62be638258
Add 'Auto' to tcp.rb as well.
2014-10-15 16:01:42 -05:00
a762d871bf
Autonegotiate SSL/TLS versions when not explicit
2014-10-15 13:26:40 -05:00
c4d1a4c7dc
Revert #4022 , as the solution is incomplete
...
Revert "Land 4022, datastore should default TLS1 vs SSL3"
This reverts commit 4c8662c6c10937f32ff9
2014-10-15 12:32:08 -05:00
1754b23ffb
Datastore options should default to TLS1, not SSL3
...
Otherwise, we risk getting our connections killed by particularly
aggressive DPI devices (IPS, firewalls, etc)
Squashed commit of the following:
commit 5e203851d5c9dce1fe984b106ce3031a3653e54b
Author: Tod Beardsley <tod_beardsley@rapid7.com >
Date: Wed Oct 15 10:19:04 2014 -0500
Whoops missed one
commit 477b15a08e06e74d725f1c45486b37e4b403e3c2
Author: Tod Beardsley <tod_beardsley@rapid7.com >
Date: Wed Oct 15 10:16:59 2014 -0500
Other datastore options also want TLS1 as default
commit 8d397bd9b500ff6a8462170b4c39849228494795
Author: Tod Beardsley <tod_beardsley@rapid7.com >
Date: Wed Oct 15 10:12:06 2014 -0500
TCP datastore opts default to TLS1
Old encryption is old. See also: POODLE
2014-10-15 10:28:53 -05:00
f30309fe81
Land #3919 , @wchen-r7's Fixes #3914 , Inconsistent unicode names
2014-10-08 14:46:14 -05:00
dbc199ad77
space after commas
2014-10-08 13:56:59 -05:00
a65ee6cf30
Land #3373 , recog
...
Conflicts:
Gemfile
Gemfile.lock
data/js/detect/os.js
lib/msf/core/exploit/remote/browser_exploit_server.rb
modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-10-03 18:05:58 -05:00
6571213f1c
Remove un-truthy doc string.
2014-10-01 23:41:02 -05:00
5a8eca8946
Adds a :vuln_test option to BES, just like in BAP.
...
I needed this to run a custom JS check for the Android
webview vuln when the exploit is served straight
through BES. The check already existed when using BAP,
so I tried to preserve that syntax, and also added a
:vuln_test_error as an optional error message.
This commit also does some mild refactoring of un-
useful behavior in BES.
2014-10-01 23:34:31 -05:00
5cb016c1b1
Use Match constant in BES as well
2014-10-01 16:17:13 -05:00
a75d47aad9
Use yardoc for new methods
...
Also substitute '&&' for 'and', and fix some whitespace
2014-10-01 16:02:33 -05:00
1e2d860ae1
Fix #3914 - Inconsistent unicode names
2014-09-30 12:19:27 -05:00
9e5826c4eb
Land #3844 - Add the JSObfu mixin to Firefox exploits
2014-09-29 11:15:14 -05:00
a31b4ecad9
Merge branch 'review_3893' into test_land_3893
2014-09-26 08:41:43 -05:00
86f85a356d
Add DHCP server module for CVE-2014-6271
2014-09-26 01:24:42 -05:00
bdac82bc7c
Fix lib/msf/core/exploit/dhcp.rb
2014-09-25 22:18:26 -03:00
2b02174999
Yank Android->jsobfu integration. Not really needed currently.
2014-09-25 16:00:37 -05:00
b96a7ed1d0
Install a global object in firefox payloads, bump jsobfu.
2014-09-24 16:05:00 -05:00
d9e6f2896f
Add the JSObfu mixin to a lot of places.
2014-09-21 23:45:59 -05:00
e1cfc74c32
Move jsobfu to a mixin
2014-09-21 00:39:04 -05:00
cd037466a6
upate doc
2014-09-20 23:40:47 -05:00
9191af6241
Update js_obfuscate
2014-09-20 23:38:35 -05:00
a9420befa4
Default to 0
2014-09-20 21:39:20 -05:00
046045c608
Chagne option description
2014-09-20 21:38:57 -05:00
fd5aee02d7
Update js_obfuscate
2014-09-20 21:36:17 -05:00
7bab825224
Last changes
2014-09-20 18:39:09 -05:00
135bed254d
Update BrowserExploitServer for JSObfu
2014-09-20 17:59:36 -05:00
37e6173d1f
Make Metasploit::Concern a first-class dep.
...
Also adds a Concern hook to HttpServer, so Pro can more
easily change its behavior.
2014-09-11 13:28:45 -05:00
ae5a8f449c
Land #3691 , gdbserver hax
2014-09-08 11:48:39 -05:00
5c1d95812c
Add verify_checksum and use it
...
Also fixed a YARD typo.
2014-09-08 02:19:21 -05:00
b6e04599a7
Fix read_ack to read only the ACK
...
It was reading the response, too. Also removed an extraneous send_ack.
2014-09-05 12:30:59 -05:00
0e18d69aab
Add extended mode to prevent service from dying.
2014-09-03 16:07:27 -05:00
4293500a5e
Implement running exe in multi.
2014-09-03 15:56:21 -05:00
268d42cf07
Add PrependFork to payload options.
2014-09-03 14:56:22 -05:00
316a952e9c
Make SIP note, service and print output more similar
2014-08-26 17:47:31 -07:00
2d2606aeaf
Update sip note format, small tweaks to output, service.info
2014-08-26 16:42:00 -05:00
e75e213b52
Clarify SIP mixin method name, store header values as string, etc
2014-08-26 11:40:49 -07:00
a41748e77e
Correct SIP header note storage to align with Recog
2014-08-25 13:12:30 -07:00
6185721a61
Address @hmoore-r7's feedback regarding binary encoding
2014-08-25 13:11:22 -07:00
9955cb5b27
Enforce proper protocol case where necessary
2014-08-25 13:11:22 -07:00
b760815c86
Also pull the Allow headers (previous behavior)
2014-08-25 13:11:21 -07:00
637f86f37d
Gut SIP UDP stuff, use Msf::Auxiliary::UDPScanner
2014-08-25 13:11:21 -07:00
50d90defbc
Use a correct default Accept header -- responses++
2014-08-25 13:11:21 -07:00
c2e70446ed
Move SIP module stuff to Msf::Exploit::Remote::SIP
2014-08-25 13:11:21 -07:00
c4a173e943
Remove automatic target, couldn't figure out generic payloads.
2014-08-25 14:14:47 -05:00
92ff0974b7
Add YARD option formatting
2014-08-25 01:45:59 -05:00
6313b29b7a
Add #arch method to Msf::EncodedPayload.
...
This allows exploits with few one automatic target to support many
different architectures.
2014-08-24 02:22:15 -05:00
1d3531d09d
Put include above constant defs.
2014-08-24 01:17:32 -05:00
4e63faea08
Get a shell from a loose gdbserver session.
2014-08-24 01:10:30 -05:00
05f0d09828
Merge branch staging/electro-release into master
...
On August 15, shuckins-r7 merged the Metasploit 4.10.0 branch
(staging/electro-release) into master. Rather than merging with
history, he squashed all history into two commits (see
149c3ecc6382760bf5b319ba7772f362b81d681448f0743d1b
2014-08-22 10:50:38 -05:00
Tod Beardsley