Matt Buck
2cd5be021b
Merge branch 'master' into staging/rails-4.0
...
Conflicts:
Gemfile
Gemfile.lock
db/schema.rb
metasploit-framework-db.gemspec
metasploit-framework.gemspec
2015-01-08 13:12:27 -06:00
Trevor Rosen
2a52bfd26d
Land #4554 , metasploit-credential bump to 0.13.11
2015-01-08 09:49:08 -06:00
Trevor Rosen
14a35eb28a
Bump metasploit-credential to 0.13.11
2015-01-08 09:35:07 -06:00
William Vu
3c4ec1d958
Land #4547 , rm data/meterpreter/common.lib
2015-01-08 04:52:29 -06:00
William Vu
ea793802cc
Land #4528 , mantisbt_php_exec improvements
2015-01-08 04:50:00 -06:00
Meatballs
3c3d28b475
Land #4551 , correct spelling in dns_bruteforce
2015-01-08 10:03:28 +00:00
William Vu
0604b2ecc7
Land #4542 , invalid splat URL fix
2015-01-07 22:54:22 -06:00
EricGershman
0496bb16bc
Minor spelling fix
2015-01-07 23:43:59 -05:00
Samuel Huckins
f0261a418c
Lands #4535 , report_auth_info shoring up
2015-01-07 16:32:14 -06:00
Brent Cook
32ddd5ccb4
delete unused library from meterpreter dir
...
common.lib is only used by the build process, not MSF
2015-01-07 16:00:37 -06:00
David Maloney
f2c22b6dc7
corrected schema
2015-01-07 15:38:39 -06:00
James Lee
da2e088118
Land #4536 , Ruby 2.2 compat fixes
...
Note that ActiveRecord 3.2.21 still has a similar warning that will
probably cause bugs, preventing full support for 2.2 until that's fixed.
2015-01-07 15:33:23 -06:00
David Maloney
a491f22a09
migration update
2015-01-07 15:32:31 -06:00
Meatballs
e3e9a64064
Land #4543 , Update john.conf with korelogic rules
2015-01-07 21:30:44 +00:00
Meatballs
bdbb26ba31
Land #4540 , resolves #4532 , honour DB_ALL_* options
2015-01-07 21:12:23 +00:00
David Maloney
fcf0a3f096
pull latest credential
2015-01-07 15:09:01 -06:00
Meatballs
361057ce6e
Land #4544 , resolves #4511 - fix rails log location
2015-01-07 20:58:26 +00:00
Meatballs
db367895a8
Land #4491 , Fix test modules
2015-01-07 20:48:49 +00:00
Brent Cook
0c94536b87
make post service manipulation tests work
...
Fix a funny default service name, adjust test to be case-agnostic.
winmgmt on Windows XP and Windows 8 have different capitalization for this
service. I'm not sure why it's a module parameter though - the test will still
fail if its anything other than winmgmt.
The following RC script has 7 successful outputs when run against a reverse_tcp shell.
Run a reverse_tcp stager and the following RC script to run the test
```
loadpath test/modules
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.43.1
run -j
sleep 5
use post/test/services
set SESSION 1
run
```
Note: this test still doesn't run very reliably on windows 8 unless you're
using the code from rapid7/meterpreter#107 and #4411 , though it runs ok on
Windows XP.
2015-01-07 13:31:16 -06:00
Brent Cook
c96c8a03cf
CmdStagerVBS is now in Rex::Exploitation
...
```
$ ./msfconsole -qx "loadpath test/modules/; exit"
Loaded 32 modules:
12 auxiliarys
12 exploits
8 posts
```
2015-01-07 13:31:15 -06:00
David Maloney
82d129bfc4
Merge branch 'master' into feature/jtr-korelogic-rules-update
2015-01-07 12:42:23 -06:00
David Maloney
9bcb3b95cd
Merge branch 'master' of github.com:rapid7/metasploit-framework
2015-01-07 12:41:43 -06:00
David Maloney
df70678762
tell suer KoreLogic rules have been applied
...
make sure to rpovide console feedback that we are
actually applying the KoreLogic rules to wordlist mode
2015-01-07 12:36:07 -06:00
David Maloney
4ad7021336
give user option to turn on KoreLogic rules
...
the cracker modules in framework now have a datastore option
to allow the user to select the KoreLogicRules
2015-01-07 12:32:26 -06:00
David Maloney
5480cb81f5
add updated KoreLogic rules to john.conf
...
updated our shipped john.conf to include a
more up to date version of the KoreLogic JtR rules.
They add overhead to the cracking time but are
probably some of the best/most effective JtR
rules out there.
2015-01-07 12:25:04 -06:00
sinn3r
ef97d15158
Fix msftidy and make sure all print_*s in check() are vprint_*s
2015-01-07 12:12:25 -06:00
David Maloney
5d68d48ca5
Land #4385 , fixes bruteforce_speed validator
...
bruteforce_speed validator now accepts nil
2015-01-07 12:09:25 -06:00
David Maloney
702511dbc5
respect DB_ALL_USERS & DB_ALL_PASS
...
fix last few things in authbrute
and make the CredentialCollections understand the
additional seperate components
MSP-11986
2015-01-07 11:41:41 -06:00
David Maloney
7ff2ba0725
first pass on fixing DB_ALL authbrute stuff
...
DB_ALL_CREDS worked but DB_ALL_USER and DB_ALL_PASS
did not. working on fixing that.
This commit also does some nice DRY work in the auth_brute mixin
MSP-11986
2015-01-07 11:30:39 -06:00
James Lee
3e80efb5a8
Land #4521 , Pandora FMS upload
2015-01-07 11:13:57 -06:00
James Lee
1ccef7dc3c
Shorter timeout so we get shell sooner
...
The request to execute our payload will never return, so waiting for the
default timeout (20 seconds) is pointless.
2015-01-07 11:11:33 -06:00
James Lee
efe83a4f31
Whitespace
2015-01-07 10:19:17 -06:00
Trevor Rosen
3ba3465afb
Ensure logging in ~/.msf4/log
...
Fix #4511
2015-01-07 09:37:07 -06:00
Christian Mehlmauer
09bd0465cf
fix regex
2015-01-07 11:54:55 +01:00
rcnunez
b3def856fd
Applied changes recommended by jlee-r7
...
used Rex::ConnectionError
refactor begin/rescue blocks
removed ::URI::InvalidURIError
changed @peer with peer
used Exploit::CheckCode:Appears instead of Exploit::CheckCode::Vulnerable
2015-01-07 18:38:19 +08:00
Christian Mehlmauer
eaad4e0bea
fix check method
2015-01-07 11:01:08 +01:00
dmooray
8c23e8c2e8
ruby 2.2 compatibility
...
Fix circular argument reference warnings for ruby 2.2
2015-01-07 12:00:50 +02:00
dmooray
478505c17a
ruby 2.2 compatibility
...
https://bugs.ruby-lang.org/issues/10314
2015-01-07 11:41:34 +02:00
Christian Mehlmauer
862af074e9
fix bug
2015-01-07 09:10:50 +01:00
Christian Mehlmauer
d007b72ab3
favor include? over =~
2015-01-07 07:33:16 +01:00
Christian Mehlmauer
4277c20a83
use include?
2015-01-07 06:51:28 +01:00
Christian Mehlmauer
39e33739ea
support for anonymous login
2015-01-07 00:08:04 +01:00
Christian Mehlmauer
bf0bdd00df
added some links, use the res variable
2015-01-06 23:25:11 +01:00
William Vu
fee49b0b85
Land #4531 , Msf::Exploit::PDF method name fix
2015-01-06 14:26:58 -06:00
David Maloney
a626c45813
update gemspec for newest credential
...
we need the latest metasploit-credential to migrate
over any old style creds still lingering around in the
database.
MSP-11919
2015-01-06 14:25:55 -06:00
sinn3r
609c490b3c
I missed nobfu
2015-01-06 12:49:39 -06:00
sinn3r
2ed05869b8
Make Msf::Exploit::PDF follow the Ruby method naming convention
...
Just changing method names.
It will actually also fix #4520
2015-01-06 12:42:06 -06:00
Christian Mehlmauer
f9f2bc07ac
some improvements to the mantis module
2015-01-06 11:33:45 +01:00
William Vu
0bece137c1
Land #4494 , Object.class.to_s fix
2015-01-06 02:27:35 -06:00
William Vu
f2710f6ba7
Land #4443 , BulletProof FTP client exploit
2015-01-06 02:10:42 -06:00