From @joernchen, leverages an infoleak to gain a shell on rails
applications. There is no patch, since you are expected to keep your
secrets, well, secret.
I'm just worried about all those naked classes just hanging around in
the top namespace. This shouldn't impact functionality at all.
While most modules don't define their own classes (this is usually the
job of Msf::Exploit and Rex), I can't think of a reason why you
shouldn't (well, aside from reusability). And yet, very rarely do
modules do it. It's not unknown, though -- the drda.rb capture module
defines a bunch of Constants, and the
post/windows/gather/credentials/bulletproof_ftp.rb module defines some
more interesting things.
So, this should be okay, as long as things are defined in the context of
the Metasploit module proper.
This signals a move to allowing for normal Ruby indentation (2 space
soft tabs). This change will check files for indentation of spaces or of
tabs, since we don't want to fail out all modules quite yet.
For more, see
https://github.com/rapid7/metasploit-framework/wiki/Indentation-Standards
where all details of the conversion plan will be documented in order to
minimize the amount of whitespace conflict we are sure to encounter over
this conversion.
This module should throw three errors on lines 17, 18, and 19 when
checked against the new msftidy.rb that is space-tolerant (but not
tab-space tolerant)
Usage: tools/dev/retab.rb directory
will retab with 2-width spaces rather than tabs for indentation.
This utility should be used by the @tabassassin account when it's
unleashed on the Metasploit code base in order to make git blame a
little easier to spot. (diffs should use -b or -w to avoid seeing
@tabassassin's changes)
sinn3r
Tod Beardsley
joernchen of Phenoelit
Sagi Shahar
jvazquez-r7
Charlie Eriksen
James Lee
root
Borja Merino
Charlie Eriksen