f30309fe81
Land #3919 , @wchen-r7's Fixes #3914 , Inconsistent unicode names
2014-10-08 14:46:14 -05:00
dbc199ad77
space after commas
2014-10-08 13:56:59 -05:00
17f278effd
Fix #3822 - Support file:// syntax for check()
2014-10-06 13:37:14 -05:00
a65ee6cf30
Land #3373 , recog
...
Conflicts:
Gemfile
Gemfile.lock
data/js/detect/os.js
lib/msf/core/exploit/remote/browser_exploit_server.rb
modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-10-03 18:05:58 -05:00
097d2bfbb5
Land #3922 : Metasploit Park banner
2014-10-03 16:32:56 -05:00
d048bb7725
Add some color to the msfpark banner
...
It looks kind of naked without some color compared to all the other
banners.
2014-10-03 14:52:54 -05:00
f7e709dcb3
Land #3941 , new WPVDB reference
2014-10-03 10:17:02 -05:00
f45b89503d
change WPVULNDBID to WPVDB
2014-10-03 17:13:18 +02:00
6d7870a4ac
Land #3934 - New :vuln_test option to BES
2014-10-02 16:31:50 -05:00
33b37727c7
Added wpvulndb links
2014-10-02 23:03:31 +02:00
6571213f1c
Remove un-truthy doc string.
2014-10-01 23:41:02 -05:00
5a8eca8946
Adds a :vuln_test option to BES, just like in BAP.
...
I needed this to run a custom JS check for the Android
webview vuln when the exploit is served straight
through BES. The check already existed when using BAP,
so I tried to preserve that syntax, and also added a
:vuln_test_error as an optional error message.
This commit also does some mild refactoring of un-
useful behavior in BES.
2014-10-01 23:34:31 -05:00
b1b8cba4c5
Rescue an IOError on channel double-close.
...
This was causing output from python meterpreter
commands run on OSX to be discarded when the error
was raised, making cmd_exec not-so-useful.
2014-10-01 22:35:41 -05:00
5cb016c1b1
Use Match constant in BES as well
2014-10-01 16:17:13 -05:00
a75d47aad9
Use yardoc for new methods
...
Also substitute '&&' for 'and', and fix some whitespace
2014-10-01 16:02:33 -05:00
909ac522d1
Add metasploit-park.txt banner to msfconsole
...
Obviously a homage to Jurassic Park. :)
2014-09-30 16:28:23 -05:00
1e2d860ae1
Fix #3914 - Inconsistent unicode names
2014-09-30 12:19:27 -05:00
9e5826c4eb
Land #3844 - Add the JSObfu mixin to Firefox exploits
2014-09-29 11:15:14 -05:00
d5959d6bd6
Land #2585 , Refactor Bypassuac with Runas Mixin
2014-09-28 09:24:22 +01:00
e14dd9900b
Land #3896 , Change Max LOGLEVEL to 3
2014-09-28 09:18:29 +01:00
67c25c20ca
Land #3357 , Run Local Exploits in AutoRunScript
2014-09-28 09:12:26 +01:00
3fc57109e6
Dont rescue Exception
2014-09-28 09:12:03 +01:00
ae82ebc734
Change max LogLevel to 3
...
There is no such thing as a LogLevel 5.
2014-09-26 14:20:47 -05:00
a31b4ecad9
Merge branch 'review_3893' into test_land_3893
2014-09-26 08:41:43 -05:00
86f85a356d
Add DHCP server module for CVE-2014-6271
2014-09-26 01:24:42 -05:00
bdac82bc7c
Fix lib/msf/core/exploit/dhcp.rb
2014-09-25 22:18:26 -03:00
2b02174999
Yank Android->jsobfu integration. Not really needed currently.
2014-09-25 16:00:37 -05:00
b96a7ed1d0
Install a global object in firefox payloads, bump jsobfu.
2014-09-24 16:05:00 -05:00
5d234c0e01
Pass #send in this so jsobfu is not confused.
2014-09-24 15:07:14 -05:00
650b65250f
Merge branch 'master' of github.com:rapid7/metasploit-framework into upstream-master
2014-09-22 11:51:10 -07:00
4e9f1282de
Land #3834 , @jabra-'s updates to UDPscanner to support spoofing
2014-09-22 11:49:53 -07:00
e86b18cdd4
Add sanity check for NUM_REQUESTS
2014-09-22 11:48:39 -07:00
f61afe2598
Merge branch 'master' into bug/MSP-11368/boot-profiling
...
MSP-11368
2014-09-22 10:00:07 -05:00
ebacb26e51
Land #3838 , msfvenom badchar fix
2014-09-22 03:08:57 -05:00
d9e6f2896f
Add the JSObfu mixin to a lot of places.
2014-09-21 23:45:59 -05:00
e1cfc74c32
Move jsobfu to a mixin
2014-09-21 00:39:04 -05:00
cd037466a6
upate doc
2014-09-20 23:40:47 -05:00
9191af6241
Update js_obfuscate
2014-09-20 23:38:35 -05:00
a9420befa4
Default to 0
2014-09-20 21:39:20 -05:00
046045c608
Chagne option description
2014-09-20 21:38:57 -05:00
fd5aee02d7
Update js_obfuscate
2014-09-20 21:36:17 -05:00
7bab825224
Last changes
2014-09-20 18:39:09 -05:00
135bed254d
Update BrowserExploitServer for JSObfu
2014-09-20 17:59:36 -05:00
d9a713b415
Decode the badchars string correctly.
2014-09-20 17:48:03 -05:00
cd8b1318e0
send data based on input not @probe
2014-09-20 15:18:58 -04:00
3fb00ece9e
refactored the code based on PR feedback
2014-09-20 14:10:00 -04:00
5884cbc196
Optimize skip logic in #update_all_module_details
...
MSP-11368
Use `Hash<String, Set<String>>` instead of `Array<(String, String)>` so
that `include?` call is faster because (1) it's only search through
reference names of the same module_type and (2) `Set#include?` is faster
than `Array#include?`. This change is a 8.20% average reduction in boot
time compare to b863978028b5c3c87790https://docs.google.com/spreadsheets/d/1TnZIUFIR1S5nCnkeM-7XR3AVSbyCl39x2mItJKJCOqg/edit?usp=sharing
and data at
https://drive.google.com/folderview?id=0Bx1hRHfpRW92VEFvQ2FaN3RoWWs&usp=drive_web
2014-09-19 15:34:10 -05:00
8b5a146067
Wrap Array#include? usage
...
MSP-11368
Wrap skipped.include? call to confirm it is the culprit for
Array#include? inside of with_connection in profile.
2014-09-19 14:38:12 -05:00
c216cf8c53
added spoofing capabilities to udp_scanner
2014-09-19 10:29:05 -04:00
b863978028
Remove fastlib
...
MSP-11368
MSP-11143
Remove fastlib as it slows down the code loading process. From the
previous commit, the mean loading for
`METASPLOIT_FRAMEWORK_PROFILE=true msfconsole -q -x exit` was
27.9530±0.3485 seconds (N=10). The mean after removal of fastlib
was 17.9820±0.6497 seconds (N=10). This means an average 35.67%
reduction in boot time.
2014-09-18 15:24:21 -05:00
jvazquez-r7
sinn3r
James Lee
Tod Beardsley
William Vu
Christian Mehlmauer
Joe Vennix
Meatballs
Ramon de C Valle
Jon Hart
Luke Imhoff
Josh Abraham