0908d5a2d2
Rename default_options to describe_payload_options
2019-02-02 15:01:05 -05:00
c5bfee1df7
add jtr to creds command
2019-02-01 20:25:03 -05:00
804c441425
Bump version of framework to 5.0.5
2019-02-01 13:44:12 -08:00
7fe381ac60
Land #11309 , Normalize newlines in CommandShell#run_single
2019-02-01 15:17:24 -06:00
47a13ea0e8
Modify Post read_file to check if file is readable
2019-02-01 19:44:18 +00:00
6343280364
Clean up external evasion module options
2019-02-01 11:54:22 -05:00
62560f9581
Add rudimentary Windows support to command_exists?
2019-01-31 22:07:30 -06:00
d0d383c8db
Move command_exists? to Msf::Post::Common
2019-01-31 22:04:29 -06:00
5cf97fd09b
remove nolonger used variable
2019-01-31 13:05:02 -06:00
162139ee1d
Keep advanced options in the same list
2019-01-31 13:41:18 -05:00
35ec947c17
remove is_server/is_client and `app` search term
2019-01-31 12:14:25 -06:00
7633c2832a
Bump version of framework to 5.0.4
2019-01-31 10:05:02 -08:00
a4d413348b
improve definition of `server/client` modules
...
update the cached data to define server vs client base on the
type of exploit module instead of the module stance.
2019-01-31 11:52:22 -06:00
9f6b9d586b
updating jtr formats in hashdumpers
2019-01-30 20:16:08 -05:00
da27c3eeae
centralize hash to jtr formatting
2019-01-30 16:24:05 -05:00
70cc03b707
Land #11329 , sessions -k range fix
2019-01-30 11:26:47 -06:00
2e7a71ee9b
Add support for mettle debug
2019-01-29 15:13:44 -06:00
acded21f0c
Support default options for external modules
2019-01-29 11:29:18 -05:00
a1b5fcc6d5
Support to_handler for evasion modules
2019-01-29 11:06:08 -05:00
548185747f
Add support for advanced options for ext evasions
2019-01-29 09:09:58 -05:00
4059a5f0c7
Changed range array building to correctly parse ranges using - or ..
...
Fixes #11328
2019-01-29 14:13:10 +01:00
9fce991d8e
Land #11322 , report hostname and OS version for Cisco aux mixin
2019-01-29 05:28:34 -06:00
96786f435c
Land #11315 , fix incorrect API usage of session_setup_clear
2019-01-29 05:26:07 -06:00
61d677d9e0
Land #11327 , disable MSF5 development branch banner
2019-01-29 05:24:43 -06:00
1b9c7ef6ff
disable MSF5 development branch banner
2019-01-29 05:19:56 -06:00
92e846d09d
Chomp user input alone
...
[1] pry(main)> "\r\n".chomp("\n")
=> ""
[2] pry(main)>
Meh.
2019-01-28 17:46:03 -06:00
accdd791f7
Fix a args generation issue for external evasions
2019-01-28 16:10:44 -05:00
607bbe90e3
Add tab completion for evasion module options
2019-01-28 13:22:51 -05:00
28370b7f29
Add support for external evasion modules
2019-01-28 13:22:22 -05:00
32c090868c
adjustments for analyze
2019-01-28 10:11:40 -06:00
56de74b3d6
db cisco hostname and version
2019-01-27 20:33:19 -05:00
d078fcd87c
Land #11270 , fix miscellaneous loot issues
2019-01-25 19:15:14 -05:00
b98133cded
Dont assign unique file name when theres no file on disk
2019-01-25 16:36:17 -06:00
27a0cbfcab
Rename file on disk when updating path attribute
2019-01-25 13:34:14 -06:00
9930edf704
jtr modernizations
2019-01-25 14:07:24 -05:00
9e3a39bcf9
Dont try to process empty loot
2019-01-25 12:34:52 -06:00
91da35070d
updated smb-client to make it working again after being bugged for some time
2019-01-25 12:47:18 +01:00
c6f1c10737
Normalize newlines in CommandShell#run_single
...
Lines from normal interaction will include a trailing newline, while
lines from resource scripting will not.
2019-01-24 12:53:09 -06:00
9e06040efe
Bump version of framework to 5.0.3
2019-01-24 10:06:14 -08:00
f0aa002009
Land #10119 , Linux post-exploitation metashell
2019-01-24 11:24:12 -06:00
8b6807254b
Fix whoami
2019-01-24 10:57:53 -06:00
c09515da82
Update nuuo.rb
2019-01-24 07:52:56 +07:00
f04c2537f6
Land #11305 , Add default to wordlist.to_file()
2019-01-23 15:20:10 -06:00
a96660847f
Land #11303 , Add Post::Linux::Kernel.cpu_flags
2019-01-23 15:10:42 -06:00
459a7e490e
Land #11271 , Resource scripting for command shells
2019-01-23 15:04:05 -06:00
fa7c7fc956
keep wordlist.to_file() backwords compatible
2019-01-23 10:52:49 -06:00
9ecd22e63c
Add Msf::Post::Linux::Kernel.cpu_flags
2019-01-23 11:35:38 +00:00
b5dbacc42f
Update lib/msf/core/exploit/remote/nuuo.rb
...
Co-Authored-By: pedrib <pedrib@gmail.com>
2019-01-23 16:09:43 +07:00
08aa1c3ed0
Update lib/msf/core/exploit/remote/nuuo.rb
...
Co-Authored-By: pedrib <pedrib@gmail.com>
2019-01-23 15:32:15 +07:00
d8f9e41686
Update lib/msf/core/exploit/remote/nuuo.rb
...
Co-Authored-By: pedrib <pedrib@gmail.com>
2019-01-23 14:13:31 +07:00
3b98add519
Update nuuo.rb
2019-01-23 11:16:41 +07:00
9375ee2ffc
Change only the last methods to private
2019-01-23 11:00:42 +07:00
0b109ae1bd
Land #11275 , Fix a typo in command_dispatcher/core.rb
...
Fix typo of "architectures" in pivot command help
2019-01-22 11:58:26 -06:00
2a9b65e845
Land #11268 , set AndroidWakelock=true by default
2019-01-22 11:56:37 -06:00
1b674a6bb5
Land #11272 , Tempfile over Rex for info -d for better cleanup
2019-01-22 11:38:41 -06:00
442ce7317f
Commit missed Rex::Quickfile line
2019-01-22 10:40:09 -06:00
0562aa50b4
Update nuuo.rb
2019-01-22 12:45:18 +07:00
94f5b4081f
Fix file download / upload bug
2019-01-22 11:17:47 +07:00
459598b91b
Update mixins to include new nuuo file
2019-01-21 16:40:37 +07:00
72a55fe0fc
Add nuuo NUCS core lib
2019-01-21 16:39:16 +07:00
444555d3be
Land #11261 , Add maximum word length to JtR wordlist generation
2019-01-20 04:14:57 +00:00
f8af9a9e4d
Merge remote-tracking branch 'upstream/master' into pr/10119
2019-01-18 10:43:34 -06:00
c808cbe050
Bump version of framework to 5.0.2
2019-01-17 20:41:51 -08:00
80e70a145d
Fix typo of "architectures" in pivot command help
2019-01-17 20:16:43 -06:00
e488cf4a37
Prefer Tempfile over Rex::Quickfile for info -d
...
Rex::Quickfile undefines Tempfile's finalizer, preventing cleanup.
2019-01-17 13:58:03 -06:00
a5a8c88a6e
Implement resource scripting for command shells
2019-01-17 13:39:03 -06:00
4b87d54430
Add comment explaining why we prevent loot.data update
2019-01-16 15:29:27 -06:00
fd6527bac8
Prepend loot filenames with unique string
...
This should help prevent accidentally overwriting files with the same name
2019-01-16 15:20:41 -06:00
705c269d27
Handle empty data values for loot
2019-01-16 10:59:07 -06:00
d6462fed63
Dont allow users to update loot.data
2019-01-16 10:01:22 -06:00
06de16a36f
Merge remote-tracking branch 'upstream/master' into pr/10119
2019-01-15 18:33:48 -06:00
dc7d611780
Base64 encode the data field for each loot operation
2019-01-15 18:01:43 -06:00
70c4e719c9
Land #11190 , fix multi line text in android send_sms
2019-01-15 17:18:37 -06:00
27d6fffdad
Land #11125 , Import/generate `ysoserial` Java serialization objects
2019-01-15 17:09:56 -06:00
85555b81c4
Update code for Ruby coding style standards
2019-01-15 17:08:54 -06:00
5c308b1448
Remove nested loot object from host JSON
...
The code on the framework side that was utilizing this was removed
a while ago. It was never actually being used anywhere, and was causing
issues with getting host objects back when the loot contained
non-UTF-8 characters
2019-01-15 16:45:04 -06:00
3bf4726b15
Fix pid_uid
2019-01-15 14:34:29 -06:00
42c9553283
Dont do a separate lookup for loot.host, use the included JSON
...
This is just a temporary change. Eventually we should be doing separate
lookups for associated objects as that is the RESTful way of doing it.
Implementing this now to prevent extra load on the server until we can
put a better system in place of doing multiple lookups with a single call.
2019-01-15 12:47:37 -06:00
923a4ba098
Land #11263 , uppercase KoreLogic in JTR modules
2019-01-15 08:50:11 -06:00
93f66a1f22
uppercase
2019-01-15 08:04:11 -05:00
4d847e97fc
... over -1
2019-01-14 22:41:11 -05:00
509b4e979d
max_length -1
2019-01-14 22:28:46 -05:00
2c02dbc8a6
add max_length to wordlist generation
2019-01-14 22:20:33 -05:00
ddd9ab2041
Fixed an off-by-one error in the fingerprinting randomization
2019-01-14 17:42:59 -06:00
e168458861
Make calls to get the associated host when getting loot
2019-01-14 15:51:51 -06:00
2543d60465
Use 'to_s.strip' for Msf::Post::File.pwd output
2019-01-12 08:47:23 +00:00
e9a8d5708a
Land #11234 , @bcoles revisionism
2019-01-11 20:15:34 -06:00
a575c6d7c3
revisionism
2019-01-11 16:52:26 +00:00
462f779bda
Fix conflict.
2019-01-11 11:39:16 +08:00
96173c101a
Fix bug when the cidr of rhosts is 32.
2019-01-11 11:31:54 +08:00
689355e47f
Support multiple rhosts for auxiliary modules.
2019-01-11 11:31:28 +08:00
d18c6bd158
Land #11188 , Correct authentication logic in host and event servlets
2019-01-10 13:09:26 -06:00
16f152f6e3
Bump version of framework to 5.0.1
2019-01-10 09:41:50 -08:00
65f127a66f
Land #11222 , Display error when update operation has invalid fields
2019-01-10 11:33:22 -06:00
0435d7e1d6
Return the updated objects
2019-01-10 11:04:42 -06:00
5055e421f5
Add ! to cred update
2019-01-10 10:56:28 -06:00
0ad89528ea
Update pattern for creds
2019-01-10 10:55:36 -06:00
f125526e09
Land #11207 , implement db_import for web service
2019-01-10 10:28:29 -06:00
d686303cff
Land #11228 , Move msfdb_ws to tools/dev since it is deprecated by msfdb
2019-01-10 09:28:34 -06:00
4074913b60
Dont log every request when using HTTP data service
2019-01-10 00:30:54 -06:00
43f8a543e1
Land #11213 , enable starting JSONRPC server from msfrpcd
2019-01-09 23:37:47 -06:00
c3f71a1692
Update Rspec expected thread count
...
When REMOTE_DB is set there is a thread for the web service, in
addition to the External modules thread manager, so there is one or two
threads by the end of the test run in addition to the main VM thread.
2019-01-09 23:56:16 -05:00
24f5422db9
use analyze.host to reflect final location of util
2019-01-09 16:59:50 -06:00
f93497de8f
refactor to allow analyze via rpc
2019-01-09 16:48:54 -06:00
f636982b09
Land #11211 , change db_connect persistence logic
2019-01-09 15:11:08 -05:00
b6cfb5f697
Add Msf::Util::ServiceHelper class
2019-01-08 22:39:26 -05:00
a2548fe92d
Only lookup db connections by name
...
Matching on all attributes was causing issues when the connection
criteria would change for a db service at a host that already existed.
It would find the existing connection and load that outdated connection
and fail to connect.
The new functionality will save a new, valid connection with a randomly
generated name, unless the -n flag is specified to overwrite an existing
connection.
2019-01-08 15:21:14 -06:00
84a8c9b638
Minor method comment change
2019-01-08 14:02:40 -05:00
8c29319b25
Add session_events method
2019-01-08 14:02:40 -05:00
fa783256eb
Remove unnecessary argument default value
2019-01-08 14:02:39 -05:00
d677eb16a9
Enhance session_events query
2019-01-08 14:02:32 -05:00
d117e6a1d1
Land #11142 , use POST for API token generation
2019-01-08 11:59:30 -05:00
466b0004e1
Land #11163 , add API endpoint for retrieving Mdm::Events
2019-01-08 09:26:53 -06:00
69ee3a4a26
Land #11187 , Conform LoginServlet to API standards
2019-01-07 17:03:39 -06:00
f23142c19c
Land #11183 , add authentication to LoginServlet endpoints
2019-01-07 17:02:31 -06:00
cfa22bb4ec
Exclude key from VulnDetail update
2019-01-07 16:33:50 -06:00
771469f4cd
Update all Mdm::xx.update() instances
2019-01-07 16:24:13 -06:00
6641c606b2
Add support for db import from remote data service
2019-01-07 14:32:27 -06:00
02fda8625a
Address code review comments.
...
- Fix CSS on submit button
- Dont generate a new token when logging in to web form
- Also added text to account page to send the user to the login page when not logged in
2019-01-07 13:52:01 -06:00
0ca4dd829e
Fixed an off-by-one error in fingerprinting string randomization
2019-01-04 16:31:43 -06:00
101fbb7aa5
Address code review comments
2019-01-04 15:23:24 -06:00
83267d08e0
Update jquery version and use SRI
2019-01-04 15:23:24 -06:00
4bbf84b949
Update login test page to use POST for generate-token
2019-01-04 15:22:32 -06:00
60681e4385
Use POST for token generation
2019-01-04 15:22:32 -06:00
1b29e17827
Dont array wrap refs
2019-01-04 15:10:21 -06:00
b875d391fc
WIP: updating ref lookup based on code review comments
2019-01-04 15:10:20 -06:00
5f43ec0a79
Address code review comment
2019-01-04 15:10:20 -06:00
0281ddf78c
Remove vuln_refs from Vuln JSON schema
...
This object is just a pointer between Vulns and refs. We don't need to surface it
2019-01-04 15:10:20 -06:00
10cceb0e9b
Fix a couple of bugs introduced by symbolizing to_ar
2019-01-04 15:10:20 -06:00
e9931fa70e
Fix bug when updating Mdm::Vuln.refs
2019-01-04 15:10:19 -06:00
bcfe434d1e
Update to_ar to use symbolized keys
2019-01-04 15:10:19 -06:00
f4e84da495
add comment
2019-01-03 18:00:06 +08:00
cfec99b1a8
Land #11154 , tab completion for aux rerun/exploit
2019-01-02 18:44:04 -06:00
c0dd020ff5
fix linux meterpreter ls
2019-01-02 19:09:46 +08:00
79c58cd786
fix #11158 , fix multi line text in android send_sms
2019-01-02 03:51:59 +08:00
05d78e23ea
fix #11189 , fix meterpreter ls handling of large files
2019-01-02 03:34:13 +08:00
4fc65b39a1
Make position of warden call the same as others
...
Minor correction for consistent usage since a previous refactoring moved
the authenticate call into the begin block.
2018-12-31 16:38:26 -05:00
7b22527f8f
Make error message use same language as others
2018-12-31 16:37:08 -05:00
05d810ac23
Add support for GET with ID in the path
2018-12-31 15:46:00 -05:00
0e56c30ab2
Use data object wrapper for JSON response
2018-12-31 15:43:16 -05:00
12f4222b2e
Fix to ensure authentication
2018-12-28 16:29:33 -05:00
8361dab983
Minor method comment change
2018-12-27 21:57:31 -05:00
66505790f9
Land #11179 , Replace Sysrandom with Ruby default SecureRandom
2018-12-27 11:33:29 -06:00
34e99c3857
Modify GET error message to match other servlets
2018-12-26 22:45:33 -05:00
0d0356ccdd
Land #11126 , Update sessions through the DBManager
2018-12-26 13:15:43 -06:00
ebc7a3a315
Replace sysrandom with ruby default securerandom
2018-12-26 13:40:44 -05:00
f5210abb55
Add rspec
2018-12-26 11:18:44 -06:00
12a948dde5
Move down cmd_rerun to fix rspec issue.
2018-12-24 11:30:02 +08:00
b5bc65c3bd
Add GET handler to query events
2018-12-21 22:18:10 -05:00
a448b26f73
Remove unnecessary argument default value
2018-12-21 22:13:52 -05:00
5e971132f3
Enhance events method to fully query events
2018-12-21 22:07:43 -05:00
7e10b38421
Add events method
2018-12-21 21:37:42 -05:00
9736e8252c
Merge branch 'master' into land-11038-
2018-12-21 16:31:53 -06:00
b4ff3b544f
Add CMDSTAGER::SSL datastore option
...
It has come to my attention that since I added the HTTP(S) command
stagers, no one has used HTTPS. This is probably why.
The CmdStager options hash takes precedence over any datastore options.
2018-12-21 14:51:49 -06:00
5cff330a38
Land #11128 , Rex::Exploitation::CmdStagerFetch
2018-12-21 14:16:57 -06:00
3021a05553
Fix typo in report.rb
2018-12-21 17:51:46 +05:30
06de47ce68
Enhance the command auto-complete in aux.
2018-12-21 18:03:57 +08:00
f7eb3452be
Land #11083 , set user agent in Windows reverse_http(s) stagers
2018-12-19 11:38:12 -06:00
09f9b887b9
don't bother handholding the empty string
2018-12-19 10:52:51 -06:00
847e3232ab
Land #11102 , remove old metasm remnants
2018-12-18 08:53:53 -06:00
8d93812c0a
Add Rex::Exploitation::CmdStagerFetch
2018-12-15 03:30:00 +00:00
a2a38bb72f
ysoserial: Distracted halfway through a comment 🙃
2018-12-14 15:07:13 -06:00
74b4ba1c50
ysoserial: Change class name to camelcase to align with Ruby style guide
2018-12-14 14:44:58 -06:00
212454b1fb
ysoserial: Support larger payloads, Randomize fingerprintable string
2018-12-14 14:43:30 -06:00
fa74a1839a
Initial support for dynamic ysoserial Java serialization payloads
2018-12-14 12:51:08 -06:00
eec7a3dafc
Remove debug code
2018-12-14 13:33:16 -05:00
ad6b80bd08
Remove unused session_dto flag
2018-12-14 13:01:20 -05:00
a683cedcce
Enhance race condition workaround in report_host
2018-12-14 12:28:16 -05:00
c2af36f405
Use update_session rather than Mdm save method
...
The changes ensure that updates to an Mdm::Session are reflected on a
remote data service.
2018-12-14 12:22:49 -05:00
b6cdf7aa9d
Add update_session method
2018-12-14 12:04:55 -05:00
a8ed971f12
Move convert_msf_session_to_hash to data proxy
2018-12-14 11:46:12 -05:00
3f9b2dadc8
Remove unnecessary single object selection
2018-12-14 11:20:19 -05:00
4cefb8d06e
Fix typo
2018-12-14 11:19:40 -05:00
288cbd2386
add analyze command
2018-12-13 18:21:00 -06:00
4963647bf6
remove call to method not defined
2018-12-13 17:00:41 -06:00
564814c4db
Land #10676 , Add support for ext_server_unhook
...
Merge branch 'land-10676' into upstream-master
2018-12-13 09:46:37 -06:00
a415063acd
Reword CreateSession option description
2018-12-12 15:32:31 -06:00
eceb47a9da
Move CREATE_SESSION option to advanced option CreateSession
2018-12-12 15:32:31 -06:00
8a7187ad79
Add CREATE_SESSION option to CommanShell
...
Register the CREATE_SESSION option in command_shell_options so it
can be used with all modules that use start_session.
Modify ssh_login.rb, ssh_login_pubkey.rb, and telnet_login.rb to
use the new CREATE_SESSION option.
When CREATE_SESSION is set to true (default) a new session is
created with each successful login. When set to false a new session
is not created but the successful login is still registered in the
credentials database.
2018-12-12 15:32:31 -06:00
0c9d5b7d51
refactor `unless !` to `if`
2018-12-11 10:04:55 -06:00
4ff6f0171d
remove old metasm remnants
...
Noticed while @asoto-r7 was reviewing Code Climate results, and it
highlighted some metasm code as having unusual code structure. Rather
than fixing it, we can delete it, since this is from upstream metasm
presumably, which we've used as a Gem for some time (thanks @egypt).
All payloads should still be regenerable, and evasion modules as well.
2018-12-10 18:58:53 -06:00
43842ad41d
Land #11082 , Update show plugins to show all available plugins as well
2018-12-10 10:20:51 -06:00
733c2f637d
Land #11081 , Add Msf::Post::Linux::Kernel.lkrg_installed? method
2018-12-08 09:14:57 -06:00
3dca52510d
pass NULL if the UA field is empty
2018-12-08 06:23:35 -06:00
6f8fc55b86
set user agent in Windows reverse_http(s) stagers
2018-12-07 14:03:03 -06:00
42c5a7d245
Update show plugins to show all available plugins as well as the loaded ones.
...
Fixes #11051
2018-12-08 01:19:44 +05:30
df76521100
Land #11066 , add rpc output locking, fix logging
2018-12-07 13:49:10 -06:00
09ffce4ec5
fix mutex locking, push to rpcSend
2018-12-07 13:28:34 -06:00
80d83720df
Add Msf::Post::Linux::Kernel.lkrg_installed? method
2018-12-07 14:42:16 +00:00
9e110eb9fc
Land #10940 , add default service mapping to imports
2018-12-06 21:04:05 -06:00
f4282bfb56
Land #11064 , Add Msf::Post::Linux::Kernel.kernel_config method
2018-12-06 20:52:12 -06:00
310d6f0170
Land #11068 , Update db_connect help text
2018-12-06 20:32:13 -06:00
e36e27d91a
Port is optional for HTTP data services
2018-12-05 16:05:09 -06:00
1e57f025d9
Update db_connect help
2018-12-05 14:52:26 -06:00
b0560c1ec8
Centralize logging sync, fix minor logging issues
2018-12-05 12:42:44 -06:00
25e4c4734f
return nil rather than empty array
2018-12-05 23:44:13 +11:00
9d690f4f8c
Add Msf::Post::Linux::Kernel.kernel_config method
2018-12-05 11:19:36 +00:00
6040f779c5
Supress 'Permission denied' error in get_suid_files
2018-12-05 00:35:32 +00:00
c7acbc08ab
Land #11058 , fix SSH key displayed by creds cmd
2018-12-04 15:25:51 -06:00
5e29d1206d
Land #11059 , provide meaningful error when workspace doesnt exist
2018-12-04 14:53:43 -06:00
8799c550e1
Parse public and private as correct sub-type
2018-12-04 10:57:54 -06:00
55a9a12670
Land #10964 , add initial golang modules for enumerating owa/o365
2018-12-04 10:33:37 -06:00
4f08243af9
Raise exception if workspace not found
2018-12-03 17:24:36 -06:00
74a5d816be
Fix parentheses around args of method invocations
2018-12-03 17:19:59 -06:00
d41f48853a
Use to_s when printing credential private
2018-12-03 16:46:30 -06:00
042a793648
Land #11050 , Add protection checks to Msf::Post::Linux::Kernel lib
2018-12-03 13:16:46 -06:00
6574ceaab8
Land #11053 , Add Openwall detection to Linux system lib
2018-12-03 12:46:36 -06:00
b11bcd92a4
Broken into 3 modules, addressed review comments
2018-12-03 10:25:21 -06:00
ab1bea1b22
Land #10798 , Cisco device manager update
2018-12-03 01:39:19 -06:00
f2b7036e37
Add Openwall detection to Linux system lib
2018-12-03 06:58:19 +00:00
0481cbffe6
Add check for Exec-Shield
2018-12-03 03:51:14 +00:00
d87fef5ee3
Add grsec/PaX checks to Msf::Post::Linux::Kernel lib
2018-12-02 08:11:17 +00:00
dc125d1dc5
return hostname
2018-12-01 05:20:47 +00:00
5b926bcbcf
Addressed feedback
2018-11-30 13:18:02 -06:00
6225c04b99
Address review feedback, fix bugs
2018-11-30 11:36:39 -06:00
88ca775fd3
Land #10952 , WP GDPR Compliance plugin exploit
2018-11-29 13:31:31 -06:00
117d8ad986
Change default behavior of required OptString to permit empty strings
2018-11-29 11:34:44 -06:00
3e571ff71a
Compatible with REG_MULTI_SZ when set value.
2018-11-29 15:47:09 +08:00
9d33891652
Update register descriptions
2018-11-28 19:37:35 -06:00
c4959da77f
Email validation and user registration
2018-11-28 17:56:55 -06:00
d523124faf
Land #10965 , Add the macOS LPE from pwn2own2018 (CVE-2018-4237)
2018-11-27 14:00:35 -06:00
d7c1dd91c0
Land #10509 , Add source meta command for shell sessions
2018-11-26 14:27:08 -06:00
181fc292c2
Land #10861 , Add framework for JSON-RPC and future Sinatra apps
2018-11-26 14:12:08 -06:00
2cde2e4e21
Land #11017 , Fix userns_enabled? check for unprivileged_userns_clone
2018-11-26 14:07:14 -06:00
fd75b75c61
Add FrameworkExtension
2018-11-26 13:08:42 -05:00
e144cc6738
Move under Msf::WebServices namespace
2018-11-26 12:58:10 -05:00
0678d33760
Revert "ensure a value exists before returning the normalized key"
...
This reverts commit 063838fb17
2018-11-26 10:10:07 -06:00
a98dbd1d61
Revert "Return the original key if it does not exist in the datastore"
...
This reverts commit 7312fa774f
2018-11-26 10:10:07 -06:00
8f07f299b4
Fix userns_enabled? check for unprivileged_userns_clone
2018-11-25 01:26:49 +00:00
847e630630
ensure incoming creds are all UTF-8
2018-11-22 09:20:12 -06:00
e07e5caebd
don't do a binary regex against a regular string
2018-11-22 09:19:38 -06:00
cdc9c24f6d
don't try to close a nil connection in smb login scanner mixin
2018-11-22 05:02:17 -06:00
8694d6dd19
Land #10990 , move metasploit web service code
2018-11-21 16:49:56 -06:00
77723ba2f8
Land #11002 , Support Python 3.7 in external probe scanner code
2018-11-21 16:23:34 -06:00
682ebdc234
Land #11001 , Properly error out when attempting to format ELFs
2018-11-21 16:13:40 -06:00
317f71f7f4
Land #10802 , Make `msfvenom -f` case-insensitive
2018-11-21 16:04:30 -06:00
c9f8a591e5
Land #10872 , Add --pad-nops option for msfvenom
2018-11-21 16:02:02 -06:00
44da31edb8
Support Python 3.7 in external probe scanner code
2018-11-21 15:06:54 -06:00
818c3c9f57
Properly error out when attempting to format ELFs
2018-11-21 14:57:37 -06:00
230ae70028
Land #11000 , fix DB import error messages
2018-11-21 14:52:17 -06:00
1eb4a79410
adjust error message on impart
2018-11-21 14:42:48 -06:00
7312fa774f
Return the original key if it does not exist in the datastore
2018-11-21 06:03:50 -06:00
063838fb17
ensure a value exists before returning the normalized key
2018-11-21 04:43:06 -06:00
da9e6edbf1
delete option aliases when an option is deleted
...
Otherwise the aliases will remain active and if the aliased value is redefined
2018-11-21 04:09:33 -06:00
30bf716827
Use --pad-nops as a boolean to make -n <size> the total payload size.
2018-11-20 23:26:03 -06:00
4cc9959e3f
Move MSF API App and associated servlets
...
The modules interact with the DbManager, however, are not a part of it
and belong in a more meaningful location for web services.
2018-11-19 18:46:15 -05:00
630de06f9e
Land #10972 , Rework session_compatible? check in post mixin, excluding ARCH_CMD modules
2018-11-19 16:08:15 -06:00
6d317baada
Coerce DisablePayloadHandler into a Boolean string
...
Due to discrepancies in how command dispatchers receive datastore
options, especially after a "save" of the console, Boolean values are
stored as strings.
This is a quick fix for DisablePayloadHandler specifically, since it was
driving me insane.
2018-11-19 13:18:15 -06:00
fd3ece3f9b
Land #10956 , Use new 'data_service_operation' block in 'DataProxy' modules
2018-11-16 17:24:00 -06:00
4726c58516
Update documentation
2018-11-16 12:40:42 -06:00
Spencer McIntyre
h00die
Metasploit
Wei Chen
Brendan Coles
William Vu
Jeffrey Martin
bwatters
Nash van Gool
Brent Cook
Matthew Kienow
James Barnett
Marian Gawron
Pedro Ribeiro
Adam Cammack
Jacob Robles
asoto-r7
Green-m
Erin Bleiweiss
Tim W
Garvit Dewan
Stephen Haywood
Christopher Lee
Patrick