51efb2daee
Land #6422 , Add support for native target in Android webview exploit
2016-01-27 14:27:41 -06:00
1b386fa7f1
Add targets to avoid ARCH_ALL payload confusion
2016-01-22 16:45:10 -06:00
22a0d970da
Don't delete the payload after running.
2016-01-07 02:26:01 -06:00
fb99c61089
Remove print_status statement.
2016-01-07 01:17:49 -06:00
210f065427
Add a background option for the echo cmdstager.
2016-01-07 01:16:08 -06:00
00dc6364b5
Add support for native target in addjsif exploit.
2016-01-03 01:07:36 -06:00
0436375c6f
Change require to module level.
2016-01-02 23:06:23 -06:00
3a14620dba
Update linemax to match max packet size.
2016-01-02 23:00:46 -06:00
d64048cd48
Rename to match gdb_server_exec module.
2016-01-02 22:45:27 -06:00
dcd36b74db
Last mile polish and tweaks.
2016-01-02 22:41:38 -06:00
22aae81006
Rename to exec_payload.
2016-01-02 14:13:54 -06:00
6575f4fe4a
Use the cmdstager mixin.
2016-01-02 14:09:56 -06:00
a88471dc8d
Add ADB client and module for obtaining shell.
2016-01-02 01:13:53 -06:00
4224008709
Delete print_debug/vprint_debug
2015-04-21 11:14:03 -05:00
aca93cc86e
Add missing Rank
2015-04-14 13:33:37 -05:00
e35f603888
Comma fascism
2015-02-12 12:49:45 -06:00
e78d08e20d
Fix up titles, descriptions
2015-02-12 12:11:40 -06:00
f99ef5c0f5
fix msftidy warnings about towelroot module
2015-02-11 11:17:44 -06:00
af405eeb7d
Land #4287 , @timwr's exploit form CVS-2014-3153
2015-02-09 10:33:14 -06:00
c959d42a29
minor tweak
2015-01-03 10:15:52 +00:00
0f27c63720
fix msftidy warnings
2014-12-12 13:16:21 +01:00
5c50a07c0f
futex_requeue
2014-12-01 03:49:22 +00:00
a9cb6e0d2f
Add jduck as an author on samsung_knox_smdm_url
2014-11-19 10:18:08 -06:00
39980c7e87
Fix up KNOX caps, descriptive description
2014-11-17 13:29:00 -06:00
0f41bdc8b8
Add an OSVDB ref
2014-11-17 13:26:21 -06:00
cd61975966
Change puts to vprint_debug.
2014-11-17 10:13:13 -06:00
2a24151fa8
Remove BAP target, payload is flaky. Add warning.
2014-11-17 02:02:37 -06:00
5de69ab6a6
minor syntax fixes.
2014-11-15 21:39:37 -06:00
3fb6ee4f7d
Remove dead constant.
2014-11-15 21:38:11 -06:00
7a62b71839
Some URL fixes from @jduck and exploit ideas from Andre Moulu.
...
The exploit works with the URLs fixed, installs the APK, but hangs at the Installing...
screen and never actually launches. We tried opening the APK in a setTimeout() intent
URI, but the previously launched intent seemed unresponsive. Andre had the bright
idea of re-opening the previously launched intent with invalid args, crashing it and
allow us to launch the payload.
2014-11-15 21:33:16 -06:00
ea6d8860a1
Not root, just arbitrary permissions.
2014-11-12 21:51:55 -06:00
1895311911
Change URL to single line.
2014-11-12 10:56:51 -06:00
8689b0adef
Add module for samsung knox root exploit.
2014-11-12 09:53:20 -06:00
35d3bbf74d
Fix up comment splats with the correct URI
...
See the complaint on #4039 . This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
a65ee6cf30
Land #3373 , recog
...
Conflicts:
Gemfile
Gemfile.lock
data/js/detect/os.js
lib/msf/core/exploit/remote/browser_exploit_server.rb
modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-10-03 18:05:58 -05:00
5a8eca8946
Adds a :vuln_test option to BES, just like in BAP.
...
I needed this to run a custom JS check for the Android
webview vuln when the exploit is served straight
through BES. The check already existed when using BAP,
so I tried to preserve that syntax, and also added a
:vuln_test_error as an optional error message.
This commit also does some mild refactoring of un-
useful behavior in BES.
2014-10-01 23:34:31 -05:00
2b02174999
Yank Android->jsobfu integration. Not really needed currently.
2014-09-25 16:00:37 -05:00
43d65cc93a
Merge branch 'master' into feature/recog
...
Resolves conflicts:
Gemfile
data/js/detect/os.js
modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-07-06 09:17:44 -05:00
2aa26fa290
Minor spacing and word choice fixups
2014-06-16 11:40:21 -05:00
461fba97d7
Update forgotten call to js() in webview exploit.
2014-06-15 23:43:05 -05:00
eddac55c37
Remove spaces at EOL.
2014-06-13 08:37:44 -05:00
56efd82112
Correct the disclosure date.
2014-06-11 21:53:42 -05:00
04ac07a216
Compress and base64 data to save bytes.
...
Reduced file size from 43kb to 12kb, yay.
2014-06-02 23:06:46 -05:00
cf6b181959
Revert change to trailer(). Kill dead method.
...
* I verified that changes to PDF mixin do not affect any older modules that
generate PDF. I did this by (on each branch) running in irb, then
running the module and diffing the pdf's generated by each branch. There were
no changes.
2014-06-02 22:26:14 -05:00
9f5dfab9ea
Add better interface for specifying custom #eol.
2014-06-02 22:26:11 -05:00
feca6c4700
Add exploit for ajsif vuln in Adobe Reader.
...
* This refactors the logic of webview_addjavascriptinterface into a mixin (android.rb).
* Additionally, some behavior in pdf.rb had to be modified (in backwards-compatible ways).
Conflicts:
lib/msf/core/exploit/mixins.rb
2014-06-02 22:25:55 -05:00
583dab62b2
Introduce and use OS matching constants
2014-05-28 14:35:22 -05:00
a60558061c
re-enable x86 stager
2014-05-10 19:58:19 +01:00
8920e0cc80
Use octal encoding and -e, so that echo always works.
2014-04-17 01:17:46 -05:00
fc841331d2
Add a test on echo to check for hex support.
...
* This is much nicer than checking version on userAgent, which
is often changed when rendered in an embedded webview.
2014-04-08 17:58:31 -05:00
wchen-r7
William Vu
joev
jvazquez-r7
Tod Beardsley
Brent Cook
Tim
Christian Mehlmauer
Joe Vennix
URI Assassin
James Lee
HD Moore