Commit Graph

31704 Commits (1135e5e073b5324badd4dae448ec64cb0d0ae207)

Author SHA1 Message Date
HD Moore 1135e5e073 First take on WinHTTP stagers, untested 2015-03-11 16:27:14 -05:00
HD Moore 7e3b4017f0 Rename and resynced with master, ready for refactoring 2015-03-11 14:36:27 -05:00
HD Moore ea1bc69e2e Merge branch 'master' into feature/add-reverse_winhttp-stagers 2015-03-11 14:29:34 -05:00
sinn3r 215c209f88
Land #4901, CVE-2014-0311, Flash ByteArray Uncompress UAF 2015-03-11 14:04:17 -05:00
Brent Cook ceeee4446f
Land #4904, @hmoore-r7 reworks reverse_http/s stagers
They are now assembled dynamically and support more flexible options,
such as long URLs.
2015-03-11 10:41:59 -05:00
HD Moore 02c7461d32
Lands #4906 and fixes #4905 by updating Conventions for HTTP incompatible payloads 2015-03-11 00:49:27 -05:00
HD Moore ad39adf9c2 Missing comma 2015-03-11 00:49:07 -05:00
HD Moore cb1a1ef692 Remove bad stager+stage combinations from the payload set 2015-03-11 00:46:24 -05:00
HD Moore a89926b663 Exclude vncinject from http stagers (depends on sockedi) 2015-03-11 00:46:04 -05:00
Brent Cook 9ade107325 disable reverse_http methods from upexec and shell payloads
These don't work over http and don't appear to have ever, as far back as
I could test. They appear to be an accident perhaps.
2015-03-10 17:08:58 -05:00
HD Moore 1d17e9ab5b Remove the 256 byte limit for URLs 2015-03-10 15:27:04 -05:00
Samuel Huckins 7be665d74e
Land #4900, credential version for postgres hash 2015-03-10 15:17:55 -05:00
HD Moore 5f382e539a Updated required_space to count all 256 bytes of the URL 2015-03-10 15:17:09 -05:00
HD Moore dedf3726ea Simplify the uri_req_len logic, thanks @bcook-r7 2015-03-10 15:12:02 -05:00
David Maloney 261159aa66
update lockfile 2015-03-10 14:38:01 -05:00
William Vu 736f0b34be
Land #4902, @nstarke's db_connect warning message 2015-03-10 14:12:47 -05:00
HD Moore db351317a5 Merge with PR branch 2015-03-10 14:08:35 -05:00
HD Moore 0f763c2cb3 First step to reworking the winhttp stagers 2015-03-10 14:07:25 -05:00
Nicholas Starke 9a974af7dd Merge pull request #3 from wvu-r7/pr/4902
Change print_status to print_error
2015-03-10 14:05:34 -05:00
William Vu 3c7b061e05 Use single quotes
But I like double quotes. :(
2015-03-10 14:03:13 -05:00
Borja Merino 991e72a4fa HTTP stager based on WinHttp 2015-03-10 13:40:16 -05:00
William Vu 72e7691300 Change print_status to print_error
And drop db_disconnect note to another line.
2015-03-10 13:31:35 -05:00
Nicholas Starke 4d12690ca6 Merge pull request #2 from wvu-r7/pr/4902
Refactor db_{status,connect} a bit
2015-03-10 13:02:20 -05:00
HD Moore 966848127a Refactor x86 Windows reverse_http and reverse_https stagers 2015-03-10 12:48:30 -05:00
William Vu e81f2e366c Refactor db_{status,connect} a bit
Also allow for db_connect help.
2015-03-10 12:35:58 -05:00
nstarke ee8318d5c4 Adding db_disconnect qualifying statement 2015-03-10 11:58:04 +00:00
William Vu cd992d5ea6
Land #4875, rm some old and crufty tools 2015-03-10 00:02:04 -05:00
William Vu ab70223107 Remove note about resplat.rb in msftidy 2015-03-10 00:00:29 -05:00
Brent Cook 97f09b6ab0
Land #4894: hmoore-r7 cache payload sizes on start
Avoid the hit of regenerating all of the static-size payloads when
loading the framework. This will facilitate conversion of payloads to
use metasm later.
2015-03-09 23:06:55 -05:00
nstarke 187a0445f3 Issue #4868 - Adding warning message to db_connect when already connected 2015-03-10 00:02:34 +00:00
jvazquez-r7 14c3848493 Delete useless comment 2015-03-09 16:59:10 -05:00
HD Moore 618fbf075a Update CachedSize for the fixed stager 2015-03-09 16:57:14 -05:00
HD Moore 746f18d9bb Fallback to a localhost variant to make the length predictable 2015-03-09 16:56:25 -05:00
jvazquez-r7 78167c3bb8 Use single quotes when possible 2015-03-09 16:55:21 -05:00
HD Moore 6543c3c36f Update CachedSize for the fixed stager 2015-03-09 16:54:57 -05:00
HD Moore c676ac1499 Fallback to a localhost variant to make the length predictable 2015-03-09 16:53:28 -05:00
jvazquez-r7 cb72b26874 Add module for CVE-2014-0311 2015-03-09 16:52:23 -05:00
HD Moore d0324e8ad3 Final cleanup, passing specs 2015-03-09 15:50:57 -05:00
HD Moore da81f6b2a0 Correct the :dynamic cache sizes 2015-03-09 15:44:14 -05:00
HD Moore 78456fb2e0 Correct a typo (stringified symbol loses the :) 2015-03-09 15:42:23 -05:00
HD Moore 038591497f YARD docs for the Msf::Util::PayloadCachedSize class 2015-03-09 15:39:19 -05:00
HD Moore 02509d02e4 The result of running ./tools/update_payload_cached_sizes.rb 2015-03-09 15:31:04 -05:00
HD Moore 99e2b05597 Move the cache update logic into a utility class 2015-03-09 15:29:58 -05:00
HD Moore 60145ad9a1 Cosmetic tweaks to the specs 2015-03-09 15:08:11 -05:00
HD Moore 7dc0af443f Rework specs 2015-03-09 14:41:25 -05:00
HD Moore 33f96f5c31 Remvoe the useless pinst variable from the previous test 2015-03-09 13:59:58 -05:00
HD Moore f61c3f33bd Validate cached_size and dynamic_size? in the payload specs 2015-03-09 13:58:18 -05:00
HD Moore 8c635243d3 Fix whitespace in the regex, implements Msf::Payload.dynamic_size? 2015-03-09 13:15:06 -05:00
Brent Cook 603179176a
Land #4876, @hmoore-r7 give encoders and payloads space available 2015-03-09 11:50:46 -05:00
Samuel Huckins 08df0bfaca
Land #4858, RPC client true/truthy fix
* Misc ruby cleanup and fixing the issue that caused MSP-12235, rolling back the
full rollback of PR 4823
2015-03-09 11:35:57 -05:00