infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
22,938 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

22938 Commits (2cfc662e43cfc10db9b94c0cb117db9641a2a6ae)

Author SHA1 Message Date
Meatballs 80452767c8
Comments 2014-01-22 10:24:24 +00:00
Meatballs 156e3c046e
Dont lookup twice 2014-01-22 10:14:56 +00:00
Meatballs 62729dd9ab
Merge remote-tracking branch 'upstream/master' into enum_ad_perf 2014-01-22 10:06:54 +00:00
Meatballs 6d6d1e1033
No need to fiddle with naming context 2014-01-22 10:06:36 +00:00
sinn3r 1c1597973e Update PJL rspec to comply with guidelines 
Basically the updated version is more explicit. If a moethod doesn't
return anything but might raise an error, then we focus on that.
Also use . to # for instance methods.
 2014-01-22 03:34:49 -06:00
Raphael Mudge a92033a1bb Merge pull request #1 from jlee-r7/land-2897-meterpreter-interfaces 
Refactor load_session_info
 2014-01-21 17:58:38 -08:00
OJ a7d4aa5d46 Merge branch 'upstream/master' into clipboard_monitor 
Conflicts:
	lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/clipboard.rb
 2014-01-22 11:51:10 +10:00
James Lee e9ccec4755
Refactor load_session_info 
All of this code is in sore need of some specs but I think this change
makes it a bit easier to understand what it is supposed to be doing.
 2014-01-21 18:55:54 -06:00
jvennix-r7 29d6f7c720 Merge pull request #9 from todb-r7/warn-about-deflate 
Warn the user about SSLCompression
 2014-01-21 15:25:41 -08:00
sinn3r 646f7835a3 Saving progress 2014-01-21 17:14:55 -06:00
Tod Beardsley 0b6e03df75
More comment docs on SSLCompression 2014-01-21 16:48:26 -06:00
Tod Beardsley b8219e3e91
Warn the user about SSLCompression 2014-01-21 16:41:45 -06:00
William Vu ca7a8203ff
Land #2901, gooder spelling 2014-01-21 15:59:59 -06:00
Tod Beardsley f5809423a3
Let's spell right in my spellcheck PR 
Updates #2900
 2014-01-21 15:57:59 -06:00
Meatballs 720f892e2f
Merge remote-tracking branch 'upstream/master' into enum_ad_perf 2014-01-21 21:00:51 +00:00
Meatballs f571d63088
Merge remote-tracking branch 'upstream/master' into enum_ad_users 2014-01-21 21:00:09 +00:00
Meatballs eee716a6b3
Grab comments and descriptions ftw 2014-01-21 20:59:31 +00:00
Tod Beardsley 7660e2d3b7
Land #2899, don't stop at the first \f 2014-01-21 14:55:26 -06:00
James Lee 6359a443ac
Land #2900, @todb-r7's fixups for release 2014-01-21 14:36:07 -06:00
sinn3r 85396b7af2 Saving progress 
Progress group 4: Making sure these checks comply with the new
guidelines. Please read: "How to write a check() method" found in
the wiki.
 2014-01-21 14:10:35 -06:00
Tod Beardsley b3b51eb48c
Pre-release fixup 
* Updated descriptions to be a little more descriptive.

  * Updated store_loot calls to inform the user where the
loot is stored.

  * Removed newlines in print_* statments -- these will screw
up Scanner output when dealing with multiple hosts.

Of the fixed newlines, I haven't see any output, so I'm not sure what
the actual message is going to look like -- I expect it's a whole bunch
of newlines in there so it'll be kinda ugly as is (not a blocker for
this but should clean up eventually)
 2014-01-21 13:29:08 -06:00
sinn3r 689999c8b8 Saving progress 
Progress group 3: Making sure these checks comply with the new
guidelines. Please read: "How to write a check() method" found in
the wiki.
 2014-01-21 13:03:36 -06:00
William Vu dc4b4218b3 Make {COUNT,SIZE}_MAX more readable 
Good suggestion, @jlee-r7.
 2014-01-21 12:13:14 -06:00
William Vu 6a16cf96ba Fix bug in fsupload 
Badchar analysis: file may contain form feeds.
 2014-01-21 11:36:24 -06:00
sinn3r fe767f3f64 Saving progress 
Progress group 2: Making sure these checks comply with the new
guidelines. Please read: "How to write a check() method" found in
the wiki.
 2014-01-21 11:07:03 -06:00
Tod Beardsley b8d868d0f0
Land #2888, updated Meterpreter bins: e77c87cd 
This lands Meterpreter binaries as of commit e77c87cd

The compare view is the easiest way to see what's different since the
last update:

9e33acf...e77c87cd

Not seeing a lot of bugs being ref'ed there, sadly.
 2014-01-21 10:56:49 -06:00
Tod Beardsley 82bd1fa466
Land #2898, msftidy articles fix. 2014-01-21 09:37:56 -06:00
William Vu 3a943c719e Implement a whitelist for suspect capitalization 2014-01-21 09:26:16 -06:00
Raphael Mudge ac151794f3 Make Meterpreter Session Address Resolution Sane 
If MSF can not match the visible IP address of a Meterpreter session
to an interface--it will attempt to find an IP address associated
with a default route and use it as the session's address.

This commit fixes the logic associated with this process. The old
logic only considers one IP address per Interface, even though an
Interface may have multiple addresses/masks associated with it.

This flaw led to situations where MSF would favor an IPv6 link-local
address over the IPv4 address associated with the default route,
solely because the IPv4 address was not the first value in the
addresses array.

[FixRM #7259]
 2014-01-21 00:32:50 -05:00
sinn3r ea47da5682 Add wiki link "How to write a check() method" to documentation 2014-01-20 20:10:50 -06:00
sinn3r 7cc3c47349
Land #2891 - HP Data Protector Backup Client Service Directory Traversal 2014-01-20 20:08:01 -06:00
sinn3r e5dc6a9911 Update exploit checks 
Progress group 1: Making sure these checks comply with the new
guidelines. Please read: "How to write a check() method" found in
the wiki.
 2014-01-20 14:26:10 -06:00
sinn3r 5025736d87 Fix check for modicon_password_recovery 2014-01-19 17:20:20 -06:00
sinn3r a239e14084 Fix nodejs_popelining check 2014-01-19 17:06:35 -06:00
sinn3r 7080bb336c Update ColdFusion check 2014-01-19 17:05:03 -06:00
sinn3r 4fdd2c19a1 Update vbulletin check 2014-01-19 16:54:27 -06:00
sinn3r 0a8aa07131 Fix check method 
This isn't a check, so shouldn't be using the check method
 2014-01-19 16:47:15 -06:00
sinn3r e48b8ae14c Use a better term 2014-01-19 16:01:38 -06:00
jvazquez-r7 4e224132e8
Land #2893, @wchen-r7's patch for jboss_invoke_deploy 2014-01-17 22:06:11 -06:00
jvazquez-r7 e2fa581b8c Delete empty line 2014-01-17 22:05:14 -06:00
jvazquez-r7 01ab6fd545 Do small fixes 2014-01-17 17:59:03 -06:00
jvazquez-r7 5ec062ea1c Beautify print message 2014-01-17 17:42:26 -06:00
jvazquez-r7 d96772ead1 Clean multi-threading on ibm_sametime_enumerate_users 2014-01-17 17:38:16 -06:00
jvazquez-r7 bb3d9da0bb Do first cleaning on ibm_sametime_enumerate_users 2014-01-17 16:33:25 -06:00
jvazquez-r7 584401dc3f Clean ibm_sametime_room_brute code 2014-01-17 15:57:12 -06:00
jvazquez-r7 4d079d47b8 Enable SSL by default 2014-01-17 15:34:33 -06:00
jvazquez-r7 277711b578 Fix metadata 2014-01-17 15:31:51 -06:00
jvazquez-r7 10fd5304ce Parse response body just one time 2014-01-17 15:17:25 -06:00
jvazquez-r7 fe64dbde83 Use rhost and rport methods 2014-01-17 14:49:50 -06:00
sinn3r afd0e71457 Use the term "exploit" is a little more correctly 
So Metasploit uses the term "exploit" to describe something, a module
or an action, that results popping a shell. A check normally doesn't
pop a shell, so avoid that language.
 2014-01-17 13:50:23 -06:00