infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
35,735 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

114 Commits (616bb8399f914985e6321b97bf9438bfeea5347d)

Author SHA1 Message Date
wchen-r7 0582e7e3ca Return nil instead of "null" 
A scenario is when FF disables Flash, BES returns "null", and when
modules try to use Gem::Version, the "null" is considered a malformed
data and it won't be able to continue.
 2015-07-14 01:25:41 -05:00
wchen-r7 8384be6466 Fix rand_text_alpha and bump max exploit count to 21 2015-07-14 01:02:01 -05:00
wchen-r7 d6565a9aee Merge branch 'bes_flash' into bapv2_flash_test 2015-07-14 00:34:54 -05:00
jvazquez-r7 8fb6bedd94
Delete as3 detecotr 2015-07-13 18:23:39 -05:00
jvazquez-r7 8928c5529c
Fix Javascript code 2015-07-13 17:43:04 -05:00
jvazquez-r7 244d9bae64
Add max timeout 2015-07-13 16:52:25 -05:00
jvazquez-r7 9116460cb0
Add prototype with AS3 2015-07-13 16:33:55 -05:00
wchen-r7 21e44f235e Example of doing Flash detection with Flash 2015-07-08 13:18:57 -05:00
wchen-r7 dc0ce88279 We're note actually using Mubex, it might be causing a crash too 
A problem we are seeing is that sometimes when BAP terminates
(ie: jobs -K), we hit a deadlock while jobs are trying to cleanup,
and sometimes that might cause msfconsole to crash and terminate.
We suspect this Mubex is a contributing factor but it has been hard
to prove because it's very hard to reproduce the crash.
 2015-07-07 00:32:20 -05:00
HD Moore 7858d63036 Typo 2015-07-02 15:34:44 -05:00
HD Moore 43d47ad83e Port BAPv2 to Auxiliary 2015-07-02 15:29:24 -05:00
HD Moore 6e31b9ef53 Initialize and rename the BES mutex 2015-07-02 15:11:03 -05:00
HD Moore c5c7de0091 Rework browser profiles, get back to functional mode 2015-07-02 14:58:43 -05:00
HD Moore c0969d4497 Fix module.uuid references 2015-07-02 13:45:38 -05:00
HD Moore 0e7f610836 Finish browser profile rework in BES 2015-07-02 12:58:21 -05:00
HD Moore b9a8308138 Replace BAP profiles with a framework-instance hash 2015-07-02 12:53:24 -05:00
wchen-r7 e549580ad2 Linux doesn't like the uppercase 2015-06-18 00:40:47 -05:00
wchen-r7 188b15b17f Fix the symbol vs string prob 2015-06-05 16:18:56 -05:00
wchen-r7 ecdeeea5c6 Make sure super is called 2015-06-05 11:11:40 -05:00
wchen-r7 7f4b51f0ff Fix nil bug 2015-05-23 02:08:51 -05:00
wchen-r7 60b0be8e3f Fix a lot of bugs 2015-05-23 01:59:29 -05:00
wchen-r7 2d310a473b Do some documentation 2015-05-14 23:32:11 -05:00
wchen-r7 a2ebfe2bf8 Make parse_rank a little bit smarter 2015-05-13 18:05:10 -05:00
wchen-r7 a7e265b07e Proper cleanup for notes 2015-05-13 13:46:06 -05:00
wchen-r7 2e2b536e8f Update 2015-05-08 00:28:46 -05:00
wchen-r7 35f564d03e I just shaved off 8 seconds, oh yeah 2015-04-30 00:32:33 -05:00
wchen-r7 62e3f5e56a Small cleanup 2015-04-29 23:15:56 -05:00
wchen-r7 a34531ba5d Msgpack cannot handle symbols, so we're forced to strings 2015-04-29 23:14:52 -05:00
wchen-r7 ca32db3e23 Merge branch 'upstream-master' into BAPv2 2015-04-29 18:53:37 -05:00
wchen-r7 f3e026db6c Profile sharing works for the first time 2015-04-29 18:45:08 -05:00
wchen-r7 c18c5c7b6e Actually take apart profiling? 2015-04-29 11:06:00 -05:00
wchen-r7 943fc18092 Take apart browser profiling 2015-04-29 11:04:54 -05:00
wchen-r7 9cebe769c2 Change plan 2015-04-29 01:29:24 -05:00
wchen-r7 39663a7e18 Some progress 2015-04-29 01:19:39 -05:00
jvazquez-r7 4224008709
Delete print_debug/vprint_debug 2015-04-21 11:14:03 -05:00
root 51dd88114b Fix grammer in comments 2015-04-13 13:21:41 +05:00
sinn3r 8f03cadb92 Forgot to remove print_debug 2015-03-25 16:08:47 -05:00
sinn3r 3c4da5c3ff Update BES rspec 2015-03-24 00:10:18 -05:00
sinn3r 2900f57afd It looks like this works 2015-03-23 16:46:53 -05:00
sinn3r e520ace1f1 Stash 2015-03-23 14:21:46 -05:00
sinn3r 156520338d Making some changes to how BES handles ActiveX 2015-03-23 12:21:27 -05:00
sinn3r f3494d9019 Correct grammar in BES 2015-03-07 16:04:06 -06:00
sinn3r 8ce1db5081 Fix #4783, raise exception if the payload arch is incompatible 
Fix #4783
 2015-02-17 21:47:17 -06:00
sinn3r 457598eb02 print_error about unknown request.uri 2015-01-27 20:21:18 -06:00
sinn3r acf02647fb Add a check for Custom404 2015-01-27 20:18:10 -06:00
sinn3r 66703bfe5a Allow custom 404 as an option for BrowserExploitServer 
When something fails, the target is given a hardcoded 404 message
generated by the framework. But the user (attacker) now can configure
this. When the Custom404 option is set, the mixin will actually
redirect (302) to that URL.

There are several scenarios that can trigger a 404 by BES (custom or
default):

* When the browser doesn't allow javascript
* When the browser directly visits the exploit URL, which is forbidden.
  If this actually happens, it probably means the attacker gave the
  wrong URL.
* The attacker doesn't allow the browser auto-recovery to retry the
  URL.
* If some browser requirements aren't met.
* The browser attempts to go to access a resource not set up by the
  mixin.
 2015-01-27 18:53:02 -06:00
sinn3r ee922d141c Fix #4646 - get_module_resource should check nil before using get_resource 
Fix #4646. The get_module_resource needs to check nil first before
using the get_resource method (from HttpServer)
 2015-01-27 00:21:43 -06:00
Joe Vennix e974d272f0
Remove stray line comment that ruined things when minified. 2014-12-23 00:22:50 -06:00
sinn3r 9202c4f2a1 No mercy for os_flavor 2014-12-10 11:46:21 -06:00
sinn3r a584a5982f Clarify about how BES uses os_flavor 
We don't. We don't use os_flavor anymore because it is no longer
implemented. We get the information from os_name instead.
 2014-12-09 12:21:59 -06:00