infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
24,580 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

3973 Commits (eda8a90cea012b2ee95efac897b145a6b0438f49)

Author SHA1 Message Date
HD Moore ddc8a4f103 Merge branch 'master' of github.com:rapid7/metasploit-framework into feature/recog 2014-05-19 11:42:30 -05:00
Tod Beardsley 0ef2e07012
Minor desc and status updates, cosmetic 2014-05-19 08:59:54 -05:00
sinn3r bf52c0b888
Land #3364 - Symantec Workspace Streaming Arbitrary File Upload 2014-05-19 00:25:33 -05:00
jvazquez-r7 2fb0dbb7f8 Delete debug print_status 2014-05-18 23:34:04 -05:00
jvazquez-r7 975cdcb537 Allow exploitation also on FF 2014-05-18 23:24:01 -05:00
Jonas Vestberg 033757812d Updates to adobe_flash_pixel_bender_bof: 
1. Added embed-element to work with IE11 (and Firefox). Removed browser-requirements for ActiveX (clsid and method).
2. Added Cache-Control header on SWF-download to avoid AV-detection (no disk caching = no antivirus-analysis :).

Testing performed:
Successfully tested with Adobe Flash Player 13.0.0.182 with IE9, IE10 and IE11 running on Windows 7SP1. (Exploit will trigger on FF29, although sandboxed.)
 2014-05-18 22:43:51 +02:00
HD Moore a844b5c30a Merge branch 'master' of github.com:hmoore-r7/metasploit-framework into feature/recog 
Conflicts:
	Gemfile
	Gemfile.lock
	data/js/detect/os.js
	lib/msf/core/exploit/remote/browser_exploit_server.rb
 2014-05-18 10:50:32 -05:00
jvazquez-r7 1b68abe955 Add module for ZDI-14-127 2014-05-15 13:41:52 -05:00
William Vu 750b6fc218
Land #3348, some Ruby warning fixes 2014-05-14 01:25:10 -05:00
William Vu c421b8e512
Change if not to unless 2014-05-14 01:24:29 -05:00
Jeff Jarmoc 5f523e8a04 Rex::Text::uri_encode - make 'hex-all' really mean all. 
'hex-all' encoding was previously ignoring slashes.
This pull adds 'hex-noslashes' mode which carries forward the previous functionality, and replaces all existing references to 'hex-all' with 'hex-noslashes'  It then adds a replacement 'hex-all' mode, which really encodes *ALL* characters.
 2014-05-12 11:26:27 -05:00
Christian Mehlmauer 557cd56d92 fixed some ruby warnings 2014-05-10 23:31:02 +02:00
jvazquez-r7 f56ea01988 Add module 2014-05-09 10:27:41 -05:00
jvazquez-r7 6b41a4e2d9 Test Flash 13.0.0.182 2014-05-07 17:39:22 -05:00
jvazquez-r7 5fd732d24a Add module for CVE-2014-0515 2014-05-07 17:13:16 -05:00
William Vu e8bc89af30
Land #3337, release fixes 2014-05-05 14:03:48 -05:00
Tod Beardsley c97c827140
Adjust desc and ranking on ms13-053 
Since it's likely to crash winlogin.exe in the normal use case
(eventually), I've kicked this down to Average ranking.
 2014-05-05 13:46:19 -05:00
Tod Beardsley 3072c2f08a
Update CVEs for RootedCon Yokogawa modules 
Noticed they were nicely documented at

http://chemical-facility-security-news.blogspot.com/2014/03/ics-cert-publishes-yokogawa-advisory.html

We apparently never updated with CVE numbers.
 2014-05-05 13:25:55 -05:00
sinn3r 6bfc9a8aa0
Land #3333 - Adobe Flash Player Integer Underflow Remote Code Execution 2014-05-05 10:39:26 -05:00
OJ 7e37939bf2
Land #3090 - Windows NTUserMessageCall Win32k Kernel Pool Overflow (Schlamperei) 2014-05-04 16:41:17 +10:00
jvazquez-r7 5b150a04c6 Add testing information to description 2014-05-03 20:08:00 -05:00
jvazquez-r7 b4c7c5ed1f Add module for CVE-2014-0497 2014-05-03 20:04:46 -05:00
Meatballs 56c5eac823
Message correction 2014-05-02 14:18:18 +01:00
Meatballs 69915c0de5
Message correction 2014-05-02 14:17:27 +01:00
William Vu 8b138b2d37
Fix unquoted path in cleanup script 2014-04-30 16:34:33 -05:00
kaospunk 6b740b727b Changes PATH to proper case 
This changes PATH to Path
 2014-04-30 17:26:36 -04:00
kaospunk fdc81b198f Adds the ability to specify path 
This update allows an explicit path to be set rather
than purely relying on the TEMP environment variable.
 2014-04-30 16:08:48 -04:00
sinn3r 4c0a692678
Land #3312 - Update ms14-012 2014-04-28 18:48:20 -05:00
sinn3r b1ac0cbdc7
Land #3239 - Added target 6.1 to module 2014-04-28 18:28:14 -05:00
jvazquez-r7 1c88dea7d6 Exploitation also works with flash 13 2014-04-28 16:23:05 -05:00
sinn3r d530c9c128
Land #3304 - Adobe Flash Player Type Confusion Remote Code Execution 2014-04-28 15:06:50 -05:00
Tod Beardsley 1b4fe90003
Fix msftidy warnings on wireshark exploits 2014-04-28 19:51:38 +01:00
jvazquez-r7 9ce5545034 Fix comments 2014-04-27 20:13:46 -05:00
jvazquez-r7 60e7e9f515 Add module for CVE-2013-5331 2014-04-27 10:40:46 -05:00
sinn3r 656e60c35c
Land #3254 - Wireshark <= 1.8.12/1.10.5 wiretap/mpeg.c Stack BoF 2014-04-24 13:20:50 -05:00
sinn3r cde9080a6a Move module to fileformat 2014-04-24 13:17:08 -05:00
sinn3r a39855e20d Works for XP SP3 too 2014-04-24 13:16:24 -05:00
sinn3r ba8d7801f4 Remove default target because there is no auto-select 2014-04-24 13:15:49 -05:00
sinn3r 2e76db01d7 Try to stick to the 100 columns per line rule 2014-04-24 13:15:12 -05:00
JoseMi fd95d9ef38 Added english windows xp sp2 target 2014-04-23 17:32:56 +01:00
Tod Beardsley e514ff3607
Description and print_status fixes for release 
@cdoughty-r7, I choose you! Or @wvu-r7.
 2014-04-21 14:00:03 -05:00
Ken Smith 66b1c79da9 Update rop chain for versions 6.2 and 6.1 2014-04-21 13:27:14 -04:00
JoseMi e25ca64641 It's solved the crash when double-click on the pcap file 2014-04-21 17:49:40 +01:00
JoseMi 3861541204 Add more rand_text_alpha functions 2014-04-19 18:37:58 +01:00
JoseMi 7bc546e69a Add rand_text_alpha function 2014-04-19 17:45:28 +01:00
JoseMi feea4c1fa6 ROP chain changed 2014-04-18 19:05:53 +01:00
William Vu 7d801e3acc
Land #3200, goodbye LORCON modules :( 2014-04-18 12:32:22 -05:00
jvazquez-r7 acb12a8bef Beautify and fix both ruby an AS 2014-04-17 23:32:29 -05:00
jvazquez-r7 91d9f9ea7f Update from master 2014-04-17 15:32:49 -05:00
jvazquez-r7 749e141fc8 Do first clean up 2014-04-17 15:31:56 -05:00