adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
23,977 Commits 27 Branches 1,043 Tags
8dce80fd30d62bd11bdc1d8aaa07993b013c8564
Commit Graph

1068 Commits

Author SHA1 Message Date
jvazquez-r7 577bd7c855 Land #3146, @wchen-r7's flash version detection code 2014-04-02 15:13:41 -05:00
agix a71fcaeefd add comments on change description call 2014-04-02 20:33:09 +01:00
agix bc4cb3febf Add DCERPC catch exception 2014-04-02 20:33:09 +01:00
agix 4a575d57ab Try to fix Meatballs1 suggestions : optional service_description change call 2014-04-02 20:33:09 +01:00
agix 5334f2657e Fix a bug for backwards compatibility 2014-04-02 20:33:08 +01:00
agix 631a7b9c48 Adapt to new psexec mixin (first try :D) 2014-04-02 20:33:08 +01:00
William Vu f9a7cfaa67 Land #3168, EICAR payload encoding 2014-04-01 09:17:10 -05:00
Tod Beardsley 42c7b85b86 Don't EICAR every time. That would be bad. 2014-04-01 09:05:55 -05:00
sinn3r 07ab05c870 Update a comment 2014-03-28 15:20:45 -05:00
sinn3r 4b7f85e47d Adobe Flash support in BES 2014-03-28 15:14:58 -05:00
Tod Beardsley 196e07c5b1 Touch up the EICAR stuff 2014-03-28 11:45:28 -05:00
jvazquez-r7 da6a428bbf Modify libs to support explib2 2014-03-28 10:44:52 -05:00
sinn3r 85c0c8bb70 Add support to detect mshtml build 
Some IE vulns are build-specific, in that case we need a way to
detect the build version. On IE9 and newer, the build version is
the same as the one you see in WinDBG when you do lmv m mshtml.
On IE8, it returns something else I don't know.
 2014-03-25 03:31:08 -05:00
David Maloney da0c37cee2 Land #2684, Meatballs PSExec refactor 2014-03-14 13:01:20 -05:00
sinn3r 6e37493471 Land #3091 - native shellcode payloads from a FF privileged js shell 2014-03-13 13:36:37 -05:00
Joe Vennix db036e44ad Use RdlCopyMemory from Kernel32. 2014-03-13 11:05:58 -05:00
Joe Vennix 851fca2107 Add posix fork() call before running code. 2014-03-12 02:56:26 -05:00
Joe Vennix 7afcb6aee8 Add CreateThread wrapper for windows. 2014-03-12 02:49:09 -05:00
Joe Vennix ce0c5380a5 Kill stray //. 2014-03-12 02:20:49 -05:00
Joe Vennix 9bdf570763 All working now. In-memory meterpreter even. 2014-03-12 02:19:28 -05:00
sinn3r b431bf3da9 Land #3052 - Fix nil error in BES 2014-03-11 12:51:03 -05:00
Joe Vennix c07f390382 Add CookieExpiration option, add trailing slash to URI. 2014-03-10 13:07:17 -05:00
Meatballs 311d4665ce Re-use CreateService Handle 
and remove unused variable
 2014-03-06 21:37:49 +00:00
Joe Vennix 05067b4e33 Oops. Need to init the profile before accessed. 2014-03-06 11:48:54 -06:00
Joe Vennix ad592fd114 Remove unnecessary method. 2014-03-05 23:36:43 -06:00
Joe Vennix a792f85a5f Fix re-initialize bug. 2014-03-05 23:27:04 -06:00
Joe Vennix 5790547d34 Start undoing some work. 2014-03-04 17:01:53 -06:00
Joe Vennix 3360f7004d Update form_post vars, add Expires to cookie. 2014-03-03 23:29:02 -06:00
sinn3r ee1209b7fb This should work 2014-03-03 11:53:51 -06:00
Joe Vennix 894d16af80 Add specs for new/returning/previous visitors. 2014-03-02 20:50:10 -06:00
Joe Vennix 6825fd2486 Whitespace tweaks and cleanup. 2014-03-02 19:57:48 -06:00
Joe Vennix 46f27289ed Reorganizes form_post into separate file. 2014-03-02 19:55:21 -06:00
Joe Vennix 785a35a81a Needed to kill objToQuery. 2014-03-02 19:48:55 -06:00
Joe Vennix e8226f9d40 Use a keyed cookie. Moves AJAX call to a form post. 2014-03-02 19:47:24 -06:00
Joe Vennix 26db845438 Try to pthread_create. Fails. 2014-03-02 18:02:23 -06:00
sinn3r 8cf5c3b97e Add heaplib2 
[SeeRM #8769] Add heapLib2 for browser exploitation
 2014-03-02 11:47:18 -06:00
David Maloney d358fe5f94 Merge branch 'payload_defaults' 2014-02-26 10:28:46 -06:00
Joe Vennix c760d37703 use the actual shellcode length. 2014-02-24 09:55:44 -06:00
jvazquez-r7 0b5e617236 Land #3016 lsanchez-r7's send_message mod to return info 2014-02-19 17:01:06 -06:00
jvazquez-r7 c0cdea37f7 Initialize send_status at the function's start 2014-02-19 16:54:29 -06:00
lsanchez-r7 f7a483523c changing the initial state from false to nil 2014-02-19 16:45:00 -06:00
Joe Vennix 50fb9b247e Restructure some of the exploit methods. 2014-02-19 02:31:22 -06:00
jvazquez-r7 4ca4d82d89 Land #2939, @Meatballs1 exploit for Wikimedia RCE and a lot more... 2014-02-18 17:48:02 -06:00
lsanchez-r7 07fd3494e5 changing send_message to return more information 2014-02-18 16:48:52 -06:00
Meatballs d8ea11b851 Redirect HTTP too 2014-02-10 23:41:15 +00:00
sinn3r 442d212a94 Add vprint_debug to show what requirements are being compared 2014-02-10 17:33:36 -06:00
Meatballs a87f604c98 Merge remote-tracking branch 'upstream/master' into mediawiki 2014-02-10 21:43:56 +00:00
James Lee fab8e16a87 Unbreak server exploits 2014-02-10 10:54:14 -06:00
jvazquez-r7 57320a59f1 Do small clean up for mediawiki_thumb pr 2014-02-10 08:57:09 -06:00
Meatballs 26c506da42 Naming of follow method 2014-02-04 15:25:51 +00:00