bfdefdb338
Land #3023 , @m-1-k-3's module for Linksys WRT120N bof reset password
2014-02-26 09:36:14 -06:00
6ba26bf743
Use normalize_uri
2014-02-26 09:35:42 -06:00
582372ec3e
Do minor cleanup
2014-02-26 09:32:11 -06:00
0531abb691
Land #3026 , @ribeirux DoS module for CVE-2014-0050
2014-02-26 08:53:55 -06:00
449d0d63d1
Do small clean up
2014-02-26 08:52:51 -06:00
b79197b8ab
feedback included, cleanup, login check
2014-02-26 13:44:36 +01:00
b81642d8ad
Update total_video_player_131_ini_bof
2014-02-26 11:37:04 +01:00
a7cacec0c3
Add module for EDB 29799
2014-02-25 23:07:28 +01:00
96ffb1db47
Delete extra comma
2014-02-25 15:29:46 -06:00
cb18639b66
Add small fixes and clean up
2014-02-25 15:25:01 -06:00
1d4b2ea60d
Add module for ZDI-14-015
2014-02-25 15:07:09 -06:00
63bbe7bef2
Land #3034 , 302 redirect for http_basic
2014-02-25 13:54:58 -06:00
4cc91095de
Fix minor formatting issues
2014-02-25 13:48:37 -06:00
a45c8c2b4a
Land #3029 , @xistence Symantec endpoint exploit
2014-02-25 07:59:35 -06:00
bfe0fdb776
Move module
2014-02-25 07:58:00 -06:00
ab167baf56
Added randomness instead of payload and xxe keywords
2014-02-25 15:23:10 +07:00
4908d80d6c
Clean up module
2014-02-24 16:00:54 -06:00
6783e31c67
Used the builtin send_redirect method in Msf::Exploit::Remote::HttpServer instead of creating a redirect inline
2014-02-24 15:59:49 -06:00
ead7cbc692
Author and URI fixed
2014-02-24 22:20:34 +01:00
f1e71b709c
Added 301 Redirect option to Basic Auth module
2014-02-24 14:59:20 -06:00
6f398f374e
Land #3032 , inside_workspace_boundary? typo fix
2014-02-24 14:55:09 -06:00
d2945b55c1
Fix typo
...
inside_workspace_boundary() -> inside_workspace_boundary?()
2014-02-24 14:46:08 -06:00
a50b4e88be
Fix msftidy warning: Suspect capitalization in module title: 'encoder'
2014-02-24 11:25:46 -06:00
c981bbeab9
Land #3011 , @wchen-r7's fix for Dexter exploit
2014-02-24 10:53:10 -06:00
b2d4048f50
Land #3027 , @OJ's fix for ultraminihttp_bof
2014-02-24 10:50:08 -06:00
c9f0885c54
Apply @jlee-r7's feedback
2014-02-24 10:49:13 -06:00
5cdd9a2ff3
Land #2995 - sqlmap minor cleanup, description & file tests
2014-02-24 10:39:01 -06:00
a29c6cd2b4
Add SolidWorks Workgroup PDM 2014 pdmwService.exe Arbitrary File Write
2014-02-25 02:57:25 +10:30
5485759353
Added Symantec Endpoint Protection Manager RCE
2014-02-24 15:04:37 +07:00
8e3f70851d
Added Symantec Endpoint Protection Manager RCE
2014-02-24 15:01:13 +07:00
fdd0d91817
Updated the Ultra Minit HTTP bof exploit
...
After exploiting this application manually I decided to make this
an MSF exploit, only to find that other people had beaten me to it.
However, the existing exploit was broken in a few ways, and this
commit makes those problems go away. They include:
* Correct use of alpha chars in the buffer leading up to the payload
which results in bad chars being avoided. Bad chars muck with the
offsets because they get expanded.
* Adjustment of the payload so that it runs in another thread instead
of in the thread of the request handler. This prevents the session
from being killed after the hard-coded 60-second timeout that is
baked into the application.
* The handler thread terminates itself so that the process doesn't
crash.
* Extra targets were added based on the machines I had access to.
2014-02-23 21:23:41 +10:00
6127ff92ce
Fix race condition
...
Wait for Sysprep to ExitProcess before cleaning up the DLLs...
2014-03-03 23:41:25 +00:00
d396be963a
Use new cmd_exec_get_pid
2014-02-28 20:53:13 +00:00
2a6258be15
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
...
Conflicts:
external/source/exploits/make.bat
2014-02-28 20:26:24 +00:00
e0fa1d532c
Dont think this works on vista/8
2014-02-26 23:14:17 +00:00
5a7730b495
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
2014-02-25 23:15:47 +00:00
8bdb22aeb9
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
...
Conflicts:
lib/msf/core/post/windows.rb
2014-02-25 22:15:05 +00:00
1f08ad48a4
Fix payload_path method
2014-02-25 22:11:23 +00:00
6687ef80ee
Further bypassuac tidies
...
Dont rescue Exception
Use ReflectiveDLLInjection post mixin
Dont keep retrieving %TEMP% path
2014-02-25 22:03:01 +00:00
23381ea2cb
code tidying
...
break big exploit method up into
smaller methods for better maintainability
2014-02-25 14:07:48 -06:00
8f7f1d0497
Add module for CVE-2014-0050
2014-02-22 14:56:59 +01:00
ec8e1e3d6f
small fixes
2014-02-21 21:59:45 +01:00
1384150b7a
make msftidy happy
2014-02-21 21:56:46 +01:00
c77fc034da
linksys wrt120 admin reset exploit
2014-02-21 21:53:56 +01:00
998fa06912
Land #2998 , @bit4bit's fix for the vtigercrm exploit
2014-02-20 08:36:05 -06:00
0b27cd13e8
Make module work
2014-02-20 08:35:37 -06:00
e75a0ea948
Fix typo
2014-02-19 15:21:02 -06:00
aa07065f67
Land #2959 , reverse powershell payload by @Meatballs1
2014-02-19 15:14:54 -06:00
9fad43da08
Add license information
2014-02-19 15:11:12 -06:00
ed2ac95396
Always replace \ with / for Dexter exploit
...
Fix for the following:
48199fec27 (commitcomment-5419010)
2014-02-19 09:24:07 -06:00
2e7a56b4a7
Land #3001 - SUB Encoder
2014-02-19 01:54:01 -06:00
4ca4d82d89
Land #2939 , @Meatballs1 exploit for Wikimedia RCE and a lot more...
2014-02-18 17:48:02 -06:00
0480ad16aa
No common
2014-02-18 23:09:35 +00:00
e7c3b94e60
Land #3006 , @todb-r7's pre-release fixes
2014-02-18 14:15:12 -06:00
721e153c7f
Land #3005 to the fixup-release branch
...
Prefer the intel on #3005 over my own made up 0day guess. Thanks @wvu!
Conflicts:
modules/exploits/windows/fileformat/audiotran_pls_1424.rb
2014-02-18 14:08:54 -06:00
a863d0a526
Pre-release fixes, including msftidy errors.
2014-02-18 14:02:37 -06:00
28dc742bcf
Fix references and disclosure date
2014-02-18 13:59:58 -06:00
4f9ab0b99f
Land #2903 , @Meatballs1 SPN gather post module
2014-02-18 13:53:32 -06:00
4903b05214
Fix tabs
2014-02-18 13:51:40 -06:00
c216357815
Land #3000 , audiotran_pls_1424 SEH exploit
2014-02-18 13:27:14 -06:00
8a68323cf0
Dont keep checking domain
2014-02-18 17:52:34 +00:00
1bc94b8a9d
Merge for retab
2014-02-17 19:19:47 -06:00
e290529841
Sadly this url is dead
2014-02-17 22:07:19 +00:00
6c32848b10
Use correct post methods
2014-02-17 22:03:07 +00:00
83d9a1e7c2
Xp Compat?
2014-02-17 21:28:06 +00:00
5e52e48d16
Gather cached GPO
2014-02-17 20:45:56 +00:00
98958bc7bc
Making audiotran_pls_1424 more readable and adding comments
2014-02-17 13:40:03 -05:00
52ac85be11
Land #2931 - Oracle Forms and Reports RCE
2014-02-17 08:54:23 -06:00
110ffbf342
Indent looks off for this line
2014-02-17 08:53:29 -06:00
632ea05688
100 columns
2014-02-17 08:52:56 -06:00
8da7ba131b
In case people actually don't know what RCE means
2014-02-17 08:51:48 -06:00
73459baefd
Add OSVDB references
2014-02-17 08:50:34 -06:00
fb7b938f8e
check func fixed
2014-02-17 15:11:56 +01:00
b2d09ed0d1
Add the NULL byte to the list of valid chars
...
While rare, I guess it is a possibility that the NULL byte can be
used.
2014-02-17 16:40:56 +10:00
c60ea58257
added audiotran_pls_1424 fileformat for Windows
2014-02-16 16:20:50 -05:00
e27d98368e
fixed local server issues
2014-02-16 18:26:08 +01:00
e40b9e5f37
updated and improved
2014-02-16 16:24:39 +01:00
e134ec4691
Remove '*' from valid file system chars
2014-02-16 23:57:54 +10:00
a808053c37
Add first pass of optimised sub encoder
...
Full details of the encoder are in the detailed description in the
source itself. But this is effectively an "optimised" SUB encoder
which is similar to the add_sub encoder except it doesn't bother to
use the ADD instructions at all, and it doesn't zero out EAX for
each 4-byte block unless absolutely necessary. This results in
payloads being MUCH smaller (in some cases 30% or more is saved).
2014-02-16 20:12:14 +10:00
74344d6c7e
vtigerolservice.php to vtigerservice.php
...
using direct soap/vtigerolservice.php not work..php need require('config.php');
2014-02-15 20:36:36 -05:00
f6be574453
Slightly better file checks on sqlmap.py
2014-02-15 09:58:03 -06:00
dacbf55fc1
Minor cleanup of title and desc on sqlmap
2014-02-15 09:55:06 -06:00
b7d69c168c
bugfix and user supplied local path support
2014-02-15 16:24:59 +01:00
9daffbd484
Land #2973 - Dexter panel (CasinoLoader) SQLi to file upload code exec
2014-02-14 17:16:27 -06:00
48199fec27
Change URL identifier, and make the user choose a target
2014-02-14 17:15:00 -06:00
c39924188a
Clean up
2014-02-14 20:52:04 +00:00
0e7074c139
Modififed output for smb_enumshares module
2014-02-14 13:39:13 -06:00
6dc9840064
Modified output for smb_enumshares
2014-02-14 13:12:52 -06:00
b2ea257204
Include Linux::System post mixin
2014-02-14 08:32:21 -06:00
ad72ecaf84
Handle SPN array
2014-02-14 09:48:23 +00:00
4b828e5d45
Dont parse empty SPNs
2014-02-14 09:41:37 +00:00
2c12952112
Moar corrections
2014-02-14 09:37:00 +00:00
9dd56d32de
Corrections
2014-02-14 09:32:53 +00:00
7ef68184e1
Handle SPNs differently
2014-02-13 23:24:55 +00:00
95048b089e
Dont search for made up fields
2014-02-13 22:51:55 +00:00
745f313413
Remove @nmonkee as author per twitter convo
2014-02-13 14:41:10 -06:00
371f23b265
Unbreak the URL refs add nmonkee as ref and author
...
While @nmonkee didn't actually contribute to #2942 , he did publish a
python exploit that leverages WebView, so given our policy of being
loose with author credit, I added him.
Also added a ref to @nmonkee's thing.
@jduck @jvennix-r7 if you have a problem with this, please do say so, I
don't think adding @nmonkee in any way diminishes your work, and I don't
want to appear like we're secretly ripping off people's work. I know you
aren't on this or any other module, and I know @nmonkee doesn't think
that either.
2014-02-13 14:19:59 -06:00
61563fb2af
Do minor cleanup
2014-02-13 09:10:04 -06:00
67367092b7
Solve conflicts
2014-02-13 08:42:53 -06:00
a4035252d6
Land #1910 , DISCLAIMER for firefox_creds
...
Fixed conflict in Author.
2014-02-12 16:32:08 -06:00
jvazquez-r7
Michael Messner
Fr330wn4g3
William Vu
xistence
kn0
ribeirux
James Lee
sinn3r
bcoles
OJ
Meatballs
David Maloney
Tod Beardsley
Philip OKeefe
Mekanismen
Jovany Leandro G.C
Royce Davis
Meatballs1