adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
41,886 Commits 27 Branches 1,043 Tags
f8a94de6710abe3042a26a9dca38dcccff2c93be
Commit Graph

1897 Commits

Author SHA1 Message Date
William Vu fcb7981199 Add BIND TKEY DoS 2015-08-01 06:01:35 -05:00
William Vu 61b2ca6675 Land #5781, Msf::Format::Webarchive rename 2015-07-29 13:38:42 -05:00
William Vu 5ff46a5dbd Fix indentation 2015-07-29 11:45:49 -05:00
HD Moore bf96b34108 Tweak module->class 2015-07-28 04:13:35 -07:00
HD Moore 7681d73e01 Relocate Webarchive into the Exploit namespace, fixes #5717 2015-07-28 04:11:17 -07:00
wchen-r7 768de00214 Automatically pass arch & platform from cmdstager 
This allows the cmdstager mixin to automatically pass the arch
and platform information without changing the modules. This should
address the following tickets:

Fix #5727
Fix #5718
Fix #5761
 2015-07-27 14:17:21 -05:00
jvazquez-r7 18636e3b9b Land #5739, @wchen-r7 fixes #5738 updating L/URI HOST/PORT options 2015-07-24 15:45:31 -05:00
William Vu 1f95491b45 Drop bang method and tweak formatting 2015-07-24 10:35:47 -05:00
wchen-r7 6720a57659 Fix #5761, pass the correct arch and platform for exe generation 
Fix #5761
 2015-07-23 01:34:44 -05:00
jvazquez-r7 035c0a8a38 Fix #5078 by improving actual_timeout calculation 2015-07-20 11:27:48 -05:00
jvazquez-r7 1a9664fcba Delete default option 2015-07-20 09:54:51 -05:00
wchen-r7 da445a52aa Update URIHOST and URIPORT 2015-07-16 14:27:46 -05:00
wchen-r7 1fdbcc71c1 Support URIHOST and URIPORT for exploit URI generation 2015-07-16 14:10:49 -05:00
xistence 7f05403ae0 Added certutil cmdstager 2015-07-16 13:20:05 +07:00
jvazquez-r7 886ca47dfb Land #5650, @wchen-r7's browser autopwn 2 2015-07-15 10:21:44 -05:00
wchen-r7 4f8f640189 Rename autopwnv2 to just autopwn2 2015-07-14 17:38:51 -05:00
jvazquez-r7 709676e6cc Make exploits quiet 2015-07-14 17:00:44 -05:00
wchen-r7 219d0032fa Do print_good to make this important stand up more 2015-07-14 15:36:35 -05:00
wchen-r7 1992a5648d Make up our damn mind 2015-07-14 15:09:23 -05:00
wchen-r7 d64f4be691 Check if URIPORT is 0 2015-07-14 14:45:10 -05:00
wchen-r7 5e63b5f93e Can't use cli 2015-07-14 14:37:45 -05:00
wchen-r7 cf714fe4aa Change port logic too 2015-07-14 14:19:00 -05:00
wchen-r7 61d49f29e8 Check nil for SRVHOST option 2015-07-14 14:16:49 -05:00
wchen-r7 8efb4df8af Change the HOST IP logic again 2015-07-14 14:15:32 -05:00
wchen-r7 9980e8f285 Change SRVHOST vs URIHOST vs Rex again 2015-07-14 14:06:33 -05:00
wchen-r7 f76fe07872 Fix SRVHOST 2015-07-14 13:49:28 -05:00
William Vu 9be030bbff Fix nil in executable generation 2015-07-14 18:47:33 +00:00
wchen-r7 9dddb13d0b Slow down on killing exploits 
Jobs aren't thread safe, so we kind of have to take it easy.
 2015-07-14 13:10:57 -05:00
wchen-r7 2264efac15 Reduce output 2015-07-14 12:22:38 -05:00
HD Moore 100d3c8d46 A number of small fixes for BAPv2 
* Use module.register_parent() to pass WORKSPACE and other fields
* Prevent partial resource matching in URIs
* Make disclosure_date sorting resilient
 2015-07-14 11:40:28 -05:00
wchen-r7 0582e7e3ca Return nil instead of "null" 
A scenario is when FF disables Flash, BES returns "null", and when
modules try to use Gem::Version, the "null" is considered a malformed
data and it won't be able to continue.
 2015-07-14 01:25:41 -05:00
wchen-r7 8384be6466 Fix rand_text_alpha and bump max exploit count to 21 2015-07-14 01:02:01 -05:00
wchen-r7 d6565a9aee Merge branch 'bes_flash' into bapv2_flash_test 2015-07-14 00:34:54 -05:00
jvazquez-r7 8fb6bedd94 Delete as3 detecotr 2015-07-13 18:23:39 -05:00
jvazquez-r7 8928c5529c Fix Javascript code 2015-07-13 17:43:04 -05:00
jvazquez-r7 244d9bae64 Add max timeout 2015-07-13 16:52:25 -05:00
jvazquez-r7 9116460cb0 Add prototype with AS3 2015-07-13 16:33:55 -05:00
wchen-r7 8d40d30d47 Comemnt 2015-07-11 23:24:01 -05:00
wchen-r7 88357857a0 These datastore options don't need to set anymore 2015-07-11 23:22:05 -05:00
wchen-r7 89aa00cfc4 Check job workspace 2015-07-10 13:09:42 -05:00
wchen-r7 086de2c030 Pass more options 2015-07-10 12:39:43 -05:00
wchen-r7 513dcf3574 We don't need these methods anymore 2015-07-10 12:12:53 -05:00
Brent Cook 493971245a switch nsock locally to TLS - don't assume self.sock is set 2015-07-10 12:10:53 -05:00
Brent Cook 3495d317b5 Do not lock SMTP STARTTLS to only use SSLv3 
SSLv3 has been deprecated for some time, and is being actively disabled more
and more (http://disablessl3.com, https://tools.ietf.org/html/rfc7568).

To maintain forward compatibility, do not specify a maximum version
and insteady use the default from the local OpenSSL library instead. Fallbacks
to older versions will happen on handshake as needed.
 2015-07-10 11:17:31 -05:00
wchen-r7 21e44f235e Example of doing Flash detection with Flash 2015-07-08 13:18:57 -05:00
wchen-r7 fdb715c9dd Merge branch 'upstream-master' into bapv2 2015-07-07 13:45:39 -05:00
wchen-r7 dc0ce88279 We're note actually using Mubex, it might be causing a crash too 
A problem we are seeing is that sometimes when BAP terminates
(ie: jobs -K), we hit a deadlock while jobs are trying to cleanup,
and sometimes that might cause msfconsole to crash and terminate.
We suspect this Mubex is a contributing factor but it has been hard
to prove because it's very hard to reproduce the crash.
 2015-07-07 00:32:20 -05:00
wchen-r7 4a70e23f9a Add ExploitReloadTimeout datastore option 
Some exploits require more time, and if we try the next exploit too
soon, it may crash the browser.
 2015-07-06 19:20:15 -05:00
jvazquez-r7 3595a23673 Restore #3738 2015-07-06 11:22:22 -05:00
HD Moore 3150549634 Experimental output show/hide for BAPv2 2015-07-05 19:07:10 -05:00