4247747fc5
Refactor extract_object
2015-01-18 01:13:00 -06:00
cb0257bec7
Land #4576 , OpenVAS database import fix
2015-01-18 00:45:36 -06:00
ab391f3b32
Do minor JMX mixin cleanup
2015-01-17 22:40:43 -06:00
55a746eeb7
Changing code to catch everything extraneous
2015-01-17 15:46:26 +00:00
697e4fbd41
Land #4584 , @sgabe's fix for egghunter searchforward
2015-01-16 19:36:52 -06:00
a42b095472
Delete heaponly option
2015-01-16 19:35:57 -06:00
859a8978e7
Allow searchforward to be an string
2015-01-16 19:33:19 -06:00
3297d198f3
Fix search-forward option in regular egghunter
2015-01-16 22:16:30 +01:00
a2a1a90678
Land #4316 , Meatballs1 streamlines payload execution for exploits/windows/local/wmi
...
also fixes a typo bug in WMIC
2015-01-16 11:16:22 -06:00
c516190d07
Create Msf::Jmx::Util
2015-01-15 23:21:54 -06:00
d9c6c56779
Refactor extract_rmi_connection_stub
2015-01-15 23:15:30 -06:00
2d2f26a0e3
Change method names for stream builders
2015-01-15 23:01:27 -06:00
273ba54a21
Fix server/capture/smb to use create_credential
2015-01-15 22:39:11 -06:00
00117fc963
Do first and ugly refactoring
2015-01-15 21:18:03 -06:00
da1c56a65d
Add minimal tests for get/getg
2015-01-15 14:46:12 -08:00
bc895ab4d1
Land #4582 , jhart-r7's Apple Airport Authentication Avalanche
2015-01-15 14:07:18 -06:00
7a900cc889
More Ruby-ish way for cmd_get
2015-01-15 11:54:01 -08:00
8aff50aed1
Make get/getg help more consistent
2015-01-15 11:36:32 -08:00
45cef82f6c
Use appropriate help for get/getg
2015-01-15 11:35:39 -08:00
621cada2ac
Undo build_gc_call_data refactoring
2015-01-14 16:47:28 -06:00
f0de45c371
Fix typo and add Subject support
2015-01-14 02:17:29 -06:00
95eab85df4
Add support for heap-only search in regular egghunter
2015-01-13 21:31:13 +01:00
5cc7d5d1a8
Remove errant pry
2015-01-13 10:35:05 -08:00
ad082bc1af
Add specs for build_dgc_ack
2015-01-13 11:02:16 -06:00
0babde8c1a
Fix specs
2015-01-13 10:48:23 -06:00
4351964290
Change module filename
2015-01-13 10:46:14 -06:00
3946b95bc3
Update rex code and specs
2015-01-13 10:45:00 -06:00
1f0b986bf1
Change filenames
2015-01-13 10:43:27 -06:00
69f03f5c5d
Move ACPP default port into Rex
2015-01-12 19:43:57 -08:00
d5cdfe73ed
Big style cleanup
2015-01-12 19:11:14 -08:00
9baae6e494
Potential Fix For OpenVAS DB Import Issue
2015-01-13 02:46:13 +00:00
ec506af8ea
Make ACPP login work
2015-01-12 14:01:23 -08:00
e9557ffe58
Simplify module in prep for some authbrute cleanups
2015-01-12 13:08:12 -08:00
691ed2cf14
More cleanup
...
Don't validate checksums by default until they are better understood
Handle the unknowns a bit better
Make checksum failures more obvious why it failed
2015-01-12 13:08:12 -08:00
97f5cbdf08
Add initial Airport ACPP login scanner
2015-01-12 13:08:12 -08:00
fba6945e9a
Doc payload oddness. Add more checksum tests
2015-01-12 13:08:12 -08:00
54eab4ea3d
Checksum validation, more tests
2015-01-12 13:08:12 -08:00
7e4dd4e55b
Add ACPP decoding capabilities
2015-01-12 13:08:12 -08:00
2af82ac987
Some preliminary Apple Airport admin protocol (ACPP?) support
2015-01-12 13:08:11 -08:00
6dad66c04c
add Date header support to SMTP deliver
...
the SMTP mixin now supports the Date header.
The user can supply a a value for the Date Header
or else it will automatically use the current local
DateTime. This will help alleviate certain issues
caused by servers setting this field for the cliebnt incorrectly
MSP-9390
2015-01-12 11:18:07 -06:00
d8743ea32b
Land #4539 , @Meatballs1's creds cmd now supports type filters, -R for search
2015-01-08 18:48:27 -08:00
7c4b86ca4c
If an unsupported cred type is given to -t, show what is valid
2015-01-08 18:42:25 -08:00
e4cdac1440
Land #4559 , @FireFart's fix for wordpress version detection (from wpscan)
2015-01-08 15:19:29 -08:00
fb5170e8b3
Land #2766 , Meatballs1's refactoring of ExtAPI services
...
- Many code duplications are eliminated from modules in favor of shared
implementations in the framework.
- Paths are properly quoted in shell operations and duplicate operations are
squashed.
- Various subtle bugs in error handling are fixed.
- Error handling is simpler.
- Windows services API is revised and modules are updated to use it.
- various API docs added
- railgun API constants are organized and readable now.
2015-01-08 16:54:01 -06:00
ed74271c26
Land #4548 , @dmaloney-r7's fix to allow loginscanners to work w/o a DB
2015-01-08 14:50:08 -08:00
14b1d8dc5f
no space required
2015-01-08 23:43:06 +01:00
98cee8249d
Move non-active DB messages to warning and clarify/simplify
2015-01-08 14:40:47 -08:00
f7eb9a6cf8
update wordpress version detection regex
2015-01-08 23:36:59 +01:00
50ecfbf64c
Land #4553 - Update bypass UAC to work on 7, 8, 8.1, and 2012
2015-01-08 16:19:55 -06:00
05279ef02a
consistently use double-quoted paths
...
allow for variable expansion if needed
2015-01-08 16:10:28 -06:00
fa5cd928a1
Refactor exploit to use the mixin
2015-01-08 16:04:56 -06:00
ca765e2cc5
Refactor client mixin
2015-01-08 15:46:24 -06:00
873ade3b8a
Refactor exploit module
2015-01-08 14:52:55 -06:00
956bf0c8f9
Fix indentation
2015-01-08 14:31:37 -06:00
e9e6c32769
Move build* calls to Streams
2015-01-08 14:13:06 -06:00
23d0ae9488
Add Streams mixin
2015-01-08 14:01:41 -06:00
c205ef28d4
Refactor build_gc_call
2015-01-08 14:01:04 -06:00
a5b56c7d09
fix error
2015-01-08 19:48:29 +01:00
fd7e65d459
derp just check db active
...
the other way of doing this was stupid, jsut check if
the db is active
2015-01-08 11:58:56 -06:00
bf482e806c
Add YARD documentation for the YARD mixin
2015-01-08 09:56:32 -06:00
8f720ef766
Use get_env in runas
2015-01-08 11:07:40 +00:00
73e3cd19c3
Convert java_rmi_server aux mod to use new mixin
2015-01-08 00:29:50 -06:00
844460dd87
Update bypass UAC to work on 8.1 and 2012
...
This commit contains a bunch of work that comes from Meatballs1 and
Lesage, and updates the bypassuac_inject module so that it works on
Windows 8.x and Windows 2012. Almost zero of the code in this module
can be attributed to me. Most of it comes from Ben's work.
I did do some code tidying, adjustment of style, etc. but other than
that it's all down to other people.
2015-01-08 15:39:19 +10:00
7dd7e62726
Add first mixin draft
2015-01-07 20:42:44 -06:00
d59805568e
Do first module refactoring try
2015-01-07 19:06:09 -06:00
f0261a418c
Lands #4535 , report_auth_info shoring up
2015-01-07 16:32:14 -06:00
001b6d913e
allows loginscanners to work without db
...
created stub methods around the credential
creation methods modules would use from
Metasploit::Credential, they try to call the real ones
but rescue a NoMethodError that arises if framework is setup
without the db. it just prints a message to the console
telling the user the cred data will not be saved
MSP-10969
2015-01-07 16:09:04 -06:00
e6f53ebcbc
Remove duplicate rhosts
2015-01-07 22:04:01 +00:00
dccd21a559
Resolve #3870 , reinstance creds -R
2015-01-07 22:01:45 +00:00
da2e088118
Land #4536 , Ruby 2.2 compat fixes
...
Note that ActiveRecord 3.2.21 still has a similar warning that will
probably cause bugs, preventing full support for 2.2 until that's fixed.
2015-01-07 15:33:23 -06:00
e3e9a64064
Land #4543 , Update john.conf with korelogic rules
2015-01-07 21:30:44 +00:00
731c2f99d1
Handle better java references
2015-01-07 15:19:28 -06:00
bdbb26ba31
Land #4540 , resolves #4532 , honour DB_ALL_* options
2015-01-07 21:12:23 +00:00
0b0ac1455a
Merge remote-tracking branch 'upstream/master' into extapi_service_post
...
Conflicts:
test/modules/post/test/services.rb
2015-01-07 20:53:34 +00:00
294cd80a08
Update documentation for wordpress_login
2015-01-07 18:32:52 +00:00
4ad7021336
give user option to turn on KoreLogic rules
...
the cracker modules in framework now have a datastore option
to allow the user to select the KoreLogicRules
2015-01-07 12:32:26 -06:00
5d68d48ca5
Land #4385 , fixes bruteforce_speed validator
...
bruteforce_speed validator now accepts nil
2015-01-07 12:09:25 -06:00
ba13e9d64c
Add Stream spec
2015-01-07 12:05:44 -06:00
702511dbc5
respect DB_ALL_USERS & DB_ALL_PASS
...
fix last few things in authbrute
and make the CredentialCollections understand the
additional seperate components
MSP-11986
2015-01-07 11:41:41 -06:00
7ff2ba0725
first pass on fixing DB_ALL authbrute stuff
...
DB_ALL_CREDS worked but DB_ALL_USER and DB_ALL_PASS
did not. working on fixing that.
This commit also does some nice DRY work in the auth_brute mixin
MSP-11986
2015-01-07 11:30:39 -06:00
aef8c702d7
Filter creds by type
2015-01-07 17:19:31 +00:00
e90e98547b
Add configurable timeout to WordPress login
2015-01-07 17:06:31 +00:00
478505c17a
ruby 2.2 compatibility
...
https://bugs.ruby-lang.org/issues/10314
2015-01-07 11:41:34 +02:00
98ec08ae0d
Add support for Ping and PingAck
2015-01-06 15:18:55 -06:00
1e3b24f01b
Add support for DbgAck
2015-01-06 15:00:17 -06:00
6d1d300e72
Add support for ReturnData
2015-01-06 12:52:00 -06:00
609c490b3c
I missed nobfu
2015-01-06 12:49:39 -06:00
2ed05869b8
Make Msf::Exploit::PDF follow the Ruby method naming convention
...
Just changing method names.
It will actually also fix #4520
2015-01-06 12:42:06 -06:00
825e08f5ac
Add support for Call messages
2015-01-06 12:36:06 -06:00
f3ff42dbfb
Add support for Continuation
2015-01-06 11:34:47 -06:00
0bece137c1
Land #4494 , Object.class.to_s fix
2015-01-06 02:27:35 -06:00
757f95a24d
Add support for ProtocolAck
2015-01-06 00:14:14 -06:00
26da73ffb8
Change class name
2015-01-05 19:23:07 -06:00
d5dfd75e71
Add initial model and support to OutputStream
2015-01-05 18:52:13 -06:00
dd5c638ab0
Merge remote-tracking branch 'upstream/master' into extapi_service_post
2015-01-05 22:18:44 +00:00
fc91244252
insert deprecation error message
...
report_auth_info will now issue an error message
stating that the method is deprecated along with the module name
that called it
MSP-11919
2015-01-05 14:02:16 -06:00
db8f260557
add some YARD docs to report_auth_info
...
add yard docs for the modified report_auth_info
MSP-11919
2015-01-05 13:58:25 -06:00
71d600e829
make report_auth_info create new creds and logins
...
report_auth_info coerces old data into the new credential
types as best as it is able
MSP-11919
2015-01-05 13:41:30 -06:00
17ff546b0f
Remove unnecessary calls to expand path
...
When using the Meterpreter Binaries gem to locate the path to the
meterpreter DLLs, it's not necessary to use File.expand_path on
the result because the gem's code does this already.
This commit simple removes those unnecessary calls.
2015-01-03 08:30:26 +10:00
d45cdd61aa
Resolve #4507 - respond_to? + send = evil
...
Since Ruby 2.1, the respond_to? method is more strict because it does
not check protected methods. So when you use send(), clearly you're
ignoring this type of access control. The patch is meant to preserve
this behavior to avoid potential breakage.
Resolve #4507
2015-01-02 13:29:17 -06:00
b121e2c3fd
adds a get and getg method besides the already existing set/setg and unset/unsetg
2015-01-02 12:40:24 +01:00
056046f38b
update wordpress readme regex
2015-01-01 23:13:20 +01:00
6d966dbbcf
Land #4203 , @jvazquez-r7's cleanup for java_rmi_server
2014-12-31 11:25:19 -05:00
92bdf42496
Land #3594 , jvazquez-r7's linux meterpreter migration support
2014-12-31 09:20:44 -06:00
4f11dc009a
fixes #4490 , class.to_s should not be used for checks
2014-12-31 10:46:24 +01:00
722f86f361
Try to guess TMPDIR folder
2014-12-30 18:39:29 -06:00
7596d211e9
Use length for comparision
2014-12-30 18:39:18 -06:00
e903044fd5
Allow to provide writable dir
2014-12-30 18:36:30 -06:00
f17a7e8a61
Better handling of the unix domain socket argument
2014-12-30 18:36:28 -06:00
4df4e8b9d6
Add support for linux meterpreter migration
2014-12-30 18:34:24 -06:00
56df2d0062
Add support for linux meterpreter migrate types
2014-12-30 18:30:15 -06:00
553030b22d
Land #4473 - Log backtraces by default
2014-12-30 18:13:33 -06:00
135faeee29
Land #4095 , specs for Rex::OLE
2014-12-30 14:25:09 -06:00
6444d8ba64
use kind_of? for checking exceptions
2014-12-30 21:16:57 +01:00
ce0bbca6ed
Land #4487 , no spinnerz on Windows :(
2014-12-30 14:06:05 -06:00
a8e907d68b
Land #4479 , nil comparisons and missing DLLs
...
Also fixes #4474 .
2014-12-30 13:55:54 -06:00
bdac5db695
remove usage of ==/!= nil
...
Adjust all module-loading libraries to have consistent nil?/!nil? checking and
'if' style.
2014-12-30 10:59:49 -06:00
6ded5a7eb4
Avoid spinner on Windows
...
Fixes #4147 , probably.
2014-12-30 10:17:56 -06:00
d727ac5367
Alias Rex::Ui::Text::Output::Tee print_raw to write, fixes #4469 and #4363
2014-12-29 16:47:04 -08:00
9af3fd01d4
Fix response_timeout
...
response_timeout is a method specific to a meterpreter session, not
shell. So if the user is using a shell type payload, he will never
see a backtrace before interacting with the sessions.
2014-12-29 17:03:50 -06:00
555713b6ae
Land #4456 - MS14-068, Kerberos Checksum (plus krb protocol support)
2014-12-29 16:09:28 -06:00
f9b141c1e2
Land #4442 , wchen-r7's configurable session response timeout option
...
fixes #4431
2014-12-29 13:02:47 -06:00
5d70b837ed
handle nil results from MeterpreterBinaries.path
...
When a meterpreter binary cannot be found, give the user some hint about what
went wrong.
```
msf > use exploit/multi/handler
msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(handler) > set lhost 192.168.43.1
lhost => 192.168.43.1
msf exploit(handler) > exploit
[*] Started reverse handler on 192.168.43.1:4444
[*] Starting the payload handler...
[*] Sending stage (770048 bytes) to 192.168.43.252
[*] Meterpreter session 1 opened (192.168.43.1:4444 -> 192.168.43.252:49297) at 2014-12-29 12:32:37 -0600
meterpreter > use mack
Loading extension mack...
[-] Failed to load extension: No module of the name ext_server_mack.x86.dll found
```
This is also useful for not scaring away would-be developers who replaced only
half (the wrong half) of their DLLs from a fresh meterpreter build and
everything exploded. Not that thats ever happened to me :)
2014-12-29 12:34:02 -06:00
72eb8e6503
Land #4475 , inverted timeout fix
2014-12-29 11:37:28 -06:00
bbb41c39b8
fix backward meterpreter packet timeout logic
...
The current logic times out every packet almost immediately, making it possible
for almost any non-trivial meterpreter session to receive duplicate packets.
This causes problems especially with any interactions that involve passing
resource handles or pointers back and forth between MSF and meterpreter, since
meterpreter can be told to operate on freed pointers, double-closes, etc.
This probably fixes tons of heisenbugs, including #3798 .
To reproduce this, I enabled all debug messages in meterpreter to slow it
down, then ran this RC script with a reverse TCP meterpreter, after linking in
the test modules:
(cd modules/post
ln -s ../../test/modules/post/test)
die.rc:
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.43.1
exploit -j
sleep 5
use post/test/services
set SESSION 1
run
2014-12-29 08:15:51 -06:00
3a73b40a1e
more error handling
2014-12-29 00:39:00 +01:00
7b52bcb657
log errors into framework.log
2014-12-29 00:20:26 +01:00
04772c8946
Ensure stop_service closes Rex::Proto::Http::Server
2014-12-26 13:50:03 -06:00
c1b0385a4b
Land #4460 , @Meatballs1's ssl cert validation bypass on powershell web delivery
2014-12-26 12:07:45 -06:00
d148848d31
Support Kerberos error codes
2014-12-24 18:05:48 -06:00
725a17c70b
override default attr for OptRegexp
...
Rather than literally returning the default Regex object, override the accessor
to return the string representation. This allows the RPC backend to properly
serialize the options hash values, since msgpack does not know how to serialize
a Regexp object. Fixes #3798 .
To verify the fix, run the steps for issue #3798 and ensure that the module
options are returned instead of a backtrace. Also, ensure that the module
continues to work as expected:
```
$ ./msfconsole -q
msf > use auxiliary/scanner/http/scraper
msf auxiliary(scraper) > info
Name: HTTP Page Scraper
Module: auxiliary/scanner/http/scraper
License: Metasploit Framework License (BSD)
Rank: Normal
Provided by:
et <et@metasploit.com>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
PATH / yes The test path to the page to analize
PATTERN (?i-mx:<title>(.*)<\/title>) yes The regex to use (default regex is a sample to grab page title)
Proxies no Use a proxy chain
RHOSTS yes The target address range or CIDR identifier
RPORT 80 yes The target port
THREADS 1 yes The number of concurrent threads
VHOST no HTTP server virtual host
override default attr for OptRegexp
Description:
Scrap defined data from a specific web page based on a regular
expresion
msf auxiliary(scraper) > set RHOSTS lwn.net
RHOSTS => lwn.net
msf auxiliary(scraper) > set RHOSTS 72.51.34.34
RHOSTS => 72.51.34.34
msf auxiliary(scraper) > set VHOST lwn.net
VHOST => lwn.net
msf auxiliary(scraper) > run
[*] [72.51.34.34] / [Welcome to LWN.net [LWN.net]]
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
```
2014-12-24 09:57:14 -06:00
05a9ec05e8
raise NotImplementedError
2014-12-23 19:59:37 -06:00
4493b3285c
Raise NoMethodError for methods designed to be overriden
2014-12-23 19:51:41 -06:00
fee033d6df
Use Rex::Text.md5_raw
2014-12-23 19:30:23 -06:00
c2bcde24ef
Land #4377 , Support DYNAMIC_BASE templates - resolves #4366
2014-12-23 11:57:33 +00:00
b41e259252
Move it to a common method
2014-12-23 11:16:07 +00:00
e974d272f0
Remove stray line comment that ruined things when minified.
2014-12-23 00:22:50 -06:00
13ec578d1a
Revert "Back to Create OpenSSL::BN from string"
...
This reverts commit 635a54ca94
2014-12-22 23:17:03 -06:00
635a54ca94
Revert "Create OpenSSL::BN from string"
...
This reverts commit fe99b65a62
2014-12-22 19:14:07 -06:00
fe99b65a62
Create OpenSSL::BN from string
2014-12-22 18:44:47 -06:00
d12b43d257
Use Intege.new
2014-12-22 18:37:07 -06:00
f37cf555bb
Use random subkey
2014-12-22 15:39:08 -06:00
ad97457a39
Move more constants to Crypto
2014-12-22 15:27:16 -06:00
75a2846377
Add more PAC constants
2014-12-22 15:14:46 -06:00
5a6c915123
Clean options
2014-12-22 14:37:37 -06:00
bcf659792e
Restore original timeout
2014-12-22 12:34:52 -06:00
f3b263f57d
Use more crypto constants
2014-12-22 12:13:23 -06:00
b96d172ccc
Use constant names
2014-12-22 11:58:59 -06:00
ff208002d7
Reorganize the Crypto mixin
2014-12-22 11:57:35 -06:00
7a45918ecc
Add specs for Msf::Kerberos::Client::TgsRequest
2014-12-22 11:28:24 -06:00
8c62822ab9
Add specs for Msf::Client::Kerberos::AsRequest
2014-12-22 09:34:21 -06:00
b469ff3567
Add doc references to Msf::Kerberos::Client::CacheCredential
2014-12-22 08:54:09 -06:00
1f3eded4a8
Add specs for Msf::Kerberos::Client::CacheCredential
2014-12-21 23:47:40 -06:00
7cb27408b2
Add doc references por spec'd mixins
2014-12-21 21:03:58 -06:00
60d4525632
Add specs for Msf::Kerberos::Client::Pac
2014-12-21 17:49:36 -06:00
e219b0b249
Add specs for Msf::Kerberos::Client::AsResponse
2014-12-21 01:12:00 -06:00
9f1403a63e
Add initial specs for Msf::Kerberos::Client::TgsResponse
2014-12-20 20:29:00 -06:00
5f0c3ebb2b
Add documentation for Msf::Kerberos::Client::TgsResponse and TgsRequest
2014-12-20 19:32:38 -06:00
ffb319d703
Add documentation for Msf::Kerberos::Client::AsRequest
2014-12-20 18:57:49 -06:00
8929cbd6b3
Fix typo
2014-12-20 18:29:50 -06:00
e35218b6f1
Add documentation for Msf::Kerberos::Client::CacheCredential
2014-12-20 18:28:36 -06:00
ca75b4b74a
Add documentation for Msf::Client::Kerberos::Pac
2014-12-20 01:36:54 -06:00
cf13dc8d53
Do build_ap_req
2014-12-20 01:25:20 -06:00
422d3ce9b5
Take more care of options on build_tgs_request
2014-12-20 01:13:56 -06:00
ad8bbf4477
Rescue rescue Rex::TimeoutError so the iteration can keep going
2014-12-20 01:12:30 -06:00
a8e3ee033c
Fix #4431 - Support arbitrary session response timeout
...
Fix #4431
2014-12-20 00:25:02 -06:00
cd16e11b22
Make checksum from a method
2014-12-19 20:08:15 -06:00
b0ac68fbc3
Create build_subkey method
2014-12-19 19:46:57 -06:00
4a106089b9
Move options to build_tgs_request_body
2014-12-19 19:12:17 -06:00
e6781fcbea
Build AuthorizationData from the module
2014-12-19 18:59:39 -06:00
9bd454d288
Build PAC extensions from the module
2014-12-19 18:47:41 -06:00
04ef087434
Delete Microsoft namespace from the mixin
2014-12-19 18:41:27 -06:00
b78765e584
Create PAC mixin component
2014-12-19 18:36:02 -06:00
f332860c19
Clean creation of client and server principal names
2014-12-19 18:16:22 -06:00
bd85723a9d
Build pre auth array out of the mixin
2014-12-19 18:10:14 -06:00
d3050de862
Remove references to Redmine in code
...
See #4400 . This should be all of them, except for, of course, the module
that targets Redmine itself.
Note that this also updates the README.md with more current information
as well.
2014-12-19 17:27:08 -06:00
9cfc52b5af
Extract build_as_request_body
2014-12-19 17:00:39 -06:00
fcb801c729
Add Timeout datastore option
2014-12-19 16:53:12 -06:00
d058bd5259
Refact extraction of kerberos cache credentials
2014-12-19 15:53:24 -06:00
337b2d784f
Land #4416 , define rails version dep in one place
...
* Bump rails to 3.2.21
2014-12-19 15:17:54 -06:00
db0aeb2a05
Make the version constraint a range
2014-12-19 13:54:13 -06:00
650a68c994
Fix jcxz to jecxz for x86_64 in metasm
...
This fixes "invalid opcode near 'jecxz'" for x64 metasm encoding.
2014-12-19 13:34:56 -06:00
fad08d7fca
Add specs for Rex Kerberos client
2014-12-19 12:14:33 -06:00
c493ccfc06
Define the Rails version constraint in a library constant
2014-12-19 11:46:39 -06:00
f4037b1003
Clean Kerberos Rex client code
2014-12-19 11:08:48 -06:00
dfa92da287
Add TODO
2014-12-19 01:13:56 -06:00
77e2d4d90d
Add documentation for the Kerberos PAC support classes
2014-12-19 01:12:14 -06:00
fda4cd3440
Fix some Rex Kerberos model documentation
2014-12-18 19:30:12 -06:00
c426cf32d0
Add specs for Rex::Proto::Kerberos::CredentialCache::Principal
2014-12-18 17:40:06 -06:00
16d5ee1aae
Add documentation for the rex credential cache support
2014-12-18 17:12:58 -06:00
7275f5a5f2
Allow Rex to load credential_cache
2014-12-18 16:32:21 -06:00
f325d2f60e
Add support for cache credentials in the mixin
2014-12-18 16:31:46 -06:00
723998e1d4
Land #4425 , jobs tab completion NilClass fix
2014-12-18 15:25:57 -06:00
400bd9a094
Fix jobs NilClass tab complete bug
2014-12-18 15:43:04 -05:00
80cd04d76a
Land #4332 , test optimization for Cucumber
...
* Make Cuke run faster on TravisCI
2014-12-18 09:34:55 -06:00
0a61e108ea
Add code skeleton for credential_cache
2014-12-18 00:30:47 -06:00
0f19f3cf2e
Add classes templates
2014-12-17 23:16:58 -06:00
f3f6a64f02
Add some AS response methods to a mixin
2014-12-17 19:50:42 -06:00
8e570cc19b
Initial support to send TGS-REQ
2014-12-17 18:55:30 -06:00
549f3c69ff
Dont crash when tab complete threads command with typos
2014-12-17 19:36:04 -05:00
698ca2639b
Do not delete files that do not exist in rm_f
2014-12-17 09:18:06 -05:00
662160ef61
Refactor mixin
2014-12-16 23:48:53 -06:00
594b9bcfc2
Add support for AuthorizationData
2014-12-16 23:21:13 -06:00
9de4137aa7
Patch UA/Proxy settings during migration, lands #3632
2014-12-16 22:21:48 -06:00
370f6003e3
Refactors metsrv patching in reverse_hop_htt.rb
2014-12-17 11:57:17 -05:00
1930eb1bf8
Refactors metsrv patching in reverse_http.rb
2014-12-17 10:04:43 -05:00
2649d482fe
Add support for KRB_AP_REQ
2014-12-16 18:39:42 -06:00
0f55a98450
Add support for Authenticator encoding
2014-12-16 17:45:54 -06:00
dde45a7f53
Add support for Checksum encoding
2014-12-16 17:05:35 -06:00
a93cbac7bf
Support ticket encoding
2014-12-16 16:04:13 -06:00
ce6b53b44c
Fix attribute description
2014-12-16 11:39:04 -06:00
a5f8b4319f
Add support to encode PAC-TYPE
2014-12-16 11:31:27 -06:00
1721641138
Add support for PAC-LOGON-INFO
2014-12-16 09:32:47 -06:00
c2bc79c53c
Resolves #4275 - Configurable variable name as an option
...
Resolves #4275
2014-12-15 23:59:34 -06:00
52b3025351
Reworked to avoid extending String class on blob per hdm's rec.
2014-12-15 21:40:41 -05:00
c1114c180a
Add support for PAC-CLIENT-INFO
2014-12-15 17:32:51 -06:00
64a0162e3f
Add support for PAC-SERVER-CHECKSUM
2014-12-15 17:16:43 -06:00
482c883d36
Add the parent class for pac elements
2014-12-15 17:13:52 -06:00
2c7139b936
Add support for PAC-PRIVSRV-CHECKSUM
2014-12-15 17:13:22 -06:00
4c994d84e0
Updating version to 4.11 for Flood release
2014-12-15 14:42:09 -06:00
147ff13080
Add support to decode the encryption part of as responses
2014-12-15 11:47:08 -06:00
643279b54b
Add support to decode the encryption part of as responses
2014-12-15 11:46:11 -06:00
c24fdb81b5
Land #4389 , Meatballs1's fix for enum_ad_* post module regressions
...
Fixes #4387 by adjusting for the new return type from ADSI queries.
2014-12-15 10:45:12 -06:00
d81cdd6cbb
Add KdcResponse spec first draft
2014-12-14 21:20:54 -06:00
c3a2bcf956
Make KdcResponse decoding better
2014-12-14 21:01:09 -06:00
442adb080f
Add first support to decode tickets
2014-12-14 20:51:26 -06:00
35742873c7
Delete references to deleted namespaces
2014-12-14 19:23:21 -06:00
78c76092dd
Delete namespaces from model classes
2014-12-14 19:18:30 -06:00
13ae624738
Delete namespaces
2014-12-14 19:15:57 -06:00
2d0cb5acd8
Move elements to model dir
2014-12-14 19:11:21 -06:00
328e9f62e8
Add first draft for Kerberos responses
2014-12-14 19:09:41 -06:00
483c273e17
Add support to decode responses on the Rex client
2014-12-14 17:54:17 -06:00
883bfd1f46
Add support to retrieve e-data
2014-12-14 17:23:37 -06:00
7067f2ea83
Modify Rex::Proto::Kerberos::Client to read responses
2014-12-14 16:32:25 -06:00
c5dc065fde
Add support for decoding KrbError
2014-12-14 16:26:18 -06:00
704781d0ce
Modify exception message
2014-12-14 12:11:09 -06:00
8435328af7
Fix create_tcp_connection
2014-12-14 00:54:26 -06:00
0abf5d147e
Add some documentation
2014-12-14 00:51:44 -06:00
e2617c7095
Return the workspace id in responses, lands #4142
2014-12-13 18:04:58 -06:00
00590f9f26
Adds Java serialization support, lands #4327
2014-12-13 17:47:53 -06:00
6ea5ed1a82
Shrinks windows payloads, lands #4391
2014-12-13 17:41:50 -06:00
f67a32ef9c
Add missing commits from #3770 , lands #4393
2014-12-13 17:36:26 -06:00
19adfca8ce
Updated stubs from source
2014-12-13 12:55:41 -06:00
5d18de2ebf
Fix legacy railgun LDAP implementation
2014-12-13 18:26:26 +00:00
92490ab5e8
Singles updated from the source
2014-12-13 12:22:07 -06:00
4681416a0f
Update block_api with @schierlm's changes
2014-12-13 12:06:38 -06:00
bde8c380c2
Make mixin run
2014-12-13 02:46:00 -06:00
f676b72767
Add Kademlia scanner, lands #4210
2014-12-12 16:40:58 -06:00
9545b6e4d6
Land #4343 , os_flavor reduction
2014-12-12 14:49:15 -06:00
ac004d2770
Fix bruteforce validators to accept nil
...
bruteforce_speed isn't always required, because the speed checker
already handles nil (and presumes the user wants the fastest possible).
See also MSP-11842
2014-12-12 13:57:37 -06:00
jvazquez-r7
William Vu
nstarke
sgabe
Brent Cook
James Lee
Jon Hart
David Maloney
Christian Mehlmauer
sinn3r
Meatballs
OJ
Samuel Huckins
rastating
dmooray
Sven Vetsch
Spencer McIntyre
Tod Beardsley
Joe Vennix
Fernando Arias
Matt Buck
Trevor Rosen
HD Moore
Sean Verity