6d958475d6
Oops, this doesn't work on 23, only 22.
2014-08-15 17:00:58 -05:00
fb1fe7cb8b
Add some obfuscation.
2014-08-15 16:54:30 -05:00
b574a4c4c5
Wow, this gets a shell all the way back to 15.0.
2014-08-15 16:39:36 -05:00
5706371c77
Update browser autopwn settings.
2014-08-15 16:32:06 -05:00
8c63c8f43d
Add browserautopwn hook now that this is not user-assisted.
2014-08-15 16:28:21 -05:00
694d917acc
No need for web console YESSSS
2014-08-15 16:02:26 -05:00
738a295f0a
Rename module to tostring_console*.
2014-08-15 15:17:37 -05:00
f182613034
Invalid CVE format.
2014-08-15 15:09:45 -05:00
edb9d32e5c
Add module for toString() injection in firefox.
2014-08-15 15:08:10 -05:00
8937fbb2f5
Fix email format
2014-07-11 12:45:23 -05:00
583dab62b2
Introduce and use OS matching constants
2014-05-28 14:35:22 -05:00
a844b5c30a
Merge branch 'master' of github.com:hmoore-r7/metasploit-framework into feature/recog
...
Conflicts:
Gemfile
Gemfile.lock
data/js/detect/os.js
lib/msf/core/exploit/remote/browser_exploit_server.rb
2014-05-18 10:50:32 -05:00
0b2737da7c
Two more java payloads that wanted to write RHOST
...
There are three total, and they're all copy-pasted from the original
module from 2009. I suspect this idiom isn't used at all any more -- I
can't detect a difference in the payload if I just declare a host being
cli.peerhost, rather than rewriting RHOST to be cli.peerhost.
[SeeRM #8498 ]
2014-04-14 22:22:30 -05:00
775b0de3c0
Replace RHOST reassing with just host
...
This looks okay from debug (the host looks like it's generating okay)
but there may be some subtle thing I'm not seeing here. @wchen-r7 can
you glance at this please?
[SeeRM #8498 ]
2014-04-14 22:17:31 -05:00
577bd7c855
Land #3146 , @wchen-r7's flash version detection code
2014-04-02 15:13:41 -05:00
ebcf972c08
Add initial firefox xpi prompt bypass.
2014-04-01 23:48:35 -05:00
7e227581a7
Rework OS fingerprinting to match Recog changes
...
This commit changes how os_name and os_flavor are handled
for client-side exploits, matching recent changes to the
server-side exploits and scanner fingerprints.
This commit also updates the client-side fingerprinting to
take into account Windows 8.1 and IE 9, 10, and 11.
2014-04-01 08:14:58 -07:00
a173fcf2fa
Flash detection for firefox_svg_plugin
...
Good test case
2014-03-28 15:39:25 -05:00
80808fc98c
Cleans up firefox SVG plugin.
2014-03-26 13:12:39 -05:00
170608e97b
Fix first chunk of msftidy "bad char" errors
...
There needs to be a better way to go about preventing/fixing these.
2014-03-11 11:18:54 -05:00
6c490af75e
Add randomization to Rex::Zip::Jar and java_signed_applet
2014-02-27 12:38:52 -06:00
2d93b38e2a
Fixed java_signed_applet for Java 7u51
2014-02-07 16:29:50 +01:00
b3b04c4159
Fix both firefox js exploits to use browser_autopwn.
2014-01-11 17:34:38 -06:00
06fb2139b0
Digging around to get shell_command_token to work.
2014-01-02 14:05:06 -06:00
1b0e99b448
Update proto_crmfrequest module.
2014-01-02 10:48:28 -06:00
694cb11025
Add firefox platform, architecture, and payload.
...
* Enables chrome privilege exploits in firefox to run a javascript cmd
shell session without touching the disk.
* Adds a spec for the addon_generator.
2014-01-02 10:48:28 -06:00
7f9f4ba4db
Make gsubs compliant with the new indentation standard
2013-12-31 11:06:53 -06:00
8e27e87c81
Use the right disclosure date.
2013-12-19 12:58:52 -06:00
955dfe5d29
msftidy it up.
2013-12-19 12:53:58 -06:00
b50bbc2f84
Update module to use sinn3r's beautiful browserexploitserver.
2013-12-19 12:49:24 -06:00
eb08a30293
Update description with new version support.
2013-12-19 02:08:55 -06:00
5ee6c77901
Add a patch for 15.x support.
...
* Also add authors i forgot, oops
2013-12-19 02:05:45 -06:00
2add2acc8f
Use a smaller key size, harder to spot.
2013-12-18 21:02:23 -06:00
8d183d8afc
Update versions, 4.0.1 does not work on windows.
2013-12-18 20:57:47 -06:00
cb390bee7d
Move comment.
2013-12-18 20:37:33 -06:00
23b5254ea1
Fix include reference.
2013-12-18 20:35:43 -06:00
5255f8da12
Clean up code. Test version support.
...
* Using #get in Object#defineProperty call makes the payload execute immediately
on all supported browsers I tested.
* Moved Ranking to Excellent since it is now 100% reliable.
2013-12-18 20:30:08 -06:00
64273fe41d
Move addon datastore options into mixin.
2013-12-18 14:42:01 -06:00
ca2de73879
It helps to actually commit the exploit.
2013-12-18 14:31:42 -06:00
1235615f5f
Add firefox 15 chrome privilege exploit.
...
* Moves the logic for generating a firefox addon into its own mixin
* Updates the firefox_xpi_bootstrapped_addon module to use the mixin
* Module only works if you move your mouse 1px in any direction.
2013-12-18 14:30:35 -06:00
004c1bac78
Reduce number of modules available on BrowserAutopwn
2013-11-12 12:37:29 -06:00
2aed8a3aea
Update modules to use new ZDI reference
2013-10-21 15:13:46 -05:00
032da9be10
Land #2426 - make use of Msf::Config.data_directory
2013-10-21 13:07:33 -05:00
c83262f4bd
Resplat another common boilerplate.
2013-10-15 14:07:48 -05:00
23d058067a
Redo the boilerplate / splat
...
[SeeRM #8496 ]
2013-10-15 13:51:57 -05:00
0acb170ee8
Bug #8419 - Added platform info missing on exploits
2013-10-08 22:41:50 -04:00
7ba846ca24
Find and replace
2013-09-26 20:34:48 +01:00
c547e84fa7
Prefer Ruby style for single word collections
...
According to the Ruby style guide, %w{} collections for arrays of single
words are preferred. They're easier to type, and if you want a quick
grep, they're easier to search.
This change converts all Payloads to this format if there is more than
one payload to choose from.
It also alphabetizes the payloads, so the order can be more predictable,
and for long sets, easier to scan with eyeballs.
See:
https://github.com/bbatsov/ruby-style-guide#collections
2013-09-24 12:33:31 -05:00
41e4375e43
Retab modules
2013-08-30 16:28:54 -05:00
ca313806ae
Trivial grammar and word choice fixes for modules
2013-08-19 13:24:42 -05:00
joev