adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
22,643 Commits 27 Branches 1,043 Tags
0a3ee573bc274cdf893bdb17dc31cdb65bb698ed
Commit Graph

1009 Commits

Author SHA1 Message Date
Tod Beardsley 90207628cc Land #2666, SSLCompression option 
[SeeRM #823], where Stephen was asking for SSL compression for
Meterpreter -- this isn't that, but it's at least now possible for other
Metasploit functionality.
 2014-01-22 10:42:13 -06:00
Tod Beardsley 0b6e03df75 More comment docs on SSLCompression 2014-01-21 16:48:26 -06:00
Tod Beardsley b8219e3e91 Warn the user about SSLCompression 2014-01-21 16:41:45 -06:00
Joe Vennix d00acccd4f Remove Java target, since it no longer works. 2014-01-04 21:22:47 -06:00
Joe Vennix 60991b08eb Whitespace tweak. 2014-01-03 18:40:31 -06:00
Joe Vennix a5ebdce262 Add exec payload. Cleans up a lot of code. 
Adds some yardocs and whatnot.
 2014-01-03 18:23:48 -06:00
Joe Vennix 8d3130b19e Reorder targets. 2014-01-02 10:48:28 -06:00
Joe Vennix 694cb11025 Add firefox platform, architecture, and payload. 
* Enables chrome privilege exploits in firefox to run a javascript cmd
shell session without touching the disk.
* Adds a spec for the addon_generator.
 2014-01-02 10:48:28 -06:00
Joe Vennix ca23b32161 Add support for Procs in browserexploit requirements. 2013-12-19 12:49:05 -06:00
Joe Vennix cb390bee7d Move comment. 2013-12-18 20:37:33 -06:00
Joe Vennix f411313505 Tidy whitespace. 2013-12-18 20:31:31 -06:00
Joe Vennix 9ff82b5422 Move datastore options to mixin. 2013-12-18 14:52:41 -06:00
Joe Vennix 64273fe41d Move addon datastore options into mixin. 2013-12-18 14:42:01 -06:00
Joe Vennix 1235615f5f Add firefox 15 chrome privilege exploit. 
* Moves the logic for generating a firefox addon into its own mixin
* Updates the firefox_xpi_bootstrapped_addon module to use the mixin
* Module only works if you move your mouse 1px in any direction.
 2013-12-18 14:30:35 -06:00
William Vu ff9cb481fb Land #2464, fixes for llmnr_response and friends 
Fixed conflict in lib/msf/core/exploit/http/server.rb.
 2013-12-10 13:41:45 -06:00
William Vu 77b036ce5d Land #2703, uninit const fix for MSSQL_SQLI 2013-11-27 13:50:48 -06:00
jvazquez-r7 a5aca618e2 fix fail_with usage on Exploit::Remote::MSSQL_SQLI 2013-11-27 11:33:19 -06:00
jvazquez-r7 a32c9e5efc Fix fail_with on Exploit::Remote::HttpClient 2013-11-27 11:19:46 -06:00
sinn3r 5d10b44430 Add support for Silverlight 
Add support for Silverlight exploitation. [SeeRM #8705]
 2013-11-26 14:47:27 -06:00
Tod Beardsley e88da09894 Land #2660, DLL/service creation for x64 2013-11-20 17:25:16 -06:00
Joe Vennix 739c7b4ca2 More dead code and tweaks. 2013-11-20 14:44:53 -06:00
Joe Vennix 3ff9da5643 Remove compression options from client sockets. 
I couldn't verify that it was working, as it always sends 1 compression type of NULL.
 2013-11-20 14:41:45 -06:00
Meatballs 135dad1f4e Fix dll/service creation 2013-11-20 20:10:47 +00:00
jvazquez-r7 110e78a1ad Land #2507, @todb-r7's fix to allow DCERPC misin to use RPORT 2013-11-20 10:21:32 -06:00
Joe Vennix f8b57d45cd Reenable the client SSLCompression advanced option. 
Add spec for some of the additions to Rex::Proto::Http::Client
 2013-11-20 01:03:13 -06:00
Joe Vennix 109fc5a834 Add SSLCompression datastore option. 
Also disables the compression by default. TLS-level compression is almost
never used by browsers, and openssl seems to be the only one that enables
it by default.

This also kills some ruby < 1.9.3 code.
 2013-11-19 22:34:39 -06:00
Tod Beardsley ac1fb2d1da Just use a straight RPORT, don't sneak 593. 
Incidentally, the endmap scanner doesn't appear to work at all for
http-rpc-epmap, so no harm done anyway (tested against Windows 2008
server).

It looks like a bigger change than it realy is, thanks to the indentaton
changes by removing the itertor. Diff this without whitespace changes to
get a better idea of what's actually different.
 2013-11-19 13:29:02 -06:00
jvazquez-r7 f690667294 Land #2617, @FireFart's mixin and login bruteforcer for TYPO3 2013-11-18 13:37:16 -06:00
jvazquez-r7 ef6d9db48f Land #2613, @wchen-r7's BrowserExploitServer mixin 2013-11-12 17:33:12 -06:00
sinn3r fbe1b92c8f Good bye get_resource 2013-11-12 17:25:55 -06:00
Tod Beardsley 2035983d3c Fix a handful of msftidy warnings, and XXX SSL 
Marked the SSL stuff as something that needs to be resolved in order to
fix a future bug in datastore manipulation. Also, fixed some whitespace
and exec complaints

[SeeRM #8498]
 2013-11-11 21:23:35 -06:00
sinn3r cf8f2940b0 Oops, this is the right filename 2013-11-11 15:45:11 -06:00
sinn3r 85150823cd rename again 2013-11-11 15:44:27 -06:00
sinn3r 6a840fc169 Move file to get a matching name 2013-11-11 12:41:03 -06:00
sinn3r 866f240337 A little update on documentation 2013-11-07 17:06:43 -06:00
sinn3r 32b12609bd Forgot to pass optional headers 2013-11-07 16:50:58 -06:00
FireFart bdd33d4daf implement feedback from @jlee-r7 2013-11-07 23:07:58 +01:00
FireFart aab4d4ae76 first commit for typo3 2013-11-07 22:38:27 +01:00
sinn3r 991240a87e Support java version detection 2013-11-07 00:54:52 -06:00
sinn3r 3e1771aa77 Being able to pass binding when we need to 2013-11-07 00:12:29 -06:00
sinn3r 23996ec32c Fix up some things 2013-11-06 22:47:02 -06:00
sinn3r c338f7a8c0 Change how requirements are defined, rspec, etc 2013-11-06 14:01:29 -06:00
sinn3r c92116060e Forgot to rm this line 2013-11-06 01:53:46 -06:00
sinn3r f2e4d5507c More rspec 2013-11-06 01:45:40 -06:00
sinn3r 636adc81de Add rop_junk and rop_nop 2013-11-06 01:04:33 -06:00
sinn3r 65c96a1f45 Allow the module to be target specific 2013-11-06 00:57:53 -06:00
sinn3r 63d3c7e8bb Put proxy headers in a constant 2013-11-05 16:33:36 -06:00
sinn3r 73701462ed Fix ActiveX. Use ERB for Javascript detection code. 2013-11-05 16:26:41 -06:00
James Lee 36f96d343e Revert "Revert "Land #2505" to resolve new rspec fails" 
This reverts commit e7d3206dc9.
 2013-11-05 13:45:00 -06:00
sinn3r 9c6b187cc6 stuff 2013-11-05 11:05:33 -06:00