Commit Graph

23204 Commits (e4aedfad4377e3023517cf2f4da3c324489d7b79)

Author SHA1 Message Date
Meatballs1 2c12952112 Moar corrections 2014-02-14 09:37:00 +00:00
Meatballs1 9dd56d32de Corrections 2014-02-14 09:32:53 +00:00
Meatballs1 7ef68184e1 Handle SPNs differently 2014-02-13 23:24:55 +00:00
Meatballs1 95048b089e Dont search for made up fields 2014-02-13 22:51:55 +00:00
sinn3r d606be5efb That's funny I changed the wrong method 2014-02-13 16:41:18 -06:00
sinn3r 5d3eed8600 Add info about browser requirements in help 2014-02-13 16:37:05 -06:00
sinn3r 84e2609f62 So I don't need this bit, says Tod? 2014-02-13 16:31:48 -06:00
sinn3r 9c48335764 Change to google.com 2014-02-13 16:30:44 -06:00
sinn3r 87113e5ef8 Update license for WebRTC Experiments 2014-02-13 16:18:16 -06:00
sinn3r a44f235a8d Fix things based on Tod's feedback 2014-02-13 16:13:42 -06:00
sinn3r 71b7b1a2e9
Land #2989 - fix rspec 2014-02-13 16:09:37 -06:00
David Maloney a098c08f2f pend out bad spec 2014-02-13 15:44:05 -06:00
sinn3r 00ba0b5208
Land #2987 - Add ff 27 support to os.js 2014-02-13 15:20:53 -06:00
sinn3r 4ad7290364
Land #2988 - Unbreak the URL refs 2014-02-13 15:16:05 -06:00
sinn3r 4dd60631cb
Land #2950 - New Payload Generator for MsfVenom 2014-02-13 15:13:10 -06:00
Tod Beardsley 745f313413
Remove @nmonkee as author per twitter convo 2014-02-13 14:41:10 -06:00
Tod Beardsley 371f23b265
Unbreak the URL refs add nmonkee as ref and author
While @nmonkee didn't actually contribute to #2942, he did publish a
python exploit that leverages WebView, so given our policy of being
loose with author credit, I added him.

Also added a ref to @nmonkee's thing.

@jduck @jvennix-r7 if you have a problem with this, please do say so, I
don't think adding @nmonkee in any way diminishes your work, and I don't
want to appear like we're secretly ripping off people's work. I know you
aren't on this or any other module, and I know @nmonkee doesn't think
that either.
2014-02-13 14:19:59 -06:00
Meatballs1 d0b87f0e55 Merge pull request #38 from jvazquez-r7/review_2903
Solve conflicts
2014-02-13 17:16:13 +00:00
David Maloney 0c9b386402 add missing option serialiser
was missing the -o flag to output a payload's options
2014-02-13 10:19:26 -06:00
jvazquez-r7 61563fb2af Do minor cleanup 2014-02-13 09:10:04 -06:00
jvazquez-r7 67367092b7 Solve conflicts 2014-02-13 08:42:53 -06:00
William Vu a4035252d6 Land #1910, DISCLAIMER for firefox_creds
Fixed conflict in Author.
2014-02-12 16:32:08 -06:00
Joe Vennix 51f3ab1690 Add ff 27 support to os.js 2014-02-12 15:32:47 -06:00
jvazquez-r7 51896bcf74
land #2984, @wchen-r7's [FixRM #8765] NameError uninitialized constant in enum_ad_user_comments 2014-02-12 15:31:54 -06:00
sinn3r ce2de8f3bf Different way to write this 2014-02-12 15:08:20 -06:00
David Maloney 4565be18e3 require active_support numeric
ensure we have the activesupport numeric bytes extension
loaded for calling .gigabyte
2014-02-12 13:20:13 -06:00
jvazquez-r7 8b25b6e343
Land #2980, @wvu-r7 fix to handle invalid session id on post module runs 2014-02-12 13:13:34 -06:00
William Vu 40db1c4d0d s/auxiliarly/auxiliary/ 2014-02-12 12:17:53 -06:00
sinn3r 45d4b1e1fd
Land #2958 - Add options: Applicaiton-Name, Permissions for jar.rb 2014-02-12 11:14:25 -06:00
James Lee d0ee521c8f
Land #2982, make getenv smarter 2014-02-12 10:54:30 -06:00
jvazquez-r7 a59ce95901
Land #2970, @sgabe exploit for CVE-2010-2343 2014-02-12 08:10:53 -06:00
jvazquez-r7 9845970e12 Use pop#ret to jump over the overwritten seh 2014-02-12 08:10:14 -06:00
sgabe 11513d94f5 Add Juan as author 2014-02-12 12:17:02 +01:00
sgabe 3283880d65 Partially revert "Replace unnecessary NOP sled with random text" to improve reliability.
This partially reverts commit 12471660e9.
2014-02-12 12:09:16 +01:00
sinn3r 0f620f5aba Fix Uninitialized Constant RequestError
[SeeRM #8765] NameError uninitialized constant
2014-02-12 00:23:23 -06:00
sinn3r 750ce3c4db Make server configurable 2014-02-11 23:07:43 -06:00
OJ beca4b8bc3 Fix issue with getenv failing
The call to `getenv` failed when `%` or `$` were used because of the
differences between Meterpreter handling and MSF handling.

Meterpreter effectively ignores (ie. strips out) the platform-specific
characters which are used for environment variables. In the `getenv`
call, MSF was invoking `getenvs` and getting a full hash of values, then
attempting to index into the hash using a string which may be "polluted"
with those platform-specific characters. This meant that there was a
discrepency between what was returned and what was used to index and
as a result, the value would come out as `nil`.

For example, calling `getenv('%FOO%')` would result in a hash with
`{'FOO'=>'bar'}`, so looking for '%FOO%' in this result would yield
nothing.

This commit changes this so that the name is ignored and the first
value is returned.
2014-02-12 13:51:30 +10:00
sinn3r 7eb20a37d4 offerer's interface gets a makeover 2014-02-11 19:43:52 -06:00
sgabe 7195416a04 Increase the size of the NOP sled 2014-02-12 02:35:53 +01:00
William Vu 5a488b310d Use a more correct error message
-1 is a valid session ID, even though it's a fake one.
2014-02-11 18:06:43 -06:00
sgabe 3f09456ce8 Minor code formatting 2014-02-11 23:53:04 +01:00
sgabe 7fc3511ba9 Remove unnecessary NOPs 2014-02-11 23:48:54 +01:00
sgabe 12471660e9 Replace unnecessary NOP sled with random text 2014-02-11 23:48:04 +01:00
sgabe 184ccb9e1e Fix payload size 2014-02-11 23:42:58 +01:00
William Vu 4a603b9a8d Merge remote-tracking branch 'upstream/master' into beug/session
Conflicts:
	lib/msf/base/simple/post.rb
2014-02-11 16:38:16 -06:00
William Vu 18816f3d5e
Land #2952, -1 for last session ID 2014-02-11 16:22:36 -06:00
Spencer McIntyre 303ed9a85e
Land #4 @jvazquez-r7's bug fix for on_session_module_run 2014-02-11 17:03:21 -05:00
William Vu c67c0dde8f Land #2972, enum_system find/save logs/S[UG]ID 2014-02-11 15:45:27 -06:00
William Vu 2476d9be2d Fix invalid session ID bug
This fix should work seamlessly with #2952.
2014-02-11 15:43:35 -06:00
jvazquez-r7 1f0020a61c
Land #2946, @jlee-r7's optimization of the x86 block_api code 2014-02-11 15:00:00 -06:00