jvazquez-r7
9040fcd5ae
Merge branch 'darkoperator-post2localexploit' of https://github.com/darkoperator/metasploit-framework into darkoperator-darkoperator-post2localexploit
2013-02-12 01:52:05 +01:00
jvazquez-r7
42a6d96ff4
using Post::File methods plus little more cleanup
2013-02-12 01:33:07 +01:00
jvazquez-r7
97edbb7868
using always a vbs file to drop exe
2013-02-12 00:58:26 +01:00
Carlos Perez
5edb138a8f
fixed nil issue
2013-02-11 11:51:33 -04:00
smilingraccoon
3a499b1a6d
added s4u_persistence.rb
2013-02-10 14:22:36 -05:00
jvazquez-r7
17b349ab50
added crash to comments
2013-02-09 17:49:57 +01:00
jvazquez-r7
5b576c1ed0
fix ident and make happy msftidy
2013-02-09 17:40:45 +01:00
Carlos Perez
fea84cad10
Fix additional typos per recomendation
2013-02-08 14:47:16 -04:00
James Lee
5b3b0a8b6d
Merge branch 'dmaloney-r7-http/auth_methods' into rapid7
2013-02-08 12:45:35 -06:00
Carlos Perez
b8f0a94c3f
Fixed typos mentioned by Egypt
2013-02-08 14:42:10 -04:00
sinn3r
0ad548a777
I expect people to know what a share is.
2013-02-07 19:16:44 -06:00
sinn3r
9415e55211
Merge branch 'feature/rm5455-patch-smb_relay' of github.com:lmercer-r7/metasploit-framework into lmercer-r7-feature/rm5455-patch-smb_relay
2013-02-07 19:12:58 -06:00
Carlos Perez
c131b7ef0e
Added exception handing and return checking as requested by Sinn3r
2013-02-07 21:06:05 -04:00
Carlos Perez
19e989dff9
Initial commit fo the migrated module
2013-02-07 19:11:44 -04:00
James Lee
1095fe198b
Merge branch 'rapid7' into dmaloney-r7-http/auth_methods
2013-02-06 16:57:50 -06:00
sinn3r
0186e290d3
Merge branch 'ovftool_format_string_fileformat' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-ovftool_format_string_fileformat
2013-02-05 15:13:51 -06:00
sinn3r
b706af54a0
Merge branch 'ovftool_format_string_browser' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-ovftool_format_string_browser
2013-02-05 15:12:24 -06:00
RageLtMan
92ef462c34
This commit completes powershell based psexec
...
The original module suffered from a small problem - interactive
process notification from Desktop 0 for users currently logged in.
Although acheiving full AV evasion, we were setting off UserAlert.
This commit updates the module itself to match #1379 in R7's repo.
The size of powershell payloads has been reduced, and a wrapper
added to hide the actual payload process entirely.
2013-02-04 20:39:05 -05:00
David Maloney
44d4e298dc
Attempting to cleanup winrm auth
2013-02-04 15:48:31 -06:00
David Maloney
4c1e630bf3
BasicAuth datastore cleanup
...
cleanup all the old BasicAuth datastore options
2013-02-04 13:02:26 -06:00
David Maloney
2c3de43f4b
datastore opts cleanup
...
cleanuo digestauth datastore options in modules
2013-02-04 12:10:44 -06:00
jvazquez-r7
9ce5f39bc6
added migrate as initial script
2013-02-04 16:42:56 +01:00
jvazquez-r7
e0d4bb5799
Added module for cve-2012-3569, browser version
2013-02-04 16:37:42 +01:00
jvazquez-r7
135718a97b
Added module for cve-2012-3569, fileformat version
2013-02-04 16:36:33 +01:00
Tod Beardsley
e8def29b4f
Dropping all twitter handles
...
Also adds "pbot" as an accepted lowercase word. This will come up pretty
routinley for functions and stuff.
2013-02-01 16:33:52 -06:00
sinn3r
1a01d6d033
Fix scrutinizer checks
2013-01-31 14:48:54 -06:00
egypt
5332e80ae9
Fix errant use of .to_s instead of .path
2013-01-31 14:18:42 -06:00
sinn3r
4de5e475c3
Fix check
2013-01-31 02:15:50 -06:00
sinn3r
c174e6a208
Correctly use normalize_uri()
...
normalize_uri() should be used when you're joining URIs. Because if
you're merging URIs after it's normalized, you could get double
slashes again.
2013-01-30 23:23:41 -06:00
RageLtMan
6ba85d4c06
add libs from #1379 and allow psh 1.0 exec against older hosts
2013-01-30 12:38:53 -05:00
Tod Beardsley
aaf18f0257
EOL whitespace, yo.
2013-01-29 14:22:30 -06:00
lmercer
deb9385181
Patch for smb_relay.rb to allow the share written to, to be defined in an option
...
As described in Redmine Feature #5455
2013-01-29 15:19:35 -05:00
sinn3r
690ef85ac1
Fix trailing slash problem
...
These modules require the target URI to be a directory path. So
if you remove the trailing slash, the web server might return a
301 or 404 instead of 200.
Related to: [SeeRM: #7727 ]
2013-01-28 13:19:31 -06:00
RageLtMan
61cd3b55fc
hide window
2013-01-24 14:43:07 -05:00
jvazquez-r7
3faf4b3aca
adding sinn3r as author
2013-01-24 18:13:30 +01:00
sinn3r
2cedcad810
Check PID
2013-01-24 10:46:23 -06:00
sinn3r
ad108900d5
Why yes I know it's a module
2013-01-23 16:23:41 -06:00
sinn3r
22f7619892
Improve Carlos' payload injection module - See #1201
...
Lots of changes, mainly:
* Description update
* Avoid accessing protected methods
* More careful exception & return value handling
2013-01-23 16:15:14 -06:00
sinn3r
e93b7ffcaf
Add Carlos Perez's payload injection module
...
See #1201
2013-01-23 14:07:48 -06:00
RageLtMan
e6ebf772de
allow psh to run in background via cmd start
2013-01-21 08:12:56 -05:00
RageLtMan
43a5322bd4
psexec_psh cleanup
2013-01-20 22:15:55 -05:00
RageLtMan
cae0362aa3
Add disk-less AV bypass PSExec module using PSH
...
This commit rewires the existing work on PSExec performed by R3dy,
HDM, and countless others, to execute a powershell command instead
of a binary written to the disk. This particular iteration uses
PSH to call .NET, which pull in WINAPI functions to execute the
shellcode in memory. The entire PSH script is compressed with ZLIB,
given a decompressor stub, encoded in base64 and executed directly
from the command-line with powershell -EncodedCommand.
In practice, this prevents us from having to write binaries with
shellcode to the target drive, deal with removal, or AV detection
at all. Moreover, the powershell wrapper can be quickly modified
to loop execution (included), or perform other obfu/delay in order
to confuse and evade sandboxing and other HIDS mechanisms.
This module has been tested with x86/x64 reverse TCP against win6,
win7 (32 and 64), and Server 2008r2. Targets tested were using
current AV with heuristic analysis and high identification rates.
In particular, this system evaded Avast, KAV current, and MS' own
offerings without any issue. In fact, none of the tested AVs did
anything to prevent execution or warn the user.
Lastly, please note that powershell must be running in the same
architecture as the payload being executed, since it pulls system
libraries and their functions from unmanaged memory. This means
that when executing x86 payloads on x64 targets, one must set the
RUN_WOW64 flag in order to forcibly execute the 32bit PSH EXE.
2013-01-20 21:46:26 -05:00
jvazquez-r7
51ba500b9f
msftidy compliant
2013-01-16 12:28:09 +01:00
sinn3r
0f24671cf7
Changes how the usernames are loaded.
...
Allows usernames to be loaded as a file (wordlist), that way the
it's much easier to manage. It defaults to unix_users.txt,
because these usernames are common in any SSH hosts out there.
If the user only wants to try a specific user (which is better,
because you reduce traffic noise that way), then he/she can set
the USERNAME option, and that should be the only one tried --
similar to how AuthBrute behaves.
I also fixed the regex in check().
2013-01-16 02:14:52 -06:00
sinn3r
04b35a38ff
Update MSB ref
2013-01-14 14:59:32 -06:00
jvazquez-r7
c6c59ace46
final cleanup
2013-01-14 20:53:19 +01:00
jvazquez-r7
5ecb0701ea
Merge branch 'freesshd_authbypass' of https://github.com/danielemartini/metasploit-framework into danielemartini-freesshd_authbypass
2013-01-14 20:52:45 +01:00
Daniele Martini
04fe1dae11
Added module for Freesshd Authentication Bypass (CVE-2012-6066)
...
This module works against FreeSSHD <= 1.2.6. Tested against
password and public key authentication methods. It will generate
a random key and password.
To use it you need to know a valid username. The module contains
a basic bruteforce methods, so you can specify more than one to try.
2013-01-13 17:08:04 +01:00
jvazquez-r7
5901058a61
Merge branch 'ms11_081' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-ms11_081
2013-01-09 23:24:14 +01:00
sinn3r
fe8b9c24cf
Merge branch 'jvazquez-r7-honeywell_tema_exec'
2013-01-09 16:08:19 -06:00
sinn3r
f3b88d34c1
Add MS11-081
2013-01-09 15:52:33 -06:00
jvazquez-r7
736f8db6c0
Deleting from browser autopwn
2013-01-09 09:58:20 +01:00
jvazquez-r7
377905be7f
Avoid FileDropper in this case
2013-01-09 09:15:38 +01:00
jvazquez-r7
52982c0785
Added BrowserAutopwn info
2013-01-08 19:53:34 +01:00
jvazquez-r7
0e475dfce1
improvements and testing
2013-01-08 19:43:58 +01:00
jvazquez-r7
b2575f0526
Added module for OSVDB 76681
2013-01-08 17:46:31 +01:00
sinn3r
5bc1066c69
Change how modules use the mysql login functions
2013-01-07 16:12:10 -06:00
sinn3r
a59c474e3e
Merge branch 'jvazquez-r7-ibm_cognos_tm1admsd_bof'
2013-01-07 13:34:52 -06:00
Tod Beardsley
33751c7ce4
Merges and resolves CJR's normalize_uri fixes
...
Merge remote-tracking branch 'ChrisJohnRiley/set_normalize_uri_on_modules'
into set_normalize_uri_on_modules
Note that this trips all kinds of msftidy warnings, but that's for another
day.
Conflicts:
modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb
modules/exploits/windows/http/xampp_webdav_upload_php.rb
2013-01-07 11:16:58 -06:00
jvazquez-r7
883b3446f3
license text
2013-01-05 08:03:25 +01:00
jvazquez-r7
0a13f01f23
Added module for ZDI-12-101
2013-01-05 07:40:32 +01:00
Christian Mehlmauer
6654faf55e
Msftidy fixes
2013-01-04 09:29:34 +01:00
sinn3r
6d4abe947d
Merge branch 'id_revision' of github.com:FireFart/metasploit-framework into FireFart-id_revision
2013-01-04 00:23:03 -06:00
sinn3r
38de5d63d8
Merge branch 'master' of github.com:rapid7/metasploit-framework
2013-01-03 17:49:24 -06:00
Christian Mehlmauer
8f2dd8e2ce
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
sinn3r
b061a0f9c1
Merge branch 'enterasys_netsight_syslog_bof' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-enterasys_netsight_syslog_bof
2013-01-03 17:45:24 -06:00
Christian Mehlmauer
25aaf7a676
msftidy: Remove $Id$
2013-01-04 00:41:44 +01:00
jvazquez-r7
a0b4045b4b
trying to fix the variable offset length
2013-01-04 00:25:34 +01:00
sinn3r
724fa62019
Merge branch 'enterasys_netsight_syslog_bof' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-enterasys_netsight_syslog_bof
2013-01-03 15:35:29 -06:00
sinn3r
6fd35482cc
This exploit should be in browser auto pwn
2013-01-03 14:45:00 -06:00
jvazquez-r7
9cea2d9af9
reference updated
2013-01-03 19:39:18 +01:00
jvazquez-r7
45808a3a44
Added module for ZDI-11-350
2013-01-03 19:17:45 +01:00
sinn3r
06b937ec11
Implements WTFUzz's no-spray technique
...
Do not try to bend the spoon, that is impossible. Instead, only
try to realize the truth: there is no spoon.
2013-01-03 11:57:47 -06:00
sinn3r
38157b86a9
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-12-31 11:15:44 -06:00
sinn3r
f7543e18fe
Your def of commit apparently is a little different than mine, git.
2012-12-31 00:35:13 -06:00
sinn3r
2b3f7c4430
Module rename
...
Sorry, Tod, this must be done.
2012-12-31 00:29:19 -06:00
sinn3r
5703274bc4
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-12-30 20:34:57 -06:00
sinn3r
1084334d5e
Randomness
2012-12-30 20:34:14 -06:00
sinn3r
7cb42a5eb4
Add BID ref
2012-12-30 18:14:22 -06:00
sinn3r
cc52e2c533
Where's Juan's name?
2012-12-30 12:58:16 -06:00
jvazquez-r7
14f21c0a29
using the rop as expected
2012-12-30 16:13:48 +01:00
jvazquez-r7
eed5a74f32
description updated and reference added
2012-12-30 16:08:01 +01:00
Christian Mehlmauer
f7d6594314
re-deleted comma
2012-12-30 13:39:14 +01:00
jvazquez-r7
6be8ed6168
readd fix for #1219
2012-12-30 13:25:42 +01:00
jvazquez-r7
cd58cc73d9
fixed rop chain for w2003
2012-12-30 13:12:55 +01:00
Christian Mehlmauer
cab84b5c27
Fix for issue #1219
2012-12-30 13:02:13 +01:00
Christian Mehlmauer
dcf018c339
Comma
2012-12-30 12:54:44 +01:00
Christian Mehlmauer
14d197eeb2
Added Windows Server 2003
2012-12-30 11:35:29 +01:00
jvazquez-r7
6cb9106218
Added module for CVE-2012-4792
2012-12-30 01:46:56 +01:00
sinn3r
eb2037bdba
Merge branch 'inotes_dwa85w_bof' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-inotes_dwa85w_bof
2012-12-28 12:16:06 -06:00
jvazquez-r7
9ffb0dcf79
switch to some random data
2012-12-28 12:48:36 +01:00
jvazquez-r7
8f62cd5561
swith to some random data
2012-12-28 12:47:20 +01:00
jvazquez-r7
af61438b0b
added module for zdi-12-132
2012-12-28 11:45:32 +01:00
jvazquez-r7
8ea5c993a2
added module for zdi-12-134
2012-12-28 11:44:30 +01:00
sinn3r
771460fa4c
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-12-26 11:35:52 -06:00
sinn3r
d2dc7ebc2d
Merge branch 'feature/windows-postgres-payload-dll' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-feature/windows-postgres-payload-dll
2012-12-26 11:18:21 -06:00
sinn3r
8223df375d
Avoid making the title sound too generic.
2012-12-26 11:15:37 -06:00
sinn3r
0b2ea3e55e
Fix weird tabs vs spaces prob
2012-12-26 11:14:48 -06:00
jvazquez-r7
e895ccb6b1
added random string functions
2012-12-25 18:13:02 +01:00
jvazquez-r7
fec989026f
Added module for CVE-2012-5691
2012-12-25 18:05:10 +01:00
sinn3r
6a3bf6a2a6
Merge branch 'master' of git://github.com/rapid7/metasploit-framework
2012-12-24 17:57:02 -06:00
sinn3r
38f0886058
James has more modules that need to be updated.
...
e-mail update.
2012-12-24 17:51:58 -06:00
sinn3r
076c8aa995
Merge branch 'nullbind-mssql_linkcrawler'
2012-12-24 11:14:28 -06:00
sinn3r
677b9718da
Finalizing module
2012-12-24 11:13:51 -06:00
jvazquez-r7
4c897c5181
added module for ZDI-12-154
2012-12-24 16:23:19 +01:00
James Lee
20cc2fa38d
Make Windows postgres_payload more generic
...
* Adds Exploit::EXE to windows/postgres/postgres_payload. This gives us
the ability to use generate_payload_dll() which generates a generic dll
that spawns rundll32 and runs the shellcode in that process. This is
basically what the linux version accomplishes by compiling the .so on
the fly. On major advantage of this is that the resulting DLL will
work on pretty much any version of postgres
* Adds Exploit::FileDropper to windows version as well. This gives us
the ability to delete the dll via the resulting session, which works
because the template dll contains code to shove the shellcode into a
new rundll32 process and exit, thus leaving the file closed after
Postgres calls FreeLibrary.
* Adds pre-auth fingerprints for 9.1.5 and 9.1.6 on Ubuntu and 9.2.1 on
Windows
* Adds a check method to both Windows and Linux versions that simply
makes sure that the given credentials work against the target service.
* Replaces the version-specific lo_create method with a generic
technique that works on both 9.x and 8.x
* Fixes a bug when targeting 9.x; "language C" in the UDF creation query
gets downcased and subsequently causes postgres to error out before
opening the DLL
* Cleans up lots of rdoc in Exploit::Postgres
2012-12-22 00:30:09 -06:00
sinn3r
9b768a2c62
Merge branch 'cleanup/post-windows-services' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-cleanup/post-windows-services
2012-12-21 23:42:17 -06:00
jvazquez-r7
02782258eb
fix eol for ms12_004_midi
2012-12-21 21:01:39 +01:00
sinn3r
3c398d0e62
Final cleanup
2012-12-21 10:46:36 -06:00
sinn3r
4c58991c89
Cleanup ROP a little
2012-12-21 10:35:28 -06:00
sinn3r
e95f0267c6
Update for some leaky icky
2012-12-21 10:03:38 -06:00
HD Moore
b3c0c6175d
FixRM #3398 by removing double user-agent headers
2012-12-20 14:45:18 -06:00
jvazquez-r7
f820ffb32d
update authors
2012-12-18 23:57:29 +01:00
jvazquez-r7
8a07d2e53d
Added module for ZDI-12-168
2012-12-18 23:48:53 +01:00
sinn3r
0344c568fd
Merge branch 'smb_fixes' of git://github.com/alexmaloteaux/metasploit-framework into alexmaloteaux-smb_fixes
2012-12-18 11:38:14 -06:00
sinn3r
88f02e0016
Merge branch 'jvazquez-r7-crystal_reports_printcontrol'
2012-12-17 13:52:11 -06:00
Tod Beardsley
10511e8281
Merge remote branch 'origin/bug/fix-double-slashes'
...
Ran the new normalize_uri() specs, all passes, so I'm quite confident in
this change.
2012-12-17 13:29:19 -06:00
jvazquez-r7
3ed36bd66a
trying to fix stability issues on w7
2012-12-17 19:17:36 +01:00
jvazquez-r7
bce7d48931
comment updated
2012-12-14 23:55:12 +01:00
jvazquez-r7
0a0b26dc2c
after study the crash after the overflow...
2012-12-14 23:54:44 +01:00
sinn3r
53a2fda608
Merge branch 'mssql_linkcrawler' of git://github.com/nullbind/metasploit-framework into nullbind-mssql_linkcrawler
2012-12-14 15:23:25 -06:00
jvazquez-r7
3e3f35419b
Added module for CVE-2010-2590
2012-12-14 12:50:29 +01:00
sinn3r
d2885d9045
Correct US Cert references
2012-12-13 14:19:53 -06:00
nullbind
67829756f8
fixed errors
2012-12-12 17:45:02 -06:00
sinn3r
a69a4fbbce
Extra spaces, be gone.
2012-12-12 14:38:00 -06:00
sinn3r
3a481c8e42
Merge branch 'feature/winrm_compat_mode' of git://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-feature/winrm_compat_mode
2012-12-12 14:31:04 -06:00
David Maloney
5856874cea
Login check fixes for exploit
2012-12-12 14:18:41 -06:00
sinn3r
b465d20d61
Merge branch 'feature/winrm_compat_mode' of git://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-feature/winrm_compat_mode
2012-12-12 11:59:23 -06:00
David Maloney
5e8b9a20a4
Fix boneheaded mistake
2012-12-12 09:18:03 -06:00
sinn3r
343a785420
Add OSVDB references
2012-12-11 12:47:08 -06:00
jvazquez-r7
2eb4de815d
added c# code by Nicolas Gregoire
2012-12-11 16:33:41 +01:00
jvazquez-r7
44633c4f5b
deleted incorrect cve ref
2012-12-11 12:16:47 +01:00
jvazquez-r7
fdb457d82b
Merge branch 'refs_update' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-refs_update
2012-12-11 12:16:06 +01:00
sinn3r
b315a4eee4
Grammar
2012-12-11 00:19:15 -06:00
jvazquez-r7
e3a126aa75
Added module for ZDI-10-174
2012-12-11 01:37:44 +01:00
sinn3r
31e2a164a9
MySQL file priv gets a ref from OSVDB
2012-12-10 12:15:44 -06:00
sinn3r
f5193b595c
Update references
2012-12-10 11:42:21 -06:00
David Maloney
e448431c8a
Add 32bit comapt mode for 64 bit targets on wirnm
...
When a 32 bit payload is selected for an x64 target using the powershell
2.0 method,
it will try to invoke the 32bit version of pwoershell to sue instead
allowing us to still get a session even with the wrong payload arch
2012-12-10 11:39:24 -06:00
Tod Beardsley
7ea188e02d
Merge pull request #1147 from wchen-r7/cve_text_consistency
...
Change CVE text format
2012-12-09 14:48:08 -08:00
sinn3r
23d0ffa3ab
Dang it, grammar fail.
2012-12-09 01:39:24 -06:00
sinn3r
64a8b59ff9
Change CVE forma
...
Although the original text should work perfectly, for better
consistency, it's best to remove the "CVE" part. This may not
be a big deal in framework, but stands out a lot in Pro.
2012-12-09 01:09:21 -06:00
sinn3r
811bc49bfd
Merge branch 'bug/rm7593-flash-otf' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-bug/rm7593-flash-otf
2012-12-08 17:16:14 -06:00
sinn3r
e989142d9d
Merge branch 'freefloat' of git://github.com/wchen-r7/metasploit-framework into wchen-r7-freefloat
2012-12-07 14:48:01 -06:00
sinn3r
78b4233b56
Final changes
2012-12-07 14:44:41 -06:00
jvazquez-r7
bae5442ca6
working...
2012-12-07 21:38:17 +01:00
sinn3r
3f1cfcc184
More changes
2012-12-07 13:47:07 -06:00
jvazquez-r7
1aaecbcf0c
cleanup and user agent check
2012-12-07 20:38:08 +01:00
sinn3r
a1336c7b5a
Some more changes
2012-12-07 13:32:44 -06:00
sinn3r
403ac1dc37
I would do anything for a cake.
2012-12-07 13:15:27 -06:00
sinn3r
9838a2c75f
This never works for us. Gonna ditch it.
2012-12-07 13:02:26 -06:00
jvazquez-r7
b0be8dc4df
history exploit cleanup
2012-12-07 19:23:00 +01:00
sinn3r
38f2348c33
First changes
2012-12-07 11:27:09 -06:00
sinn3r
a872362a65
Merge branch 'maxthon3' of git://github.com/malerisch/metasploit-framework into maxthon
2012-12-07 11:17:15 -06:00
James Lee
8812285678
Move print of my_target.name to after nil check
...
Avoids
"Exception handling request: undefined method `name' for nil:NilClass"
when we don't have a target for the connecting browser.
[FixRM #7593 ]
2012-12-07 11:00:24 -06:00
sinn3r
fafdcbaae1
Vuln discovered by Rich.
...
See: https://twitter.com/webstersprodigy/status/277087755073380353
2012-12-07 10:42:45 -06:00
sinn3r
cddda9eab7
Merge branch 'master' into nullbind-mssql_linkcrawler
2012-12-06 23:51:06 -06:00
sinn3r
88c97cd2b5
Merge branch 'mssql_linkcrawler' of git://github.com/nullbind/metasploit-framework into nullbind-mssql_linkcrawler
2012-12-06 18:08:13 -06:00
sinn3r
bf47eaaa41
Remove code that's commented out. Clearly not needed anymore.
2012-12-06 12:57:41 -06:00
sinn3r
0ea5c781c1
Tabs and spaces don't mix
2012-12-06 12:53:22 -06:00
jvazquez-r7
fd20998f40
using the primer callback as pointed by egypt
2012-12-06 18:59:46 +01:00
jvazquez-r7
8e21d9e235
fix source_address param
2012-12-06 18:34:22 +01:00
jvazquez-r7
fc8b08f10f
trailing comma
2012-12-06 17:32:58 +01:00
jvazquez-r7
532afc2919
Added module for CVE-2009-0880
2012-12-06 16:43:07 +01:00
jvazquez-r7
6d3d4c1d84
Added support for FileDropper
2012-12-06 12:03:17 +01:00
sinn3r
18f4df0a38
Fix weird indent prob
2012-12-06 03:58:16 -06:00
sinn3r
a90ed82413
Correct CVE format
2012-12-06 03:57:46 -06:00
sinn3r
2b96c4e2a5
Add Kingcope's MySQL 'Stuxnet' technique exploit
...
Because why not. One more trick to a pentest + coverage = better.
2012-12-06 03:56:23 -06:00
malerisch
5e28563e4e
Advisories URLs changed
2012-12-05 14:33:25 -08:00
jvazquez-r7
5548bebb16
embeding payload on the c# script
2012-12-04 17:44:55 +01:00
jvazquez-r7
3f3bdb8473
my editor...
2012-12-03 21:45:26 +01:00
jvazquez-r7
8a9ad4253a
comment about the original discoverer updated
2012-12-03 21:44:35 +01:00
jvazquez-r7
2cb824d62d
Added module for CVE-2012-5357
2012-12-03 20:12:02 +01:00
James Lee
bc63ee9c46
Merge branch 'jvazquez-r7-file_dropper_support_local' into rapid7
2012-11-30 13:43:02 -06:00
sinn3r
9d52048d7f
Forgot to remove this after badchar analysis
2012-11-30 02:17:08 -06:00
sinn3r
37f731fe7d
Add OSVDB-80896 BlazeVideo HDTV Player Pro 6.6 Buffer Overflow
2012-11-30 02:14:22 -06:00
HD Moore
93a69ea62e
Fix instances of invalid lower-case datastore use
2012-11-29 00:05:36 -06:00
Alexandre Maloteaux
c0c3dff4e6
Several fixes for smb, mainly win 8 compatibility
2012-11-28 22:49:40 +01:00
jvazquez-r7
17518f035c
support for local exploits on file_dropper
2012-11-28 22:17:27 +01:00
jvazquez-r7
85ed074674
Final cleanup on always_install_elevated
2012-11-28 21:50:08 +01:00
jvazquez-r7
fd1557b6d2
Merge branch 'msi_elevated' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-msi_elevated
2012-11-28 21:49:36 +01:00
Meatballs1
7fea0d4af6
Add initial auto run script
2012-11-28 16:38:31 +00:00
Meatballs1
a3fbf276f9
Reinstated cleanup
2012-11-28 11:23:08 +00:00
Meatballs1
b5b47152fc
Changed to static msi filename
2012-11-28 11:21:02 +00:00
Meatballs1
76f7abe5b6
Little tidy up
2012-11-27 23:58:58 +00:00
Meatballs1
81c2182424
Msftidy
2012-11-27 23:33:07 +00:00
Meatballs1
9741d55724
Moved to agnostic post module commands
2012-11-27 23:26:19 +00:00
Meatballs1
6fe378b594
Minor changes to description
2012-11-27 20:56:52 +00:00
Meatballs1
d067b040a0
Minor changes to description
2012-11-27 20:55:36 +00:00
Meatballs1
7727f3d6e8
Msftidy
2012-11-27 18:31:54 +00:00
Meatballs1
889c8ac12d
Add build instructions and removed binary
2012-11-27 18:18:20 +00:00
Meatballs1
bc9065ad42
Move MSI source and binary location
2012-11-27 18:12:49 +00:00
sinn3r
b395f8f96d
Only XP for target coverage
2012-11-27 10:48:20 -06:00
sinn3r
2e71fc740e
No badchars, then no need to have the key
2012-11-27 10:46:20 -06:00
jvazquez-r7
8c53b275c6
Added module for cve-2012-3753
2012-11-27 12:10:00 +01:00
Tod Beardsley
f1fedee63b
EOL space, deleted
2012-11-26 14:19:40 -06:00
malerisch
6dfda6da37
Added Maxthon3 Cross Context Scripting (XCS) exploits for Win
2012-11-24 15:53:58 -08:00
sinn3r
89ddedf773
If no badchars, no need to specify.
2012-11-23 18:46:50 -06:00
jvazquez-r7
4c9b8d4567
targets updated
2012-11-23 18:48:59 +01:00
jvazquez-r7
52ff38ad8a
add module for cve-2012-3752
2012-11-22 19:56:12 +01:00
Meatballs1
579126c777
Remove redundant sleep
2012-11-22 10:44:41 +00:00
Meatballs1
021e0f37e9
Cleanup s
2012-11-22 10:34:05 +00:00
Meatballs1
7936fce7cf
Remove auto migrate - we probably dont want to migrate away from a SYSTEM process.
2012-11-22 10:29:58 +00:00
Meatballs1
128eafe22c
Changed to Local Exploit
2012-11-22 10:26:23 +00:00
sinn3r
007dcd2dcb
Module is good, except with a little grammar error
2012-11-21 10:30:28 -06:00
jvazquez-r7
04aae008ca
fix to use pseudorandom exe name
2012-11-21 09:56:20 +01:00
jvazquez-r7
14cba22e64
changes requested by egypt
2012-11-21 09:46:22 +01:00
jvazquez-r7
99d32191c5
Added module for OSVDB 87334
2012-11-20 23:15:21 +01:00
Tod Beardsley
6b4c131cf5
Avoiding a future conflict with release
2012-11-20 13:24:19 -06:00
nullbind
dc93bd7215
removed redundant file
2012-11-19 14:27:08 -06:00
sinn3r
f784ea65af
Merge branch 'master' into ms12-005_mod
2012-11-16 11:59:41 -06:00
sinn3r
8375bb8390
Merge branch 'bypassuac_admincheck' of git://github.com/mubix/metasploit-framework into mubix-bypassuac_admincheck
2012-11-16 11:29:09 -06:00
jvazquez-r7
e8fe6031e9
Let default timeout for send_request_cgi
2012-11-16 18:09:47 +01:00
jvazquez-r7
51f238ec38
up to date
2012-11-16 16:03:09 +01:00
David Maloney
de016780b8
Rename the PAYLOAD_TYPE datastore option
...
This datastore option conflicts with a reserved option in Pro causing
this module to fail in Pro.
2012-11-15 14:42:31 -06:00
Rob Fuller
e18acf2103
remove debugging code
2012-11-14 23:56:32 -05:00
Rob Fuller
7d41f1f9a0
add admin already and admin group checks
2012-11-14 23:54:01 -05:00
sinn3r
1546aa6a10
No need to repeat the default values
2012-11-13 18:38:17 -06:00
sinn3r
9054fafb15
Not sure why paths were repeated, but no more.
2012-11-13 18:32:32 -06:00
Chris John Riley
f88ec5cbc8
Add normalize_uri to modules that may have
...
been missed by PULL 1045.
Please ensure PULL 1045 is in place prior to
looking at this (as it implements normalize_uri)
ref --> https://github.com/rapid7/metasploit-framework/pull/1045
2012-11-08 17:42:48 +01:00
jvazquez-r7
21693831ae
Added module for ZDI-11-018
2012-11-08 17:32:42 +01:00
HD Moore
36066f8c78
Catch a few stragglers for double slash
2012-11-08 07:21:37 -06:00
HD Moore
4d2147f392
Adds normalize_uri() and fixes double-slash typos
2012-11-08 07:16:51 -06:00
David Maloney
208e706307
Module title fixes
2012-11-07 10:33:14 -06:00
James Lee
34bc92584b
Refactor WindowsServices
...
* Pulls common code up from several methods into #open_sc_manager
* Deprecates the name Windows::WindowsServices in favor of
Windows::Services. The platform is already clear from the namespace.
* Makes the post/test/services test module actually work
[See #1007 ]
[See #1012 ]
2012-11-06 17:30:04 -06:00
jvazquez-r7
9166d12179
Merge branch 'WinRM_piecemeal' of https://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-WinRM_piecemeal
2012-11-05 23:08:59 +01:00
Tod Beardsley
70d53b4e2d
Merge remote branch 'jvazquez-r7/emc_networker_format_string'
2012-11-05 16:03:56 -06:00
jvazquez-r7
77b1e9e648
added comment about ropdb
2012-11-05 23:02:23 +01:00
Tod Beardsley
e385aad9e5
Merge remote branch 'jvazquez-r7/emc_networker_format_string'
2012-11-05 16:02:18 -06:00
David Maloney
9d5ab5a66f
Stupid typing error
2012-11-05 15:41:47 -06:00
David Maloney
314026ed0e
Some error checking and fixups
2012-11-05 13:29:57 -06:00
nullbind
0246e921c5
style, ref, desc, and author updates
2012-11-05 12:45:54 -06:00
David Maloney
7c141e11c4
Hopefully final touches
...
Some smftidy cleanup, and added a method to check that the payload is
the correct arch when using the powershell method
2012-11-05 10:06:57 -06:00
jvazquez-r7
04668c7d61
fix response codes check to avoid second tries to fail
2012-11-05 09:26:26 +01:00
David Maloney
25a6e983a1
Remove the older modules
2012-11-04 14:48:34 -06:00
David Maloney
fca8208171
Some minor code cleanup
2012-11-04 14:45:15 -06:00
David Maloney
f69ccc779f
Unified smarter module
2012-11-04 13:14:02 -06:00
David Maloney
c30ada5eac
Adds temp vbs mod and tweaked decoder stub
2012-11-04 12:49:15 -06:00
jvazquez-r7
88c99161b4
added universal target
2012-11-03 18:52:07 +01:00
jvazquez-r7
b8eea1007f
Added module for CVE-2012-2288 EMC Networker Format String
2012-11-03 18:17:12 +01:00
sinn3r
d4fc99e40c
Merge branch 'ms10_104_100_continue_support' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ms10_104_100_continue_support
2012-11-02 15:16:35 -05:00
David Maloney
ffca972075
Opps mispalced line
2012-11-02 09:34:32 -05:00
David Maloney
355bdbfa39
Add check for propper powershell version
2012-11-02 09:33:28 -05:00
nullbind
9158497fb4
msftidy updates
2012-11-01 20:59:37 -05:00
nullbind
8bb95e9f17
msftidy updates
2012-11-01 20:56:52 -05:00
David Maloney
f843740fcb
more fixes
2012-11-01 11:59:18 -05:00
jvazquez-r7
22fbfb3601
cleanup
2012-11-01 17:38:04 +01:00
jvazquez-r7
e720769747
Added module for ZDI-12-171
2012-11-01 17:17:45 +01:00
David Maloney
aeb837838f
typo
2012-11-01 11:03:50 -05:00
David Maloney
84c8660c96
Fix targets to be more specific
2012-11-01 11:00:45 -05:00
David Maloney
0eccfaf1bb
Add a disclosure date
2012-11-01 10:24:28 -05:00
David Maloney
59f5d9bc5d
Man i'm rusty at writing for framework
...
Fixes up all sinn3r's findings so far
2012-11-01 08:37:21 -05:00
David Maloney
00b9fb3c90
Switc smart mgirate to post mod as it should be
2012-10-31 17:03:49 -05:00
David Maloney
dd7ab11e38
Minor cleanup
2012-10-31 16:14:34 -05:00
David Maloney
86f6d59d2e
Adding the winrm powershell exploit
...
also adds the smart_migrate meterp script for autorun purposes
2012-10-31 15:46:11 -05:00
jvazquez-r7
ef0f415c51
related to #980 adds support for HttpClient
2012-10-31 17:46:57 +01:00
jvazquez-r7
91e6b7cd28
added ie8 target
2012-10-31 11:57:38 +01:00
jvazquez-r7
a3358a471f
Merge branch 'aladdin_bof' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-aladdin_bof
2012-10-31 11:57:20 +01:00
sinn3r
ec8a2955e1
Add OSVDB-86723 Aladdin Knowledge System ChooseFilePath Bof
2012-10-31 03:32:43 -05:00
sagishahar
53c7479d70
Add Windows 8 support
...
Verified with Windows 8 Enterprise Evaluation
2012-10-29 20:12:47 +02:00
jvazquez-r7
0e3bc7d060
hp operations agent mods: fix use of pattern_create, use ropdb
2012-10-29 15:45:40 +01:00
sinn3r
e9b9c96221
Merge branch 'mssql_linkcrawler' of git://github.com/nullbind/metasploit-framework into nullbind-mssql_linkcrawler
2012-10-28 18:10:17 -05:00
nullbind
5ce6526125
first official release
2012-10-28 13:49:32 -05:00
jvazquez-r7
19920b3275
update module titles for hp operation agent vulns
2012-10-28 02:38:39 +01:00
sinn3r
320a23286a
Merge branch 'warnings' of git://github.com/wchen-r7/metasploit-framework into wchen-r7-warnings
2012-10-27 18:52:34 -05:00
sinn3r
7db7f1bfdf
Merge branch 'turboftp_update' of git://github.com/corelanc0d3r/metasploit-framework into corelanc0d3r-turboftp_update
2012-10-27 18:51:41 -05:00
sinn3r
c015372ce0
Merge branch 'hp_operations_agent_coda_8c' of git://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-hp_operations_agent_coda_8c
2012-10-27 18:45:36 -05:00
jvazquez-r7
73deeacd7e
deleted unnecessary http headers according to my tests
2012-10-28 00:52:52 +02:00
jvazquez-r7
b4b1b77a77
deleted unnecessary http headers according to my tests
2012-10-28 00:51:18 +02:00
jvazquez-r7
51bc806014
Added module for CVE-2012-2019
2012-10-27 22:45:37 +02:00
jvazquez-r7
bcb80431d6
Added module for CVE-2012-2020
2012-10-27 22:43:16 +02:00
corelanc0d3r
b48e355a6d
fixed typo and defined badchars
2012-10-24 20:04:54 +02:00
sinn3r
ede5d0f46b
This is meant to be a warning, so we use print_warning
2012-10-24 00:55:54 -05:00
sinn3r
799c22554e
Warn user if a file/permission is being modified during new session
2012-10-24 00:54:17 -05:00
sinn3r
f1423bf0b4
If a message is clearly a warning, then use print_warning
2012-10-24 00:44:53 -05:00
Tod Beardsley
be9a954405
Merge remote branch 'jlee-r7/cleanup/post-requires'
2012-10-23 15:08:25 -05:00
Michael Schierl
910644400d
References EDB cleanup
...
All other types of references use String arguments, but approximately half
of the EDB references use Fixnums. Fix this by using Strings here too.
2012-10-23 21:02:09 +02:00
Michael Schierl
21f6127e29
Platform windows cleanup
...
Change all Platform 'windows' to 'win', as it internally is an alias
anyway and only causes unnecessary confusion to have two platform names
that mean the same.
2012-10-23 20:33:01 +02:00
James Lee
9c95c7992b
Require's for all the include's
2012-10-23 13:24:05 -05:00
sinn3r
33ce74fe8c
Merge branch 'msftidy-1' of git://github.com/schierlm/metasploit-framework into schierlm-msftidy-1
2012-10-23 02:10:56 -05:00
James Lee
b2db3e133d
Rescue when the service is crashed
...
Failed exploit attempts leave the service in a state where the port is
still open but login attmempts reset the connection. Rescue that and
give the user an indication of what's going on.
2012-10-22 17:57:30 -05:00
Rob Fuller
7437d9844b
standardizing author info
2012-10-22 17:01:58 -04:00
Michael Schierl
5b18a34ad4
References cleanup
...
Uppercase MSB, spaces in URLs.
2012-10-22 22:37:01 +02:00
Michael Schierl
f9ac55c221
Infohash key cleanups
...
Replace obvious typos in infohash keys. Note that this *does*
affect the behaviour as those keys have been ignored before.
2012-10-22 21:24:36 +02:00
Michael Schierl
e9f7873afc
Version cleanup
...
Remove all values that are neither 0 nor $Revision$.
2012-10-22 20:57:02 +02:00
Michael Schierl
657d527f8d
DisclosureDate cleanup: Try parsing all dates
...
Fix all dates unparsable by `Date.strptime(value, '%b %d %Y')`
2012-10-22 20:04:21 +02:00
Michael Schierl
70ac7c8345
Author cleanup: fix unmatched angle brackets
2012-10-22 19:45:27 +02:00
sinn3r
ad9946689e
Update description
2012-10-21 16:40:01 -05:00
sinn3r
1821c11369
Code cleanup
2012-10-21 16:40:01 -05:00
sinn3r
c404b72d08
Doesn't make a lot of sense setting DefaultTarget to an older one
2012-10-21 16:40:01 -05:00
lincoln@corelan.be
c7d12d94b7
turboftp exploit
2012-10-21 16:40:00 -05:00
sput-nick
60dc83748c
Update modules/exploits/windows/browser/mozilla_mchannel.rb
2012-10-17 12:25:44 -03:00
Tod Beardsley
9192a01803
All exploits need a disclosure date.
2012-10-15 16:29:12 -05:00
sinn3r
529f88c66d
Some msftidy fixes
2012-10-14 19:16:54 -05:00
sinn3r
97ac7fa184
Merge branch 'module-wle-service-permissions' of git://github.com/zeroSteiner/metasploit-framework
2012-10-14 18:27:32 -05:00
Spencer McIntyre
3ab24cdbb9
added exploits/windows/local/service_permissions
2012-10-11 22:42:36 -04:00
sinn3r
55c0cda86c
Merge branch 'fix_vprint_reduceright' of git://github.com/kernelsmith/metasploit-framework into kernelsmith-fix_vprint_reduceright
2012-10-11 16:55:52 -05:00
kernelsmith
c911eeece2
change vprint_error to print_error
...
exploits/windows/browser/mozilla_reduceright does not tell you when an
incompatible browser connects like most other browser exploits do
(unless verbose is true). This change just changes the vprint to print
to be more consistent w/other browser exploits
2012-10-11 16:51:17 -05:00
sinn3r
1ea73b7bd2
Small description change and favor the use of print_error
2012-10-10 13:37:23 -05:00
jvazquez-r7
f32ce87071
delete comment added by error
2012-10-10 19:32:25 +02:00
jvazquez-r7
13e914d65e
added on_new_session handler to warn users about cleanup
2012-10-10 19:31:38 +02:00
jvazquez-r7
37dc19951b
Added module for ZDI-12-169
2012-10-10 19:14:54 +02:00
sinn3r
abb4bdd408
metadata formatting, and a little res gotcha
2012-10-08 15:00:51 -05:00
jvazquez-r7
ef9d627e13
Added module for ZDI-12-106
2012-10-08 20:04:01 +02:00
sinn3r
e9b70a3a4f
Merge branch 'avaya_winpmd_unihostrouter' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-avaya_winpmd_unihostrouter
2012-10-07 15:35:30 -05:00
jvazquez-r7
0acd9e4eec
Merge branch 'ms10_002_ropdb_update' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-ms10_002_ropdb_update
2012-10-07 17:49:45 +02:00
jvazquez-r7
40983460bf
added module for avaya winpmd bof, osvdb 73269
2012-10-07 12:05:13 +02:00
sinn3r
bdb9b75e1e
Use RopDb, and print what target the module has selected.
2012-10-07 01:42:29 -05:00
sinn3r
5b656087b5
Use RopDb in adobe_flash_otf_font, also cleaner code & output
2012-10-06 21:03:41 -05:00
jvazquez-r7
874fe64343
Merge branch 'ms11_050_ropdb_update' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-ms11_050_ropdb_update
2012-10-06 14:10:36 +02:00
sinn3r
e02adc1f35
Merge branch 'mubix-bypassuac_uac_check'
2012-10-06 02:09:16 -05:00
sinn3r
33429c37fd
Change print_error to print_debug as a warning
2012-10-06 02:08:19 -05:00
sinn3r
94d5eb7a8c
Use RopDb in MS11-050, and correct autopwninfo
2012-10-06 01:45:40 -05:00
Rob Fuller
55474dd8bf
add simple UAC checks to bypassuac
2012-10-06 00:59:54 -04:00
Rob Fuller
b984d33996
add RunAs ask module
2012-10-06 00:51:44 -04:00
sinn3r
769fa3743e
Explain why the user cannot modify the URIPATH
2012-10-05 17:24:06 -05:00
sinn3r
2aa59623d1
Merge branch 'ropdb_for_browsers' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-ropdb_for_browsers
2012-10-05 15:43:18 -05:00
sinn3r
21ea77ff8b
Fix spaces
2012-10-05 15:40:37 -05:00
sinn3r
6342c270f4
Merge branch 'bypassuac_localport' of https://github.com/mubix/metasploit-framework into mubix-bypassuac_localport
2012-10-05 14:16:16 -05:00
sinn3r
33db3d9610
RopDb for ntr_activex_check_bof.rb
2012-10-05 14:09:59 -05:00
sinn3r
f92843c96e
RopDb for ie_execcommand_uaf.rb
2012-10-05 13:49:17 -05:00
sinn3r
9a53a49625
RopDb for vlc_amv.rb
2012-10-05 12:54:16 -05:00
sinn3r
d9278d82f8
Adopt RopDb for msxml_get_definition_code_exec.rb
2012-10-05 12:20:41 -05:00
sinn3r
6fc8790dd7
Adopt RopDb for ms12_037_same_id.rb
2012-10-05 12:17:19 -05:00
sinn3r
1268614d54
Adopt RopDb for adobe_flash_mp4_cprt.rb
2012-10-05 11:15:53 -05:00
sinn3r
98931e339a
Adopt RopDb for adobe_flash_rtmp.rb
2012-10-05 11:05:19 -05:00
sinn3r
631a06f3bb
Adopt RopDb for adobe_flashplayer_flash10o.rb
2012-10-05 10:55:55 -05:00
Rob Fuller
0ae7756d26
fixed missing > on author
2012-10-05 11:13:40 -04:00
sinn3r
bcc56cb7cc
Merge branch 'bypassuac_localport' of https://github.com/mubix/metasploit-framework into mubix-bypassuac_localport
2012-10-05 01:05:30 -05:00
sinn3r
77438d2fc7
Make URI modification more obvious, and let the user know why
2012-10-04 17:52:04 -05:00
Rob Fuller
8520cbf218
fixes spotted by @jlee-r7
2012-10-04 17:34:35 -04:00
Tod Beardsley
4400cb94b5
Removing trailing spaces
2012-10-04 14:58:53 -05:00
kernelsmith
6ef87d1695
update info to reflect use of webdav
...
ms10_042_helpctr_xss_cmd_exec.rb doesn't tell you that it's going to
use webdav, and it's options dont' have the (Don't change) warning for
SRVPORT and URIPATH. This update fixes all that
2012-10-04 14:09:53 -05:00
Rob Fuller
3f2fe8d5b4
port bypassuac from post module to local exploit
2012-10-04 14:31:23 -04:00
sinn3r
fbc3709774
Change the title and regex a bit
2012-10-03 12:16:25 -05:00
jvazquez-r7
30846f4190
fix typo in comment
2012-10-03 16:06:00 +02:00
jvazquez-r7
24037ac79a
Added module for CVE-2011-4051
2012-10-03 16:03:36 +02:00
sinn3r
e36507fc05
Code cleanup and make msftidy happy
2012-10-02 12:00:23 -05:00
Spencer McIntyre
21e832ac1c
add call to memory protect to fix DEP environments
2012-10-01 18:49:18 -04:00
Spencer McIntyre
c93692b06d
add a check to verify session is not already system for MS11-080
2012-09-27 08:36:13 -04:00
Spencer McIntyre
8648953747
added MS11-080 AFD JoinLeaf Windows Local Exploit
2012-09-26 11:01:30 -04:00
sinn3r
2db2c780d6
Additional changes
...
Updated get_target function, comment for original author, possible
bug in handling page redirection.
2012-09-24 17:38:19 -05:00
jvazquez-r7
2784a5ea2d
added js obfuscation for heap spray
2012-09-24 21:28:34 +02:00
sinn3r
57b3aae9c0
Only JRE ROP is used
2012-09-24 10:21:02 -05:00
jvazquez-r7
d476ab75cc
fix comment
2012-09-24 10:03:31 +02:00
jvazquez-r7
f3a64432e9
Added module for ZDI-12-170
2012-09-24 10:00:38 +02:00
sinn3r
d3611c3f99
Correct the tab
2012-09-21 12:29:24 -05:00
sinn3r
25f4e3ee1f
Update patch information for MS12-063
2012-09-21 12:28:41 -05:00
sinn3r
54b98b4175
Merge branch 'ntr_activex_check_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ntr_activex_check_bof
2012-09-20 16:43:20 -05:00
sinn3r
4ead0643a0
Correct target parameters
2012-09-20 16:41:54 -05:00
sinn3r
41449d8379
Merge branch 'ntr_activex_stopmodule' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ntr_activex_stopmodule
2012-09-20 16:33:12 -05:00