Commit Graph

23493 Commits (37fa4a73a1a924cff7b77c1cfc59f8d7b6140c63)

Author SHA1 Message Date
Joe Vennix e50077844c Expand path in metasm_shell#file. 2014-02-02 17:26:48 -06:00
David Maloney f9c31f988e test platform selection
added tests around platform selection
2014-02-02 16:52:41 -06:00
Meatballs 67c18d8d2d
I had a problem, then I used regex. 2014-02-02 22:19:54 +00:00
David Maloney f5d730e874 write specs around initialiser
added specs around object initialisation
2014-02-02 16:05:11 -06:00
David Maloney e265d6f54c begining of payload generator
started basics of generator
started adding specs
added option to simple framework to disable logging
2014-02-02 14:35:16 -06:00
sinn3r 60dcc43d8d
Land #2935 - msftidy for nokogiri 2014-02-02 13:42:26 -06:00
Meatballs 95eb758642
Initial commit 2014-02-02 19:04:38 +00:00
Tod Beardsley 6f93e3fb37
Modules shouldn't use Nokogiri
Nokogiri has a habit of shipping vulnerable builds of libxml2. For
example, see this:

http://www.ubuntu.com/usn/usn-1904-1/

and compare to Nokogiri's bundled requirements:

https://github.com/sparklemotion/nokogiri/blob/master/dependencies.yml

While Nokogiri is quite pleasant to use, it really shouldn't be trusted
to handle potentially malicious data. Imagine if a "vulnerable" target
was actually a malicious honeypot, lying in wait for a poor Metasploit
user to come along and parse out its payload. (OT: does such a thing
have a clever name? If not, I propose "beehive" to imply the offensive
capabilities of such a honeypot.)

Nokogiri is used elsewhere in Metasploit, but those functions handle
data sourced from the Metasploit user herself, so those XML hunks are
nominally trustworthy.
2014-02-02 11:51:21 -06:00
Meatballs 57f4998568
Better failures and handle unconfigured server 2014-02-02 16:26:22 +00:00
Meatballs 9fa9402eb2
Better check and better follow redirect 2014-02-02 16:07:46 +00:00
Meatballs 0d3a40613e
Add auto 30x redirect to send_request_cgi 2014-02-02 15:03:44 +00:00
Meatballs 8b33ef1874
Not html its form-data... 2014-02-02 13:57:29 +00:00
bcoles 62dca111f8 Conform to style 2014-02-02 08:07:18 +10:30
bcoles e30195348e Add Windows Gather SmarterMail Password Extraction post module 2014-02-02 05:51:21 +10:30
Meatballs 7ddc6bcfa5
Final tidyup 2014-02-01 01:05:02 +00:00
Meatballs 486a9d5e19
Use msf branded djvu 2014-02-01 00:37:28 +00:00
Meatballs 9f35407a0c
Add MIME to_html method 2014-02-01 00:37:01 +00:00
Meatballs fd1a507fda
Rename file 2014-02-01 00:27:32 +00:00
Meatballs 700c6545f0
Polished 2014-02-01 00:26:55 +00:00
William Vu 9658a4d863
Land #2932, msftidy for Travis 2014-01-31 17:01:52 -06:00
Tod Beardsley 03d65cd2bd
Address @wvu-r7's comments and better filtering 2014-01-31 16:44:42 -06:00
Tod Beardsley 6f6fae07f7
Land #2912, session upgrade fix
[FixRM #8749]
2014-01-31 15:33:54 -06:00
William Vu a5bff638c5 Remove EOL spaces 2014-01-31 15:01:03 -06:00
Mekanismen 5a883a4477 updated 2014-01-31 21:59:26 +01:00
Tod Beardsley 87412be33d
Squash commit Travis-able msftidy checks
This change updates msftidy to be run automatically for new modules
added since the last tag release because we can't rely on folks using
tools/dev/pre-commit-hook before submitting a PR. Now, when one attempts
to open a PR with a non-tidy'ed module, the build will fail out of the
gate.

Related to the 100s of msftidy errors extant today.

[SeeRM #8498]

commit c894e52de5705a1133191be5e9caf3ebdee33621
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Fri Jan 31 14:17:02 2014 -0600

    Add a jacked up title to test travis. Revert this!

commit 2f00c190be71aeb456a7a546071286fd6d670bc1
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Fri Jan 31 11:39:42 2014 -0600

    Allow for checking and spotchecking.

commit db11e8dfad5381030b08c431a183dbafe7a5f304
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Thu Jan 30 17:16:37 2014 -0600

    Whoops, need to exit an Integer always.

commit 12d131d3157a78ff11e597476138323ed0a062fc
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Thu Jan 30 16:59:35 2014 -0600

    Allow for exit statuses from msftidy.

commit 2c3b294ff17416f49935472caf2b6be3dbdd93a4
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Thu Jan 30 15:36:43 2014 -0600

    Be more dynamic about tag checking years

commit d5d8a0b05ac17fb18666a9c252dbb6928d6b5e56
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Thu Jan 30 14:36:44 2014 -0600

    Don't warn when there's really nothing

commit fb44a3142fb01eb2647c1c240bb1cc2e7bf59120
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Thu Jan 30 14:21:50 2014 -0600

    Revert the intentional failure

    This reverts commit 99a7630b0da301b27ac495cb027009a8cd9e2caf.

    Fun fact: Reverting a commit does not automatically sign with my current
    aliases, one must git revert then git c --amend.

commit 99a7630b0da301b27ac495cb027009a8cd9e2caf
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Thu Jan 30 14:08:05 2014 -0600

    Cause an exit status in precommit check

    Maybe travis will see these and fail the build.

    Don't forget to revert this commit @todb-r7 !

commit 5a3b2fcd9598fae51a0dd2c7c87680c703a85448
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Thu Jan 30 13:11:04 2014 -0600

    Update msftidy pre-commit-hook for spotchecking

commit 3f255e36dad9ed3081aaf359f845525d96872ef0
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Thu Jan 30 12:35:16 2014 -0600

    Travis should run msftidy via precommit hook

commit 0959d9d2d281590a94c0ac960e43b74354e4e21b
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Thu Jan 30 12:25:53 2014 -0600

    Add SPOTCHECK_RECENT to msftidy.rb
2014-01-31 14:19:04 -06:00
Meatballs 7fa1522299
Initial commit 2014-01-31 18:51:18 +00:00
sinn3r b67ac39a33
Land #2921 - Apache Struts Developer Mode OGNL Execution 2014-01-31 12:06:58 -06:00
sinn3r 60ead5de43 Explain why we flag the vuln as "Appears" instead of vulnerable 2014-01-31 12:05:58 -06:00
jvazquez-r7 2fca2da9f7 Add an vprint message on check 2014-01-31 11:57:20 -06:00
Tod Beardsley ad6a83c150
Land #2933, fix msftidy and then cry
So many more warnings. Dangit, it sucks when your linter lies to you for
so long.
2014-01-31 11:28:41 -06:00
jvazquez-r7 356692f2f5
Land #2923, @rangercha tomcat deploy module compatible with tomcat8 2014-01-31 10:53:53 -06:00
sinn3r 721ae6c66e Should really call source_address without args 2014-01-31 10:36:55 -06:00
jvazquez-r7 53c2a737e9 Don't register rport again 2014-01-31 09:42:41 -06:00
jvazquez-r7 452042e757
Land #2925, @xistence aux module for Support Center Plus traversal 2014-01-31 09:38:01 -06:00
jvazquez-r7 e9f04d9203 Do final cleanup for Support Center Plus module 2014-01-31 09:37:40 -06:00
jvazquez-r7 a010748056
Land #2924, @xistence's exploit for CVE-2014-1683 2014-01-31 09:20:10 -06:00
jvazquez-r7 710902dc56 Move file location 2014-01-31 09:18:59 -06:00
jvazquez-r7 810605f0b7 Do final cleanup for the skybluecanvas exploit 2014-01-31 09:17:51 -06:00
jvazquez-r7 32c5d77ebd
Land #2918, @wvu's fix for long argument lists 2014-01-31 08:49:22 -06:00
Mekanismen f6291eb9a8 updated 2014-01-31 14:33:18 +01:00
rangercha c21edad357 Merge pull request #1 from jvazquez-r7/review2_2923
Review tomcat_mgr_upload
2014-01-31 04:18:21 -08:00
xistence e81a0ed22b Changes as requested for SupportCenterPlus module 2014-01-31 13:28:45 +07:00
xistence ffd8f7eee0 Changes as requested in SkyBlue Canvas RCE module 2014-01-31 12:52:48 +07:00
sinn3r 4d008ca3f3 Fix ::Interrupt exception handling 2014-01-30 18:57:27 -06:00
jvazquez-r7 93db1c59af Do small fixes 2014-01-30 17:16:43 -06:00
jvazquez-r7 9daacf8fb1 Clean exploit method 2014-01-30 16:58:17 -06:00
sinn3r 9f669a8e39 Make check_multiple() thread-safe 2014-01-30 16:46:36 -06:00
jvazquez-r7 4458dc80a5 Clean the find_csrf mehtod 2014-01-30 16:39:19 -06:00
jvazquez-r7 697a86aad7 Organize a little bit the code 2014-01-30 16:29:45 -06:00
jvazquez-r7 50317d44d3 Do more easy clean 2014-01-30 16:23:17 -06:00