infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
metasploit-framework/data/exploits
History
OJ defc0ebe5c
ppr_flatten_rec update, RDI submodule, and refactor 
This commit contains a few changes for the ppr_flatten_rec local windows
exploit. First, the exploit binary itself:

* Updated to use the RDI submodule.
* Updated to build with VS2013.
* Updated to generate a binary called `ppr_flatten_rc.x86.dll`.
* Invocation of the exploit requires address of the payload to run.

Second, the module in MSF behaved a little strange. I expected it to create
a new session with system privs and leave the existing session alone. This
wasn't the case. It used to create an instance of notepad, migrate the
_existing_ session to it, and run the exploit from there. This behaviour
didn't seem to be consistent with other local exploits. The changes
include:

* Existing session is now left alone, only used as a proxy.
* New notepad instance has exploit reflectively loaded.
* New notepad instance has payload directly injected.
* Exploit invocation takes the payload address as a parameter.
* A wait is added as the exploit is slow to run (nature of the exploit).
* Payloads are executed on successful exploit.
 		2013-11-27 20:44:18 +10:00
..
CVE-2008-6508 Permissions. 2012-06-28 11:42:37 -05:00
CVE-2010-0232 Remove genericity, x64 and renamed stuff 2013-11-14 12:22:53 +10:00
CVE-2010-0842 Fix my screwup in winscp for servicename 2012-02-21 20:31:52 -06:00
CVE-2011-2882 Permission changes (to sync) 2011-11-10 19:48:32 -06:00
CVE-2011-3400 Permissions 2012-06-12 15:20:25 -05:00
CVE-2012-0013 Permissions 2012-06-12 15:20:25 -05:00
CVE-2012-1535 Add Main.swf from 593363c 2013-07-29 21:53:40 -05:00
CVE-2012-2516 added chm templates 2012-10-10 19:21:47 +02:00
CVE-2012-4681 changed dir names according to CVE 2012-08-28 16:33:01 +02:00
CVE-2013-2465 Change directory names 2013-08-15 22:52:42 -05:00
CVE-2013-3906 Initial commit of CVE-2013-3906 2013-11-19 23:10:32 -06:00
batik_svg Permissions 2012-06-06 20:05:29 -05:00
capture/http Retab all the things (except external/) 2013-09-30 13:47:53 -05:00
cmdstager Add module for ZDI-13-205 2013-09-04 15:57:22 -05:00
cve-2010-0094 Permission changes (to sync) 2011-11-10 19:48:32 -06:00
cve-2010-0840/vuln Permission changes (to sync) 2011-11-10 19:48:32 -06:00
cve-2010-3563 Permission changes (to sync) 2011-11-10 19:48:32 -06:00
cve-2010-4452 Permission changes (to sync) 2011-11-10 19:48:32 -06:00
cve-2011-3544 Allows for Loot and Tasks to be imported from an MSF ZIP. 2011-12-05 22:30:34 -05:00
cve-2012-5076 fixing bperry comments 2012-11-11 20:18:19 +01:00
cve-2012-5076_2 Added new module for cve-2012-5076 2013-01-17 21:27:47 +01:00
cve-2012-5088 Added module for CVE-2012-5088 2013-01-17 21:14:49 +01:00
cve-2013-0074 Small fix to interface 2013-11-22 17:02:08 -06:00
cve-2013-0422 cve and references available 2013-01-11 00:54:53 +01:00
cve-2013-0431 added security level bypass 2013-02-20 17:50:47 +01:00
cve-2013-1488 Add module for CVE-2013-1488 2013-06-07 13:38:41 -05:00
cve-2013-1493 Added module for CVE-2013-1493 2013-03-26 22:30:18 +01:00
cve-2013-2460 Make fixes proposed by review and clean 2013-06-25 12:58:00 -05:00
cve-2013-3660 ppr_flatten_rec update, RDI submodule, and refactor 2013-11-27 20:44:18 +10:00
docx Data files moved. Updated to use Rex::zip and Msf::Exploit::FILEFORMAT 2013-02-04 13:37:09 +01:00
java_signed_applet Permission changes (to sync) 2011-11-10 19:48:32 -06:00
jboss_jmxinvoker/DeploymentFileRepository Added Exploit for deployfilerepository via JMX 2012-09-03 13:50:16 -04:00
jre7u17 Added module for Java 7u17 sandboxy bypass 2013-04-20 01:43:13 -05:00
mssql Permission changes (to sync) 2011-11-10 19:48:32 -06:00
mysql Permission changes (to sync) 2011-11-10 19:48:32 -06:00
php Permission changes (to sync) 2011-11-10 19:48:32 -06:00
postgres Fixes #3988. Adds a command execution module for PostgreSQL by uploading a UDF library and adding sys_exec() as a temporary function. Requires the target to be Windows, uses Bernardo Damele A. G.'s binaries. 2011-03-23 19:36:07 +00:00
powershell Permission changes (to sync) 2011-11-10 19:48:32 -06:00
psnuffle Retab all the things (except external/) 2013-09-30 13:47:53 -05:00
pxexploit Adds scriptjunkie's multilingual admin fie for pxexploit 2011-12-23 12:24:45 -06:00
splunk Cleanup of #1062 2012-12-07 11:55:48 +01:00
wifi Permission changes (to sync) 2011-11-10 19:48:32 -06:00
CVE-2007-3314.dat Permission changes (to sync) 2011-11-10 19:48:32 -06:00
CVE-2008-0320.doc Permissions 2012-06-06 20:05:29 -05:00
CVE-2008-5353.jar Permission changes (to sync) 2011-11-10 19:48:32 -06:00
CVE-2008-5499.swf Permission change, ignore 2012-04-23 13:42:18 -05:00
CVE-2009-3867.jar Permission changes (to sync) 2011-11-10 19:48:32 -06:00
CVE-2009-3869.jar Permission changes (to sync) 2011-11-10 19:48:32 -06:00
CVE-2010-0480.avi Permission changes (to sync) 2011-11-10 19:48:32 -06:00
CVE-2010-0822.xls Consolidation of the Axis2 Deployer Exploits 2011-11-22 08:47:53 -08:00
CVE-2010-1297.swf Permission changes (to sync) 2011-11-10 19:48:32 -06:00
CVE-2010-3275.amv Added Crash file for CVE-2010-3275 (VLC AMV file) 2011-03-25 21:01:30 +00:00
CVE-2010-3654.swf Permission changes (to sync) 2011-11-10 19:48:32 -06:00
CVE-2011-0105.xlb Permission changes (to sync) 2011-11-10 19:48:32 -06:00
CVE-2011-0257.mov Permission changes (to sync) 2011-11-10 19:48:32 -06:00
CVE-2011-0609.swf Permission changes (to sync) 2011-11-10 19:48:32 -06:00
CVE-2011-0611.swf Added swf trigger file 2011-04-16 02:08:03 +00:00
CVE-2011-2110.swf Permissions fix 2012-06-21 15:39:17 -05:00
CVE-2012-0507.jar Permissions fix for exploit jar file 2012-04-02 09:27:35 -05:00
CVE-2012-0754.swf Permisssions (ignore) 2012-03-08 16:16:13 -06:00
CVE-2012-0779.swf Permissions 2012-06-25 00:36:39 -05:00
CVE-2012-1723.jar Better handle of module cache when db_connect is run manually 2012-07-10 23:56:48 -05:00
CVE-2013-2171.bin Fix CVE-2013-2171 with @jlee-r7 feedback 2013-06-25 10:40:55 -05:00
QTJavaExploit.class Permission changes (to sync) 2011-11-10 19:48:32 -06:00
cve-2010-2883.ttf Permission changes (to sync) 2011-11-10 19:48:32 -06:00
cve-2013-0758.swf Initial commit, works on three OSes, but automatic mode fails. 2013-05-15 23:32:02 -05:00
exec_payload.msi added build exec_payload.msi 2012-11-28 21:51:01 +01:00
google_proxystylesheet.xml Permission changes (to sync) 2011-11-10 19:48:32 -06:00
iceweasel_macosx.icns Permission changes (to sync) 2011-11-10 19:48:32 -06:00
iphone_libtiff.bin Permission changes (to sync) 2011-11-10 19:48:32 -06:00
modicon_ladder.apx Permissions fix for modicon_ladder.apx 2012-04-12 14:26:27 -05:00
mp4player.as Permisssions (ignore) 2012-03-08 16:16:13 -06:00
mp4player.fla Add source code to the player 2012-03-08 15:23:10 -06:00
mp4player.swf Test out new player code 2012-03-08 15:05:12 -06:00
msfJavaToolkit.jar Permission changes (to sync) 2011-11-10 19:48:32 -06:00
pricedown.eot Permission changes (to sync) 2011-11-10 19:48:32 -06:00
runcalc.hlp Permission changes (to sync) 2011-11-10 19:48:32 -06:00
s4u_persistence.xml rename the xml template for s4u 2013-02-18 15:25:03 +01:00
shockwave_rcsl.dir Permission changes (to sync) 2011-11-10 19:48:32 -06:00