sinn3r
feca3efafb
Land #2728 - vBulletin Password Collector via nodeid SQL Injection
2013-12-09 02:12:42 -06:00
sinn3r
92412279ae
Account for failed cred gathering attempts
...
Sometimes the SQL error doesn't contain the info we need.
2013-12-09 02:11:46 -06:00
Joe Vennix
cd66cca8a1
Make browser autopwn datastore use OptRegexp.
2013-12-08 17:46:33 -06:00
Joe Vennix
df76651834
Make sure loot is named correctly.
2013-12-08 14:31:18 -06:00
Joe Vennix
7f3ab14179
Make pipe part of /bin/bash cmd.
2013-12-08 14:27:28 -06:00
Joe Vennix
9b34a8f1ad
Supports 10.3
2013-12-08 14:26:16 -06:00
Joe Vennix
f981a04918
Fix MATCHUSER bug.
...
* Also add spacing and indentation for better readability.
* Refactors grab_shadow_blob method.
2013-12-08 14:21:48 -06:00
Meatballs
45a0ac9e68
Land #2602 , Windows Extended API
...
Retrieve clipboard data
Retrieve window handles
Retrieve service information
2013-12-08 19:01:35 +00:00
Meatballs
e5a92a18a5
and expand path
2013-12-08 19:01:03 +00:00
Meatballs
3c67f1c6a9
Fix file download
2013-12-08 18:57:10 +00:00
Joe Vennix
eacab1b2ad
Fix description, kill dead constant.
2013-12-07 22:28:16 -06:00
Joe Vennix
969f45fd32
Refactor OSX hashdump post module.
...
* Adds support for MATCHUSER regex option
* Adds support for OSX 10.8 and 10.9 hashes (PBKDF2)
* DRYs up a bunch of older code, adds lots of helper fns
* Ends up shaving off ~20 lines
2013-12-07 22:22:23 -06:00
dmaloney-r7
0c5d748fca
Merge pull request #1103 from scriptjunkie/dllinjectfix
...
Support silent shellcode injection into DLLs
2013-12-07 19:47:34 -08:00
scriptjunkie
f4636c46a6
Removing unused endjunk, sections_end, cert_entry
2013-12-07 20:55:51 -06:00
scriptjunkie
77e9996501
Mitigate metasm relocation error by disabling ASLR
...
Deal with import error by actually using the GetProcAddress code.
2013-12-07 20:54:13 -06:00
scriptjunkie
8d33138489
Support silent shellcode injection into DLLs
...
Only run code on DLL_PROCESS_ATTACH, preventing infinite loop otherwise:
Added code would create thread -> calls DLL entry point -> calling added code...
2013-12-07 19:44:17 -06:00
Joe Vennix
c6eac67ab5
Kill meterpreter support for osx media modules.
...
There is some bug that I haven't been able to track down that causes the
osx call to run the event queue to just hang on latest OSX + Java/python
meterpreter. I tried rewriting these modules using OSX's new Media API,
but I run into the same problem. Until I find a solution, we should mark
these shell-only.
2013-12-07 17:46:26 -06:00
joev
c51e9036ae
Merge branch 'land_mipsbe_xor_encoder' into upstream-master
2013-12-07 17:28:57 -06:00
jvazquez-r7
75fb38fe8d
Land #2724 , @wchen-r7 and @jvennix-r7's module for CVE-2013-6414
2013-12-07 14:26:46 -06:00
jvazquez-r7
fdebfe3d2f
Add references
2013-12-07 14:25:58 -06:00
jvazquez-r7
f77784cd0d
Land #2723 , @denandz's module for OSVDB-100423
2013-12-06 17:32:07 -06:00
DoI
3ed293a1d0
Merge pull request #1 from jvazquez-r7/review_2723
...
Review uptime_file_upload
2013-12-06 15:29:15 -08:00
jvazquez-r7
3729c53690
Move uptime_file_upload to the correct location
2013-12-06 15:57:52 -06:00
jvazquez-r7
2ff9c31747
Do minor clean up on uptime_file_upload
2013-12-06 15:57:22 -06:00
sinn3r
adc241faf8
Last one, I say
2013-12-06 15:52:42 -06:00
sinn3r
17193e06a9
Last commit, I swear
2013-12-06 15:49:44 -06:00
sinn3r
58a70779ac
Final update
2013-12-06 15:48:59 -06:00
sinn3r
9f5768ae37
Another update
2013-12-06 14:53:35 -06:00
sinn3r
af16f11784
Another update
2013-12-06 14:39:26 -06:00
jvazquez-r7
d47292ba10
Add module for CVE-2013-3522
2013-12-06 13:50:12 -06:00
sinn3r
87e77b358e
Use the correct URI
2013-12-06 12:08:19 -06:00
sinn3r
5d4acfa274
Plenty of changes
2013-12-06 11:57:02 -06:00
bmerinofe
5e5fd6b01a
Unless replaced
2013-12-06 15:01:35 +01:00
Meatballs
6f02744d46
Land #2730 Typo in mswin_tiff_overflow
2013-12-06 12:32:37 +00:00
Meatballs
3aebe968bb
Land #2721 Reflective DLL Mixin
...
Adds support to load a dll and identify the ReflectiveLoader offset.
Adds support to inject dll into process and execute it.
Updates kitrap0d, ppr_flatten_rec, reflective_dll_inject modules and
payload modules to use above features.
2013-12-06 12:26:51 +00:00
sinn3r
d0adc193b3
Land #2729 - Allow manual self-destruct via "kill -s"
2013-12-06 01:29:48 -06:00
sinn3r
89ef1d4720
Fix a typo in mswin_tiff_overflow
2013-12-06 00:44:12 -06:00
OJ
e90b7641ca
Allow self-destruct via "kill -s"
...
HTTP(s) payloads don't exit cleanly at the moment. This is an issue that's
being addressed through other work. However, there's a need to be able to
terminate the current HTTP(s) session forcably.
This commit add a -s option to kill, which (when specified) will kill
the current session.
2013-12-06 14:56:19 +10:00
OJ
bea0f8c18e
Change client to session in tests
2013-12-06 13:43:47 +10:00
OJ
4ca48308c1
Fix downloading of files
2013-12-06 13:40:20 +10:00
DoI
3d327363af
uptime_file_upload code tidy-ups
2013-12-06 13:45:22 +13:00
OJ
155836ddf9
Adjusted style as per egypt's points
2013-12-06 10:08:38 +10:00
sinn3r
c07686988c
random uri
2013-12-05 18:07:24 -06:00
OJ
73d3ea699f
Remove the last redundant error check
2013-12-06 09:32:21 +10:00
OJ
ccbf305de1
Remove exception stuff from the payloads
2013-12-06 09:26:46 +10:00
jvazquez-r7
e4c6413643
Land #2718 , @wchen-r7's deletion of @peer on HttpClient modules
2013-12-05 17:25:59 -06:00
OJ
5a0a2217dc
Add exception if DLL isn't RDI enabled
2013-12-06 09:18:08 +10:00
jvazquez-r7
f2f8c08c8e
Use blank? method
2013-12-05 16:36:44 -06:00
OJ
2cb991cace
Shuffle RDI stuff into more appropriate structure
...
Now broken into two modules, one for loading RDI DLLs off disk and
finding the loader function offset, and another for doing the process
specific stuff of loading into the target.
2013-12-06 08:25:24 +10:00
jvazquez-r7
a380d9b4f2
Add aux module for CVE-2013-3522
2013-12-05 15:58:05 -06:00