Commit Graph

32 Commits (ab8f2c7d3f62f07e1711b4e098dc3655e4b051c0)

Author SHA1 Message Date
Tod Beardsley 2aa26fa290
Minor spacing and word choice fixups 2014-06-16 11:40:21 -05:00
joev 461fba97d7
Update forgotten call to js() in webview exploit. 2014-06-15 23:43:05 -05:00
joev eddac55c37
Remove spaces at EOL. 2014-06-13 08:37:44 -05:00
joev 56efd82112
Correct the disclosure date. 2014-06-11 21:53:42 -05:00
joev 04ac07a216 Compress and base64 data to save bytes.
Reduced file size from 43kb to 12kb, yay.
2014-06-02 23:06:46 -05:00
joev cf6b181959 Revert change to trailer(). Kill dead method.
* I verified that changes to PDF mixin do not affect any older modules that
generate PDF. I did this by (on each branch) running  in irb, then
running the module and diffing the pdf's generated by each branch. There were
no changes.
2014-06-02 22:26:14 -05:00
joev 9f5dfab9ea Add better interface for specifying custom #eol. 2014-06-02 22:26:11 -05:00
joev feca6c4700 Add exploit for ajsif vuln in Adobe Reader.
* This refactors the logic of webview_addjavascriptinterface into a mixin (android.rb).
* Additionally, some behavior in pdf.rb had to be modified (in backwards-compatible ways).

Conflicts:
	lib/msf/core/exploit/mixins.rb
2014-06-02 22:25:55 -05:00
Tim Wright a60558061c
re-enable x86 stager 2014-05-10 19:58:19 +01:00
Joe Vennix 8920e0cc80
Use octal encoding and -e, so that echo always works. 2014-04-17 01:17:46 -05:00
Joe Vennix fc841331d2 Add a test on echo to check for hex support.
* This is much nicer than checking version on userAgent, which
is often changed when rendered in an embedded webview.
2014-04-08 17:58:31 -05:00
joev 2e4c2b1637 Disable Android 4.0, add arch detection.
Android 4.0, it turns out, has a different echo builtin than the other androids.
Until we can figure out how to drop a payload on a 4.0 shell, we cannot support it.

Arch detection allows mips/x86/arm ndkstagers to work, unfortunately
x86 ndkstager was not working, so it is disabled for now.
2014-04-07 09:44:43 -05:00
Joe Vennix 55500ea2f3 Avoid the nullchar. 2014-04-02 21:53:12 -05:00
Joe Vennix 176cc84865 Remove BES and calculate the pid manually. 2014-04-02 17:21:13 -05:00
Tim 25ca0552e0 cleanup files after exploit 2014-03-23 17:00:29 +00:00
Tim f9972239cf randomize payload filename 2014-03-23 16:36:26 +00:00
Joe Vennix facd743f1f Oops. Add missing dir to dalvikstager path. 2014-03-11 19:48:39 -05:00
Joe Vennix 5c2168513a Update path in #dalvikstager. 2014-03-11 11:03:36 -05:00
Tim 1e14ec7f6c native jni stager 2014-03-04 11:28:45 +00:00
Tod Beardsley 745f313413
Remove @nmonkee as author per twitter convo 2014-02-13 14:41:10 -06:00
Tod Beardsley 371f23b265
Unbreak the URL refs add nmonkee as ref and author
While @nmonkee didn't actually contribute to #2942, he did publish a
python exploit that leverages WebView, so given our policy of being
loose with author credit, I added him.

Also added a ref to @nmonkee's thing.

@jduck @jvennix-r7 if you have a problem with this, please do say so, I
don't think adding @nmonkee in any way diminishes your work, and I don't
want to appear like we're secretly ripping off people's work. I know you
aren't on this or any other module, and I know @nmonkee doesn't think
that either.
2014-02-13 14:19:59 -06:00
Joe Vennix 362e937c8d Forgot to push local changes. 2014-02-06 11:47:35 -06:00
Joe Vennix 0dc2ec5c4d Use BrowserExploitServer mixin.
This prevents drive-by users on other browsers from ever receiving
the exploit contents.
2014-02-06 11:32:42 -06:00
Joe Vennix 553616b6cc Add URL for browser exploit. 2014-02-04 17:04:06 -06:00
Joe Vennix 23fc73924e Msftidy it up. 2014-02-04 14:24:36 -06:00
Joe Vennix 700e09f386 Wording tweak. 2014-02-04 02:55:10 -06:00
Joe Vennix bbabd72b0e Whitespace tweaks. 2014-02-04 02:52:52 -06:00
Joe Vennix eb6a5a4c19 Tweak checks. 2014-02-04 02:49:44 -06:00
Joe Vennix 4923a93974 Tweak description. 2014-02-04 02:47:49 -06:00
Joe Vennix 37479884a5 Add browserautopwn support. 2014-02-04 02:32:12 -06:00
Joe Vennix eba3a5aab0 More accurate description. 2014-02-04 01:44:39 -06:00
Joe Vennix 177bd35552 Add webview HTTP exploit. 2014-02-04 01:37:09 -06:00