infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
38,406 Commits
7 Branches
556 Tags
419 MiB
Commit Graph

38406 Commits (31bbcfca498989f96431d4548072f66b3a4e2a52)

Author SHA1 Message Date
wchen-r7 e9535dbc5b Address all @FireFart's feedback 2016-04-29 11:03:15 -05:00
wchen-r7 6f6558923b Rename module as struts_dmi_exec.rb 2016-04-29 10:34:48 -05:00
wchen-r7 2f66442f1d Fix #5191, bad LHOST format causes shell_to_meterpreter to backtrace 
When using shell_to_meterpreter via a pivot, the LHOST input's format
might be invalid. This is kind of a design limitation, so first we
check the input, and there is a module doc to go with it to explain
a workaround.

Fix #5191
 2016-04-28 23:03:54 -05:00
join-us 643591546e struts s2_032 rce - linux_stager 2016-04-29 10:49:56 +08:00
Sonny Gonzalez 8ade61d251
Land #6824, read large XML or .zip file fix 
Replaces REXML with Nokogiri XML reader to
fix the out of memory error when importing
large XML or .zip files
 2016-04-28 15:28:44 -05:00
dmohanty-r7 20ec56d06a Do not parse empty web_sites 
MS-255
 2016-04-28 13:17:03 -05:00
dmohanty-r7 5a4e70fdf0 Fixes indentation in check_msf_xml_version! 
MS-255
 2016-04-28 13:17:02 -05:00
dmohanty-r7 f4f607d815 Correct comments to use Nokogiri::XML::Element 
MS-255
 2016-04-28 13:17:02 -05:00
dmohanty-r7 56fd5a745e Do not parse element if empty 
MS-255
 2016-04-28 13:17:02 -05:00
dmohanty-r7 050061762b Fix db_manager rspec tests 
MS-255
 2016-04-28 13:17:02 -05:00
dmohanty-r7 0e568674d7 Add comments on parse functions 
MS-255
 2016-04-28 13:17:01 -05:00
dmohanty-r7 0759848ad5 Use Nokogiri Reader in zip import 
MS-255
 2016-04-28 13:17:01 -05:00
dmohanty-r7 83ff60c111 Force encoding on import xml 
MS-255
 2016-04-28 13:17:01 -05:00
dmohanty-r7 e4fcaefc8c Unpack and pack an unsigned integer per 8 bytes 
MS-255
 2016-04-28 13:17:01 -05:00
dmohanty-r7 e6a8d69b0b Force encoding of XML import 
MS-255
 2016-04-28 13:17:00 -05:00
dmohanty-r7 f1d8e1d693 Parse web_data in xml import 
MS-255
 2016-04-28 13:17:00 -05:00
dmohanty-r7 802dfabbe3 Converts XML importer to use Nokogiri Reader 
MS-255
 2016-04-28 13:17:00 -05:00
wchen-r7 d4b89edf9c Fix #6398, Missing Content-Length header in HTTP POST 
RFC-7230 states that a Content-Length header is normally sent in
a POST request even when the value (length) is 0, indicating an
empty payload body. Rex HTTP client failed to follow this spec,
and caused some modules to fail (such as winrm_login).

Fix #6398
 2016-04-28 11:44:10 -05:00
OJ 93ce0fe912
Land #6826 - Update payloads to 1.1.18 2016-04-28 07:55:49 +10:00
wchen-r7 2a91a876ff Update php/meterpreter_reverse_tcp size 2016-04-27 16:14:38 -05:00
wchen-r7 aa707fd63b Update gem metasploit-payloads to 1.1.8 2016-04-27 15:25:01 -05:00
wchen-r7 bf34ceeb76 Update gem metasploit-payloads to 1.1.8 2016-04-27 15:24:44 -05:00
wchen-r7 d80d2bb8d3 Land #6825, Fixed borders on code boxes 2016-04-27 11:59:52 -07:00
Brent Cook 329bd7ce47
Land #6823, Fix spec failures in ruby-2.3 2016-04-27 04:31:56 -04:00
William Vu 63c6a6dbe2
Fix #6694, typo fix 2016-04-26 15:26:33 -05:00
William Vu 0cb555f28d Fix typo 2016-04-26 15:26:22 -05:00
James Lee e7f0163c2e
Apparently super doesn't work the same here in 2.3 
But it doesn't matter, the value just needs to be before the current
time, so replace it with a simpler solution.
 2016-04-26 10:35:41 -05:00
OJ c15a2e8787
Merge branch 'upstream/master' into reverse-port-forward 
Signed-off-by: OJ <oj@buffered.io>
 2016-04-26 09:48:40 +10:00
wchen-r7 47d52a250e Fix #6806 and #6820 - Fix send_request_cgi! redirection 
This patch fixes two problems:

1. 6820 - If the HTTP server returns a relative path
   (example: /test), there is no host to extract, therefore the HOST
   header in the HTTP request ends up being empty. When the web
   server sees this, it might return an HTTP 400 Bad Request, and
   the redirection fails.

2. 6806 - If the HTTP server returns a relative path that begins
   with a dot, send_request_cgi! will literally send that in the
   GET request. Since that isn't a valid GET request path format,
   the redirection fails.

Fix #6806
Fix #6820
 2016-04-25 14:30:46 -05:00
Adam Cammack f28d280199
Land #6814, move stdapi to exist? 2016-04-24 13:41:11 -04:00
Adam Cammack f23e09f838
Land #6810, JCL payload style fixes 2016-04-24 13:32:32 -04:00
Brent Cook 12a47b7fab prefer && 2016-04-24 11:56:32 -04:00
Brent Cook 194a84c793 Modify stdapi so it also uses exist? over exists? for ruby parity 
Also add an alias for backward compatibility.
 2016-04-23 17:31:22 -04:00
Brent Cook 9a873a7eb5 more style fixes 2016-04-23 12:18:28 -04:00
Brent Cook d86174c3bf style fixes 2016-04-23 12:18:28 -04:00
Brent Cook 4250725b13 fix incorrect hex port conversion 2016-04-23 12:18:28 -04:00
Brent Cook 7ff5a5fd7e switch mainframe payloads to fixed size 2016-04-23 11:40:05 -04:00
Brent Cook 45961f75d4 Fix the payload size updater for MetasploitModule 2016-04-23 11:38:42 -04:00
join-us 81af4d2675 Fix: merge error 2016-04-23 23:19:08 +08:00
join-us 1d99d08ac8 rebuild 2016-04-23 23:15:19 +08:00
join-us de9ac28db1 class Metasploit4 -> class MetasploitModule 2016-04-23 23:03:48 +08:00
join-us e2fcfc8d09 fix index / space 2016-04-23 23:02:41 +08:00
join-us fca4d53a6f add yahoo_search / bing_search exception handler 2016-04-23 22:58:39 +08:00
join-us d9633078ec merge yahoo_search_domain[ip] / bing_search_domain[ip] 2016-04-23 22:45:47 +08:00
join-us 66c0832f27 add Rex::Socket.getaddresses exception handler 2016-04-23 20:09:12 +08:00
join-us b47b83dfaa add results.nil? / results.empty? check 2016-04-23 19:47:33 +08:00
join-us 7579abb34e report_note in a line 2016-04-23 19:43:44 +08:00
join-us 55e31bacee add exception handler 2016-04-23 19:01:55 +08:00
join-us 73121f7e2f add vprint_good 2016-04-23 18:50:48 +08:00
join-us bc1f829fe5 class Metasploit4 -> class MetasploitModule 2016-04-23 17:36:22 +08:00