jvazquez-r7
3ae3d56caa
Land #4745 , fixes #4711 , BrowserAutoPwn failing due to getpeername
2015-02-12 16:51:09 -06:00
sinn3r
05d2703a98
Explain why obfuscation is disabled
2015-02-12 14:00:01 -06:00
sinn3r
50c72125a4
::Errno::EINVAL, disable obfuscation, revoke ms14-064
2015-02-12 11:54:01 -06:00
Tod Beardsley
02fe57e2a1
Bump out to April, 60ish days
2015-02-11 12:56:37 -06:00
William Vu
58b6b7519a
Deprecate server/pxexploit
...
modules/auxiliary/server/pxeexploit.rb
2015-02-11 12:38:38 -06:00
William Vu
9e717084af
Fix server/pxexploit datastore
2015-02-11 12:19:39 -06:00
James Lee
488847cecc
Split smb_cmd_session_setup into with/without esn
...
Extended Security Negotiation
2015-01-16 07:05:10 -06:00
James Lee
6b6a7e81c9
Style fixes
2015-01-16 06:39:21 -06:00
James Lee
273ba54a21
Fix server/capture/smb to use create_credential
2015-01-15 22:39:11 -06:00
Christian Mehlmauer
544f75e7be
fix invalid URI scheme, closes #4362
2014-12-11 23:34:10 +01:00
Jon Hart
52851d59c0
Update GATEWAY to GATEWAY_PROBE_HOST, add GATEWAY_PROBE_PORT
2014-12-04 13:26:16 -08:00
Jon Hart
6bd56ac225
Update any modules that deregistered NETMASK
2014-12-04 13:22:06 -08:00
Jon Hart
684975a315
Use correct target address for fake As
2014-11-19 08:28:56 -08:00
Jon Hart
3777e78a85
Sanitize creation of target host. Return minimal for SRV
2014-11-19 08:28:56 -08:00
Jon Hart
52e004d8ab
Use less conflicting name for SRV record port
2014-11-19 08:28:56 -08:00
Jon Hart
ee90e4353b
Add more consistent logging for fakedns types that support fake vs bypass
2014-11-19 08:28:55 -08:00
Jon Hart
0910275fac
Don't artificially insert additional records when BYPASS
2014-11-19 08:28:55 -08:00
Fatih Ozavci
a38cb3ee53
@jhart-r7 commits are accepted and conflicts fixed.
2014-11-19 08:28:55 -08:00
Fatih Ozavci
ab7f6866f5
FAKE and BYPASS actions are implemented for SRV queries
2014-11-19 08:28:55 -08:00
Fatih Ozavci
f403d27fbd
Author update for the fakedns module
2014-11-19 08:28:55 -08:00
Fatih Ozavci
47f7d8c4be
IN:SRV expansion for Fake DNS server
2014-11-19 08:28:55 -08:00
William Vu
405eae4b6e
Remove EOL whitespace
2014-11-17 11:46:36 -06:00
Joe Vennix
fc1635e80a
Fix BAP JS ref error.
2014-11-17 10:06:15 -06:00
William Vu
953a642b0e
Finally write a decent description
2014-10-30 22:51:42 -05:00
William Vu
e3ed7905f1
Add tnftp_savefile exploit
...
Also add URI{HOST,PORT} and {,v}print_good to HttpServer.
2014-10-30 20:38:16 -05:00
HD Moore
64c206fa62
Add module for CVE-2014-4877 (Wget)
2014-10-27 23:37:41 -05:00
URI Assassin
35d3bbf74d
Fix up comment splats with the correct URI
...
See the complaint on #4039 . This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
James Lee
a65ee6cf30
Land #3373 , recog
...
Conflicts:
Gemfile
Gemfile.lock
data/js/detect/os.js
lib/msf/core/exploit/remote/browser_exploit_server.rb
modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-10-03 18:05:58 -05:00
William Vu
df44dfb01a
Add OSVDB and EDB references to Shellshock modules
2014-09-29 21:39:07 -05:00
HD Moore
878f3d12cd
Remove kind_of? per @trosen-r7
2014-09-29 15:39:10 -05:00
HD Moore
77efa7c19a
Change if/else to case statement
2014-09-29 15:37:58 -05:00
jvazquez-r7
e1f00a83bc
Fix Rex because domainname and domain_name were duplicated
2014-09-26 13:40:52 -05:00
jvazquez-r7
5044117a78
Refactor dhclient_bash_env to use the egypt's mixin mods
2014-09-26 13:34:44 -05:00
jvazquez-r7
a31b4ecad9
Merge branch 'review_3893' into test_land_3893
2014-09-26 08:41:43 -05:00
James Lee
86f85a356d
Add DHCP server module for CVE-2014-6271
2014-09-26 01:24:42 -05:00
Ramon de C Valle
9c11d80968
Add dhclient_bash_env.rb (Bash exploit)
...
This module exploits a code injection in specially crafted environment
variables in Bash, specifically targeting dhclient network configuration
scripts through the HOSTNAME, DOMAINNAME, and URL DHCP options.
2014-09-26 01:37:00 -03:00
Tom Sellers
74920d26a4
Update to server/capture/imap.rb for new Credential system
2014-08-19 15:25:31 -05:00
joev
5bfbb7654e
Add android meterpreter to browser autopwn.
2014-08-18 11:09:16 -05:00
HD Moore
a844b5c30a
Merge branch 'master' of github.com:hmoore-r7/metasploit-framework into feature/recog
...
Conflicts:
Gemfile
Gemfile.lock
data/js/detect/os.js
lib/msf/core/exploit/remote/browser_exploit_server.rb
2014-05-18 10:50:32 -05:00
Rich Lundeen
60b9f855b4
Bug with HTTP POST requests (content type sent twice)
2014-04-28 18:44:02 -07:00
Ramon de C Valle
fd232b1acd
Use the protocol version from the handshake
...
I used the protocol version from the record layer thinking I was using
the protocol version from the handshake. This commit fix this and uses
the protocol version from the handshake instead of from the record layer
as in https://gist.github.com/rcvalle/10335282 , which is how it should
have been initially.
Thanks to @wvu-r7 for finding this out!
2014-04-25 01:48:17 -03:00
Ramon de C Valle
039946e8d1
Use the first cipher suite sent by the client
...
If encrypted, use the TLS_RSA_WITH_AES_128_CBC_SHA; otherwise, use the
first cipher suite sent by the client. This complements the last commit
and makes this module work with SSLv3, TLSv1.0, TLSv1.1, and TLSv1.2
when NEGOTIATE_TLS is not enabled (see
https://gist.github.com/rcvalle/10335282 ).
2014-04-12 05:05:14 -03:00
Ramon de C Valle
b95fcb9610
Use the protocol version sent by the client
...
Use the protocol version sent by the client. This should be the latest
version supported by the client, which may also be the only acceptable.
This makes this module work with SSLv3, TLSv1.0, TLSv1.1, and TLSv1.2
when NEGOTIATE_TLS is not enabled (see
https://gist.github.com/rcvalle/10335282 ).
2014-04-12 04:21:35 -03:00
William Vu
6675464c20
Fix a few things in the Heartbleed modules
2014-04-10 16:06:40 -05:00
William Vu
b905aece38
Fix job not backgrounding
2014-04-09 17:03:57 -05:00
HD Moore
ed247498b6
Make TLS negotiation optional
2014-04-09 17:03:38 -05:00
William Vu
2f9a400efa
vprint_status the other message message
2014-04-09 15:11:02 -05:00
William Vu
84ce72367b
Make the output less verbose
2014-04-09 14:57:51 -05:00
jvazquez-r7
157fb5a905
Make title more searchable
2014-04-09 12:08:35 -05:00
jvazquez-r7
58f4a1c085
Usee loop do instead or while true
2014-04-09 11:48:45 -05:00