44990e9721
Revert "change Metasploit4 class names"
...
This reverts commit 3da9535e22
2016-03-07 13:19:48 -06:00
3da9535e22
change Metasploit4 class names
2016-03-07 09:57:22 +01:00
666ae14259
change Metasploit3 class names
2016-03-07 09:56:58 +01:00
e191bf8ac3
Update description, and fix a typo
2015-12-24 10:35:05 -06:00
08bddab568
File name should be the same as the datastore option
2015-12-18 21:22:55 -06:00
5f5b3ec6a1
Add MS15-134 Microsoft Windows Media Center MCL Information Disclosure
...
CVE-2015-6127
2015-12-17 22:41:58 -06:00
16d0d53150
Update Shellshock modules, add Advantech coverage
2015-12-01 10:40:46 -06:00
154fb585f4
Remove bad references (dead links)
...
These links are no longer available. They are dead links.
2015-10-27 12:41:32 -05:00
060acbc496
newline
2015-09-17 11:39:39 -05:00
08b5b8ebb2
Add ADDITIONAL_FILES option
2015-09-17 11:30:58 -05:00
0d94b8a48f
Make andorid_mercury_parseuri better
2015-09-17 09:59:31 -05:00
b4aab70d18
Fix another typo
2015-09-16 11:34:22 -05:00
bef658f699
typo
2015-09-16 11:32:09 -05:00
63bb0cd0ec
Add Android Mercury Browser Intent URI Scheme & Traversal
2015-09-16 00:48:57 -05:00
e82bd10817
Add aux module to be able to open android meterpreter from a browser
2015-08-27 14:36:55 -05:00
b17d8f8d49
Land #5768 , update modules to use metasploit-credential
2015-08-17 17:08:58 -05:00
50041fad2a
Pre-Bloggery cleanup
...
Edited modules/auxiliary/gather/lansweeper_collector.rb first landed in
and minor description word choice changes.
Edited modules/auxiliary/server/browser_autopwn2.rb first landed in
options. Also removed from the description the missing options of
'WhiteList' and 'RealList' -- those don't appear to be available
according to `show options` and `show advanced`, @wchen-r7.
Edited modules/post/multi/recon/local_exploit_suggester.rb first landed
in #5823 , mv local_exploit_{suggestor,suggester} for minor description
cleanup and axing the description of the SHOWDESCRIPTION option (it's
already described identically on the option itself).
2015-08-13 12:33:04 -05:00
a611fff7bf
Use Rex::ThreadSafe.select on CVE-2015-1793
2015-08-08 07:43:39 -07:00
c8ba5bb90c
Land #5513 , @rcvalle's exploit for incomplete internal state distinction in JSSE
2015-08-08 07:41:53 -07:00
2707b3b402
Use Rex::ThreadSafe.select
2015-08-08 07:40:19 -07:00
a0eef3880a
Initialize version local variable
2015-08-08 07:35:37 -07:00
bb74b6fecb
Fix data reading
2015-08-08 07:18:01 -07:00
6fe7672732
Improve Rex sockets usage
2015-08-07 00:11:58 -07:00
54c5c6ea38
Another update
2015-07-29 14:31:35 -05:00
18636e3b9b
Land #5739 , @wchen-r7 fixes #5738 updating L/URI HOST/PORT options
2015-07-24 15:45:31 -05:00
ec7bf606c6
Land #5735 , @rcvalle's for CVE-2015-1793 OpenSSL mitm
2015-07-24 14:38:27 -05:00
45b4334006
Use Rex::Socket::SslTcpServer
...
* Also add rex sockets managing
2015-07-24 11:16:09 -05:00
91fc213ddf
More metasploit-credential update
2015-07-23 15:50:50 -05:00
4561850055
Use metasploit-credential API instead of report_auth_info
2015-07-22 01:11:43 -05:00
f94fe3cefd
More correct URL, not just a bare wiki link
...
Edited modules/auxiliary/server/browser_autopwn2.rb first landed in
2015-07-20 16:23:29 -05:00
454dd59da8
Add vuln discoverers
2015-07-17 13:37:30 -05:00
449c751521
Add missing info
2015-07-16 09:36:18 -07:00
8d0e34dbc0
Resolve #5738 , make the LHOST option visible
...
Resolve #5738
2015-07-16 11:00:15 -05:00
5d6c15a43d
Add openssl_altchainsforgery_mitm_proxy.rb
...
This module exploits a logic error in OpenSSL by impersonating the
server and sending a specially-crafted chain of certificates, resulting
in certain checks on untrusted certificates to be bypassed on the
client, allowing it to use a valid leaf certificate as a CA certificate
to sign a fake certificate. The SSL/TLS session is then proxied to the
server allowing the session to continue normally and application data
transmitted between the peers to be saved. This module requires an
active man-in-the-middle attack.
2015-07-15 22:36:29 -07:00
4f8f640189
Rename autopwnv2 to just autopwn2
2015-07-14 17:38:51 -05:00
8384be6466
Fix rand_text_alpha and bump max exploit count to 21
2015-07-14 01:02:01 -05:00
9a1500ee96
Change module name a little bit, makes it easier to find in GUI
2015-07-06 22:31:07 -05:00
4a70e23f9a
Add ExploitReloadTimeout datastore option
...
Some exploits require more time, and if we try the next exploit too
soon, it may crash the browser.
2015-07-06 19:20:15 -05:00
d2063c92e1
Refactor datastore names to match standards
2015-07-05 18:21:45 -05:00
43d47ad83e
Port BAPv2 to Auxiliary
2015-07-02 15:29:24 -05:00
7bda1e494b
Use Rex::Socket::Tcp
2015-06-21 13:40:31 -07:00
7f55f6631c
Remove the timeout option
2015-06-20 20:14:47 -07:00
01e87282a9
Use Msf::ThreadManager#spawn
2015-06-20 18:48:10 -07:00
dabc7abae5
Change method names to lowercase
2015-06-20 18:23:34 -07:00
fcf6212d2f
Update telnet capture module to use the new creds API
2015-06-16 16:37:36 +05:00
a48d79a2e7
Add jsse_skiptls_mitm_proxy.rb
...
This module exploits an incomplete internal state distinction in Java
Secure Socket Extension (JSSE) by impersonating the server and finishing
the handshake before the peers have authenticated themselves and
instantiated negotiated security parameters, resulting in a plaintext
SSL/TLS session with the client. This plaintext SSL/TLS session is then
proxied to the server using a second SSL/TLS session from the proxy to
the server (or an alternate fake server) allowing the session to
continue normally and plaintext application data transmitted between the
peers to be saved. This module requires an active man-in-the-middle
attack.
2015-06-08 19:41:17 -07:00
55c07b1bdd
Report credentials with create_credential_login
2015-05-19 00:14:55 -05:00
3db0e12b67
Modify autopwn comment
2015-04-21 14:19:15 -05:00
ab94f15a60
Take care of modules using the 'DEBUG' option
2015-04-21 12:13:40 -05:00
4224008709
Delete print_debug/vprint_debug
2015-04-21 11:14:03 -05:00
2b9fd93729
remove deprecated modules
2015-04-16 22:49:22 +02:00
4bd40fed7f
yard doc and comment corrections for auxiliary
2015-04-03 16:12:23 +05:00
0158e94a18
Fix mixin usage
2015-02-13 17:18:51 -06:00
0372b08d83
Fix mixin usage on modules
2015-02-13 17:17:59 -06:00
3ae3d56caa
Land #4745 , fixes #4711 , BrowserAutoPwn failing due to getpeername
2015-02-12 16:51:09 -06:00
05d2703a98
Explain why obfuscation is disabled
2015-02-12 14:00:01 -06:00
50c72125a4
::Errno::EINVAL, disable obfuscation, revoke ms14-064
2015-02-12 11:54:01 -06:00
02fe57e2a1
Bump out to April, 60ish days
2015-02-11 12:56:37 -06:00
58b6b7519a
Deprecate server/pxexploit
...
modules/auxiliary/server/pxeexploit.rb
2015-02-11 12:38:38 -06:00
9e717084af
Fix server/pxexploit datastore
2015-02-11 12:19:39 -06:00
488847cecc
Split smb_cmd_session_setup into with/without esn
...
Extended Security Negotiation
2015-01-16 07:05:10 -06:00
6b6a7e81c9
Style fixes
2015-01-16 06:39:21 -06:00
273ba54a21
Fix server/capture/smb to use create_credential
2015-01-15 22:39:11 -06:00
544f75e7be
fix invalid URI scheme, closes #4362
2014-12-11 23:34:10 +01:00
52851d59c0
Update GATEWAY to GATEWAY_PROBE_HOST, add GATEWAY_PROBE_PORT
2014-12-04 13:26:16 -08:00
6bd56ac225
Update any modules that deregistered NETMASK
2014-12-04 13:22:06 -08:00
684975a315
Use correct target address for fake As
2014-11-19 08:28:56 -08:00
3777e78a85
Sanitize creation of target host. Return minimal for SRV
2014-11-19 08:28:56 -08:00
52e004d8ab
Use less conflicting name for SRV record port
2014-11-19 08:28:56 -08:00
ee90e4353b
Add more consistent logging for fakedns types that support fake vs bypass
2014-11-19 08:28:55 -08:00
0910275fac
Don't artificially insert additional records when BYPASS
2014-11-19 08:28:55 -08:00
a38cb3ee53
@jhart-r7 commits are accepted and conflicts fixed.
2014-11-19 08:28:55 -08:00
ab7f6866f5
FAKE and BYPASS actions are implemented for SRV queries
2014-11-19 08:28:55 -08:00
f403d27fbd
Author update for the fakedns module
2014-11-19 08:28:55 -08:00
47f7d8c4be
IN:SRV expansion for Fake DNS server
2014-11-19 08:28:55 -08:00
405eae4b6e
Remove EOL whitespace
2014-11-17 11:46:36 -06:00
fc1635e80a
Fix BAP JS ref error.
2014-11-17 10:06:15 -06:00
953a642b0e
Finally write a decent description
2014-10-30 22:51:42 -05:00
e3ed7905f1
Add tnftp_savefile exploit
...
Also add URI{HOST,PORT} and {,v}print_good to HttpServer.
2014-10-30 20:38:16 -05:00
64c206fa62
Add module for CVE-2014-4877 (Wget)
2014-10-27 23:37:41 -05:00
35d3bbf74d
Fix up comment splats with the correct URI
...
See the complaint on #4039 . This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
a65ee6cf30
Land #3373 , recog
...
Conflicts:
Gemfile
Gemfile.lock
data/js/detect/os.js
lib/msf/core/exploit/remote/browser_exploit_server.rb
modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-10-03 18:05:58 -05:00
df44dfb01a
Add OSVDB and EDB references to Shellshock modules
2014-09-29 21:39:07 -05:00
878f3d12cd
Remove kind_of? per @trosen-r7
2014-09-29 15:39:10 -05:00
77efa7c19a
Change if/else to case statement
2014-09-29 15:37:58 -05:00
e1f00a83bc
Fix Rex because domainname and domain_name were duplicated
2014-09-26 13:40:52 -05:00
5044117a78
Refactor dhclient_bash_env to use the egypt's mixin mods
2014-09-26 13:34:44 -05:00
a31b4ecad9
Merge branch 'review_3893' into test_land_3893
2014-09-26 08:41:43 -05:00
86f85a356d
Add DHCP server module for CVE-2014-6271
2014-09-26 01:24:42 -05:00
9c11d80968
Add dhclient_bash_env.rb (Bash exploit)
...
This module exploits a code injection in specially crafted environment
variables in Bash, specifically targeting dhclient network configuration
scripts through the HOSTNAME, DOMAINNAME, and URL DHCP options.
2014-09-26 01:37:00 -03:00
74920d26a4
Update to server/capture/imap.rb for new Credential system
2014-08-19 15:25:31 -05:00
5bfbb7654e
Add android meterpreter to browser autopwn.
2014-08-18 11:09:16 -05:00
a844b5c30a
Merge branch 'master' of github.com:hmoore-r7/metasploit-framework into feature/recog
...
Conflicts:
Gemfile
Gemfile.lock
data/js/detect/os.js
lib/msf/core/exploit/remote/browser_exploit_server.rb
2014-05-18 10:50:32 -05:00
60b9f855b4
Bug with HTTP POST requests (content type sent twice)
2014-04-28 18:44:02 -07:00
fd232b1acd
Use the protocol version from the handshake
...
I used the protocol version from the record layer thinking I was using
the protocol version from the handshake. This commit fix this and uses
the protocol version from the handshake instead of from the record layer
as in https://gist.github.com/rcvalle/10335282 , which is how it should
have been initially.
Thanks to @wvu-r7 for finding this out!
2014-04-25 01:48:17 -03:00
039946e8d1
Use the first cipher suite sent by the client
...
If encrypted, use the TLS_RSA_WITH_AES_128_CBC_SHA; otherwise, use the
first cipher suite sent by the client. This complements the last commit
and makes this module work with SSLv3, TLSv1.0, TLSv1.1, and TLSv1.2
when NEGOTIATE_TLS is not enabled (see
https://gist.github.com/rcvalle/10335282 ).
2014-04-12 05:05:14 -03:00
b95fcb9610
Use the protocol version sent by the client
...
Use the protocol version sent by the client. This should be the latest
version supported by the client, which may also be the only acceptable.
This makes this module work with SSLv3, TLSv1.0, TLSv1.1, and TLSv1.2
when NEGOTIATE_TLS is not enabled (see
https://gist.github.com/rcvalle/10335282 ).
2014-04-12 04:21:35 -03:00
6675464c20
Fix a few things in the Heartbleed modules
2014-04-10 16:06:40 -05:00
b905aece38
Fix job not backgrounding
2014-04-09 17:03:57 -05:00
ed247498b6
Make TLS negotiation optional
2014-04-09 17:03:38 -05:00
Brent Cook
Christian Mehlmauer
wchen-r7
HD Moore
joevennix
Tod Beardsley
jvazquez-r7
Ramon de C Valle
root
William Vu
James Lee
Jon Hart
Fatih Ozavci
Joe Vennix
URI Assassin
Ramon de C Valle
Tom Sellers
joev
Rich Lundeen