You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Being able to import ERB templates and run them as exploits. @jvazquez-r7 really likes this, but the actual implementation is still unclear.
Chaining callbacks. @jvazquez-r7's idea. Basically the module can tell the mixin a chain of methods to call during exploitation, and then use the mixin's "profile" feature to store/share data. I'm still thinking how to actually implement this, because this kind of touches @jvennix-r7's browser session manager. Feels like this will conflict how Joe wants to design his stuff.
Being able to pass the browser's user-agent to the payload, so payloads like windows/meterpreter/reverse_http(s) can reuse the user-agent. @jlee-r7's idea. He tried to explain to me how to properly implement this, but he lost me when he started talking about rewriting stuff.
Add detection code for Adobe Flash. Already found the JS lib, tested by Joev and got the green light from @todb-r7, so I think this can go in pretty quick.
The detection stage is repeated if a module wants to use BrowserExploitServer and support Browser Autopwn. I'm still looking for some feedback how we should deal with this.
Webdav.
Add support to detect multiple ActiveX controls/methods
Add support for Java (specifically: payload generation, and maybe exploit applet packaging?)
Add support for manual target selection (check datastore['TARGET'] and DefaultTarget)
This issue was RM8683, originally filed by by @wchen-r7
datastore['TARGET']
andDefaultTarget
)@wchen-r7 later added:
Adobe Detection:
#3156
Java Detection (I can't remember which PR landed it):
In https://github.com/rapid7/metasploit-framework/blob/master/data/js/detect/misc_addons.js
The text was updated successfully, but these errors were encountered: