9638bc7061
Allow a custom .app bundle.
...
* adds a method to Rex::Zip::Archive to allow recursive packing
2014-03-06 16:11:30 -06:00
096d6ad951
Land #3055 , heapLib2 integration
2014-03-05 15:48:13 -06:00
5790547d34
Start undoing some work.
2014-03-04 17:01:53 -06:00
6e88bbd827
No need for that kind of language
2014-03-04 14:34:50 -06:00
0bdce4836f
Modify clipboard dump to support new format from Meterpreter
2014-03-04 19:37:57 +10:00
3360f7004d
Update form_post vars, add Expires to cookie.
2014-03-03 23:29:02 -06:00
6c3b667152
Kill extra comma.
2014-03-03 16:48:02 -06:00
bfecf9525d
Add Rex::RandomIdentifierGenerator.
2014-03-03 16:43:49 -06:00
517a85d141
Remove unneeded quotes.
2014-03-03 15:42:46 -06:00
b3ab8f7ce1
Make random_var_name public, add specs for it.
2014-03-03 15:39:56 -06:00
ae9ce962c0
Add future reserved words.
...
Gotta stay ahead of the game.
2014-03-03 14:59:46 -06:00
dd86a9188c
Prevent jsobfu from generating duplicate/reserved tokens.
...
I got an error from a script that tried to 'set void = 1'.
2014-03-03 14:56:50 -06:00
ee1209b7fb
This should work
2014-03-03 11:53:51 -06:00
b458b8ad63
Add specs for new methods.
2014-03-02 20:23:20 -06:00
46f27289ed
Reorganizes form_post into separate file.
2014-03-02 19:55:21 -06:00
8dee9b22c3
Reinstate to_byte_array
2014-03-02 22:07:47 +00:00
2acd0a1b1e
Reinstance encode_code
2014-03-02 21:03:31 +00:00
2885ebcb40
Merge remote-tracking branch 'upstream/master' into pr2075
2014-03-02 20:57:02 +00:00
c9a2135959
Merge in semperv
2014-03-02 19:07:13 +00:00
8cf5c3b97e
Add heaplib2
...
[SeeRM #8769 ] Add heapLib2 for browser exploitation
2014-03-02 11:47:18 -06:00
8543da0fbd
Corrected uri_encode
2014-03-01 11:30:50 +01:00
6c490af75e
Add randomization to Rex::Zip::Jar and java_signed_applet
2014-02-27 12:38:52 -06:00
dbbd080fc1
a first try of the cmd stager, wget in a seperated module included
2014-02-23 20:59:17 +01:00
4ca4d82d89
Land #2939 , @Meatballs1 exploit for Wikimedia RCE and a lot more...
2014-02-18 17:48:02 -06:00
6f988209ab
Merge remote-tracking branch 'upstream/master' into enum_domain_users_update
2014-02-18 20:02:39 +00:00
8e0a4aaa58
Land #2983 , webcam_chat for Meterpreter
2014-02-18 13:43:42 -06:00
0519abb558
Fix the wrong conversion
2014-02-17 23:17:19 -06:00
f07efc91a8
Land #2915 , @Meatballs1 improvements for LDAP post mixin
2014-02-17 19:14:59 -06:00
f5c401bee7
Yarddocs
2014-02-14 22:59:36 +00:00
b8b36ef528
Merge remote-tracking branch 'upstream/master' into pr2075
2014-02-14 22:52:55 +00:00
d606be5efb
That's funny I changed the wrong method
2014-02-13 16:41:18 -06:00
5d3eed8600
Add info about browser requirements in help
2014-02-13 16:37:05 -06:00
9c48335764
Change to google.com
2014-02-13 16:30:44 -06:00
a44f235a8d
Fix things based on Tod's feedback
2014-02-13 16:13:42 -06:00
29bf296b61
import rex powershell
2014-02-12 16:45:57 -05:00
b453362a52
Merge remote-tracking branch 'upstream/pr/2966' into integrate_with_meatballs
2014-02-12 16:43:30 -05:00
ff267a64b1
Have into account the Content-Transfer-Encoding header
2014-02-12 12:40:11 -06:00
45d4b1e1fd
Land #2958 - Add options: Applicaiton-Name, Permissions for jar.rb
2014-02-12 11:14:25 -06:00
750ce3c4db
Make server configurable
2014-02-11 23:07:43 -06:00
beca4b8bc3
Fix issue with getenv failing
...
The call to `getenv` failed when `%` or `$` were used because of the
differences between Meterpreter handling and MSF handling.
Meterpreter effectively ignores (ie. strips out) the platform-specific
characters which are used for environment variables. In the `getenv`
call, MSF was invoking `getenvs` and getting a full hash of values, then
attempting to index into the hash using a string which may be "polluted"
with those platform-specific characters. This meant that there was a
discrepency between what was returned and what was used to index and
as a result, the value would come out as `nil`.
For example, calling `getenv('%FOO%')` would result in a hash with
`{'FOO'=>'bar'}`, so looking for '%FOO%' in this result would yield
nothing.
This commit changes this so that the name is ignored and the first
value is returned.
2014-02-12 13:51:30 +10:00
51df2d8b51
Use the fixed API on the mediawiki exploit
2014-02-11 08:28:58 -06:00
2bb15d3a87
answerer's interface gets a makeover
2014-02-11 02:15:22 -06:00
79d559a0c9
Fix MIME message to_s
2014-02-10 22:23:23 -06:00
fdd696fc31
Drop Opera support
...
It's sad nobody is actually using it. See article: "Across desktop and
mobile, Chrome is used more than Firefox, IE, and Opera combined" -
thenextweb.com
2014-02-10 18:03:42 -06:00
1414f6794c
Change the name of the video chat command
2014-02-10 17:44:47 -06:00
44282d8a83
Add an exception handling
2014-02-10 17:06:56 -06:00
1114913298
Automatically turn on webcam in Firefox
2014-02-10 17:05:08 -06:00
48fdb08164
Add flag --use-fake-ui-for-media-stream
...
Thanks Joev!!
2014-02-10 14:47:25 -06:00
427fece52c
Add random mail address function
2014-02-10 21:04:44 +01:00
57320a59f1
Do small clean up for mediawiki_thumb pr
2014-02-10 08:57:09 -06:00
93ef3c784d
Update some JavaScript and other things
2014-02-08 22:23:19 -06:00
b279c45db5
Update open_webrtc_browser method
2014-02-08 20:47:02 -06:00
0d24f06109
Not adding remote support for Linux meterpreter, here's why
2014-02-08 20:30:53 -06:00
be8538f3bd
Tweak video attributes
2014-02-08 19:56:43 -06:00
8d55104712
Random channel
2014-02-08 19:36:33 -06:00
e25767ceab
More progress
2014-02-08 17:28:15 -06:00
3f9ad8a6d5
Fix bugs and stuff
2014-02-08 16:11:39 -06:00
c37cb5075c
Merge remote-tracking branch 'upstream/master' into pr2075
2014-02-08 22:11:31 +00:00
c76862b391
Reduce payload size
2014-02-08 22:11:17 +00:00
22cc665115
More error handling
2014-02-08 16:06:51 -06:00
07ad99ba3a
Remove unnecessary methods
2014-02-08 15:51:33 -06:00
a70c77c9eb
Handle some more exceptions
2014-02-08 15:51:11 -06:00
325214e37f
Fix bugs and stuff
2014-02-08 15:41:44 -06:00
b10df54dbb
Dont need to encode the compress payload
2014-02-08 21:34:51 +00:00
09c48358f4
Retab rex powershell
2014-02-08 20:43:04 +00:00
e8ec6d1062
Rename command name
2014-02-08 03:53:49 -06:00
ee1900c273
progress
2014-02-08 03:29:15 -06:00
b188943bd1
Progress
2014-02-08 02:57:49 -06:00
526bf9f6bc
This should work
2014-02-07 22:17:42 -06:00
103780c3da
Merge remote-tracking branch 'upstream/master' into mediawiki
2014-02-07 20:07:04 +00:00
36f3a82b5c
A wise man once said do not abuse the power of expand_path
2014-02-07 12:10:58 -06:00
bab9a5522b
You will go deaf with the default volume value. No thanks.
2014-02-07 11:35:57 -06:00
3c3bd11aca
Oh look, more progress
2014-02-07 11:25:20 -06:00
2d93b38e2a
Fixed java_signed_applet for Java 7u51
2014-02-07 16:29:50 +01:00
43be99f31b
Save some progress
2014-02-07 03:06:52 -06:00
f66fc15b9e
Add support for webrtc in meterpreter
2014-02-06 10:44:24 -06:00
76515092ce
Small mime changes
2014-02-03 23:28:26 +00:00
595e5fd8b1
Correct mime logic
2014-02-03 21:59:17 +00:00
83925da2f1
Refactor form_data code
2014-02-03 21:16:58 +00:00
8b33ef1874
Not html its form-data...
2014-02-02 13:57:29 +00:00
9f35407a0c
Add MIME to_html method
2014-02-01 00:37:01 +00:00
b60398b020
Merge branch 'upstream/master' into clipboard_monitor
...
Conflicts:
lib/rex/post/meterpreter/extensions/extapi/tlv.rb
2014-01-29 23:07:05 +10:00
ad1dce38d2
Final fixes before the monitor PR
2014-01-29 23:04:43 +10:00
2ef0e7e2a5
Small tidy of code
2014-01-29 17:07:06 +10:00
e27707cac3
More tweaking of the clipboard monitor with dump/purge
2014-01-29 14:51:03 +10:00
10ac7a22af
Land #2897 Sane address resolution [FixRM #7259 ]
2014-01-28 23:09:44 +10:00
6d9e395d40
Use LPVOID to avoid ptr trunc
2014-01-24 23:27:56 +00:00
1ff063d7de
Test the object not the class duhhh
2014-01-24 11:46:48 -06:00
37b11ce2e1
Use Class#kind_of? instead of ==
2014-01-24 11:31:04 -06:00
9fce617462
Fixup railgun utils
...
Implement DsGetDcNamea to return current domain using example
railgun utils techniques.
2014-01-24 16:22:05 +00:00
4bac297f66
Land #1473 , add LDAP hotness
2014-01-23 18:11:39 -06:00
de06480f4f
Add a defined? check to fix older versions of OpenSSL.
...
Older versions of OpenSSL did not export the OP_NO_COMPRESSION constant,
so users running metasploit on systems with old copies of openssl
would throw a NameError since the constant did not exist.
2014-01-23 14:51:47 -06:00
9acd0f4b56
Merge remote-tracking branch 'upstream/master' into enum_ad_perf
2014-01-22 21:46:50 +00:00
636c43dcdc
Land #2736 , basic ADSI support via meterp extapi
2014-01-22 15:24:01 -06:00
90207628cc
Land #2666 , SSLCompression option
...
[SeeRM #823 ], where Stephen was asking for SSL compression for
Meterpreter -- this isn't that, but it's at least now possible for other
Metasploit functionality.
2014-01-22 10:42:13 -06:00
83358fbbf0
More work on the clipboard monitor
2014-01-22 22:56:13 +10:00
a7d4aa5d46
Merge branch 'upstream/master' into clipboard_monitor
...
Conflicts:
lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/clipboard.rb
2014-01-22 11:51:10 +10:00
e9ccec4755
Refactor load_session_info
...
All of this code is in sore need of some specs but I think this change
makes it a bit easier to understand what it is supposed to be doing.
2014-01-21 18:55:54 -06:00
0b6e03df75
More comment docs on SSLCompression
2014-01-21 16:48:26 -06:00
720f892e2f
Merge remote-tracking branch 'upstream/master' into enum_ad_perf
2014-01-21 21:00:51 +00:00
Joe Vennix
William Vu
Tod Beardsley
OJ
sinn3r
Meatballs
FireFart
jvazquez-r7
Michael Messner
RageLtMan
Matteo Cantoni
grimmlin
James Lee