Added the MS13-080 Metasploit exploit

readme/CHANGES

@@ -4,6 +4,7 @@ version 5.3.8
 
 * updated RID_ENUM to the latest version
 * Changed twitter handle from dave_rel1k to @hackingdave
+* Added the MS13-080 exploit from Metasploit
 
 ~~~~~~~~~~~~~~~~
 version 5.3.7

src/core/dictionaries.py

@@ -24,45 +24,47 @@ def ms_module(exploit):
     """ Receives the input given by the user from gen_payload.py """
 
     return {
-            '1':"exploit/multi/browser/java_jre17_jmxbean_2",
-            '2':"exploit/multi/browser/java_jre17_jmxbean",
-            '3':"exploit/windows/browser/ms13_009_ie_slayoutrun_uaf",
-            '4':"exploit/windows/browser/ie_cbutton_uaf",
-            '5':"exploit/multi/browser/java_jre17_exec",
-            '6':"exploit/windows/browser/ie_execcommand_uaf",
-            '7':"exploit/multi/browser/java_atomicreferencearray",
-            '8':"exploit/multi/browser/java_verifier_field_access",
-            '9':"exploit/windows/browser/ms12_037_same_id",
-            '10':"exploit/windows/browser/msxml_get_definition_code_exec",
-            '11':"exploit/windows/browser/adobe_flash_rtmp",
-            '12':"exploit/windows/browser/adobe_flash_mp4_cprt",
-            '13':"exploit/windows/browser/ms12_004_midi",
-            '14':"multi/browser/java_rhino\nset target 1",
-            '15':"windows/browser/ms11_050_mshtml_cobjectelement",
-            '16':"windows/browser/adobe_flashplayer_flash10o",
-            '17':"windows/browser/cisco_anyconnect_exec",
-            '18':"windows/browser/ms11_003_ie_css_import",
-            '19':"windows/browser/wmi_admintools",
-            '20':"windows/browser/ms10_090_ie_css_clip",
-            '21':"windows/browser/java_codebase_trust",
-            '22':"windows/browser/java_docbase_bof",
-            '23':"windows/browser/webdav_dll_hijacker",
-            '24':"windows/browser/adobe_flashplayer_avm",
-            '25':"windows/browser/adobe_shockwave_rcsl_corruption",
-            '26':"windows/browser/adobe_cooltype_sing",
-            '27':"windows/browser/apple_quicktime_marshaled_punk",
-            '28':"windows/browser/ms10_042_helpctr_xss_cmd_exec",
-            '29':"windows/browser/ms10_018_ie_behaviors",
-            '30':"windows/browser/ms10_002_aurora",
-            '31':"windows/browser/ms10_018_ie_tabular_activex",
-            '32':"windows/browser/ms09_002_memory_corruption",
-            '33':"windows/browser/ms09_072_style_object",
-            '34':"windows/browser/ie_iscomponentinstalled",
-            '35':"windows/browser/ms08_078_xml_corruption",
-            '36':"windows/browser/ie_unsafe_scripting",
-            '37':"multi/browser/firefox_escape_retval",
-            '38':"windows/browser/mozilla_mchannel",
-            '39':"auxiliary/server/browser_autopwn",
+            '1':"exploit/windows/browser/ms13_080_cdisplaypointer",
+            '2':"exploit/windows/browser/ie_setmousecapture_uaf",
+            '3':"exploit/multi/browser/java_jre17_jmxbean_2",
+            '4':"exploit/multi/browser/java_jre17_jmxbean",
+            '5':"exploit/windows/browser/ms13_009_ie_slayoutrun_uaf",
+            '6':"exploit/windows/browser/ie_cbutton_uaf",
+            '7':"exploit/multi/browser/java_jre17_exec",
+            '8':"exploit/windows/browser/ie_execcommand_uaf",
+            '9':"exploit/multi/browser/java_atomicreferencearray",
+            '10':"exploit/multi/browser/java_verifier_field_access",
+            '11':"exploit/windows/browser/ms12_037_same_id",
+            '12':"exploit/windows/browser/msxml_get_definition_code_exec",
+            '13':"exploit/windows/browser/adobe_flash_rtmp",
+            '14':"exploit/windows/browser/adobe_flash_mp4_cprt",
+            '15':"exploit/windows/browser/ms12_004_midi",
+            '16':"multi/browser/java_rhino\nset target 1",
+            '17':"windows/browser/ms11_050_mshtml_cobjectelement",
+            '18':"windows/browser/adobe_flashplayer_flash10o",
+            '19':"windows/browser/cisco_anyconnect_exec",
+            '20':"windows/browser/ms11_003_ie_css_import",
+            '21':"windows/browser/wmi_admintools",
+            '22':"windows/browser/ms10_090_ie_css_clip",
+            '23':"windows/browser/java_codebase_trust",
+            '24':"windows/browser/java_docbase_bof",
+            '25':"windows/browser/webdav_dll_hijacker",
+            '26':"windows/browser/adobe_flashplayer_avm",
+            '27':"windows/browser/adobe_shockwave_rcsl_corruption",
+            '28':"windows/browser/adobe_cooltype_sing",
+            '29':"windows/browser/apple_quicktime_marshaled_punk",
+            '30':"windows/browser/ms10_042_helpctr_xss_cmd_exec",
+            '31':"windows/browser/ms10_018_ie_behaviors",
+            '32':"windows/browser/ms10_002_aurora",
+            '33':"windows/browser/ms10_018_ie_tabular_activex",
+            '34':"windows/browser/ms09_002_memory_corruption",
+            '35':"windows/browser/ms09_072_style_object",
+            '36':"windows/browser/ie_iscomponentinstalled",
+            '37':"windows/browser/ms08_078_xml_corruption",
+            '38':"windows/browser/ie_unsafe_scripting",
+            '39':"multi/browser/firefox_escape_retval",
+            '40':"windows/browser/mozilla_mchannel",
+            '41':"auxiliary/server/browser_autopwn",
            }.get(exploit,"ERROR")
 
 

src/core/menu/text.py

@@ -327,6 +327,8 @@ create_payloads_text = """
            ********** PAYLOADS **********\n"""
 
 browser_exploits_menu = [
+'Internet Explorer CDisplayPointer Use-After-Free (10/13/2013)',
+'Micorosft Internet Explorer SetMouseCapture Use-After-Free (09/17/2013)',
 'Java Applet JMX Remote Code Execution (UPDATED 2013-01-19)',
 'Java Applet JMX Remote Code Execution (2013-01-10)',
 'MS13-009 Microsoft Internet Explorer SLayoutRun Use-AFter-Free (2013-02-13)',