6e69fe48bf
Undo psexec changes
2013-09-20 22:30:00 +01:00
2591be503b
Psh support
2013-09-20 22:07:42 +01:00
15885e4ef6
Change static x value
2013-09-20 20:31:14 +01:00
ee365a6b64
Some liberal sleeping
2013-09-20 19:33:27 +01:00
7d1c5c732a
Correct powershell
2013-09-20 18:36:24 +01:00
bb7b57cad9
Land #2370 - PCMAN FTP Server post-auth stack buffer overflow
2013-09-20 12:29:10 -05:00
feb76ea767
Modify check
...
Since auth is required, check function needs to look into that too
2013-09-20 12:28:21 -05:00
2d6c76d0ad
Rename pcman module
...
Because this is clearly a msf module, we don't need 'msf' as a
filename. The shorter the better.
2013-09-20 12:18:24 -05:00
6690e35761
Account for username length
...
Username is part of the overflowing string, need to account for that
2013-09-20 12:17:34 -05:00
9d67cbb4db
Retabbed
2013-09-20 11:58:53 -05:00
9819566d94
Nearly
2013-09-20 17:18:14 +01:00
6f5e528699
Remove author, all the credits go to corelanc0der and sinn3r
2013-09-20 10:27:37 -05:00
83f54d71ea
Add MS13-069 (CVE-2013-3205) IE ccaret object use-after-free
...
This module exploits a use-after-free vulnerability found in Internet Explorer,
specifically in how the browser handles the caret (text cursor) object. In IE's
standards mode, the caret handling's vulnerable state can be triggered by first
setting up an editable page with an input field, and then we can force the caret
to update in an onbeforeeditfocus event by setting the body's innerHTML property.
In this event handler, mshtml!CCaret::`vftable' can be freed using a document.write()
function, however, mshtml!CCaret::UpdateScreenCaret remains unaware aware of this
change, and still uses the same reference to the CCaret object. When the function
tries to use this invalid reference to call a virtual function at offset 0x2c, it
finally results a crash. Precise control of the freed object allows arbitrary code
execution under the context of the user.
The vuln works against IE8 on Win 7, but the current version of the custom spray
doesn't actually work well against that target. More work is needed before we can
add that target for sure. The reason a custom spray is needed is because the
document.write() function erases the typical spray routines we use like
js_property_spray, or the heaplib + substring one. Tried using an iframe too,
but onbeforeeditfocus event doesn't seem to work well in an iframe (does not
fire when innerHTML is used.)
2013-09-20 10:20:35 -05:00
a00f3d8b8e
initial
2013-09-20 13:40:28 +01:00
7d17eef7a7
Updated several msftidy [WARNING] Spaces at EOL issues.
2013-09-19 20:35:08 -07:00
955365d605
Land #2391 - MS13-071 Microsoft Windows Theme File Handling Vulnerability
2013-09-19 22:21:09 -05:00
9b486e1dbb
Add comment about the smb_* methods
2013-09-19 13:23:46 -05:00
628cfe8e67
Land #2393 , tape_engine_8A filename disambiguation
2013-09-19 10:31:40 -05:00
ef72b30074
Include the post requires until #2354 lands
...
Another one that needs the manual require. See #2354
2013-09-19 09:47:01 -05:00
fb72e7f02a
Disambiguate tape_engine_8A as tape_engine_0x8a
...
This will reopen #2358 to avoid filename collisions on Windows, Rubymine
environments, etc.
2013-09-19 09:35:31 -05:00
058e0fdd80
Changed ret to push esp C:\WINDOWS\system32\msvcrt.dll
2013-09-19 07:21:51 -07:00
8fe9132159
Land #2358 , deprecate funny names
2013-09-18 14:55:33 -05:00
766e96510d
Added minor indentation updates
2013-09-18 12:12:35 -07:00
60d448f600
Add minor cleanup
2013-09-18 14:10:13 -05:00
db8881966e
Merge remote-tracking branch 'upstream/master'
2013-09-18 12:02:01 -07:00
68647c7363
Add module for MS13-071
2013-09-18 13:40:35 -05:00
8728a9a3b7
Bumping out deprecation date
...
Pray I don't alter the deprecation date further.
2013-09-18 11:00:35 -05:00
6cbe371381
minor change
2013-09-17 20:33:46 -07:00
0052f9712b
Updated hard tabs per new requirement
2013-09-17 17:42:01 -07:00
9a555d8701
Fix the modules added since the branch
2013-09-17 18:25:12 -05:00
150f0f644e
Merge branch 'rapid7' into bug/osx-mods-load-order
...
Conflicts:
modules/post/windows/gather/enum_dirperms.rb
2013-09-17 18:21:13 -05:00
52a1b5fa57
updated pcman_stor_msf.rb module with community feedback.
2013-09-16 17:43:10 -07:00
226a75b5da
updated pcman_stor_msf.rb module with community feedback.
2013-09-16 17:37:29 -07:00
b4b7cecaf4
Various minor desc fixes, also killed some tabs.
2013-09-16 15:50:00 -05:00
d4f2e72b9c
updated module to include msftidy.rb
2013-09-16 12:46:13 -07:00
82e3910959
added PCMan's FTP Server Crafted Multiple Command Handling Remote Buffer Overflow (OSVDB 94624)
2013-09-16 12:40:36 -07:00
92cf886e49
updated module to include msftidy.rb
2013-09-16 12:38:00 -07:00
4c83336944
Delete pcman_stor_msf.rb
...
delete because of commit issues.
2013-09-16 12:25:39 -07:00
f657f4d145
added PCMan's FTP Server Crafted Multiple Command Handling Remote Buffer Overflow (OSVDB 94624)
2013-09-16 09:57:27 -07:00
67cd62f306
Land #2366 - HP ProCurve Manager SNAC UpdateCertificatesServlet File Upload
2013-09-16 01:44:23 -05:00
54e9cd81f3
Add module for ZDI-13-226
2013-09-13 17:31:51 -05:00
10303a8c2a
Delete debug print_status
2013-09-13 17:05:23 -05:00
dca4351303
Add check function
2013-09-13 16:51:14 -05:00
f7c4e081bb
Add module for ZDI-13-225
2013-09-13 16:40:28 -05:00
d6f2da690a
Fix web delivery
2013-09-13 21:27:59 +01:00
9ade4cb671
Refactor
2013-09-13 20:43:09 +01:00
243d3d6ebd
Apply comments
2013-09-13 19:19:54 +01:00
4847976995
Update information about original discovery
...
Update info about original discovoery. See #2337 too.
2013-09-13 10:42:11 -05:00
76f27ecde8
Require the deprecation mixin in all modules
...
Because rememberin to require it, and hoping against a race is not how we
roll any more.
2013-09-12 15:49:33 -05:00
761042f14b
require the deprecated mixin
2013-09-12 15:42:01 -05:00
Meatballs