adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
26,768 Commits 27 Branches 1,043 Tags
4293500a5ede6f230960e2effa2ef358e7908067
Commit Graph

1206 Commits

Author SHA1 Message Date
jvazquez-r7 042423088c Make sure which the full payload is used 2014-08-12 11:41:29 -05:00
Meatballs 7583ed4950 Merge remote-tracking branch 'upstream/master' into pr2075 2014-07-16 20:34:34 +01:00
jvazquez-r7 8937fbb2f5 Fix email format 2014-07-11 12:45:23 -05:00
jvazquez-r7 870fa96bd4 Allow quotes in CmdStagerFlavor metadata 2014-06-27 08:34:56 -04:00
jvazquez-r7 91e2e63f42 Add CmdStagerFlavor to metadata 2014-06-27 08:34:55 -04:00
jvazquez-r7 7ced5927d8 Use One CMDStagermixin 2014-06-27 08:34:55 -04:00
Spencer McIntyre ae25c300e5 Initial attempt to unify the command stagers. 2014-06-27 08:34:55 -04:00
Christian Mehlmauer 03fa858089 Added newline at EOF 2014-06-17 21:05:00 +02:00
Christian Mehlmauer 8e1949f3c8 Added newline at EOF 2014-06-17 21:03:18 +02:00
Jonas Vestberg 7cabfacfa3 Test adobe_flash_pixel_bender_bof on Safari 5.1.7 
Added browser-requirement for Safari after successful test using Safari 5.1.7 with Adobe Flash Player 13.0.0.182 running on Windows 7 SP1.
 2014-05-20 01:43:19 +02:00
jvazquez-r7 2fb0dbb7f8 Delete debug print_status 2014-05-18 23:34:04 -05:00
jvazquez-r7 975cdcb537 Allow exploitation also on FF 2014-05-18 23:24:01 -05:00
Jonas Vestberg 033757812d Updates to adobe_flash_pixel_bender_bof: 
1. Added embed-element to work with IE11 (and Firefox). Removed browser-requirements for ActiveX (clsid and method).
2. Added Cache-Control header on SWF-download to avoid AV-detection (no disk caching = no antivirus-analysis :).

Testing performed:
Successfully tested with Adobe Flash Player 13.0.0.182 with IE9, IE10 and IE11 running on Windows 7SP1. (Exploit will trigger on FF29, although sandboxed.)
 2014-05-18 22:43:51 +02:00
Jeff Jarmoc 5f523e8a04 Rex::Text::uri_encode - make 'hex-all' really mean all. 
'hex-all' encoding was previously ignoring slashes.
This pull adds 'hex-noslashes' mode which carries forward the previous functionality, and replaces all existing references to 'hex-all' with 'hex-noslashes'  It then adds a replacement 'hex-all' mode, which really encodes *ALL* characters.
 2014-05-12 11:26:27 -05:00
jvazquez-r7 6b41a4e2d9 Test Flash 13.0.0.182 2014-05-07 17:39:22 -05:00
jvazquez-r7 5fd732d24a Add module for CVE-2014-0515 2014-05-07 17:13:16 -05:00
jvazquez-r7 5b150a04c6 Add testing information to description 2014-05-03 20:08:00 -05:00
jvazquez-r7 b4c7c5ed1f Add module for CVE-2014-0497 2014-05-03 20:04:46 -05:00
jvazquez-r7 1c88dea7d6 Exploitation also works with flash 13 2014-04-28 16:23:05 -05:00
jvazquez-r7 9ce5545034 Fix comments 2014-04-27 20:13:46 -05:00
jvazquez-r7 60e7e9f515 Add module for CVE-2013-5331 2014-04-27 10:40:46 -05:00
Tod Beardsley e514ff3607 Description and print_status fixes for release 
@cdoughty-r7, I choose you! Or @wvu-r7.
 2014-04-21 14:00:03 -05:00
Meatballs 67f44072ca Merge remote-tracking branch 'upstream/master' into pr2075 2014-04-19 18:45:55 +01:00
jvazquez-r7 acb12a8bef Beautify and fix both ruby an AS 2014-04-17 23:32:29 -05:00
jvazquez-r7 91d9f9ea7f Update from master 2014-04-17 15:32:49 -05:00
jvazquez-r7 749e141fc8 Do first clean up 2014-04-17 15:31:56 -05:00
sinn3r 23c2a071cd Small name change 2014-04-15 18:35:00 -05:00
jvazquez-r7 abd76c5000 Add module for CVE-2014-0322 2014-04-15 17:55:24 -05:00
Meatballs 38d8df4040 Merge remote-tracking branch 'upstream/master' into pr2075 
Conflicts:
	modules/exploits/windows/local/wmi.rb
 2014-04-15 22:06:45 +01:00
Tod Beardsley 062175128b Update @Meatballs and @FireFart in authors.rb 2014-04-09 10:46:10 -05:00
sinn3r 466096f637 Add MSB number to name 2014-03-28 20:33:40 -05:00
jvazquez-r7 f7b1874e7d Land #3151, @wchen-r7's use of BrowserExploitServer in ms13-59's exploit 2014-03-28 14:43:38 -05:00
sinn3r 8ec10f7438 Use BrowserExploitServer for MS13-059 module 2014-03-26 17:49:01 -05:00
jvazquez-r7 19918e3207 Land #3143, @wchen-r7's switch to BrowserExploitServer on ie_setmousecapture_uaf 2014-03-26 14:16:35 -05:00
sinn3r fdc355147f Use BrowserExploitServer mixin for ie_setmousecapture_uaf.rb 2014-03-25 18:41:47 -05:00
sinn3r 6c206e4ced Add a comment about what this build version range is covering 2014-03-25 11:43:13 -05:00
sinn3r 7108d2b90a Add ua_ver and mshtml_build requirements 
This vulnerability is specific to certain builds of IE9.
 2014-03-25 11:35:35 -05:00
Tod Beardsley cfdd64d5b1 Title, description grammar and spelling 2014-03-24 12:16:59 -05:00
jvazquez-r7 a5afd929b4 Land #3120, @wchen-r7's exploit for CVE-2014-0307 2014-03-20 11:16:40 -05:00
jvazquez-r7 8cb7bc3cbe Fix typo 2014-03-20 11:13:57 -05:00
sinn3r c5158a3ccc Update CVE 2014-03-19 22:13:23 -05:00
Tod Beardsley d27264b402 Land #2782, fix expand_path abuse 2014-03-19 08:41:28 -05:00
sinn3r 2e76faa076 Add MS14-012 Internet Explorer Use-After-Free Exploit Module 
Add MS14-012 IE UAF.
 2014-03-18 17:55:56 -05:00
William Vu 25ebb05093 Add next chunk of fixes 
Going roughly a third at a time.
 2014-03-11 12:23:59 -05:00
OJ 3ea3968d88 Merge branch 'upstream/master' into stop_abusing_expand_path 
Conflicts:
	lib/msf/core/post/windows/shadowcopy.rb
	modules/exploits/windows/local/bypassuac.rb
	modules/post/windows/gather/wmic_command.rb
	modules/post/windows/manage/persistence.rb
 2014-03-11 23:13:39 +10:00
Meatballs b8b36ef528 Merge remote-tracking branch 'upstream/master' into pr2075 2014-02-14 22:52:55 +00:00
William Vu e6905837eb Land #2960, rand_text_alpha for amaya_bdo 2014-02-10 16:44:11 -06:00
Tod Beardsley 1236a4eb07 Fixup on description and some option descrips 2014-02-10 14:41:59 -06:00
Meatballs c37cb5075c Merge remote-tracking branch 'upstream/master' into pr2075 2014-02-08 22:11:31 +00:00
David Maciejak 32c02dd56a Added some randomness 2014-02-08 11:27:25 +08:00