adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,054 Commits 27 Branches 1,043 Tags
94de45d856b7d4ea32456bbdc7531af67bfbcaa1
Commit Graph

2235 Commits

Author SHA1 Message Date
wchen-r7 1fdbcc71c1 Support URIHOST and URIPORT for exploit URI generation 2015-07-16 14:10:49 -05:00
xistence 7f05403ae0 Added certutil cmdstager 2015-07-16 13:20:05 +07:00
jvazquez-r7 886ca47dfb Land #5650, @wchen-r7's browser autopwn 2 2015-07-15 10:21:44 -05:00
wchen-r7 4f8f640189 Rename autopwnv2 to just autopwn2 2015-07-14 17:38:51 -05:00
jvazquez-r7 709676e6cc Make exploits quiet 2015-07-14 17:00:44 -05:00
wchen-r7 219d0032fa Do print_good to make this important stand up more 2015-07-14 15:36:35 -05:00
wchen-r7 1992a5648d Make up our damn mind 2015-07-14 15:09:23 -05:00
wchen-r7 d64f4be691 Check if URIPORT is 0 2015-07-14 14:45:10 -05:00
wchen-r7 5e63b5f93e Can't use cli 2015-07-14 14:37:45 -05:00
wchen-r7 cf714fe4aa Change port logic too 2015-07-14 14:19:00 -05:00
wchen-r7 61d49f29e8 Check nil for SRVHOST option 2015-07-14 14:16:49 -05:00
wchen-r7 8efb4df8af Change the HOST IP logic again 2015-07-14 14:15:32 -05:00
wchen-r7 9980e8f285 Change SRVHOST vs URIHOST vs Rex again 2015-07-14 14:06:33 -05:00
wchen-r7 f76fe07872 Fix SRVHOST 2015-07-14 13:49:28 -05:00
William Vu 9be030bbff Fix nil in executable generation 2015-07-14 18:47:33 +00:00
wchen-r7 9dddb13d0b Slow down on killing exploits 
Jobs aren't thread safe, so we kind of have to take it easy.
 2015-07-14 13:10:57 -05:00
wchen-r7 2264efac15 Reduce output 2015-07-14 12:22:38 -05:00
HD Moore 100d3c8d46 A number of small fixes for BAPv2 
* Use module.register_parent() to pass WORKSPACE and other fields
* Prevent partial resource matching in URIs
* Make disclosure_date sorting resilient
 2015-07-14 11:40:28 -05:00
wchen-r7 0582e7e3ca Return nil instead of "null" 
A scenario is when FF disables Flash, BES returns "null", and when
modules try to use Gem::Version, the "null" is considered a malformed
data and it won't be able to continue.
 2015-07-14 01:25:41 -05:00
wchen-r7 8384be6466 Fix rand_text_alpha and bump max exploit count to 21 2015-07-14 01:02:01 -05:00
wchen-r7 d6565a9aee Merge branch 'bes_flash' into bapv2_flash_test 2015-07-14 00:34:54 -05:00
jvazquez-r7 8fb6bedd94 Delete as3 detecotr 2015-07-13 18:23:39 -05:00
jvazquez-r7 8928c5529c Fix Javascript code 2015-07-13 17:43:04 -05:00
jvazquez-r7 244d9bae64 Add max timeout 2015-07-13 16:52:25 -05:00
jvazquez-r7 9116460cb0 Add prototype with AS3 2015-07-13 16:33:55 -05:00
wchen-r7 8d40d30d47 Comemnt 2015-07-11 23:24:01 -05:00
wchen-r7 88357857a0 These datastore options don't need to set anymore 2015-07-11 23:22:05 -05:00
wchen-r7 89aa00cfc4 Check job workspace 2015-07-10 13:09:42 -05:00
wchen-r7 086de2c030 Pass more options 2015-07-10 12:39:43 -05:00
wchen-r7 513dcf3574 We don't need these methods anymore 2015-07-10 12:12:53 -05:00
Brent Cook 493971245a switch nsock locally to TLS - don't assume self.sock is set 2015-07-10 12:10:53 -05:00
Brent Cook 3495d317b5 Do not lock SMTP STARTTLS to only use SSLv3 
SSLv3 has been deprecated for some time, and is being actively disabled more
and more (http://disablessl3.com, https://tools.ietf.org/html/rfc7568).

To maintain forward compatibility, do not specify a maximum version
and insteady use the default from the local OpenSSL library instead. Fallbacks
to older versions will happen on handshake as needed.
 2015-07-10 11:17:31 -05:00
wchen-r7 21e44f235e Example of doing Flash detection with Flash 2015-07-08 13:18:57 -05:00
wchen-r7 fdb715c9dd Merge branch 'upstream-master' into bapv2 2015-07-07 13:45:39 -05:00
wchen-r7 dc0ce88279 We're note actually using Mubex, it might be causing a crash too 
A problem we are seeing is that sometimes when BAP terminates
(ie: jobs -K), we hit a deadlock while jobs are trying to cleanup,
and sometimes that might cause msfconsole to crash and terminate.
We suspect this Mubex is a contributing factor but it has been hard
to prove because it's very hard to reproduce the crash.
 2015-07-07 00:32:20 -05:00
wchen-r7 4a70e23f9a Add ExploitReloadTimeout datastore option 
Some exploits require more time, and if we try the next exploit too
soon, it may crash the browser.
 2015-07-06 19:20:15 -05:00
jvazquez-r7 3595a23673 Restore #3738 2015-07-06 11:22:22 -05:00
HD Moore 3150549634 Experimental output show/hide for BAPv2 2015-07-05 19:07:10 -05:00
HD Moore d2063c92e1 Refactor datastore names to match standards 2015-07-05 18:21:45 -05:00
HD Moore 7858d63036 Typo 2015-07-02 15:34:44 -05:00
HD Moore 43d47ad83e Port BAPv2 to Auxiliary 2015-07-02 15:29:24 -05:00
HD Moore 6e31b9ef53 Initialize and rename the BES mutex 2015-07-02 15:11:03 -05:00
HD Moore c5c7de0091 Rework browser profiles, get back to functional mode 2015-07-02 14:58:43 -05:00
HD Moore c0969d4497 Fix module.uuid references 2015-07-02 13:45:38 -05:00
HD Moore 0e7f610836 Finish browser profile rework in BES 2015-07-02 12:58:21 -05:00
HD Moore b9a8308138 Replace BAP profiles with a framework-instance hash 2015-07-02 12:53:24 -05:00
HD Moore 87e6325737 Revert BAPv2 changes to framework/libraries/handlers 2015-07-02 12:10:21 -05:00
wchen-r7 7aeb9e555b Change ranking and support CAMPAIGN_ID 2015-06-29 12:13:46 -05:00
wchen-r7 7742d85f2f I guess that's fine 2015-06-27 20:58:19 -05:00
wchen-r7 6136269ace No can't do this 2015-06-27 13:53:29 -05:00