Commit Graph

30485 Commits (2cf9a17f253c980124d2de7645f571b7b7559ece)

Author SHA1 Message Date
Bazin Danil 2cf9a17f25 variable name clarification (file, file_path, path) 2015-01-31 05:07:07 +01:00
Bazin Danil 5d4a8e2f90 using store_loot 2015-01-31 05:01:28 +01:00
Bazin Danil d6fb445522 add begin...ensure block so that the CloseHandle call occurs 2015-01-31 04:46:02 +01:00
Bazin Danil 1205c0045f using r['ErrorMessage'] 2015-01-31 04:37:16 +01:00
Bazin Danil f7d2e2a27a twitter in comment 2015-01-31 04:36:07 +01:00
Bazin Danil d9c64397fd shorter the line, using more variables 2015-01-31 04:32:32 +01:00
Bazin Danil 0fce908045 add constant class 2015-01-31 04:19:27 +01:00
Bazin Danil f4ec6bdc78 - use non-native pack/unpack directives
- coding: binary
- use constant for data_attribute
2015-01-31 03:59:23 +01:00
Bazin Danil 68b735dbda Add a NTFS parser and a post module to dump files
This commit add a draft of an NTFS Parser and a post module
to gather file using the raw NTFS device (\\.\C:)
bypassing restriction like already open file with lock
Can be used to retreive file like NTDS.DIT without volume shadow copy
2015-01-30 19:16:44 +01:00
jvazquez-r7 b4419afc64
Land #3019, @aczire's module for Huawei info disclosure
* Module for CVE-2013-6031
2015-01-24 10:16:35 -06:00
jvazquez-r7 c6901caf39 Change module location 2015-01-24 10:14:46 -06:00
aczire 6ec3e6545e Merge pull request #1 from jvazquez-r7/rebase_3019
Clean Huawei SOHO router information disclosure
2015-01-24 10:44:28 +05:30
jvazquez-r7 23c9d4f0fb Do final cleanup 2015-01-23 17:54:58 -06:00
jvazquez-r7 05e803f85b Rewrite get_wifi_info 2015-01-23 17:50:52 -06:00
jvazquez-r7 fe61b274bd Rewrite get_router_ssid 2015-01-23 17:38:55 -06:00
jvazquez-r7 abe9c85ad6 Rewrite get_router_dhcp_info 2015-01-23 17:37:20 -06:00
jvazquez-r7 70b6f94f14 Rewrite get_router_wan_info 2015-01-23 17:32:20 -06:00
jvazquez-r7 aeed72f726 Rewrite get_router_info 2015-01-23 17:29:12 -06:00
jvazquez-r7 26b17d5556 Clean get_router_mac_filter_info 2015-01-23 17:18:07 -06:00
jvazquez-r7 a63625ab51 Refactor response parsing 2015-01-23 17:09:01 -06:00
Spencer McIntyre 32746e0088
Land #4631, @bcook-r7's fix for #4625 pkt requeue logic 2015-01-23 18:02:21 -05:00
jvazquez-r7 c9a13bda2f Do a first easy clean up 2015-01-23 16:37:55 -06:00
jvazquez-r7 dcf0d7f596 Make msftidy happy 2015-01-23 16:23:21 -06:00
jvazquez-r7 f83b87f611 Rebase #3019 2015-01-23 16:14:01 -06:00
Brent Cook fc016fe2ec
Land #4629, @wchen-r7's proper fixes for #4616 and #3798 2015-01-23 14:29:14 -06:00
Brent Cook 52ca6b54b1 remove entire 'default' attribute acccessor override method
This reverts us to the state before
725a17c70b, making OptRegexp simply
inherit from OptBase again.
2015-01-23 14:18:05 -06:00
Brent Cook 65d71a5e18 Fix #4625 Reenable channel receive packet requeueing logic
In #4475, I incorrectly interpreted the role of the 'incomplete' array
in monitor_socket, and that change should be reverted.

What appears to happen is, we play a kind of 3-card monty with the list
of received packets that are waiting for a handler to use them.
monitor_socket continually loops between putting the packets on @pqueue,
then into backlog[] to sort them, then into incomplete[] to list all of
the packets that did not have handlers, finally back into @pqueue again.
If packets don't continually get shuffled back into incomplete, they are
not copied back into @pqueue to get rescanned again.

The only reason anything should really get into incomplete[] is if we
receive a packet, but there is nothing to handle it. This scenario
sounds like a bug, but it is exactly what happens with the Tcp Client
channel - one can open a new channel, and receive a response packet back
from the channel before the subsequent read_once code runs to register a
handler to actually process it. This would be akin to your OS
speculatively accepting data on a TCP socket with no listener, then when
you open the socket for the first time, its already there.

While it would be nice if the handlers were setup before the data was
sent back, rather than relying on a handler being registered some time
between connect and PacketTimeout, this needs to get in now to stop the
bleeding. The original meterpreter crash issue from #4475 appears to be
gone as well.
2015-01-23 08:50:37 -06:00
sinn3r f3a2d6663f Fix #4616 and Fix #3798 - Correctly use OptRegexp
This patch fixes a problem with OptRegexp. The OptRegexp class is
always forcing the value to be converted to a string first, which
causes the EXCLUDE option in browser_autopwn to kick in and match
every found autopwn module, so it ignores all of them and you load
nothing (#4616).

It is important to understand that nil actually represents an option
not being set, which is a completely different behavior than having
an empty value (technically "" is still a value, and if there's a
value, it means the option is set). We need to watcher for these
scenarios.

I am restoring the #default method to avoid forcing a to_s, which should
fix the browser autopwn loading problem. And then I changed scraper.rb's
default value for datastore option PATTERN to a string, because still
fixes #3798. The way I see it, #3798 is actually a module-specific issue.

Fix #4616
Fix #3798
2015-01-23 02:38:26 -06:00
Samuel Huckins 01bcd72e1c
Land #4546 2015-01-22 16:45:01 -06:00
William Vu 349ea56a3b
Land #4628, revert of #4593
Extraneous commas must die. Trailing commas are okay.

This check was too much.
2015-01-22 14:30:08 -06:00
Tod Beardsley 1d6524b4d9
Revert #4593, msftidy extraneous comma check
Fixes #4626 by ignoring the problem identified.

This reverts commit 7c3378b2e6, reversing
changes made to cb0257bec7.
2015-01-22 14:28:27 -06:00
William Vu 980a010e15
Land #4627, explicit rubygems require fix
And a couple extraneous comma fixes.
2015-01-22 13:49:31 -06:00
Tod Beardsley bd06b48b30
Extra commas. 2015-01-22 13:45:08 -06:00
Tod Beardsley 2e606cd097
Don't require rubygems 2015-01-22 13:44:58 -06:00
William Vu 75e04705d5
Land #4624, Firefox 33-35 os.js support 2015-01-22 13:35:47 -06:00
William Vu 0612e1906a
Land #4614, {32,64}-bit Registry access 2015-01-22 13:25:51 -06:00
Jon Hart e46395f592
Land #4596, @pdeardorff-r7's memcached extractor 2015-01-22 08:00:19 -08:00
Jon Hart 1cdcd3ccfa
Use a more consistent format in Rex table and loot for memcache 2015-01-22 07:59:48 -08:00
Jon Hart e7c21f3205
Land #4503, @m7x's post module for extracting McAfee VSE hashes 2015-01-21 20:44:41 -08:00
Jon Hart 9cc58a8d69
Lastly, rename the file so that it is specific to McAfee VSE 2015-01-21 20:44:34 -08:00
Jon Hart 683a541064
Tighten up prints to make it specific to VSE, not McAfee in general 2015-01-21 20:33:54 -08:00
Jon Hart 52be3d80b7
Minor ruby style cleanup 2015-01-21 20:27:38 -08:00
Jon Hart ceed293969
Remove unnecessary requires 2015-01-21 20:23:03 -08:00
jvazquez-r7 b61538e980
Land #4291, @headlesszeke's module for ARRIS VAP2500 command execution 2015-01-21 20:52:31 -06:00
jvazquez-r7 33195caff2 Mark compatible payloads 2015-01-21 20:52:04 -06:00
jvazquez-r7 500d7159f1 Use PAYLOAD instead of CMD 2015-01-21 20:49:05 -06:00
jvazquez-r7 f37ac39b4c Split exploit cmd vs exploit session 2015-01-21 20:46:37 -06:00
jvazquez-r7 e1d1ff17fd Change failure code 2015-01-21 20:38:33 -06:00
jvazquez-r7 169052af5c Use cookie option 2015-01-21 20:37:38 -06:00
Joe Vennix 5bfb88d55c
Update os.js to detect newer firefox versions. 2015-01-21 16:12:17 -06:00