wchen-r7
|
7113c801b1
|
Land #5732, reliability update for adobe_flash_hacking_team_uaf
|
2015-07-17 16:43:39 -05:00 |
jvazquez-r7
|
255d8ed096
|
Improve adobe_flash_opaque_background_uaf
|
2015-07-16 14:56:32 -05:00 |
|
jvazquez-r7
|
ab5c7a806e
|
Update flash exploiter
|
2015-07-15 18:32:45 -05:00 |
|
jvazquez-r7
|
bd5d372436
|
Add build comment
|
2015-07-15 18:30:05 -05:00 |
|
jvazquez-r7
|
138789b77c
|
Fix indentation
|
2015-07-15 18:29:28 -05:00 |
|
jvazquez-r7
|
b504f0be8e
|
Update adobe_flash_hacking_team_uaf
|
2015-07-15 18:18:04 -05:00 |
|
wchen-r7
|
d6565a9aee
|
Merge branch 'bes_flash' into bapv2_flash_test
|
2015-07-14 00:34:54 -05:00 |
|
jvazquez-r7
|
b72ba7f51c
|
Add AS2 flash detection code
|
2015-07-13 18:26:02 -05:00 |
|
jvazquez-r7
|
8fb6bedd94
|
Delete as3 detecotr
|
2015-07-13 18:23:39 -05:00 |
|
jvazquez-r7
|
9116460cb0
|
Add prototype with AS3
|
2015-07-13 16:33:55 -05:00 |
|
jvazquez-r7
|
299978d0e2
|
Put again old exploiter
|
2015-07-11 00:36:32 -05:00 |
|
jvazquez-r7
|
63005a3b92
|
Add module for flash CVE-2015-5122
* Just a fast port for the exploit leaked
* Just tested on win7sp1 / IE11
|
2015-07-11 00:28:55 -05:00 |
Tod Beardsley
|
3d630de353
|
Replace with a real CVE number
|
2015-07-07 14:44:12 -05:00 |
|
jvazquez-r7
|
d9aacf2d41
|
Add module for hacking team flash exploit
|
2015-07-07 11:19:48 -05:00 |
|
jvazquez-r7
|
1de94a6865
|
Add module for CVE-2015-3113
|
2015-07-01 13:13:57 -05:00 |
|
jvazquez-r7
|
e49c36998c
|
Fix indentation
|
2015-06-25 14:12:23 -05:00 |
|
jvazquez-r7
|
a87d4e5764
|
Add flash_exploiter template
|
2015-06-25 13:52:57 -05:00 |
|
jvazquez-r7
|
ee0377ca16
|
Add module for CVE-2015-3105
|
2015-06-25 13:35:01 -05:00 |
Spencer McIntyre
|
2206a6af73
|
Support older targets x86 for MS15-051
|
2015-06-25 09:33:15 +10:00 |
OJ
|
3686accadd
|
Merge branch 'upstream/master' into cve-2015-1701
|
2015-06-22 07:52:17 +10:00 |
|
OJ
|
b78ba55c25
|
Merge minor CVE-2015-1701 from zeroSteiner
|
2015-06-22 07:50:26 +10:00 |
|
Spencer McIntyre
|
d73a3a4a5f
|
Dont call ExitProcess because it might kill the shell
|
2015-06-21 16:16:33 -04:00 |
|
jvazquez-r7
|
27a583853c
|
Fix one more line indentation
|
2015-06-18 12:40:30 -05:00 |
|
jvazquez-r7
|
55f077fa9e
|
Fix indentation
|
2015-06-18 12:38:36 -05:00 |
|
jvazquez-r7
|
de1542e589
|
Add module for CVE-2015-3090
|
2015-06-18 12:36:14 -05:00 |
|
wchen-r7
|
17b8ddc68a
|
Land #5524, adobe_flash_pixel_bender_bof in flash renderer
|
2015-06-15 02:42:16 -05:00 |
|
jvazquez-r7
|
72672fc8f7
|
Delete debug
|
2015-06-11 17:39:36 -05:00 |
|
jvazquez-r7
|
8ed13b1d1b
|
Add linux support for CVE-2014-0515
|
2015-06-11 16:18:50 -05:00 |
|
wchen-r7
|
ae21b0c260
|
Land #5523, adobe_flash_domain_memory_uaf in the flash renderer
|
2015-06-10 16:59:19 -05:00 |
|
wchen-r7
|
4c5b1fbcef
|
Land #5522, adobe_flash_worker_byte_array_uaf in the flash renderer
|
2015-06-10 14:49:41 -05:00 |
|
jvazquez-r7
|
af31112646
|
Fix exploit indentation
|
2015-06-10 14:19:36 -05:00 |
|
jvazquez-r7
|
64562565fb
|
Fix method indentation
|
2015-06-10 14:16:47 -05:00 |
|
jvazquez-r7
|
2bb3a5059c
|
Fix else indentation
|
2015-06-10 14:15:58 -05:00 |
|
jvazquez-r7
|
1d05ce1cdc
|
Fix for indentation
|
2015-06-10 14:14:29 -05:00 |
|
jvazquez-r7
|
7202e27918
|
Fix indentation
|
2015-06-10 14:12:26 -05:00 |
|
jvazquez-r7
|
ab132290d7
|
Add Exploiter AS
|
2015-06-10 13:53:45 -05:00 |
|
jvazquez-r7
|
6c7ee10520
|
Update to use the new flash Exploiter
|
2015-06-10 13:52:43 -05:00 |
|
jvazquez-r7
|
0d2454de93
|
Fix indentation
|
2015-06-10 12:27:52 -05:00 |
|
jvazquez-r7
|
7fba64ed14
|
Allow more search space
|
2015-06-10 12:26:53 -05:00 |
|
jvazquez-r7
|
ecbddc6ef8
|
Play with memory al little bit better
|
2015-06-10 11:54:57 -05:00 |
|
wchen-r7
|
d622c782ef
|
Land #5519, adobe_flash_uncompress_zlib_uninitialized in the flash renderer
|
2015-06-10 11:52:47 -05:00 |
|
wchen-r7
|
667db8bc30
|
Land #5517, adobe_flash_casi32_int_overflow (exec from the flash renderer)
|
2015-06-10 11:39:13 -05:00 |
|
jvazquez-r7
|
2b4fe96cfd
|
Tweak Heap Spray
|
2015-06-10 10:56:24 -05:00 |
|
jvazquez-r7
|
a6fe383852
|
Use AS Exploiter
|
2015-06-10 09:32:52 -05:00 |
|
jvazquez-r7
|
64b486eeac
|
Change filename
|
2015-06-10 09:12:52 -05:00 |
|
jvazquez-r7
|
d95a0f432d
|
Update AS codE
|
2015-06-10 09:12:25 -05:00 |
|
jvazquez-r7
|
e5d6c9a3cb
|
Make last code cleanup
|
2015-06-09 16:01:57 -05:00 |
|
jvazquez-r7
|
d9db45690f
|
Delete debug messages
|
2015-06-09 15:47:59 -05:00 |
|
jvazquez-r7
|
cf8c6b510b
|
Debug version working
|
2015-06-09 15:46:21 -05:00 |
|
jvazquez-r7
|
f4649cb3fb
|
Delete old AS
|
2015-06-09 14:50:59 -05:00 |
|
jvazquez-r7
|
4f1ee3fcdf
|
Really fix indentation
|
2015-06-09 12:42:32 -05:00 |
|
jvazquez-r7
|
5bab1cfc68
|
Fix indentation
|
2015-06-09 12:38:24 -05:00 |
|
jvazquez-r7
|
39851d277d
|
Unset debug flag
|
2015-06-09 11:36:09 -05:00 |
|
jvazquez-r7
|
b7f0fad72f
|
Modify CVE-2014-0569 to use the flash exploitation code
|
2015-06-09 11:31:39 -05:00 |
|
wchen-r7
|
5a6a16c4ec
|
Resolve #4326, remove msfpayload & msfencode. Use msfvenom instead!
msfpayload and msfencode are no longer in metasploit. Please use
msfvenom instead.
Resolves #4326
|
2015-06-08 11:30:04 -05:00 |
|
OJ
|
b291d41b76
|
Quick hack to remove hard-coded offsets
|
2015-06-05 13:19:41 +10:00 |
|
jvazquez-r7
|
51d98e1008
|
Update AS code
|
2015-06-04 18:34:08 -05:00 |
|
jvazquez-r7
|
02181addc5
|
Update CVE-2014-0556
|
2015-06-04 18:23:50 -05:00 |
|
wchen-r7
|
23df66bf3a
|
Land #5481, no powershell. exec shellcode from the renderer process.
|
2015-06-04 15:45:09 -05:00 |
|
jvazquez-r7
|
75454f05c4
|
Update AS source code
|
2015-06-04 12:12:49 -05:00 |
|
jvazquez-r7
|
80cb70cacf
|
Add support for Windows 8.1/Firefox
|
2015-06-03 22:46:04 -05:00 |
|
jvazquez-r7
|
74117a7a52
|
Allow to execute payload from the flash renderer
|
2015-06-03 16:33:41 -05:00 |
|
OJ
|
455a3b6b9d
|
Add butchered version of CVE-2015-1701
|
2015-06-03 21:48:23 +10:00 |
|
jvazquez-r7
|
e9714bfc82
|
Solve conflics
|
2015-05-27 23:22:00 -05:00 |
|
wchen-r7
|
e749733eb6
|
Land #5419, Fix Base64 decoding on ActionScript
|
2015-05-27 23:13:51 -05:00 |
|
jvazquez-r7
|
e5d42850c1
|
Add support for Linux to CVE-2015-0336
|
2015-05-27 17:05:10 -05:00 |
|
jvazquez-r7
|
801deeaddf
|
Fix CVE-2015-0336
|
2015-05-27 15:42:06 -05:00 |
|
jvazquez-r7
|
bd1bdf22b5
|
Fix CVE-2015-0359
|
2015-05-26 17:27:20 -05:00 |
|
jvazquez-r7
|
19c7445d9d
|
Fix CVE-2015-0336
|
2015-05-26 17:20:49 -05:00 |
|
jvazquez-r7
|
23d244b1fa
|
Fix CVE-2015-0313
|
2015-05-26 16:11:44 -05:00 |
|
jvazquez-r7
|
5c8c5aef37
|
Fix CVE-2014-8440
|
2015-05-26 16:05:08 -05:00 |
|
jvazquez-r7
|
da362914e2
|
Fix indentation
|
2015-05-26 15:50:31 -05:00 |
|
jvazquez-r7
|
d78d04e070
|
Fix CVE-2014-0569
|
2015-05-26 15:49:22 -05:00 |
|
jvazquez-r7
|
e0a1fa4ef6
|
Fix indentation
|
2015-05-26 15:38:56 -05:00 |
|
jvazquez-r7
|
1742876757
|
Fix CVE-2014-0556
|
2015-05-26 15:30:39 -05:00 |
|
jvazquez-r7
|
a1538fc3ba
|
Update AS code
|
2015-05-26 15:18:01 -05:00 |
|
jvazquez-r7
|
f35d7a85d3
|
Adjust numbers
|
2015-05-21 15:56:11 -05:00 |
|
jvazquez-r7
|
a8e9b0fb54
|
Update ActionScript
|
2015-05-21 14:58:38 -05:00 |
|
jvazquez-r7
|
51bb4b5a9b
|
Add module for CVE-2015-0359
|
2015-05-07 17:00:00 -05:00 |
|
jvazquez-r7
|
582919acac
|
Add module for CVE-2015-0336
|
2015-05-05 17:25:19 -05:00 |
|
jvazquez-r7
|
b07a864416
|
Fix as indentation
|
2015-04-29 19:01:11 -05:00 |
|
jvazquez-r7
|
dbba466b5b
|
Add module for CVE-2014-8440
|
2015-04-29 17:52:04 -05:00 |
|
jvazquez-r7
|
28fac60c81
|
Add module for CVE-2015-0556
|
2015-04-15 14:08:16 -05:00 |
|
jvazquez-r7
|
91f5d0af5a
|
Add module for CVE-2014-0569
* Adobe flash, Integer overflow on casi32
|
2015-04-09 19:37:26 -05:00 |
|
jvazquez-r7
|
11c6f3fdca
|
Do reliable resolution of kernel32
|
2015-03-29 15:52:13 -05:00 |
|
jvazquez-r7
|
f84a46df63
|
Add module for CVE-2015-0313
|
2015-03-27 18:51:13 -05:00 |
rwhitcroft
|
dab4333867
|
updated asm in block
|
2015-03-18 16:07:46 -04:00 |
|
jvazquez-r7
|
bb81107e51
|
Land #4927, @wchen-r7's exploit for Flash PCRE CVE-2015-0318
|
2015-03-13 23:58:05 -05:00 |
|
sinn3r
|
2a25e2b2e1
|
Update Main.as
|
2015-03-13 11:40:16 -05:00 |
|
sinn3r
|
0ee0a0da1c
|
This seems to work
|
2015-03-13 04:43:06 -05:00 |
|
sinn3r
|
0c3329f69e
|
Back on track
|
2015-03-12 15:26:55 -05:00 |
HD Moore
|
b604599c8e
|
Fix comments
|
2015-03-11 21:32:35 -05:00 |
|
HD Moore
|
479a9cc1a9
|
Fix missing stack variables & remove old comment
|
2015-03-11 21:23:27 -05:00 |
|
HD Moore
|
7e3b4017f0
|
Rename and resynced with master, ready for refactoring
|
2015-03-11 14:36:27 -05:00 |
|
HD Moore
|
ea1bc69e2e
|
Merge branch 'master' into feature/add-reverse_winhttp-stagers
|
2015-03-11 14:29:34 -05:00 |
|
sinn3r
|
43b90610b1
|
Temp
|
2015-03-11 13:53:34 -05:00 |
|
sinn3r
|
2a9d6e64e2
|
Starting point for CVE-2015-0318
|
2015-03-11 09:58:41 -05:00 |
Borja Merino
|
991e72a4fa
|
HTTP stager based on WinHttp
|
2015-03-10 13:40:16 -05:00 |
|
jvazquez-r7
|
14c3848493
|
Delete useless comment
|
2015-03-09 16:59:10 -05:00 |
|
jvazquez-r7
|
cb72b26874
|
Add module for CVE-2014-0311
|
2015-03-09 16:52:23 -05:00 |