Commit Graph

34587 Commits (91fc213ddfa1f5c34b432a043915dc806adb4944)

Author SHA1 Message Date
Brent Cook 493971245a switch nsock locally to TLS - don't assume self.sock is set 2015-07-10 12:10:53 -05:00
jvazquez-r7 e1192c75a9
Fix network communication on `communicate`
* Some protocol handling just to not read amounts of data blindly
2015-07-10 11:57:48 -05:00
Tod Beardsley 9206df077f
Land #5694, R7-2015-08 2015-07-10 11:42:57 -05:00
jvazquez-r7 9ba515f185
Fix network communication on `check`
* Some protocol handling just to not read amounts of data blindly
2015-07-10 11:32:49 -05:00
HD Moore 728b338593 Give msftidy a cookie 2015-07-10 11:28:10 -05:00
Brent Cook 3495d317b5 Do not lock SMTP STARTTLS to only use SSLv3
SSLv3 has been deprecated for some time, and is being actively disabled more
and more (http://disablessl3.com, https://tools.ietf.org/html/rfc7568).

To maintain forward compatibility, do not specify a maximum version
and insteady use the default from the local OpenSSL library instead. Fallbacks
to older versions will happen on handshake as needed.
2015-07-10 11:17:31 -05:00
HD Moore cf4b18700d Fix CVE reference 2015-07-10 11:14:59 -05:00
jvazquez-r7 c70be64517
Fix version check 2015-07-10 10:57:55 -05:00
jvazquez-r7 34a6984c1d
Fix variable name 2015-07-10 10:44:38 -05:00
jvazquez-r7 2c7cc83e38
Use single quotes 2015-07-10 10:34:47 -05:00
jvazquez-r7 f66cf91676
Fix metadata 2015-07-10 10:33:02 -05:00
HD Moore a74526a2d9
Land #5690, fix URL generation for reverse_http 2015-07-10 09:07:04 -05:00
xistence b916a9d267 VNC Keyboard Exec 2015-07-10 14:08:32 +07:00
OJ 85769808cc Update metasploit payloads to 1.0.6 2015-07-10 16:28:20 +10:00
OJ 51f59b3c8c Re-add URI generation to reverse_http 2015-07-10 16:21:55 +10:00
xistence 52d41c8309 Western Digital Arkeia 'ARKFS_EXEC_CMD' <= v11.0.12 Remote Code Execution 2015-07-10 09:51:28 +07:00
wchen-r7 f59c99e2ff Remove msfcli, please use msfconsole -x instead
msfcli is no longer supported, please use msfconsole.

Announcement on SecurityStreet:
Weekly Metasploit Wrapup
Posted by Tod Beardsley in Metasploit on Jan 23, 2015 11:57:05 AM
2015-07-09 12:50:02 -05:00
Michael Messner d7beb1a685 feedback included 2015-07-09 08:31:11 +02:00
HD Moore 67666160e8 Add patched server detection 2015-07-08 13:47:59 -05:00
HD Moore 25e0f888dd Initial commit of R7-2015-08 coverage 2015-07-08 13:42:11 -05:00
wchen-r7 21e44f235e Example of doing Flash detection with Flash 2015-07-08 13:18:57 -05:00
jvazquez-r7 768dca514a
Land #5685, @wchen-r7's check for IE11/Win8 2015-07-08 13:15:07 -05:00
wchen-r7 a3ec56c4cb Do it in on_request_exploit because it's too specific 2015-07-08 12:32:38 -05:00
wchen-r7 cefbdbb8d3 Avoid unreliable targets
If we can't garantee GreatRanking on specific targets, avoid them.
2015-07-08 12:12:53 -05:00
Brent Cook a12c84d537
Land #5411, proxy support for winhttp stagers 2015-07-07 23:23:19 -05:00
Brent Cook c86d16ffb6 update payload sizes 2015-07-07 23:15:57 -05:00
Brent Cook 0b59e63084 keep advanced options on the fat side of the conditional 2015-07-07 22:44:34 -05:00
Brent Cook 23abc288c8 Resolved conflicts with master 2015-07-07 22:34:30 -05:00
wchen-r7 adfb663343
Land #5682, Update Flash CVE-2015-5119 ranking 2015-07-07 15:57:28 -05:00
wchen-r7 6a33807d80 No Chrome for now 2015-07-07 15:56:58 -05:00
jvazquez-r7 f8b668e894
Update ranking and References 2015-07-07 15:43:02 -05:00
jvazquez-r7 6a50b1583a
Land #5681, @todb-r7 adds CVE for the last flash exploit 2015-07-07 14:56:45 -05:00
Tod Beardsley 116c3f0be1
Add CVE as a real ref, too 2015-07-07 14:46:44 -05:00
Tod Beardsley 3d630de353
Replace with a real CVE number 2015-07-07 14:44:12 -05:00
wchen-r7 fdb715c9dd
Merge branch 'upstream-master' into bapv2 2015-07-07 13:45:39 -05:00
jvazquez-r7 489974ec20
Land #5679, @wchen-r7's changes browser requirements for adobe_flash_hacking_team_uaf 2015-07-07 12:50:30 -05:00
jvazquez-r7 829b08b2bf
Complete authors list 2015-07-07 12:49:54 -05:00
wchen-r7 49effdf3d1 Update description 2015-07-07 12:46:02 -05:00
wchen-r7 d885420aff This changes the version requirement for adobe_flash_hacking_team_uaf.rb
Because it works for Win 8.1 + IE11 too
2015-07-07 12:42:56 -05:00
wchen-r7 2cdaace42f
Land #5678, Land adobe_flash_hacking_team_uaf.r 2015-07-07 12:34:59 -05:00
wchen-r7 d30688b116 Add more requirement info 2015-07-07 12:33:47 -05:00
jvazquez-r7 d9aacf2d41
Add module for hacking team flash exploit 2015-07-07 11:19:48 -05:00
wchen-r7 c37b60de7b Do some print_status with ms14_064 2015-07-07 00:57:37 -05:00
wchen-r7 dc0ce88279 We're note actually using Mubex, it might be causing a crash too
A problem we are seeing is that sometimes when BAP terminates
(ie: jobs -K), we hit a deadlock while jobs are trying to cleanup,
and sometimes that might cause msfconsole to crash and terminate.
We suspect this Mubex is a contributing factor but it has been hard
to prove because it's very hard to reproduce the crash.
2015-07-07 00:32:20 -05:00
wchen-r7 6d30dfd93e Remove the parts that are not broken for BES spec 2015-07-06 23:28:52 -05:00
wchen-r7 9a1500ee96 Change module name a little bit, makes it easier to find in GUI 2015-07-06 22:31:07 -05:00
wchen-r7 a9eeae56cb Remove the broken parts in browser_autopwnv2_spec 2015-07-06 22:24:32 -05:00
wchen-r7 4a70e23f9a Add ExploitReloadTimeout datastore option
Some exploits require more time, and if we try the next exploit too
soon, it may crash the browser.
2015-07-06 19:20:15 -05:00
Mo Sadek 9e2e64bba1
Land #5644, Windows 10 Detection for os.js 2015-07-06 16:19:06 -05:00
HD Moore 0a4c6fb92f Merge branch 'master' of github.com:rapid7/metasploit-framework 2015-07-06 14:24:52 -05:00