f0fc1bcecd
Merge pull request #2 from todb-r7/pr-9180
...
Hi @todb-r7
This works perfect in we can save creds in our MSF `creds`
2017-12-13 11:13:42 +05:30
622050ddfc
Oops, leftover comment
2017-12-12 14:48:00 -06:00
efa46efb48
Actually save creds, or fail through sanely
...
This incidentally also allows for a custom collector to be implemented
by the user -- for example, if they'd rather pick up a session ID or
inject a browser hook or something along those lines. It's a little
clunky, using the advanced option of CUSTOM_JS, but it seems to work
fine.
2017-12-12 14:06:18 -06:00
5f70199218
Update samsung_browser_sop_bypass.rb
2017-12-12 15:52:55 +05:30
03781e920c
Merge pull request #1 from todb-r7/pr-9180
...
Hi @todb-r7
By setting TARGET_URL to `www.google.com` the module works, but in vulnerable browser the address bar would display like `http://192.168.1.102:9090/www.google.com `
`
msf auxiliary(samsung_browser_sop_bypass) >
[*] Using URL: http://192.168.1.102:9090/
[*] Server started.
[*] 192.168.1.100: Request 'GET /'
[*] 192.168.1.100: Attempting to spoof origin for www.google.com
[*] 192.168.1.100: Request 'GET /favicon.ico'
[*] 192.168.1.100: Attempting to spoof origin for www.google.com
[*] 192.168.1.100: Request 'GET /www.google.com'
[*] 192.168.1.100: Attempting to spoof origin for www.google.com
[*] 192.168.1.100: Request 'GET /favicon.ico'
[*] 192.168.1.100: Attempting to spoof origin for www.google.com
[*] 192.168.1.100: Request 'GET /favicon.ico'
[*] 192.168.1.100: Attempting to spoof origin for www.google.com
[+] 192.168.1.100: Collected credential for 'www.google.com' test:test
`
2017-12-10 11:57:04 +05:30
cba5c7cb0f
Rename to actually call out the browser name
2017-12-08 13:53:13 -06:00
0a9dcafb77
Actually collect the creds, sort of
...
Instead of an alert() (which the attacker won't see), this collects the
offered credentials in a POST action, and displays them in the console.
This should further store the creds somewhere handy, but this is good
enough for now for testing from @RootUp
2017-12-08 13:51:02 -06:00
aee883a706
Fixed up description to be descriptive
2017-12-08 12:24:58 -06:00
03cd8af29a
Update browser_sop_bypass.rb
2017-11-08 12:50:49 +05:30
0c247d5635
Update browser_sop_bypass.rb
2017-11-08 12:38:37 +05:30
872894f743
Update browser_sop_bypass.rb
2017-11-07 21:29:16 +05:30
2fad61101e
Update browser_sop_bypass.rb
2017-11-07 21:13:06 +05:30
3dad025b8c
Create browser_sop_bypass.rb
2017-11-07 14:24:50 +05:30
92c5b271c5
Land #9178 , multi/handler enhancements rollback
2017-11-06 12:03:53 -06:00
cfeb0b7bda
prefer threadsafe sleep here
2017-11-06 01:37:09 -06:00
897b5b5dd1
revert passive handler stance
2017-11-06 01:37:09 -06:00
6fb8928523
Land #9177 , fix docker builds
2017-11-06 01:35:54 -06:00
9206dee5bb
disable gem update for now as version 2.7.1 is broken
2017-11-06 07:49:10 +01:00
deb5a7b015
Bump version of framework to 4.16.16
2017-11-03 10:03:38 -07:00
a14102083c
Bump version of framework to 4.16.15
2017-11-02 10:01:12 -07:00
c2a979dd3c
Land #9134 , fix buggy handling of partial ingress packet data
2017-11-01 20:06:23 -05:00
a15b61a218
Fix #9160 , exploit method from TcpServer
...
It already starts the server and waits for us. This is what was called
when the module was still auxiliary.
2017-11-01 19:26:00 -05:00
57fde9d8ca
Land #9160 , tnftp_savefile auxiliary to exploit
2017-11-01 18:48:07 -05:00
87934b8194
Convert tnftp_savefile from auxiliary to exploit
...
This has been a long time coming. Fixes #4109 .
2017-11-01 17:37:41 -05:00
972f9c08eb
Land #9135 , peer print for jenkins_enum
2017-11-01 15:33:13 -05:00
77181bcc9c
Prefer peer over rhost/rport
2017-11-01 15:32:32 -05:00
0e66ca1dc0
Fix #3444/#4774, get_json_document over JSON.parse
...
Forgot to update these when I wrote new modules.
2017-11-01 15:05:49 -05:00
5de190f092
Land #9145 , ERB/<ruby> for Meterpreter resource
2017-11-01 13:48:51 -05:00
7a09dcb408
Fix #9109 , HttpServer (TcpServer) backgrounding
2017-11-01 13:35:04 -05:00
e3ac6b8dc2
Land #9109 , wp-mobile-detector upload and execute
2017-11-01 13:25:16 -05:00
3847a68494
Clean up module
2017-11-01 13:23:32 -05:00
7a21cfdfa6
add cached sizes for ppce500v2
2017-11-01 13:08:15 -05:00
7895cbc413
Land #9157 , Add missing ppce500v2 tests
2017-11-01 12:33:02 -05:00
aafc09ed85
Land #9156 , remove broken bundler workaround, fix rspec
2017-11-01 12:00:44 -05:00
553452c19d
add missing ppc500v2 payload specs
2017-11-01 12:00:03 -05:00
cd114c90e0
remove no longer available bundler hack
...
This address issue #9155 for bundler failures in TravisCI
2017-11-01 11:52:41 -05:00
a347dee372
Land #9150 , fix broken and simplify unusual RuntimeError exceptions
2017-11-01 06:03:36 -05:00
90766ceceb
remove more unusual raise RuntimeError patterns
2017-11-01 05:59:12 -05:00
c36184697c
Merge pull request #9150 from bcook-r7/runtimeerror
...
Fix several broken raise RuntimeError calls in error paths
2017-10-31 14:47:42 -05:00
f1e6e7eed5
Land #9107 , add MinRID to complement MaxRID
2017-10-31 12:18:28 -05:00
95b6cda06e
Land #9146 , add e500v2 and reduce size of x86_64
2017-10-31 09:54:07 -05:00
c4dcd79e41
Land #9144 , fix misspelling in exploit/windows/local/wmi_persistence
2017-10-31 05:01:13 -05:00
aa0ac57238
use implicit RuntimeError
2017-10-31 04:53:14 -05:00
9389052f61
fix more broken RuntimeError calls
2017-10-31 04:45:19 -05:00
f42b980cf0
fix misspelled RuntimeError
2017-10-30 15:42:11 -05:00
56eb828cc5
add e500v2 payloads
2017-10-30 14:04:10 -05:00
22f9626186
update sizes
2017-10-30 05:26:29 -05:00
ebaf0c5484
bump mettle, update toolchain, add e500v2 and reduce size of x86_64
2017-10-30 05:09:31 -05:00
940573ad49
Support ruby directives in Meterpreter rc scripts
2017-10-29 15:57:33 -04:00
3b8ef02c29
sid vs side
2017-10-29 08:36:05 -04:00
RootUp
Tod Beardsley
William Vu
Brent Cook
Christian Mehlmauer
Metasploit
bwatters-r7
Jeffrey Martin
lvarela-r7
Spencer McIntyre
h00die