adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,326 Commits 27 Branches 1,043 Tags
69f609bdcd4ecccdf8fdb3635599a5294da9cbaa
Commit Graph

277 Commits

Author SHA1 Message Date
HD Moore 69f609bdcd Updated description to make the source of the exploit clear and why it only triggers reliably vs 6 now. Adjusts the heap spray to be slightly bigger 
git-svn-id: file:///home/svn/framework3/trunk@8138 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-16 00:55:42 +00:00
Steve Tornio a0326fc842 add CVE and OSVDB refs 
git-svn-id: file:///home/svn/framework3/trunk@8137 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-15 22:05:02 +00:00
HD Moore 579a6fe799 Metasploit port of the IE "Aurora" exploit, based on this sample: http://wepawet.iseclab.org/view.php?hash=1aea206aa64ebeabb07237f1e2230d0f&type=js 
git-svn-id: file:///home/svn/framework3/trunk@8136 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-15 21:36:04 +00:00
Joshua Drake fba8a1d110 added a German target with 0x0a0a0a0a as the spray addr 
git-svn-id: file:///home/svn/framework3/trunk@8125 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-14 22:24:56 +00:00
James Lee 3c6cbbc47e make sure IE service packs don't throw off the version comparison 
git-svn-id: file:///home/svn/framework3/trunk@8049 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-31 21:24:00 +00:00
Joshua Drake 2283e029db crossing fingers, big cr removal batch 
git-svn-id: file:///home/svn/framework3/trunk@8038 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-30 22:24:22 +00:00
Joshua Drake 19d32b6c97 add jabra to author list 
git-svn-id: file:///home/svn/framework3/trunk@7931 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-21 17:01:12 +00:00
Steve Tornio 544efd879b Add OSVDB references 
git-svn-id: file:///home/svn/framework3/trunk@7929 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-21 11:53:20 +00:00
Joshua Drake 47ef693b77 add CVE references! 
git-svn-id: file:///home/svn/framework3/trunk@7928 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-21 09:38:42 +00:00
HD Moore be42efdd1b Update the PDF modules to work on a wider range of versions 
git-svn-id: file:///home/svn/framework3/trunk@7917 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-19 01:02:32 +00:00
James Lee 82d84605e4 advisory says it should work against 5.5, but this module causes js syntax errors, so only run it on 6 
git-svn-id: file:///home/svn/framework3/trunk@7914 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-18 19:38:52 +00:00
HD Moore f2ec7795e2 Reliability improvement for the Acrobat bug - use the lame old 0x0c0c0c0c, but this works on the widest range of versions 
git-svn-id: file:///home/svn/framework3/trunk@7907 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-17 14:43:05 +00:00
Joshua Drake 026924c9b6 fixed sync issues between browser/fileformat modules 
git-svn-id: file:///home/svn/framework3/trunk@7902 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-17 05:19:30 +00:00
Joshua Drake 2baa4a1efa port changes from Lurene to browser version 
git-svn-id: file:///home/svn/framework3/trunk@7901 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-17 05:16:35 +00:00
Joshua Drake e563e91d35 added browser versions of yesterdays adobe pdf exploits from jabra 
git-svn-id: file:///home/svn/framework3/trunk@7894 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-16 20:37:57 +00:00
James Lee 2570fcee15 get rid of some more ^Ms 
git-svn-id: file:///home/svn/framework3/trunk@7880 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-15 18:47:29 +00:00
James Lee 196ee82179 bye-bye crlf 
git-svn-id: file:///home/svn/framework3/trunk@7878 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-15 18:13:27 +00:00
Joshua Drake 1813a0fb9a updated technique 
git-svn-id: file:///home/svn/framework3/trunk@7867 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-15 00:32:07 +00:00
Mario Ceballos c799df8559 target is no good. offsets change on different installs. 
git-svn-id: file:///home/svn/framework3/trunk@7864 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-14 23:07:21 +00:00
Joshua Drake 88b9ee18af clarified some version info 
git-svn-id: file:///home/svn/framework3/trunk@7863 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-14 23:01:34 +00:00
Joshua Drake 8317b69aca corrected disclosure date 
git-svn-id: file:///home/svn/framework3/trunk@7860 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-14 22:44:37 +00:00
Joshua Drake 2524840348 renamed, new targets, now using seh... 
git-svn-id: file:///home/svn/framework3/trunk@7859 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-14 22:40:56 +00:00
Mario Ceballos 3ac51c7396 added exploit module symantec_altirisdeployment_runcmd.rb. 
git-svn-id: file:///home/svn/framework3/trunk@7821 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-11 02:36:01 +00:00
HD Moore 3c08bc0c80 Rename and reference update from the microsoft patch 
git-svn-id: file:///home/svn/framework3/trunk@7775 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-09 15:06:26 +00:00
Joshua Drake 87c85b5176 removed executable generation routines from Rex::Text (use Msf::Util::EXE), Fixes #660 
git-svn-id: file:///home/svn/framework3/trunk@7760 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-08 21:24:45 +00:00
Joshua Drake 0961ce3523 add exploit module for cve-2009-3693 
git-svn-id: file:///home/svn/framework3/trunk@7749 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-08 03:08:46 +00:00
Joshua Drake ff83f1cd2f add ranking to every exploit module, pfew! 
git-svn-id: file:///home/svn/framework3/trunk@7724 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-06 05:50:37 +00:00
Joshua Drake 2cf9c3ce2b revision fixups 
git-svn-id: file:///home/svn/framework3/trunk@7723 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-06 05:16:11 +00:00
Joshua Drake 17249f29d3 cve roulette also cve-2009-4054 
git-svn-id: file:///home/svn/framework3/trunk@7722 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-06 05:00:06 +00:00
HD Moore 927563c135 Correct some assumptions about client-side exploit signature development, remove the prepend since we dont use .net anymore 
git-svn-id: file:///home/svn/framework3/trunk@7616 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-25 21:18:26 +00:00
Joshua Drake a4dd52543c removed .net dll bypass, recorded some crash addresses 
git-svn-id: file:///home/svn/framework3/trunk@7614 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-25 19:39:15 +00:00
James Lee 00eaff0550 stupid ruby string differences 
git-svn-id: file:///home/svn/framework3/trunk@7611 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-25 17:16:45 +00:00
HD Moore 0c19f50718 Fix broken .NET method 
git-svn-id: file:///home/svn/framework3/trunk@7610 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-25 17:11:38 +00:00
Joshua Drake f733856974 add exploit module for cve-2009-3762 
git-svn-id: file:///home/svn/framework3/trunk@7609 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-25 07:25:04 +00:00
James Lee f516edacfb only works on ie7 
git-svn-id: file:///home/svn/framework3/trunk@7603 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-25 02:14:40 +00:00
James Lee c45c15cd29 add autopwn info 
git-svn-id: file:///home/svn/framework3/trunk@7599 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-24 23:50:08 +00:00
James Lee 99319d2a55 don't unintentionally create a UNC path. see #558 
git-svn-id: file:///home/svn/framework3/trunk@7591 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-24 06:23:03 +00:00
James Lee 4a912e7c0c don't inadvertantly create a UNC path. see #558 
git-svn-id: file:///home/svn/framework3/trunk@7590 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-24 06:02:21 +00:00
James Lee 7490e4c4a8 use an absolute uri to the evil gif. fixes #558. we probably ought to have a method for doing this since it seems to be a fairly common problem. 
git-svn-id: file:///home/svn/framework3/trunk@7589 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-24 05:44:21 +00:00
Joshua Drake b9939a836f fixed PDF header (oops) 
git-svn-id: file:///home/svn/framework3/trunk@7577 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-22 01:01:11 +00:00
Joshua Drake e5796f5b3b changed address to 0x0a0a0a0a 
tested against various reader versions
removed pdf version randomization



git-svn-id: file:///home/svn/framework3/trunk@7570 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-19 05:56:03 +00:00
HD Moore 61e233df91 Keywords on all modules, plugins, and scripts 
git-svn-id: file:///home/svn/framework3/trunk@7550 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-17 00:05:19 +00:00
Joshua Drake 4edc6d942c updated awingsoft web3d bof module from trancer 
git-svn-id: file:///home/svn/framework3/trunk@7533 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-16 16:51:52 +00:00
Joshua Drake 04725e70cc reference updates from Steve Tornio 
git-svn-id: file:///home/svn/framework3/trunk@7521 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-15 16:03:01 +00:00
Mario Ceballos 4c23734e72 added exploit module oracle_dc_submittoexpress.rb 
git-svn-id: file:///home/svn/framework3/trunk@7520 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-15 01:01:21 +00:00
Joshua Drake 7573994152 add exploit module for another winds3d 0day 
git-svn-id: file:///home/svn/framework3/trunk@7518 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-14 22:26:08 +00:00
Joshua Drake 240a8444b0 Fixed some license problems 
git-svn-id: file:///home/svn/framework3/trunk@7515 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-14 18:09:05 +00:00
Mario Ceballos bbfc195735 added patch from Steve Tornio. 
git-svn-id: file:///home/svn/framework3/trunk@7514 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-14 13:26:27 +00:00
Joshua Drake 8d382ef487 oops -- removed CVE/BID/OSVDB references 
git-svn-id: file:///home/svn/framework3/trunk@7512 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-14 04:46:21 +00:00
Joshua Drake 74269325db added CVE/BID/OSVDB references 
git-svn-id: file:///home/svn/framework3/trunk@7511 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-14 04:42:02 +00:00