adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
41,886 Commits 27 Branches 1,043 Tags
f8a94de6710abe3042a26a9dca38dcccff2c93be
Commit Graph

10172 Commits

Author SHA1 Message Date
jvazquez-r7 bfe0fdb776 Move module 2014-02-25 07:58:00 -06:00
xistence ab167baf56 Added randomness instead of payload and xxe keywords 2014-02-25 15:23:10 +07:00
jvazquez-r7 4908d80d6c Clean up module 2014-02-24 16:00:54 -06:00
Michael Messner 2935f4f562 CMD target 2014-02-24 18:12:23 +01:00
jvazquez-r7 c981bbeab9 Land #3011, @wchen-r7's fix for Dexter exploit 2014-02-24 10:53:10 -06:00
jvazquez-r7 c9f0885c54 Apply @jlee-r7's feedback 2014-02-24 10:49:13 -06:00
bcoles a29c6cd2b4 Add SolidWorks Workgroup PDM 2014 pdmwService.exe Arbitrary File Write 2014-02-25 02:57:25 +10:30
xistence 5485759353 Added Symantec Endpoint Protection Manager RCE 2014-02-24 15:04:37 +07:00
xistence 8e3f70851d Added Symantec Endpoint Protection Manager RCE 2014-02-24 15:01:13 +07:00
Michael Messner 0126e3fcc8 cleanup 2014-02-23 21:17:32 +01:00
Michael Messner dbbd080fc1 a first try of the cmd stager, wget in a seperated module included 2014-02-23 20:59:17 +01:00
OJ fdd0d91817 Updated the Ultra Minit HTTP bof exploit 
After exploiting this application manually I decided to make this
an MSF exploit, only to find that other people had beaten me to it.
However, the existing exploit was broken in a few ways, and this
commit makes those problems go away. They include:

* Correct use of alpha chars in the buffer leading up to the payload
  which results in bad chars being avoided. Bad chars muck with the
  offsets because they get expanded.
* Adjustment of the payload so that it runs in another thread instead
  of in the thread of the request handler. This prevents the session
  from being killed after the hard-coded 60-second timeout that is
  baked into the application.
* The handler thread terminates itself so that the process doesn't
  crash.
* Extra targets were added based on the machines I had access to.
 2014-02-23 21:23:41 +10:00
Meatballs 2f7f344be3 Copy original sleep 2014-02-23 04:53:48 +00:00
Meatballs 6127ff92ce Fix race condition 
Wait for Sysprep to ExitProcess before cleaning up the DLLs...
 2014-03-03 23:41:25 +00:00
Meatballs d396be963a Use new cmd_exec_get_pid 2014-02-28 20:53:13 +00:00
Meatballs 2a6258be15 Merge remote-tracking branch 'upstream/master' into bypassuac_redo 
Conflicts:
	external/source/exploits/make.bat
 2014-02-28 20:26:24 +00:00
Meatballs e0fa1d532c Dont think this works on vista/8 2014-02-26 23:14:17 +00:00
Meatballs 5a7730b495 Merge remote-tracking branch 'upstream/master' into bypassuac_redo 2014-02-25 23:15:47 +00:00
Meatballs 8bdb22aeb9 Merge remote-tracking branch 'upstream/master' into bypassuac_redo 
Conflicts:
	lib/msf/core/post/windows.rb
 2014-02-25 22:15:05 +00:00
Meatballs 1f08ad48a4 Fix payload_path method 2014-02-25 22:11:23 +00:00
Meatballs 6687ef80ee Further bypassuac tidies 
Dont rescue Exception
Use ReflectiveDLLInjection post mixin
Dont keep retrieving %TEMP% path
 2014-02-25 22:03:01 +00:00
David Maloney 23381ea2cb code tidying 
break big exploit method up into
smaller methods for better maintainability
 2014-02-25 14:07:48 -06:00
jakxx c8940c37f5 Updating References 2014-02-21 09:23:08 -05:00
jakxx ef51de3826 Updating References 2014-02-21 09:21:08 -05:00
jakxx b5bc3dd4fc Added py_web_delivery 2014-02-20 21:53:00 -05:00
jakxx 1834784b93 Added php_web_delivery 2014-02-20 13:41:26 -05:00
jakxx 45d554e6d9 Delete powershell_psexec.rb 2014-02-20 12:01:04 -05:00
jakxx 0a63b40572 Merge remote-tracking branch 'upstream/master' 2014-02-20 11:48:41 -05:00
jvazquez-r7 998fa06912 Land #2998, @bit4bit's fix for the vtigercrm exploit 2014-02-20 08:36:05 -06:00
jvazquez-r7 0b27cd13e8 Make module work 2014-02-20 08:35:37 -06:00
sinn3r ed2ac95396 Always replace \ with / for Dexter exploit 
Fix for the following:
https://github.com/rapid7/metasploit-framework/commit/48199fec271006ed66c4de639cd39e41f05df511#commitcomment-5419010
 2014-02-19 09:24:07 -06:00
Joe Vennix 50fb9b247e Restructure some of the exploit methods. 2014-02-19 02:31:22 -06:00
James Lee 4c557a1401 Add Post::Windows::Services#each_service 
Also cleans up some style issues and adds yardoc comments for some stuff
in Post::File

Note that windows/local/service_permissions is still using
`service_list` because it now builds a Rex::Table, which has to have
all the data up front, anyway.
 2014-02-18 18:24:23 -06:00
jvazquez-r7 4ca4d82d89 Land #2939, @Meatballs1 exploit for Wikimedia RCE and a lot more... 2014-02-18 17:48:02 -06:00
James Lee 684c45a5ff Merge remote-tracking branch 'upstream/pr/2766' into merge-2766 2014-02-18 17:36:13 -06:00
Tod Beardsley 721e153c7f Land #3005 to the fixup-release branch 
Prefer the intel on #3005 over my own made up 0day guess. Thanks @wvu!

Conflicts:
	modules/exploits/windows/fileformat/audiotran_pls_1424.rb
 2014-02-18 14:08:54 -06:00
Tod Beardsley a863d0a526 Pre-release fixes, including msftidy errors. 2014-02-18 14:02:37 -06:00
Michael Messner 3a8de6e124 replaced rhost by peer 2014-02-18 21:01:50 +01:00
William Vu 28dc742bcf Fix references and disclosure date 2014-02-18 13:59:58 -06:00
William Vu c216357815 Land #3000, audiotran_pls_1424 SEH exploit 2014-02-18 13:27:14 -06:00
Michael Messner 66e2148197 linksys themoon command execution exploit 2014-02-18 19:43:47 +01:00
Michael Messner 4dda7e6bad linksys themoon command execution exploit 2014-02-18 19:42:50 +01:00
Joe Vennix 57449ac719 Adds working shellcode exec local exploit. 2014-02-17 15:31:45 -06:00
Philip OKeefe 98958bc7bc Making audiotran_pls_1424 more readable and adding comments 2014-02-17 13:40:03 -05:00
pyoor faae51f39e Implemented @jlee-r7 requested changes 2014-02-17 10:13:18 -05:00
sinn3r 52ac85be11 Land #2931 - Oracle Forms and Reports RCE 2014-02-17 08:54:23 -06:00
sinn3r 110ffbf342 Indent looks off for this line 2014-02-17 08:53:29 -06:00
sinn3r 632ea05688 100 columns 2014-02-17 08:52:56 -06:00
sinn3r 8da7ba131b In case people actually don't know what RCE means 2014-02-17 08:51:48 -06:00
sinn3r 73459baefd Add OSVDB references 2014-02-17 08:50:34 -06:00