daae46d37b
Fixes #7552 , fix apk injection into proguarded apks
2016-11-21 15:05:59 +08:00
643a5511cf
Bump version of framework to 4.13.1
2016-11-18 10:01:48 -08:00
cd01b07682
Land #7565
...
Lands print_bad and vprint_bad from todb-r7
2016-11-18 13:29:39 -05:00
202009b50b
Land #7570 , async print fix
...
Land's jennamagius' fix for async console printing
outoupt from jobs no longers screws the console prompt
up. w00t!
2016-11-18 11:25:18 -06:00
66ba2b077b
Land #7567 , fix apk injection when template has no permissions
2016-11-17 11:42:54 +00:00
739c9c1315
Ensure cursor is positioned appropriately if it is not at the end of a line when async prints arrive
2016-11-16 21:07:50 -07:00
491a3a3162
Prevent the input prompt from being mangled by asynchronous prints.
2016-11-16 20:43:07 -07:00
383314530a
Bump version of framework to 4.13.0
2016-11-16 07:48:26 -08:00
927e195e28
Generate payload apk from permissionless apk
2016-11-16 00:48:10 -04:00
1deacad2be
Add a print_bad alias for print_error
...
Came up on Twitter, where Justin may have been trolling a little:
https://twitter.com/jstnkndy/status/798671298302017536
We have a `print_good` method, but not a `print_bad`, which seems a
little weird for Ruby -- opposite methods should be intuitive as Justin
is implying.
Anyway, I went with alias_method, thanks to the compelling argument at
https://github.com/bbatsov/ruby-style-guide#alias-method
...since Metasploit is all about the singleton, and didn't want to risk
some unexpected scoping thing.
Also dang, we define the `print_` methods like fifty billion times!
Really should fix that some day.
2016-11-15 19:20:42 -06:00
7e4645afb3
Land #7527 , Add LURI support to the reverse_http/s stagers
2016-11-15 16:31:20 -06:00
5490fda0ae
Merge remote-tracking branch 'upstream/master' into land-7261
2016-11-14 16:49:28 -06:00
98a54cd458
Merge branch 'upstream-master' into land-7456-android-hide-app
2016-11-14 02:43:04 -06:00
fbcc4baf58
Land #7553 , apk inject cert fix
...
Lands dana-at-cp's fix for the certtool localization
issues for the APK injection routine.
Fixes #7524
2016-11-11 12:54:41 -06:00
f116ad2c59
Bump version of framework to 4.12.42
2016-11-11 10:02:14 -08:00
c0e839dfd9
Fixes keytool bug in APK inject code
2016-11-11 06:12:47 -08:00
2c39a14ada
Bump version of framework to 4.12.41
2016-11-04 10:02:13 -07:00
dae1f26313
Land #7521 , Modernize TLS protocol configuration for SMTP / SQL Server
2016-11-03 12:56:50 -05:00
47ac122c15
Add LURI support to the reverse_http/s stagers
2016-11-03 14:51:07 +10:00
a7c8060af5
Land #7523 , Fix template location for psh payload creation
2016-11-02 12:09:20 -05:00
451686309b
fixes #7519 psh payload generation
...
a few files references to the templates for pwoershell were
missed when transfering the templates over to the rex-powershell gem
2016-11-01 14:32:40 -05:00
51ad285521
Landing #7517 Nexpose API error fix
2016-11-01 12:02:35 -05:00
6577728fa9
enable auto-negotiation for TLS version with SQL Server
2016-11-01 05:45:27 -05:00
f08a7ac10b
modernize default smtp_deliver TLS options
2016-11-01 05:42:05 -05:00
ac0984e8dd
this fixes an issue with nexposeapi errors
...
on newer versions of the nexpose api the error
XML schema has been changed, this prevents the
exception from being generated correctly
MS-289
2016-10-31 13:42:15 -05:00
ffc62964d6
Bump version of framework to 4.12.40
2016-10-28 10:02:36 -07:00
9672759be8
Land #7462 , Add support for Unicode domains
2016-10-26 16:47:09 -05:00
6a23168800
Bump version of framework to 4.12.39
2016-10-25 12:22:52 -07:00
5ce886cf5c
Land #7490 , xml importer fingerprinting fixed
2016-10-25 14:13:15 -05:00
c83474ea5c
Land #7488 Allows DRDoS mixin to handle empty responses
2016-10-25 13:53:39 -05:00
56d5c49d4d
host was no associated with the workspace
...
* searching mdm host by wspace id instead
2016-10-25 12:05:06 -05:00
1378e2e61a
preserve hosts should still fingerprint new hosts
2016-10-25 09:58:30 -05:00
744724c083
conditionalize fingerprinting
...
* fix bug where host not preserved
2016-10-24 18:45:48 -05:00
e29567f390
Bump version of framework to 4.12.38
2016-10-24 14:25:47 -07:00
12508f7140
Fix DRDoS mixin to handle empty responses
2016-10-24 14:21:28 -07:00
39b889ea29
Land #7459 , Delay fingerprinting during import
2016-10-24 10:47:25 -05:00
ba3830c100
Land #7485 , lib/rex/post/gen.pl removal
2016-10-24 09:56:41 -05:00
bf59ba526a
Bump version of framework to 4.12.37
2016-10-24 07:35:41 -07:00
66a1b57c17
delete lib/rex/post/gen.pl
2016-10-24 08:53:45 -05:00
ce1f3e6b9e
Land #7451 , copy original signing certificate when backdooring APK
2016-10-22 18:04:22 +08:00
6b77f509ba
fixes bad file refs for cmdstagers
...
when moving to the rex-exploitation gem some of the
file references were missed, partially due to silly differences
between how each file was referenced
Fixes #7466
2016-10-21 12:31:18 -05:00
de87fccf85
Land #7469 , OJ's php preamble fix
...
this is OJ's fix for the bind_php payload
preamble that causes it to be missing the php
tags
2016-10-21 12:05:39 -05:00
8e0d866976
Bump version of framework to 4.12.36
2016-10-21 10:02:09 -07:00
b8e30a241e
Copy original cert data into new signing cert created for APK injection
2016-10-20 08:43:45 -07:00
1644a1e20b
Change how we populate workgroup/domain data
2016-10-19 17:24:26 -05:00
95294b00d1
Whitespace
2016-10-19 17:13:07 -05:00
078496437f
Make sure that the ntlm blob data is pasrsed into UTF-8
2016-10-19 17:11:04 -05:00
f18cbd655e
delay fingerprinting of host
...
MS-2073
* imports are slow mainly caused by fingerprinting after every service creation
* now only fingerprints after all the services are created for imports
2016-10-18 17:42:48 -05:00
43fd0a8813
Land #7436 , Put Rex-exploitation Gem Back
2016-10-18 16:03:54 -05:00
67d07a715c
add android_hide_app_icon
2016-10-17 19:02:48 +08:00
Tim