Commit Graph

148 Commits (ad308efc05ad077fdd7320e9560acd1782ac0551)

Author SHA1 Message Date
Tod Beardsley 90207628cc
Land #2666, SSLCompression option
[SeeRM #823], where Stephen was asking for SSL compression for
Meterpreter -- this isn't that, but it's at least now possible for other
Metasploit functionality.
2014-01-22 10:42:13 -06:00
Tod Beardsley 0b6e03df75
More comment docs on SSLCompression 2014-01-21 16:48:26 -06:00
Tod Beardsley b8219e3e91
Warn the user about SSLCompression 2014-01-21 16:41:45 -06:00
William Vu ff9cb481fb Land #2464, fixes for llmnr_response and friends
Fixed conflict in lib/msf/core/exploit/http/server.rb.
2013-12-10 13:41:45 -06:00
jvazquez-r7 a32c9e5efc Fix fail_with on Exploit::Remote::HttpClient 2013-11-27 11:19:46 -06:00
Joe Vennix 3ff9da5643 Remove compression options from client sockets.
I couldn't verify that it was working, as it always sends 1 compression type of NULL.
2013-11-20 14:41:45 -06:00
Joe Vennix f8b57d45cd Reenable the client SSLCompression advanced option.
Add spec for some of the additions to Rex::Proto::Http::Client
2013-11-20 01:03:13 -06:00
Joe Vennix 109fc5a834 Add SSLCompression datastore option.
Also disables the compression by default. TLS-level compression is almost
never used by browsers, and openssl seems to be the only one that enables
it by default.

This also kills some ruby < 1.9.3 code.
2013-11-19 22:34:39 -06:00
jvazquez-r7 f690667294
Land #2617, @FireFart's mixin and login bruteforcer for TYPO3 2013-11-18 13:37:16 -06:00
jvazquez-r7 ef6d9db48f
Land #2613, @wchen-r7's BrowserExploitServer mixin 2013-11-12 17:33:12 -06:00
Tod Beardsley 2035983d3c
Fix a handful of msftidy warnings, and XXX SSL
Marked the SSL stuff as something that needs to be resolved in order to
fix a future bug in datastore manipulation. Also, fixed some whitespace
and exec complaints

[SeeRM #8498]
2013-11-11 21:23:35 -06:00
FireFart bdd33d4daf implement feedback from @jlee-r7 2013-11-07 23:07:58 +01:00
FireFart aab4d4ae76 first commit for typo3 2013-11-07 22:38:27 +01:00
sinn3r 991240a87e Support java version detection 2013-11-07 00:54:52 -06:00
sinn3r 5f2d8358c0 Be more browser specific with Javascript generation 2013-11-05 01:04:52 -06:00
sinn3r 6e7e5a0ff9 Put postInfo() in the js directory 2013-10-31 13:55:22 -05:00
sinn3r 00efad5c5d Initial commit for BrowserExploitServer mixin 2013-10-31 13:17:06 -05:00
sinn3r afcce8a511 Merge osdetect and addonsdetect 2013-10-22 01:11:11 -05:00
sinn3r 99d5da1f03 We can simplify this 2013-10-21 20:22:45 -05:00
sinn3r 9a3e719233 Rework the naming style 2013-10-21 20:16:37 -05:00
sinn3r 8a94df7dcd Change category name for base64 2013-10-18 21:20:16 -05:00
sinn3r 6f04a5d4d7 Cache Javascript 2013-10-18 12:23:58 -05:00
sinn3r b0d614bc6a Cleaning up requires 2013-10-18 01:47:27 -05:00
sinn3r c926fa710b Move all exploitation-related JavaScript to their new home 2013-10-17 16:43:29 -05:00
sinn3r 4c91f2e0f5 Add detection code MS Office
Add detection code for MS Office XP, 2003, 2007, 2010, and 2012.

[SeeRM #8413]
2013-10-15 16:27:23 -05:00
sinn3r da3081e1c8 [FixRM 8482] Fix uninit constant Rex::Exploitation::JavascriptOSDetect
This fixes an uninit constant Rex::Exploitation::JavascriptOSDetect
while using a module with js_os_detect. It was originally reported
by Metasploit user @viniciuskmax

[FixRM 8482]
2013-10-14 11:40:46 -05:00
James Lee b822a41004 Axe errant tabs and unused vars 2013-10-02 13:47:39 -05:00
jvazquez-r7 58d4096e0f Resolv conflicts on #2267 2013-09-25 13:06:14 -05:00
HD Moore 72dff03426 FixRM #8396 change all lib use of regex to 8-bit pattern 2013-09-12 16:58:49 -05:00
Tab Assassin f5a4c05dbc Retab changes for PR #2267 2013-09-05 14:11:03 -05:00
Tab Assassin 4703a10b64 Merge for retab 2013-09-05 14:10:58 -05:00
Tab Assassin 7e5e0f7fc8 Retab lib 2013-08-30 16:28:33 -05:00
Christian Mehlmauer 035258389f use feed first before trying to bruteforce 2013-08-25 10:16:43 +02:00
Christian Mehlmauer 7cd150b850 another module 2013-08-24 18:42:22 +02:00
jvazquez-r7 491ea81acf Fix calls to fail_with from mixins 2013-08-19 16:42:52 -05:00
James Lee 1ac1d322f2 Dup before modifying
Because `remove_resource` modifies @my_resources, we can't call it while
iterating over the actual @my_resources. The following snippet
illustrates why:

```
>> a = [1,2,3,4]; a.each {|elem| a.delete(elem); puts elem }
1
3
=> [2, 4]
```

[See #2002]
2013-07-12 00:57:10 -05:00
James Lee 38e837dc28 Remove inaccurate comment 2013-07-11 22:48:35 -05:00
James Lee 3c42fe594e No need to have rescue around a print 2013-06-21 15:55:43 -05:00
James Lee 2c12a43e77 Add a method for dealing with hardcoded URIs 2013-06-21 15:48:02 -05:00
James Lee 39d011780e Move deletion into #remove_resource
Doing it here means that modules manually calling remove_resource won't
screw up the cleanup
2013-06-21 15:34:54 -05:00
James Lee e8a92eb196 Keep better track of resources
[See #1623]
[SeeRM #7692]
2013-06-21 14:51:47 -05:00
HD Moore 819080a147 Enable rhost/rport option overrides in HttpClient 2013-06-17 11:45:01 -05:00
sinn3r 8e2de6d14f Updates js_property_spray documentation
After many tests, it turns out address 0x0c0d2020 is the most
consistent location acorss various IE versions.  For dev purposes,
it's rather important to have this documented somewhere.

Thanks to corelanc0d3r for the data.
2013-06-07 00:28:22 -05:00
jvazquez-r7 5cfc306466 Land @1785, @wchen-r7's API addition for the mstime ie8 technique 2013-05-02 00:00:49 -05:00
sinn3r 69f8103ffe Make animatecolor element optional by using innerHTML 2013-05-01 14:21:52 -05:00
sinn3r 3d2cb9ec3f Uses rand_text_hex for RGB values, and correcting exception handling 2013-05-01 13:41:36 -05:00
sinn3r 71afd762a9 According to MSFG, I can use RGB, so here goes 2013-04-30 18:48:21 -05:00
sinn3r ae94fbdf6c Updates documentation 2013-04-30 17:11:19 -05:00
sinn3r 9cc624456a Adds function js_mstime_malloc
This function takes advantage of MSTIME's CTIMEAnimationBase::put_values
function that's suitable for a no-spray technique (based on wtfuzz's
PoC for MS13-008)
2013-04-30 16:40:10 -05:00
James Lee 906863676e Fix a logic error in HttpServer
When a module is configured to listen on the INADDR_ANY interface, with
a payload that does not have an LHOST option, it attempts to determine
the srvhost from a client socket which would only be available when the
module has included the TcpClient mixin (i.e., it is both passive and
aggressive stance), causing a NameError for the undefined +sock+.

This commit fixes the problem in two ways:

1. It changes the default cli in get_uri to be the module's self.cli,
   which should always be set when passive modules would need it (e.g., in
   the on_request_uri method).

2. It adds a check to make sure that the calling module has a sock
   before trying to get its peerhost. This was @marthieubean's suggested
   solution in #1775.

[Closes #1775]
2013-04-29 13:44:58 -05:00