adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
27,566 Commits 27 Branches 1,043 Tags
5df614d39bcaffbb2eccd271bd0d63bb72b8ea7a
Commit Graph

294 Commits

Author SHA1 Message Date
Joe Vennix d9e6f2896f Add the JSObfu mixin to a lot of places. 2014-09-21 23:45:59 -05:00
sinn3r 85b48fd437 Land #3736 - Revert initial ff xpi prompt bypass for Firefox 22-27 2014-09-04 16:08:15 -05:00
Joe Vennix f7617183d9 Revert "Add initial firefox xpi prompt bypass." 
This reverts commit ebcf972c08.
 2014-09-02 12:27:41 -05:00
Joe Vennix 26cfed6c6a Rename exploit module. 2014-08-26 23:05:41 -05:00
Joe Vennix 96276aa6fa Get the disclosure date right. 2014-08-26 20:36:58 -05:00
Joe Vennix 52f33128cd Add Firefox WebIDL Javascript exploit. 
Also removes an incorrect reference from another FF exploit.
 2014-08-26 20:35:17 -05:00
sinn3r e2e2dfc6a3 Undo FF 2014-08-19 17:47:44 -05:00
joev b93fda5cef Remove browser_autopwn hook from deprecated FF module. 2014-08-18 15:33:43 -05:00
joev 87aa63de6e Deprecate FF17 SVG exploit. 
This exploit needs flash, the tostring_console injection one does not.
 2014-08-18 15:32:51 -05:00
joev 6d958475d6 Oops, this doesn't work on 23, only 22. 2014-08-15 17:00:58 -05:00
joev fb1fe7cb8b Add some obfuscation. 2014-08-15 16:54:30 -05:00
joev b574a4c4c5 Wow, this gets a shell all the way back to 15.0. 2014-08-15 16:39:36 -05:00
joev 5706371c77 Update browser autopwn settings. 2014-08-15 16:32:06 -05:00
joev 8c63c8f43d Add browserautopwn hook now that this is not user-assisted. 2014-08-15 16:28:21 -05:00
joev 694d917acc No need for web console YESSSS 2014-08-15 16:02:26 -05:00
joev 738a295f0a Rename module to tostring_console*. 2014-08-15 15:17:37 -05:00
joev f182613034 Invalid CVE format. 2014-08-15 15:09:45 -05:00
joev edb9d32e5c Add module for toString() injection in firefox. 2014-08-15 15:08:10 -05:00
jvazquez-r7 8937fbb2f5 Fix email format 2014-07-11 12:45:23 -05:00
Tod Beardsley 0b2737da7c Two more java payloads that wanted to write RHOST 
There are three total, and they're all copy-pasted from the original
module from 2009. I suspect this idiom isn't used at all any more -- I
can't detect a difference in the payload if I just declare a host being
cli.peerhost, rather than rewriting RHOST to be cli.peerhost.

[SeeRM #8498]
 2014-04-14 22:22:30 -05:00
Tod Beardsley 775b0de3c0 Replace RHOST reassing with just host 
This looks okay from debug (the host looks like it's generating okay)
but there may be some subtle thing I'm not seeing here. @wchen-r7 can
you glance at this please?

[SeeRM #8498]
 2014-04-14 22:17:31 -05:00
jvazquez-r7 577bd7c855 Land #3146, @wchen-r7's flash version detection code 2014-04-02 15:13:41 -05:00
joev ebcf972c08 Add initial firefox xpi prompt bypass. 2014-04-01 23:48:35 -05:00
sinn3r a173fcf2fa Flash detection for firefox_svg_plugin 
Good test case
 2014-03-28 15:39:25 -05:00
Joe Vennix 80808fc98c Cleans up firefox SVG plugin. 2014-03-26 13:12:39 -05:00
William Vu 170608e97b Fix first chunk of msftidy "bad char" errors 
There needs to be a better way to go about preventing/fixing these.
 2014-03-11 11:18:54 -05:00
jvazquez-r7 6c490af75e Add randomization to Rex::Zip::Jar and java_signed_applet 2014-02-27 12:38:52 -06:00
grimmlin 2d93b38e2a Fixed java_signed_applet for Java 7u51 2014-02-07 16:29:50 +01:00
Joe Vennix b3b04c4159 Fix both firefox js exploits to use browser_autopwn. 2014-01-11 17:34:38 -06:00
Joe Vennix 06fb2139b0 Digging around to get shell_command_token to work. 2014-01-02 14:05:06 -06:00
Joe Vennix 1b0e99b448 Update proto_crmfrequest module. 2014-01-02 10:48:28 -06:00
Joe Vennix 694cb11025 Add firefox platform, architecture, and payload. 
* Enables chrome privilege exploits in firefox to run a javascript cmd
shell session without touching the disk.
* Adds a spec for the addon_generator.
 2014-01-02 10:48:28 -06:00
jvazquez-r7 7f9f4ba4db Make gsubs compliant with the new indentation standard 2013-12-31 11:06:53 -06:00
Joe Vennix 8e27e87c81 Use the right disclosure date. 2013-12-19 12:58:52 -06:00
Joe Vennix 955dfe5d29 msftidy it up. 2013-12-19 12:53:58 -06:00
Joe Vennix b50bbc2f84 Update module to use sinn3r's beautiful browserexploitserver. 2013-12-19 12:49:24 -06:00
Joe Vennix eb08a30293 Update description with new version support. 2013-12-19 02:08:55 -06:00
Joe Vennix 5ee6c77901 Add a patch for 15.x support. 
* Also add authors i forgot, oops
 2013-12-19 02:05:45 -06:00
Joe Vennix 2add2acc8f Use a smaller key size, harder to spot. 2013-12-18 21:02:23 -06:00
Joe Vennix 8d183d8afc Update versions, 4.0.1 does not work on windows. 2013-12-18 20:57:47 -06:00
Joe Vennix cb390bee7d Move comment. 2013-12-18 20:37:33 -06:00
Joe Vennix 23b5254ea1 Fix include reference. 2013-12-18 20:35:43 -06:00
Joe Vennix 5255f8da12 Clean up code. Test version support. 
* Using #get in Object#defineProperty call makes the payload execute immediately
on all supported browsers I tested.
* Moved Ranking to Excellent since it is now 100% reliable.
 2013-12-18 20:30:08 -06:00
Joe Vennix 64273fe41d Move addon datastore options into mixin. 2013-12-18 14:42:01 -06:00
Joe Vennix ca2de73879 It helps to actually commit the exploit. 2013-12-18 14:31:42 -06:00
Joe Vennix 1235615f5f Add firefox 15 chrome privilege exploit. 
* Moves the logic for generating a firefox addon into its own mixin
* Updates the firefox_xpi_bootstrapped_addon module to use the mixin
* Module only works if you move your mouse 1px in any direction.
 2013-12-18 14:30:35 -06:00
jvazquez-r7 004c1bac78 Reduce number of modules available on BrowserAutopwn 2013-11-12 12:37:29 -06:00
William Vu 2aed8a3aea Update modules to use new ZDI reference 2013-10-21 15:13:46 -05:00
sinn3r 032da9be10 Land #2426 - make use of Msf::Config.data_directory 2013-10-21 13:07:33 -05:00
Tod Beardsley c83262f4bd Resplat another common boilerplate. 2013-10-15 14:07:48 -05:00