Commit Graph

26843 Commits (816404bb8836a95c8ce80b2d6d29883ebaba5416)

Author SHA1 Message Date
joev b93fda5cef
Remove browser_autopwn hook from deprecated FF module. 2014-08-18 15:33:43 -05:00
joev 87aa63de6e
Deprecate FF17 SVG exploit.
This exploit needs flash, the tostring_console injection one does not.
2014-08-18 15:32:51 -05:00
cdoughty-r7 5fac1510bc Merge pull request #3667 from todb-r7/fix-release
Release fixes: Minor caps, grammar, desc fixes
2014-08-18 14:06:01 -05:00
Brendan Coles 564431fd41 Use arrays in refs for consistency 2014-08-18 18:54:54 +00:00
jvazquez-r7 f812d2619c Fix load_js when opts[:newobfu] and add specs 2014-08-18 13:50:19 -05:00
Tod Beardsley 6792ded714
Land #3666, fix msfconsole start w/out database 2014-08-18 13:44:20 -05:00
Tod Beardsley cad281494f
Minor caps, grammar, desc fixes 2014-08-18 13:35:34 -05:00
James Lee b9e449f5e2
Fix crash when database.yml doesn't exist 2014-08-18 12:40:57 -05:00
jvazquez-r7 3dae6ee934 Not prefixing the class when describing method 2014-08-18 12:19:30 -05:00
jvazquez-r7 2dc579d467 Add template for specs 2014-08-18 12:16:20 -05:00
jvazquez-r7 75df32b1d3 Use single quoted strings out of the spec strings 2014-08-18 11:43:54 -05:00
joev 5654370316
Remove hashdump functionality from enum_osx.
There is a specific hashdump module that is more up-to-date, no need to duplicate
functionality (and code).
2014-08-18 11:40:11 -05:00
sinn3r 7c1605efe4
Land #3662 - Fix android payload issue when running browser_autopwn 2014-08-18 11:38:28 -05:00
jvazquez-r7 4ffd166918 Add specs for Rex::Exploitation::EncryptJS 2014-08-18 11:31:36 -05:00
Vincent Herbulot fd40a68525 Added YARD documentation to lib/msf/http/jboss 2014-08-18 18:19:37 +02:00
joev 5bfbb7654e
Add android meterpreter to browser autopwn. 2014-08-18 11:09:16 -05:00
Vincent Herbulot 2b59337e9a Jboss spec modifications.
Various changes in the jboss spec to match the newly refactored
methods in lib/msf/http/jboss.
2014-08-18 17:19:09 +02:00
William Vu c5c63f44e9
Land #3661, binary coding for libs 2014-08-17 18:01:19 -05:00
HD Moore 5e123e024d Add 'coding: binary' to all msf/rex library files
This fixes a huge number of hard-to-detect runtime bugs
that occur when a default utf-8 string from one of these
libraries is passed into a method expecting ascii-8bit
2014-08-17 17:31:53 -05:00
HD Moore d8e82b9394 Lands #3655, fixes pack operators
the commit.
he commit.
2014-08-17 17:25:52 -05:00
Brendan Coles b8b2e3edff Add HybridAuth install.php PHP Code Execution module 2014-08-16 23:31:46 +00:00
sinn3r e656a81c63
Land #3656 - FF toString console.time Privileged Javascript Injection 2014-08-15 17:07:23 -05:00
joev 6d958475d6
Oops, this doesn't work on 23, only 22. 2014-08-15 17:00:58 -05:00
joev fb1fe7cb8b
Add some obfuscation. 2014-08-15 16:54:30 -05:00
joev b574a4c4c5
Wow, this gets a shell all the way back to 15.0. 2014-08-15 16:39:36 -05:00
joev 5706371c77
Update browser autopwn settings. 2014-08-15 16:32:06 -05:00
joev 8c63c8f43d
Add browserautopwn hook now that this is not user-assisted. 2014-08-15 16:28:21 -05:00
joev 694d917acc
No need for web console YESSSS 2014-08-15 16:02:26 -05:00
joev 738a295f0a
Rename module to tostring_console*. 2014-08-15 15:17:37 -05:00
Meatballs 0cc3bdfb35
Moar bad packs 2014-08-15 21:11:37 +01:00
joev f182613034
Invalid CVE format. 2014-08-15 15:09:45 -05:00
joev edb9d32e5c
Add module for toString() injection in firefox. 2014-08-15 15:08:10 -05:00
Tod Beardsley 904c1b20b1
Land #3654, update to 4.10-dev (electro) 2014-08-15 12:51:28 -05:00
Samuel Huckins 82760bf5b3
Deprecation warnings hidden for non-listeners 2014-08-15 12:33:44 -05:00
Samuel Huckins 149c3ecc63
Various merge resolutions from master <- staging
* --ask option ported to new location
* --version option now works
* MSF version updated
* All specs passing
2014-08-15 11:33:31 -05:00
jvazquez-r7 4cfd2abd8d
Land #3621, @kaospunk's exploit for gitlab-shell CVE-2013-4490 command injection 2014-08-15 09:17:16 -05:00
jvazquez-r7 4e0f6dfcc7 Do minor cleanup 2014-08-15 09:10:08 -05:00
Meatballs 8302e82ca1
Use x64 ptr sizes 2014-08-14 23:32:04 +01:00
Samuel Huckins 1183c5cfeb
Merge branch 'update-rubocop-yaml' 2014-08-14 12:44:30 -05:00
Samuel Huckins 9553bfc45f
Merge branch 'remove-rubocop' 2014-08-14 12:41:04 -05:00
Samuel Huckins 45490e7e59 Merge branch 'master' of github.com:rapid7/metasploit-framework 2014-08-14 12:36:41 -05:00
Tod Beardsley a80d4c25a6
Be more forceful about Rubocop in CONTRIBUTING.md 2014-08-14 11:51:44 -05:00
Tod Beardsley ee968db9ef
Include .rubocop.yml from PR #3649 2014-08-14 11:20:19 -05:00
Tod Beardsley fbb8262704
More .rubocop.yml exceptions
While we expect to remove Rubocop via PR rapid7#3639 , the Rubocop YAML
file is still useful for those developers that want to use Rubocop on
their own. Like me, for instance.
2014-08-14 11:17:14 -05:00
Brandon Turner 62b81d6814 Merge pull request #3644 from dmaloney-r7/bug/MSP-11050/rails_root
MSP-11050 #land
2014-08-14 08:52:15 -05:00
sinn3r f91116a8e8
Land #3634 - Virtual box 3D Acceleration OpenGL Host escape 2014-08-13 20:08:13 -05:00
kaospunk 5ed3e6005a Implement suggestions
This commit addresses feedback such as adding a check
function and changing the login fail case by being
more specific on what is checked for. The failing
ARCH_CMD payloads were addressed by adding BadChars.
Last, an ARCH_PYTHON target was added based on
@zerosteiner's feedback.
2014-08-13 20:26:48 -04:00
jvazquez-r7 127d094a8d Dont share once device is opened 2014-08-13 16:13:38 -05:00
sinn3r 558cea6017
Land #3638 - Add VMTurbo Operations Manager 'vmtadmin.cgi' RCE 2014-08-13 11:55:56 -05:00
jvazquez-r7 e0ed777d0b
Land #3646, @Meatballs1 tidy of virtual_box_guest_additions 2014-08-13 08:44:10 -05:00