bb81107e51
Land #4927 , @wchen-r7's exploit for Flash PCRE CVE-2015-0318
2015-03-13 23:58:05 -05:00
0ee0a0da1c
This seems to work
2015-03-13 04:43:06 -05:00
0c3329f69e
Back on track
2015-03-12 15:26:55 -05:00
215c209f88
Land #4901 , CVE-2014-0311, Flash ByteArray Uncompress UAF
2015-03-11 14:04:17 -05:00
43b90610b1
Temp
2015-03-11 13:53:34 -05:00
2a9d6e64e2
Starting point for CVE-2015-0318
2015-03-11 09:58:41 -05:00
cb72b26874
Add module for CVE-2014-0311
2015-03-09 16:52:23 -05:00
df80d56fda
Land #4898 , prefer URI to open-uri
2015-03-09 09:14:10 -05:00
d7295959ca
Remove open-uri usage in msf.
2015-03-05 23:45:28 -06:00
64fd818364
Land #4411 , @bcook-r7's support for direct, atomic registry key access in meterpreter
2015-03-04 10:01:33 -06:00
0988c5e691
use the correct implementation for query_value_direct
2015-03-03 22:29:23 -06:00
c498ba64e4
Added a new pair of default Tomcat credentials. QLogic's QConvergeConsole comes with a bundled Tomcat with a hard-coded username and password for the manager app.
2015-02-19 15:08:50 -06:00
b90639fd66
Land #4726 , X360 Software actvx buffer overflow
2015-02-17 11:41:23 -06:00
0597d2defb
Land #4560 , Massive Java RMI update
2015-02-17 10:07:07 -06:00
cf0589f8c6
add support for direct reg access to pymeterpreter
...
When testing this, I found that the python meterpreter hangs running the
following, with or without these changes.
```
use exploit/multi/handler
set payload python/meterpreter/reverse_tcp
set PythonMeterpreterDebug true
set lhost 192.168.43.1
exploit -j
sleep 5
use exploit/windows/local/trusted_service_path
set SESSION 1
check
```
This turned out to be that pymeterpreter ate all the rest of the data in the
recv socket by consuming 4k unconditionally. This would only be exposed if
there were multiple simultaneous requests so the recv buffer filled beyond a
single request, e.g. when using the registry enumeration functions.
2015-02-17 06:11:20 -06:00
7e9a331087
remove unused .class files
...
These were added for multi/browser/java_signed_applet, but the class
files are already packaged in a jar file, which is what is actually
used.
2015-02-12 16:08:29 -06:00
7ab7add721
bump meterpreter_bins to 0.0.14, update Linux binaries.
...
Hopefully the last manual build before packaging the Linux bins into
meterpreter_bins as well.
This includes all of the fixes and improvements over the past month.
rapid7/meterpreter#116
rapid7/meterpreter#117
rapid7/meterpreter#121
rapid7/meterpreter#124
2015-02-10 12:43:47 -06:00
1f4fdb5d18
Update from master
2015-02-10 10:47:17 -06:00
511f637b31
Call CollectGarbage
2015-02-09 14:44:31 -06:00
af405eeb7d
Land #4287 , @timwr's exploit form CVS-2014-3153
2015-02-09 10:33:14 -06:00
0e4f3b0e80
added built data/exploits/CVE-2014-3153.elf
2015-02-09 09:50:31 -06:00
a46a53acaf
Provide more space for the payload
2015-02-06 14:49:49 -06:00
414349972f
Fix comment
2015-02-06 11:34:20 -06:00
b5e230f838
Add javascript exploit
2015-02-06 11:04:59 -06:00
5b2eb986c9
Land #4678 Add post module to phish credentials
2015-02-04 23:43:02 -06:00
2fdeeb3b13
Rebuilt Java Payloads with the latest NDK/SDK and meterpreter-javapayload
...
Fix rapid7/meterpreter#95 , rebuilt with all outstanding PRs from
rapid7/metasploit-javapayload.
2015-02-02 13:09:15 -06:00
aa7f7d4d81
Add DLL source code
2015-02-01 19:59:10 -06:00
d211488e5d
Add Initial version
2015-02-01 19:47:58 -06:00
25ac9c1ed9
Add post module to phish windows user credentials
2015-01-30 19:50:04 +01:00
f9dccda75d
Delete unused files
2015-01-22 18:00:31 -06:00
75e04705d5
Land #4624 , Firefox 33-35 os.js support
2015-01-22 13:35:47 -06:00
5bfb88d55c
Update os.js to detect newer firefox versions.
2015-01-21 16:12:17 -06:00
94fda6e617
Land #4600 , jvazquez-r7's Linux meterpreter bins
2015-01-20 09:38:35 -06:00
76746eb209
New password from Hathaway
2015-01-19 21:45:47 -06:00
f12c6a1624
Update meterpreter.py
...
Read until exactly pkt_length bytes
2015-01-18 15:45:28 +02:00
d83c6ae215
Update meterpreter.py
...
Read exactly pkt_length from socket, prevents over-reading.
2015-01-18 15:29:23 +02:00
ffc676ead0
Update linux meterp binaries
2015-01-16 17:09:38 -06:00
26789fa76c
Add JMXPayload binary classes for testing
2015-01-15 17:58:09 -06:00
47cd5a3e59
Land #4562 , wchen-r7's Win8 NtApphelpCacheControl privilege escalation
2015-01-15 13:52:07 -06:00
74e8e057dd
Use RDL
2015-01-09 19:02:08 -06:00
dfdf99c8f4
Remove metcli
...
The metcli.exe binary doesn't get used any more and the source was removed
from Meterpreter ages ago. No point in having it in the repo any more.
2015-01-10 09:21:44 +10:00
ce87b126c1
Update to the latest meterpreter_bins
...
This removes checked-in sniffer extension in favor of the gem-packaged version.
It also pulls in the changes for verifying #4411
2015-01-09 16:57:10 -06:00
fce564cde2
Meh, not the debug build. Should be the release build.
2015-01-08 22:06:07 -06:00
14c54cbc22
Update DLL
2015-01-08 21:36:02 -06:00
d3738f0d1a
Add DLL
2015-01-08 17:17:55 -06:00
50ecfbf64c
Land #4553 - Update bypass UAC to work on 7, 8, 8.1, and 2012
2015-01-08 16:19:55 -06:00
3c4ec1d958
Land #4547 , rm data/meterpreter/common.lib
2015-01-08 04:52:29 -06:00
844460dd87
Update bypass UAC to work on 8.1 and 2012
...
This commit contains a bunch of work that comes from Meatballs1 and
Lesage, and updates the bypassuac_inject module so that it works on
Windows 8.x and Windows 2012. Almost zero of the code in this module
can be attributed to me. Most of it comes from Ben's work.
I did do some code tidying, adjustment of style, etc. but other than
that it's all down to other people.
2015-01-08 15:39:19 +10:00
32ddd5ccb4
delete unused library from meterpreter dir
...
common.lib is only used by the build process, not MSF
2015-01-07 16:00:37 -06:00
5480cb81f5
add updated KoreLogic rules to john.conf
...
updated our shipped john.conf to include a
more up to date version of the KoreLogic JtR rules.
They add overhead to the cracking time but are
probably some of the best/most effective JtR
rules out there.
2015-01-07 12:25:04 -06:00
jvazquez-r7