adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
27,774 Commits 27 Branches 1,043 Tags
8d628c221b7597fb2d5259aef0eaed8c9afa4539
Commit Graph

1252 Commits

Author SHA1 Message Date
James Lee a65ee6cf30 Land #3373, recog 
Conflicts:
	Gemfile
	Gemfile.lock
	data/js/detect/os.js
	lib/msf/core/exploit/remote/browser_exploit_server.rb
	modules/exploits/android/browser/webview_addjavascriptinterface.rb
 2014-10-03 18:05:58 -05:00
Joe Vennix 6571213f1c Remove un-truthy doc string. 2014-10-01 23:41:02 -05:00
Joe Vennix 5a8eca8946 Adds a :vuln_test option to BES, just like in BAP. 
I needed this to run a custom JS check for the Android
webview vuln when the exploit is served straight
through BES. The check already existed when using BAP,
so I tried to preserve that syntax, and also added a
:vuln_test_error as an optional error message.

This commit also does some mild refactoring of un-
useful behavior in BES.
 2014-10-01 23:34:31 -05:00
James Lee 5cb016c1b1 Use Match constant in BES as well 2014-10-01 16:17:13 -05:00
James Lee a75d47aad9 Use yardoc for new methods 
Also substitute '&&' for 'and', and fix some whitespace
 2014-10-01 16:02:33 -05:00
sinn3r 9e5826c4eb Land #3844 - Add the JSObfu mixin to Firefox exploits 2014-09-29 11:15:14 -05:00
jvazquez-r7 a31b4ecad9 Merge branch 'review_3893' into test_land_3893 2014-09-26 08:41:43 -05:00
James Lee 86f85a356d Add DHCP server module for CVE-2014-6271 2014-09-26 01:24:42 -05:00
Ramon de C Valle bdac82bc7c Fix lib/msf/core/exploit/dhcp.rb 2014-09-25 22:18:26 -03:00
Joe Vennix 2b02174999 Yank Android->jsobfu integration. Not really needed currently. 2014-09-25 16:00:37 -05:00
Joe Vennix b96a7ed1d0 Install a global object in firefox payloads, bump jsobfu. 2014-09-24 16:05:00 -05:00
Joe Vennix d9e6f2896f Add the JSObfu mixin to a lot of places. 2014-09-21 23:45:59 -05:00
sinn3r e1cfc74c32 Move jsobfu to a mixin 2014-09-21 00:39:04 -05:00
sinn3r cd037466a6 upate doc 2014-09-20 23:40:47 -05:00
sinn3r 9191af6241 Update js_obfuscate 2014-09-20 23:38:35 -05:00
sinn3r a9420befa4 Default to 0 2014-09-20 21:39:20 -05:00
sinn3r 046045c608 Chagne option description 2014-09-20 21:38:57 -05:00
sinn3r fd5aee02d7 Update js_obfuscate 2014-09-20 21:36:17 -05:00
sinn3r 7bab825224 Last changes 2014-09-20 18:39:09 -05:00
sinn3r 135bed254d Update BrowserExploitServer for JSObfu 2014-09-20 17:59:36 -05:00
Joe Vennix 37e6173d1f Make Metasploit::Concern a first-class dep. 
Also adds a Concern hook to HttpServer, so Pro can more
easily change its behavior.
 2014-09-11 13:28:45 -05:00
William Vu ae5a8f449c Land #3691, gdbserver hax 2014-09-08 11:48:39 -05:00
William Vu 5c1d95812c Add verify_checksum and use it 
Also fixed a YARD typo.
 2014-09-08 02:19:21 -05:00
William Vu b6e04599a7 Fix read_ack to read only the ACK 
It was reading the response, too. Also removed an extraneous send_ack.
 2014-09-05 12:30:59 -05:00
Joe Vennix 0e18d69aab Add extended mode to prevent service from dying. 2014-09-03 16:07:27 -05:00
Joe Vennix 4293500a5e Implement running exe in multi. 2014-09-03 15:56:21 -05:00
Joe Vennix 268d42cf07 Add PrependFork to payload options. 2014-09-03 14:56:22 -05:00
Jon Hart 316a952e9c Make SIP note, service and print output more similar 2014-08-26 17:47:31 -07:00
HD Moore 2d2606aeaf Update sip note format, small tweaks to output, service.info 2014-08-26 16:42:00 -05:00
Jon Hart e75e213b52 Clarify SIP mixin method name, store header values as string, etc 2014-08-26 11:40:49 -07:00
Jon Hart a41748e77e Correct SIP header note storage to align with Recog 2014-08-25 13:12:30 -07:00
Jon Hart 6185721a61 Address @hmoore-r7's feedback regarding binary encoding 2014-08-25 13:11:22 -07:00
Jon Hart 9955cb5b27 Enforce proper protocol case where necessary 2014-08-25 13:11:22 -07:00
Jon Hart b760815c86 Also pull the Allow headers (previous behavior) 2014-08-25 13:11:21 -07:00
Jon Hart 637f86f37d Gut SIP UDP stuff, use Msf::Auxiliary::UDPScanner 2014-08-25 13:11:21 -07:00
Jon Hart 50d90defbc Use a correct default Accept header -- responses++ 2014-08-25 13:11:21 -07:00
Jon Hart c2e70446ed Move SIP module stuff to Msf::Exploit::Remote::SIP 2014-08-25 13:11:21 -07:00
Joe Vennix c4a173e943 Remove automatic target, couldn't figure out generic payloads. 2014-08-25 14:14:47 -05:00
HD Moore 92ff0974b7 Add YARD option formatting 2014-08-25 01:45:59 -05:00
Joe Vennix 6313b29b7a Add #arch method to Msf::EncodedPayload. 
This allows exploits with few one automatic target to support many
different architectures.
 2014-08-24 02:22:15 -05:00
Joe Vennix 1d3531d09d Put include above constant defs. 2014-08-24 01:17:32 -05:00
Joe Vennix 4e63faea08 Get a shell from a loose gdbserver session. 2014-08-24 01:10:30 -05:00
Brandon Turner 05f0d09828 Merge branch staging/electro-release into master 
On August 15, shuckins-r7 merged the Metasploit 4.10.0 branch
(staging/electro-release) into master.  Rather than merging with
history, he squashed all history into two commits (see
149c3ecc63 and
82760bf5b3).

We want to preserve history (for things like git blame, git log, etc.).
So on August 22, we reverted the commits above (see
19ba7772f3).

This merge commit merges the staging/electro-release branch
(62b81d6814) into master
(48f0743d1b).  It ensures that any changes
committed to master since the original squashed merge are retained.

As a side effect, you may see this merge commit in history/blame for the
time period between August 15 and August 22.
 2014-08-22 10:50:38 -05:00
Brandon Turner 19ba7772f3 Revert "Various merge resolutions from master <- staging" 
This reverts commit 149c3ecc63.

Conflicts:
	lib/metasploit/framework/command/base.rb
	lib/metasploit/framework/common_engine.rb
	lib/metasploit/framework/require.rb
	lib/msf/core/modules/namespace.rb
	modules/auxiliary/analyze/jtr_postgres_fast.rb
	modules/auxiliary/scanner/smb/smb_login.rb
	msfconsole
 2014-08-22 10:17:44 -05:00
HD Moore 5e123e024d Add 'coding: binary' to all msf/rex library files 
This fixes a huge number of hard-to-detect runtime bugs
that occur when a default utf-8 string from one of these
libraries is passed into a method expecting ascii-8bit
 2014-08-17 17:31:53 -05:00
HD Moore 6d92d701d7 Merge feature/recog into post-electro master for this PR 2014-08-16 01:19:08 -05:00
Samuel Huckins 149c3ecc63 Various merge resolutions from master <- staging 
* --ask option ported to new location
* --version option now works
* MSF version updated
* All specs passing
 2014-08-15 11:33:31 -05:00
Meatballs 256204f2af Use correct pack/unpack specifier 2014-08-13 11:36:16 +01:00
Meatballs b277f588fb Use railgun helper functions 2014-08-10 21:52:12 +01:00
Brandon Turner 91bb0b6e10 Merge tag '2014072301' into staging/electro-release 
Conflicts:
	Gemfile.lock
	modules/post/windows/gather/credentials/gpp.rb

This removes the active flag in the gpp.rb module.  According to Lance,
the active flag is no longer used.
 2014-08-06 15:58:12 -05:00