Commit Graph

775 Commits (edfe43e7e03b473a75bf0c51a2dc84953a79aad7)

Author SHA1 Message Date
sinn3r 5560087006 Add OSVDB 79438 Asus Net4Switch ActiveX Buffer Overflow 2012-02-28 18:58:28 -06:00
Joshua J. Drake e262d7a7ff Add CVE-2012-0500 Sun Java Web Start exploit 2012-02-23 13:30:45 -06:00
HD Moore ceb4888772 Fix up the boilerplate comment to use a better url 2012-02-20 19:40:50 -06:00
HD Moore af56807668 Cleanup the titles of many exploit modules 2012-02-20 19:25:55 -06:00
Joshua J. Drake d2444e1cf6 fix a few typos 2012-02-16 03:10:22 -06:00
juan e69037959f Added CVE-2010-0842 2012-02-15 23:32:31 +01:00
Tod Beardsley 829040d527 A bunch of msftidy fixes, no functional changes. 2012-02-10 19:44:03 -06:00
Steve Tornio 782fcb040d add osvdb ref 2012-02-10 07:05:26 -06:00
sinn3r 5ea20a332b Clearly I had the wrong disclosure date. This one is based on Adobe's security bulletin. 2012-02-10 00:13:39 -06:00
sinn3r e5ea2961f5 Add CVE-2011-2140 Adobe Flash SequenceParameterSetNALUnit (mp4) bof 2012-02-10 00:10:28 -06:00
sinn3r 6b29af5c23 Add user-agent check. Auto-migrate. 2012-02-02 03:11:10 -06:00
juan 82eacbe2fd Added module for CVE-2008-2551 2012-02-01 23:26:28 +01:00
Tod Beardsley e371f0f64c MSFTidy commits
Whitespace fixes, grammar fixes, and breaking up a multiline SOAP
request.

Squashed commit of the following:

commit 2dfd2472f7afc1a05d3647c7ace0d031797c03d9
Author: Tod Beardsley <todb@metasploit.com>
Date:   Wed Feb 1 10:58:53 2012 -0600

    Break up the multiline SOAP thing

commit 747e62c5be2e6ba99f70c03ecd436fc444fda99e
Author: Tod Beardsley <todb@metasploit.com>
Date:   Wed Feb 1 10:48:16 2012 -0600

    More whitespace and indent

commit 12c42aa1efdbf633773096418172e60277162e22
Author: Tod Beardsley <todb@metasploit.com>
Date:   Wed Feb 1 10:39:36 2012 -0600

    Whitespace fixes

commit 32d57444132fef3306ba2bc42743bfa063e498df
Author: Tod Beardsley <todb@metasploit.com>
Date:   Wed Feb 1 10:35:37 2012 -0600

    Grammar fixes for new modules.
2012-02-01 10:59:58 -06:00
sinn3r 1dec4c0c45 These modules should use vprint_xxx() instead of print_xxx() ... if datastore['VERBOSE'] 2012-01-30 13:08:35 -06:00
sinn3r fbac9a7239 Forgot to remove this comment 2012-01-28 13:18:15 -06:00
sinn3r 7b866eee86 Use the proper function for verbose prints 2012-01-27 12:50:01 -06:00
sinn3r 64651e52a8 Credit Shane of X-Force for the discovery 2012-01-27 11:18:34 -06:00
HD Moore b4e2228404 Fix exitfunc option name 2012-01-27 09:15:31 -06:00
sinn3r 298b94d397 Add MS12-004 MIDI Heap Overflow Remote Code Execution Exploit (CVE-2012-003) 2012-01-27 03:48:39 -06:00
Tod Beardsley f6a6963726 Msftidy run over the recent changed+added modules 2012-01-24 15:52:41 -06:00
sinn3r a682e68073 Add CVE-2011-4786 HP Easy Printer Care XMLCacheMgr exploit (Feature #6246) 2012-01-17 12:28:47 -06:00
sinn3r 4f16caed0f Change naming style for MS type bug 2012-01-17 03:00:07 -06:00
Steve Tornio bd31f3f480 add osvdb ref 2012-01-13 13:21:33 -06:00
sinn3r 2eb35728f6 Randomize nops 2012-01-12 18:37:25 -06:00
root a8ef3417b5 Fixed the date 2012-01-12 20:54:55 -06:00
Sam Sharps e75e23b963 Removed more unused variables and fixed some formatting 2012-01-12 18:13:28 -06:00
Sam Sharps f22f54034a Removed unused variables 2012-01-12 18:05:54 -06:00
Sam Sharps 87ee6905df Modified exploit to not need egg hunter shellcode 2012-01-12 18:01:22 -06:00
Sam Sharps 06414c2413 changed author to my actual name 2012-01-06 01:03:20 -06:00
Sam Sharps b26ed37467 Added description, urls, and another author 2012-01-06 00:47:01 -06:00
Sam Sharps 5c05cebaf7 Added ms05_054_onload.rb IE 6 SP 2 exploit - CVE-2005-1790 2012-01-06 00:16:45 -06:00
sam f3a9bc2dad Added ms05_054_onload.rb IE 6 SP 2 exploit - CVE-2005-1790 2012-01-06 00:12:28 -06:00
Joshua J. Drake 958ffe6e1d Fix stack trace from unknown agents 2012-01-02 03:41:49 -06:00
sinn3r b202c29153 Correct e-mail format 2011-12-29 11:27:10 -06:00
sinn3r d484e18300 Add e-mail for tecr0c 2011-12-29 11:14:15 -06:00
sinn3r 9972f42953 Add e-mail for mr_me for consistency 2011-12-29 11:01:38 -06:00
sinn3r b58097a2a7 Remove junk() because it's never used 2011-12-17 01:28:07 -06:00
sinn3r acef9de711 Repair dead milw0rm link to exploit-db 2011-12-13 16:13:15 -06:00
Rob Fuller c411c216c0 Solved most of msftidy issues with the /modules directory 2011-11-28 17:10:29 -06:00
sinn3r 95d639ccf7 Change target index and names. Also retested on XP all the way to Win 7, IE 6 to IE8. 2011-11-20 01:44:52 -06:00
sinn3r 9c2fab0921 Add CVE-2010-0356 (Viscom Movie Player Pro) by tecr0c 2011-11-19 20:40:04 -06:00
sinn3r fea42dbdee Add feature #5872 2011-11-16 12:26:54 -06:00
sinn3r 170c4f5451 Fix author email format 2011-11-12 01:53:25 -06:00
Wei Chen e767214411 Fix: whitespaces, svn propset, author e-mail format
git-svn-id: file:///home/svn/framework3/trunk@14175 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-06 22:02:26 +00:00
Joshua Drake 7bfa29ace4 clean up exploit HTML print_status
git-svn-id: file:///home/svn/framework3/trunk@14036 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-23 14:21:57 +00:00
Joshua Drake 62c8c6ea9f big msftidy pass, ping me if there are issues
git-svn-id: file:///home/svn/framework3/trunk@14034 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-23 11:56:13 +00:00
Wei Chen 0f1ba8dcf1 Change user agent check
git-svn-id: file:///home/svn/framework3/trunk@13993 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 15:48:03 +00:00
Wei Chen 8e4f4a2672 Add CVE-2011-1774 (Safari libxslt arbitrary file creation)
git-svn-id: file:///home/svn/framework3/trunk@13987 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 07:39:50 +00:00
Wei Chen fbbec1fa92 This exploit falls between NormalRanking to GoodRanking. I'll class it as Normal for now.
git-svn-id: file:///home/svn/framework3/trunk@13984 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 03:48:10 +00:00
Tod Beardsley c336d063da Mostly file format (unix linefeeds) and File.open() calls using binary. Fixed ranking for mozilla_nstreerange and disclosure and BID # for tugzip.
git-svn-id: file:///home/svn/framework3/trunk@13971 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 04:20:53 +00:00
Tod Beardsley 3c36b0c975 Msftidy: knocking out all those trailing spaces. Screw those guys.
git-svn-id: file:///home/svn/framework3/trunk@13967 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 03:49:49 +00:00
Wei Chen 39a4488da5 Patch #5740 for Firefox Array.reduceRight() exploit
git-svn-id: file:///home/svn/framework3/trunk@13958 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-16 20:28:15 +00:00
HD Moore cf8524b1b4 Fixes #5414 by applying Joshua Taylor's patch that corrects bad reference types
git-svn-id: file:///home/svn/framework3/trunk@13949 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-16 09:53:53 +00:00
Tod Beardsley 020abd926b A handful of rankings changes, also converting whitespace.
git-svn-id: file:///home/svn/framework3/trunk@13941 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 22:58:20 +00:00
Wei Chen 14d7db1641 Add disclosure dates to all the exploit modules that didn't have one
git-svn-id: file:///home/svn/framework3/trunk@13938 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 21:09:17 +00:00
Wei Chen 1adb31747d This module is missing a ranking. Adding one.
git-svn-id: file:///home/svn/framework3/trunk@13936 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 20:35:18 +00:00
Wei Chen 4f4c0bc0be Add CVE-2011-2371 Firefox Array.reduceRight() vuln
git-svn-id: file:///home/svn/framework3/trunk@13909 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-13 03:16:15 +00:00
Wei Chen 90a426cec6 Add PcVue 10 LoadObject/SaveObject vuln (Feature #5647)
git-svn-id: file:///home/svn/framework3/trunk@13889 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-12 10:57:31 +00:00
Wei Chen 2b3a277124 Found an instance that causes the win 7 target to fail. This fix corrects it.
git-svn-id: file:///home/svn/framework3/trunk@13797 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-27 08:55:07 +00:00
Wei Chen ec6f290fbd Add Windows 7 target and all kinds of stuff.
git-svn-id: file:///home/svn/framework3/trunk@13775 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-22 17:40:35 +00:00
Wei Chen 5d4f68a6f2 Fix JS
git-svn-id: file:///home/svn/framework3/trunk@13767 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-21 03:13:45 +00:00
James Lee f4be092ac1 include the CVE with more details that definitely applies to this bug, in addition to the ambiguous one that may or may not
git-svn-id: file:///home/svn/framework3/trunk@13751 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-18 03:57:27 +00:00
Tod Beardsley 10c76f66ba Adding an extra print line to adobe_cooltype_sing that clearly displays the user-agent.
git-svn-id: file:///home/svn/framework3/trunk@13748 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-17 20:12:51 +00:00
Wei Chen 56025609f0 Add fix commit url to reference. Thx jduck!
git-svn-id: file:///home/svn/framework3/trunk@13745 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-17 06:48:33 +00:00
Wei Chen 2ebef435a0 Add CVE-2011-2950 Real Player heap overflow
git-svn-id: file:///home/svn/framework3/trunk@13738 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-16 19:22:29 +00:00
Wei Chen 7569cad178 Correct variable use in heap spray js function
git-svn-id: file:///home/svn/framework3/trunk@13735 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-15 22:37:13 +00:00
Wei Chen 70fa0e630b Add Windows 7 + IE 8 target. Also use a different approach to get code execution.
git-svn-id: file:///home/svn/framework3/trunk@13734 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-15 20:51:01 +00:00
Wei Chen 819e673b88 Mention about the RSA attack in the description, also add a reference for it
git-svn-id: file:///home/svn/framework3/trunk@13697 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-06 17:22:00 +00:00
David Rude 8a070b81a2 Add the noobfuscation arg to the heaplib call
git-svn-id: file:///home/svn/framework3/trunk@13675 4d416f70-5f16-0410-b530-b9f4589650da
2011-09-01 09:00:20 +00:00
Wei Chen 22dc0ed551 Fix disclosure date
git-svn-id: file:///home/svn/framework3/trunk@13670 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-31 00:15:46 +00:00
David Rude c5fe6ed503 Reset the target to allow for multiple client connections
git-svn-id: file:///home/svn/framework3/trunk@13669 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-30 22:29:14 +00:00
David Rude 70dffd6afb Adds Citrix Gateway ActiveX Stack Based Buffer Overflow module
git-svn-id: file:///home/svn/framework3/trunk@13666 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-30 22:22:32 +00:00
David Rude b331073851 cleaned up some column width issues, added on_new_session clean up code to remove files
git-svn-id: file:///home/svn/framework3/trunk@13599 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-20 17:47:03 +00:00
Wei Chen 6723c7fb3e Minor metadata format fix
git-svn-id: file:///home/svn/framework3/trunk@13593 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-20 00:11:22 +00:00
Wei Chen 8fbd81a0f0 Add HP Easy Printer xmlsimpleaccessor exploit
git-svn-id: file:///home/svn/framework3/trunk@13592 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-19 23:49:45 +00:00
Wei Chen fe53151324 fix tabs
git-svn-id: file:///home/svn/framework3/trunk@13590 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-19 16:58:50 +00:00
Wei Chen 056adf7063 Add Win 7 target
git-svn-id: file:///home/svn/framework3/trunk@13589 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-19 16:57:19 +00:00
Wei Chen 6c58dad979 ugh, why the extra spaces
git-svn-id: file:///home/svn/framework3/trunk@13566 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-15 15:34:49 +00:00
Wei Chen eaa5cf6b5d Use heaplib on IE 8, allow obfuscation as an option
git-svn-id: file:///home/svn/framework3/trunk@13565 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-15 15:32:17 +00:00
Wei Chen 55d60a1af2 Allow JavaScript obfuscation as an option
git-svn-id: file:///home/svn/framework3/trunk@13556 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-13 02:28:49 +00:00
Wei Chen c29a4d5ea3 Specify UUID offset for the custom .Net binary
git-svn-id: file:///home/svn/framework3/trunk@13555 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-13 02:15:05 +00:00
Wei Chen f8bf910fbb missing var
git-svn-id: file:///home/svn/framework3/trunk@13554 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-13 02:05:08 +00:00
Wei Chen 8bf7a9990b Improve javascript obfuscation, and allow it as an option
git-svn-id: file:///home/svn/framework3/trunk@13553 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-12 23:03:11 +00:00
Wei Chen 20f4280d9f Exploit is much more reliable than before, it gets a promotion
git-svn-id: file:///home/svn/framework3/trunk@13549 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-12 19:17:23 +00:00
Wei Chen bfc59e4c62 Add MS10-026 exploit
git-svn-id: file:///home/svn/framework3/trunk@13547 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-12 19:04:25 +00:00
Wei Chen 3b04e7bd9e Add routine to check target before exploiting it
git-svn-id: file:///home/svn/framework3/trunk@13535 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-11 23:05:45 +00:00
Wei Chen 0d9908435a Allow JavaScript obfuscation as an option
git-svn-id: file:///home/svn/framework3/trunk@13533 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-11 22:18:25 +00:00
Wei Chen 456aeeb90b Allow JavaScript obfuscation as an option
git-svn-id: file:///home/svn/framework3/trunk@13530 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-11 18:47:21 +00:00
Wei Chen 4ac431948a Allow JavaScript obfuscation as an option
git-svn-id: file:///home/svn/framework3/trunk@13524 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-11 15:50:43 +00:00
Wei Chen a1526e86b8 Use heaplib to spray, and use obfuscation as an option
git-svn-id: file:///home/svn/framework3/trunk@13523 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-11 15:25:14 +00:00
Steve Tornio a6a444930e add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@13522 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-11 11:17:30 +00:00
Wei Chen 6a89cf5859 Add TeeChart Professional ActiveX exploit
git-svn-id: file:///home/svn/framework3/trunk@13520 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-11 08:41:30 +00:00
Wei Chen 58198f37ba Fix reference link
git-svn-id: file:///home/svn/framework3/trunk@13513 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-10 18:58:20 +00:00
Wei Chen 8dc4228ee0 Fix very minor typo
git-svn-id: file:///home/svn/framework3/trunk@13508 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-10 17:05:49 +00:00
Wei Chen 3b1769d621 Add Mozilla Firefox 3.6.16 mChannel Use After Free exploit by Rh0
git-svn-id: file:///home/svn/framework3/trunk@13507 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-10 05:58:02 +00:00
Wei Chen 6bf90f884e Fix debug mode and some extra tabs in JS
git-svn-id: file:///home/svn/framework3/trunk@13325 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-24 00:22:29 +00:00
Wei Chen f47a2c7565 Format dictatorship round 2: Fix author e-mail format for all exploit modules
git-svn-id: file:///home/svn/framework3/trunk@13297 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-22 20:17:58 +00:00
Wei Chen 94aea207d3 Remove extra tabs and spaces
git-svn-id: file:///home/svn/framework3/trunk@13148 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-10 21:10:45 +00:00
Wei Chen 9892eb39eb Syntax fix
git-svn-id: file:///home/svn/framework3/trunk@13147 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-10 20:50:52 +00:00
Wei Chen 32a7eb0000 svn propset
git-svn-id: file:///home/svn/framework3/trunk@13146 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-10 19:19:00 +00:00
David Rude 7958516549 Adds Xeros Firefox nstreerange exploit
git-svn-id: file:///home/svn/framework3/trunk@13143 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-10 17:12:53 +00:00
Wei Chen 6448daf571 MS10-018, y u no InitialAutoRunScript
git-svn-id: file:///home/svn/framework3/trunk@13141 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-10 07:02:38 +00:00
Wei Chen 1058948419 Updated ROP, no more hardcoded ntdll addresses
git-svn-id: file:///home/svn/framework3/trunk@13106 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-06 07:22:24 +00:00
Wei Chen 1223275330 Change ranking for now until we have a better solution for SP3
git-svn-id: file:///home/svn/framework3/trunk@13009 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-23 01:04:29 +00:00
Wei Chen fdbc038bd0 Add BlackIce Cover Page ActiveX downloadimagefileurl exploit
git-svn-id: file:///home/svn/framework3/trunk@12992 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-21 02:51:39 +00:00
Steve Tornio 650762517f update CVE and OSVDB to match what the author said
git-svn-id: file:///home/svn/framework3/trunk@12964 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-17 17:35:57 +00:00
Steve Tornio 7c47b48f5b add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@12962 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-17 01:56:20 +00:00
Wei Chen 23cc89482b CVE correction, thanks Kurt.
git-svn-id: file:///home/svn/framework3/trunk@12961 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-17 00:56:11 +00:00
Wei Chen eae350b88b CVE-2011-1260 seems to be the right one
git-svn-id: file:///home/svn/framework3/trunk@12959 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-16 22:27:10 +00:00
Wei Chen 0a04835138 Added MS11-050 by d0c_s4vage
git-svn-id: file:///home/svn/framework3/trunk@12956 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-16 21:19:12 +00:00
David Rude b9e398c706 adds support for SSL
git-svn-id: file:///home/svn/framework3/trunk@12872 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-06 20:15:51 +00:00
David Rude 31a659e55a Fixed this up to use the new JS obfuscation hotness thanks to egyp7s rkelly fu!
git-svn-id: file:///home/svn/framework3/trunk@12871 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-06 19:49:33 +00:00
Steve Tornio 377a18030a add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@12869 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-06 19:06:18 +00:00
David Rude 3d7715ce60 Added Cisco AnyConnect VPN Client ActiveX download and execute exploit
git-svn-id: file:///home/svn/framework3/trunk@12868 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-06 18:52:26 +00:00
James Lee bee19278d7 add a new javascript obfuscation engine using rkelly for parsing. use it in browser_autopwn and ms10_018_ie_behaviors. see #1003
git-svn-id: file:///home/svn/framework3/trunk@12839 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-03 00:36:26 +00:00
James Lee 36983436db play a little nicer with browser autopwn by not spraying the heap if creating the vulnerable object failed
git-svn-id: file:///home/svn/framework3/trunk@12667 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-19 19:45:14 +00:00
James Lee 0b88468617 out with the new, in with the old. css_clip is pretty unreliable in my tests, go back to using ie_behaviors in browser autopwn
git-svn-id: file:///home/svn/framework3/trunk@12663 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-19 16:33:55 +00:00
Wei Chen f9c49ef9ce Comment update (this is still for the egghunter fix: bug #4552)
git-svn-id: file:///home/svn/framework3/trunk@12657 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-18 19:50:22 +00:00
Wei Chen 6345fec06c checksum support for egghunter disabled, because not enough room for it. See r4552.
git-svn-id: file:///home/svn/framework3/trunk@12656 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-18 19:48:06 +00:00
Wei Chen 40894c3726 Moving Iconics webhmi activeX exploit from browser to scada directory
git-svn-id: file:///home/svn/framework3/trunk@12584 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-11 20:45:54 +00:00
Steve Tornio b84df80983 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@12576 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-10 19:16:07 +00:00
Wei Chen 105b5799af Added ICONICS WebHMI ActiveX SetActiveXGuid bof
git-svn-id: file:///home/svn/framework3/trunk@12573 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-10 18:07:15 +00:00
Wei Chen 8d78a47e45 get_resource() added to 'src' parameter
git-svn-id: file:///home/svn/framework3/trunk@12543 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-05 22:10:30 +00:00
David Rude a8b6c43636 reverting the disclosure dates for now need to clean up the patch
git-svn-id: file:///home/svn/framework3/trunk@12540 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-04 20:43:19 +00:00
David Rude 3b7ea08f6a Fixes a ton of Disclosure Date discrepencies in various modules, thanks a ton to Michael Baker for spending the time to ensure accuracy
git-svn-id: file:///home/svn/framework3/trunk@12539 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-04 19:17:31 +00:00
Wei Chen c5d51cf810 Disclosure date change
git-svn-id: file:///home/svn/framework3/trunk@12391 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-21 15:45:07 +00:00
Mario Ceballos 31f2afc033 fix date
git-svn-id: file:///home/svn/framework3/trunk@12388 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-21 11:12:34 +00:00
Wei Chen cb491e35d2 Changed disclosure date
git-svn-id: file:///home/svn/framework3/trunk@12384 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-21 02:10:40 +00:00
Wei Chen 458d8cccb8 Modified heap spray routine. Added IE 8 target for XP SP3.
git-svn-id: file:///home/svn/framework3/trunk@12383 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-20 21:55:33 +00:00
Wei Chen c28e7259ac Added CVE-2011-0611 Adobe Flash 0day
git-svn-id: file:///home/svn/framework3/trunk@12330 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-16 02:09:33 +00:00
Wei Chen ffe6868d22 Updated vbs stager temp var
git-svn-id: file:///home/svn/framework3/trunk@12286 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-09 18:24:43 +00:00
Steve Tornio a8947662db old file hanging around
git-svn-id: file:///home/svn/framework3/trunk@12280 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-08 13:28:57 +00:00
Steve Tornio bb26593da7 add osvdb ref. rename file to correct typo
git-svn-id: file:///home/svn/framework3/trunk@12279 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-08 12:41:18 +00:00
Wei Chen 717fb83fc9 Added RealNetworks RealGames ActiveX exec arbitrary code execution
git-svn-id: file:///home/svn/framework3/trunk@12276 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-08 02:39:11 +00:00
Wei Chen b90d6fc16f Modified the heap spraying function. Each block size should be more consistent now.
git-svn-id: file:///home/svn/framework3/trunk@12264 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-07 07:27:38 +00:00
Joshua Drake 0882f18ec0 add fix commit diff and fix broken cve reference
git-svn-id: file:///home/svn/framework3/trunk@12166 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-28 03:04:54 +00:00
Joshua Drake 24fd896bfb add OSVDB reference back, conflict handling fail!
git-svn-id: file:///home/svn/framework3/trunk@12165 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-28 03:02:46 +00:00
Wei Chen 214751379f Updated: using get_resource() instead of datastore['URIPATH']
git-svn-id: file:///home/svn/framework3/trunk@12156 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-27 03:56:45 +00:00
Wei Chen 25ca59b56f Added Win Vista and debug target
git-svn-id: file:///home/svn/framework3/trunk@12153 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-26 23:22:51 +00:00
David Rude 349512f48d Updated exploit ranking and description to reflect the new ranking
git-svn-id: file:///home/svn/framework3/trunk@12151 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-26 19:33:38 +00:00
Steve Tornio 81fae13258 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@12147 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-26 12:05:48 +00:00
David Rude ff3659aa37 Lots of work to make this a lot more reliable =)
git-svn-id: file:///home/svn/framework3/trunk@12146 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-26 06:35:28 +00:00
Wei Chen eb7df0be8e Updated how the trigger file should be loaded... the proper way.
git-svn-id: file:///home/svn/framework3/trunk@12140 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-26 00:07:36 +00:00
Wei Chen 77ceadc6ad Updated description and how the trigger file loads
git-svn-id: file:///home/svn/framework3/trunk@12139 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-25 22:49:11 +00:00
Wei Chen 08f210ac52 Added CVE-2010-3275 (VLC AMV vulnerability)
git-svn-id: file:///home/svn/framework3/trunk@12137 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-25 21:03:12 +00:00
Steve Tornio 89ec6ab5da add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@12092 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 11:19:45 +00:00
David Rude 8233030184 opps removed mixin require as well
git-svn-id: file:///home/svn/framework3/trunk@12091 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 04:41:48 +00:00
David Rude f8534f06dd opps removed mixin reference =)
git-svn-id: file:///home/svn/framework3/trunk@12090 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 04:40:38 +00:00
David Rude d7266b6551 Add CVE-2011-0609 exploit for Adobe Flash
git-svn-id: file:///home/svn/framework3/trunk@12089 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-23 04:31:48 +00:00
Joshua Drake 586c1f9305 oops, broke the LIBPATH option
git-svn-id: file:///home/svn/framework3/trunk@12015 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-18 01:18:18 +00:00
Joshua Drake f4fe3f11b0 enable bind payloads, thx hdm :)
git-svn-id: file:///home/svn/framework3/trunk@12014 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-18 00:52:58 +00:00
Steve Tornio 4992deed21 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@12013 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-18 00:16:06 +00:00
Joshua Drake fb6107ffb5 enable java payloads, currently via one-off method
git-svn-id: file:///home/svn/framework3/trunk@12012 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-17 23:57:11 +00:00
David Rude 36b83cde6f Added exploit for CVE-2010-3747 RealPlayer CDDA URI Code Execution
git-svn-id: file:///home/svn/framework3/trunk@12009 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-17 15:42:28 +00:00
David Rude 382e63e16e fixed a typo in javascript
git-svn-id: file:///home/svn/framework3/trunk@12007 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-17 04:40:36 +00:00
Joshua Drake 4a1e59be8d oops =D
git-svn-id: file:///home/svn/framework3/trunk@11983 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-16 05:01:29 +00:00
Joshua Drake 4644110962 add exploit for cve-2010-4452, currently windows only and no payloads :(
git-svn-id: file:///home/svn/framework3/trunk@11982 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-16 04:50:25 +00:00
David Rude 695963dde7 Fixed references
git-svn-id: file:///home/svn/framework3/trunk@11888 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-07 02:28:15 +00:00
David Rude b51c9f8397 oops forgot a , =)
git-svn-id: file:///home/svn/framework3/trunk@11887 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-06 20:42:37 +00:00
David Rude 6dc0596870 Added Novell iPrint GetDriverSettings <= 5.52 exploit from mr_me thanks
git-svn-id: file:///home/svn/framework3/trunk@11886 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-06 20:27:06 +00:00
Joshua Drake 8ef05017b8 style compliance fixes, naughty naughty
git-svn-id: file:///home/svn/framework3/trunk@11796 4d416f70-5f16-0410-b530-b9f4589650da
2011-02-22 20:49:44 +00:00
Matt Weeks c322534907 Add exploit for CVE-2010-3765, firefox interleaved document.write and appendChild calls.
git-svn-id: file:///home/svn/framework3/trunk@11773 4d416f70-5f16-0410-b530-b9f4589650da
2011-02-18 02:23:10 +00:00
Joshua Drake 8c8b181ffb Update ms11_xxx modules to reflect bulletin release, minor style fixes
git-svn-id: file:///home/svn/framework3/trunk@11730 4d416f70-5f16-0410-b530-b9f4589650da
2011-02-08 23:31:44 +00:00
Joshua Drake e06d4d52fe convert VLC module to FileFormat, adjust spray
git-svn-id: file:///home/svn/framework3/trunk@11705 4d416f70-5f16-0410-b530-b9f4589650da
2011-02-03 18:16:40 +00:00
Joshua Drake 3ac076c20a add exploit for VLC media player WebM processing from Dan Rosenburg
git-svn-id: file:///home/svn/framework3/trunk@11692 4d416f70-5f16-0410-b530-b9f4589650da
2011-02-01 18:54:24 +00:00
Joshua Drake a62f1922b3 fix typos, lol?
git-svn-id: file:///home/svn/framework3/trunk@11662 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-28 23:56:35 +00:00
James Lee d7cda0f85a accept a client argument for get_uri()
git-svn-id: file:///home/svn/framework3/trunk@11623 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-22 00:16:57 +00:00
James Lee f3bda46333 doesn't work on IE8, fixes #3566, thanks Hauke Mehrtens for the patch
git-svn-id: file:///home/svn/framework3/trunk@11610 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-20 19:30:59 +00:00
Joshua Drake b6b9b83dd7 add CVE reference
git-svn-id: file:///home/svn/framework3/trunk@11579 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-14 16:25:37 +00:00
Joshua Drake 739604ea12 Fixes #3469, silly typo
git-svn-id: file:///home/svn/framework3/trunk@11520 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-08 05:58:55 +00:00
Joshua Drake d994f595fe remove unused vars
git-svn-id: file:///home/svn/framework3/trunk@11517 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-08 01:59:10 +00:00
Joshua Drake 287f4c87fe style compliance fixes
git-svn-id: file:///home/svn/framework3/trunk@11516 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-08 01:13:26 +00:00
Joshua Drake 19e8a6a5b1 switch AutoRunScript for InitialAutoRunScript, oops
git-svn-id: file:///home/svn/framework3/trunk@11513 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-08 00:25:44 +00:00
Jonathan Cran a206ed8418 clarifying wmi tools are not installed by default
git-svn-id: file:///home/svn/framework3/trunk@11481 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-06 05:27:37 +00:00
Joshua Drake bc7a8e3b47 fix silly merge conflict data in HTML
git-svn-id: file:///home/svn/framework3/trunk@11479 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-05 22:52:54 +00:00
Joshua Drake 08df4dac3b randomize import styles, patch from jjarmoc
git-svn-id: file:///home/svn/framework3/trunk@11443 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-29 16:49:20 +00:00
Joshua Drake b3bfb5834e change credit to passerby
git-svn-id: file:///home/svn/framework3/trunk@11427 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-28 17:10:19 +00:00
Joshua Drake 5f5d2992ce add reference to 0x557 slides (for .NET 2.0 rop)
git-svn-id: file:///home/svn/framework3/trunk@11405 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-23 01:36:54 +00:00
Joshua Drake cdfe03ce43 add MSFT advisory and CVE
git-svn-id: file:///home/svn/framework3/trunk@11404 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-23 01:30:43 +00:00
Steve Tornio 09b00739fb add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@11402 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-22 22:21:56 +00:00
Joshua Drake 0f24d1955c minor corrections, use .NET 2.0 ROP :)
git-svn-id: file:///home/svn/framework3/trunk@11398 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-22 18:26:18 +00:00
Joshua Drake 44c8a71dcf minor clean ups
git-svn-id: file:///home/svn/framework3/trunk@11397 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-22 18:23:16 +00:00
Mario Ceballos 1407d7f1d5 revert back. little more reliable.
git-svn-id: file:///home/svn/framework3/trunk@11396 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-22 17:40:13 +00:00
Mario Ceballos d89c60f2de add exploit module wmi_admintools.rb
git-svn-id: file:///home/svn/framework3/trunk@11395 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-22 14:35:36 +00:00
Joshua Drake c4c0cabccb switch to .NET 2.0 ROP, Merry Xmas!
git-svn-id: file:///home/svn/framework3/trunk@11390 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-21 19:24:19 +00:00
Joshua Drake 5d2f26b41b add exploit for unpatched IE css import bug
git-svn-id: file:///home/svn/framework3/trunk@11383 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-20 16:34:07 +00:00
Joshua Drake b8b0e1af97 fix typo
git-svn-id: file:///home/svn/framework3/trunk@11380 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-20 09:11:45 +00:00
James Lee f15e6e5e62 update autopwn, replace ms10-018 behaviors with ms10-090 css clip.
git-svn-id: file:///home/svn/framework3/trunk@11333 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-14 18:53:22 +00:00
Joshua Drake af56bebfa1 note ms10-090 bulletin
git-svn-id: file:///home/svn/framework3/trunk@11331 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-14 18:41:20 +00:00
Steve Tornio e6f640bc17 add cve and osvdb refs
git-svn-id: file:///home/svn/framework3/trunk@11189 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-01 03:18:05 +00:00
Mario Ceballos 14ea7a85bb svn keywords
git-svn-id: file:///home/svn/framework3/trunk@11188 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-01 02:03:25 +00:00
Mario Ceballos 5ed387aa38 added exploit module enjoysapgui_comp_download.rb
git-svn-id: file:///home/svn/framework3/trunk@11187 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-01 02:01:46 +00:00
Joshua Drake e9faf75503 fix some more titles with periods
git-svn-id: file:///home/svn/framework3/trunk@11127 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-24 19:35:38 +00:00
James Lee 52389d28f4 make windows the default target
git-svn-id: file:///home/svn/framework3/trunk@11102 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-22 20:54:25 +00:00
James Lee 7a3770f87b don't use java_basicservice_impl in browser autopwn because it doesn't work in an iframe against IE and causes popups in other browsers
git-svn-id: file:///home/svn/framework3/trunk@11101 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-22 20:44:16 +00:00
James Lee d608db778c we're not sending an applet, just a jar, clarify the output
git-svn-id: file:///home/svn/framework3/trunk@11084 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-21 19:58:04 +00:00
James Lee 6f7af42667 add an exploit for cve-2010-3563, thanks Matthias Kaiser
git-svn-id: file:///home/svn/framework3/trunk@11078 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-19 23:02:35 +00:00
Joshua Drake 3992eb7ef8 Mass RE-update: fix all framework URL references
git-svn-id: file:///home/svn/framework3/trunk@10998 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-11 22:43:22 +00:00
Joshua Drake 9fc6f2f3a3 Mass update: fix all framework URL references
git-svn-id: file:///home/svn/framework3/trunk@10996 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-11 22:25:13 +00:00
Joshua Drake eab0a40caa switch up IE6 target to work on older version
git-svn-id: file:///home/svn/framework3/trunk@10978 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-11 02:54:56 +00:00