adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
41,886 Commits 27 Branches 1,043 Tags
f8a94de6710abe3042a26a9dca38dcccff2c93be
Commit Graph

10172 Commits

Author SHA1 Message Date
jvazquez-r7 27d142b387 Solve conflict by keeping file 2014-03-19 12:15:05 -05:00
jvazquez-r7 fb645b6692 Clean code 2014-03-19 12:06:20 -05:00
jvazquez-r7 0a795ab602 Land #3106, @xistence's exploit for Array Networks devices 2014-03-19 10:49:03 -05:00
jvazquez-r7 0e27d75e60 Code clean up 2014-03-19 10:48:25 -05:00
Tod Beardsley d27264b402 Land #2782, fix expand_path abuse 2014-03-19 08:41:28 -05:00
Meatballs 8082c19469 Allow servicename/displayname to be set 
Tidyup psexec some more
 2014-03-19 13:16:14 +00:00
xistence 056ce5d097 removed file which did not belong in this pull request 2014-03-19 15:04:19 +07:00
sinn3r 2e76faa076 Add MS14-012 Internet Explorer Use-After-Free Exploit Module 
Add MS14-012 IE UAF.
 2014-03-18 17:55:56 -05:00
jvazquez-r7 379c0efd5a Update POP chain documentation 2014-03-18 16:29:30 -05:00
jvazquez-r7 77c128fbc5 Fix disclosure date and add ref 2014-03-18 16:21:44 -05:00
jvazquez-r7 b6e8bb62bb Switch exploitation technique to use default available classes 2014-03-18 16:07:50 -05:00
William Vu dfd3a81566 Land #3111, hash rockets shouldn't be in refs 2014-03-18 14:25:04 -05:00
jvazquez-r7 38176ad67d Land #3109, @xistence's Loadbalancer.org Enterprise VA applicance exploit 2014-03-18 06:53:26 -05:00
jvazquez-r7 ddd923793a Do minor clean up 2014-03-18 06:52:50 -05:00
jvazquez-r7 ad49df4301 Register RHOST 2014-03-18 06:17:41 -05:00
jvazquez-r7 600338bd29 Land #3108, @xistence's exploit for Quantum vmPRO shell-escape 2014-03-18 06:12:18 -05:00
jvazquez-r7 f656e5fedb Do minor clean up 2014-03-18 06:11:02 -05:00
jvazquez-r7 f86fd8af5d Delete debug print 2014-03-17 21:01:41 -05:00
jvazquez-r7 3bdd906aae Add module for CVE-2014-1691 2014-03-17 20:47:45 -05:00
Tod Beardsley 8f2124f5da Minor updates for release 
Fixes some title/desc action.
Adds a print_status on the firefox module so it's not just silent.
Avoids the use of "puts" in the description b/c this freaks out msftidy
(it's a false positive but easily worked around).
 2014-03-17 13:26:26 -05:00
Tod Beardsley c916b62f47 Removes hash rockets from references. 
[SeeRM #8776]
 2014-03-17 09:40:32 -05:00
xistence 9bb4e5cfc3 Loadbalancer.org Enterprise VA SSH privkey exposure 2014-03-17 14:22:51 +07:00
xistence c116697c70 Quantum vmPRO backdoor command 2014-03-17 14:19:27 +07:00
xistence ef4a019b20 Quantum DXi V1000 SSH private key exposure 2014-03-17 14:15:00 +07:00
xistence e261975c34 Array Networks vxAG and vAPV SSH key and privesc 2014-03-17 14:11:16 +07:00
xistence 1043d9d8b2 Array Networks vxAG and vAPV SSH key and privesc 2014-03-17 14:06:55 +07:00
David Maloney da0c37cee2 Land #2684, Meatballs PSExec refactor 2014-03-14 13:01:20 -05:00
OJ 409787346e Bring build tools up to date, change some project settings 
This commit brings the source into line with the general format/settings
that are used in other exploits.
 2014-03-14 22:57:16 +10:00
sinn3r 243fa4f56a Land #2910 - MPlayer Lite M3U Buffer Overflow 2014-03-13 14:13:17 -05:00
sinn3r e832be9eeb Update description and change ranking 
The exploit requires the targeted user to open the malicious in
specific ways.
 2014-03-13 14:09:37 -05:00
sinn3r 6e37493471 Land #3091 - native shellcode payloads from a FF privileged js shell 2014-03-13 13:36:37 -05:00
Joe Vennix 952b50f8c1 Add priv escalation mixin to the firefox local exploit. 2014-03-13 11:49:44 -05:00
kyuzo 41720428e4 Refactoring exploit and adding build files for dll. 2014-03-12 10:25:52 +00:00
Joe Vennix facd743f1f Oops. Add missing dir to dalvikstager path. 2014-03-11 19:48:39 -05:00
William Vu 517f264000 Add last chunk of fixes 2014-03-11 12:46:44 -05:00
William Vu 25ebb05093 Add next chunk of fixes 
Going roughly a third at a time.
 2014-03-11 12:23:59 -05:00
William Vu 170608e97b Fix first chunk of msftidy "bad char" errors 
There needs to be a better way to go about preventing/fixing these.
 2014-03-11 11:18:54 -05:00
Joe Vennix 5c2168513a Update path in #dalvikstager. 2014-03-11 11:03:36 -05:00
OJ 3ea3968d88 Merge branch 'upstream/master' into stop_abusing_expand_path 
Conflicts:
	lib/msf/core/post/windows/shadowcopy.rb
	modules/exploits/windows/local/bypassuac.rb
	modules/post/windows/gather/wmic_command.rb
	modules/post/windows/manage/persistence.rb
 2014-03-11 23:13:39 +10:00
Tim c76924e946 native jni stager 2014-03-10 21:50:00 -05:00
Tod Beardsley 2086224a4c Minor fixes. Includes a test module. 2014-03-10 14:49:45 -05:00
Tod Beardsley 26be236896 Pass MSFTidy please 2014-03-10 14:45:56 -05:00
jvazquez-r7 bc8590dbb9 Change DoS module location 2014-03-10 16:12:20 +01:00
jvazquez-r7 1061036cb9 Use nick instead of name 2014-03-10 16:11:58 +01:00
Tod Beardsley 5485028501 Add 3 Yokogawa SCADA vulns 
These represent our part for public disclosure of the issues listed
here:

http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0001E.pdf

Yokogawa is calling these YSAR-14-0001E, and I think that they map
thusly:

YSAR-14-0001E Vulnerability 1 :: R7-2013-19.1
YSAR-14-0001E Vulnerability 2 :: R7-2013-19.3
YSAR-14-0001E Vulnerability 3 :: R7-2013-19.4

@jvazquez-r7 if you could confirm, I'd be delighted to land these and
get your disclosure blog post published at:

https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilities

Thanks for all the work on these!
 2014-03-10 09:33:54 -05:00
sinn3r c76a1ab9f4 Land #3065 - Safari User-Assisted Download & Run Attack 2014-03-07 10:29:56 -06:00
Joe Vennix 9638bc7061 Allow a custom .app bundle. 
* adds a method to Rex::Zip::Archive to allow recursive packing
 2014-03-06 16:11:30 -06:00
Joe Vennix 5abb442757 Adds more descriptive explanation of 10.8+ settings. 2014-03-06 15:15:27 -06:00
kyuzo 257c121c75 Adding MS013-058 for Windows7 x86 2014-03-06 20:34:01 +00:00
Joe Vennix 43d315abd5 Hardcode the platform in the safari exploit. 2014-03-06 13:04:47 -06:00