de1542e589
Add module for CVE-2015-3090
2015-06-18 12:36:14 -05:00
8ed13b1d1b
Add linux support for CVE-2014-0515
2015-06-11 16:18:50 -05:00
0d979f61ae
Minor fixups on newish modules
2015-06-10 11:09:42 -05:00
318f67fcda
update descriptions
2015-06-05 09:01:20 -05:00
71a8487091
Correct Flash version in the module description
...
There is no 11.2.202.404, mang.
2015-06-04 23:46:41 -05:00
02181addc5
Update CVE-2014-0556
2015-06-04 18:23:50 -05:00
23df66bf3a
Land #5481 , no powershell. exec shellcode from the renderer process.
2015-06-04 15:45:09 -05:00
ab68d8429b
Add more targets
2015-06-04 12:11:53 -05:00
80cb70cacf
Add support for Windows 8.1/Firefox
2015-06-03 22:46:04 -05:00
74117a7a52
Allow to execute payload from the flash renderer
2015-06-03 16:33:41 -05:00
2a260f0689
Update description
2015-05-28 15:18:05 -05:00
e5d42850c1
Add support for Linux to CVE-2015-0336
2015-05-27 17:05:10 -05:00
95b5ff6bea
Minor fixups on recent modules.
...
Edited modules/auxiliary/admin/http/netgear_soap_password_extractor.rb
first landed in #5301 , @m-1-k-3's aux module to extract passwords from
Netgear soap interfaces
Edited modules/auxiliary/scanner/http/influxdb_enum.rb first landed in
Edited modules/auxiliary/scanner/http/title.rb first landed in #5333 ,
HTML Title Grabber
Edited modules/exploits/multi/browser/adobe_flash_uncompress_zlib_uaf.rb
first landed in #5401 , multi-platform CVE-2015-0311 - Flash uncompress()
UAF
Edited modules/exploits/unix/webapp/wp_revslider_upload_execute.rb first
landed in #5290 , Wordpress RevSlider Module
2015-05-26 17:00:10 -05:00
b9f9647ab1
Use all the BES power
2015-05-21 14:06:41 -05:00
aa919da84d
Add the multiplatform exploit
2015-05-20 18:57:59 -05:00
db999d2c62
Remove ff 31-34 exploit from autopwn, requires interaction.
2015-05-03 10:42:21 -05:00
ab94f15a60
Take care of modules using the 'DEBUG' option
2015-04-21 12:13:40 -05:00
4224008709
Delete print_debug/vprint_debug
2015-04-21 11:14:03 -05:00
cd65e6f282
Add browser_autopwn info to firefox_proxy_prototype
2015-04-06 10:42:32 +05:00
21a97c0926
Add exploit for R7-2015-04, Firefox Proxy RCE
2015-03-23 13:44:41 -05:00
3075c56064
Fix "response HTML" message
...
In modules/exploits/multi/browser/firefox_xpi_bootstrapped_addon.rb.
2015-03-07 17:08:08 -06:00
0bf3a9cd55
Fix duplicate :ua_maxver key.
2014-12-22 14:57:44 -06:00
35d3bbf74d
Fix up comment splats with the correct URI
...
See the complaint on #4039 . This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
a65ee6cf30
Land #3373 , recog
...
Conflicts:
Gemfile
Gemfile.lock
data/js/detect/os.js
lib/msf/core/exploit/remote/browser_exploit_server.rb
modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-10-03 18:05:58 -05:00
bfadfda581
Fix typo on match string for opera_configoverwrite
2014-09-29 15:34:35 -05:00
d9e6f2896f
Add the JSObfu mixin to a lot of places.
2014-09-21 23:45:59 -05:00
85b48fd437
Land #3736 - Revert initial ff xpi prompt bypass for Firefox 22-27
2014-09-04 16:08:15 -05:00
f7617183d9
Revert "Add initial firefox xpi prompt bypass."
...
This reverts commit ebcf972c08
2014-09-02 12:27:41 -05:00
26cfed6c6a
Rename exploit module.
2014-08-26 23:05:41 -05:00
96276aa6fa
Get the disclosure date right.
2014-08-26 20:36:58 -05:00
52f33128cd
Add Firefox WebIDL Javascript exploit.
...
Also removes an incorrect reference from another FF exploit.
2014-08-26 20:35:17 -05:00
e2e2dfc6a3
Undo FF
2014-08-19 17:47:44 -05:00
b93fda5cef
Remove browser_autopwn hook from deprecated FF module.
2014-08-18 15:33:43 -05:00
87aa63de6e
Deprecate FF17 SVG exploit.
...
This exploit needs flash, the tostring_console injection one does not.
2014-08-18 15:32:51 -05:00
6d92d701d7
Merge feature/recog into post-electro master for this PR
2014-08-16 01:19:08 -05:00
6d958475d6
Oops, this doesn't work on 23, only 22.
2014-08-15 17:00:58 -05:00
fb1fe7cb8b
Add some obfuscation.
2014-08-15 16:54:30 -05:00
b574a4c4c5
Wow, this gets a shell all the way back to 15.0.
2014-08-15 16:39:36 -05:00
5706371c77
Update browser autopwn settings.
2014-08-15 16:32:06 -05:00
8c63c8f43d
Add browserautopwn hook now that this is not user-assisted.
2014-08-15 16:28:21 -05:00
694d917acc
No need for web console YESSSS
2014-08-15 16:02:26 -05:00
738a295f0a
Rename module to tostring_console*.
2014-08-15 15:17:37 -05:00
f182613034
Invalid CVE format.
2014-08-15 15:09:45 -05:00
edb9d32e5c
Add module for toString() injection in firefox.
2014-08-15 15:08:10 -05:00
8937fbb2f5
Fix email format
2014-07-11 12:45:23 -05:00
583dab62b2
Introduce and use OS matching constants
2014-05-28 14:35:22 -05:00
a844b5c30a
Merge branch 'master' of github.com:hmoore-r7/metasploit-framework into feature/recog
...
Conflicts:
Gemfile
Gemfile.lock
data/js/detect/os.js
lib/msf/core/exploit/remote/browser_exploit_server.rb
2014-05-18 10:50:32 -05:00
0b2737da7c
Two more java payloads that wanted to write RHOST
...
There are three total, and they're all copy-pasted from the original
module from 2009. I suspect this idiom isn't used at all any more -- I
can't detect a difference in the payload if I just declare a host being
cli.peerhost, rather than rewriting RHOST to be cli.peerhost.
[SeeRM #8498 ]
2014-04-14 22:22:30 -05:00
775b0de3c0
Replace RHOST reassing with just host
...
This looks okay from debug (the host looks like it's generating okay)
but there may be some subtle thing I'm not seeing here. @wchen-r7 can
you glance at this please?
[SeeRM #8498 ]
2014-04-14 22:17:31 -05:00
577bd7c855
Land #3146 , @wchen-r7's flash version detection code
2014-04-02 15:13:41 -05:00
jvazquez-r7