Commit Graph

8527 Commits (33b37727c76728593bb145d2eba9abe1b1c1ab7a)

Author SHA1 Message Date
Jon Hart 32a14cfc43 Missed the file... 2014-08-26 10:49:53 -07:00
Jon Hart ff7e0f3c19
Land #3705, xistence's UPNP SSDP M-SEARCH amplification scanner 2014-08-26 08:30:43 -07:00
Jon Hart 337cd02dd7
Change Auxiliary::DRDoS' prove_drdos to prove_amplification 2014-08-26 07:48:44 -07:00
Jon Hart 9749c78632
Add amplification multiplier for vulnerable proofs 2014-08-26 07:36:38 -07:00
Joshua Smith b3e898736f
Land 3694, msfconsole.rc wasn't loading, add yard 2014-08-26 01:12:33 -05:00
Jon Hart a41748e77e Correct SIP header note storage to align with Recog 2014-08-25 13:12:30 -07:00
Jon Hart bfa89bb3a5 Enforce binary encoding on non-modules, no encoding on modules 2014-08-25 13:12:29 -07:00
Jon Hart 6185721a61 Address @hmoore-r7's feedback regarding binary encoding 2014-08-25 13:11:22 -07:00
Jon Hart a4f623a955 Show port and protocol when printing service notes, not just name 2014-08-25 13:11:22 -07:00
Jon Hart 9955cb5b27 Enforce proper protocol case where necessary 2014-08-25 13:11:22 -07:00
Jon Hart b760815c86 Also pull the Allow headers (previous behavior) 2014-08-25 13:11:21 -07:00
Jon Hart 637f86f37d Gut SIP UDP stuff, use Msf::Auxiliary::UDPScanner 2014-08-25 13:11:21 -07:00
Jon Hart 50d90defbc Use a correct default Accept header -- responses++ 2014-08-25 13:11:21 -07:00
Jon Hart c2e70446ed Move SIP module stuff to Msf::Exploit::Remote::SIP 2014-08-25 13:11:21 -07:00
Jon Hart fc67aed174 Correct style and doc issues, tidy failure message when not SIP 2014-08-25 13:11:21 -07:00
Jon Hart e3753e3649 Refactor SIP response parsing for future improvements 2014-08-25 13:11:21 -07:00
Jon Hart 02e41c27e7 Split SIP response parsing out on its own, add unit tests.
Passes rspec but fails in framework. WIP.
2014-08-25 13:11:20 -07:00
Jon Hart d4ea3e9f29 Pass protocol down to parse_reply for report_* purposes 2014-08-25 13:09:39 -07:00
Jon Hart a2e2e37a69 Fix SIP options scanning 2014-08-25 13:09:39 -07:00
Joe Vennix c4a173e943
Remove automatic target, couldn't figure out generic payloads. 2014-08-25 14:14:47 -05:00
David Maloney 32b1a5ea23
add ipboard loginscanner
add loginscanner class for IPBoard with specs
this should replicate the functionality originally written
by Chris Truncer, but move it into a testable, reusable class
2014-08-25 13:58:30 -05:00
William Vu 1ee83ff57e
Land #3696, pile of NTP DRDoS 0days
Dr. DoS in da house?
2014-08-25 11:47:28 -05:00
James Lee 19d6feca62
Fix regression where msfconsole.rc wasn't loading
Also add some slightly better docs for the Driver class
2014-08-24 15:10:41 -05:00
Joe Vennix 6313b29b7a
Add #arch method to Msf::EncodedPayload.
This allows exploits with few one automatic target to support many
different architectures.
2014-08-24 02:22:15 -05:00
Joe Vennix 1d3531d09d
Put include above constant defs. 2014-08-24 01:17:32 -05:00
Joe Vennix 4e63faea08
Get a shell from a loose gdbserver session. 2014-08-24 01:10:30 -05:00
jvazquez-r7 7ee5423310 Add specs for Msf::HTTP::JBoss::Base 2014-08-22 15:11:27 -05:00
jvazquez-r7 4742dbad91 Fix YARD documentation 2014-08-22 14:18:13 -05:00
jvazquez-r7 38e6576990 Update 2014-08-22 13:22:57 -05:00
Joe Vennix 95fbb8f1b7
Land PR #3672, dmaloney-r7's login scanner credential rework. 2014-08-22 11:15:32 -05:00
Brandon Turner 05f0d09828
Merge branch staging/electro-release into master
On August 15, shuckins-r7 merged the Metasploit 4.10.0 branch
(staging/electro-release) into master.  Rather than merging with
history, he squashed all history into two commits (see
149c3ecc63 and
82760bf5b3).

We want to preserve history (for things like git blame, git log, etc.).
So on August 22, we reverted the commits above (see
19ba7772f3).

This merge commit merges the staging/electro-release branch
(62b81d6814) into master
(48f0743d1b).  It ensures that any changes
committed to master since the original squashed merge are retained.

As a side effect, you may see this merge commit in history/blame for the
time period between August 15 and August 22.
2014-08-22 10:50:38 -05:00
Brandon Turner 19ba7772f3
Revert "Various merge resolutions from master <- staging"
This reverts commit 149c3ecc63.

Conflicts:
	lib/metasploit/framework/command/base.rb
	lib/metasploit/framework/common_engine.rb
	lib/metasploit/framework/require.rb
	lib/msf/core/modules/namespace.rb
	modules/auxiliary/analyze/jtr_postgres_fast.rb
	modules/auxiliary/scanner/smb/smb_login.rb
	msfconsole
2014-08-22 10:17:44 -05:00
David Maloney 48f0743d1b
remove crappy basedir method
this method is no lopnger needed
2014-08-20 15:28:36 -05:00
David Maloney 6bc55bf8cc
change is_apt method 2014-08-20 15:27:11 -05:00
David Maloney b547f7fc75
fix msfbasedir for go_pro
go_pro uses the wrong base director y for starting
up metasploit pro when using the go_pro command
this caused errors
2014-08-20 15:22:18 -05:00
Jon Hart 8fd4ee87ab
Allow singular NTP version and mode 7 implementation testing 2014-08-20 12:21:39 -07:00
jvazquez-r7 9d007a8c63 Add @jlee-r7's feedback 2014-08-20 12:04:33 -05:00
James Lee c3e8bc8fa0
Fix a crash when we can't connect to PG, again 2014-08-20 11:02:46 -05:00
James Lee fa27def41f Revert "Fix a crash when we can't connect to PG"
This reverts commit b6deb6a342.
2014-08-20 11:01:29 -05:00
jvazquez-r7 9dcc95fb04 Fix Rex::MIME::Message#initialize boundaries parsing 2014-08-20 10:22:38 -05:00
jvazquez-r7 e8a6307df1 Fix Rex::MIME::Header#parse 2014-08-20 09:42:44 -05:00
dmaloney-r7 0c9dafff54 Merge pull request #3673 from jlee-r7/bug/MSP-11061/crash-without-postgres
Fix a crash when we can't connect to PG
2014-08-19 16:16:30 -05:00
James Lee b6deb6a342
Fix a crash when we can't connect to PG
MSP-11061

No Postgres, no cry
2014-08-19 15:30:24 -05:00
sinn3r 311cc5befb
Land #3668 - Add specs for Rex::Exploitation::HeapLib 2014-08-19 13:14:24 -05:00
David Maloney 473b92a060
Merge branch 'master' into feature/MSP-10992/scanner-dry
Conflicts:
	Gemfile.lock
	lib/metasploit/framework/command/console.rb
	lib/metasploit/framework/common_engine.rb
	lib/metasploit/framework/credential.rb
	lib/metasploit/framework/credential_collection.rb
	lib/metasploit/framework/login_scanner/afp.rb
	lib/metasploit/framework/login_scanner/axis2.rb
	lib/metasploit/framework/login_scanner/db2.rb
	lib/metasploit/framework/login_scanner/ftp.rb
	lib/metasploit/framework/login_scanner/http.rb
	lib/metasploit/framework/login_scanner/mssql.rb
	lib/metasploit/framework/login_scanner/mysql.rb
	lib/metasploit/framework/login_scanner/pop3.rb
	lib/metasploit/framework/login_scanner/postgres.rb
	lib/metasploit/framework/login_scanner/result.rb
	lib/metasploit/framework/login_scanner/smb.rb
	lib/metasploit/framework/login_scanner/snmp.rb
	lib/metasploit/framework/login_scanner/ssh.rb
	lib/metasploit/framework/login_scanner/telnet.rb
	lib/metasploit/framework/login_scanner/vnc.rb
	lib/metasploit/framework/parsed_options/console.rb
	lib/metasploit/framework/require.rb
	lib/metasploit/framework/version.rb
	lib/msf/core/modules/namespace.rb
	modules/auxiliary/analyze/jtr_postgres_fast.rb
	modules/auxiliary/scanner/afp/afp_login.rb
	modules/auxiliary/scanner/db2/db2_auth.rb
	modules/auxiliary/scanner/ftp/ftp_login.rb
	modules/auxiliary/scanner/http/axis_login.rb
	modules/auxiliary/scanner/http/http_login.rb
	modules/auxiliary/scanner/http/tomcat_mgr_login.rb
	modules/auxiliary/scanner/mssql/mssql_login.rb
	modules/auxiliary/scanner/mysql/mysql_login.rb
	modules/auxiliary/scanner/pop3/pop3_login.rb
	modules/auxiliary/scanner/postgres/postgres_login.rb
	modules/auxiliary/scanner/snmp/snmp_login.rb
	modules/auxiliary/scanner/ssh/ssh_login.rb
	modules/auxiliary/scanner/ssh/ssh_login_pubkey.rb
	modules/auxiliary/scanner/telnet/telnet_login.rb
	modules/auxiliary/scanner/vnc/vnc_login.rb
	modules/auxiliary/scanner/winrm/winrm_login.rb
	spec/lib/metasploit/framework/credential_spec.rb
	spec/lib/msf/core/framework_spec.rb
2014-08-19 10:30:16 -05:00
OJ e0df664656
Land #3653 : NETAPI x64 fixes 2014-08-19 11:40:43 +10:00
jvazquez-r7 f812d2619c Fix load_js when opts[:newobfu] and add specs 2014-08-18 13:50:19 -05:00
James Lee b9e449f5e2
Fix crash when database.yml doesn't exist 2014-08-18 12:40:57 -05:00
Vincent Herbulot fd40a68525 Added YARD documentation to lib/msf/http/jboss 2014-08-18 18:19:37 +02:00
HD Moore 5e123e024d Add 'coding: binary' to all msf/rex library files
This fixes a huge number of hard-to-detect runtime bugs
that occur when a default utf-8 string from one of these
libraries is passed into a method expecting ascii-8bit
2014-08-17 17:31:53 -05:00
Samuel Huckins 82760bf5b3
Deprecation warnings hidden for non-listeners 2014-08-15 12:33:44 -05:00
Samuel Huckins 149c3ecc63
Various merge resolutions from master <- staging
* --ask option ported to new location
* --version option now works
* MSF version updated
* All specs passing
2014-08-15 11:33:31 -05:00
Meatballs 8302e82ca1
Use x64 ptr sizes 2014-08-14 23:32:04 +01:00
Meatballs 256204f2af
Use correct pack/unpack specifier 2014-08-13 11:36:16 +01:00
David Maloney 84374fe92c
Merge branch 'staging/electro-release' into bug/MSP-11050/rails_root 2014-08-12 13:54:38 -05:00
David Maloney 12f1234296 always set our rails root to our root
this works fine when calling any framework binaries
from their path as CWD. if you call tehm from another path
you will get an incorrect root which can cause certain things to load
incorrectly

Signed-off-by: David Maloney <DMaloney@rapid7.com>
2014-08-12 13:53:28 -05:00
David Maloney fcfce9efec
Merge branch 'staging/electro-release' into feature/MSP-10992/scanner-dry 2014-08-12 11:22:51 -05:00
Luke Imhoff e051272a20
Fix typo
MSP-11046

`ActiveSupport::OrderedOptions` automatically create an attribute for
any missing keys, so when `options.console.resource` was used it would
return `nil` instead of the erroring.  The correct option name was
`options.console.resources` (note the pluralization).
2014-08-12 10:49:35 -05:00
Meatballs 351b687759
Land #3612, Windows Local Kernel exploits refactor 2014-08-10 22:05:06 +01:00
Meatballs b277f588fb
Use railgun helper functions 2014-08-10 21:52:12 +01:00
joev af3ca19ab2
Land #3501, @AnwarMohamed's android meterpreter commands. 2014-08-09 16:29:59 -05:00
joev dbaa377aa1 Final-round of code tweaks. All commands working well. 2014-08-09 13:04:52 -05:00
Jon Hart d6198c786d
Move rdoc for Msf::Auxiliary::DRDoS 2014-08-08 23:23:48 -07:00
Jon Hart ddcaa11216
Add new mixin for helping to detect DRDoS vulns 2014-08-08 23:15:09 -07:00
Jon Hart c48cf48d85
Return the NTP message, not the string 2014-08-08 21:39:48 -07:00
Jon Hart ed3ccdc9e0
Initial commit of modules for NTP vulns described in R7-2014-12
Not entirely functional or polished, but mostly working
2014-08-08 21:00:43 -07:00
Jon Hart 73253b575a
Land #3626, @wchen-r7's storing of text loot as txt 2014-08-08 18:57:38 -07:00
sinn3r 93174a818b
Land #3628 - Add --ask option in msfconsole 2014-08-08 11:03:15 -05:00
Iquaba b33d2b8583 Adds a newline for readability 2014-08-07 13:49:13 -05:00
Iquaba 6cea921478 Adds --ask option to prompt before exiting msfconsole 2014-08-07 13:44:46 -05:00
sinn3r e432f3f442 Support all text-based ctypes 2014-08-07 11:10:32 -05:00
Christian Mehlmauer d6e60453d6
Added Wordpress XMLRPC DoS 2014-08-07 11:38:44 +02:00
Luke Imhoff 1d430dbb45
Run migrations when connection already established in console
MSP-10955

`Msf::Ui::Console::Driver#initialize` doesn't call
`framework.db.connect` if it can't find the the `database.yml`, but when
using `msfpro`, the connection is already established, so the console
doesn't need to know where the database file is and should just run the
migrations so that `framework.db.migrate` can be set and
`framework.db.active` will return `true`.
2014-08-06 19:55:51 -05:00
Brandon Turner 91bb0b6e10 Metasploit Framework 4.9.3-2014072301
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJT0CeVAAoJEJMMBVMNnmqO/7AP/0CBRHjtgiR9VnFKSQ+iWTQV
 iPNMBevn0mpSRq/gpoKCeFBZ6b+YQYrOLXDKVk62VV9LCslkr/P8LW8ul+m+JtB0
 mM6V5esUXM1XhgGEyTnTLRx6BR/WQU1RHlb56ae3nZjQlwCuH/5zEmcy5toZxpsY
 6HO46zE0GGBoLr/VgyYlfT08bfoQ+ICyJN0H5ixoovCc3iW0K1MNqLMfdani8zBJ
 gYJaMysV7XtepumWWQMSC+b/EuertdXXzWDy2bwe0Q3cQXNXzrkPAvtMqucWG+gy
 783OLKCPtVoEZiX87xAptkwmVCRdNGPclaWH7YRZDAh1tqBfRQUg72V/TIrOHCP1
 /lYO7yp5pBQg+1UNnpH+xI2YePFfYdHpYDNT5FSQGOnQjJg30ll4SqCm7cVmo2h5
 BRSYXkPCsQeXGaFarxGERNb8e+qN/WzSrHzY45tQw8mDuhg94tlf3VtDag3FXxhj
 zCxd6bu+tdboVm7FERS85T46kxzmeIycZ4p+Sf7d8gXitl2RKbBdKFNDi1gzeK1T
 yN7bDl4sL7qtDgZLXjFrnyC8vXyAqIrAgmFr2JywMBRm6TiCGQvgnrs+sScU3RFU
 W2tblGbKQq+CwDeC59uQPqxRkm72SMUrKX9448VEQ+9XbKE3TMQ5Q4qCxmnw31Op
 aJ0QgKJz8thZgafZc89I
 =e1z9
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCgAGBQJT4pb8AAoJEA+Ckxyj7hsHn+8P/3FlEYCmoqQ/JzsVtmP3Yi4Q
 gBRva+crY831mCCQXFrPJBvWfmy5HOzVh+Zh7zWF0GQ1WuuMppHfR5ARFVwmiDs3
 qwndhXwziDzBnznf0JKSgT5eJsH23s/ots1lyWymKJvPuT6hn6MRAHUawgnNmYR9
 ttnawmHvCM9Iha2oz3nmkLcNd+83bdBfEWi5l8AQ7jJxwMC2/8VPpMscVVwXqPzd
 CoQugAYZW5VeaEiGio5+19Ix9EPkIDvs6wnfGBtfPfeaOIDZV4XOFoIFUtEeZd5o
 olvEpYvdqscy4Qujzn4C++3wX3bUxkIbHTJHgrKmlD83dI7Cu1JH716G+yfLoJo0
 pQBWTGeWYKEh6leK/9J5Bo1/tOJ/ylbcbvH0Y0tmdu4icHar6uYe1QBrCB9xIdh1
 F+xo4guYnVo616DXJQSwjIye83b5dBxACrfA3bqCnFVFgTM5jXGV1cqiBgs9Dl++
 tIDPgUJkCe/bIdQ7PntlGRzxKihHahlxhCa++YaGKqSq7gXie8Rl4qgloIrbfNZ/
 z3XsoOLNdbMGO7ip88Zjwq4Khj5WZu7ijfCtXO7GU1UJZL1tJ2yK2ic7ZDLc251Y
 8EGMSTG53+6yvZYFtWMZeQzjwD2cpuF04dOmHOKi6KGJJ7KRPhn6gpsbc6U1mbH9
 AjGcfOzhhcsY+WAQ7OG+
 =Pjob
 -----END PGP SIGNATURE-----

Merge tag '2014072301' into staging/electro-release

Conflicts:
	Gemfile.lock
	modules/post/windows/gather/credentials/gpp.rb

This removes the active flag in the gpp.rb module.  According to Lance,
the active flag is no longer used.
2014-08-06 15:58:12 -05:00
Spencer McIntyre 2ed02c30a8 Use better variable names instad of an array 2014-08-05 21:34:36 -07:00
Spencer McIntyre b602e47454 Implement improvements based on feedback 2014-08-05 21:24:37 -07:00
byt3bl33d3r 77bba6e4ee fixed msfcli with missing require 2014-08-05 09:38:33 +02:00
Luke Imhoff 9c29b78b9a
Add missing require
MSP-10848

Not triggered on OSX development machines, only on Linux.
2014-08-04 18:23:25 -05:00
sinn3r 7044dabea1
Land #3600 - GPP Junk Padding Fix 2014-08-04 16:21:57 -05:00
Samuel Huckins 8fe9ec098e
Date attrs set after creation in report import
MSP-11021

* created_at and updated_at are protected against mass-assignment, so
these need to be set after for reports and report artifacts
2014-08-04 14:02:59 -05:00
Spencer McIntyre 6543b08eb4 Support writing a copy of the original token 2014-08-04 11:49:00 -07:00
Spencer McIntyre 4b73ad6f40 Fix guessing the arch with modules specifying an array 2014-08-04 11:49:00 -07:00
Spencer McIntyre 893b9a6e99 Add an open_device function for wrapping CreateFileA 2014-08-04 11:49:00 -07:00
Spencer McIntyre 43a5120696 Cleanup the WindowsKernel mixin 2014-08-04 11:49:00 -07:00
Spencer McIntyre 49837a3ba6 Create a basic WindowsKernel exploit mixin 2014-08-04 11:49:00 -07:00
b00stfr3ak 88f23832e6 Added Time out
For some reason the handler was closing before the command could
complete.  Added the time out from bypassuac and now both psh and exe
work perfectly.
2014-08-02 14:29:42 -07:00
Tom Sellers 693e744da4 Hide icon flash on taskbar during cmd_psh_payload
When 'cmd_psh_payload' is run via 'cmd_exec' on a windows shell that is running in the context of an interactive user an icon will flash very quickly on the user's task bar.  This can be avoided (verified) by adding the /b switch to the start section of the command launcher text.  I have verified that this switch exists from Windows 2000 through Windows 2012 R2.
2014-08-02 15:52:52 -05:00
Luke Imhoff 6603443df4
Add missing require
MSP-10998
2014-08-01 21:54:41 -05:00
Luke Imhoff 9096a8a1f5
Remove Msf::Framework::VersionAPI
MSP-10998

It's compacting of the version parts into a single float doesn't work
with APIMinor over 10, so replace with Gem::Version, which compares
parts correctly.
2014-08-01 21:43:14 -05:00
Luke Imhoff 22db5aad8a
Remove Msf::Framework::VersionCore
MSP-10998

It can't handle 4.10.0 because it tries to compact the multiple part
version into one float using (1 / 10.0).
2014-08-01 21:31:48 -05:00
b00stfr3ak 5aa347ef65 Changed Method Names
Changed names to look like shell_execute_(option), to make it more
defined on what it does.
2014-08-01 17:10:32 -07:00
b00stfr3ak def652a50e Merge https://github.com/rapid7/metasploit-framework into bypassuac/psh_option 2014-08-01 14:32:55 -07:00
Tod Beardsley c31fc61617
Land #3270, @jlee-r7 deprecation ipv6 payloads
These are not needed, since you can just config the regular handler now
and pick either.

This resolves the conflict (rm'ed the old modules)

Conflicts:
	modules/payloads/stagers/windows/reverse_ipv6_http.rb
	modules/payloads/stagers/windows/reverse_ipv6_https.rb
2014-08-01 16:27:59 -05:00
darkbushido ceaffce727
Merge branch 'pr/3593' into staging/electro-release 2014-08-01 16:01:10 -05:00
David Maloney ab7111120b
and all the rest
finally!
2014-08-01 14:54:18 -05:00
David Maloney 4821851ae4
telnet and ssh next 2014-08-01 14:47:08 -05:00
David Maloney 12902b0a6d
the refactor continues! 2014-08-01 14:41:03 -05:00
David Maloney b74813b9a1
mysql and pop3 now 2014-08-01 14:30:33 -05:00
jvazquez-r7 73ca8c0f6d Work on jboss refactoring 2014-08-01 14:28:26 -05:00
David Maloney 2e7738c788
http and mssql now 2014-08-01 14:22:58 -05:00
dmaloney-r7 e6a0e079b6 Merge pull request #3596 from darkbushido/bug/MSP-10937/adding-parent-to-cores-to-credential
.to_credential now assigns a parent
2014-08-01 13:13:48 -05:00
David Maloney 33f73a8af7
refactor db2 2014-08-01 13:00:27 -05:00
David Maloney 439b893fea
refactor axislogin 2014-08-01 12:30:16 -05:00
David Maloney 0fffb179fa
refactor afp_login 2014-08-01 12:10:52 -05:00
David Maloney db345fcb58
make credential_collection always set private_type 2014-08-01 11:57:35 -05:00
David Maloney a380646667
start refactoring ftp loginscanner 2014-08-01 11:47:13 -05:00
David Maloney 320f032dfe
add to_h to result 2014-08-01 11:46:43 -05:00
David Maloney dbde046f44
use to_h instead of to_hash
apparently ruby 2 adds this as a standard method so
we should stay compliant
2014-08-01 09:45:51 -05:00
David Maloney 0e65792f43
Merge branch 'staging/electro-release' into feature/loginscanner-report-dry 2014-08-01 09:41:30 -05:00
Meatballs 4ef3de84f3
get some more test cases 2014-08-01 14:34:17 +01:00
Brandon Turner 0ad2a7c89b
Bump version to 4.10.0 2014-07-31 23:43:46 -05:00
David Maloney 374c6532fa
add to_hash to Credential
begining of the chain to DRYing up
credential reporting in the loginscanner
2014-07-31 18:10:48 -05:00
Meatballs 902cf4bc1e
Fix var name 2014-07-31 23:16:53 +01:00
Meatballs 90c0f587bf
Fix for newer powershell 2014-07-31 23:11:51 +01:00
Meatballs 15c1ab64cd Quick rubocop 2014-07-31 23:11:00 +01:00
Meatballs d336c56b99
Merge remote-tracking branch 'upstream/master' into land_2551 2014-07-31 23:06:37 +01:00
darkbushido ad6eed01a2
.to_credential now assigns a parent
Metasploit::Credential::Core#to_credential will set the parent to the original core objext
Metasploit::Framework::Credential#to_credential also sets the parent to itself.
2014-07-31 14:52:27 -05:00
Luke Imhoff 7cc5af589f
Only require config/application.rb when Rails.application not set
MSP-10964

Allows other Rails::Applications to use the commands.
2014-07-31 13:32:22 -05:00
Luke Imhoff f9ab7f7a88
Only error out if Rails.env differs from options.environment
MSP-10964
2014-07-31 13:28:21 -05:00
Luke Imhoff aa2e26f8f2
Allow RAILS_ENV to override default environment of 'production'
MSP-10964
2014-07-31 13:24:23 -05:00
William Vu 0546282441
Land #3590, #3574 reversion 2014-07-31 09:59:04 -05:00
James Lee 6a72572237
Wrap comments at 80 2014-07-31 09:41:08 -05:00
James Lee 735ccda4db
Add an example for add-ssh-key 2014-07-31 09:40:36 -05:00
b00stfr3ak 391e2bb99b Fixed some style changes
Removed upload var, it really served no purpose.
2014-07-30 22:42:07 -07:00
Meatballs 53b66f3b4a Land #2075, Powershell Improvements 2014-07-31 00:49:39 +01:00
James Lee 77d99b7374
Land #3586, fix msfconsole when running without db
Conflicts:
	Gemfile.lock
	metasploit-framework.gemspec
2014-07-30 17:24:21 -05:00
Tod Beardsley 3320a1ef77 Revert PR #3574
This reverts commit 96945442ff.

With this PR, the following now appears in framework.log:

````
[07/30/2014 14:01:37] [e(0)] core: Error updating module details for
auxiliary/fuzzers/http/http_form_field: NoMethodError undefined method
`name' for []:Array
````
2014-07-30 14:06:46 -05:00
Trevor Rosen 3e915e5059
Merge branch 'staging/electro-release' into bug/MSP-10715/import-security-issues
Update deps

Conflicts:
	Gemfile
	Gemfile.lock
2014-07-30 12:49:15 -05:00
Trevor Rosen ea72a7e5c3 Merge pull request #3583 from jlee-r7/feature/MSP-9932/creds-add-subcommands
Add `creds` subcommands

MSP-9932 #land
2014-07-30 12:01:36 -05:00
James Lee 85b00eede6
Add #present? checks 2014-07-30 11:52:59 -05:00
Luke Imhoff ceb8a0f5c2
Extract option require pattern to helper Module
MSP-10905

`Metasplot::Framework::Require.optionally` can be used to optionally
require a library and then issue a warning if the require fails or run a
block when it succeeds.
2014-07-30 10:07:53 -05:00
Trevor Rosen d863ff907e Merge pull request #3576 from dmaloney-r7/feature/MSP-9641/cred-rpc-calls
Feature/msp 9641/cred roc calls

MSP-9641 #land
2014-07-30 09:40:38 -05:00
Joe Vennix ed6594ddb8
Change filename to calllog_dump. 2014-07-30 00:16:23 -07:00
Joe Vennix ece3b5583a
Revert to file-based solution. 2014-07-30 00:13:44 -07:00
Luke Imhoff 1a6d4843c7
Merge branch 'staging/electro-release' into bug/MSP-10905/msfconsole-database
MSP-10905
2014-07-29 15:52:11 -05:00
Luke Imhoff ba4891bca0
Restore Rails.groups arguments
MSP-10905

They don't cause a problem.
2014-07-29 15:50:52 -05:00
Trevor Rosen 8fda4ee239
Fix fd leak and blind IO#gets in pwdump import
MSP-10715
2014-07-29 15:15:47 -05:00
Luke Imhoff f5ff22eba4
msfconsole with bundle install --without db
MSP-10905
2014-07-29 14:46:44 -05:00
Luke Imhoff 38da44c26b
Fix arity difference between rails and msfconsole options
MSP-10905
2014-07-29 14:32:42 -05:00
Luke Imhoff 04541ac724
Parse msfconsole options before initializing Rails
MSP-10905
2014-07-29 14:07:14 -05:00
Luke Imhoff 8e7dd1b658
Add missing require
MSP-10905
2014-07-29 14:06:27 -05:00
Luke Imhoff 9a5085cbba
Prevent circular dependency
MSP-10905

Use Metasploit::Framework::Version directly instead of
Msf::Framework to prevent circular dependency when starting msfconsole.
2014-07-29 14:04:15 -05:00
Luke Imhoff 24a5a155f4
Require gems
MSP-10905
2014-07-29 14:02:56 -05:00
David Maloney 78a3263cfe
have Credentials remember their aprents
a Credential object can be created from several
other types of objects. Keep a reference to the originating
'parent' so we can find our way back
2014-07-29 11:20:52 -05:00
AnwarMohamed c2be3d6875 fixing autoload bug 2014-07-29 17:51:56 +02:00
James Lee ef7f5fe967 Make metasploit-model a direct dep
Needed for all the scanners that use Metasploit::Model::Realm::Key
constants.
2014-07-29 10:30:46 -05:00
AnwarMohamed b02dbcc2e7 remove extra whitespace 2014-07-29 16:23:27 +02:00
AnwarMohamed 7512e04894 fixing autoload 2014-07-29 16:21:31 +02:00
us3r777 d6c7eb8850 Fixed a typo introduced in commit 9e92448 2014-07-29 09:04:12 +02:00
us3r777 9e9244830a Added spec for lib/msf/http/jboss
Also renamed get_undeploy_bsh and get_undeploy_stager to
gen_undeploy_bsh and gen_undeploy_stager to be consistent
with the other functions
2014-07-29 01:57:04 +02:00
Christian Mehlmauer d334797116
Updated foxpress module 2014-07-28 22:23:22 +02:00
David Maloney 3870b59873
remove rpg_get_auth_info
this is an rpc call that calls a method that
does not even exist...
WAT?!
2014-07-28 15:13:03 -05:00
David Maloney c9d231b48b
remove old rpc methods
added rpc methods to create new creds
removing the old methods for
the obsolete cred models
2014-07-28 14:52:53 -05:00
David Maloney e29b2aed9b
add credential rpc calls 2014-07-28 14:49:35 -05:00
James Lee 49d0fc37c2
Add support for different realm_key 2014-07-28 14:39:24 -05:00
William Vu ba7d8efb07
Land #3574, has_actions.rb cleanup 2014-07-28 12:59:33 -05:00
David Maloney 1e32574768
Merge branch 'staging/electro-release' into feature/MSP-9641/cred-rpc-calls 2014-07-28 11:10:59 -05:00
jvazquez-r7 79fe342688
Land #3558, @FireFart's improvements to wordpress mixin 2014-07-28 09:52:20 -05:00
jvazquez-r7 2d5fd5e0d5 Use constant for WORDPRESS_VERSION_PATTERN 2014-07-28 09:22:50 -05:00
James Lee c65db18090
Add rudimentary specs and fix some help wording 2014-07-28 09:19:09 -05:00
jvazquez-r7 b061d24b84 Favor & over and 2014-07-28 09:05:53 -05:00
AnwarMohamed 283046b25d fixing auto load on new session 2014-07-28 10:49:50 +02:00
AnwarMohamed 9f0bf67521 fixing minor bugs 2014-07-28 07:49:46 +02:00
Joshua Smith 96945442ff removes unnec. retruns & uses of 'not' - has_actions.rb 2014-07-27 18:20:12 -05:00
James Lee a35e7371bb Add simple tabbing for creds command 2014-07-27 14:08:38 -05:00
James Lee b8bb4c7bc0
Add add-ssh-key to help output, fix some warnings 2014-07-27 13:46:38 -05:00
James Lee a38a627b94 Merge branch 'staging/electro-release' into feature/MSP-9932/creds-add-subcommands 2014-07-27 13:38:33 -05:00
sinn3r faee2c7026
Land #3492 - sqlmap plugin for sqlmap API 2014-07-25 16:30:30 -05:00
Tod Beardsley 3e304536ea
Land #3554, Typo3 mixin specs 2014-07-25 16:06:40 -05:00
James Lee a0a2fddee8
Land #3562, yardoc cleanup 2014-07-24 17:25:12 -05:00
James Lee bc836f3606
Add a little easter egg in the NTLM hash 2014-07-24 16:37:24 -05:00
us3r777 cd2ec0a863 Refactored jboss mixin and modules
Moved fail_with() from mixin to modules. Added PACKAGE datastore to
lib/msf/http/jboss/bsh.rb.
2014-07-24 22:58:58 +02:00
James Lee b8b3509c96
Re-add the ability to delete creds 2014-07-24 15:44:52 -05:00
James Lee 18ce342e2a
Refactor a bit for readability 2014-07-24 15:42:36 -05:00
James Lee 1470f3de30
Fix padding when a cell value is nil 2014-07-24 14:00:09 -05:00
James Lee 8a279d202c
Whitespace 2014-07-24 13:56:57 -05:00
James Lee 1a4e59e547
Add add-ssh-key subcommand 2014-07-23 17:09:02 -05:00
darkbushido 064d624322
changing Credential == operator
it should no longer raise no method errors when comparing a credential to
an object that doesnt respond to public, private, or realm
2014-07-23 16:17:09 -05:00
Samuel Huckins 6c1a3f4992 Merge pull request #3555 from jlee-r7/bug/MSP-10817/jtr-typo
Now able to complete without error.

MSP-10817 #land
2014-07-23 15:55:42 -05:00
James Lee eee72a86ba
Fix the case when john cracks only half of LM 2014-07-23 15:25:32 -05:00
Samuel Huckins ffd7d28bc6 Merge pull request #3559 from dmaloney-r7/feature/MSP-10230/snmp_login
MSP-10230 #land
2014-07-23 13:59:37 -05:00
David Maloney b7d15d0b08
simple fix to mysql loginscanner
typo caused connection_timeout default to not get set
2014-07-23 12:07:57 -05:00
James Lee 4f19a1defa
Add an origin type and actually honor realm
Also adds better help text
2014-07-22 19:52:10 -05:00
Christian Mehlmauer 57839e0f4b
Fix some yardoc issues 2014-07-22 23:26:50 +02:00
us3r777 b526fc50f8 Refactored jboss mixin and modules
Moved VERB option to the mixin. Replaced "if datastore['VERBOSE']"
by vprint_status().
2014-07-22 23:08:42 +02:00
David Maloney 1f007bf3c9 start adding new rpc calls
Signed-off-by: David Maloney <DMaloney@rapid7.com>
2014-07-22 15:46:27 -05:00
Christian Mehlmauer c1a0f707ef
typos 2014-07-22 22:29:01 +02:00
Christian Mehlmauer 073a8c5233
redirection returns an URI 2014-07-22 19:55:26 +02:00
Christian Mehlmauer a6479a77d6
Implented feedback from @jhart-r7 2014-07-22 19:49:58 +02:00
David Maloney e54f5e8ee7
working snmp_login module 2014-07-22 12:44:21 -05:00
David Maloney c553fcac73
start refacotirng snmp_login 2014-07-22 11:46:22 -05:00
David Maloney 0eb4fc0ed1
community string collection
add community string collection to handle snmp loginscanner
credentials
2014-07-22 11:44:31 -05:00
Christian Mehlmauer baff003ecc
extracted check version to module
also added some wordpress specs and applied
rubocop
2014-07-22 17:02:35 +02:00
James Lee 2013e28608
WIP: First stab at creds add-* subcommands 2014-07-22 02:05:55 -05:00
James Lee addecb6311
Fix running shipped bins by using a config file
This should get everything working again.

MSP-10817
2014-07-21 18:26:50 -05:00
Brandon Perry d62b24744c Moar " -> ' 2014-07-21 18:04:36 -05:00
James Lee a2a75ffb03
Fix typo and full path issue
Previously, the JtR library was prepending the path to data/john/ for
shipped bins; without it, modules weren't finding the executables.
2014-07-21 17:58:27 -05:00
jvazquez-r7 47d9a30af0 Add specs for Typo3 mixin 2014-07-21 17:39:07 -05:00
us3r777 ae2cd63391 Refactored Jboss mixin
Moved TARGETURI option to the JBoss mixin. The mixin now includes
Msf::Exploit::Remote::HttpClient which provides USERNAME and PASSWORD
2014-07-21 23:41:58 +02:00
Joe Vennix 9db951cadc
Add sane defaults for HTTP method and path. 2014-07-21 14:57:28 -05:00