a043d384d4
Land #2738 , @jiuweigui update to enum_prefetch
2013-12-20 10:26:54 -06:00
929f3ea35c
Turn Auxiliary module into Exploit module
2013-12-20 16:45:38 +01:00
eba164d2e3
Clean chargen_probe
2013-12-20 09:10:15 -06:00
15f6a62f90
Msf::Exploit::Remote::HttpClient already provides 'peer'
2013-12-20 15:10:10 +01:00
0718c27f47
Use 'unless' instead of 'if not'
2013-12-20 15:09:32 +01:00
fe66d2437b
Add module for CVE-2013-6955
...
Auxiliary module for Synology DiskStation Manager (DMS) SLICEUPLOAD
vulnerability, which allows unauthenticated remote command execution
under root privileges.
2013-12-20 11:50:02 +01:00
fb6cd9c149
add osvdb+url refs and module tidy up
2013-12-20 20:27:07 +10:30
2510580c19
Land #2784 - Remove EOL whitespace from OS X hashdump
2013-12-20 03:54:37 -06:00
0db062a1ce
Merge branch 'meatballs-vncdll-submodule'
2013-12-20 18:29:27 +10:00
34cdec5155
Update project VS 2013, clean CLI build
...
* Project system updated to VS 2013.
* Clean builds, had to remove a bunch of warnings.
* `make.bat` for building from the command line.
* Removed RDI stuff that shouldn't be there any more.
* Renamed the x86 DLL to include the platform name.
2013-12-20 09:49:15 +10:00
4816abe63b
Add module for ZDI-13-263
2013-12-19 17:48:52 -06:00
a199dc39af
used the recvfrom timeout
2013-12-19 20:56:11 +01:00
8e27e87c81
Use the right disclosure date.
2013-12-19 12:58:52 -06:00
955dfe5d29
msftidy it up.
2013-12-19 12:53:58 -06:00
b50bbc2f84
Update module to use sinn3r's beautiful browserexploitserver.
2013-12-19 12:49:24 -06:00
9434d60021
Remove EOL whitespace from OS X hashdump
2013-12-19 10:39:49 -06:00
fc2da15c87
Add OpenSIS 'modname' PHP Code Execution module for CVE-2013-1349
2013-12-19 19:10:48 +10:30
eb08a30293
Update description with new version support.
2013-12-19 02:08:55 -06:00
5ee6c77901
Add a patch for 15.x support.
...
* Also add authors i forgot, oops
2013-12-19 02:05:45 -06:00
2add2acc8f
Use a smaller key size, harder to spot.
2013-12-18 21:02:23 -06:00
8d183d8afc
Update versions, 4.0.1 does not work on windows.
2013-12-18 20:57:47 -06:00
cb390bee7d
Move comment.
2013-12-18 20:37:33 -06:00
23b5254ea1
Fix include reference.
2013-12-18 20:35:43 -06:00
5255f8da12
Clean up code. Test version support.
...
* Using #get in Object#defineProperty call makes the payload execute immediately
on all supported browsers I tested.
* Moved Ranking to Excellent since it is now 100% reliable.
2013-12-18 20:30:08 -06:00
d41f05e0b6
Land #2776 - Avoid having the same port twice
2013-12-18 18:09:43 -06:00
198667b650
Land #2774 , @Mekanismen's module for CVE-2013-7091
2013-12-18 16:23:44 -06:00
aec2e0c92c
Change ranking
2013-12-18 16:23:14 -06:00
f21d666631
Land #2744 , @rcvalle module for CVE-2013-2050
2013-12-18 16:19:25 -06:00
0eac17083a
Clean cfme_manageiq_evm_pass_reset
2013-12-18 16:16:32 -06:00
d4ec858051
Clean zimbra_lfi
2013-12-18 15:46:37 -06:00
8dfa2e6963
Land #2734 - OSX Gather Autologin Password as Root
2013-12-18 15:37:45 -06:00
5011c4d928
The "unless" Ruby nazi is in town
2013-12-18 15:28:31 -06:00
5ec3d5f3f6
Raise specific exceptions
2013-12-18 15:27:49 -06:00
4bddd077ec
Land #2762 - Use new ntdll railgun functions
2013-12-18 15:18:47 -06:00
4028dcede7
Add an input check for datastore option PORTS
...
If Rex::Socket.portspec_crack returns an empty array, we assume
there are no valid ports to test, so we raise an OptionValidateError
to warn the user about it.
2013-12-18 14:55:51 -06:00
64273fe41d
Move addon datastore options into mixin.
2013-12-18 14:42:01 -06:00
ca2de73879
It helps to actually commit the exploit.
2013-12-18 14:31:42 -06:00
1235615f5f
Add firefox 15 chrome privilege exploit.
...
* Moves the logic for generating a firefox addon into its own mixin
* Updates the firefox_xpi_bootstrapped_addon module to use the mixin
* Module only works if you move your mouse 1px in any direction.
2013-12-18 14:30:35 -06:00
c4b8178663
Correct camelCase of YouTube
2013-12-18 14:06:45 -06:00
0c0e8c3a49
various updates
2013-12-18 20:54:35 +01:00
b9a9b90088
Update module to use added bcrypt gem
2013-12-18 16:15:35 -02:00
e20569181b
Remove EzCrypto-related code as per review
2013-12-18 16:15:22 -02:00
ab69454f89
Land #2745 , @rcvalle's exploit for CVE-2013-2068
2013-12-18 12:06:27 -06:00
ec64382efc
Fix cfme_manageiq_evm_upload_exec according to chat with @rcvalle
2013-12-18 11:53:30 -06:00
ef081cec49
Add missing disclosure date as per review
2013-12-18 15:47:23 -02:00
a28ea18798
Clean pull request
2013-12-18 11:32:34 -06:00
a4811bd0c3
Land #2760
2013-12-18 17:17:10 +10:00
5e4c395f86
Fix small spacing issue
2013-12-18 17:14:47 +10:00
10e16673a7
There must be read_file
2013-12-17 16:42:49 -06:00
21feae0bbc
Make sure the file path is readable when it's ~/
2013-12-17 16:38:58 -06:00
345e1711b1
Land #2775 , @wchen-r7's post module to Safari get LastSession.plist
2013-12-17 15:57:50 -06:00
7ec96876d9
Delete unnecessary includes
2013-12-17 15:57:09 -06:00
374ef71c12
Favor read_file instead
2013-12-17 15:34:52 -06:00
80eea97ccd
ChrisJohnRiley fix for sap_service_discovery
2013-12-17 13:31:56 -06:00
ea6ba2b159
Add post module to get LastSession.plist
...
LastSession.plist sometimes contains sensitive information such as
usernames and passwords. It'd be nice to keep this in loot.
2013-12-17 13:07:30 -06:00
2de15bdc8b
added module for Zimbra Collaboration Server CVE-2013-7091
2013-12-17 19:32:04 +01:00
252909a609
Land #2448 , @OJ's ReverseListenerBindPort :)
2013-12-17 11:24:09 -06:00
ad2ec497c2
Land #2773 - Fix ms_ndproxy to work under a sandboxed Reader
2013-12-16 20:32:27 -06:00
52cb43e6a8
Fix typo
2013-12-16 20:28:49 -06:00
2eee34babf
added timeout options and rescue timeout
2013-12-16 20:00:13 -06:00
fe34d0e36e
fixed syntax
2013-12-16 19:26:40 -06:00
7b8de95f6b
fixed database overwriting issues
2013-12-16 19:16:12 -06:00
07f686bb1a
added ResolverArgumentError rescue statement
2013-12-16 18:46:14 -06:00
84759a552a
Save one variable
2013-12-16 16:49:44 -06:00
042bd4f80b
Fix ms_ndproxy to work under a sandboxed Reader
2013-12-16 16:19:17 -06:00
24bc10905e
Added Spaces and removed Interrupt
2013-12-16 22:12:35 +00:00
f88a3a55b6
More slight updates.
2013-12-16 15:05:39 -06:00
afcee93309
Land #2771 - Fix description
2013-12-16 15:01:32 -06:00
04b7e8b174
Fix module title and add vendor patch information
2013-12-16 14:59:00 -06:00
040619c373
Minor description changes
...
No code changes (one comment made on play_youtube to suggest xdg-open
rather than firefox for linux targets).
2013-12-16 14:57:33 -06:00
533accaa87
Add module for CVE-2013-3346
2013-12-16 14:13:47 -06:00
446db78818
Minor fix to gather_pf_info function
2013-12-16 21:33:07 +02:00
bf561fef95
Corrected Extraneous Whitespace\Newlines
2013-12-16 16:38:49 +00:00
79022c2e29
Probably should have checked it worked...
2013-12-16 11:33:08 +00:00
59003a9842
Updated Poison Ivy Scanner
2013-12-15 22:02:14 +00:00
226cd241bf
Added Poison Ivy Command and Control Scanner\n Auxiliary module to scan for Poison Ivy C&C on ports 80,8080,443 and 3460
2013-12-15 14:34:50 +00:00
3dec7f61a5
Check in sysnative if wow64
2013-12-15 01:12:52 +00:00
2dc4faad72
Resplat license
2013-12-15 01:12:51 +00:00
8203274256
Small fixes
...
Remove " from service command if it is quoted.
Spawn SYSWOW64 notepad.
2013-12-15 01:12:51 +00:00
f2e2147065
Change unless with else to if with else
2013-12-15 01:12:50 +00:00
cff7008500
Fix final issues with merge
...
Hopefully this will be the last of the changes.
2013-12-15 01:12:50 +00:00
41c538856a
Re-add RDI mixin changes
2013-12-15 01:12:49 +00:00
db29af0f97
First batch of submodule refactorings
2013-12-15 01:12:48 +00:00
6916f7c5d2
Fixup description
2013-12-15 01:12:47 +00:00
3d1646d18e
Exit process when complete
2013-12-15 01:12:47 +00:00
dd32c2b0b8
Spawn 32bit process
2013-12-15 01:12:46 +00:00
819ba30a33
msftidy
...
Conflicts:
lib/msf/core/post/windows/services.rb
2013-12-15 01:12:46 +00:00
5eca4714c2
Renamed module
2013-12-15 01:12:46 +00:00
a930056d7f
Added service status checks to Post::Windows::Services
...
Added QueryServiceStatus to Railgun Advapi32 Definitions
Added Checks to module
Conflicts:
lib/msf/core/post/windows/services.rb
lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb
2013-12-15 01:12:45 +00:00
c6623b380a
Initial commit
2013-12-15 01:12:45 +00:00
999006e037
fixed some things, as suggested by jvazquez-r7
2013-12-14 19:41:31 +01:00
e8396dc37a
Delete redefinition of ntdll functions on railgun
2013-12-13 16:02:47 -06:00
ba1a70b72e
Update Microsoft patch information
2013-12-13 15:59:15 -06:00
1ab3e891c9
Modify ms_ndproxy to use railgun additions
2013-12-13 15:54:34 -06:00
14a3d76410
Land #2755 - Microsoft Windows ndproxy.sys Local Privilege Escalation
2013-12-13 15:18:13 -06:00
e6f1f648be
modified wordlist path, modified report_goods to log udp or tcp, made wordlist not required
2013-12-13 10:49:44 -06:00
d6e19df8e2
added additional url reference
2013-12-12 22:57:23 -06:00
9f18c57fce
added period to description and changed tester to user
2013-12-12 22:11:02 -06:00
dba0e9bf77
msftidy done
2013-12-12 20:30:46 -06:00
554cd41403
added dns_cache_scraper and useful wordlists
2013-12-12 20:18:18 -06:00
jvazquez-r7
Markus Wulftange
bcoles
sinn3r
OJ
Matteo Cantoni
Joe Vennix
William Vu
Tod Beardsley
Mekanismen
Ramon de C Valle
zeknox
SeawolfRN
jiuweigui
Meatballs