Commit Graph

21677 Commits (c8fd761c53b9ddb3875a267264cf15cc27240d2c)

Author SHA1 Message Date
joev 5f85ede389 Prevent xhr shim from leaking. 2013-11-02 16:47:50 -05:00
joev 90d8da6a21 Fix some bugs in my edits, add a spec. 2013-11-02 16:46:33 -05:00
joev c7c1fcfa98 Pull shared XHR shim out, add option to static Js module method.
* Moves shim to data/js/network/xhr_shim.js
* Add some yardoc comments
2013-11-02 14:52:50 -05:00
sinn3r 094abdd093 rspec this 2013-11-01 14:59:21 -05:00
sinn3r a806b1aa5e Update test example 2013-11-01 12:11:49 -05:00
sinn3r abc06aa8aa Use mutex 2013-11-01 11:35:23 -05:00
sinn3r 5fb261a974 Change var name 2013-10-31 23:48:41 -05:00
sinn3r d54c8a359b Fix bug in proxy detection 2013-10-31 23:42:43 -05:00
sinn3r 7a33c48a0f No double slash 2013-10-31 23:17:38 -05:00
sinn3r 5851d502b5 Rename some stuff 2013-10-31 23:12:20 -05:00
sinn3r 21891a8337 Make sure the browser can't retry by going to the first URL 2013-10-31 23:08:17 -05:00
sinn3r 94d62613ab Pretty much done with these, remove these comments. 2013-10-31 19:04:11 -05:00
sinn3r 828ef9c64c Adds target-specific payload generator 2013-10-31 18:54:01 -05:00
Brandon Turner 41d51053a0 Add support for offline updates via msfupdate
If using a binary installer, you may install an offline update with:
  msfupdate offline-update.bin
2013-10-31 16:56:10 -05:00
sinn3r 391360d67f Update xmlhttprequest 2013-10-31 16:09:05 -05:00
sinn3r 8a0ebcbac7 Adds method get_module_resource 2013-10-31 14:34:38 -05:00
sinn3r 10fd892827 Fix a "undefined method to_sym" bug
If something is undetectable, the value may be empty, which triggers
a undefined method error because the regex always assumes there is
something. So instead of +, we use *.
2013-10-31 14:06:05 -05:00
sinn3r 6e7e5a0ff9 Put postInfo() in the js directory 2013-10-31 13:55:22 -05:00
sinn3r 735b879e3c Add an example/testcase for BrowserExploitServer 2013-10-31 13:18:45 -05:00
sinn3r 00efad5c5d Initial commit for BrowserExploitServer mixin 2013-10-31 13:17:06 -05:00
jvazquez-r7 c5778f51d7
Land #2594, @jvennix-r7's firefox 25 js detection 2013-10-31 09:22:37 -05:00
jvazquez-r7 58fa67faa3
Land #2597, @wvu-r7's fix for files permissions 2013-10-31 08:18:42 -05:00
root 5c923757e8 Removed generic command execution capability 2013-10-30 21:35:24 -04:00
William Vu f5d1d8eace chmod -x .rb files without #! in modules and lib
It wasn't just cmdstager_printf.rb. :/
2013-10-30 19:51:25 -05:00
William Vu 3e1ae4c9b3
Land #2504, @todb-r7's edit command for msfconsole 2013-10-30 15:38:07 -05:00
William Vu b76c13b57d
Land #2596, resplat new WMI module 2013-10-30 15:34:24 -05:00
Tod Beardsley 900ccc7ec9
VISUAL is okay. Also doesn't need to be a path.
I don't believe this opens an untoward attack vector -- if your attacker
can run Metasploit locally, you have much bigger problems.
2013-10-30 15:34:23 -05:00
Tod Beardsley e488a54a06
Resplat new WMI module 2013-10-30 15:14:16 -05:00
William Vu 0735bee635
Land #2595, CVE update for vtiger_php_exec 2013-10-30 14:03:06 -05:00
Tod Beardsley 98224ee89f
CVE update for vtiger issue 2013-10-30 13:48:35 -05:00
William Vu b3c4dfcb04
Land #2593, updated refs for @brandonprry's stuff 2013-10-30 12:29:47 -05:00
Tod Beardsley 344413b74d
Reorder refs for some reason. 2013-10-30 12:25:55 -05:00
Tod Beardsley 32794f9d37
Move OpenBravo to aux module land 2013-10-30 12:20:04 -05:00
joev 4425cf1dc1 Add support for firefox 25.
Also replaces a bunch of missing semicolons.
2013-10-30 12:19:22 -05:00
Tod Beardsley 17d796296c
Un-dupe References for ispconfig 2013-10-30 12:03:35 -05:00
Tod Beardsley 0d480f3a7d
Typo fix 2013-10-30 11:38:04 -05:00
Tod Beardsley 97a4ca0752
Update references for FOSS modules 2013-10-30 11:36:16 -05:00
Tod Beardsley 78381316a2
Add @brandonprry's seven new modules
Already reviewed privately, no associated PR.
2013-10-30 11:04:21 -05:00
Tod Beardsley 5b76947767
Add a few more modules. 2013-10-30 10:25:48 -05:00
OJ 2fbac9b129 Add `getproxy` command
This command pulls out system proxy details on windows machines.
2013-10-30 18:40:51 +10:00
jvazquez-r7 c8ceaa25c6
Land #2589, @wvu-r7's exploit for OSVDB 98714 2013-10-29 14:56:30 -05:00
jvazquez-r7 9f81aeb4ad Fix style 2013-10-29 14:55:16 -05:00
William Vu 5af42f2c28 Add short comment on why the padding is necessary 2013-10-29 11:46:10 -05:00
William Vu e368cb0a5e Add Win7 SP1 to WinXP SP3 target 2013-10-29 10:45:14 -05:00
jvazquez-r7 1b75aef614
Land #2591, @bcoles's exploit for ProcessMaker 2013-10-29 09:54:23 -05:00
jvazquez-r7 c4c171d63f Clean processmaker_exec 2013-10-29 09:53:39 -05:00
jvazquez-r7 26af6452da
Land #2588, @wvu-r7's permissions change for cmdstager_printf.rb 2013-10-29 08:07:19 -05:00
bcoles 3eed800b85 Add ProcessMaker Open Source Authenticated PHP Code Execution 2013-10-29 23:27:29 +10:30
William Vu 665f6c3e35
Land #2590, gsub nil fix for mimikatz 2013-10-29 00:58:16 -05:00
OJ 606411de81 Fix mimikatz error when password is nil
In some cases the password value that comes out of mimikatz results
is `nil`, instead of an empty string. This fixes this so that if
the string is `nil` is falls back to an empty string, resulting in
the call to `gsub` working instead of failing.
2013-10-29 15:13:32 +10:00