joev
b93fda5cef
Remove browser_autopwn hook from deprecated FF module.
2014-08-18 15:33:43 -05:00
joev
87aa63de6e
Deprecate FF17 SVG exploit.
...
This exploit needs flash, the tostring_console injection one does not.
2014-08-18 15:32:51 -05:00
cdoughty-r7
5fac1510bc
Merge pull request #3667 from todb-r7/fix-release
...
Release fixes: Minor caps, grammar, desc fixes
2014-08-18 14:06:01 -05:00
Brendan Coles
564431fd41
Use arrays in refs for consistency
2014-08-18 18:54:54 +00:00
jvazquez-r7
f812d2619c
Fix load_js when opts[:newobfu] and add specs
2014-08-18 13:50:19 -05:00
Tod Beardsley
6792ded714
Land #3666 , fix msfconsole start w/out database
2014-08-18 13:44:20 -05:00
Tod Beardsley
cad281494f
Minor caps, grammar, desc fixes
2014-08-18 13:35:34 -05:00
James Lee
b9e449f5e2
Fix crash when database.yml doesn't exist
2014-08-18 12:40:57 -05:00
jvazquez-r7
3dae6ee934
Not prefixing the class when describing method
2014-08-18 12:19:30 -05:00
jvazquez-r7
2dc579d467
Add template for specs
2014-08-18 12:16:20 -05:00
jvazquez-r7
75df32b1d3
Use single quoted strings out of the spec strings
2014-08-18 11:43:54 -05:00
joev
5654370316
Remove hashdump functionality from enum_osx.
...
There is a specific hashdump module that is more up-to-date, no need to duplicate
functionality (and code).
2014-08-18 11:40:11 -05:00
sinn3r
7c1605efe4
Land #3662 - Fix android payload issue when running browser_autopwn
2014-08-18 11:38:28 -05:00
jvazquez-r7
4ffd166918
Add specs for Rex::Exploitation::EncryptJS
2014-08-18 11:31:36 -05:00
Vincent Herbulot
fd40a68525
Added YARD documentation to lib/msf/http/jboss
2014-08-18 18:19:37 +02:00
joev
5bfbb7654e
Add android meterpreter to browser autopwn.
2014-08-18 11:09:16 -05:00
Vincent Herbulot
2b59337e9a
Jboss spec modifications.
...
Various changes in the jboss spec to match the newly refactored
methods in lib/msf/http/jboss.
2014-08-18 17:19:09 +02:00
William Vu
c5c63f44e9
Land #3661 , binary coding for libs
2014-08-17 18:01:19 -05:00
HD Moore
5e123e024d
Add 'coding: binary' to all msf/rex library files
...
This fixes a huge number of hard-to-detect runtime bugs
that occur when a default utf-8 string from one of these
libraries is passed into a method expecting ascii-8bit
2014-08-17 17:31:53 -05:00
HD Moore
d8e82b9394
Lands #3655 , fixes pack operators
...
the commit.
he commit.
2014-08-17 17:25:52 -05:00
Brendan Coles
b8b2e3edff
Add HybridAuth install.php PHP Code Execution module
2014-08-16 23:31:46 +00:00
sinn3r
e656a81c63
Land #3656 - FF toString console.time Privileged Javascript Injection
2014-08-15 17:07:23 -05:00
joev
6d958475d6
Oops, this doesn't work on 23, only 22.
2014-08-15 17:00:58 -05:00
joev
fb1fe7cb8b
Add some obfuscation.
2014-08-15 16:54:30 -05:00
joev
b574a4c4c5
Wow, this gets a shell all the way back to 15.0.
2014-08-15 16:39:36 -05:00
joev
5706371c77
Update browser autopwn settings.
2014-08-15 16:32:06 -05:00
joev
8c63c8f43d
Add browserautopwn hook now that this is not user-assisted.
2014-08-15 16:28:21 -05:00
joev
694d917acc
No need for web console YESSSS
2014-08-15 16:02:26 -05:00
joev
738a295f0a
Rename module to tostring_console*.
2014-08-15 15:17:37 -05:00
Meatballs
0cc3bdfb35
Moar bad packs
2014-08-15 21:11:37 +01:00
joev
f182613034
Invalid CVE format.
2014-08-15 15:09:45 -05:00
joev
edb9d32e5c
Add module for toString() injection in firefox.
2014-08-15 15:08:10 -05:00
Tod Beardsley
904c1b20b1
Land #3654 , update to 4.10-dev (electro)
2014-08-15 12:51:28 -05:00
Samuel Huckins
82760bf5b3
Deprecation warnings hidden for non-listeners
2014-08-15 12:33:44 -05:00
Samuel Huckins
149c3ecc63
Various merge resolutions from master <- staging
...
* --ask option ported to new location
* --version option now works
* MSF version updated
* All specs passing
2014-08-15 11:33:31 -05:00
jvazquez-r7
4cfd2abd8d
Land #3621 , @kaospunk's exploit for gitlab-shell CVE-2013-4490 command injection
2014-08-15 09:17:16 -05:00
jvazquez-r7
4e0f6dfcc7
Do minor cleanup
2014-08-15 09:10:08 -05:00
Meatballs
8302e82ca1
Use x64 ptr sizes
2014-08-14 23:32:04 +01:00
Samuel Huckins
1183c5cfeb
Merge branch 'update-rubocop-yaml'
2014-08-14 12:44:30 -05:00
Samuel Huckins
9553bfc45f
Merge branch 'remove-rubocop'
2014-08-14 12:41:04 -05:00
Samuel Huckins
45490e7e59
Merge branch 'master' of github.com:rapid7/metasploit-framework
2014-08-14 12:36:41 -05:00
Tod Beardsley
a80d4c25a6
Be more forceful about Rubocop in CONTRIBUTING.md
2014-08-14 11:51:44 -05:00
Tod Beardsley
ee968db9ef
Include .rubocop.yml from PR #3649
2014-08-14 11:20:19 -05:00
Tod Beardsley
fbb8262704
More .rubocop.yml exceptions
...
While we expect to remove Rubocop via PR rapid7#3639 , the Rubocop YAML
file is still useful for those developers that want to use Rubocop on
their own. Like me, for instance.
2014-08-14 11:17:14 -05:00
Brandon Turner
62b81d6814
Merge pull request #3644 from dmaloney-r7/bug/MSP-11050/rails_root
...
MSP-11050 #land
2014-08-14 08:52:15 -05:00
sinn3r
f91116a8e8
Land #3634 - Virtual box 3D Acceleration OpenGL Host escape
2014-08-13 20:08:13 -05:00
kaospunk
5ed3e6005a
Implement suggestions
...
This commit addresses feedback such as adding a check
function and changing the login fail case by being
more specific on what is checked for. The failing
ARCH_CMD payloads were addressed by adding BadChars.
Last, an ARCH_PYTHON target was added based on
@zerosteiner's feedback.
2014-08-13 20:26:48 -04:00
jvazquez-r7
127d094a8d
Dont share once device is opened
2014-08-13 16:13:38 -05:00
sinn3r
558cea6017
Land #3638 - Add VMTurbo Operations Manager 'vmtadmin.cgi' RCE
2014-08-13 11:55:56 -05:00
jvazquez-r7
e0ed777d0b
Land #3646 , @Meatballs1 tidy of virtual_box_guest_additions
2014-08-13 08:44:10 -05:00