adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
27,566 Commits 27 Branches 1,043 Tags
5df614d39bcaffbb2eccd271bd0d63bb72b8ea7a
Commit Graph

1213 Commits

Author SHA1 Message Date
jvazquez-r7 b021ff4399 Add noche tags 2014-09-23 13:11:06 -05:00
jvazquez-r7 5c6236e874 Fix rop chain to allow VirtualAlloc when end of stack is too close 2014-09-23 13:08:26 -05:00
jvazquez-r7 64ac1e6b26 Rand padding 2014-09-17 08:09:09 -05:00
jvazquez-r7 e593a4c898 Add comment about gadgets origin 2014-09-16 16:38:03 -05:00
jvazquez-r7 80f02c2a05 Make module ready to go 2014-09-16 15:18:11 -05:00
jvazquez-r7 3a6066792d Work in rop chain... 2014-09-13 17:38:19 -05:00
jvazquez-r7 e2ef927177 Add first version for ZDI-14-255 2014-09-12 08:57:54 -05:00
jvazquez-r7 042423088c Make sure which the full payload is used 2014-08-12 11:41:29 -05:00
Meatballs 7583ed4950 Merge remote-tracking branch 'upstream/master' into pr2075 2014-07-16 20:34:34 +01:00
jvazquez-r7 8937fbb2f5 Fix email format 2014-07-11 12:45:23 -05:00
jvazquez-r7 870fa96bd4 Allow quotes in CmdStagerFlavor metadata 2014-06-27 08:34:56 -04:00
jvazquez-r7 91e2e63f42 Add CmdStagerFlavor to metadata 2014-06-27 08:34:55 -04:00
jvazquez-r7 7ced5927d8 Use One CMDStagermixin 2014-06-27 08:34:55 -04:00
Spencer McIntyre ae25c300e5 Initial attempt to unify the command stagers. 2014-06-27 08:34:55 -04:00
Christian Mehlmauer 03fa858089 Added newline at EOF 2014-06-17 21:05:00 +02:00
Christian Mehlmauer 8e1949f3c8 Added newline at EOF 2014-06-17 21:03:18 +02:00
Jonas Vestberg 7cabfacfa3 Test adobe_flash_pixel_bender_bof on Safari 5.1.7 
Added browser-requirement for Safari after successful test using Safari 5.1.7 with Adobe Flash Player 13.0.0.182 running on Windows 7 SP1.
 2014-05-20 01:43:19 +02:00
jvazquez-r7 2fb0dbb7f8 Delete debug print_status 2014-05-18 23:34:04 -05:00
jvazquez-r7 975cdcb537 Allow exploitation also on FF 2014-05-18 23:24:01 -05:00
Jonas Vestberg 033757812d Updates to adobe_flash_pixel_bender_bof: 
1. Added embed-element to work with IE11 (and Firefox). Removed browser-requirements for ActiveX (clsid and method).
2. Added Cache-Control header on SWF-download to avoid AV-detection (no disk caching = no antivirus-analysis :).

Testing performed:
Successfully tested with Adobe Flash Player 13.0.0.182 with IE9, IE10 and IE11 running on Windows 7SP1. (Exploit will trigger on FF29, although sandboxed.)
 2014-05-18 22:43:51 +02:00
Jeff Jarmoc 5f523e8a04 Rex::Text::uri_encode - make 'hex-all' really mean all. 
'hex-all' encoding was previously ignoring slashes.
This pull adds 'hex-noslashes' mode which carries forward the previous functionality, and replaces all existing references to 'hex-all' with 'hex-noslashes'  It then adds a replacement 'hex-all' mode, which really encodes *ALL* characters.
 2014-05-12 11:26:27 -05:00
jvazquez-r7 6b41a4e2d9 Test Flash 13.0.0.182 2014-05-07 17:39:22 -05:00
jvazquez-r7 5fd732d24a Add module for CVE-2014-0515 2014-05-07 17:13:16 -05:00
jvazquez-r7 5b150a04c6 Add testing information to description 2014-05-03 20:08:00 -05:00
jvazquez-r7 b4c7c5ed1f Add module for CVE-2014-0497 2014-05-03 20:04:46 -05:00
jvazquez-r7 1c88dea7d6 Exploitation also works with flash 13 2014-04-28 16:23:05 -05:00
jvazquez-r7 9ce5545034 Fix comments 2014-04-27 20:13:46 -05:00
jvazquez-r7 60e7e9f515 Add module for CVE-2013-5331 2014-04-27 10:40:46 -05:00
Tod Beardsley e514ff3607 Description and print_status fixes for release 
@cdoughty-r7, I choose you! Or @wvu-r7.
 2014-04-21 14:00:03 -05:00
Meatballs 67f44072ca Merge remote-tracking branch 'upstream/master' into pr2075 2014-04-19 18:45:55 +01:00
jvazquez-r7 acb12a8bef Beautify and fix both ruby an AS 2014-04-17 23:32:29 -05:00
jvazquez-r7 91d9f9ea7f Update from master 2014-04-17 15:32:49 -05:00
jvazquez-r7 749e141fc8 Do first clean up 2014-04-17 15:31:56 -05:00
sinn3r 23c2a071cd Small name change 2014-04-15 18:35:00 -05:00
jvazquez-r7 abd76c5000 Add module for CVE-2014-0322 2014-04-15 17:55:24 -05:00
Meatballs 38d8df4040 Merge remote-tracking branch 'upstream/master' into pr2075 
Conflicts:
	modules/exploits/windows/local/wmi.rb
 2014-04-15 22:06:45 +01:00
Tod Beardsley 062175128b Update @Meatballs and @FireFart in authors.rb 2014-04-09 10:46:10 -05:00
sinn3r 466096f637 Add MSB number to name 2014-03-28 20:33:40 -05:00
jvazquez-r7 f7b1874e7d Land #3151, @wchen-r7's use of BrowserExploitServer in ms13-59's exploit 2014-03-28 14:43:38 -05:00
sinn3r 8ec10f7438 Use BrowserExploitServer for MS13-059 module 2014-03-26 17:49:01 -05:00
jvazquez-r7 19918e3207 Land #3143, @wchen-r7's switch to BrowserExploitServer on ie_setmousecapture_uaf 2014-03-26 14:16:35 -05:00
sinn3r fdc355147f Use BrowserExploitServer mixin for ie_setmousecapture_uaf.rb 2014-03-25 18:41:47 -05:00
sinn3r 6c206e4ced Add a comment about what this build version range is covering 2014-03-25 11:43:13 -05:00
sinn3r 7108d2b90a Add ua_ver and mshtml_build requirements 
This vulnerability is specific to certain builds of IE9.
 2014-03-25 11:35:35 -05:00
Tod Beardsley cfdd64d5b1 Title, description grammar and spelling 2014-03-24 12:16:59 -05:00
jvazquez-r7 a5afd929b4 Land #3120, @wchen-r7's exploit for CVE-2014-0307 2014-03-20 11:16:40 -05:00
jvazquez-r7 8cb7bc3cbe Fix typo 2014-03-20 11:13:57 -05:00
sinn3r c5158a3ccc Update CVE 2014-03-19 22:13:23 -05:00
Tod Beardsley d27264b402 Land #2782, fix expand_path abuse 2014-03-19 08:41:28 -05:00
sinn3r 2e76faa076 Add MS14-012 Internet Explorer Use-After-Free Exploit Module 
Add MS14-012 IE UAF.
 2014-03-18 17:55:56 -05:00