adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,054 Commits 27 Branches 1,043 Tags
94de45d856b7d4ea32456bbdc7531af67bfbcaa1
Commit Graph

13654 Commits

Author SHA1 Message Date
Tod Beardsley 94e28933c8 Whitespace fixes. msftidy.rb yall 2012-06-27 10:06:15 -05:00
sinn3r 9ea6d84a7a Make it clear the exploit doesn't like certain PDF formats 
If the exploit cannot fetch certain xref fields, we warn the user
we don't like their PDF, and recommend them to try a different
one.
 2012-06-26 16:32:10 -05:00
h0ng10 6cc8390da9 Module rewrite, included Java support, direct upload, plugin deletion 2012-06-26 11:56:44 -04:00
sinn3r b966dda980 Update missing CVE reference 2012-06-26 01:26:09 -05:00
sinn3r 8f355554c8 Update missing CVE reference 2012-06-26 01:21:24 -05:00
sinn3r 0d7b6d4053 Update missing CVE reference 2012-06-26 01:20:28 -05:00
sinn3r c7935e0e99 Update OSVDB reference 2012-06-26 01:18:25 -05:00
sinn3r 9980c8f416 Add rh0's analysis 2012-06-25 21:32:45 -05:00
sinn3r 7698b2994d Correct OSVDB typo 2012-06-25 18:32:35 -05:00
sinn3r 8927c8ae57 Make it more verbose, and do some exception handling for cleanup 2012-06-25 17:27:33 -05:00
jvazquez-r7 7b0f3383d2 delete default credentials 2012-06-25 23:53:56 +02:00
jvazquez-r7 7dc1a572e5 trying to fix serialization issues 2012-06-25 23:25:38 +02:00
jvazquez-r7 4c453f9b87 Added module for CVE-2012-0694 2012-06-25 17:21:03 +02:00
HD Moore 807f7729f0 Merge branch 'master' into feature/vuln-info 2012-06-25 10:10:20 -05:00
Steve Tornio 5d2655b0ce add osvdb ref 2012-06-25 09:00:03 -05:00
HD Moore 348a0b8f6e Merge branch 'master' into feature/vuln-info 2012-06-24 23:00:13 -05:00
HD Moore c28d47dc70 Take into account an integer-normalized datastore 2012-06-24 23:00:02 -05:00
HD Moore e31a09203d Take into account an integer-normalized datastore 2012-06-24 22:59:14 -05:00
h0ng10 65197e79e2 added Exploit for CVE-2008-6508 (Openfire Auth bypass) 2012-06-24 07:35:38 -04:00
sinn3r e805675c1f Add Apple iTunes 10 Extended M3U Stack Buffer Overflow 
New exploit against Apple iTunes. Note that this appears to be
different than liquidworm's CVE-2012-0677, because this one is
a stack-based buffer overflow, while CVE-2012-0677 is heap-based,
and a different crash/backtrace. However, according to Rh0, this
bug is patched anyway in the same update... possibly a silent
patch.

As of now, there seems to be no CVE or OSVDB addressing this
particular bug.
 2012-06-24 02:01:34 -05:00
James Lee 6913440d67 More progress on syscall wrappers 
Something is still broken, my socket() is returning EAFNOSUPPORT whereas
what looks like the same syscall in wunderbar_emporium's exploit.c is
returning a socket. Similarly, my __mmap2() is returning EFAULT when
trying to map anything, not just NULL.
 2012-06-22 17:45:49 -06:00
Tod Beardsley d708f2526c Adding ref for APSB12-09 to new Flash sploit 2012-06-22 17:30:52 -05:00
jvazquez-r7 72ef8c91f0 module for CVE-2012-0779 added 2012-06-23 00:21:18 +02:00
m-1-k-3 315a1707e7 also new version v2.07.16 is vulnerable 2012-06-22 13:18:45 +02:00
James Lee fd8b1636b9 Add the first bits of a sock_sendpage exploit 
This can currently build an executable that creates a socket, opens a
temporary file, truncates that file with ftruncate(2) and calls
sendfile. Still needs to mmap NULL and figure out ring0 shellcode.

Baby steps.
 2012-06-22 00:03:29 -06:00
James Lee 815d80a2cc Merge branch 'rapid7' into omg-post-exploits 2012-06-21 17:02:55 -06:00
sinn3r 9d52ecfbb6 Fix a few mistakes (typos & reference) 2012-06-21 02:32:04 -05:00
jvazquez-r7 6be7ba98aa ezserver_http: added bid reference 2012-06-20 22:08:58 +02:00
HD Moore f7ecc98923 Merge branch 'master' into feature/vuln-info 2012-06-20 13:34:53 -05:00
sinn3r beb8e33fc4 Fix a typo 2012-06-20 09:53:09 -05:00
sinn3r efaf5cf193 Oops, I found a typo. 2012-06-19 22:57:45 -05:00
sinn3r 9a9dd53e86 Use get_resource() instead of the hard-coded path 2012-06-19 22:56:25 -05:00
sinn3r 79fc053a2e Merge branch 'module-CVE-2011-2110' of https://github.com/mrmee/metasploit-framework into mrmee-module-CVE-2011-2110 2012-06-19 22:05:07 -05:00
Steven Seeley fcf42d3e7b added adobe flashplayer array indexing exploit (CVE-2011-2110) 2012-06-20 12:52:37 +10:00
HD Moore d40e39b71b Additional exploit fail_with() changes to remove raise calls 2012-06-19 19:43:41 -05:00
HD Moore 664458ec45 No more crap :/ 2012-06-19 19:43:29 -05:00
jvazquez-r7 a93eeca68d msxml_get_definition_code_exec: added support for ie9 2012-06-20 00:17:50 +02:00
Tod Beardsley 3b1c434252 Remove trailing space 2012-06-19 16:44:07 -05:00
HD Moore fb7f6b49f0 This mega-diff adds better error classification to existing modules 2012-06-19 12:59:15 -05:00
HD Moore f7a85f3f9d Make it clear that this works on Vista SP2 2012-06-18 20:13:37 -05:00
HD Moore 4739affd54 Fix the comment as well 2012-06-18 19:57:56 -05:00
HD Moore bd0fd8195d Add compatibility for Vista SP2 from troulouliou 2012-06-18 19:55:52 -05:00
sinn3r 4987acc703 Correct e-mail format, description, and some commas. 2012-06-18 18:52:26 -05:00
sinn3r af8cb03d1b Merge branch 'distcc-add-check' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-distcc-add-check 2012-06-18 18:33:21 -05:00
HD Moore 29887272a9 Correct the description to mention IE8 on Windows 7 2012-06-18 18:14:59 -05:00
jvazquez-r7 2df237b066 minor fixes 2012-06-18 22:44:17 +02:00
Juan Vazquez 10bd72f3a1 Merge pull request #500 from modpr0be/module-ezserver 
added ezserver <=6.4.017 bof for winxp sp3
 2012-06-18 13:42:35 -07:00
James Lee 96c16a498a Add a check for distcc_exec 
Just executes the exploit with an "echo <random>" payload to see if it
works.
 2012-06-18 14:34:02 -06:00
modpr0be d706199a83 fix all changes suggested by jvazquez-r7 2012-06-19 02:05:25 +07:00
sinn3r 256290c206 Additional changes 2012-06-18 10:49:16 -05:00