adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
41,886 Commits 27 Branches 1,043 Tags
f8a94de6710abe3042a26a9dca38dcccff2c93be
Commit Graph

2173 Commits

Author SHA1 Message Date
jvazquez-r7 25eb13cb3c Small fix to interface 2013-11-22 17:02:08 -06:00
jvazquez-r7 136c18c070 Add binary objects for MS13-022 2013-11-22 16:45:07 -06:00
sinn3r 94e13a0b8a Initial commit of CVE-2013-3906 2013-11-19 23:10:32 -06:00
OJ 0b413aa0b8 Remove extapi binaries 
These were committed in the flurry of merges last night by me. They
should be removed until the extapi PR has been fully reviewed and
merged. This commit just removes the binaries from master, they'll
be re-added when appropriate.
 2013-11-15 06:24:00 +10:00
jvazquez-r7 4cf16cf360 Land #2633, @OJ's port of Kitrap0d as local exploit 2013-11-14 09:27:10 -06:00
OJ 4bd0900359 Updated meterpreter binaries 
Includes the following:

* Clean builds
* Removal of kitrap0d from getsystem
* Doc updates
* Webcam crash fix
* Schedular and channel refactor
* Posix crash fix for post modules
 2013-11-15 01:14:14 +10:00
OJ 506a4d9e67 Remove genericity, x64 and renamed stuff 
As per discussion on the github issue, the following changes were made:

* Project renamed from elevate to kitrap0d, implying that this is not
  intended to be a generic local priv esc exploit container.
* Container DLL no longer generic, always calls the kitrap0d exploit.
* Removal of all x64 code and project configurations.
* Invocation of the exploit changed so that the address of the payload
  is passed in to the exploit entry point. The exploit is now responsible
  for executing the payload if the exploit is successful. This removes
  the possibility of the payload getting executed when the exploit fails.
* Source moved to the appropriate CVE folder.
* Binary moved to the appropriate CVE folder.
* Little bit of source rejigging to tidy things up.
 2013-11-14 12:22:53 +10:00
jvazquez-r7 ef6d9db48f Land #2613, @wchen-r7's BrowserExploitServer mixin 2013-11-12 17:33:12 -06:00
OJ 40f58ce534 Finalise the local exploit for kitrap0d 
The exploit now properly injects the DLL using RDI and invokes the
exploit based on a parameter passed by the Ruby module. The elevate
code is 'generic' with a goal of possibly supporting more exploits
down the track.

New sessions are now created with the SYSTEM creds, rather than
modifying the existing session. This is now inline with how things
are done with other local modules.
 2013-11-12 23:01:24 +10:00
sinn3r 62102dd1f9 Land #2544 - Vbs minimize 2013-11-11 11:14:56 -06:00
sinn3r 33f65dd611 Land #2577 - Use base64 to reduce psh-net payload size 2013-11-11 10:21:20 -06:00
William Vu f402f4c16e Land #2614, another default OWA URL 2013-11-08 17:20:20 -06:00
Rob Fuller cdc6a863dd Add another default owa url 
Its not default, but not uncommon to find /exchange/ NTLM protected
 2013-11-07 08:50:22 -05:00
sinn3r b34b4ac2b6 Update the java stuff again 2013-11-07 00:57:20 -06:00
sinn3r 991240a87e Support java version detection 2013-11-07 00:54:52 -06:00
OJ 715fdc05ec Updated meterpreter binaries 
Includes the following changes:

* Security cleanup - remove use of insecure functions
* Windows 8/8.1/2012 R2 support to sysinfo
* VS 2013 upgrade
* Command dispatcher refactor
* Getproxy command added (needs MSF side too)
 2013-11-07 14:31:54 +10:00
sinn3r cf5d9c7f01 Add case for IE10 + Win 7 SP1 detection 2013-11-06 11:41:36 -06:00
sinn3r 5f2d8358c0 Be more browser specific with Javascript generation 2013-11-05 01:04:52 -06:00
joev 5f85ede389 Prevent xhr shim from leaking. 2013-11-02 16:47:50 -05:00
joev 90d8da6a21 Fix some bugs in my edits, add a spec. 2013-11-02 16:46:33 -05:00
joev c7c1fcfa98 Pull shared XHR shim out, add option to static Js module method. 
* Moves shim to data/js/network/xhr_shim.js
* Add some yardoc comments
 2013-11-02 14:52:50 -05:00
sinn3r 391360d67f Update xmlhttprequest 2013-10-31 16:09:05 -05:00
sinn3r 6e7e5a0ff9 Put postInfo() in the js directory 2013-10-31 13:55:22 -05:00
joev 4425cf1dc1 Add support for firefox 25. 
Also replaces a bunch of missing semicolons.
 2013-10-30 12:19:22 -05:00
jvazquez-r7 2b5e2df94e Land #2568, @h0ng10's update of SAP url's wordlist 2013-10-28 09:01:33 -05:00
jvazquez-r7 e88e523eaa Delete newline 2013-10-28 09:01:00 -05:00
Meatballs e18dd3ec0b Use base64 to reduce size 2013-10-25 01:19:43 +01:00
Tod Beardsley 27739a0351 Meterpreter bins after Meterpreter PR 32 
Protects against potential BOFs due to strcpy usage.

These binaries were built against meterpreter master after
https://github.com/rapid7/meterpreter/pull/32 landed.

The CI tests can be seen here:

https://ci.metasploit.com/view/Meterpreter/job/MeterpreterWin/75/

Note, this commit is signed. Your merge commit should be signed, too, so
people can be assured that nobody is backdooring Meterpreter on the sly.
 2013-10-24 15:15:49 -05:00
Tod Beardsley b5f26455a3 Land #2545, javascript library overhaul 2013-10-23 16:12:49 -05:00
Meatballs e6a2a1006f Merge remote-tracking branch 'upstream/master' into bypassuac_redo 
Conflicts:
	lib/msf/core/post/windows/priv.rb
	modules/exploits/windows/local/bypassuac.rb
 2013-10-23 21:02:32 +01:00
h0ng10 a834fec889 Added URL for PT-2013-13/SAP Note 1820894 2013-10-23 21:20:18 +02:00
h0ng10 e02bf0cce6 Added /AdapterFramework/version/version.jsp 2013-10-23 21:09:19 +02:00
sinn3r 19615ac4b7 Apparently I missed a lot of stuff 2013-10-21 21:02:01 -05:00
Tod Beardsley 824dd84982 Merge remote-tracking branch 'upstream/pr/2500' into temp 2013-10-21 14:26:05 -05:00
Meatballs1 1717a98ba3 Update to_exe.vbs.template 
Rename values
 2013-10-21 13:49:09 +01:00
sinn3r 8a94df7dcd Change category name for base64 2013-10-18 21:20:16 -05:00
sinn3r 62dadc80d3 Make sure the data type for the return value is a string 2013-10-18 21:08:46 -05:00
sinn3r 711399bb34 Update property_spray.js 2013-10-18 20:56:00 -05:00
sinn3r e1ca2d2730 Fix mstime_malloc.js 2013-10-18 20:49:33 -05:00
sinn3r 298f23c91c Fix extra slashes that cause browser autopwn to fail. 2013-10-18 20:43:39 -05:00
Meatballs 2ef89eaf35 Randomize exe name 2013-10-18 19:01:28 +01:00
Meatballs 56aa9ab01c Reduce size 2013-10-18 18:59:30 +01:00
OJ 827bf23979 Updated binaries with railgun crash fixes 2013-10-18 19:43:17 +10:00
sinn3r c926fa710b Move all exploitation-related JavaScript to their new home 2013-10-17 16:43:29 -05:00
Meatballs b3cc9f6f1e Use sysnative to delete the cryptbase.dll when in SYSWOW64 process. 
Merge branch 'master' of github.com:Meatballs1/metasploit-framework into bypassuac_redo

Conflicts:
	modules/exploits/windows/local/bypassuac.rb
 2013-10-17 21:01:57 +01:00
Tod Beardsley bd405277d9 Add a default Samsung community string 
See http://www.kb.cert.org/vuls/id/281284

and

http://www.h-online.com/security/news/item/Samsung-network-printer-vulnerability-discovered-Update-2-1757967.html
 2013-10-17 10:35:59 -05:00
Spencer McIntyre 6f23e95c14 Fix an endianess issue in pymeterpreter registry_query_value. 2013-10-12 23:39:22 +01:00
Meatballs 378f403fab Land #2453, Add stdapi_net_resolve_host(s) to Python Meterpreter. 
Moves resolve_host post module to multi and depreciates Windows module.
Resolve will now return nil for failed lookups instead of an empty
string.
 2013-10-10 20:13:06 +01:00
g0tmi1k 6b004086ea Removed SVN from msfupdate 2013-10-10 12:25:00 +00:00
OJ b477ae369b Updated stdapi binaries with railgun fix 
Changes are from https://github.com/rapid7/meterpreter/pull/28
 2013-10-10 16:03:38 +10:00