cdc82891d8
Fix the issue 7593 where I get a stacktrace when running module auxiliary/scanner/http/blind_sql_query
...
Add a guard against the case when opts['vars_get'] is nil
2016-11-21 17:39:09 -06:00
1644a1e20b
Change how we populate workgroup/domain data
2016-10-19 17:24:26 -05:00
95294b00d1
Whitespace
2016-10-19 17:13:07 -05:00
078496437f
Make sure that the ntlm blob data is pasrsed into UTF-8
2016-10-19 17:11:04 -05:00
fe36801918
Changed to convert hostnames and domains to UTF-8 rather than ANSI
...
after pulling them from the NTLM blob
2016-10-11 15:51:50 -05:00
332ba47356
refactored blob parsing to get unicode, but break everything else
2016-09-16 11:22:53 -05:00
b5ae287235
ensure that default_name, dns_host_name, and dns_domain_name are set
2016-09-13 18:32:59 -05:00
1d4b0de560
Land #6616 , Added an Outlook EWS NTLM login module.
2016-09-09 11:43:52 -05:00
a30711ddcd
Land #7279 , Use the rubyntlm gem (again)
2016-09-07 16:33:35 -05:00
1f5fbd4a67
Put remaining consts in exploit mixin...
2016-07-27 17:43:29 -05:00
bdf073516b
Switch errors over to windows_error gem...
2016-07-27 17:43:00 -05:00
01d0d1702b
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup
2016-07-14 09:48:28 -05:00
11685b7c6b
Set the server challenge key
2016-07-07 15:00:42 -05:00
cfb56211e7
Revert "Revert "Land #7009 , egypt's rubyntlm cleanup""
...
This reverts commit 1164c025a2
2016-07-07 15:00:41 -05:00
1164c025a2
Revert "Land #7009 , egypt's rubyntlm cleanup"
...
This reverts commit d90f0779f8e3e360cc83
2016-07-05 15:22:44 -05:00
ee2d1d4fdc
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup
2016-06-28 15:00:35 -05:00
6072697126
continued
2016-06-22 14:54:00 -05:00
4b3f6c5d29
Use rubyntlm for mssql login scanner
2016-06-22 10:15:22 -05:00
039e8f5899
Use rubyntlm for HTTP Negotiate auth
2016-06-22 10:15:22 -05:00
c2a063c8ae
Start using rubyntlm for ssp auth
2016-06-22 10:15:16 -05:00
fda4c62c1f
Respect SSLCipher in server mixins
...
This allows us to set a sane cipher spec for SSL-enabled server modules.
2016-05-20 16:59:36 -05:00
d4b89edf9c
Fix #6398 , Missing Content-Length header in HTTP POST
...
RFC-7230 states that a Content-Length header is normally sent in
a POST request even when the value (length) is 0, indicating an
empty payload body. Rex HTTP client failed to follow this spec,
and caused some modules to fail (such as winrm_login).
Fix #6398
2016-04-28 11:44:10 -05:00
5e36a3128c
Fix #5197 , Fixed yard doc errors
...
Fix #5197 Fixed issues that caused errors during yard doc generation
2016-04-21 13:06:00 -05:00
3e0f8d67c9
Use #strip to more correctly simulate #blank?
...
See f900d9cf26
2016-03-07 13:14:37 -06:00
289f43bb80
Land #4848 , remove some reliance on rails libraries from rex
2016-03-07 07:38:30 -06:00
4b10331cf0
style fixups
2016-03-01 10:18:25 -05:00
bff4b4d5fc
Fix #6609 and #6587 - Change Content-Length behavior in Rex HTTP
...
This patches changes two things:
1. If a module has a custom Content-Length, it will respect that
instead of forcing its own.
2. If a request does not have anything in the body, the
Content-Length header will not be set.
Fix #6609
Fix #6587
2016-02-29 10:50:21 -06:00
f735a904ff
create owa_ews_login module, modify HttpClient to accept preferred_auth option
2016-02-28 22:01:05 -05:00
3d1861b3f4
Land #6526 , integrate {peer} string into logging by default
2016-02-15 15:19:26 -06:00
ad026b3a7a
Add #peer to Tcp
2016-01-28 13:58:24 -06:00
d6facbe339
Land #6421 , ADB protocol and exploit
2016-01-22 20:45:44 -06:00
00f1511b46
Use the right op for the data checksum.
2016-01-03 01:48:25 -06:00
849857a418
Fix spacing issues in message.rb.
2016-01-02 22:57:26 -06:00
6668dbec41
Remove stray binding.pry.
2016-01-02 22:50:06 -06:00
dcd36b74db
Last mile polish and tweaks.
2016-01-02 22:41:38 -06:00
9c85c5d4fe
Add newline.
2016-01-02 01:17:28 -06:00
a88471dc8d
Add ADB client and module for obtaining shell.
2016-01-02 01:13:53 -06:00
e23b5c5435
Land #6179 , add NTP initial crypto nak spoofing module
2015-12-24 15:46:18 -06:00
d6921fa133
Add Atlassian HipChat for Jira Plugin Velocity Template Injection
...
CVE-2015-5603
Also fixes a bug in response.rb (Fix #6254 )
2015-11-18 11:34:25 -06:00
00d09744fb
Land #6118 , @wchen-r7's new methods for Rex HTTP response
2015-11-03 10:42:42 -06:00
ced20ba51c
Refactor NTP symmetric packet creation; add vuln detection to NAK to the future
2015-11-02 12:46:58 -08:00
1805774b16
Resolve #6020 , Better RPC exception handling
...
Resolve #6020 . Avoid trying to rescue RuntimeError.
2015-10-28 11:16:44 -05:00
f2b6d37630
Add WIP module for Cisco Talos' NTP 'NAK to the future'
2015-10-27 18:10:07 -07:00
f6b9f38326
This method is not needed because Nokogiri does that already
2015-10-23 19:38:17 -05:00
065d042ec4
Update doc a little bit
2015-10-21 16:29:27 -05:00
12cdd786a6
Add more Nokogiri and RKelly support for Rex::Proto::Http::Response
...
These new methods allow the module writer to being able to parse
HTML/XML/JSON responses properly without using regex first.
2015-10-21 16:26:31 -05:00
157bab4f0d
Land #5518 , TFTP::Client retransmit lost data blocks on upload
2015-09-23 21:58:42 -05:00
9e98385417
Fix #5716 by correctly setting the data length
2015-09-02 15:16:25 -05:00
407d701fd9
Remove unnecessary version_random_case option
2015-08-20 10:05:16 -07:00
2e4944b8ec
Remove unnecessary version_random_case option
2015-08-20 10:05:04 -07:00
015d045730
read max_size bytes at a time
2015-08-18 15:56:57 -05:00
b40c36688c
check send retry count and abort in excess
2015-07-31 16:17:34 -05:00
6e146794a2
fix indents and style
2015-07-31 14:48:02 -05:00
4cd6e0c72b
Added "Failed" to line 121 of kdc_request.rb
2015-07-13 11:27:32 -05:00
6a5645d747
Changed "Filed" to "Failed" in multiple files
2015-07-13 11:21:20 -05:00
7eeb8805ee
Do minor code cleanup
2015-06-19 13:37:02 -05:00
8ea09532c8
removed a debugging line
2015-06-17 13:13:00 -04:00
e30b0e0cda
forced client to version 3 for servers and added comments. This adds support for RFB version 4 servers. Tested on 004.001
2015-06-17 12:57:24 -04:00
772a5dd7df
Created array and added support for version 4
2015-06-17 12:31:51 -04:00
91a06fb6fb
TFTP::Client retransmit lost data blocks on upload
...
Retransmit data blocks until we receieve a matching ACK.
2015-06-09 15:53:33 -05:00
c3438955d4
Land #5169 , stop reading when the HTTP socket is closed
2015-05-01 11:40:49 -05:00
27f6adcd81
Land #5110 , teach Http::Response to extract hidden form inputs
2015-04-24 13:30:57 -05:00
70f94bbd96
break loop if socket is closed
2015-04-21 11:09:17 -04:00
79ca0a56f9
Land #4171 , Steam protocol support
2015-04-20 15:35:06 -05:00
f280e5191b
I forgot to move this require statement
2015-04-16 21:11:09 -05:00
3493d25ff9
Move all this to Rex
2015-04-16 21:07:23 -05:00
602e9c8df1
Update client.rb
2015-04-16 16:06:16 -04:00
6ef86b69a7
Fix loop spinning in HttpClient
2015-04-16 10:49:47 -04:00
2e52817b24
Add DecodeError
2015-04-05 18:16:19 -05:00
85a70d401b
Introduce Rex::Proto::Rmi::DecodeError
2015-04-05 18:15:04 -05:00
72c36eb23e
Use concatenation
2015-04-05 15:57:50 -05:00
e3bbb7c297
Solve conflicts
2015-04-03 14:57:49 -05:00
4ba761986f
Correct YARD doc comments
2015-04-02 16:14:25 +05:00
6ea42f6599
Fix description
2015-03-24 12:30:27 -05:00
39e87f927a
Make code consistent
2015-03-24 11:44:26 -05:00
04341bfc78
Support JMX_ROLE again
2015-03-23 17:32:26 -05:00
d8d4c23d60
JMX code refactoring
2015-03-23 17:06:51 -05:00
962bb670de
Remove old JMX mixin
2015-03-23 15:48:10 -05:00
5c3134a616
Add first support to gather information from RMI registries
2015-03-19 11:16:04 -05:00
14be07a2c4
Update java_rmi_server modules
2015-03-17 21:29:52 -05:00
6315e07312
Add specs for UniqueIdentifier
2015-03-17 20:38:43 -05:00
87b777e923
Refactor moving code to rex
2015-03-17 17:15:32 -05:00
1c064f6b46
Land #3074 , @0x41414141 SMB Share mixin
2015-03-04 10:16:04 -06:00
8328c5c5e9
Add specs for SMB_FIND_FILE_BOTH_DIRECTORY_INFO requests
2015-03-03 12:43:41 -06:00
eb3aedf4a7
Define constants for WordCount in responses
2015-02-28 18:15:14 -06:00
89a033c194
Delete unnecessary paddings due to miscalculations
2015-02-26 15:54:00 -06:00
0a51ca12a5
Download all of every file implicitly
2015-02-26 14:10:53 -06:00
d0ca1b2dc6
Delete a thing I added for no reason
2015-02-26 14:06:10 -06:00
5996256ccc
Fix formatting
2015-02-26 14:05:50 -06:00
c73ffea1b9
Do minor cleanup
2015-02-26 12:50:45 -06:00
d75f55e493
Rex should not depend on ActiveSupport, .blank? is not stdlib Ruby
2015-02-26 11:23:38 -06:00
970f0c94b2
Create CREATE_ANDX constants
2015-02-26 10:44:07 -06:00
ab1bb0e50d
bugfixes to https://github.com/jvazquez-r7/metasploit-framework/tree/review_3074_clean_server
...
to provide consistent support for various exploits and OS SMB Commands.
Reintroduces smb_cmd_trans_query_path_info_network for use with the Struts2 JSP injection vulnerability.
Reintroduces smb_cmd_trans_query_file_info_basic for common use with rundll32.
Corrects some issues with filename formatting and pattern matching for file requests (can still be improved).
2015-02-26 16:10:34 +00:00
ed9213eb4c
Add fsquery check to fs{download,delete} methods
2015-02-25 17:37:20 -06:00
ea5b6f66d4
Add UEL to fsdownload method
2015-02-25 17:35:34 -06:00
5d3c7f3b4a
Add fsquery method
2015-02-25 17:18:23 -06:00
1f981dd336
Add FSQUERY constant
2015-02-25 17:00:27 -06:00
993c75ec77
Update Offset counts with constants
2015-02-25 16:25:16 -06:00
91f0713056
Add fsdelete method
2015-02-25 15:41:40 -06:00
a096a17e21
Add FSDELETE constant
2015-02-25 15:39:51 -06:00
Jin Qian
Brendan
Brent Cook
Pearce Barry
David Maloney
James Lee
Adam Cammack
wchen-r7
thao doan
William Vu
rwhitcroft
joev
jvazquez-r7
Jon Hart
HD Moore
Mo Sadek
Th3R3p0
David Barksdale
rwhitcroft
root
Matthew Hall