Tod Beardsley
e9841b216c
Land #1797 , IE8 DoL exploit module from @wchen-r7
...
Exploit for an in-the-wild unpatched vuln in IE8. @jvazquez-r7 already
reviewed functionality
2013-05-05 12:06:45 -05:00
sinn3r
a33510e821
Add MS IE8 DoL 0day exploit (CVE-2013-1347)
...
This module exploits a use-after-free vuln in IE 8, used in the
Department of Labor attack.
2013-05-05 12:04:17 -05:00
Meatballs
1b485f15db
Land #1796 - Adds missing require to shodan_search aux.
...
[Closes #1796 ]
2013-05-05 11:49:38 +02:00
HD Moore
63b0eace32
Add a missing require
2013-05-04 22:39:57 -05:00
jvazquez-r7
589be270bf
Land #1658 , @nmonkee's SAP module for PFL_CHECK_OS_FILE_EXISTENCE
2013-05-03 14:19:36 -05:00
sinn3r
2396c265f8
Landing #1790 - AudioCoder .m3u bof module
2013-05-03 11:59:12 -05:00
jvazquez-r7
13202a3273
Add OSVDB reference
2013-05-03 09:46:29 -05:00
nmonkee
d8bbd9d78b
Merge pull request #6 from jvazquez-r7/sap_soap_rfc_pfl_check_os_file_existence
...
Clean up for sap_soap_rfc_pfl_check_os_file_existence
2013-05-03 05:40:56 -07:00
jvazquez-r7
a95de101e7
Delete extra line
2013-05-02 22:04:27 -05:00
jvazquez-r7
6210b42912
Port EDB 25141 to msf
2013-05-02 22:00:43 -05:00
jvazquez-r7
a2e1fbe7a9
Make msftidy happy
2013-05-02 19:46:26 -05:00
jvazquez-r7
f57b2de632
Land #1787 , @wchen-r7's mod to ie_cbutton_uaf to use the js_mstime_malloc API
2013-05-02 19:44:19 -05:00
sinn3r
fe57b9d6e2
Landing #1784 - Handles nils in params
...
Nils are handled by converting values into strings
2013-05-02 18:43:10 -05:00
James Lee
9e7885857c
Land #1776 , assembly payload blob cache fix
2013-05-02 16:58:14 -05:00
James Lee
0d9b120bac
Get rid of the suffix
...
This makes blob cache a little cleaner
[FixRM #7898 ]
2013-05-02 16:55:14 -05:00
jvazquez-r7
d6568b3902
Land #1788 , @todb's switch from nokogiri to rexml
2013-05-02 15:15:54 -05:00
Tod Beardsley
7579b574cb
Rework parse_xml
...
We try to avoid using Nokogiri in modules due to the sometimes
uncomfortable dependencies it creates with particular compiled libxml
versions. Also, the previous parse_xml doesn't seem to be correctly
skipping item entries with blank names.
I will paste the test XML in the PR proper, but do check against a live
target to make sure I'm not screwing it up.
2013-05-02 14:43:30 -05:00
Tod Beardsley
902cd7ec85
Revert removal of the SAP module
...
This reverts commit 26da7a6ee7
.
2013-05-02 14:42:35 -05:00
sinn3r
eb23b5feeb
Forgot to remove function ie8_smil. Don't need this anymore.
2013-05-02 14:04:15 -05:00
sinn3r
329e8228d1
Uses js_mstime_malloc to do the no-spray technique
2013-05-02 14:00:15 -05:00
Tod Beardsley
26da7a6ee7
Removing this from master due to test problems
...
This module was moved over to the unstable branch in commit
7106afdf7d
, working up a fix now. Stay
tuned.
2013-05-02 13:43:02 -05:00
jvazquez-r7
132c09af82
Add BID reference
2013-05-02 10:21:09 -05:00
jvazquez-r7
6e68f3cf34
Clean up sap_soap_rfc_pfl_check_os_file_existence
2013-05-02 10:19:15 -05:00
jvazquez-r7
244bf71d4a
Change module filename
2013-05-02 10:15:50 -05:00
jvazquez-r7
4db81923bf
Update description
2013-05-02 08:45:01 -05:00
jvazquez-r7
4054d91955
Land #1657 , @nmonkee's RZL_READ_DIR_LOCAL SAP dir listing module
2013-05-02 08:38:50 -05:00
nmonkee
8e9789b71d
Merge pull request #5 from jvazquez-r7/sap_soap_rfc_rzl_read_dir_local_dir_cleanup
...
Cleanup for sap_soap_rfc_rzl_read_dir_local_dir_listing_and_smb_relay
2013-05-02 02:55:23 -07:00
jvazquez-r7
5cfc306466
Land @1785, @wchen-r7's API addition for the mstime ie8 technique
2013-05-02 00:00:49 -05:00
jvazquez-r7
e25057b64a
Fix indent level
2013-05-01 22:01:36 -05:00
jvazquez-r7
c406271921
Cleanup sap_soap_rfc_rzl_read_dir
2013-05-01 21:51:06 -05:00
jvazquez-r7
98dd96c57d
Change module filename
2013-05-01 21:50:24 -05:00
sinn3r
69f8103ffe
Make animatecolor element optional by using innerHTML
2013-05-01 14:21:52 -05:00
sinn3r
3d2cb9ec3f
Uses rand_text_hex for RGB values, and correcting exception handling
2013-05-01 13:41:36 -05:00
jvazquez-r7
567d2bb14b
Land #1687 , @bmerinofe's forensic file recovery post module
2013-05-01 08:13:08 -05:00
Borja Merino
d360d3607e
Merge pull request #1 from jvazquez-r7/recoveryfiles_cleanup
...
Clean recovery_files
2013-05-01 01:13:16 -07:00
sinn3r
71afd762a9
According to MSFG, I can use RGB, so here goes
2013-04-30 18:48:21 -05:00
sinn3r
ae94fbdf6c
Updates documentation
2013-04-30 17:11:19 -05:00
sinn3r
9cc624456a
Adds function js_mstime_malloc
...
This function takes advantage of MSTIME's CTIMEAnimationBase::put_values
function that's suitable for a no-spray technique (based on wtfuzz's
PoC for MS13-008)
2013-04-30 16:40:10 -05:00
Tasos Laskos
6bf19c6fb8
HTTP::ClientRequest: Should handle nils in params
...
When hashes for params contain nils, they should be converted to empty
strings instead of crashing.
* #to_s: Calls #to_s on vars_get and vars_post data
* #set_encode_uri: Calls #to_s on its arg
2013-04-30 22:01:00 +03:00
HD Moore
3a7dbd772d
Merge pull request #1783 from kernelsmith/bug/RM7926-msfconsole_search_app_server_busted
...
fixes RM7926 msfconsole search busted
2013-04-30 11:29:21 -07:00
jvazquez-r7
a201391ee6
Clean recovery_files
2013-04-30 13:18:32 -05:00
kernelsmith
cf7702f7e9
"acitve" should be "aggressive"
...
fixes http://dev.metasploit.com/redmine/issues/7926 which prevented a
proper search using:
msf> search exploit:type app:server
2013-04-30 13:04:19 -05:00
Meatballs
293c847a32
Fix table.print
2013-04-29 22:02:41 -05:00
James Lee
3f1693556e
Merge branch 'master' of github.com:rapid7/metasploit-framework into rapid7
2013-04-29 14:46:11 -05:00
James Lee
d53d6370b3
Land #1747 , mimikatz meterpreter extension
...
[Closes #1747 ]
See rapid7/meterpreter#9
2013-04-29 14:45:07 -05:00
James Lee
99f5376606
Binaries for #1747
...
See rapid7/meterpeter#9
2013-04-29 14:44:18 -05:00
Tod Beardsley
60e0cfb17b
Trivial description cleanup
2013-04-29 14:11:20 -05:00
Tod Beardsley
4227c23133
Add a reference for Safari module
2013-04-29 14:07:55 -05:00
James Lee
906863676e
Fix a logic error in HttpServer
...
When a module is configured to listen on the INADDR_ANY interface, with
a payload that does not have an LHOST option, it attempts to determine
the srvhost from a client socket which would only be available when the
module has included the TcpClient mixin (i.e., it is both passive and
aggressive stance), causing a NameError for the undefined +sock+.
This commit fixes the problem in two ways:
1. It changes the default cli in get_uri to be the module's self.cli,
which should always be set when passive modules would need it (e.g., in
the on_request_uri method).
2. It adds a check to make sure that the calling module has a sock
before trying to get its peerhost. This was @marthieubean's suggested
solution in #1775 .
[Closes #1775 ]
2013-04-29 13:44:58 -05:00
Tod Beardsley
d857b81d98
Land #1777 , usability fix for Safari module
2013-04-29 13:41:25 -05:00