adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
41,886 Commits 27 Branches 1,043 Tags
f8a94de6710abe3042a26a9dca38dcccff2c93be
Commit Graph

5244 Commits

Author SHA1 Message Date
Meatballs 410b1c607f Refactor to new psexec style 2014-04-02 21:16:19 +01:00
Meatballs ca2fb3da65 Merge branch 'master' into psexec_refactor_round2 
Conflicts:
	lib/msf/core/exploit/smb/psexec.rb
	modules/exploits/windows/smb/psexec.rb
 2014-04-02 21:01:45 +01:00
jvazquez-r7 a85d451904 Add module for CVE-2014-2314 2014-04-02 14:49:31 -05:00
agix 4a575d57ab Try to fix Meatballs1 suggestions : optional service_description change call 2014-04-02 20:33:09 +01:00
agix b636a679ae Erf, sorry, fixed now 2014-04-02 20:33:08 +01:00
agix 631a7b9c48 Adapt to new psexec mixin (first try :D) 2014-04-02 20:33:08 +01:00
Florian Gaultier 978bdbb676 Custom Service Description 2014-04-02 20:33:07 +01:00
HD Moore a7a0a306f9 Fix usage of os_flavor for target matching 2014-04-02 07:23:30 -07:00
HD Moore 55d9928186 Fix use of os_flavor to ensure correct target matching 2014-04-02 07:21:54 -07:00
HD Moore be4a366eab Fix up two modules using the old os_flavor definition 2014-04-02 07:19:47 -07:00
HD Moore 7e227581a7 Rework OS fingerprinting to match Recog changes 
This commit changes how os_name and os_flavor are handled
for client-side exploits, matching recent changes to the
server-side exploits and scanner fingerprints.

This commit also updates the client-side fingerprinting to
take into account Windows 8.1 and IE 9, 10, and 11.
 2014-04-01 08:14:58 -07:00
William Vu cf2589ba8d Land #3162, Microsoft module name changes 2014-03-28 23:10:27 -05:00
sinn3r d7ca537a41 Microsoft module name changes 
So after making changes for MSIE modules (see #3161), I decided to
take a look at all MS modules, and then I ended up changing all of
them. Reason is the same: if you list modules in an ordered list
, this is a little bit easier to see for your eyes.
 2014-03-28 20:56:53 -05:00
sinn3r 466096f637 Add MSB number to name 2014-03-28 20:33:40 -05:00
jvazquez-r7 f7b1874e7d Land #3151, @wchen-r7's use of BrowserExploitServer in ms13-59's exploit 2014-03-28 14:43:38 -05:00
sinn3r 8ec10f7438 Use BrowserExploitServer for MS13-059 module 2014-03-26 17:49:01 -05:00
jvazquez-r7 19918e3207 Land #3143, @wchen-r7's switch to BrowserExploitServer on ie_setmousecapture_uaf 2014-03-26 14:16:35 -05:00
sinn3r fdc355147f Use BrowserExploitServer mixin for ie_setmousecapture_uaf.rb 2014-03-25 18:41:47 -05:00
sinn3r 6c206e4ced Add a comment about what this build version range is covering 2014-03-25 11:43:13 -05:00
sinn3r 7108d2b90a Add ua_ver and mshtml_build requirements 
This vulnerability is specific to certain builds of IE9.
 2014-03-25 11:35:35 -05:00
Tod Beardsley cfdd64d5b1 Title, description grammar and spelling 2014-03-24 12:16:59 -05:00
Meatballs b524507e4e Merge remote-tracking branch 'upstream/master' into land_2551 
Conflicts:
	modules/exploits/windows/local/ask.rb
 2014-03-22 18:14:45 +00:00
Meatballs 7b2f0a64fc Tidy up 2014-03-22 18:07:57 +00:00
Meatballs 04506d76f3 Dont check for admin 2014-03-22 17:57:27 +00:00
jvazquez-r7 a5afd929b4 Land #3120, @wchen-r7's exploit for CVE-2014-0307 2014-03-20 11:16:40 -05:00
jvazquez-r7 8cb7bc3cbe Fix typo 2014-03-20 11:13:57 -05:00
sinn3r c5158a3ccc Update CVE 2014-03-19 22:13:23 -05:00
Tod Beardsley d27264b402 Land #2782, fix expand_path abuse 2014-03-19 08:41:28 -05:00
Meatballs 8082c19469 Allow servicename/displayname to be set 
Tidyup psexec some more
 2014-03-19 13:16:14 +00:00
sinn3r 2e76faa076 Add MS14-012 Internet Explorer Use-After-Free Exploit Module 
Add MS14-012 IE UAF.
 2014-03-18 17:55:56 -05:00
Tod Beardsley 8f2124f5da Minor updates for release 
Fixes some title/desc action.
Adds a print_status on the firefox module so it's not just silent.
Avoids the use of "puts" in the description b/c this freaks out msftidy
(it's a false positive but easily worked around).
 2014-03-17 13:26:26 -05:00
David Maloney da0c37cee2 Land #2684, Meatballs PSExec refactor 2014-03-14 13:01:20 -05:00
OJ 409787346e Bring build tools up to date, change some project settings 
This commit brings the source into line with the general format/settings
that are used in other exploits.
 2014-03-14 22:57:16 +10:00
sinn3r 243fa4f56a Land #2910 - MPlayer Lite M3U Buffer Overflow 2014-03-13 14:13:17 -05:00
sinn3r e832be9eeb Update description and change ranking 
The exploit requires the targeted user to open the malicious in
specific ways.
 2014-03-13 14:09:37 -05:00
kyuzo 41720428e4 Refactoring exploit and adding build files for dll. 2014-03-12 10:25:52 +00:00
William Vu 517f264000 Add last chunk of fixes 2014-03-11 12:46:44 -05:00
William Vu 25ebb05093 Add next chunk of fixes 
Going roughly a third at a time.
 2014-03-11 12:23:59 -05:00
OJ 3ea3968d88 Merge branch 'upstream/master' into stop_abusing_expand_path 
Conflicts:
	lib/msf/core/post/windows/shadowcopy.rb
	modules/exploits/windows/local/bypassuac.rb
	modules/post/windows/gather/wmic_command.rb
	modules/post/windows/manage/persistence.rb
 2014-03-11 23:13:39 +10:00
jvazquez-r7 bc8590dbb9 Change DoS module location 2014-03-10 16:12:20 +01:00
jvazquez-r7 1061036cb9 Use nick instead of name 2014-03-10 16:11:58 +01:00
Tod Beardsley 5485028501 Add 3 Yokogawa SCADA vulns 
These represent our part for public disclosure of the issues listed
here:

http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0001E.pdf

Yokogawa is calling these YSAR-14-0001E, and I think that they map
thusly:

YSAR-14-0001E Vulnerability 1 :: R7-2013-19.1
YSAR-14-0001E Vulnerability 2 :: R7-2013-19.3
YSAR-14-0001E Vulnerability 3 :: R7-2013-19.4

@jvazquez-r7 if you could confirm, I'd be delighted to land these and
get your disclosure blog post published at:

https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilities

Thanks for all the work on these!
 2014-03-10 09:33:54 -05:00
kyuzo 257c121c75 Adding MS013-058 for Windows7 x86 2014-03-06 20:34:01 +00:00
kyuzo 2a1e96165c Adding MS013-058 for Windows7 x86 2014-03-06 18:39:34 +00:00
Brendan Coles df2bdad4f9 Include 'msf/core/exploit/powershell' 
Prevent:

```
[-] 	/pentest/exploit/metasploit-framework/modules/exploits/windows/misc/hp_dataprotector_exec_bar.rb: NameError uninitialized constant Msf::Exploit::Powershell
```
 2014-03-06 12:57:43 +11:00
sinn3r 9d0743ae85 Land #3030 - SolidWorks Workgroup PDM 2014 pdmwService.exe Arbitrary File Write 2014-03-05 16:34:54 -06:00
bcoles 1ea35887db Add OSVDB reference 2014-03-06 01:40:15 +10:30
jvazquez-r7 4e9350a82b Add module for ZDI-14-008 2014-03-05 03:25:13 -06:00
OJ a1aef92652 Land #2431 - In-memory bypass uac 2014-03-05 11:15:54 +10:00
sinn3r f8310b86d1 Land #3059 - ALLPlayer M3U Buffer Overfloww 2014-03-04 11:29:52 -06:00