6d88c26474
Change title, and remove requires
2016-02-18 14:26:38 +10:00
2ae1e6df7d
Address concerns from @wvu-r7
2016-02-18 14:21:35 +10:00
2f4ec0af31
Add module for AppLocker bypass
...
This commit includes a new module that allows for payloads to be
uploaded and executed from disk while bypassing AppLocker in the
process. This module is useful for when you're attempting to generate
new shells on the target once you've already got a session. It is also
a handy way of switching between 32 and 64 bit sessions (in the case of
the InstallUtil technique).
The code is taken from Casey Smith's AppLocker bypass research (added in
the references), and includes just one technique at this point. This
technique uses the InstallUtil feature that comes with .NET. Other
techiques can be added at any time.
The code creates a C# file and uploads it to the target. The csc.exe
compiler is used to create a .NET assembly that contains an uninstaller
that gets invoked by InstallUtil behind the scenes. This function is
what contains the payload.
This was tested on Windows 7 x64. It supports running of both 32 and 64
bit payloads out of the box, and checks to make sure that .NET is
installed on the target as well as having a payload that is valid for
the machine (ie. don't run x64 on x86 OSes).
This appears to work fine with both staged and stageless payloads.
2016-02-18 13:46:32 +10:00
95484c81fd
Land #6526 , fix browser exploit server spec
2016-02-15 16:23:04 -06:00
1f58ad15ac
Browser::Exploit::Server needs to have vprint*
2016-02-15 16:21:24 -06:00
3d1861b3f4
Land #6526 , integrate {peer} string into logging by default
2016-02-15 15:19:26 -06:00
4db2840af9
Land #6385 , add .apk template support for msfvenom
2016-02-15 14:27:08 -06:00
93cc7d58ba
Bump version of framework to 4.11.11
2016-02-12 15:38:50 -08:00
88e1124519
Land #6568 , fix for msfvenom symlink not working
...
In installer environments, $0 doesn't match __FILE__ because of the way the gem's binstub wrapper calls it.
2016-02-12 12:35:00 -06:00
541e3972f0
No real reason for this check
...
And it breaks stuff when msfvenom is run as a symlink
2016-02-12 10:49:18 -06:00
b2765a296f
Land #6547 , IBM Tivoli Storage Manager Fastback Denial of Service
2016-02-11 22:05:21 -06:00
3121093898
Update metadata, plus other minor changes
2016-02-11 22:04:05 -06:00
1ec87d6250
Land #6565 , top 100 Adobe passwords
2016-02-11 13:15:52 -06:00
e8cc818126
Land #6516 , allow Android meterpreter to launch activities
2016-02-10 23:22:29 -06:00
ed5cf821b2
bump payloads to 1.1.0
2016-02-10 23:21:20 -06:00
db19a7d9b3
Merge branch 'upstream-master'
2016-02-10 23:15:21 -06:00
d22d51ffc5
Land #6480 , add Meterpreter message obfuscation
2016-02-10 22:58:01 -06:00
ff1cb4a2a4
update payload sizes
2016-02-10 22:44:17 -06:00
27ec6a861c
update gemfile.lock
2016-02-10 22:41:41 -06:00
4ac7c5e298
Updaed the gemspec to point to the new payloads gem
2016-02-11 14:36:17 +10:00
44eb2d6a80
Merge branch 'upstream/master' into default-xor
2016-02-11 14:30:18 +10:00
aeb1d80e0d
Adding top 100 adobe passwords
2016-02-11 08:55:45 +08:00
2386cb1344
Land #6527 , add support for importing Burp suite vuln exports
2016-02-10 13:19:21 -06:00
c874699b82
removed ranking
2016-02-10 11:45:09 -06:00
4c6cb03548
more build errors
2016-02-10 11:40:21 -06:00
72f5a33804
addressed CI errors
2016-02-10 11:34:05 -06:00
51604fa24a
made necessary inheritance changes
2016-02-10 10:59:11 -06:00
fc491ffa3e
Land #6555 , Content-Length fix for HP modules
2016-02-10 10:39:08 -06:00
5b3fb99231
Land #6549 , module option for X-Jenkins-CLI-Port
2016-02-10 10:34:33 -06:00
c67360f436
Remove extraneous whitespace
2016-02-10 09:44:01 -06:00
8a3bc83c4d
Resolve #6553 , remove unnecessary content-length header
...
Rex will always generate a content-length header, so the module
doesn't have to do this anymore.
Resolve #6553
2016-02-09 21:25:56 -06:00
c590fdd443
Land #6501 , Added Dlink DCS Authenticated RCE Module
2016-02-09 17:19:33 -06:00
5f0add2a8b
Land #6541 , typo fix for cisco_ssl_vpn
2016-02-09 17:13:24 -06:00
240cbb91be
s/resp/res/
2016-02-09 17:12:09 -06:00
92d4929b3d
Land #6543 , msu_finder link update
2016-02-09 17:06:23 -06:00
32c26271d2
Land #6544 , s/method/http_method/ http_traversal
2016-02-09 17:04:11 -06:00
bb556e5b87
Land #6529 , added a file PR history exploration tool
2016-02-09 17:01:58 -06:00
7fe61dce70
added support for GITHUB_OAUTH_TOKEN
2016-02-09 17:01:19 -06:00
ae2fbeb6ec
Land #6548 , .mailmap update
2016-02-09 16:45:39 -06:00
75febfdde0
Move @hdm to the former employees section
...
:')
2016-02-09 16:43:11 -06:00
ee48c9cea7
Land #6552 , color code fix for mainframe banners
2016-02-09 16:37:06 -06:00
b3e8bd1dab
Updated zsploit screens to use std msf colors
...
Using Rex::Ui::Text::Colors now instead of ansi codes
Thanks to @mainframed for the quick turnaround
2016-02-09 12:01:25 -06:00
eadbb6b582
moved module to modules/auxiliary/dos/misc
2016-02-09 11:44:01 -06:00
1d6b782cc8
Change logic
...
I just can't deal with this "unless" syntax...
2016-02-08 18:40:48 -06:00
d60dcf72f9
Resolve #6546 , support manual config for X-Jenkins-CLI-Port
...
Resolve #6546
2016-02-08 18:16:48 -06:00
e62e123873
Update .mailmap for the latest R7 Metasploit employees
2016-02-08 17:16:54 -06:00
1eabec6e9b
test
2016-02-08 14:38:29 -06:00
54566823f5
Add IBM TSM Fastback denial of service module
2016-02-08 14:36:14 -06:00
cd7046f233
Change method name "method" to "http_method" for http_traversal.rb
...
We accidentally override "#method", which is bad.
2016-02-07 23:15:46 -06:00
942eec5fee
Update rspec
2016-02-07 12:37:08 -06:00
OJ
Brent Cook
Metasploit
Kyle Gray
James Lee
wchen-r7
William Vu
Jay Turla
William Webb
Bigendian Smalls