1dbd36a3dd
Check for the .NET dfsvc and use %windir%
2014-05-30 09:02:43 -05:00
04e94b0c07
Fix meterpreter and file tests for Python v3.4 on Win
2014-05-29 16:42:28 -04:00
15dc33591b
In pymeterpreter use a MeterpreterFile obj for Py v3
2014-05-29 15:09:09 -04:00
d8dcfd8f41
Update pymeterpreter netlink to support python3
2014-05-29 13:48:15 -04:00
e145298c13
Add module for CVE-2014-0257
2014-05-29 11:45:19 -05:00
6e122e683a
Add module for CVE-2013-5045
2014-05-29 11:42:54 -05:00
145776db4d
Add a DEBUGGING option to the python meterpreter
2014-05-29 10:52:49 -04:00
15b1c79039
Adjust whitespace and set bytes to str for Python 2
2014-05-28 16:30:27 -04:00
eda8a90cea
Fix merge issues with os.js
2014-05-19 13:04:36 -05:00
ddc8a4f103
Merge branch 'master' of github.com:rapid7/metasploit-framework into feature/recog
2014-05-19 11:42:30 -05:00
9b29c572a7
Comments dont work with auth_brute.rb
2014-05-18 21:14:17 +02:00
c9bb2d5165
Added headers to files
2014-05-18 20:55:50 +02:00
97b63d708c
Corrected naming to be in line with msf convention
2014-05-18 18:18:23 +02:00
7d79f8a4c2
Removed wrongly named list.
2014-05-18 18:15:17 +02:00
d7bf66973c
Fixed userpass delimiters.
2014-05-18 18:13:03 +02:00
a844b5c30a
Merge branch 'master' of github.com:hmoore-r7/metasploit-framework into feature/recog
...
Conflicts:
Gemfile
Gemfile.lock
data/js/detect/os.js
lib/msf/core/exploit/remote/browser_exploit_server.rb
2014-05-18 10:50:32 -05:00
6ec926b573
Added separate users/pass/userpass dictionaries
2014-05-18 10:18:07 +02:00
af82ae262c
Added a large default password list for services.
2014-05-16 23:27:18 +02:00
5fd732d24a
Add module for CVE-2014-0515
2014-05-07 17:13:16 -05:00
6bfc9a8aa0
Land #3333 - Adobe Flash Player Integer Underflow Remote Code Execution
2014-05-05 10:39:26 -05:00
7e37939bf2
Land #3090 - Windows NTUserMessageCall Win32k Kernel Pool Overflow (Schlamperei)
2014-05-04 16:41:17 +10:00
b4c7c5ed1f
Add module for CVE-2014-0497
2014-05-03 20:04:46 -05:00
06c8082187
Use signed binary
2014-05-02 14:45:14 +01:00
4bd2dabfcd
Land #3121 , new kiwi extension, with compiled bins
...
See also rapid7/meterpreter#79
2014-04-29 17:53:37 -05:00
60e7e9f515
Add module for CVE-2013-5331
2014-04-27 10:40:46 -05:00
5c0664fb3b
Land #3292 - Mac OS X NFS Mount Privilege Escalation Exploit
2014-04-24 13:43:20 -05:00
143aede19c
Add osx nfs_mount module.
2014-04-23 02:32:42 -05:00
acb12a8bef
Beautify and fix both ruby an AS
2014-04-17 23:32:29 -05:00
91d9f9ea7f
Update from master
2014-04-17 15:32:49 -05:00
749e141fc8
Do first clean up
2014-04-17 15:31:56 -05:00
abd76c5000
Add module for CVE-2014-0322
2014-04-15 17:55:24 -05:00
0b23fc2c40
Revert "Use actual vars so that jsobfu can randomize."
...
This reverts commit b9284c5635
2014-04-11 16:51:29 -05:00
68a50e3663
Land #3224 - Fixes large-string expansion in JSObfu
2014-04-10 12:09:22 -05:00
b9284c5635
Use actual vars so that jsobfu can randomize.
2014-04-09 16:56:10 -05:00
85197dffe6
MS14-017 Word RTF listoverridecount memory corruption
2014-04-08 14:44:20 -04:00
2e4c2b1637
Disable Android 4.0, add arch detection.
...
Android 4.0, it turns out, has a different echo builtin than the other androids.
Until we can figure out how to drop a payload on a 4.0 shell, we cannot support it.
Arch detection allows mips/x86/arm ndkstagers to work, unfortunately
x86 ndkstager was not working, so it is disabled for now.
2014-04-07 09:44:43 -05:00
4d69f80728
Update explib2.js
...
Remove a few lines
2014-04-02 23:07:29 -05:00
74554ed805
Land #3174 , @wchen-r7's object detection for ie11
2014-04-02 15:27:13 -05:00
577bd7c855
Land #3146 , @wchen-r7's flash version detection code
2014-04-02 15:13:41 -05:00
5ffcfb22fa
Add object detection for IE11
...
While working on some stuff with IE11, I realized this is very
necessary.
2014-04-02 02:21:16 -05:00
7e227581a7
Rework OS fingerprinting to match Recog changes
...
This commit changes how os_name and os_flavor are handled
for client-side exploits, matching recent changes to the
server-side exploits and scanner fingerprints.
This commit also updates the client-side fingerprinting to
take into account Windows 8.1 and IE 9, 10, and 11.
2014-04-01 08:14:58 -07:00
389ad7aca3
Land #3155 - Explib2
2014-03-28 18:31:40 -05:00
4f5944cfb8
Add JavaScript detection for Adobe Flash
2014-03-28 14:31:21 -05:00
ce02f8a7c5
Allow easier control of sprayed memory
2014-03-28 11:58:41 -05:00
b0bbe3f6a9
Add explib2 with some fixes into metasploit
2014-03-28 10:44:13 -05:00
4c44f69e86
Undo the IE8/IE7 objection detection
2014-03-27 15:01:03 -05:00
fc1432fe53
This is probably the right way to do it for ie7/8
2014-03-27 13:53:24 -05:00
9c54421679
Update IE8/IE7 object detection
2014-03-27 13:34:07 -05:00
8df96a419b
Make IE10 detection safer for older IEs
2014-03-27 13:31:15 -05:00
1f90115c8f
Add default detection for IE 9 and IE 10
...
How it's done:
On IE10, which should come first before the IE 9 check, the nodeName
function always returns the name in uppercase.
One IE9, the "Object doesn't support property or method" error always
repeats the name of the invalid method.
2014-03-27 00:15:36 -05:00
46f7e6060f
Add the updated bins from timwr.
2014-03-25 09:39:53 -07:00
c71d52e769
Merge branch 'pr-android-bins' of https://github.com/jvennix-r7/metasploit-framework into new-android-bins
2014-03-25 09:35:25 -07:00
8c707b20e0
Add support for specific builds of MSIE 9 on Win 7 SP1
...
These IE9 versions are vulnerable to MS14-012 (see #3120 ). If we don't
add them, then os_detect might recognize the target as IE 8, and fail.
2014-03-19 21:54:36 -05:00
05436dc2c5
Refresh binaries for Meterpreter
...
This includes:
rapid7/meterpreter#69
rapid7/meterpreter#70
rapid7/meterpreter#75
rapid7/meterpreter#77
rapid7/meterpreter#78
As of commit: 45bcbd13a1e0215647f6a61631652b686931bba8
2014-03-19 08:57:04 -05:00
8e4708b51b
Add support for firefox 28.
2014-03-18 11:26:24 -05:00
409787346e
Bring build tools up to date, change some project settings
...
This commit brings the source into line with the general format/settings
that are used in other exploits.
2014-03-14 22:57:16 +10:00
6438b9372c
Land #3067 , python meterp net.config additions
2014-03-13 13:03:43 -05:00
6309c4a193
Metasploit LLC transferred assets to Rapid7
...
The license texts should reflect this.
2014-03-13 09:47:52 -05:00
5ea26688d7
Fix a syntax error for Python 2.4
2014-03-11 15:22:52 -04:00
f3493ce220
Merge branch 'master' into pymeterpreter-net
...
Conflicts:
data/meterpreter/ext_server_stdapi.py
2014-03-11 15:15:02 -04:00
e874223421
Land #3083 , fix pymet when ctypes isn't available
2014-03-11 14:31:44 -04:00
679cb03ac3
Yank armeabi-v7a bins.
2014-03-11 13:09:50 -05:00
b431bf3da9
Land #3052 - Fix nil error in BES
2014-03-11 12:51:03 -05:00
b87c2dca0b
Use older hash modules when hashlib isn't there
2014-03-11 12:25:54 -05:00
4f31eba7f4
android payload golf
2014-03-10 21:50:00 -05:00
66ff5998a5
New multi-arch stagers.
2014-03-10 21:49:56 -05:00
60b5191873
New meterpreter bins for testing.
2014-03-10 21:49:14 -05:00
667bed8905
New multi-arch stagers.
2014-03-10 18:50:27 -07:00
75c94cc5d7
Derp
2014-03-10 16:30:55 -05:00
e508079aff
Don't crash when ctypes isn't available
2014-03-10 16:10:24 -05:00
6616d36d63
New meterpreter bins for testing.
2014-03-07 13:21:30 -08:00
2a1e96165c
Adding MS013-058 for Windows7 x86
2014-03-06 18:39:34 +00:00
05067b4e33
Oops. Need to init the profile before accessed.
2014-03-06 11:48:54 -06:00
3d7bc6c589
Remove form_post.js.
2014-03-05 23:35:54 -06:00
096d6ad951
Land #3055 , heapLib2 integration
2014-03-05 15:48:13 -06:00
1dea1c030e
Add interface support via OSX SystemConfiguration
2014-03-05 13:59:13 -05:00
5790547d34
Start undoing some work.
2014-03-04 17:01:53 -06:00
0834102e2b
Support tcp server channels and add a python MeterpreterSocket
2014-03-04 13:31:29 -05:00
3360f7004d
Update form_post vars, add Expires to cookie.
2014-03-03 23:29:02 -06:00
7111e8aa59
Support retrieving interface information via GetAdaptersAddresses
2014-03-03 21:01:16 -05:00
6825fd2486
Whitespace tweaks and cleanup.
2014-03-02 19:57:48 -06:00
46f27289ed
Reorganizes form_post into separate file.
2014-03-02 19:55:21 -06:00
e8226f9d40
Use a keyed cookie. Moves AJAX call to a form post.
2014-03-02 19:47:24 -06:00
8cf5c3b97e
Add heaplib2
...
[SeeRM #8769 ] Add heapLib2 for browser exploitation
2014-03-02 11:47:18 -06:00
699e534149
Add missing return statement.
2014-03-02 00:18:46 -05:00
1c9390c9cf
Support retrieving interface information via windows mib functions.
2014-03-02 00:17:00 -05:00
733a86ec74
Support retrieving interface information via netlink.
2014-03-01 22:34:38 -05:00
284d99aa6c
Add pymeterp TLV types for additional network functions.
2014-02-28 13:56:51 -05:00
8922f6457b
Land #3045 , @wchen-r7's fix for browser autopwn
2014-02-28 12:55:32 -06:00
99e272e463
Return true in EOF when tell() > stat.st_size
2014-02-27 20:45:38 -05:00
9d9149d9d8
remove some dead code paths
...
refactor some dead conditionals and a case/switch
that wasn't doing anything
2014-02-27 11:45:57 -06:00
0c3891c0f9
Add more IE targets
2014-02-27 11:01:03 -06:00
151646156d
Check navigator.oscpu for FF
...
If we don't check navigator.oscpu, IE 11 is detected as FF.
2014-02-27 10:54:38 -06:00
2e512abd31
put new binaries in place
...
after cleaning up the source a bit and
updateing it for 2013, compiled new BINs.
These BINS avoid almost all current AV detections
and have been tested to ensure they still work.
2014-02-23 15:24:55 -06:00
7877589537
Delete correctly
2014-02-23 02:47:13 +00:00
6127ff92ce
Fix race condition
...
Wait for Sysprep to ExitProcess before cleaning up the DLLs...
2014-03-03 23:41:25 +00:00
2a6258be15
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
...
Conflicts:
external/source/exploits/make.bat
2014-02-28 20:26:24 +00:00
8bdb22aeb9
Merge remote-tracking branch 'upstream/master' into bypassuac_redo
...
Conflicts:
lib/msf/core/post/windows.rb
2014-02-25 22:15:05 +00:00
b1dfed8577
rebuilt template DLLs
...
x86 dll template was way out of date and
did not match the x64 tempalte. rebuilt them both
2014-02-25 15:34:42 -06:00
3c773f031c
add new binaries compiled from latest src
...
compiled and added new binaries to make sure
most up to date source is used
2014-02-25 14:06:57 -06:00
289580777c
remove unneccsary logging elements
...
update soloutions for VS2013
remove the CLogger
Remove Print Usage
this removes unneccsary strings that can
be used to easily identify our executable
2014-02-20 20:00:19 -06:00
4ca4d82d89
Land #2939 , @Meatballs1 exploit for Wikimedia RCE and a lot more...
2014-02-18 17:48:02 -06:00
8e0a4aaa58
Land #2983 , webcam_chat for Meterpreter
2014-02-18 13:43:42 -06:00
e8f95c6cc0
Change error msg
2014-02-18 00:02:16 -06:00
608f800274
Support error handling in the message box
2014-02-18 00:01:44 -06:00
022c52d087
Added bundling to handle many sessions at once.
2014-02-15 15:37:22 -06:00
a6a731c8ee
Keep stage until replaced, nil check, prettify.
2014-02-15 15:21:16 -06:00
5f7a0e162c
Add reverse_hop_http stager and handler
2014-02-15 15:21:16 -06:00
3299b68adf
Landing #2767 , @Meatballs1 Powershell Reflective Payload
2014-02-14 16:12:46 -05:00
00ba0b5208
Land #2987 - Add ff 27 support to os.js
2014-02-13 15:20:53 -06:00
51f3ab1690
Add ff 27 support to os.js
2014-02-12 15:32:47 -06:00
750ce3c4db
Make server configurable
2014-02-11 23:07:43 -06:00
7eb20a37d4
offerer's interface gets a makeover
2014-02-11 19:43:52 -06:00
2bb15d3a87
answerer's interface gets a makeover
2014-02-11 02:15:22 -06:00
1114913298
Automatically turn on webcam in Firefox
2014-02-10 17:05:08 -06:00
a87f604c98
Merge remote-tracking branch 'upstream/master' into mediawiki
2014-02-10 21:43:56 +00:00
575ee09b77
Change messages
2014-02-10 14:59:44 -06:00
3d4d5a84b6
Land #2957 , @zeroSteiner's exploit for CVE-2013-3881
2014-02-10 13:59:45 -06:00
78e1683f2d
Add binary compiled on vs2013
2014-02-10 13:52:27 -06:00
93ef3c784d
Update some JavaScript and other things
2014-02-08 22:23:19 -06:00
8edafc8c4c
Restore the original API
2014-02-08 20:06:26 -06:00
be8538f3bd
Tweak video attributes
2014-02-08 19:56:43 -06:00
8d55104712
Random channel
2014-02-08 19:36:33 -06:00
ccd12e66a7
Unwanted console.debug
2014-02-08 19:16:42 -06:00
e25767ceab
More progress
2014-02-08 17:28:15 -06:00
325214e37f
Fix bugs and stuff
2014-02-08 15:41:44 -06:00
e8ec6d1062
Rename command name
2014-02-08 03:53:49 -06:00
526bf9f6bc
This should work
2014-02-07 22:17:42 -06:00
103780c3da
Merge remote-tracking branch 'upstream/master' into mediawiki
2014-02-07 20:07:04 +00:00
bab9a5522b
You will go deaf with the default volume value. No thanks.
2014-02-07 11:35:57 -06:00
3c3bd11aca
Oh look, more progress
2014-02-07 11:25:20 -06:00
01f41a209c
Remove the DLL and add make.msbuild for easier compiling.
2014-02-07 10:05:05 -05:00
43be99f31b
Save some progress
2014-02-07 03:06:52 -06:00
cc32c877a9
Add CVE-2013-3881 win32k Null Page exploit
2014-02-06 17:23:38 -05:00
19fff3c33e
Land #2942 , @jvennix-r7's Android awesomesauce
...
Also, thanks to @jduck for testing!
2014-02-06 11:53:11 -06:00
f66fc15b9e
Add support for webrtc in meterpreter
2014-02-06 10:44:24 -06:00
096e06baa6
Added binaries from Meterpreter PR #74
...
Meterpreter PR https://github.com/rapid7/meterpreter/pull/74 was landed,
this adds the binaries from that PR.
2014-02-06 11:47:29 +10:00
636d7016a8
Fix android detection in os.js.
2014-02-04 02:31:46 -06:00
486a9d5e19
Use msf branded djvu
2014-02-01 00:37:28 +00:00
766c408d86
Add CVE-2013-0634: Adobe Flash Player 11.5 memory corruption
2014-01-18 11:07:11 -05:00
80c4a6e9eb
Updated binaries for Meterpreter
...
This includes changes up to commit hash e77c87cdb79a2732108be937e056622b45cb093c
2014-01-17 09:02:48 +10:00
96e97d4768
Oops, the default bufsize is 0 anyways.
2014-01-05 18:57:56 -06:00
b64df51fa0
Fixes #8732 by reading until EOF reached.
...
* use a lambda for cleaner iterator.
* also disables buffering, since we are reading byte-by-byte in the first place
and maintaining our own buffer (#data).
2014-01-05 18:36:22 -06:00
dc87575b9d
Retab and whitespace
2013-12-22 21:04:44 +00:00
f112e78de9
Fixes .war file creation
2013-12-22 20:58:21 +00:00
0db062a1ce
Merge branch 'meatballs-vncdll-submodule'
2013-12-20 18:29:27 +10:00
34cdec5155
Update project VS 2013, clean CLI build
...
* Project system updated to VS 2013.
* Clean builds, had to remove a bunch of warnings.
* `make.bat` for building from the command line.
* Removed RDI stuff that shouldn't be there any more.
* Renamed the x86 DLL to include the platform name.
2013-12-20 09:49:15 +10:00
a4811bd0c3
Land #2760
2013-12-18 17:17:10 +10:00
533accaa87
Add module for CVE-2013-3346
2013-12-16 14:13:47 -06:00
14c0096115
Update template
...
Use Copy instead of memset
Remove | Out-Null
2013-12-16 13:38:14 +00:00
jvazquez-r7
Spencer McIntyre
HD Moore
Tonimir Kisasondi
sinn3r
OJ
Meatballs
James Lee
Joe Vennix
Tod Beardsley
Tim
kyuzo
William Vu
David Maloney
scriptjunkie
dukeBarman