Adobe Flash Player Drawing Fill Shader Memory Corruption

28 giugno 2015 - Fonte: http://www.mondounix.com
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
 
require 'msf/core'
 
class Metasploit3 < Msf::Exploit::Remote
  Rank = GreatRanking
 
  include Msf::Exploit::Remote::BrowserExploitServer
 
  def initialize(info={})
    super(update_info(info,
      'Name'                => 'Adobe Flash Player Drawing Fill Shader Memory Corruption',
      'Description'         => %q{
        This module exploits a memory corruption happening when applying a Shader as a drawing fill
        as exploited in the wild on June 2015. This module has been tested successfully on:
 
        Windows 7 SP1 (32-bit), IE11 and Adobe Flash...

Leggi il seguito »

WordPress Front-end Editor File Upload

24 giugno 2015 - Fonte: http://www.mondounix.com
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
 
require 'msf/core'
 
class Metasploit3 < Msf::Exploit::Remote
  Rank = ExcellentRanking
 
  include Msf::HTTP::Wordpress
  include Msf::Exploit::FileDropper
 
  def initialize(info = {})
    super(update_info(
      info,
      'Name'           => 'Wordpress Front-end Editor File Upload',
      'Description'    => %q{
          The Wordpress Front-end Editor plugin contains an authenticated file upload
          vulnerability. We can upload arbitrary files to the upload folder, because
          the plugin also uses it's own file upload mechanism instead of the...

Leggi il seguito »

WordPress RevSlider 3.0.95 File Upload / Execute

15 maggio 2015 - Fonte: http://www.mondounix.com
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
 
require 'msf/core'
 
class Metasploit3 < Msf::Exploit::Remote
  Rank = ExcellentRanking
 
  include Msf::HTTP::Wordpress
  include Msf::Exploit::FileDropper
 
  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Wordpress RevSlider File Upload and Execute Vulnerability',
      'Description'    => %q{
        This module exploits an arbitrary PHP code upload in the WordPress ThemePunch
        Revolution Slider ( revslider ) plugin, version 3.0.95 and prior. The
        vulnerability allows for arbitrary file upload and remote code execution.
...

Leggi il seguito »

WordPress Holding Pattern Theme Arbitrary File Upload

5 marzo 2015 - Fonte: http://www.mondounix.com
##
# This module requires Metasploit: http://www.metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
 
require 'msf/core'
require 'socket'
 
class Metasploit3 < Msf::Exploit::Remote
  Rank = ExcellentRanking
 
  include Msf::Exploit::FileDropper
  include Msf::HTTP::Wordpress
 
  def initialize(info = {})
    super(update_info(
      info,
      'Name'            => 'WordPress Holding Pattern Theme Arbitrary File Upload',
      'Description'     => %q{
          This module exploits a file upload vulnerability in all versions of the
          Holding Pattern theme found in the upload_file.php script which contains
          no session or file validation. It...

Leggi il seguito »

WordPress Admin Shell Upload

5 marzo 2015 - Fonte: http://www.mondounix.com
##
# This module requires Metasploit: http://www.metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
 
require 'msf/core'
require 'rex/zip'
 
class Metasploit3 < Msf::Exploit::Remote
  Rank = ExcellentRanking
 
  include Msf::Exploit::FileDropper
  include Msf::HTTP::Wordpress
 
  def initialize(info = {})
    super(update_info(
      info,
      'Name'            => 'WordPress Admin Shell Upload',
      'Description'     => %q{
          This module will generate a plugin, pack the payload into it
          and upload it to a server running WordPress providing valid
          admin credentials are used.
        },
      'License'         => MSF_LICENSE,
...

Leggi il seguito »

How to install Metasploit on OS X Mavericks and Yosemite, an Updated Guide

16 gennaio 2015 - Fonte: http://www.evilsocket.net/

Today I tried to install the Metasploit framework both on my Mavericks MacBook Pro and my Yosemite MacBook Air, unfortunately all the guides I've found seem to be quite outdated and various hacks are needed to make the actual process really work.
So I decided to write an updated guide on my blog, just in case someone else will need it ^_^

Requirements

First thing first, you will need to install some requirements, if you are a developer/hacker you will probably have them already, but you never know.

XCode Command Line Tools

Issue the following command on your terminal:

xcode-select --install

And choose the Install option to install XCode command line tools needed for compilation, etc.

Java

Make sure you...

Leggi il seguito »

WordPress Download Manager Unauthenticated File Upload

16 dicembre 2014 - Fonte: http://www.mondounix.com
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
 
require 'msf/core'
 
class Metasploit3 < Msf::Exploit::Remote
  Rank = ExcellentRanking
 
  include Msf::HTTP::Wordpress
  include Msf::Exploit::FileDropper
 
  def initialize(info = {})
    super(update_info(
    info,
    'Name'           => 'Wordpress Download Manager (download-manager) Unauthenticated File Upload',
    'Description'    => %q{
      The WordPress download-manager plugin contains multiple unauthenticated file upload
      vulnerabilities which were fixed in version 2.7.5.
    },
    'Author'         =>
    [
      'Mickael Nadeau',    ...

Leggi il seguito »

Pandora FMS SQL Injection Remote Code Execution

26 novembre 2014 - Fonte: http://www.mondounix.com
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
 
require 'msf/core'
 
class Metasploit3 < Msf::Exploit::Remote
  Rank = ExcellentRanking
 
  include Msf::Exploit::Remote::HttpClient
  include Msf::Exploit::FileDropper
 
  def initialize(info={})
    super(update_info(info,
      'Name'           => 'Pandora FMS SQLi Remote Code Execution',
      'Description'    => %q{
        This module attempts to exploit multiple issues in order to gain remote
        code execution under Pandora FMS version <= 5.0 SP2.  First, an attempt
        to authenticate using default credentials is performed.  If this method
...

Leggi il seguito »

Samsung Galaxy KNOX Android Browser Remote Code Execution

18 novembre 2014 - Fonte: http://www.mondounix.com
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
 
require 'msf/core'
require 'digest/md5'
 
class Metasploit3 < Msf::Exploit::Remote
 
  include Msf::Exploit::Remote::BrowserExploitServer
 
  # Hash that maps payload ID -> (0|1) if an HTTP request has
  # been made to download a payload of that ID
  attr_reader :served_payloads
 
  def initialize(info = {})
    super(update_info(info,
      'Name'                => 'Samsung Galaxy KNOX Android Browser RCE',
      'Description'         => %q{
        A vulnerability exists in the KNOX security component of the Samsung Galaxy
        firmware that allows...

Leggi il seguito »

Xerox Multifunction Printers (MFP) “Patch” DLM Escalation

3 novembre 2014 - Fonte: http://www.mondounix.com
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
 
require 'msf/core'
 
class Metasploit3 < Msf::Exploit::Remote
 
  Rank = GoodRanking
  include Msf::Exploit::Remote::Tcp
 
  def initialize(info = {})
    super(update_info(info,
      'Name'            => 'Xerox Multifunction Printers (MFP) "Patch" DLM Vulnerability',
      'Description'     => %{
        This module exploits a vulnerability found in Xerox Multifunction Printers (MFP). By
        supplying a modified Dynamic Loadable Module (DLM), it is possible to execute arbitrary
        commands under root priviages.
      },
      'Author'     ...

Leggi il seguito »