Commit Graph

5827 Commits (0662677a72a2223eb295550cd6022e52436658f3)

Author SHA1 Message Date
David Maloney 0662677a72 First minor cleanup sweep 2013-02-19 17:19:16 -06:00
David Maloney d23ca8f599 Merge branch 'master' into feature/http/authv2
Conflicts:
	lib/rex/proto/http/client.rb
2013-02-17 22:58:23 -06:00
David Maloney 87d9af585e fix request_raw 2013-02-17 21:35:19 -06:00
David Maloney dd26b08197 first run at Clientrequest object
need a reliable object class for request_raw and request_cgi so that we
can manipulate requests in a safe and sane manner. It is not a eprfect
solution, but should fix what we need for the auth work.
2013-02-17 19:25:27 -06:00
James Lee aea76a56de Add some docs to FtpServer 2013-02-13 14:39:19 -06:00
Tod Beardsley 8ddc19e842 Unmerge #1476 and #1444
In that order. #1476 was an attempt to salvage the functionality, but
sinn3r found some more bugs. So, undoing that, and undoing #1444 as
well.

First, do no harm. It's obvious we cannot be making sweeping changes in
libraries like this without a minimum of testing available. #1478 starts
to address that, by the way.

FixRM #7752
2013-02-11 20:49:55 -06:00
jvazquez-r7 d4d41f36d4 Merge branch 'bug/basic_auth' of https://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-bug/basic_auth 2013-02-11 21:16:35 +01:00
David Maloney f90fdcd5eb Missed nil check 2013-02-11 13:14:05 -06:00
David Maloney 0ccf7dd58a trust any manualy set basic auth header
for now we will assume the module author knows what they are doing.
2013-02-11 13:06:26 -06:00
sinn3r 6e9232bf72 Merge branch 'addr_hex_dump' of github.com:Meatballs1/metasploit-framework into Meatballs1-addr_hex_dump 2013-02-11 11:31:54 -06:00
David Maloney 84534caae1 Fix expliciti basic_auth for http 2013-02-11 10:32:44 -06:00
Meatballs acdd952eb2 Initial commit 2013-02-09 21:50:12 +00:00
James Lee 5b3b0a8b6d Merge branch 'dmaloney-r7-http/auth_methods' into rapid7 2013-02-08 12:45:35 -06:00
James Lee 2b3c8a68ad Merge remote-tracking branch 'tasos-r7/feature/web_http_request_opts_override' into rapid7 2013-02-08 12:45:02 -06:00
James Lee d2c7dbe160 Merge remote-tracking branch 'wchen-r7/type_error_dir_scanner' into rapid7 2013-02-08 12:39:08 -06:00
sinn3r 8798567d79 Fix bug: TypeError can't convert Fixnum into String
wmap_target_port is retrieved from datastore['RPORT'], and that's a
Fixnum. But wmap_base_url is treating that like a String, so when a
module uses that function, it's doomed.

See:
http://dev.metasploit.com/redmine/issues/7748
2013-02-08 12:05:27 -06:00
James Lee 071df7241b Merge branch 'rapid7' into sonicwall_gms
Conflicts:
	modules/exploits/multi/http/sonicwall_gms_upload.rb

Adds a loop around triggering the WAR payload, which was causing some
unreliability with the Java target.
2013-02-07 21:53:49 -06:00
James Lee e535a3e93f Guard against running broken method on non-windows
This just puts a bandaid around the issue and makes it so FileDropper
doesn't completely break java and posix meterpreter sessions.

[SeeRM #7721]
2013-02-07 21:10:27 -06:00
James Lee 16a0ab1933 Fix comment link and some whitespace 2013-02-07 18:37:11 -06:00
James Lee bf28be7cff Fix some comments that yard parsed incorrectly 2013-02-07 18:36:04 -06:00
James Lee 13d1045989 Works for java and native linux targets 2013-02-07 16:56:38 -06:00
James Lee a15889305a Return a Request object
Still changes the return type, but now at least .to_s will give you the
right thing and at least a Request object is a logical thing to return.
2013-02-06 18:56:06 -06:00
Tasos Laskos b3e828359d Web::HTTP#_request: allow Rex opt level overrides
Allow overriding options at the Rex level when performing requests
via the Auxiliary::Web::HTTP wrapper.
2013-02-06 01:02:46 +02:00
David Maloney 888bb80ab6 more comments 2013-02-05 11:55:12 -06:00
David Maloney 16b4fb1faa Added some comment documentation 2013-02-05 10:36:51 -06:00
David Maloney 463a45ccaf if we don't support the auth return original res
make sure we return the original 401 if we don't support the auth.
2013-02-05 09:57:33 -06:00
David Maloney 877fb017b6 remove negotiate requirements
winrm can support basic, and now these modules can too, for free
2013-02-04 16:50:43 -06:00
David Maloney af6b0615fb fix pipelining
winrm is unforgiving of pipelining from non ntlm requests into the
challenge response cycle. we must clear our initial tcp session before
starting ntlm auth for winrm
2013-02-04 16:42:24 -06:00
David Maloney 44d4e298dc Attempting to cleanup winrm auth 2013-02-04 15:48:31 -06:00
David Maloney c71b803413 Add invisible auth to web crawler
the anemone web crawler now properly supports our invisible auth scheme
for rex http.
2013-02-04 14:38:08 -06:00
David Maloney 9b84e5b3c4 Fix raw requests to work as well as cgi 2013-02-04 13:59:58 -06:00
David Maloney 413c37e506 Add invisible auth to Web::HTTP
add the invisible auth support to tasos' http class
2013-02-04 13:39:40 -06:00
David Maloney 0c57026065 Remove junk added earlier
i added junk to tasos' class when we were going to attempt this a
different way. housekeeping to clean it up
2013-02-04 13:13:08 -06:00
David Maloney 8d013d1034 Merge branch 'master' into http/auth_methods 2013-02-04 13:11:57 -06:00
David Maloney 9497e38ef7 Fix http login scanner
Fix the http_login scanner to use new buitin auth
2013-02-04 12:31:19 -06:00
HD Moore 797e2604a0 Fix missing require in reverse_tcp_ssl 2013-02-03 17:41:45 -06:00
RageLtMan ffb88baf4a initial module import from SV rev_ssl branch 2013-02-03 15:06:24 -05:00
HD Moore c3801ad083 This adds an openssl CMD payload and handler 2013-02-03 04:44:25 -06:00
David Maloney 8d817dcbb5 fix iis digest support mistake
Digest auth working automatically
2013-02-01 15:49:18 -06:00
David Maloney 6c12fa26bc oodles of small fixes
Basic, NTLM and Negotiate auth all working transparently
Have to test digest auth still
2013-02-01 15:12:11 -06:00
David Maloney 61969d575b remove mixin require, more datastore clenaup 2013-02-01 15:12:11 -06:00
David Maloney efe0947286 Start fixing datastore options 2013-02-01 15:12:11 -06:00
David Maloney ef1fc58e5e Remove mixin, start moving into Rex
move auth awareness into rex itself
2013-02-01 15:12:11 -06:00
David Maloney c407fa9e74 add mixjn 2013-02-01 15:12:11 -06:00
David Maloney 5814c59620 move httpauth to mixin
HttpAuth stuff gets it's own little mixin
mix it in to Exploit::Http::Client
mix in it to Auxiliary::Web::HTTP
2013-02-01 15:12:10 -06:00
David Maloney 8e870f3654 merge in sinn3r's changes 2013-02-01 15:12:10 -06:00
jvazquez-r7 70b252dc7b Merge branch 'normalize_uri_update2' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-normalize_uri_update2 2013-01-31 22:32:50 +01:00
sinn3r 95cc84f5e8 Updates normalize_uri()
This function should not remove the trailing slash, because you may
end up getting a different HTTP response.  The new function also
allows multiple URIs as argument, and will just merge & normalize
them together. [SeeRM #7733]
2013-01-30 15:42:21 -06:00
jvazquez-r7 1e1cbd7445 Merge branch 'wldap32_railgun' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-wldap32_railgun 2013-01-30 21:01:31 +01:00
Tod Beardsley 6002e35460 Merge pull request #1397 from wchen-r7/target_uri_fix
normalize_uri fixes (double slashes and trailing slash)
2013-01-29 11:26:30 -08:00