Commit Graph

293 Commits (6781dfa6eeaf1a5e02a9414fa63bbefa64e29c0c)

Author SHA1 Message Date
jvazquez-r7 d77c02fe43 Delete unnecessary metadata 2014-11-30 20:37:34 -06:00
Joe Vennix 3a5de9970f
Update description, rename xnu_ver -> osx_ver. 2014-11-25 12:38:29 -06:00
Joe Vennix 7a3fb12124
Add an OSX privilege escalation from Google's Project Zero. 2014-11-25 12:34:16 -06:00
URI Assassin 35d3bbf74d
Fix up comment splats with the correct URI
See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
James Lee a65ee6cf30
Land #3373, recog
Conflicts:
	Gemfile
	Gemfile.lock
	data/js/detect/os.js
	lib/msf/core/exploit/remote/browser_exploit_server.rb
	modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-10-03 18:05:58 -05:00
William Vu df44dfb01a
Add OSVDB and EDB references to Shellshock modules 2014-09-29 21:39:07 -05:00
Samuel Huckins be6552dae7
Clarifying VMware priv esc via bash module name 2014-09-25 14:34:09 -05:00
Rob Fuller f13289ab65 remove debugging 2014-09-25 02:16:19 -04:00
Rob Fuller 8cb4ed4cb7 re-add quotes -oops 2014-09-25 02:09:12 -04:00
Rob Fuller 6fb587ef96 update to use vmware-vmx-stats 2014-09-25 01:55:04 -04:00
jvazquez-r7 456d731aa3 Fix processes check 2014-09-25 00:24:39 -05:00
Joe Vennix f6708b4d83
Check for running vmware processes first. 2014-09-24 19:11:38 -05:00
Joe Vennix 99da950734
Adds osx vmware/bash priv escalation. 2014-09-24 17:44:14 -05:00
HD Moore 583dab62b2 Introduce and use OS matching constants 2014-05-28 14:35:22 -05:00
HD Moore a844b5c30a Merge branch 'master' of github.com:hmoore-r7/metasploit-framework into feature/recog
Conflicts:
	Gemfile
	Gemfile.lock
	data/js/detect/os.js
	lib/msf/core/exploit/remote/browser_exploit_server.rb
2014-05-18 10:50:32 -05:00
Tod Beardsley 3bfdfb5cab
Grammar 2014-04-28 19:49:56 +01:00
Tod Beardsley a5baea1a8e
Touch up print_ statements 2014-04-28 19:49:23 +01:00
Joe Vennix 143aede19c
Add osx nfs_mount module. 2014-04-23 02:32:42 -05:00
HD Moore 7e227581a7 Rework OS fingerprinting to match Recog changes
This commit changes how os_name and os_flavor are handled
for client-side exploits, matching recent changes to the
server-side exploits and scanner fingerprints.

This commit also updates the client-side fingerprinting to
take into account Windows 8.1 and IE 9, 10, and 11.
2014-04-01 08:14:58 -07:00
Tod Beardsley 2086224a4c
Minor fixes. Includes a test module. 2014-03-10 14:49:45 -05:00
Tod Beardsley 26be236896
Pass MSFTidy please 2014-03-10 14:45:56 -05:00
Joe Vennix 9638bc7061 Allow a custom .app bundle.
* adds a method to Rex::Zip::Archive to allow recursive packing
2014-03-06 16:11:30 -06:00
Joe Vennix 5abb442757 Adds more descriptive explanation of 10.8+ settings. 2014-03-06 15:15:27 -06:00
Joe Vennix 43d315abd5 Hardcode the platform in the safari exploit. 2014-03-06 13:04:47 -06:00
Joe Vennix 38a2e6e436 Minor fixes. 2014-03-05 19:03:54 -06:00
Joe Vennix dca807abe9 Tweaks for BES. 2014-03-05 19:00:15 -06:00
Joe Vennix 12cf5a5138 Add BES, change extra_plist -> plist_extra. 2014-03-05 18:51:42 -06:00
Joe Vennix cd3c2f9979 Move osx-app format to EXE. 2014-03-04 22:54:00 -06:00
Joe Vennix 32c27f6be0 Tweak timeouts. 2014-03-04 17:16:23 -06:00
Joe Vennix 40047f01d3 Adds Safari User Assisted download launch module. 2014-03-04 17:02:51 -06:00
sinn3r 689999c8b8 Saving progress
Progress group 3: Making sure these checks comply with the new
guidelines. Please read: "How to write a check() method" found in
the wiki.
2014-01-21 13:03:36 -06:00
jvazquez-r7 7f9f4ba4db Make gsubs compliant with the new indentation standard 2013-12-31 11:06:53 -06:00
jvazquez-r7 004c1bac78 Reduce number of modules available on BrowserAutopwn 2013-11-12 12:37:29 -06:00
Tod Beardsley 9045eb06b0
Various title and description updates 2013-10-28 14:00:19 -05:00
Tod Beardsley bce8d9a90f
Update license comments with resplat. 2013-10-21 13:36:15 -05:00
jvazquez-r7 70fced1d74 Delete unnecessary requires and make msftidy compliant 2013-10-18 16:54:20 -05:00
jvazquez-r7 2339cdc713
Land #2513, @joev-r7's osx persistence local exploit 2013-10-18 15:13:50 -05:00
joev 83f27296d3 Fix some bugs in osx persistence.
- the RUN_NOW datastore option did not work as expected
- Adds support for OSX < 10.4 KeepAlive option
- organizes private methods alphabetically.
2013-10-18 14:12:33 -05:00
joev 681db6cb41 Use fully qualified constant in include. 2013-10-18 11:31:02 -05:00
joev 05bea41458 mkdir -p the dirname, not the file. 2013-10-18 11:27:37 -05:00
joev 7a47059e1d Fix a couple more shellescapes. 2013-10-18 00:47:22 -05:00
joev a2e3c6244e Remove unnecessary Exe::Custom logic.
- this is handled by the exe.rb mixin.
- adds support for a RUN_NOW datastore option.
- tested working on java meterpreter and x86 shell session.
2013-10-18 00:41:18 -05:00
Tod Beardsley ba2c52c5de
Fixed up some more weird splat formatting. 2013-10-16 16:25:48 -05:00
Tod Beardsley ed0b84b7f7
Another round of re-splatting. 2013-10-15 14:14:15 -05:00
Tod Beardsley 23d058067a
Redo the boilerplate / splat
[SeeRM #8496]
2013-10-15 13:51:57 -05:00
joev ea9235c506 Better whitespace. 2013-10-12 20:53:16 -05:00
joev 78b29b5f20 Bring osx persistence module to the finish line. 2013-10-12 20:50:53 -05:00
joev 5a1b099570 Make osx persistence a local exploit. 2013-10-12 16:47:35 -05:00
joev 4fe407d7ee Move osx persistence to a local exploit. 2013-10-12 16:08:22 -05:00
Winterspite 0acb170ee8 Bug #8419 - Added platform info missing on exploits 2013-10-08 22:41:50 -04:00
Tod Beardsley 4266b88a20
Move author name to just 'joev'
[See #2476]
2013-10-07 12:50:04 -05:00
Tod Beardsley c547e84fa7 Prefer Ruby style for single word collections
According to the Ruby style guide, %w{} collections for arrays of single
words are preferred. They're easier to type, and if you want a quick
grep, they're easier to search.

This change converts all Payloads to this format if there is more than
one payload to choose from.

It also alphabetizes the payloads, so the order can be more predictable,
and for long sets, easier to scan with eyeballs.

See:
  https://github.com/bbatsov/ruby-style-guide#collections
2013-09-24 12:33:31 -05:00
Tod Beardsley 8db1a389eb
Land #2304 fix post module require order
Incidentally resolve conflict on current_user_psexec to account for the
new powershell require.
2013-09-23 16:52:23 -05:00
jvazquez-r7 fb8d0dc887 Write the return 2013-09-20 17:00:07 -05:00
James Lee 58b634dd27 Remove unnecessary requires from post mods 2013-09-12 14:36:01 -05:00
Joe Vennix 3da9c4a685 Cleans up timeouts, wait before dropping payload, actually call #cleanup#super to kill the dropped file 2013-09-06 13:05:17 -05:00
Tyler Krpata 2aed293d9a Handle locked date and time preference pane
If the date and time preference pane is locked, effects are:
1. systemsetup takes 30 seconds to return
    added a 30-second timeout to cmd_exec
2. Unable to change system date and time settings
    added additional check to see if date change was successful
2013-09-06 10:17:09 -04:00
Tyler Krpata 07060e4e69 Add return in check 2013-09-05 16:57:47 -04:00
Tab Assassin 845bf7146b Retab changes for PR #2304 2013-09-05 13:41:25 -05:00
Tab Assassin adf9ff356c Merge for retab 2013-09-05 13:41:23 -05:00
Tab Assassin 41e4375e43 Retab modules 2013-08-30 16:28:54 -05:00
James Lee 63adde2429 Fix load order in posts, hopefully forever 2013-08-29 13:37:50 -05:00
Tod Beardsley 7b9314763c Add the require boilerplate
Fixes a bug that sometimes comes up with load order on this module. I
know @jlee-r7 is working on a better overall solution but this should
solve for the short term.

Note, since the problem is practically machine-specific. @jlee-r7
suggested rm'ing all modules but the one under test. Doing that exposes
the bug, and I've verified this fix in that way.
2013-08-29 13:03:11 -05:00
Tod Beardsley 6b15a079ea Update for grammar in descriptions on new modules. 2013-08-26 14:52:51 -05:00
jvazquez-r7 252f48aeee Land #2272, @jvennix-r7's exploit for CVE-2013-1775 2013-08-26 13:21:58 -05:00
jvazquez-r7 0baaf989fb Delete on_new_session cleanup, as discusses with @jlee-r7 2013-08-26 13:20:43 -05:00
Joe Vennix 29320f5b7f Fix vn refs. Add juan as an @author. 2013-08-24 13:07:35 -05:00
jvazquez-r7 5b812b0c22 Add references 2013-08-24 12:12:21 -05:00
jvazquez-r7 b4ad8c8867 Beautify module 2013-08-24 12:08:38 -05:00
Joe Vennix 0e116730a1 Polishing module. Tested on 10.8, 10.8.2, and 10.8.4. 2013-08-24 12:01:38 -05:00
jvazquez-r7 b13d357000 Add ranking 2013-08-24 11:35:35 -05:00
jvazquez-r7 3ce23ffb49 Make a test before running the payload 2013-08-24 11:20:47 -05:00
jvazquez-r7 ab293d2ad9 Make msftidy happy 2013-08-24 10:51:19 -05:00
jvazquez-r7 480794a9ab Make small fixes 2013-08-24 10:40:08 -05:00
jvazquez-r7 832fa8838b Change the command to launch after background the payload job 2013-08-24 09:57:33 -05:00
jvazquez-r7 4532474309 Allow cleanup from the new session 2013-08-24 09:47:40 -05:00
Joe Vennix 3cdc6abec6 Clean up some code, get CMD working. 2013-08-23 20:19:21 -05:00
Joe Vennix 140d8ae42f Need to set timezone first. 2013-08-23 20:09:18 -05:00
Joe Vennix a4c2ba04f3 Pass cmd through /bin/sh to set default /Users/joe/.rvm/gems/ruby-1.9.3-p392@pro-dev/bin /Users/joe/.rvm/gems/ruby-1.9.3-p392@global/bin /Users/joe/.rvm/rubies/ruby-1.9.3-p392/bin /Users/joe/.rvm/bin /usr/local/sbin /usr/local/bin /usr/bin /bin /usr/sbin /sbin /usr/X11/bin /opt/bin /opt/X11/bin. CMD and native payloads now working. 2013-08-23 19:39:21 -05:00
jvazquez-r7 fc91380ebc Add work code 2013-08-23 17:54:21 -05:00
jvazquez-r7 a5c9f8d670 Beautify targets metadata 2013-08-23 15:15:04 -05:00
jvazquez-r7 f3415f4147 Make msftidy compliant 2013-08-23 15:14:13 -05:00
jvazquez-r7 413474f417 Move module to the correct path 2013-08-23 15:08:25 -05:00
HD Moore 6c1ba9c9c9 Switch to Failure vs Exploit::Failure 2013-08-15 14:14:46 -05:00
Steve Tornio abea7e6a47 add osvdb ref 76389 2013-06-20 07:55:50 -05:00
Steve Tornio cab20062a4 add osvdb ref 84706 2013-06-20 07:38:34 -05:00
sinn3r 7fa24d9060 Module rename 2013-03-04 10:54:33 -06:00
sinn3r 59b5e8e688 Merge branch 'setuid_tunnelblick' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-setuid_tunnelblick 2013-03-04 10:53:31 -06:00
sinn3r 12247d47ba Rename module, sorry, no pull request. 2013-03-04 10:46:05 -06:00
jvazquez-r7 a980bf0ef6 minor fixes 2013-03-03 19:54:17 +01:00
jvazquez-r7 248481f195 fixed EOF 2013-03-03 19:52:31 +01:00
jvazquez-r7 81e2dbc71e added module for CVE-2012-3485 2013-03-03 19:48:12 +01:00
jvazquez-r7 76180f22fc added module for cve-2012-4284 2013-03-03 13:23:21 +01:00
Christian Mehlmauer 8f2dd8e2ce msftidy: Remove $Revision$ 2013-01-04 00:48:10 +01:00
Christian Mehlmauer 25aaf7a676 msftidy: Remove $Id$ 2013-01-04 00:41:44 +01:00
joe eb972eaf0a Add a maxver for the safari_metadata_archive exploit.
* Apple Security Update 2006-001 (http://support.apple.com/kb/TA23971)
* Update applied to 10.4.5, where safari 2.0.3 is default browser.
* Because update did not bump Safari version, not all 2.0.3 browsers will be affected.
2012-12-14 02:17:25 -06:00
Michael Schierl 910644400d References EDB cleanup
All other types of references use String arguments, but approximately half
of the EDB references use Fixnums. Fix this by using Strings here too.
2012-10-23 21:02:09 +02:00
Michael Schierl d337d5204b Author cleanup: One module did not have an author 2012-10-22 18:38:18 +02:00
HD Moore 64f29952dc Merge branch 'master' into feature/updated-mobile 2012-10-07 00:32:02 -05:00
Ramon de C Valle 11f82de098 Update author information 2012-09-19 14:00:51 -03:00