James Lee
a65ee6cf30
Land #3373 , recog
...
Conflicts:
Gemfile
Gemfile.lock
data/js/detect/os.js
lib/msf/core/exploit/remote/browser_exploit_server.rb
modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-10-03 18:05:58 -05:00
sinn3r
135bed254d
Update BrowserExploitServer for JSObfu
2014-09-20 17:59:36 -05:00
Joe Vennix
87aeac2b13
Fix syntax error in os.js, specs ftw.
2014-09-12 11:01:08 -05:00
Joe Vennix
8e091b6da0
Add support for ff 29 - 32 feature.
2014-09-11 22:01:36 -05:00
HD Moore
43d65cc93a
Merge branch 'master' into feature/recog
...
Resolves conflicts:
Gemfile
data/js/detect/os.js
modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-07-06 09:17:44 -05:00
Tod Beardsley
d0d389598a
Land #3086 , Android Java Meterpreter updates
...
w00t.
2014-06-02 17:28:38 -05:00
HD Moore
eda8a90cea
Fix merge issues with os.js
2014-05-19 13:04:36 -05:00
HD Moore
a844b5c30a
Merge branch 'master' of github.com:hmoore-r7/metasploit-framework into feature/recog
...
Conflicts:
Gemfile
Gemfile.lock
data/js/detect/os.js
lib/msf/core/exploit/remote/browser_exploit_server.rb
2014-05-18 10:50:32 -05:00
joev
0b23fc2c40
Revert "Use actual vars so that jsobfu can randomize."
...
This reverts commit b9284c5635
.
2014-04-11 16:51:29 -05:00
sinn3r
68a50e3663
Land #3224 - Fixes large-string expansion in JSObfu
2014-04-10 12:09:22 -05:00
Joe Vennix
b9284c5635
Use actual vars so that jsobfu can randomize.
2014-04-09 16:56:10 -05:00
joev
2e4c2b1637
Disable Android 4.0, add arch detection.
...
Android 4.0, it turns out, has a different echo builtin than the other androids.
Until we can figure out how to drop a payload on a 4.0 shell, we cannot support it.
Arch detection allows mips/x86/arm ndkstagers to work, unfortunately
x86 ndkstager was not working, so it is disabled for now.
2014-04-07 09:44:43 -05:00
sinn3r
4d69f80728
Update explib2.js
...
Remove a few lines
2014-04-02 23:07:29 -05:00
jvazquez-r7
74554ed805
Land #3174 , @wchen-r7's object detection for ie11
2014-04-02 15:27:13 -05:00
jvazquez-r7
577bd7c855
Land #3146 , @wchen-r7's flash version detection code
2014-04-02 15:13:41 -05:00
sinn3r
5ffcfb22fa
Add object detection for IE11
...
While working on some stuff with IE11, I realized this is very
necessary.
2014-04-02 02:21:16 -05:00
HD Moore
7e227581a7
Rework OS fingerprinting to match Recog changes
...
This commit changes how os_name and os_flavor are handled
for client-side exploits, matching recent changes to the
server-side exploits and scanner fingerprints.
This commit also updates the client-side fingerprinting to
take into account Windows 8.1 and IE 9, 10, and 11.
2014-04-01 08:14:58 -07:00
sinn3r
389ad7aca3
Land #3155 - Explib2
2014-03-28 18:31:40 -05:00
sinn3r
4f5944cfb8
Add JavaScript detection for Adobe Flash
2014-03-28 14:31:21 -05:00
jvazquez-r7
ce02f8a7c5
Allow easier control of sprayed memory
2014-03-28 11:58:41 -05:00
jvazquez-r7
b0bbe3f6a9
Add explib2 with some fixes into metasploit
2014-03-28 10:44:13 -05:00
sinn3r
4c44f69e86
Undo the IE8/IE7 objection detection
2014-03-27 15:01:03 -05:00
sinn3r
fc1432fe53
This is probably the right way to do it for ie7/8
2014-03-27 13:53:24 -05:00
sinn3r
9c54421679
Update IE8/IE7 object detection
2014-03-27 13:34:07 -05:00
sinn3r
8df96a419b
Make IE10 detection safer for older IEs
2014-03-27 13:31:15 -05:00
sinn3r
1f90115c8f
Add default detection for IE 9 and IE 10
...
How it's done:
On IE10, which should come first before the IE 9 check, the nodeName
function always returns the name in uppercase.
One IE9, the "Object doesn't support property or method" error always
repeats the name of the invalid method.
2014-03-27 00:15:36 -05:00
sinn3r
8c707b20e0
Add support for specific builds of MSIE 9 on Win 7 SP1
...
These IE9 versions are vulnerable to MS14-012 (see #3120 ). If we don't
add them, then os_detect might recognize the target as IE 8, and fail.
2014-03-19 21:54:36 -05:00
joev
8e4708b51b
Add support for firefox 28.
2014-03-18 11:26:24 -05:00
sinn3r
b431bf3da9
Land #3052 - Fix nil error in BES
2014-03-11 12:51:03 -05:00
Joe Vennix
05067b4e33
Oops. Need to init the profile before accessed.
2014-03-06 11:48:54 -06:00
Joe Vennix
3d7bc6c589
Remove form_post.js.
2014-03-05 23:35:54 -06:00
Joe Vennix
5790547d34
Start undoing some work.
2014-03-04 17:01:53 -06:00
Joe Vennix
3360f7004d
Update form_post vars, add Expires to cookie.
2014-03-03 23:29:02 -06:00
Joe Vennix
6825fd2486
Whitespace tweaks and cleanup.
2014-03-02 19:57:48 -06:00
Joe Vennix
46f27289ed
Reorganizes form_post into separate file.
2014-03-02 19:55:21 -06:00
Joe Vennix
e8226f9d40
Use a keyed cookie. Moves AJAX call to a form post.
2014-03-02 19:47:24 -06:00
sinn3r
8cf5c3b97e
Add heaplib2
...
[SeeRM #8769 ] Add heapLib2 for browser exploitation
2014-03-02 11:47:18 -06:00
sinn3r
0c3891c0f9
Add more IE targets
2014-02-27 11:01:03 -06:00
sinn3r
151646156d
Check navigator.oscpu for FF
...
If we don't check navigator.oscpu, IE 11 is detected as FF.
2014-02-27 10:54:38 -06:00
sinn3r
00ba0b5208
Land #2987 - Add ff 27 support to os.js
2014-02-13 15:20:53 -06:00
Joe Vennix
51f3ab1690
Add ff 27 support to os.js
2014-02-12 15:32:47 -06:00
Joe Vennix
636d7016a8
Fix android detection in os.js.
2014-02-04 02:31:46 -06:00
sinn3r
bf831616e5
Land #2749 - Add firefox 26 feature detection support to detect/os.js
2013-12-10 16:30:33 -06:00
Joe Vennix
6cd315da64
Add ff26 feature detection support.
2013-12-10 10:47:11 -06:00
sinn3r
5d10b44430
Add support for Silverlight
...
Add support for Silverlight exploitation. [SeeRM #8705 ]
2013-11-26 14:47:27 -06:00
sinn3r
b34b4ac2b6
Update the java stuff again
2013-11-07 00:57:20 -06:00
sinn3r
991240a87e
Support java version detection
2013-11-07 00:54:52 -06:00
sinn3r
cf5d9c7f01
Add case for IE10 + Win 7 SP1 detection
2013-11-06 11:41:36 -06:00
sinn3r
5f2d8358c0
Be more browser specific with Javascript generation
2013-11-05 01:04:52 -06:00
joev
5f85ede389
Prevent xhr shim from leaking.
2013-11-02 16:47:50 -05:00