Commit Graph

5463 Commits (1064488adaa7a9a01fa6106ee53e530bc80b9ca9)

Author SHA1 Message Date
James Lee 1064488ada
Whitespace 2014-10-15 14:21:39 -05:00
James Lee 5434996969
Move TcpServer into its own file 2014-10-14 18:43:40 -05:00
Tod Beardsley e68aaa4226
Don't disclose empty disclosure dates
For rapid7#4015
2014-10-14 16:02:23 -05:00
William Vu f612c8cd3e
Add disclosure date to info 2014-10-14 15:15:24 -05:00
William Vu fdd79e64c3
Land #4010, ReverseAllowProxy clarification 2014-10-14 15:10:50 -05:00
William Vu 5c4f61057f
Show available actions for info 2014-10-14 12:41:02 -05:00
Pedro Laguna 70d1eefaa9 Update reverse_tcp.rb
As I am using a exploit that does a check on the Server HTTP headers to identify the target I saw an error message that reads like this:

>The target server fingerprint "" does not match "(?-mix:(Jetty|JBoss))", use 'set FingerprintCheck false' to disable this check.

Then, while using a HTTP proxy to analyse the requests I am presented with an error that tells me to set another internal option to override a default behaviour. Although it should be pretty clear to everyone using the metasploit framework, I think it is more convenient if all error messages have the same format/way to present suggestions, in this case, presenting the full command the user needs to introduce in order to carry on with the execution of the exploit.
2014-10-14 11:24:59 +01:00
Jon Hart 458da2bca4
Land #3988, @wchen-r7's fix for #3985, a lack of logging for 'check' 2014-10-12 18:46:35 -07:00
sinn3r 96be53dcf1
Land #3962 - Show selected action 2014-10-12 14:02:40 -05:00
William Vu a04ad3aa8c
Update print_error to reflect new usage 2014-10-10 14:38:26 -05:00
William Vu 26743b4c38
Rewrite existing code to use HasActions
And fix a bug in the initial use case where mod.action was dropped.
2014-10-10 14:35:54 -05:00
William Vu 7e7e0259e4 Fix tab completion for post actions 2014-10-10 12:24:23 -05:00
William Vu 238a30a769
Update print_error to include post modules 2014-10-10 12:12:43 -05:00
sinn3r 48d2343152 Fix #3985 - check command should elog 2014-10-10 01:06:37 -05:00
William Vu 1d766ba95b
Rename dump_auxiliary_action{,s}
To dump_module_action{,s} to accommodate post modules, etc.
2014-10-08 14:49:14 -05:00
jvazquez-r7 f30309fe81
Land #3919, @wchen-r7's Fixes #3914, Inconsistent unicode names 2014-10-08 14:46:14 -05:00
William Vu f6a9cfcc52
Break away the elsif into a separate if
In case exploits support actions for some crazy reason in the future.
2014-10-08 14:30:41 -05:00
William Vu b2ba6e7ae1
Make the code more maintainable
Despite the code around it.

Thanks for the advice, @jlee-r7!
2014-10-08 14:14:28 -05:00
jvazquez-r7 dbc199ad77 space after commas 2014-10-08 13:56:59 -05:00
William Vu c0ef2c7938
Support post modules
I kinda hate this code.

TODO: Get rid of and/or and the extra parens.
2014-10-08 13:23:50 -05:00
William Vu a8b5bf4625
Show selected auxiliary action 2014-10-07 14:34:41 -05:00
sinn3r 17f278effd Fix #3822 - Support file:// syntax for check() 2014-10-06 13:37:14 -05:00
James Lee a65ee6cf30
Land #3373, recog
Conflicts:
	Gemfile
	Gemfile.lock
	data/js/detect/os.js
	lib/msf/core/exploit/remote/browser_exploit_server.rb
	modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-10-03 18:05:58 -05:00
Tod Beardsley 097d2bfbb5
Land #3922: Metasploit Park banner 2014-10-03 16:32:56 -05:00
Tod Beardsley d048bb7725 Add some color to the msfpark banner
It looks kind of naked without some color compared to all the other
banners.
2014-10-03 14:52:54 -05:00
William Vu f7e709dcb3
Land #3941, new WPVDB reference 2014-10-03 10:17:02 -05:00
Christian Mehlmauer f45b89503d change WPVULNDBID to WPVDB 2014-10-03 17:13:18 +02:00
sinn3r 6d7870a4ac
Land #3934 - New :vuln_test option to BES 2014-10-02 16:31:50 -05:00
Christian Mehlmauer 33b37727c7 Added wpvulndb links 2014-10-02 23:03:31 +02:00
Joe Vennix 6571213f1c
Remove un-truthy doc string. 2014-10-01 23:41:02 -05:00
Joe Vennix 5a8eca8946
Adds a :vuln_test option to BES, just like in BAP.
I needed this to run a custom JS check for the Android
webview vuln when the exploit is served straight
through BES. The check already existed when using BAP,
so I tried to preserve that syntax, and also added a
:vuln_test_error as an optional error message.

This commit also does some mild refactoring of un-
useful behavior in BES.
2014-10-01 23:34:31 -05:00
Joe Vennix b1b8cba4c5
Rescue an IOError on channel double-close.
This was causing output from python meterpreter
commands run on OSX to be discarded when the error
was raised, making cmd_exec not-so-useful.
2014-10-01 22:35:41 -05:00
James Lee 5cb016c1b1
Use Match constant in BES as well 2014-10-01 16:17:13 -05:00
James Lee a75d47aad9
Use yardoc for new methods
Also substitute '&&' for 'and', and fix some whitespace
2014-10-01 16:02:33 -05:00
William Vu 909ac522d1
Add metasploit-park.txt banner to msfconsole
Obviously a homage to Jurassic Park. :)
2014-09-30 16:28:23 -05:00
sinn3r 1e2d860ae1 Fix #3914 - Inconsistent unicode names 2014-09-30 12:19:27 -05:00
sinn3r 9e5826c4eb
Land #3844 - Add the JSObfu mixin to Firefox exploits 2014-09-29 11:15:14 -05:00
Meatballs d5959d6bd6
Land #2585, Refactor Bypassuac with Runas Mixin 2014-09-28 09:24:22 +01:00
Meatballs e14dd9900b
Land #3896, Change Max LOGLEVEL to 3 2014-09-28 09:18:29 +01:00
Meatballs 67c25c20ca
Land #3357, Run Local Exploits in AutoRunScript 2014-09-28 09:12:26 +01:00
Meatballs 3fc57109e6 Dont rescue Exception 2014-09-28 09:12:03 +01:00
sinn3r ae82ebc734 Change max LogLevel to 3
There is no such thing as a LogLevel 5.
2014-09-26 14:20:47 -05:00
jvazquez-r7 a31b4ecad9
Merge branch 'review_3893' into test_land_3893 2014-09-26 08:41:43 -05:00
James Lee 86f85a356d
Add DHCP server module for CVE-2014-6271 2014-09-26 01:24:42 -05:00
Ramon de C Valle bdac82bc7c Fix lib/msf/core/exploit/dhcp.rb 2014-09-25 22:18:26 -03:00
Joe Vennix 2b02174999
Yank Android->jsobfu integration. Not really needed currently. 2014-09-25 16:00:37 -05:00
Joe Vennix b96a7ed1d0
Install a global object in firefox payloads, bump jsobfu. 2014-09-24 16:05:00 -05:00
Joe Vennix 5d234c0e01
Pass #send in this so jsobfu is not confused. 2014-09-24 15:07:14 -05:00
Jon Hart 650b65250f Merge branch 'master' of github.com:rapid7/metasploit-framework into upstream-master 2014-09-22 11:51:10 -07:00
Jon Hart 4e9f1282de
Land #3834, @jabra-'s updates to UDPscanner to support spoofing 2014-09-22 11:49:53 -07:00