Commit Graph

22667 Commits (37479884a5055c9b6f15c986024febea559de669)

Author SHA1 Message Date
Joe Vennix 37479884a5 Add browserautopwn support. 2014-02-04 02:32:12 -06:00
Joe Vennix 636d7016a8 Fix android detection in os.js. 2014-02-04 02:31:46 -06:00
Joe Vennix eba3a5aab0 More accurate description. 2014-02-04 01:44:39 -06:00
Joe Vennix 177bd35552 Add webview HTTP exploit. 2014-02-04 01:37:09 -06:00
Joe Vennix e50077844c Expand path in metasm_shell#file. 2014-02-02 17:26:48 -06:00
Joe Vennix de06480f4f Add a defined? check to fix older versions of OpenSSL.
Older versions of OpenSSL did not export the OP_NO_COMPRESSION constant,
so users running metasploit on systems with old copies of openssl
would throw a NameError since the constant did not exist.
2014-01-23 14:51:47 -06:00
Tod Beardsley b5f61024c5
Land #2907, fixes qual asset importer
Addresses MSP-9311
2014-01-23 13:32:22 -06:00
jvazquez-r7 256f2b12eb
Land #2894, @wchen-r7's CheckCode documentation update 2014-01-23 07:31:24 -06:00
lsanchez-r7 58cf7193f9 fixing NameError undefined local variable in an import 2014-01-22 16:54:31 -06:00
Tod Beardsley 636c43dcdc
Land #2736, basic ADSI support via meterp extapi 2014-01-22 15:24:01 -06:00
William Vu 0a3ee573bc Uncomment spec_helper require 2014-01-22 11:58:10 -06:00
William Vu 2b7a993f65
Land #2902, updated PJL spec 2014-01-22 11:57:28 -06:00
Tod Beardsley 90207628cc
Land #2666, SSLCompression option
[SeeRM #823], where Stephen was asking for SSL compression for
Meterpreter -- this isn't that, but it's at least now possible for other
Metasploit functionality.
2014-01-22 10:42:13 -06:00
sinn3r 1c1597973e Update PJL rspec to comply with guidelines
Basically the updated version is more explicit. If a moethod doesn't
return anything but might raise an error, then we focus on that.
Also use . to # for instance methods.
2014-01-22 03:34:49 -06:00
jvennix-r7 29d6f7c720 Merge pull request #9 from todb-r7/warn-about-deflate
Warn the user about SSLCompression
2014-01-21 15:25:41 -08:00
Tod Beardsley 0b6e03df75
More comment docs on SSLCompression 2014-01-21 16:48:26 -06:00
Tod Beardsley b8219e3e91
Warn the user about SSLCompression 2014-01-21 16:41:45 -06:00
William Vu ca7a8203ff
Land #2901, gooder spelling 2014-01-21 15:59:59 -06:00
Tod Beardsley f5809423a3
Let's spell right in my spellcheck PR
Updates #2900
2014-01-21 15:57:59 -06:00
Tod Beardsley 7660e2d3b7
Land #2899, don't stop at the first \f 2014-01-21 14:55:26 -06:00
James Lee 6359a443ac
Land #2900, @todb-r7's fixups for release 2014-01-21 14:36:07 -06:00
Tod Beardsley b3b51eb48c
Pre-release fixup
* Updated descriptions to be a little more descriptive.

  * Updated store_loot calls to inform the user where the
loot is stored.

  * Removed newlines in print_* statments -- these will screw
up Scanner output when dealing with multiple hosts.

Of the fixed newlines, I haven't see any output, so I'm not sure what
the actual message is going to look like -- I expect it's a whole bunch
of newlines in there so it'll be kinda ugly as is (not a blocker for
this but should clean up eventually)
2014-01-21 13:29:08 -06:00
William Vu dc4b4218b3 Make {COUNT,SIZE}_MAX more readable
Good suggestion, @jlee-r7.
2014-01-21 12:13:14 -06:00
William Vu 6a16cf96ba Fix bug in fsupload
Badchar analysis: file may contain form feeds.
2014-01-21 11:36:24 -06:00
Tod Beardsley b8d868d0f0
Land #2888, updated Meterpreter bins: e77c87cd
This lands Meterpreter binaries as of commit e77c87cd

The compare view is the easiest way to see what's different since the
last update:

9e33acf...e77c87cd

Not seeing a lot of bugs being ref'ed there, sadly.
2014-01-21 10:56:49 -06:00
Tod Beardsley 82bd1fa466
Land #2898, msftidy articles fix. 2014-01-21 09:37:56 -06:00
William Vu 3a943c719e Implement a whitelist for suspect capitalization 2014-01-21 09:26:16 -06:00
sinn3r ea47da5682 Add wiki link "How to write a check() method" to documentation 2014-01-20 20:10:50 -06:00
sinn3r 7cc3c47349
Land #2891 - HP Data Protector Backup Client Service Directory Traversal 2014-01-20 20:08:01 -06:00
sinn3r e48b8ae14c Use a better term 2014-01-19 16:01:38 -06:00
jvazquez-r7 4e224132e8
Land #2893, @wchen-r7's patch for jboss_invoke_deploy 2014-01-17 22:06:11 -06:00
jvazquez-r7 e2fa581b8c Delete empty line 2014-01-17 22:05:14 -06:00
sinn3r afd0e71457 Use the term "exploit" is a little more correctly
So Metasploit uses the term "exploit" to describe something, a module
or an action, that results popping a shell. A check normally doesn't
pop a shell, so avoid that language.
2014-01-17 13:50:23 -06:00
sinn3r 363c53e14e Clearify when to use a specific CheckCode
An example of the biggest confusion module developers face is not
actually knowing the difference between Detected vs Appears vs
Vulnerable. For example: a module might flag something as a
vulnerable by simply doing a banner check, but this is often
unreliable because either 1) that banner can be fooled, or 2)
the patch does not actually update the banner. More reasons may
apply. Just because the banner LOOKS vulnearble doesn't mean it is.
2014-01-17 13:35:17 -06:00
sinn3r 57318ef009 Fix nil bug in jboss_invoke_deploy.rb
If there is a connection timeout, the module shouldn't access the
"code" method because that does not exist.
2014-01-17 11:47:18 -06:00
jvazquez-r7 c670259539 Fix protocol handling 2014-01-17 00:49:44 -06:00
jvazquez-r7 eaf1b0caf6 Add minor clean up 2014-01-16 17:55:45 -06:00
jvazquez-r7 f3c912bd32 Add module for ZDI-14-003 2014-01-16 17:49:49 -06:00
OJ 80c4a6e9eb
Updated binaries for Meterpreter
This includes changes up to commit hash e77c87cdb79a2732108be937e056622b45cb093c
2014-01-17 09:02:48 +10:00
jvazquez-r7 ac9e634cbb
Land #2874, @mandreko's sercomm exploit fixes 2014-01-16 16:35:32 -06:00
Tod Beardsley 62c7839b4c
Land #2850, fix msftidy to respect \x22 and \x27 2014-01-16 16:26:34 -06:00
jvazquez-r7 272fe5ddfd Delete debug comments 2014-01-16 16:12:12 -06:00
Matt Andreko f6f2da09aa Merge pull request #4 from jvazquez-r7/review_2874
Clean CmdStagerEcho and Add module targets
2014-01-16 13:57:59 -08:00
sinn3r a1eba03d1f
Land #2725 - Rex::Proto::PJL plus modules 2014-01-16 15:57:38 -06:00
jvazquez-r7 8213eed49f Delete Netgear N150 target, ist's a Netgear DGN1000 model 2014-01-16 15:14:31 -06:00
William Vu 6110ad72b3 Update tests and ensure full coverage 2014-01-16 15:11:04 -06:00
William Vu 9bf90b836b Add environment variables support 2014-01-16 14:53:25 -06:00
jvazquez-r7 139119d32c Add Manual targets to sercomm_exec 2014-01-16 12:44:26 -06:00
William Vu 0915212249 Fix socket timeout bug 2014-01-16 11:58:37 -06:00
jvazquez-r7 0922aef8d1 Update module description 2014-01-16 11:16:11 -06:00