729f2a9ab8
Bump version of framework to 4.14.19
2017-05-16 14:09:45 -07:00
58d65ce4b5
Land #8380 , check for command injection in smtp email addresses
...
aborts
2017-05-16 15:36:22 -05:00
e3f4cc0dfd
Land #8345 , WordPress PHPMailer Exim injection
...
CVE-2016-10033
2017-05-16 15:07:21 -05:00
416a5cdc3b
Land #8379 , payload opts check for RHOST warning
2017-05-14 22:21:58 -05:00
78148c7979
Prefer && instead of and
...
I think @zeroSteiner's been writing a lot of Python. :-)
2017-05-14 22:19:15 -05:00
e7be0af72e
update bad mail checks
2017-05-14 22:13:31 -05:00
cc72850847
Land #8369 , add PSH decompressor & decoder convenience methods
2017-05-14 21:28:02 -05:00
8ac5d2d377
tidy up a bit while we're in here
2017-05-14 21:27:38 -05:00
544ea6926c
trim leading and trailing whitespace in mail addresses
2017-05-14 11:22:46 -05:00
70bfdf17b2
Check payload options before showing RHOST warning
2017-05-13 14:46:07 -04:00
f39e378496
Land #8330 , fix ps_wmi_exec and psh staging
2017-05-13 14:26:47 -04:00
3cbeebe3af
Rename env_ variable to be more accurately named
2017-05-13 14:24:00 -04:00
405f2c6ca1
Bump version of framework to 4.14.18
2017-05-12 10:10:30 -07:00
123462bdca
Land #8293 , add initial multi-platform railgun support
2017-05-11 22:32:23 -05:00
e414bdb876
don't try to guess intent for specified default targets, leave auto-auto targeting to unspecified modules
2017-05-11 15:19:11 -05:00
cf29a512d0
Upstream Msf namespace PSH decompressor & decoder
...
Present convenience interfaces in Msf::Exploit::Powershell ns for
decoding and decompressing PSH strings built with Rex::Powershell
or compatible implementations.
2017-05-10 22:44:56 -04:00
18d95b6625
Land #8346 , Templatize shims for external modules
2017-05-10 18:15:54 -05:00
ee55516e06
Allow lowercase HTTP in command strings
2017-05-10 15:17:20 -05:00
3a45c2f321
Allow complete override of Host header
2017-05-10 15:17:20 -05:00
42fd287038
remove debug
2017-05-10 13:04:12 -05:00
beea5e1a5c
use wfsdelay consistently
2017-05-08 15:34:09 -05:00
fede672a81
further revise templates
2017-05-08 14:26:24 -05:00
a2ce3743a2
move wait_status to a mixin
2017-05-08 12:23:27 -05:00
f213482659
small fixe
2017-05-08 11:52:37 -05:00
c297e1679c
Land #8336 , Specify LHOST by interface name
2017-05-05 18:05:20 -05:00
fa47092bfe
Land #8348 , typo fix in Net::DNS
...
Since the lib is vendored, I doubt it'd get fixed otherwise.
2017-05-05 14:17:41 -05:00
a0b50390c5
Bump version of framework to 4.14.17
2017-05-05 10:02:17 -07:00
6e312fd009
Minor spelling correction: lenght => length
2017-05-05 10:42:33 -05:00
2e880c9fdf
move module template to an ERB
2017-05-05 01:16:54 -05:00
fee0fb5e90
Missed an LHOST option
...
making OptAddressLocal inherit from OptAddress
2017-05-04 12:57:50 -05:00
81bcf2ca70
updating all LHOST to use the new opt type
2017-05-04 12:57:50 -05:00
a6afd0b9bf
adding in a new option type
...
this will grab the first ipv4 address on a given iface
2017-05-04 12:55:46 -05:00
494711ee65
Land #8307 , Add lib for writing Python modules
2017-05-02 15:53:13 -05:00
ba9010730a
Minor cleanup
2017-05-02 15:52:21 -05:00
1b58a4f392
Land #8329 , Make `help route` more informative
2017-05-02 14:19:58 -05:00
2f1df4d4c2
Bump version of framework to 4.14.16
2017-05-02 11:11:20 -07:00
bf2abaeeaf
Make `help route` more informative
2017-05-02 11:07:08 -05:00
b7d6be05ee
split python loader from generic implementation
2017-05-01 16:10:12 -05:00
585fac0457
Fix nil bug when creating nonexistent encoder
...
Found by irthewinner on IRC.
2017-04-30 03:43:51 -05:00
e026a8c663
Fix typo (s/Remote/Reverse/) in portfwd -L
...
Found by ThePortWhisperer on IRC.
2017-04-29 00:10:13 -05:00
f8fb03682a
Fix issue in ps_wmi_exec and powershell staging
...
The staging function in the post/windows/powershell class was broken
in a previous commit as the definition for env_variable was removed and
env_prefix alone is now used. This caused an error to be thrown when
attempting to stage the payload. This changes the reference from
env_variable to env_prefix.
Additionally, the ps_wmi_exec module created a powershell script to be
run that was intended to be used with the EncodedCommand command line
option; however the script itself was never actually encoded. This
change passes the compressed script to the encode_script function to
resolve that issue.
2017-04-28 03:31:56 -04:00
5450e96204
Land #8306 , fix #8305 , escape unadorned periods within SMTP payloads
2017-04-27 17:51:14 -05:00
7a6a124272
Land #8279 , POSIX Meterpreter replaced by Mettle
2017-04-26 18:32:17 -05:00
a57067c4a7
append metasploit lib to PYTHONPATH
2017-04-26 18:13:46 -05:00
037fdf854e
move common json-rpc bits to a library
2017-04-26 18:08:08 -05:00
43ac2c339e
Land #8291 , Acunetix XML import improvements
2017-04-26 17:38:52 -05:00
353191992f
move mettle payloads to meterpreter, add reverse_http/s stageless
2017-04-26 17:06:34 -05:00
288cb6536d
fix #8305 , escape unadorned periods in the front of SMTP payloads
2017-04-26 16:05:46 -05:00
c4f1130619
Acunetix XML import improvements.
...
This patch updates the MSF db_import functionality w.r.t. importing Acunetix XML files to do the following:
- import web vulnerabilities identified by Acunetix
- import all services for each scanned host
- does not pull in the specifc program/version name of each service, as that's pretty loosely formatted in the Acunetix XML
2017-04-26 12:16:20 -05:00
3347af24ba
Add some basic libc definitions for railgun
2017-04-25 15:12:39 -04:00
Metasploit
wchen-r7
James Lee
William Vu
Brent Cook
Spencer McIntyre
RageLtMan
Adam Cammack
William Webb
Carter Harwood
darkbushido
Pearce Barry
Brandon Knight
Brent Cook