Commit Graph

17230 Commits (01e2e8951e4b614b90c79245dd0af641f0163c02)

Author SHA1 Message Date
Tasos Laskos 0421cff913 Exploit::Remote::Web#perform_request: timeout set to 10 2013-02-25 19:49:39 +02:00
Tod Beardsley dd9002fcab Merges ChrisJohnRiley's new password
Lands https://github.com/rapid7/metasploit-framework/pull/1521

Closes #1521

(Forgive the oververbose commit message, experimenting with various
syntax hilighters)
2013-02-25 08:39:27 -06:00
Tod Beardsley e1dda982c7 Merge branch 'rspec/rex-http-client'
This lands https://github.com/rapid7/metasploit-framework/pull/1478

Talked to @jlee-r7 on Friday, and since it's only rspec tests, we agreed
that there shouldn't be anything stopping people from landing their own
tests -- we want to encourage rspec writing as much as we can. If you
can write passing tests, then by all means, land them yourself.
2013-02-25 08:34:30 -06:00
Tod Beardsley 7738bf89c1 Merge branch 'master' into rspec/rex-http-client 2013-02-25 08:31:28 -06:00
Tod Beardsley 73f6314373 Moving @cli and @ip to instance vars 2013-02-25 08:29:08 -06:00
Tod Beardsley caed599f7d Backed out all the fails from the auth bits 2013-02-25 08:26:02 -06:00
Tod Beardsley 6e35813d69 Pending hashes need to end w a block 2013-02-25 08:20:46 -06:00
Tod Beardsley 126899c82e Merge @hdmoore's Ruby 2.0 fixes (iconv) 2013-02-25 07:58:11 -06:00
Tod Beardsley 1446992253 Merge jvazquez-r7's java exploit 2013-02-25 07:19:12 -06:00
Chris John Riley 28fd92a013 Added new default password foe TMSADM
Based on: http://blog.ptsecurity.com/2013/02/sap-unknown-default-password-for-tmsadm.html
2013-02-25 09:00:57 +01:00
Josh 58205f1952 Merge pull request #1516 from rapid7/feature/search-module-targets-7754
Implement per-target arch/platform searches from hdm Fixes #7754
2013-02-24 22:12:42 -08:00
bcoles d7c0ce4e4a Fix 'check()' in glossword_upload_exec 2013-02-25 15:52:07 +10:30
Raphael Mudge 788c96566f Allow HTTP stager to work with authenticated proxies
The HttpOpenRequest function from WinINet requires the
INTERNET_FLAG_KEEP_CONNECTION flag to communicate through an
authenticated proxy.

From MSDN ( http://tinyurl.com/chwt86j ):

"Uses keep-alive semantics, if available, for the connection. This
 flag is required for Microsoft Network (MSN), NT LAN Manager (NTLM),
 and other types of authentication."

Without this flag, the HTTP stager will fail when faced with a proxy
that requires authentication. The Windows HTTPS stager does not have
this problem.

For HTTP Meterpreter to communicate through an authenticated proxy a
separate patch will need to be made to the Meterpreter source code.
This is at line 1125 of source/common/core.c in the Meterpreter source
code.

My motivation for this request is for windows/dllinject/reverse_http
to download a DLL even when faced with an authenticated proxy. These
changes accomplish this.

Test environment:

I staged a SmoothWall device with the Advanced Proxy Web Add-on. I
enabled Integrated Windows Authentication with a W2K3 DC. I verified
the HTTP stager authenticated to and communicated through the proxy
by watching the proxy access.log
2013-02-24 17:33:00 -05:00
Tod Beardsley 2141492654 Per @brandont comment, use exit status instead. 2013-02-24 15:24:21 -06:00
HD Moore ed93a7932c Clean up Iconv usage and fix indents 2013-02-24 13:11:15 -06:00
HD Moore b1355fa326 Avoid utf8 regular expression error in Ruby 2.0 2013-02-24 13:10:40 -06:00
HD Moore 8e8fecd208 Prefer String#encode over Iconv for Ruby 2.0 compat 2013-02-24 13:10:16 -06:00
HD Moore 9d9d83cf8b Implement per-target arch/platform searches SeeRM #7754 2013-02-24 11:06:29 -06:00
Tod Beardsley 5e1119e2ed A little more error handling for browser launches
Implement a timeout and deal with the case where xdg-open isn't
avialable for whatever reason.
2013-02-24 10:23:12 -06:00
Tod Beardsley 8010cdbd8b Shuffled methods around 2013-02-24 09:33:15 -06:00
bcoles 1f46b3aa02 Add Glossword Arbitrary File Upload Vulnerability exploit 2013-02-25 01:59:46 +10:30
Tod Beardsley 8caedd4290 Can't apt-get install inside msfconsole
At least, you can't and expect the service to connect correctly. You
must exit msfconsole and restart it for the migrations to take place.
2013-02-23 23:41:14 -06:00
Tod Beardsley a7c0d62106 Cleanup after some testing 2013-02-23 23:33:08 -06:00
Tod Beardsley d5a074283a Fill in the details of starting, launching, etc 2013-02-23 22:38:29 -06:00
Tod Beardsley a3886a1a6b No smartquotes plz 2013-02-23 17:17:18 -06:00
Matt Andreko 2c0a916c83 Made the password optional 2013-02-23 17:14:30 -05:00
Tod Beardsley b80343817c Skeleton for acutally go_pro'ing 2013-02-23 09:48:18 -06:00
Tod Beardsley 90a1dcffa3 Adds a random banner offering go_pro 2013-02-23 09:36:06 -06:00
Matt Andreko b221711ecd Added basic error handling 2013-02-23 10:24:04 -05:00
Tod Beardsley 2af930f1ff Adds msfbase_dir, switches on apt existance 2013-02-23 09:19:31 -06:00
Matt Andreko 67c2c3da20 Code Review Feedback
Fixed the USER/PASS that I missed in last review
Converted from Scanner module to Gather
2013-02-23 10:09:23 -05:00
Tod Beardsley 0977d1a9b0 help shouldn't go past 80 columns 2013-02-23 08:49:47 -06:00
Tod Beardsley 7509501b18 Adding a go_pro command 2013-02-23 08:46:51 -06:00
sinn3r 2b65cfa5ab Minor changes 2013-02-22 21:02:19 -06:00
sinn3r 1623877151 Merge branch 'MS13-009' of github.com:jjarmoc/metasploit-framework into jjarmoc-MS13-009 2013-02-22 20:58:42 -06:00
sinn3r aa007b9e0a Updates 2013-02-22 20:07:16 -06:00
Meatballs 15d505f7a9 Msftidy 2013-02-22 22:09:19 +00:00
Meatballs 0ea7247a43 Initial commit 2013-02-22 22:05:29 +00:00
James Lee fc07bf16e7 Merge branch 'rapid7' into dmaloney-r7-feature/http/authv2 2013-02-22 15:41:49 -06:00
sinn3r 56fa5ead37 Initial version of js_property_spray 2013-02-22 10:21:20 -06:00
bcoles 002654317c Add Kordil EDMS File Upload Vulnerability exploit 2013-02-22 23:32:17 +10:30
Matt Andreko b4f002d080 Code Review Feedback
Modified USER and PASS to USERNAME and PASSWORD
Moved the Scanner mixin to the bottom and removed deregister
2013-02-21 16:55:27 -05:00
James Lee e4e9a94329 Merge remote-tracking branch 'todb-r7/msfconsole-svn-warn' into rapid7 2013-02-21 15:31:35 -06:00
James Lee c423ad2583 Merge branch 'master' of github.com:rapid7/metasploit-framework into rapid7 2013-02-21 15:30:43 -06:00
Tod Beardsley eb6a6c1fab Be more clear on protocol types 2013-02-21 14:55:19 -06:00
Matt Andreko 4784db3403 Fixed name 2013-02-21 15:48:41 -05:00
Matt Andreko 29cb4b1008 Merge remote-tracking branch 'upstream/master' into xbmc 2013-02-21 15:25:37 -05:00
Jeff Jarmoc 4d3ffb3722 Merge pull request #2 from jvazquez-r7/ms13_009_work
Work around MS13-009
2013-02-21 11:28:01 -08:00
jvazquez-r7 5b16e26f82 change module filename 2013-02-21 20:05:13 +01:00
jvazquez-r7 b4f4cdabbc cleanup for the module 2013-02-21 20:04:05 +01:00