adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
23,239 Commits 27 Branches 1,043 Tags
bdb27b2cca5ea9ee2dbbc6100604dbebff0cfb21
Commit Graph

154 Commits

Author SHA1 Message Date
Meatballs d8ea11b851 Redirect HTTP too 2014-02-10 23:41:15 +00:00
jvazquez-r7 57320a59f1 Do small clean up for mediawiki_thumb pr 2014-02-10 08:57:09 -06:00
Meatballs 26c506da42 Naming of follow method 2014-02-04 15:25:51 +00:00
Meatballs a8ff6eb429 Refactor send_request_cgi_follow_redirect 2014-02-03 21:49:49 +00:00
Meatballs 9fa9402eb2 Better check and better follow redirect 2014-02-02 16:07:46 +00:00
Meatballs 0d3a40613e Add auto 30x redirect to send_request_cgi 2014-02-02 15:03:44 +00:00
Tod Beardsley 90207628cc Land #2666, SSLCompression option 
[SeeRM #823], where Stephen was asking for SSL compression for
Meterpreter -- this isn't that, but it's at least now possible for other
Metasploit functionality.
 2014-01-22 10:42:13 -06:00
Tod Beardsley 0b6e03df75 More comment docs on SSLCompression 2014-01-21 16:48:26 -06:00
Tod Beardsley b8219e3e91 Warn the user about SSLCompression 2014-01-21 16:41:45 -06:00
William Vu ff9cb481fb Land #2464, fixes for llmnr_response and friends 
Fixed conflict in lib/msf/core/exploit/http/server.rb.
 2013-12-10 13:41:45 -06:00
jvazquez-r7 a32c9e5efc Fix fail_with on Exploit::Remote::HttpClient 2013-11-27 11:19:46 -06:00
Joe Vennix 3ff9da5643 Remove compression options from client sockets. 
I couldn't verify that it was working, as it always sends 1 compression type of NULL.
 2013-11-20 14:41:45 -06:00
Joe Vennix f8b57d45cd Reenable the client SSLCompression advanced option. 
Add spec for some of the additions to Rex::Proto::Http::Client
 2013-11-20 01:03:13 -06:00
Joe Vennix 109fc5a834 Add SSLCompression datastore option. 
Also disables the compression by default. TLS-level compression is almost
never used by browsers, and openssl seems to be the only one that enables
it by default.

This also kills some ruby < 1.9.3 code.
 2013-11-19 22:34:39 -06:00
jvazquez-r7 f690667294 Land #2617, @FireFart's mixin and login bruteforcer for TYPO3 2013-11-18 13:37:16 -06:00
jvazquez-r7 ef6d9db48f Land #2613, @wchen-r7's BrowserExploitServer mixin 2013-11-12 17:33:12 -06:00
Tod Beardsley 2035983d3c Fix a handful of msftidy warnings, and XXX SSL 
Marked the SSL stuff as something that needs to be resolved in order to
fix a future bug in datastore manipulation. Also, fixed some whitespace
and exec complaints

[SeeRM #8498]
 2013-11-11 21:23:35 -06:00
FireFart bdd33d4daf implement feedback from @jlee-r7 2013-11-07 23:07:58 +01:00
FireFart aab4d4ae76 first commit for typo3 2013-11-07 22:38:27 +01:00
sinn3r 991240a87e Support java version detection 2013-11-07 00:54:52 -06:00
sinn3r 5f2d8358c0 Be more browser specific with Javascript generation 2013-11-05 01:04:52 -06:00
sinn3r 6e7e5a0ff9 Put postInfo() in the js directory 2013-10-31 13:55:22 -05:00
sinn3r 00efad5c5d Initial commit for BrowserExploitServer mixin 2013-10-31 13:17:06 -05:00
sinn3r afcce8a511 Merge osdetect and addonsdetect 2013-10-22 01:11:11 -05:00
sinn3r 99d5da1f03 We can simplify this 2013-10-21 20:22:45 -05:00
sinn3r 9a3e719233 Rework the naming style 2013-10-21 20:16:37 -05:00
sinn3r 8a94df7dcd Change category name for base64 2013-10-18 21:20:16 -05:00
sinn3r 6f04a5d4d7 Cache Javascript 2013-10-18 12:23:58 -05:00
sinn3r b0d614bc6a Cleaning up requires 2013-10-18 01:47:27 -05:00
sinn3r c926fa710b Move all exploitation-related JavaScript to their new home 2013-10-17 16:43:29 -05:00
sinn3r 4c91f2e0f5 Add detection code MS Office 
Add detection code for MS Office XP, 2003, 2007, 2010, and 2012.

[SeeRM #8413]
 2013-10-15 16:27:23 -05:00
sinn3r da3081e1c8 [FixRM 8482] Fix uninit constant Rex::Exploitation::JavascriptOSDetect 
This fixes an uninit constant Rex::Exploitation::JavascriptOSDetect
while using a module with js_os_detect. It was originally reported
by Metasploit user @viniciuskmax

[FixRM 8482]
 2013-10-14 11:40:46 -05:00
James Lee b822a41004 Axe errant tabs and unused vars 2013-10-02 13:47:39 -05:00
jvazquez-r7 58d4096e0f Resolv conflicts on #2267 2013-09-25 13:06:14 -05:00
HD Moore 72dff03426 FixRM #8396 change all lib use of regex to 8-bit pattern 2013-09-12 16:58:49 -05:00
Tab Assassin f5a4c05dbc Retab changes for PR #2267 2013-09-05 14:11:03 -05:00
Tab Assassin 4703a10b64 Merge for retab 2013-09-05 14:10:58 -05:00
Tab Assassin 7e5e0f7fc8 Retab lib 2013-08-30 16:28:33 -05:00
Christian Mehlmauer 035258389f use feed first before trying to bruteforce 2013-08-25 10:16:43 +02:00
Christian Mehlmauer 7cd150b850 another module 2013-08-24 18:42:22 +02:00
jvazquez-r7 491ea81acf Fix calls to fail_with from mixins 2013-08-19 16:42:52 -05:00
James Lee 1ac1d322f2 Dup before modifying 
Because `remove_resource` modifies @my_resources, we can't call it while
iterating over the actual @my_resources. The following snippet
illustrates why:

```
>> a = [1,2,3,4]; a.each {|elem| a.delete(elem); puts elem }
1
3
=> [2, 4]
```

[See #2002]
 2013-07-12 00:57:10 -05:00
James Lee 38e837dc28 Remove inaccurate comment 2013-07-11 22:48:35 -05:00
James Lee 3c42fe594e No need to have rescue around a print 2013-06-21 15:55:43 -05:00
James Lee 2c12a43e77 Add a method for dealing with hardcoded URIs 2013-06-21 15:48:02 -05:00
James Lee 39d011780e Move deletion into #remove_resource 
Doing it here means that modules manually calling remove_resource won't
screw up the cleanup
 2013-06-21 15:34:54 -05:00
James Lee e8a92eb196 Keep better track of resources 
[See #1623]
[SeeRM #7692]
 2013-06-21 14:51:47 -05:00
HD Moore 819080a147 Enable rhost/rport option overrides in HttpClient 2013-06-17 11:45:01 -05:00
sinn3r 8e2de6d14f Updates js_property_spray documentation 
After many tests, it turns out address 0x0c0d2020 is the most
consistent location acorss various IE versions.  For dev purposes,
it's rather important to have this documented somewhere.

Thanks to corelanc0d3r for the data.
 2013-06-07 00:28:22 -05:00
jvazquez-r7 5cfc306466 Land @1785, @wchen-r7's API addition for the mstime ie8 technique 2013-05-02 00:00:49 -05:00