ddc8a4f103
Merge branch 'master' of github.com:rapid7/metasploit-framework into feature/recog
2014-05-19 11:42:30 -05:00
2fb0dbb7f8
Delete debug print_status
2014-05-18 23:34:04 -05:00
975cdcb537
Allow exploitation also on FF
2014-05-18 23:24:01 -05:00
033757812d
Updates to adobe_flash_pixel_bender_bof:
...
1. Added embed-element to work with IE11 (and Firefox). Removed browser-requirements for ActiveX (clsid and method).
2. Added Cache-Control header on SWF-download to avoid AV-detection (no disk caching = no antivirus-analysis :).
Testing performed:
Successfully tested with Adobe Flash Player 13.0.0.182 with IE9, IE10 and IE11 running on Windows 7SP1. (Exploit will trigger on FF29, although sandboxed.)
2014-05-18 22:43:51 +02:00
a844b5c30a
Merge branch 'master' of github.com:hmoore-r7/metasploit-framework into feature/recog
...
Conflicts:
Gemfile
Gemfile.lock
data/js/detect/os.js
lib/msf/core/exploit/remote/browser_exploit_server.rb
2014-05-18 10:50:32 -05:00
5f523e8a04
Rex::Text::uri_encode - make 'hex-all' really mean all.
...
'hex-all' encoding was previously ignoring slashes.
This pull adds 'hex-noslashes' mode which carries forward the previous functionality, and replaces all existing references to 'hex-all' with 'hex-noslashes' It then adds a replacement 'hex-all' mode, which really encodes *ALL* characters.
2014-05-12 11:26:27 -05:00
6b41a4e2d9
Test Flash 13.0.0.182
2014-05-07 17:39:22 -05:00
5fd732d24a
Add module for CVE-2014-0515
2014-05-07 17:13:16 -05:00
5b150a04c6
Add testing information to description
2014-05-03 20:08:00 -05:00
b4c7c5ed1f
Add module for CVE-2014-0497
2014-05-03 20:04:46 -05:00
1c88dea7d6
Exploitation also works with flash 13
2014-04-28 16:23:05 -05:00
9ce5545034
Fix comments
2014-04-27 20:13:46 -05:00
60e7e9f515
Add module for CVE-2013-5331
2014-04-27 10:40:46 -05:00
e514ff3607
Description and print_status fixes for release
...
@cdoughty-r7, I choose you! Or @wvu-r7.
2014-04-21 14:00:03 -05:00
acb12a8bef
Beautify and fix both ruby an AS
2014-04-17 23:32:29 -05:00
91d9f9ea7f
Update from master
2014-04-17 15:32:49 -05:00
749e141fc8
Do first clean up
2014-04-17 15:31:56 -05:00
23c2a071cd
Small name change
2014-04-15 18:35:00 -05:00
abd76c5000
Add module for CVE-2014-0322
2014-04-15 17:55:24 -05:00
062175128b
Update @Meatballs and @FireFart in authors.rb
2014-04-09 10:46:10 -05:00
a7a0a306f9
Fix usage of os_flavor for target matching
2014-04-02 07:23:30 -07:00
55d9928186
Fix use of os_flavor to ensure correct target matching
2014-04-02 07:21:54 -07:00
be4a366eab
Fix up two modules using the old os_flavor definition
2014-04-02 07:19:47 -07:00
7e227581a7
Rework OS fingerprinting to match Recog changes
...
This commit changes how os_name and os_flavor are handled
for client-side exploits, matching recent changes to the
server-side exploits and scanner fingerprints.
This commit also updates the client-side fingerprinting to
take into account Windows 8.1 and IE 9, 10, and 11.
2014-04-01 08:14:58 -07:00
466096f637
Add MSB number to name
2014-03-28 20:33:40 -05:00
f7b1874e7d
Land #3151 , @wchen-r7's use of BrowserExploitServer in ms13-59's exploit
2014-03-28 14:43:38 -05:00
8ec10f7438
Use BrowserExploitServer for MS13-059 module
2014-03-26 17:49:01 -05:00
19918e3207
Land #3143 , @wchen-r7's switch to BrowserExploitServer on ie_setmousecapture_uaf
2014-03-26 14:16:35 -05:00
fdc355147f
Use BrowserExploitServer mixin for ie_setmousecapture_uaf.rb
2014-03-25 18:41:47 -05:00
6c206e4ced
Add a comment about what this build version range is covering
2014-03-25 11:43:13 -05:00
7108d2b90a
Add ua_ver and mshtml_build requirements
...
This vulnerability is specific to certain builds of IE9.
2014-03-25 11:35:35 -05:00
cfdd64d5b1
Title, description grammar and spelling
2014-03-24 12:16:59 -05:00
a5afd929b4
Land #3120 , @wchen-r7's exploit for CVE-2014-0307
2014-03-20 11:16:40 -05:00
8cb7bc3cbe
Fix typo
2014-03-20 11:13:57 -05:00
c5158a3ccc
Update CVE
2014-03-19 22:13:23 -05:00
d27264b402
Land #2782 , fix expand_path abuse
2014-03-19 08:41:28 -05:00
2e76faa076
Add MS14-012 Internet Explorer Use-After-Free Exploit Module
...
Add MS14-012 IE UAF.
2014-03-18 17:55:56 -05:00
25ebb05093
Add next chunk of fixes
...
Going roughly a third at a time.
2014-03-11 12:23:59 -05:00
3ea3968d88
Merge branch 'upstream/master' into stop_abusing_expand_path
...
Conflicts:
lib/msf/core/post/windows/shadowcopy.rb
modules/exploits/windows/local/bypassuac.rb
modules/post/windows/gather/wmic_command.rb
modules/post/windows/manage/persistence.rb
2014-03-11 23:13:39 +10:00
e6905837eb
Land #2960 , rand_text_alpha for amaya_bdo
2014-02-10 16:44:11 -06:00
1236a4eb07
Fixup on description and some option descrips
2014-02-10 14:41:59 -06:00
32c02dd56a
Added some randomness
2014-02-08 11:27:25 +08:00
a18de35fa7
Add module for ZDI-14-011
2014-02-06 18:25:36 -06:00
88c283880a
Fix bugs
2014-01-18 17:04:46 -05:00
766c408d86
Add CVE-2013-0634: Adobe Flash Player 11.5 memory corruption
2014-01-18 11:07:11 -05:00
1cb671b02e
Merge branch 'adjust_getenv_api' into stop_abusing_expand_path
2014-01-03 08:14:02 +10:00
7f9f4ba4db
Make gsubs compliant with the new indentation standard
2013-12-31 11:06:53 -06:00
9fb081cb2d
Add getenvs, update getenv, change extract_path use
...
Stacks of modules were using `extract_path` where it wasn't really semantically correct
because this was the only way to expand environment variables. This commit fixes that
up a bit.
Also, I changed the existing `getenv` function in `stdapi` to `getenvs`, and had it
support the splat operator. I added a `getenv` function which is used just for a
single variable and uses `getenvs` behind the scenes.
The meterpreter console `getenv` command now uses `getenvs`
2013-12-19 11:54:34 +10:00
f88a3a55b6
More slight updates.
2013-12-16 15:05:39 -06:00
04b7e8b174
Fix module title and add vendor patch information
2013-12-16 14:59:00 -06:00
HD Moore
jvazquez-r7
Jonas Vestberg
Jeff Jarmoc
Tod Beardsley
sinn3r
William Vu
OJ
David Maciejak
dukeBarman