infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
metasploit-framework/data/exploits
History
OJ defc0ebe5c
ppr_flatten_rec update, RDI submodule, and refactor 
This commit contains a few changes for the ppr_flatten_rec local windows
exploit. First, the exploit binary itself:

* Updated to use the RDI submodule.
* Updated to build with VS2013.
* Updated to generate a binary called `ppr_flatten_rc.x86.dll`.
* Invocation of the exploit requires address of the payload to run.

Second, the module in MSF behaved a little strange. I expected it to create
a new session with system privs and leave the existing session alone. This
wasn't the case. It used to create an instance of notepad, migrate the
_existing_ session to it, and run the exploit from there. This behaviour
didn't seem to be consistent with other local exploits. The changes
include:

* Existing session is now left alone, only used as a proxy.
* New notepad instance has exploit reflectively loaded.
* New notepad instance has payload directly injected.
* Exploit invocation takes the payload address as a parameter.
* A wait is added as the exploit is slow to run (nature of the exploit).
* Payloads are executed on successful exploit.
 		2013-11-27 20:44:18 +10:00
..
CVE-2008-6508
CVE-2010-0232 Remove genericity, x64 and renamed stuff 2013-11-14 12:22:53 +10:00
CVE-2010-0842
CVE-2011-2882
CVE-2011-3400
CVE-2012-0013
CVE-2012-1535 Add Main.swf from 593363c 2013-07-29 21:53:40 -05:00
CVE-2012-2516
CVE-2012-4681
CVE-2013-2465 Change directory names 2013-08-15 22:52:42 -05:00
CVE-2013-3906 Initial commit of CVE-2013-3906 2013-11-19 23:10:32 -06:00
batik_svg
capture/http Retab all the things (except external/) 2013-09-30 13:47:53 -05:00
cmdstager Add module for ZDI-13-205 2013-09-04 15:57:22 -05:00
cve-2010-0094
cve-2010-0840/vuln
cve-2010-3563
cve-2010-4452
cve-2011-3544
cve-2012-5076
cve-2012-5076_2 Added new module for cve-2012-5076 2013-01-17 21:27:47 +01:00
cve-2012-5088 Added module for CVE-2012-5088 2013-01-17 21:14:49 +01:00
cve-2013-0074 Small fix to interface 2013-11-22 17:02:08 -06:00
cve-2013-0422
cve-2013-0431 added security level bypass 2013-02-20 17:50:47 +01:00
cve-2013-1488 Add module for CVE-2013-1488 2013-06-07 13:38:41 -05:00
cve-2013-1493 Added module for CVE-2013-1493 2013-03-26 22:30:18 +01:00
cve-2013-2460 Make fixes proposed by review and clean 2013-06-25 12:58:00 -05:00
cve-2013-3660 ppr_flatten_rec update, RDI submodule, and refactor 2013-11-27 20:44:18 +10:00
docx Data files moved. Updated to use Rex::zip and Msf::Exploit::FILEFORMAT 2013-02-04 13:37:09 +01:00
java_signed_applet
jboss_jmxinvoker/DeploymentFileRepository
jre7u17 Added module for Java 7u17 sandboxy bypass 2013-04-20 01:43:13 -05:00
mssql
mysql
php
postgres
powershell
psnuffle Retab all the things (except external/) 2013-09-30 13:47:53 -05:00
pxexploit
splunk
wifi
CVE-2007-3314.dat
CVE-2008-0320.doc
CVE-2008-5353.jar
CVE-2008-5499.swf
CVE-2009-3867.jar
CVE-2009-3869.jar
CVE-2010-0480.avi
CVE-2010-0822.xls
CVE-2010-1297.swf
CVE-2010-3275.amv
CVE-2010-3654.swf
CVE-2011-0105.xlb
CVE-2011-0257.mov
CVE-2011-0609.swf
CVE-2011-0611.swf
CVE-2011-2110.swf
CVE-2012-0507.jar
CVE-2012-0754.swf
CVE-2012-0779.swf
CVE-2012-1723.jar
CVE-2013-2171.bin Fix CVE-2013-2171 with @jlee-r7 feedback 2013-06-25 10:40:55 -05:00
QTJavaExploit.class
cve-2010-2883.ttf
cve-2013-0758.swf Initial commit, works on three OSes, but automatic mode fails. 2013-05-15 23:32:02 -05:00
exec_payload.msi
google_proxystylesheet.xml
iceweasel_macosx.icns
iphone_libtiff.bin
modicon_ladder.apx
mp4player.as
mp4player.fla
mp4player.swf
msfJavaToolkit.jar
pricedown.eot
runcalc.hlp
s4u_persistence.xml rename the xml template for s4u 2013-02-18 15:25:03 +01:00
shockwave_rcsl.dir