jvazquez-r7
b9f9647ab1
Use all the BES power
2015-05-21 14:06:41 -05:00
jvazquez-r7
aa919da84d
Add the multiplatform exploit
2015-05-20 18:57:59 -05:00
joev
db999d2c62
Remove ff 31-34 exploit from autopwn, requires interaction.
2015-05-03 10:42:21 -05:00
jvazquez-r7
ab94f15a60
Take care of modules using the 'DEBUG' option
2015-04-21 12:13:40 -05:00
jvazquez-r7
4224008709
Delete print_debug/vprint_debug
2015-04-21 11:14:03 -05:00
root
cd65e6f282
Add browser_autopwn info to firefox_proxy_prototype
2015-04-06 10:42:32 +05:00
Tod Beardsley
21a97c0926
Add exploit for R7-2015-04, Firefox Proxy RCE
2015-03-23 13:44:41 -05:00
William Vu
3075c56064
Fix "response HTML" message
...
In modules/exploits/multi/browser/firefox_xpi_bootstrapped_addon.rb.
2015-03-07 17:08:08 -06:00
Joe Vennix
0bf3a9cd55
Fix duplicate :ua_maxver key.
2014-12-22 14:57:44 -06:00
URI Assassin
35d3bbf74d
Fix up comment splats with the correct URI
...
See the complaint on #4039 . This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
James Lee
a65ee6cf30
Land #3373 , recog
...
Conflicts:
Gemfile
Gemfile.lock
data/js/detect/os.js
lib/msf/core/exploit/remote/browser_exploit_server.rb
modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-10-03 18:05:58 -05:00
HD Moore
bfadfda581
Fix typo on match string for opera_configoverwrite
2014-09-29 15:34:35 -05:00
Joe Vennix
d9e6f2896f
Add the JSObfu mixin to a lot of places.
2014-09-21 23:45:59 -05:00
sinn3r
85b48fd437
Land #3736 - Revert initial ff xpi prompt bypass for Firefox 22-27
2014-09-04 16:08:15 -05:00
Joe Vennix
f7617183d9
Revert "Add initial firefox xpi prompt bypass."
...
This reverts commit ebcf972c08
.
2014-09-02 12:27:41 -05:00
Joe Vennix
26cfed6c6a
Rename exploit module.
2014-08-26 23:05:41 -05:00
Joe Vennix
96276aa6fa
Get the disclosure date right.
2014-08-26 20:36:58 -05:00
Joe Vennix
52f33128cd
Add Firefox WebIDL Javascript exploit.
...
Also removes an incorrect reference from another FF exploit.
2014-08-26 20:35:17 -05:00
sinn3r
e2e2dfc6a3
Undo FF
2014-08-19 17:47:44 -05:00
joev
b93fda5cef
Remove browser_autopwn hook from deprecated FF module.
2014-08-18 15:33:43 -05:00
joev
87aa63de6e
Deprecate FF17 SVG exploit.
...
This exploit needs flash, the tostring_console injection one does not.
2014-08-18 15:32:51 -05:00
HD Moore
6d92d701d7
Merge feature/recog into post-electro master for this PR
2014-08-16 01:19:08 -05:00
joev
6d958475d6
Oops, this doesn't work on 23, only 22.
2014-08-15 17:00:58 -05:00
joev
fb1fe7cb8b
Add some obfuscation.
2014-08-15 16:54:30 -05:00
joev
b574a4c4c5
Wow, this gets a shell all the way back to 15.0.
2014-08-15 16:39:36 -05:00
joev
5706371c77
Update browser autopwn settings.
2014-08-15 16:32:06 -05:00
joev
8c63c8f43d
Add browserautopwn hook now that this is not user-assisted.
2014-08-15 16:28:21 -05:00
joev
694d917acc
No need for web console YESSSS
2014-08-15 16:02:26 -05:00
joev
738a295f0a
Rename module to tostring_console*.
2014-08-15 15:17:37 -05:00
joev
f182613034
Invalid CVE format.
2014-08-15 15:09:45 -05:00
joev
edb9d32e5c
Add module for toString() injection in firefox.
2014-08-15 15:08:10 -05:00
jvazquez-r7
8937fbb2f5
Fix email format
2014-07-11 12:45:23 -05:00
HD Moore
583dab62b2
Introduce and use OS matching constants
2014-05-28 14:35:22 -05:00
HD Moore
a844b5c30a
Merge branch 'master' of github.com:hmoore-r7/metasploit-framework into feature/recog
...
Conflicts:
Gemfile
Gemfile.lock
data/js/detect/os.js
lib/msf/core/exploit/remote/browser_exploit_server.rb
2014-05-18 10:50:32 -05:00
Tod Beardsley
0b2737da7c
Two more java payloads that wanted to write RHOST
...
There are three total, and they're all copy-pasted from the original
module from 2009. I suspect this idiom isn't used at all any more -- I
can't detect a difference in the payload if I just declare a host being
cli.peerhost, rather than rewriting RHOST to be cli.peerhost.
[SeeRM #8498 ]
2014-04-14 22:22:30 -05:00
Tod Beardsley
775b0de3c0
Replace RHOST reassing with just host
...
This looks okay from debug (the host looks like it's generating okay)
but there may be some subtle thing I'm not seeing here. @wchen-r7 can
you glance at this please?
[SeeRM #8498 ]
2014-04-14 22:17:31 -05:00
jvazquez-r7
577bd7c855
Land #3146 , @wchen-r7's flash version detection code
2014-04-02 15:13:41 -05:00
joev
ebcf972c08
Add initial firefox xpi prompt bypass.
2014-04-01 23:48:35 -05:00
HD Moore
7e227581a7
Rework OS fingerprinting to match Recog changes
...
This commit changes how os_name and os_flavor are handled
for client-side exploits, matching recent changes to the
server-side exploits and scanner fingerprints.
This commit also updates the client-side fingerprinting to
take into account Windows 8.1 and IE 9, 10, and 11.
2014-04-01 08:14:58 -07:00
sinn3r
a173fcf2fa
Flash detection for firefox_svg_plugin
...
Good test case
2014-03-28 15:39:25 -05:00
Joe Vennix
80808fc98c
Cleans up firefox SVG plugin.
2014-03-26 13:12:39 -05:00
William Vu
170608e97b
Fix first chunk of msftidy "bad char" errors
...
There needs to be a better way to go about preventing/fixing these.
2014-03-11 11:18:54 -05:00
jvazquez-r7
6c490af75e
Add randomization to Rex::Zip::Jar and java_signed_applet
2014-02-27 12:38:52 -06:00
grimmlin
2d93b38e2a
Fixed java_signed_applet for Java 7u51
2014-02-07 16:29:50 +01:00
Joe Vennix
b3b04c4159
Fix both firefox js exploits to use browser_autopwn.
2014-01-11 17:34:38 -06:00
Joe Vennix
06fb2139b0
Digging around to get shell_command_token to work.
2014-01-02 14:05:06 -06:00
Joe Vennix
1b0e99b448
Update proto_crmfrequest module.
2014-01-02 10:48:28 -06:00
Joe Vennix
694cb11025
Add firefox platform, architecture, and payload.
...
* Enables chrome privilege exploits in firefox to run a javascript cmd
shell session without touching the disk.
* Adds a spec for the addon_generator.
2014-01-02 10:48:28 -06:00
jvazquez-r7
7f9f4ba4db
Make gsubs compliant with the new indentation standard
2013-12-31 11:06:53 -06:00
Joe Vennix
8e27e87c81
Use the right disclosure date.
2013-12-19 12:58:52 -06:00