU1UJZL1tJ2yK2ic7ZDLc251Y
 8EGMSTG53+6yvZYFtWMZeQzjwD2cpuF04dOmHOKi6KGJJ7KRPhn6gpsbc6U1mbH9
 AjGcfOzhhcsY+WAQ7OG+
 =Pjob
 -----END PGP SIGNATURE-----

Merge tag '2014072301' into staging/electro-release

Conflicts:
	Gemfile.lock
	modules/post/windows/gather/credentials/gpp.rb

This removes the active flag in the gpp.rb module.  According to Lance,
the active flag is no longer used.
2014-08-06 15:58:12 -05:00
Spencer McIntyre b602e47454 Implement improvements based on feedback 2014-08-05 21:24:37 -07:00
Jon Hart f25bb735a0
Land #3543, @todb-r7's Rubocop cleanup of MS08-067 2014-08-04 14:35:30 -07:00
Spencer McIntyre 9cd6353246 Update mqac_write to use the mixin and restore pointers 2014-08-04 12:15:39 -07:00
Spencer McIntyre a523898909 Apply rubocop suggestions for ms_ndproxy 2014-08-04 11:49:01 -07:00
Spencer McIntyre 86e2377218 Switch ms_ndproxy to use the new WindowsKernel mixin 2014-08-04 11:49:01 -07:00
Spencer McIntyre 58d29167e8 Refactor MS11-080 to use the mixin and for style 2014-08-04 11:49:01 -07:00
Joshua Smith 6c2b8f54cf rubocop cleanup, long lines, etc 2014-08-03 23:19:08 -05:00
OJ 2b021e647d Minor tidies to conform to standards 2014-08-03 23:19:08 -05:00
OJ 31c51eeb63 Move error messages to `check` 2014-08-03 23:19:08 -05:00
OJ cbf15660bf Add some small fixes to the MQAC local exploit
* Check for `INVALID_HANDLE_VALUE` when attempting to open the
  device, as this is what is returned when the device doesn't exist.
* Make sure that we only run the exploit against tartgets that we
  support directly to make sure we don't BSOD machines (such as what
  happens with SP1/SP2).
* Add a call to `check` in the exploit code.
2014-08-03 23:19:08 -05:00
b00stfr3ak add5cefe17 Change runas method to use lib
Changed runas method to use the new runas lib.  Also did some rubocop
changes.
2014-08-01 17:13:24 -07:00
b00stfr3ak df98098b0c New shell_execute_option command
Also removed upload option
2014-08-01 17:12:04 -07:00
b00stfr3ak 5c2b074264 Matched bypassuac to upstream 2014-08-01 14:40:23 -07:00
b00stfr3ak def652a50e Merge https://github.com/rapid7/metasploit-framework into bypassuac/psh_option 2014-08-01 14:32:55 -07:00
Meatballs 15c1ab64cd Quick rubocop 2014-07-31 23:11:00 +01:00
Meatballs d336c56b99
Merge remote-tracking branch 'upstream/master' into land_2551 2014-07-31 23:06:37 +01:00
Meatballs 53b66f3b4a Land #2075, Powershell Improvements 2014-07-31 00:49:39 +01:00
Joshua Smith e00d892f99 rubocop cleanup, long lines, etc 2014-07-28 22:04:45 -05:00
OJ 210342df5b Minor tidies to conform to standards 2014-07-25 09:32:54 +10:00
OJ 9fe2dd59aa Move error messages to `check` 2014-07-25 07:57:09 +10:00
OJ 3ec30bdf78 Add some small fixes to the MQAC local exploit
* Check for `INVALID_HANDLE_VALUE` when attempting to open the
  device, as this is what is returned when the device doesn't exist.
* Make sure that we only run the exploit against tartgets that we
  support directly to make sure we don't BSOD machines (such as what
  happens with SP1/SP2).
* Add a call to `check` in the exploit code.
2014-07-24 14:48:29 +10:00
Jay Smith 042278ed6a
Update code to reflect @OJ code suggestions 2014-07-23 11:01:43 -04:00
Jay Smith 534a5d964b
Add CVE-2014-4971 BthPan local privilege escalation
Add CVE-2014-4971 BthPan local privilege escalation for Windows XP SP3
2014-07-22 18:17:06 -04:00
Jay Smith 0db3a0ec97
Update code to reflect @jlee-r7's code review 2014-07-22 15:14:24 -04:00
Jay Smith 125b2df8f5
Update code to reflect @hdmoore code suggestions 2014-07-22 14:53:24 -04:00
Spencer McIntyre 7f79e58e7f Lots and cleanups based on PR feed back 2014-07-22 14:45:00 -04:00
Spencer McIntyre 5d9c6bea9d Fix a typo and use the execute_shellcode function 2014-07-22 13:06:57 -04:00
Spencer McIntyre 12904edf83 Remove unnecessary target info and add url reference 2014-07-22 11:20:07 -04:00
Spencer McIntyre ca0dcf23b0 Add a simple check method for cve-2014-4971 2014-07-22 10:54:10 -04:00
Spencer McIntyre 6a545c2642 Clean up the mqac escalation module 2014-07-22 10:39:34 -04:00
Spencer McIntyre da4eb0e08f First commit of MQAC arbitrary write priv escalation 2014-07-22 10:04:12 -04:00
Meatballs b0a596b4a1
Update newer modules 2014-07-20 21:59:10 +01:00
Meatballs 474ee81807
Merge remote-tracking branch 'upstream/master' into pr2075 2014-07-20 21:01:54 +01:00
Jay Smith 2be6eb16a2
Add in exploit check and version checks
Move the initial checking for the vboxguest device and os checks
into the MSF check routine.
2014-07-17 14:56:34 -04:00
Tod Beardsley b050b5d1df
Rubocop -a on MS08-067
This reduces the number of style guide violations from 230ish to 36.
Nearly all of it has to do with errant parameters, element alignment,
and comment blocks.

Obviously, since this was all automatically fixed, some pretty severe
testing should occur before landing this.

I kind of don't like the automatic styling of the arrays for the
references, but maybe I can get used to it. It's open for discussion.

@jhart-r7 please take a look at this as well -- anything jumping out at
you on this that we should be avoiding for Rubocop?
2014-07-17 12:29:20 -05:00
Trevor Rosen bebf11c969
Resolves some Login::Status migration issues
MSP-10730
2014-07-16 21:52:08 -05:00
William Vu a07656fec6
Land #3536, msftidy INFO messages aren't blockers 2014-07-16 17:57:48 -05:00
Tod Beardsley 58558e8dfa
Allow INFO msftidy messages
INFO level messages should not block commits or be complained about on
merges. They should merely inform the user.
2014-07-16 15:29:23 -05:00
sinn3r 8733dcb2f8
Land #3531 - Windows 2008 Update for HP AutoPass License 2014-07-16 15:13:05 -05:00
William Vu ff6c8bd5de
Land #3479, broken sock.get fix 2014-07-16 14:57:32 -05:00
William Vu b6ded9813a
Remove EOL whitespace 2014-07-16 14:56:34 -05:00
William Vu 25f74b79b8
Land #3484, bad pack/unpack specifier fix 2014-07-16 14:52:23 -05:00
Meatballs 7583ed4950
Merge remote-tracking branch 'upstream/master' into pr2075 2014-07-16 20:34:34 +01:00
Jay Smith 6d49f6ecdd
Update code to reflect hdmoore's code review. 2014-07-16 14:29:17 -04:00
Spencer McIntyre 82abe49754 Mark windows/misc/psh_web_delivery as deprecated 2014-07-16 14:02:05 -04:00
David Maloney 52a29856b3
Merge branch 'master' into staging/electro-release
Conflicts:
	Gemfile
	Gemfile.lock
2014-07-16 09:38:44 -05:00
Jay Smith cef2c257dc
Add CVE-2014-2477 local privilege escalation 2014-07-16 05:49:19 -04:00
jvazquez-r7 6d05a24653 Add target information 2014-07-15 17:45:45 -05:00
jvazquez-r7 604a612393 Have into account differences between windows default installs 2014-07-15 15:03:07 -05:00
jvazquez-r7 8937fbb2f5 Fix email format 2014-07-11 12:45:23 -05:00
James Lee 62a2f1dc0a
Credential -> Model for realm key constants 2014-07-10 14:30:25 -05:00
David Maloney aeda74f394
Merge branch 'master' into staging/electro-release
Conflicts:
	Gemfile
	Gemfile.lock
2014-07-07 16:41:23 -05:00
Tod Beardsley 9fef2ca0f3
Description/whitespace changes (minor)
Four modules updated for the weekly release with minor cosmetic fixes.

- [ ] See all affected modules still load.
- [ ] See all affected modules have expected `info`
2014-07-07 12:39:05 -05:00
jvazquez-r7 cd6b83858b
Add new Yokogawa SCADA exploit 2014-07-07 11:20:49 -05:00
HD Moore 43d65cc93a Merge branch 'master' into feature/recog
Resolves conflicts:
	Gemfile
	data/js/detect/os.js
	modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-07-06 09:17:44 -05:00
Meatballs 05c9757624
Merge in #3488 2014-07-04 20:37:09 +01:00
sinn3r 79c433e7ea
Land #3480 - Oracle Event Processing FileUploadServlet Arbitrary File Upload 2014-07-03 14:09:12 -05:00
sinn3r c207d14d1f Update description 2014-07-03 14:08:31 -05:00
jvazquez-r7 5e0211016d Merge to solve conflicts 2014-07-03 09:16:04 -05:00
sinn3r 21f6e7bf6c Change description 2014-07-01 10:44:21 -05:00
sinn3r 449fde5e7c Description update 2014-07-01 10:26:52 -05:00
sinn3r c43006f820 Update cogent module description, fix msftidy warnings 2014-07-01 10:06:33 -05:00
HD Moore c9b6c05eab Fix improper use of host-endian or signed pack/unpack
Note that there are some cases of host-endian left, these
are intentional because they operate on host-local memory
or services.

When in doubt, please use:

```
ri pack
```
2014-06-30 02:50:10 -05:00
HD Moore 6e8415143c Fix msftidy and tweak a few modules missing timeouts 2014-06-30 00:46:28 -05:00
jvazquez-r7 1acd5e76cb Add check code for event processing 12 2014-06-29 15:47:57 -05:00
jvazquez-r7 a94396867c Add module for ZDI-14-106, Oracle Event Processing 2014-06-29 15:44:20 -05:00
Spencer McIntyre faa9c11450 Dont deregister an option that is in use 2014-06-28 18:22:17 -04:00
Spencer McIntyre 748589f56a Make cmdstager flavor explicit or from info
Every module that uses cmdstager either passes the flavor
as an option to the execute_cmdstager function or relies
on the module / target info now.
2014-06-28 17:40:49 -04:00
HD Moore e806222512 Fix bad copypast, sock.get usage, HTTP mistakes 2014-06-28 16:18:16 -05:00
HD Moore baa877ef17 Switch to get_once for consistency 2014-06-28 16:10:49 -05:00
HD Moore c8e44c341c Fix use of sock.get vs sock.get_once 2014-06-28 16:10:18 -05:00
HD Moore 5e900a9f49 Correct sock.get() to sock.get_once() to prevent indefinite hangs/misuse 2014-06-28 16:06:46 -05:00
HD Moore 6e80481384 Fix bad use of sock.get() and check() implementations
Many of these modules uses sock.get() when they meant get_once()
and their HTTP-based checks were broken in some form. The response
to the sock.get() was not being checked against nil, which would
lead to stack traces when the service did not reply (a likely
case given how malformed the HTTP requests were).
2014-06-28 16:05:05 -05:00
HD Moore 3868348045 Fix incorrect use of sock.get that leads to indefinite hang 2014-06-28 15:48:58 -05:00
David Maloney b680674b95
Merge branch 'master' into staging/electro-release 2014-06-27 11:55:57 -05:00
Spencer McIntyre 219153c887 Raise NotImplementedError and let :flavor be guessed 2014-06-27 08:34:56 -04:00
Spencer McIntyre 4d4c5e5d6e Update two modules to use the new cmd stager 2014-06-27 08:34:56 -04:00
jvazquez-r7 45248dcdec Add YARD documentation for methods 2014-06-27 08:34:56 -04:00
jvazquez-r7 870fa96bd4 Allow quotes in CmdStagerFlavor metadata 2014-06-27 08:34:56 -04:00
jvazquez-r7 91e2e63f42 Add CmdStagerFlavor to metadata 2014-06-27 08:34:55 -04:00
jvazquez-r7 d47994e009 Update modules to use the new generic CMDstager mixin 2014-06-27 08:34:55 -04:00
jvazquez-r7 7ced5927d8 Use One CMDStagermixin 2014-06-27 08:34:55 -04:00
Spencer McIntyre ae25c300e5 Initial attempt to unify the command stagers. 2014-06-27 08:34:55 -04:00
sinn3r a60dfdaacb
Land #3471 - HP AutoPass License Server File Upload 2014-06-26 14:34:32 -05:00
sinn3r ce5d3b12e7
Land #3403 - MS13-097 Registry Symlink IE Sandbox Escape 2014-06-26 13:48:28 -05:00
sinn3r 0b6f7e4483
Land #3404 - MS14-009 .NET Deployment Service IE Sandbox Escape 2014-06-26 11:45:47 -05:00
David Maloney 9cec330f05
Merge branch 'master' into staging/electro-release 2014-06-26 10:22:30 -05:00
Joshua Smith 3ed7050b67
Lands 3420 after wrapping most lines at 80 2014-06-24 17:37:43 -05:00
Joshua Smith 3fe162a8b1 wraps most lines at 80 2014-06-24 17:36:10 -05:00
jvazquez-r7 267642aa4b Fix description 2014-06-23 09:20:47 -05:00
jvazquez-r7 cc3c06440f Add module for ZDI-14-195, HP AutoPass License Traversal 2014-06-23 09:19:56 -05:00
jvazquez-r7 a081beacc2 Use Gem::Version for string versions comparison 2014-06-20 09:44:29 -05:00
David Maloney 2b0bb608b1
Merge branch 'master' into staging/electro-release 2014-06-18 10:49:58 -05:00
OJ 5879ca3340
Merge branch 'upstream/master' into meatballs x64_injection 2014-06-18 10:24:33 +10:00
Joshua Smith bab1e30557
Land #3460, Ericom AccessNow Server BOF exploit 2014-06-17 19:10:34 -05:00
Joshua Smith 9af9d2f5c2 slight cleanup 2014-06-17 19:08:31 -05:00
jvazquez-r7 1133332702 Finish module 2014-06-17 15:01:35 -05:00
jvazquez-r7 8f8af0e93a Add draft version 2014-06-17 14:21:49 -05:00
Christian Mehlmauer 03fa858089
Added newline at EOF 2014-06-17 21:05:00 +02:00
Christian Mehlmauer 8e1949f3c8
Added newline at EOF 2014-06-17 21:03:18 +02:00
jvazquez-r7 2fe7593559
Land #3433, @TecR0c's exploit for Easy File Management Web Server 2014-06-13 09:54:12 -05:00
David Maloney 96e492f572
Merge branch 'master' into staging/electro-release 2014-06-12 14:02:27 -05:00
William Vu cb91b2b094
Fix broken table indent (s/Ident/Indent/ hash key) 2014-06-12 13:41:44 -05:00
HD Moore d5b32e31f8 Fix a typo where platform was 'windows' not 'win'
This was reported by dracu on freenode
2014-06-11 15:10:33 -05:00
David Maloney 9593422f9c
Merge branch 'master' into staging/electro-release 2014-06-11 10:23:56 -05:00
jvazquez-r7 34f98ddc50 Do minor cleanup 2014-06-11 09:20:22 -05:00
TecR0c b27b00afbb Added target 4.0 and cleaned up exploit 2014-06-11 06:22:47 -07:00
TecR0c f1382af018 Added target 4.0 and cleaned up exploit 2014-06-11 06:20:49 -07:00
jvazquez-r7 a554b25855 Use EXITFUNC 2014-06-10 09:51:06 -05:00
TecR0c 3d33a82c1c Changed to unless 2014-06-09 09:31:14 -07:00
TecR0c 1252eea4b9 Changed to unless 2014-06-09 09:26:03 -07:00
David Maloney 482aa2ea08
Merge branch 'master' into staging/electro-release 2014-06-09 10:27:22 -05:00