HD Moore
1135e5e073
First take on WinHTTP stagers, untested
2015-03-11 16:27:14 -05:00
HD Moore
7e3b4017f0
Rename and resynced with master, ready for refactoring
2015-03-11 14:36:27 -05:00
HD Moore
ea1bc69e2e
Merge branch 'master' into feature/add-reverse_winhttp-stagers
2015-03-11 14:29:34 -05:00
sinn3r
215c209f88
Land #4901 , CVE-2014-0311, Flash ByteArray Uncompress UAF
2015-03-11 14:04:17 -05:00
Brent Cook
ceeee4446f
Land #4904 , @hmoore-r7 reworks reverse_http/s stagers
...
They are now assembled dynamically and support more flexible options,
such as long URLs.
2015-03-11 10:41:59 -05:00
HD Moore
02c7461d32
Lands #4906 and fixes #4905 by updating Conventions for HTTP incompatible payloads
2015-03-11 00:49:27 -05:00
HD Moore
ad39adf9c2
Missing comma
2015-03-11 00:49:07 -05:00
HD Moore
cb1a1ef692
Remove bad stager+stage combinations from the payload set
2015-03-11 00:46:24 -05:00
HD Moore
a89926b663
Exclude vncinject from http stagers (depends on sockedi)
2015-03-11 00:46:04 -05:00
Brent Cook
9ade107325
disable reverse_http methods from upexec and shell payloads
...
These don't work over http and don't appear to have ever, as far back as
I could test. They appear to be an accident perhaps.
2015-03-10 17:08:58 -05:00
HD Moore
1d17e9ab5b
Remove the 256 byte limit for URLs
2015-03-10 15:27:04 -05:00
Samuel Huckins
7be665d74e
Land #4900 , credential version for postgres hash
2015-03-10 15:17:55 -05:00
HD Moore
5f382e539a
Updated required_space to count all 256 bytes of the URL
2015-03-10 15:17:09 -05:00
HD Moore
dedf3726ea
Simplify the uri_req_len logic, thanks @bcook-r7
2015-03-10 15:12:02 -05:00
David Maloney
261159aa66
update lockfile
2015-03-10 14:38:01 -05:00
William Vu
736f0b34be
Land #4902 , @nstarke's db_connect warning message
2015-03-10 14:12:47 -05:00
HD Moore
db351317a5
Merge with PR branch
2015-03-10 14:08:35 -05:00
HD Moore
0f763c2cb3
First step to reworking the winhttp stagers
2015-03-10 14:07:25 -05:00
Nicholas Starke
9a974af7dd
Merge pull request #3 from wvu-r7/pr/4902
...
Change print_status to print_error
2015-03-10 14:05:34 -05:00
William Vu
3c7b061e05
Use single quotes
...
But I like double quotes. :(
2015-03-10 14:03:13 -05:00
Borja Merino
991e72a4fa
HTTP stager based on WinHttp
2015-03-10 13:40:16 -05:00
William Vu
72e7691300
Change print_status to print_error
...
And drop db_disconnect note to another line.
2015-03-10 13:31:35 -05:00
Nicholas Starke
4d12690ca6
Merge pull request #2 from wvu-r7/pr/4902
...
Refactor db_{status,connect} a bit
2015-03-10 13:02:20 -05:00
HD Moore
966848127a
Refactor x86 Windows reverse_http and reverse_https stagers
2015-03-10 12:48:30 -05:00
William Vu
e81f2e366c
Refactor db_{status,connect} a bit
...
Also allow for db_connect help.
2015-03-10 12:35:58 -05:00
nstarke
ee8318d5c4
Adding db_disconnect qualifying statement
2015-03-10 11:58:04 +00:00
William Vu
cd992d5ea6
Land #4875 , rm some old and crufty tools
2015-03-10 00:02:04 -05:00
William Vu
ab70223107
Remove note about resplat.rb in msftidy
2015-03-10 00:00:29 -05:00
Brent Cook
97f09b6ab0
Land #4894 : hmoore-r7 cache payload sizes on start
...
Avoid the hit of regenerating all of the static-size payloads when
loading the framework. This will facilitate conversion of payloads to
use metasm later.
2015-03-09 23:06:55 -05:00
nstarke
187a0445f3
Issue #4868 - Adding warning message to db_connect when already connected
2015-03-10 00:02:34 +00:00
jvazquez-r7
14c3848493
Delete useless comment
2015-03-09 16:59:10 -05:00
HD Moore
618fbf075a
Update CachedSize for the fixed stager
2015-03-09 16:57:14 -05:00
HD Moore
746f18d9bb
Fallback to a localhost variant to make the length predictable
2015-03-09 16:56:25 -05:00
jvazquez-r7
78167c3bb8
Use single quotes when possible
2015-03-09 16:55:21 -05:00
HD Moore
6543c3c36f
Update CachedSize for the fixed stager
2015-03-09 16:54:57 -05:00
HD Moore
c676ac1499
Fallback to a localhost variant to make the length predictable
2015-03-09 16:53:28 -05:00
jvazquez-r7
cb72b26874
Add module for CVE-2014-0311
2015-03-09 16:52:23 -05:00
HD Moore
d0324e8ad3
Final cleanup, passing specs
2015-03-09 15:50:57 -05:00
HD Moore
da81f6b2a0
Correct the :dynamic cache sizes
2015-03-09 15:44:14 -05:00
HD Moore
78456fb2e0
Correct a typo (stringified symbol loses the :)
2015-03-09 15:42:23 -05:00
HD Moore
038591497f
YARD docs for the Msf::Util::PayloadCachedSize class
2015-03-09 15:39:19 -05:00
HD Moore
02509d02e4
The result of running ./tools/update_payload_cached_sizes.rb
2015-03-09 15:31:04 -05:00
HD Moore
99e2b05597
Move the cache update logic into a utility class
2015-03-09 15:29:58 -05:00
HD Moore
60145ad9a1
Cosmetic tweaks to the specs
2015-03-09 15:08:11 -05:00
HD Moore
7dc0af443f
Rework specs
2015-03-09 14:41:25 -05:00
HD Moore
33f96f5c31
Remvoe the useless pinst variable from the previous test
2015-03-09 13:59:58 -05:00
HD Moore
f61c3f33bd
Validate cached_size and dynamic_size? in the payload specs
2015-03-09 13:58:18 -05:00
HD Moore
8c635243d3
Fix whitespace in the regex, implements Msf::Payload.dynamic_size?
2015-03-09 13:15:06 -05:00
Brent Cook
603179176a
Land #4876 , @hmoore-r7 give encoders and payloads space available
2015-03-09 11:50:46 -05:00
Samuel Huckins
08df0bfaca
Land #4858 , RPC client true/truthy fix
...
* Misc ruby cleanup and fixing the issue that caused MSP-12235, rolling back the
full rollback of PR 4823
2015-03-09 11:35:57 -05:00