infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
38,241 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

321 Commits (3db72e9b4b23ebbc35401e30edf3b611c3ba51de)

Author SHA1 Message Date
Meatballs 399928cf69
Remove unnecessary requires 2014-05-05 13:37:17 +01:00
Meatballs b860cecad6
Function spec (doesnt pass) 2014-04-28 14:09:39 +01:00
Meatballs 8031e50d35
Make Exploitation::Powershell testable 
Example test
 2014-04-26 13:27:25 +01:00
Meatballs 98d2b2293b
Unnecessary return 2014-04-26 13:05:47 +01:00
Meatballs be10c8e4ac
Split Rex::Exploitation::Powershell::* into individual files 2014-04-26 12:59:43 +01:00
Meatballs 206184007f
Move methods and rename file so it is run by rspec 2014-04-25 15:16:15 +01:00
Meatballs 32fa8748a8
Fix up decompress 2014-04-23 05:20:54 +01:00
Meatballs e774411b63
Revert Enum removal 
.NET 4.5 has two constructors with 2 args so this becomes ambiguous
 2014-04-23 02:06:14 +01:00
Meatballs d2e8e07cfe
Fix old powershell generation 2014-04-23 01:58:02 +01:00
Meatballs dd38a81dfc
Fix a @parma 2014-04-23 01:10:13 +01:00
Meatballs 647936e291
Add more yarddoc to Rex::Exploitation::Powershell 
encode_code doesn't use eof
no need to unicode encode in gzip as this is handled by encode_code
 2014-04-23 01:07:54 +01:00
Meatballs 86cfecdd95
Shave some chars off compression code 2014-04-22 14:52:30 +01:00
Meatballs 354311d191
No need to out-null if no windows is shown 2014-04-22 14:42:03 +01:00
Meatballs cec12edd99
Use enum integer values 2014-04-22 14:40:32 +01:00
Meatballs 71b43d392b
Dont need to specify ASCII mode 2014-04-22 14:36:02 +01:00
Meatballs c936dc963c
Shorten compression 2014-04-19 18:55:45 +01:00
RageLtMan 9f05760c50 Merge with Meatballs' initial changes 
Clean up arch detection code and dedup Msf/Rex
Reduce generated payload size
 2014-04-18 00:28:48 -04:00
RageLtMan 5c3289bbc6 merge fix 2014-04-17 21:26:04 -04:00
Meatballs 38d8df4040
Merge remote-tracking branch 'upstream/master' into pr2075 
Conflicts:
	modules/exploits/windows/local/wmi.rb
 2014-04-15 22:06:45 +01:00
joev e09f887c4c Revert "Fixes large-string expansion in JSObfu." 
This reverts commit 14fed8c610.
 2014-04-11 16:51:47 -05:00
joev 4cb04b6b9a Revert "Use implicit return for assignment." 
This reverts commit 49139cc07f.
 2014-04-11 16:51:40 -05:00
joev 21b2697b95 Revert "Use tiny var names by default." 
This reverts commit 52432ef482.
 2014-04-11 16:51:34 -05:00
joev d41b3467f8 Revert "Re-add the #random_string(len) method to pass specs." 
This reverts commit bd8918e4e1.
 2014-04-11 16:51:21 -05:00
sinn3r a6a6ad2217
Land #3227 - Remove bundled rkelly, to Gemfile 2014-04-10 12:31:59 -05:00
sinn3r 68a50e3663
Land #3224 - Fixes large-string expansion in JSObfu 2014-04-10 12:09:22 -05:00
Joe Vennix bd8918e4e1
Re-add the #random_string(len) method to pass specs. 2014-04-09 17:44:48 -05:00
Joe Vennix 57aa1eec11
Kick rkelly out to a gem, add rkelly-remixed. 
rkelly-remixed is a faster fork of rkelly that is more frequently updated
nowadays. With the new gem, jsobfu obfuscates os.js about twice as fast on
my dev environment.
 2014-04-09 17:21:22 -05:00
Joe Vennix 52432ef482 Use tiny var names by default. 2014-04-09 16:54:02 -05:00
Joe Vennix 49139cc07f Use implicit return for assignment. 2014-04-09 15:48:07 -05:00
Joe Vennix 14fed8c610 Fixes large-string expansion in JSObfu. 2014-04-09 15:45:48 -05:00
jvazquez-r7 6d72860d58
Land #3004, @m-1-k-3's linksys moon exploit 2014-04-04 14:04:48 -05:00
HD Moore 7e227581a7 Rework OS fingerprinting to match Recog changes 
This commit changes how os_name and os_flavor are handled
for client-side exploits, matching recent changes to the
server-side exploits and scanner fingerprints.

This commit also updates the client-side fingerprinting to
take into account Windows 8.1 and IE 9, 10, and 11.
 2014-04-01 08:14:58 -07:00
jvazquez-r7 8f1e55de5a Use ObfuscateJS 2014-03-28 11:08:38 -05:00
jvazquez-r7 da6a428bbf Modify libs to support explib2 2014-03-28 10:44:52 -05:00
sinn3r b431bf3da9
Land #3052 - Fix nil error in BES 2014-03-11 12:51:03 -05:00
William Vu 096d6ad951
Land #3055, heapLib2 integration 2014-03-05 15:48:13 -06:00
Joe Vennix 5790547d34 Start undoing some work. 2014-03-04 17:01:53 -06:00
Joe Vennix 3360f7004d Update form_post vars, add Expires to cookie. 2014-03-03 23:29:02 -06:00
Joe Vennix 6c3b667152 Kill extra comma. 2014-03-03 16:48:02 -06:00
Joe Vennix bfecf9525d Add Rex::RandomIdentifierGenerator. 2014-03-03 16:43:49 -06:00
Joe Vennix 517a85d141 Remove unneeded quotes. 2014-03-03 15:42:46 -06:00
Joe Vennix b3ab8f7ce1 Make random_var_name public, add specs for it. 2014-03-03 15:39:56 -06:00
Joe Vennix ae9ce962c0 Add future reserved words. 
Gotta stay ahead of the game.
 2014-03-03 14:59:46 -06:00
Joe Vennix dd86a9188c Prevent jsobfu from generating duplicate/reserved tokens. 
I got an error from a script that tried to 'set void = 1'.
 2014-03-03 14:56:50 -06:00
sinn3r ee1209b7fb This should work 2014-03-03 11:53:51 -06:00
Joe Vennix b458b8ad63 Add specs for new methods. 2014-03-02 20:23:20 -06:00
Joe Vennix 46f27289ed Reorganizes form_post into separate file. 2014-03-02 19:55:21 -06:00
Meatballs 8dee9b22c3
Reinstate to_byte_array 2014-03-02 22:07:47 +00:00
Meatballs 2acd0a1b1e
Reinstance encode_code 2014-03-02 21:03:31 +00:00
Meatballs c9a2135959
Merge in semperv 2014-03-02 19:07:13 +00:00
sinn3r 8cf5c3b97e Add heaplib2 
[SeeRM #8769] Add heapLib2 for browser exploitation
 2014-03-02 11:47:18 -06:00
Michael Messner dbbd080fc1 a first try of the cmd stager, wget in a seperated module included 2014-02-23 20:59:17 +01:00
RageLtMan 29bf296b61 import rex powershell 2014-02-12 16:45:57 -05:00
Meatballs c37cb5075c
Merge remote-tracking branch 'upstream/master' into pr2075 2014-02-08 22:11:31 +00:00
Meatballs c76862b391
Reduce payload size 2014-02-08 22:11:17 +00:00
Meatballs b10df54dbb
Dont need to encode the compress payload 2014-02-08 21:34:51 +00:00
Meatballs 09c48358f4
Retab rex powershell 2014-02-08 20:43:04 +00:00
jvazquez-r7 0b9ff43217 Make slice_up_payload easier 2014-01-16 11:03:22 -06:00
jvazquez-r7 f41849c921 Clean CmdStagerEcho 2014-01-16 11:00:57 -06:00
Matt Andreko b7b1ddf1e8 Sercomm Exploit module fixes 
Added targets for 8 specific targets that I've tested: Cisco WAP4410N,
Honeywell WAP-PL2 IP Camera, Netgear DG834, Netgear DG834G, Netgear
DG834PN, Netgear DGN1000, Netgear DSG835, Netgear WPNT834
Added functionality to the CmdStagerEcho mix-in to support encoding via
octal instead of hex based on the :enc_type option. This is because many
devices would not output hex encoded values properly.
Added options on a per-target basis for the PackFormat (endian pack()
values for communication), UploadPath (because /tmp wasn't always
writable), and PayloadEncode (previously mentioned octal encoding
option)
Note for some reason, some devices communicate over one endianness, but
then require a payload for the other endianess. I'm not sure what's
causing this, but if those specific combinations are not used, the
exploit fails. More research may be required for this.
 2014-01-13 16:58:32 -05:00
Matt Andreko d2458bcd2a Code Review Feedback 
Migrated the Sercomm module to use the CmdStager mixin to provide
uploading of the ELF binary.
Modified the CmdStagerEcho mixin to allow bypass of the "-en " since in
this case, the device messed up when it was used, and would actually
write the "-en " to the file, from some flaky busybox version of "echo".
 2014-01-08 22:21:32 -05:00
Meatballs b252e7873b
Merge remote-tracking branch 'upstream/master' into pr2075 2013-12-16 14:29:05 +00:00
sinn3r 5d10b44430 Add support for Silverlight 
Add support for Silverlight exploitation. [SeeRM #8705]
 2013-11-26 14:47:27 -06:00
Meatballs 20b76602a1
Merge remote-tracking branch 'upstream/master' into pr2075 
Conflicts:
	lib/msf/core/exploit/powershell.rb
 2013-11-22 22:41:08 +00:00
sinn3r 991240a87e Support java version detection 2013-11-07 00:54:52 -06:00
sinn3r 5f2d8358c0 Be more browser specific with Javascript generation 2013-11-05 01:04:52 -06:00
joev bccbed2757 Rename :use_xhr_shim to :inject_xhr_shim. 2013-11-02 16:52:04 -05:00
joev 90d8da6a21 Fix some bugs in my edits, add a spec. 2013-11-02 16:46:33 -05:00
joev c7c1fcfa98 Pull shared XHR shim out, add option to static Js module method. 
* Moves shim to data/js/network/xhr_shim.js
* Add some yardoc comments
 2013-11-02 14:52:50 -05:00
sinn3r 6e7e5a0ff9 Put postInfo() in the js directory 2013-10-31 13:55:22 -05:00
William Vu f5d1d8eace chmod -x .rb files without #! in modules and lib 
It wasn't just cmdstager_printf.rb. :/
 2013-10-30 19:51:25 -05:00
sinn3r afcce8a511 Merge osdetect and addonsdetect 2013-10-22 01:11:11 -05:00
sinn3r 19615ac4b7 Apparently I missed a lot of stuff 2013-10-21 21:02:01 -05:00
sinn3r fcba529ea5 Update coding format 2013-10-21 20:54:25 -05:00
sinn3r ea56c4914c Need this file 2013-10-21 20:17:38 -05:00
sinn3r 9a3e719233 Rework the naming style 2013-10-21 20:16:37 -05:00
sinn3r 2d24824e78 Use data_directory instead of install_root 2013-10-19 17:55:03 -05:00
sinn3r 8a94df7dcd Change category name for base64 2013-10-18 21:20:16 -05:00
sinn3r 62dadc80d3 Make sure the data type for the return value is a string 2013-10-18 21:08:46 -05:00
sinn3r 298f23c91c Fix extra slashes that cause browser autopwn to fail. 2013-10-18 20:43:39 -05:00
sinn3r 8579cb8322 Use obfuscation 2013-10-18 13:06:19 -05:00
sinn3r 3af38b9602 I bet "../" will drive people crazy, avoid that. 2013-10-18 11:56:03 -05:00
sinn3r b0d614bc6a Cleaning up requires 2013-10-18 01:47:27 -05:00
sinn3r c926fa710b Move all exploitation-related JavaScript to their new home 2013-10-17 16:43:29 -05:00
sinn3r 0081e186f7 Make sure i var is local 2013-10-15 23:59:23 -05:00
sinn3r 4c91f2e0f5 Add detection code MS Office 
Add detection code for MS Office XP, 2003, 2007, 2010, and 2012.

[SeeRM #8413]
 2013-10-15 16:27:23 -05:00
joev 711fac08b7 Don't throw exception if createElement is missing. 2013-10-14 14:15:13 -05:00
joev 183940308b Add another nil check, just to be safe. 2013-10-14 13:55:54 -05:00
joev 20a145f1e7 Check for prop in prototype, not constructor. 2013-10-14 13:51:45 -05:00
joev 488ed5bd4a Add new feature detection logic for FF 23 and 24. 2013-10-14 13:41:26 -05:00
Markus Wulftange e895a17722 Add 'no quotes' option for CmdStagerPrintf 
Exploit developers can use the ':noquotes => true' option to avoid
single quotes surrounding the octal escapes argument.
 2013-10-08 21:04:28 +02:00
jvazquez-r7 2593c06e7c
Land #2412, @mwulftange's printf cmd stager 2013-10-08 09:08:29 -05:00
Markus Wulftange 6f7d513f6e Another clean up and simplification of CmdStagerPrintf 2013-10-08 07:22:09 +02:00
Markus Wulftange 836ff24998 Clean and fix CmdStagerPrintf 
Clean up of the CmdStagerPrintf as discussed in mwulftange#1
 2013-10-05 10:39:55 +02:00
sinn3r 77cbb7cd19 Update function documentation 2013-10-04 15:18:27 -05:00
sinn3r 29d1c75d1c Update RopDb mixin to allow dynamic payload size for neg 
This adds a new key to allow a "safe" integer value to NEG. "Safe"
means the value does not have any null bytes after the NEG instruction,
which is typically used to calculate the payload size.
 2013-10-03 23:09:23 -05:00
Markus Wulftange 10252ca6f4 Just Rex::Text.to_octal is probably better 2013-09-23 23:03:38 +02:00
Markus Wulftange 9353929945 Add CmdStagerPrintf 2013-09-23 22:02:29 +02:00
Meatballs 5add142789 Choose smallest smallest 2013-09-20 13:47:51 +01:00
jvazquez-r7 dd7010d272 Fix @todb-r7 feedback 2013-09-17 20:54:19 -05:00