8ce1db5081
Fix #4783 , raise exception if the payload arch is incompatible
...
Fix #4783
2015-02-17 21:47:17 -06:00
457598eb02
print_error about unknown request.uri
2015-01-27 20:21:18 -06:00
acf02647fb
Add a check for Custom404
2015-01-27 20:18:10 -06:00
66703bfe5a
Allow custom 404 as an option for BrowserExploitServer
...
When something fails, the target is given a hardcoded 404 message
generated by the framework. But the user (attacker) now can configure
this. When the Custom404 option is set, the mixin will actually
redirect (302) to that URL.
There are several scenarios that can trigger a 404 by BES (custom or
default):
* When the browser doesn't allow javascript
* When the browser directly visits the exploit URL, which is forbidden.
If this actually happens, it probably means the attacker gave the
wrong URL.
* The attacker doesn't allow the browser auto-recovery to retry the
URL.
* If some browser requirements aren't met.
* The browser attempts to go to access a resource not set up by the
mixin.
2015-01-27 18:53:02 -06:00
ee922d141c
Fix #4646 - get_module_resource should check nil before using get_resource
...
Fix #4646 . The get_module_resource needs to check nil first before
using the get_resource method (from HttpServer)
2015-01-27 00:21:43 -06:00
e974d272f0
Remove stray line comment that ruined things when minified.
2014-12-23 00:22:50 -06:00
9202c4f2a1
No mercy for os_flavor
2014-12-10 11:46:21 -06:00
a584a5982f
Clarify about how BES uses os_flavor
...
We don't. We don't use os_flavor anymore because it is no longer
implemented. We get the information from os_name instead.
2014-12-09 12:21:59 -06:00
a65ee6cf30
Land #3373 , recog
...
Conflicts:
Gemfile
Gemfile.lock
data/js/detect/os.js
lib/msf/core/exploit/remote/browser_exploit_server.rb
modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-10-03 18:05:58 -05:00
6571213f1c
Remove un-truthy doc string.
2014-10-01 23:41:02 -05:00
5a8eca8946
Adds a :vuln_test option to BES, just like in BAP.
...
I needed this to run a custom JS check for the Android
webview vuln when the exploit is served straight
through BES. The check already existed when using BAP,
so I tried to preserve that syntax, and also added a
:vuln_test_error as an optional error message.
This commit also does some mild refactoring of un-
useful behavior in BES.
2014-10-01 23:34:31 -05:00
5cb016c1b1
Use Match constant in BES as well
2014-10-01 16:17:13 -05:00
b96a7ed1d0
Install a global object in firefox payloads, bump jsobfu.
2014-09-24 16:05:00 -05:00
d9e6f2896f
Add the JSObfu mixin to a lot of places.
2014-09-21 23:45:59 -05:00
e1cfc74c32
Move jsobfu to a mixin
2014-09-21 00:39:04 -05:00
cd037466a6
upate doc
2014-09-20 23:40:47 -05:00
9191af6241
Update js_obfuscate
2014-09-20 23:38:35 -05:00
a9420befa4
Default to 0
2014-09-20 21:39:20 -05:00
046045c608
Chagne option description
2014-09-20 21:38:57 -05:00
fd5aee02d7
Update js_obfuscate
2014-09-20 21:36:17 -05:00
7bab825224
Last changes
2014-09-20 18:39:09 -05:00
135bed254d
Update BrowserExploitServer for JSObfu
2014-09-20 17:59:36 -05:00
43d65cc93a
Merge branch 'master' into feature/recog
...
Resolves conflicts:
Gemfile
data/js/detect/os.js
modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-07-06 09:17:44 -05:00
2a7227f443
Land #3427 - Adds webcam module for firefox privileged sessions on OSX
2014-06-11 22:27:25 -05:00
d990fb4999
Remove a number of stray edits and bs.
2014-06-06 16:24:45 -05:00
7c762ad42c
Fix some minor bugs in webrtc stuff, inline API code.
2014-06-06 16:18:39 -05:00
1dbe972377
Fix URIPATH / for BrowserExploitServer
...
[SeeRM #8804 ] Fix URIPATH / for BrowserExploitServer
2014-05-22 12:18:49 -05:00
14b796acbf
First stab at refactoring webrtc mixin.
2014-05-21 15:32:29 -05:00
a8bf53479d
Fix a merge error
2014-05-18 11:08:04 -05:00
a844b5c30a
Merge branch 'master' of github.com:hmoore-r7/metasploit-framework into feature/recog
...
Conflicts:
Gemfile
Gemfile.lock
data/js/detect/os.js
lib/msf/core/exploit/remote/browser_exploit_server.rb
2014-05-18 10:50:32 -05:00
f94d1f6546
Refactors firefox js usage into a mixin.
2014-04-24 15:09:48 -05:00
80faaf86d8
Add a link to explain about unmet exploit requirements
2014-04-10 14:01:16 -05:00
7e227581a7
Rework OS fingerprinting to match Recog changes
...
This commit changes how os_name and os_flavor are handled
for client-side exploits, matching recent changes to the
server-side exploits and scanner fingerprints.
This commit also updates the client-side fingerprinting to
take into account Windows 8.1 and IE 9, 10, and 11.
2014-04-01 08:14:58 -07:00
07ab05c870
Update a comment
2014-03-28 15:20:45 -05:00
4b7f85e47d
Adobe Flash support in BES
2014-03-28 15:14:58 -05:00
85c0c8bb70
Add support to detect mshtml build
...
Some IE vulns are build-specific, in that case we need a way to
detect the build version. On IE9 and newer, the build version is
the same as the one you see in WinDBG when you do lmv m mshtml.
On IE8, it returns something else I don't know.
2014-03-25 03:31:08 -05:00
6e37493471
Land #3091 - native shellcode payloads from a FF privileged js shell
2014-03-13 13:36:37 -05:00
db036e44ad
Use RdlCopyMemory from Kernel32.
2014-03-13 11:05:58 -05:00
851fca2107
Add posix fork() call before running code.
2014-03-12 02:56:26 -05:00
7afcb6aee8
Add CreateThread wrapper for windows.
2014-03-12 02:49:09 -05:00
ce0c5380a5
Kill stray //.
2014-03-12 02:20:49 -05:00
9bdf570763
All working now. In-memory meterpreter even.
2014-03-12 02:19:28 -05:00
c07f390382
Add CookieExpiration option, add trailing slash to URI.
2014-03-10 13:07:17 -05:00
05067b4e33
Oops. Need to init the profile before accessed.
2014-03-06 11:48:54 -06:00
a792f85a5f
Fix re-initialize bug.
2014-03-05 23:27:04 -06:00
5790547d34
Start undoing some work.
2014-03-04 17:01:53 -06:00
3360f7004d
Update form_post vars, add Expires to cookie.
2014-03-03 23:29:02 -06:00
894d16af80
Add specs for new/returning/previous visitors.
2014-03-02 20:50:10 -06:00
6825fd2486
Whitespace tweaks and cleanup.
2014-03-02 19:57:48 -06:00
46f27289ed
Reorganizes form_post into separate file.
2014-03-02 19:55:21 -06:00
sinn3r