e1adcfee1e
No case sensitive
2015-04-01 16:14:54 -05:00
c4def25e82
Resolve #4986 , add support for IE11 for fingerprint_user_agent
...
Resolve #4986
2015-03-27 17:51:14 -05:00
1fbed1dcfc
Autoload instead of require
2015-01-30 15:42:16 -06:00
062529ce3b
Move HttpServer::HTML into its own file
2015-01-30 15:24:15 -06:00
3572ce9a37
Break PHPInclude into its own file
2015-01-30 15:16:54 -06:00
89a8d27602
Fix port 0 bug in URIPORT
2014-11-11 15:57:41 -06:00
4e96833408
Check service before using it
2014-11-10 14:14:20 -06:00
1064049729
Revert "Fix buggy calls to stop_service"
...
This reverts commit 613f5309bb
2014-11-10 14:05:57 -06:00
613f5309bb
Fix buggy calls to stop_service
2014-11-09 02:15:30 -06:00
e3ed7905f1
Add tnftp_savefile exploit
...
Also add URI{HOST,PORT} and {,v}print_good to HttpServer.
2014-10-30 20:38:16 -05:00
f30309fe81
Land #3919 , @wchen-r7's Fixes #3914 , Inconsistent unicode names
2014-10-08 14:46:14 -05:00
dbc199ad77
space after commas
2014-10-08 13:56:59 -05:00
a65ee6cf30
Land #3373 , recog
...
Conflicts:
Gemfile
Gemfile.lock
data/js/detect/os.js
lib/msf/core/exploit/remote/browser_exploit_server.rb
modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-10-03 18:05:58 -05:00
1e2d860ae1
Fix #3914 - Inconsistent unicode names
2014-09-30 12:19:27 -05:00
37e6173d1f
Make Metasploit::Concern a first-class dep.
...
Also adds a Concern hook to HttpServer, so Pro can more
easily change its behavior.
2014-09-11 13:28:45 -05:00
a844b5c30a
Merge branch 'master' of github.com:hmoore-r7/metasploit-framework into feature/recog
...
Conflicts:
Gemfile
Gemfile.lock
data/js/detect/os.js
lib/msf/core/exploit/remote/browser_exploit_server.rb
2014-05-18 10:50:32 -05:00
7e227581a7
Rework OS fingerprinting to match Recog changes
...
This commit changes how os_name and os_flavor are handled
for client-side exploits, matching recent changes to the
server-side exploits and scanner fingerprints.
This commit also updates the client-side fingerprinting to
take into account Windows 8.1 and IE 9, 10, and 11.
2014-04-01 08:14:58 -07:00
da6a428bbf
Modify libs to support explib2
2014-03-28 10:44:52 -05:00
b431bf3da9
Land #3052 - Fix nil error in BES
2014-03-11 12:51:03 -05:00
ad592fd114
Remove unnecessary method.
2014-03-05 23:36:43 -06:00
ee1209b7fb
This should work
2014-03-03 11:53:51 -06:00
46f27289ed
Reorganizes form_post into separate file.
2014-03-02 19:55:21 -06:00
8cf5c3b97e
Add heaplib2
...
[SeeRM #8769 ] Add heapLib2 for browser exploitation
2014-03-02 11:47:18 -06:00
90207628cc
Land #2666 , SSLCompression option
...
[SeeRM #823 ], where Stephen was asking for SSL compression for
Meterpreter -- this isn't that, but it's at least now possible for other
Metasploit functionality.
2014-01-22 10:42:13 -06:00
0b6e03df75
More comment docs on SSLCompression
2014-01-21 16:48:26 -06:00
b8219e3e91
Warn the user about SSLCompression
2014-01-21 16:41:45 -06:00
ff9cb481fb
Land #2464 , fixes for llmnr_response and friends
...
Fixed conflict in lib/msf/core/exploit/http/server.rb.
2013-12-10 13:41:45 -06:00
109fc5a834
Add SSLCompression datastore option.
...
Also disables the compression by default. TLS-level compression is almost
never used by browsers, and openssl seems to be the only one that enables
it by default.
This also kills some ruby < 1.9.3 code.
2013-11-19 22:34:39 -06:00
ef6d9db48f
Land #2613 , @wchen-r7's BrowserExploitServer mixin
2013-11-12 17:33:12 -06:00
2035983d3c
Fix a handful of msftidy warnings, and XXX SSL
...
Marked the SSL stuff as something that needs to be resolved in order to
fix a future bug in datastore manipulation. Also, fixed some whitespace
and exec complaints
[SeeRM #8498 ]
2013-11-11 21:23:35 -06:00
991240a87e
Support java version detection
2013-11-07 00:54:52 -06:00
5f2d8358c0
Be more browser specific with Javascript generation
2013-11-05 01:04:52 -06:00
6e7e5a0ff9
Put postInfo() in the js directory
2013-10-31 13:55:22 -05:00
00efad5c5d
Initial commit for BrowserExploitServer mixin
2013-10-31 13:17:06 -05:00
afcce8a511
Merge osdetect and addonsdetect
2013-10-22 01:11:11 -05:00
99d5da1f03
We can simplify this
2013-10-21 20:22:45 -05:00
9a3e719233
Rework the naming style
2013-10-21 20:16:37 -05:00
8a94df7dcd
Change category name for base64
2013-10-18 21:20:16 -05:00
6f04a5d4d7
Cache Javascript
2013-10-18 12:23:58 -05:00
b0d614bc6a
Cleaning up requires
2013-10-18 01:47:27 -05:00
c926fa710b
Move all exploitation-related JavaScript to their new home
2013-10-17 16:43:29 -05:00
4c91f2e0f5
Add detection code MS Office
...
Add detection code for MS Office XP, 2003, 2007, 2010, and 2012.
[SeeRM #8413 ]
2013-10-15 16:27:23 -05:00
da3081e1c8
[FixRM 8482] Fix uninit constant Rex::Exploitation::JavascriptOSDetect
...
This fixes an uninit constant Rex::Exploitation::JavascriptOSDetect
while using a module with js_os_detect. It was originally reported
by Metasploit user @viniciuskmax
[FixRM 8482]
2013-10-14 11:40:46 -05:00
b822a41004
Axe errant tabs and unused vars
2013-10-02 13:47:39 -05:00
7e5e0f7fc8
Retab lib
2013-08-30 16:28:33 -05:00
1ac1d322f2
Dup before modifying
...
Because `remove_resource` modifies @my_resources, we can't call it while
iterating over the actual @my_resources. The following snippet
illustrates why:
```
>> a = [1,2,3,4]; a.each {|elem| a.delete(elem); puts elem }
1
3
=> [2, 4]
```
[See #2002 ]
2013-07-12 00:57:10 -05:00
38e837dc28
Remove inaccurate comment
2013-07-11 22:48:35 -05:00
3c42fe594e
No need to have rescue around a print
2013-06-21 15:55:43 -05:00
2c12a43e77
Add a method for dealing with hardcoded URIs
2013-06-21 15:48:02 -05:00
39d011780e
Move deletion into #remove_resource
...
Doing it here means that modules manually calling remove_resource won't
screw up the cleanup
2013-06-21 15:34:54 -05:00
sinn3r