Commit Graph

1338 Commits (2cd5be021b7f1e9ad07db1cb3b474d5a2490cc33)

Author SHA1 Message Date
dmooray 478505c17a ruby 2.2 compatibility
https://bugs.ruby-lang.org/issues/10314
2015-01-07 11:41:34 +02:00
sinn3r 609c490b3c I missed nobfu 2015-01-06 12:49:39 -06:00
sinn3r 2ed05869b8 Make Msf::Exploit::PDF follow the Ruby method naming convention
Just changing method names.

It will actually also fix #4520
2015-01-06 12:42:06 -06:00
William Vu 0bece137c1
Land #4494, Object.class.to_s fix 2015-01-06 02:27:35 -06:00
sinn3r d45cdd61aa Resolve #4507 - respond_to? + send = evil
Since Ruby 2.1, the respond_to? method is more strict because it does
not check protected methods. So when you use send(), clearly you're
ignoring this type of access control. The patch is meant to preserve
this behavior to avoid potential breakage.

Resolve #4507
2015-01-02 13:29:17 -06:00
Spencer McIntyre 6d966dbbcf
Land #4203, @jvazquez-r7's cleanup for java_rmi_server 2014-12-31 11:25:19 -05:00
Christian Mehlmauer 4f11dc009a
fixes #4490, class.to_s should not be used for checks 2014-12-31 10:46:24 +01:00
jvazquez-r7 04772c8946 Ensure stop_service closes Rex::Proto::Http::Server 2014-12-26 13:50:03 -06:00
Joe Vennix e974d272f0
Remove stray line comment that ruined things when minified. 2014-12-23 00:22:50 -06:00
Tod Beardsley d3050de862
Remove references to Redmine in code
See #4400. This should be all of them, except for, of course, the module
that targets Redmine itself.

Note that this also updates the README.md with more current information
as well.
2014-12-19 17:27:08 -06:00
Tod Beardsley 9545b6e4d6
Land #4343, os_flavor reduction 2014-12-12 14:49:15 -06:00
Tod Beardsley 177cade6a5 Merge branch 'land-4274-ssl' into temp 2014-12-12 13:25:54 -06:00
Tod Beardsley 0eea9a02a1
Land #3144, psexec refactoring 2014-12-10 17:30:39 -06:00
sinn3r 9202c4f2a1 No mercy for os_flavor 2014-12-10 11:46:21 -06:00
sinn3r a584a5982f Clarify about how BES uses os_flavor
We don't. We don't use os_flavor anymore because it is no longer
implemented. We get the information from os_name instead.
2014-12-09 12:21:59 -06:00
Jon Hart 743e9fca9d
Correctly set default SECRET 2014-12-04 14:06:22 -08:00
Jon Hart 1e423f415e
Add missing opt , 2014-12-04 14:05:17 -08:00
Jon Hart 7f425fc3ab
Configurable fix for #4305
Rename UDP_SECRET to just SECRET, as it is used for more than just UDP

Rename and properly document GATEWAY option

Introduce an option to configure what UDP port will be probed
2014-12-04 13:17:34 -08:00
Jon Hart f22d7191cd Test fix for #4305 2014-12-04 10:59:57 -08:00
Jon Hart d8b1401545
Test fix for #4306 2014-12-03 19:54:31 -08:00
William Vu 394d132d33
Land #2756, tincd post-auth BOF exploit 2014-12-01 12:13:37 -06:00
HD Moore 823b4e259a Make it clear SSLVersion is not advertised since it isn't used 2014-11-22 14:25:09 -06:00
HD Moore 2f92a83092 Change to example.com as the default domain 2014-11-20 14:53:36 -06:00
Meatballs 7004c501f8
Merge remote-tracking branch 'upstream/master' into psexec_refactor_round2
Conflicts:
	modules/exploits/windows/smb/psexec.rb
2014-11-19 14:40:50 +00:00
jvazquez-r7 dff6af0747 Restore timeout 2014-11-18 12:17:10 -08:00
jvazquez-r7 4844447d17 Use 20 seconds as default timeout
* Because it's the default timeout on Rex::Proto::SunRPC::Client
2014-11-18 12:17:10 -08:00
jvazquez-r7 694561dd0f Dont shadow methods with local variables, just in case... 2014-11-18 12:17:10 -08:00
Jon Hart bfde6047d5 Introduce a user-controlled timeout for SunRPC stuff 2014-11-18 12:17:10 -08:00
Jon Hart a9f9a8b116 Introduce new ::Rex::Proto::SunRPC::RPCError, making run_host cleaner 2014-11-18 12:17:10 -08:00
Tod Beardsley 286827c6e5
Land #4186, Samsung KNOX exploit. Ty @jvennix-r7! 2014-11-17 13:29:39 -06:00
floyd 9243cfdbb7 Minor fixes to ruby style things 2014-11-17 17:12:17 +01:00
floyd 91aa5fa3cf Some simple ruby convention changes that hopefully make ruby people happy 2014-11-17 16:48:52 +01:00
floyd 3c1ce5072c Replaced camel case states with snail_case 2014-11-17 16:37:04 +01:00
Joe Vennix 7a62b71839
Some URL fixes from @jduck and exploit ideas from Andre Moulu.
The exploit works with the URLs fixed, installs the APK, but hangs at the Installing...
screen and never actually launches. We tried opening the APK in a setTimeout() intent
URI, but the previously launched intent seemed unresponsive. Andre had the bright
idea of re-opening the previously launched intent with invalid args, crashing it and
allow us to launch the payload.
2014-11-15 21:33:16 -06:00
William Vu 89a8d27602
Fix port 0 bug in URIPORT 2014-11-11 15:57:41 -06:00
jvazquez-r7 4e96833408 Check service before using it 2014-11-10 14:14:20 -06:00
jvazquez-r7 1064049729 Revert "Fix buggy calls to stop_service"
This reverts commit 613f5309bb.
2014-11-10 14:05:57 -06:00
floyd 9d848c8c3b Adding tincd post-auth stack buffer overflow exploit module for several OS
Minor changes to comments

Updated URLs

Added Fedora ROP, cleaned up

Fixing URLs again, typos

Added support for Archlinux (new target)

Added support for OpenSuse (new target)

Tincd is now a separate file, uses the TCP mixin/REX sockets.

Started ARM exploiting

Style changes, improvements according to egyp7's comments

Style changes according to sane rubocop messages

RSA key length other than 256 supported. Different key lengths for client/server supported.

Drop location for binary can be customized

Refactoring: Replaced pop_inbuffer with slice

Refactoring: fail_with is called, renamed method to send_recv to match other protocol classes,
using rand_text_alpha instead of hardcoded \x90,

Fixed fail command usage

Version exploiting ARM with ASLR brute force

Cleaned up version with nicer program flow

More elegant solution for data too large for modulus

Minor changes in comments only (comment about firewalld)

Correct usage of the TCP mixin

Fixes module option so that the path to drop the binary on the server is not validated against the local filesystem

Added comments

Minor edits

Space removal at EOL according to msftidy
2014-11-10 12:03:17 +01:00
Julio Auto 613f5309bb Fix buggy calls to stop_service 2014-11-09 02:15:30 -06:00
Joshua Smith b199820d23 init exe as nil instead of '' 2014-11-06 13:31:37 -06:00
Joshua Smith 265c178c52 fixes #4131, EXE::Custom NameError 2014-11-05 22:10:54 -06:00
William Vu e3ed7905f1
Add tnftp_savefile exploit
Also add URI{HOST,PORT} and {,v}print_good to HttpServer.
2014-10-30 20:38:16 -05:00
Meatballs 4f61710c9a
Merge remote-tracking branch 'upstream/master' into psexec_refactor_round2 2014-10-28 20:26:44 +00:00
Tod Beardsley d8cf45ef67
Allow FTP server exploits pick a PASV port
This makes it somewhat easier to use FTP server exploit modules in
somewhat more restrictive networks, where you might only have a few
inbound ports to choose from.
2014-10-27 22:21:54 -05:00
Tod Beardsley 7d34452448
TCP and TCPServer should use TLS1 by default 2014-10-27 15:55:50 -05:00
Joshua Smith 34f29f218c really resolve merge conflicts 2014-10-23 21:51:33 -05:00
Joshua Smith f19b093529 cleans & DRYs exploit/exe & util/exe & msfpayload 2014-10-23 01:10:38 -05:00
sinn3r 79d393c5aa Resolve merge conflicts
Conflicts:
	lib/msf/core/exploit/smb.rb
	lib/msf/core/exploit/tcp.rb
	modules/auxiliary/scanner/http/axis_login.rb
2014-10-21 13:06:35 -05:00
Tod Beardsley 85f48a3fb2
Land #3738, SMBServer file descriptor updates 2014-10-20 12:40:43 -05:00
Tod Beardsley 62be638258
Add 'Auto' to tcp.rb as well. 2014-10-15 16:01:42 -05:00