infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,403 Commits
7 Branches
556 Tags
419 MiB
Commit Graph

5211 Commits (2aa9de7f637d52ec46bebcbf2c33a57c84188934)

Author SHA1 Message Date
HD Moore 65686824e0 Merge in the MDM with module tables 2012-06-13 21:59:55 -05:00
HD Moore 554defa9c0 Merge MDM changes to fix the vuln refs relationship 2012-06-13 20:43:30 -05:00
HD Moore 8f448c9159 Merge MDM 2012-06-13 14:06:12 -07:00
HD Moore 9351e3ab25 MDM update to support fusion import 2012-06-13 14:02:40 -07:00
David Maloney 08cbd87541 Default mime-types to octet-stream 2012-06-13 14:48:58 -05:00
HD Moore de45630092 Merge branch 'master' into feature/vuln-info 2012-06-12 15:36:16 -05:00
Jeff Jarmoc e820d23f73 Cleanup whitespace 2012-06-12 15:32:50 -05:00
HD Moore 374b5b86f7 Merge branch 'master' into feature/vuln-info 2012-06-12 15:24:50 -05:00
Tod Beardsley 3756a5031f Adding carrierwave to metasploit's gemcache. 2012-06-12 14:47:50 -05:00
HD Moore 6290bba71b Merge branch 'master' into feature/vuln-info 2012-06-12 12:41:41 -05:00
Michael Schierl 34ecc7fd18 Adding @schierlm 's AES encryption for Java 
Tested with and without AES, works as advertised. Set an AESPassword,
get encryptification. Score.

Squashed commit of the following:

commit cca6c5c36ca51d585b8d2fd0840ba34776bc0668
Author: Michael Schierl <schierlm@gmx.de>
Date:   Wed Apr 4 00:45:24 2012 +0200

    Do not break other architectures
    even when using `setg AESPassword`

commit 422d1e341b3865b02591d4c135427903c8da8ac5
Author: Michael Schierl <schierlm@gmx.de>
Date:   Tue Apr 3 21:50:42 2012 +0200

    binaries

commit 27368b5675222cc1730ac22e4b7a387b88d0d2b3
Author: Michael Schierl <schierlm@gmx.de>
Date:   Tue Apr 3 21:49:10 2012 +0200

    Add AES support to Java stager

    This is compatible to the AES mode of the JavaPayload project.

    I'm pretty sure the way I did it in the handlers (Rex::Socket::tcp_socket_pair())
    is not the supposed way, but it works :-)
 2012-06-11 16:13:25 -05:00
HD Moore bbd500aca9 Show a stack trace in auxiliary timeouts [ temp ] 2012-06-11 01:40:57 -05:00
HD Moore d975d1a236 Add counter caches for host_details, vuln_details, vuln_attempts 2012-06-10 17:15:53 -05:00
David Maloney fc0dc23752 Some handling around empty elements 2012-06-10 17:04:47 -05:00
David Maloney a20c85a655 Remove binding.pry call 2012-06-10 17:01:31 -05:00
David Maloney f9999a3033 Add FusiuonVM Importer 
This adds a nokogiri stream parser for XML reports from
Critical Watch's FusionVM.
 2012-06-10 16:38:28 -05:00
HD Moore 4f55452153 This adds import/export support for vuln_attempts 2012-06-10 12:50:59 -05:00
HD Moore 9dcb3059f8 MDM update 2012-06-10 03:46:58 -05:00
HD Moore 7c8cb2d79e Add vuln_attempts, track exploit attempts when a matching vuln exists. 
This also fixes an issue with report_vuln() from exploited hosts not
setting the service correctly. This introduces a fail_reason method
to the exploit base class, which attempts to determine why an exploit
did not work (closed port, unreachable host, missing page, etc). There
is still quite a bit of work to do around this to finish it up.
 2012-06-10 03:15:48 -05:00
HD Moore 55bdbb6ec9 Merge branch 'master' into feature/vuln-info 2012-06-09 01:37:11 -05:00
HD Moore e840f7e9ee Add additional host detail columns and parsers 2012-06-09 00:43:03 -05:00
HD Moore dabda58f17 Import host_details and vuln_details now 2012-06-08 23:27:02 -05:00
HD Moore 465998bc17 Export host_details and vuln_details, add missing refs to db_export 2012-06-08 22:55:55 -05:00
HD Moore 376aaa410b Fix tag deuplication and reset after each vuln properly 2012-06-08 22:55:37 -05:00
James Lee 1be9ce8649 Fixes command parsing in Post::Common 
The meterpreter API wants arguments in a seperate string (not an array,
mind you) just so it can concatenate them on the server side.
Originally, I worked around that by using Shellwords.shellwords to pull
out the first token. But! Shellwords.shellwords inexplicably and
inexcusably removes backslashes in ways that make it impossible to quote
things on Windows. This commit works around both of those things.
 2012-06-07 22:24:59 -06:00
HD Moore d393dbb28f MDM update 2012-06-07 21:27:41 -05:00
HD Moore 49b3c9b0e8 More cleanup related to vuln schema 2012-06-07 04:42:16 -05:00
HD Moore 42c3bedfad Merge MDM, add migrations, tweak report_vuln 2012-06-07 00:40:26 -05:00
James Lee a2751e3ccd Rdoc fixes 2012-06-06 17:04:54 -06:00
Joe Vennix a20cec75cc Rollback activerecord to 3.2.2 to prevent asset inclusion issues. 2012-06-06 11:08:39 -05:00
James Lee fc7293baae Arguments have to be joined with a space 
Fixes cmd_exec() calls with more than one argument
 2012-06-04 18:12:45 -06:00
David Maloney 7be365c299 Ignores SMTP Auth when no creds provided 
Do not try to auth if the suer provided no creds
 2012-06-04 16:41:36 -05:00
HD Moore f633281870 Straighten out the login error path for nexpose API calls 2012-06-04 15:21:04 -05:00
Samuel Huckins 2e15ecfbd7 MDM Update 2012-06-01 11:01:08 -05:00
sinn3r 9d6fc93ed3 Merge branch 'rubinius-gethostbyname' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-rubinius-gethostbyname 2012-06-01 00:39:52 -05:00
Samuel Huckins 35543d691d Now only loading MetasploitDataModels when not already loaded and 
contained objects not in namespace
[Story #30430877]
 2012-05-31 18:11:42 -05:00
James Lee fb1bf0b356 Work around a bug in rubinius 2012-05-31 16:48:34 -06:00
Joe Vennix daf5ae8e4b Updating to Rails 3.2.4. 
Among other fixes, this addresses the Rails security advisory
from 5/31/2012:

http://groups.google.com/group/rubyonrails-security/browse_thread/thread/7546a238e1962f59
http://groups.google.com/group/rubyonrails-security/browse_thread/thread/f1203e3376acec0f

Thanks Joe and Trevor!

Squashed commit of the following:

commit d7031cebcc8a0f42f6980729c84b0ea6d24e0a9b
Author: Joe Vennix <Joe_Vennix@rapid7.com>
Date:   Thu May 31 16:57:29 2012 -0500

    Update activerecord in gemcache to support rails 3.2.4. [#30507689]

commit c7369f6d6631647907a5d67ac163020a5ab5d6dc
Author: Joe Vennix <Joe_Vennix@rapid7.com>
Date:   Thu May 31 16:53:01 2012 -0500

    Bump rails version.
 2012-05-31 17:09:59 -05:00
HD Moore 03b65c6a48 Handle cases where a user-agent was set via headers 2012-05-31 14:59:25 -05:00
James Lee fd67f7c37c Add cd and pwd to Post::File API 
Also changes working dir to /tmp (or %TMP% on Windows) when testing file
stuff.
 2012-05-30 13:52:48 -06:00
Brandon Perry e889d93924 missed @state[:bid] 2012-05-28 14:12:09 -05:00
Brandon Perry a3a308f74d fix tabs 2012-05-28 13:56:18 -05:00
Brandon Perry 820d5d2ec7 be a bit more defensive, check to make sur ethe data we think is there is there 2012-05-28 13:53:30 -05:00
James Lee 7c85a2796a Whitespace cleanup 2012-05-24 17:10:26 -06:00
James Lee 5bf973871c Space at EOF cleanup 2012-05-24 16:28:20 -06:00
James Lee e88501789c Make sure state is initialized 
Fixes a stack trace when the xml has osmatch before osclass. Thanks Sean
Carolan for the report!
 2012-05-24 10:43:30 -06:00
Tod Beardsley 0ecffd22b1 Make domain option requirement more clear 2012-05-24 10:11:08 -05:00
James Lee 22601180f3 Save the pilfered file as loot 2012-05-23 18:07:13 -06:00
James Lee dc08bc337b Default to ethernet if the server doesn't specify 
Still need to recompile sniffer, but this will fix the immediate problem
of stack traces and failing to save the pcap.
 2012-05-23 10:06:30 -06:00
James Lee e97994fdde Make sure matches is set 
Fixes a nil issue introduced by 17943c7
 2012-05-22 12:49:54 -06:00