Brent Cook
493971245a
switch nsock locally to TLS - don't assume self.sock is set
2015-07-10 12:10:53 -05:00
jvazquez-r7
e1192c75a9
Fix network communication on `communicate`
...
* Some protocol handling just to not read amounts of data blindly
2015-07-10 11:57:48 -05:00
Tod Beardsley
9206df077f
Land #5694 , R7-2015-08
2015-07-10 11:42:57 -05:00
jvazquez-r7
9ba515f185
Fix network communication on `check`
...
* Some protocol handling just to not read amounts of data blindly
2015-07-10 11:32:49 -05:00
HD Moore
728b338593
Give msftidy a cookie
2015-07-10 11:28:10 -05:00
Brent Cook
3495d317b5
Do not lock SMTP STARTTLS to only use SSLv3
...
SSLv3 has been deprecated for some time, and is being actively disabled more
and more (http://disablessl3.com , https://tools.ietf.org/html/rfc7568 ).
To maintain forward compatibility, do not specify a maximum version
and insteady use the default from the local OpenSSL library instead. Fallbacks
to older versions will happen on handshake as needed.
2015-07-10 11:17:31 -05:00
HD Moore
cf4b18700d
Fix CVE reference
2015-07-10 11:14:59 -05:00
jvazquez-r7
c70be64517
Fix version check
2015-07-10 10:57:55 -05:00
jvazquez-r7
34a6984c1d
Fix variable name
2015-07-10 10:44:38 -05:00
jvazquez-r7
2c7cc83e38
Use single quotes
2015-07-10 10:34:47 -05:00
jvazquez-r7
f66cf91676
Fix metadata
2015-07-10 10:33:02 -05:00
HD Moore
a74526a2d9
Land #5690 , fix URL generation for reverse_http
2015-07-10 09:07:04 -05:00
xistence
b916a9d267
VNC Keyboard Exec
2015-07-10 14:08:32 +07:00
OJ
85769808cc
Update metasploit payloads to 1.0.6
2015-07-10 16:28:20 +10:00
OJ
51f59b3c8c
Re-add URI generation to reverse_http
2015-07-10 16:21:55 +10:00
xistence
52d41c8309
Western Digital Arkeia 'ARKFS_EXEC_CMD' <= v11.0.12 Remote Code Execution
2015-07-10 09:51:28 +07:00
wchen-r7
f59c99e2ff
Remove msfcli, please use msfconsole -x instead
...
msfcli is no longer supported, please use msfconsole.
Announcement on SecurityStreet:
Weekly Metasploit Wrapup
Posted by Tod Beardsley in Metasploit on Jan 23, 2015 11:57:05 AM
2015-07-09 12:50:02 -05:00
Michael Messner
d7beb1a685
feedback included
2015-07-09 08:31:11 +02:00
HD Moore
67666160e8
Add patched server detection
2015-07-08 13:47:59 -05:00
HD Moore
25e0f888dd
Initial commit of R7-2015-08 coverage
2015-07-08 13:42:11 -05:00
wchen-r7
21e44f235e
Example of doing Flash detection with Flash
2015-07-08 13:18:57 -05:00
jvazquez-r7
768dca514a
Land #5685 , @wchen-r7's check for IE11/Win8
2015-07-08 13:15:07 -05:00
wchen-r7
a3ec56c4cb
Do it in on_request_exploit because it's too specific
2015-07-08 12:32:38 -05:00
wchen-r7
cefbdbb8d3
Avoid unreliable targets
...
If we can't garantee GreatRanking on specific targets, avoid them.
2015-07-08 12:12:53 -05:00
Brent Cook
a12c84d537
Land #5411 , proxy support for winhttp stagers
2015-07-07 23:23:19 -05:00
Brent Cook
c86d16ffb6
update payload sizes
2015-07-07 23:15:57 -05:00
Brent Cook
0b59e63084
keep advanced options on the fat side of the conditional
2015-07-07 22:44:34 -05:00
Brent Cook
23abc288c8
Resolved conflicts with master
2015-07-07 22:34:30 -05:00
wchen-r7
adfb663343
Land #5682 , Update Flash CVE-2015-5119 ranking
2015-07-07 15:57:28 -05:00
wchen-r7
6a33807d80
No Chrome for now
2015-07-07 15:56:58 -05:00
jvazquez-r7
f8b668e894
Update ranking and References
2015-07-07 15:43:02 -05:00
jvazquez-r7
6a50b1583a
Land #5681 , @todb-r7 adds CVE for the last flash exploit
2015-07-07 14:56:45 -05:00
Tod Beardsley
116c3f0be1
Add CVE as a real ref, too
2015-07-07 14:46:44 -05:00
Tod Beardsley
3d630de353
Replace with a real CVE number
2015-07-07 14:44:12 -05:00
wchen-r7
fdb715c9dd
Merge branch 'upstream-master' into bapv2
2015-07-07 13:45:39 -05:00
jvazquez-r7
489974ec20
Land #5679 , @wchen-r7's changes browser requirements for adobe_flash_hacking_team_uaf
2015-07-07 12:50:30 -05:00
jvazquez-r7
829b08b2bf
Complete authors list
2015-07-07 12:49:54 -05:00
wchen-r7
49effdf3d1
Update description
2015-07-07 12:46:02 -05:00
wchen-r7
d885420aff
This changes the version requirement for adobe_flash_hacking_team_uaf.rb
...
Because it works for Win 8.1 + IE11 too
2015-07-07 12:42:56 -05:00
wchen-r7
2cdaace42f
Land #5678 , Land adobe_flash_hacking_team_uaf.r
2015-07-07 12:34:59 -05:00
wchen-r7
d30688b116
Add more requirement info
2015-07-07 12:33:47 -05:00
jvazquez-r7
d9aacf2d41
Add module for hacking team flash exploit
2015-07-07 11:19:48 -05:00
wchen-r7
c37b60de7b
Do some print_status with ms14_064
2015-07-07 00:57:37 -05:00
wchen-r7
dc0ce88279
We're note actually using Mubex, it might be causing a crash too
...
A problem we are seeing is that sometimes when BAP terminates
(ie: jobs -K), we hit a deadlock while jobs are trying to cleanup,
and sometimes that might cause msfconsole to crash and terminate.
We suspect this Mubex is a contributing factor but it has been hard
to prove because it's very hard to reproduce the crash.
2015-07-07 00:32:20 -05:00
wchen-r7
6d30dfd93e
Remove the parts that are not broken for BES spec
2015-07-06 23:28:52 -05:00
wchen-r7
9a1500ee96
Change module name a little bit, makes it easier to find in GUI
2015-07-06 22:31:07 -05:00
wchen-r7
a9eeae56cb
Remove the broken parts in browser_autopwnv2_spec
2015-07-06 22:24:32 -05:00
wchen-r7
4a70e23f9a
Add ExploitReloadTimeout datastore option
...
Some exploits require more time, and if we try the next exploit too
soon, it may crash the browser.
2015-07-06 19:20:15 -05:00
Mo Sadek
9e2e64bba1
Land #5644 , Windows 10 Detection for os.js
2015-07-06 16:19:06 -05:00
HD Moore
0a4c6fb92f
Merge branch 'master' of github.com:rapid7/metasploit-framework
2015-07-06 14:24:52 -05:00