Commit Graph

40703 Commits (3e1cd0c78943382a47abff01f52d7661647d3536)

Author SHA1 Message Date
darkbushido 3e1cd0c789
adding a check to make sure you only give a signle private type 2017-01-09 15:13:36 -06:00
darkbushido 6bd2e03f37 dding realm tests showed a bug. its now squashed. 2017-01-09 13:04:34 -06:00
darkbushido fe3885f88a changing expect do end back to expect {} 2017-01-09 13:04:34 -06:00
darkbushido 30fe429ada fixing more whitespace issues
converting double quotes to single
2017-01-09 13:04:34 -06:00
darkbushido 0c3760a843 adding more tests
rubocoping the file
2017-01-09 13:04:34 -06:00
darkbushido 3674b25885 fixing the tests, more need to be added 2017-01-09 13:04:34 -06:00
darkbushido a3b1f7e360 the commands now work, onto tests 2017-01-09 13:04:34 -06:00
darkbushido 23cbc99341 changing the creds add command to use named params 2017-01-09 13:04:34 -06:00
darkbushido c179e0358f origin_type manual requires a user... 2017-01-09 13:04:34 -06:00
darkbushido 18c7fc5a85 moving the cred tests out of the db tests 2017-01-09 13:04:34 -06:00
darkbushido ed3b34179b moving creds to its own dispatcher 2017-01-09 13:04:34 -06:00
William Vu 1a04691201
Fix #2504, edit command fixes I missed 3y ago
local_editor was never nil, so there was some dead code.
2017-01-08 03:02:19 -06:00
Adam Cammack dbdc558f0b
Land #7776, don't log on harmless DB errors 2017-01-06 18:25:13 -06:00
dmohanty-r7 5cba9b0034
Land #7747, Add LoginScanner module for BAVision IP cameras 2017-01-06 16:25:44 -06:00
Metasploit b074042b99
Bump version of framework to 4.13.13 2017-01-06 12:00:26 -08:00
dmohanty-r7 171f3b3e7d Land #7791, Fix target_host name collision 2017-01-06 13:50:52 -06:00
David Maloney 2108913e77
target_host method had a name collision
this method appears to have been accidentaly overriding another
method causing sessions to never finish being established
2017-01-06 12:44:37 -06:00
Metasploit 1ef2e54539
Bump version of framework to 4.13.12 2017-01-06 10:03:13 -08:00
William Vu 969df408c7
Land #7786, Microsoft Edge constant for HttpClient 2017-01-05 21:07:57 -06:00
dmohanty-r7 a5665d53f2
Land #7766, Add Automatic Targeting to all Exploits 2017-01-05 11:05:53 -06:00
Carter c42295b9ac Delete extraneous documentation 2017-01-04 22:44:44 -05:00
Carter 55ccfa7679 fix doc location from previous branch 2017-01-04 22:32:44 -05:00
Carter e85721113a Add Edge to constants 2017-01-04 22:20:42 -05:00
William Vu 19319f15d4
Land #7626, Eir D1000 modem exploit 2017-01-04 17:02:39 -06:00
Metasploit 7ef4db1465
Bump version of framework to 4.13.11 2017-01-04 14:53:33 -08:00
William Vu b0e79076fe Switch to wget CmdStager and tune timing
We don't want to trample the device with requests.
2017-01-04 16:42:53 -06:00
William Vu 94d76cfb06 Merge remote-tracking branch 'upstream/master' into tr-069-ntpserver-command-injection 2017-01-03 17:04:04 -06:00
Brent Cook 7585999e18
Land #7782, Update themoon exploit to use wget command stager 2017-01-03 16:30:12 -06:00
wchen-r7 ed74b239e3
Land #7768, PHPMailer Sendmail Argument Injection exploit 2017-01-03 16:04:05 -06:00
wchen-r7 3155af679a Fix a typo 2017-01-03 16:03:45 -06:00
Adam Cammack fe0a3c8669
Update themoon exploit to use wget command stager 2017-01-03 15:50:57 -06:00
David Maloney dcd7ba11bf
update mdm
update mdm to use the new os family
2017-01-03 15:04:15 -06:00
David Maloney 31d36d9112 if autotargeting fails fall back
fallback to the original first target if auto-targeting fails
2017-01-03 14:38:52 -06:00
David Maloney 9dc4ee57b6 minor fixes to linux example module
fixed a copy paste error in the linux_autotarget
test exploit and added actual linux targets to it
2017-01-03 14:38:52 -06:00
David Maloney 5fd531028c ome minor guards and spec fixes
some minor conditional guards and spec fixes
2017-01-03 14:38:51 -06:00
David Maloney 5b512819c8 revert testing changes from gemfile
MS-2325
2017-01-03 14:38:51 -06:00
David Maloney 2d5158403b add YARD docs to auto target methods
added YARD docs

MS-2325
2017-01-03 14:38:51 -06:00
David Maloney a61b92aa3e tweak target selection
the target selection actually adjust the datastore
as if a user selected the target, this prevents
a mismatch between the target and the target index

MS-2325
2017-01-03 14:38:51 -06:00
David Maloney 3d2957dff1 tying it all together
insert our autotarget routine into
the main target selection process

MS-2325
2017-01-03 14:38:50 -06:00
David Maloney 44830dfc54 prefer authour's target over ours
if the module authour added an automatic target
we skip our routine, to let the module's own automatic targeting
take over as it likely be better

MS-2325
2017-01-03 14:38:50 -06:00
David Maloney 1afc57da40 determine most precise filter
drop back to our most precise level of filtering

MS-2325
2017-01-03 14:38:50 -06:00
David Maloney 201b65e43d remaining os filtering
now can filter by os name and service pack
need to do final logic to turn that into an actual
target selection

MS-2325
2017-01-03 14:38:50 -06:00
David Maloney 05ac2ee6ed convert first stage to os_family
added the new os-family column to Host
so now we use that as our first stage filter
for targets

MS-2325
2017-01-03 14:38:49 -06:00
David Maloney 95d5c7a778 filtering by os_name
targets now filtered by OS name, but a little
more processing may be needed on this part because
it looks like what you'd expect in os_flavor gets jammed
into name instead

MS-2325
2017-01-03 14:38:49 -06:00
David Maloney f107408389 target_host specs
add specs for finding the 'target host' ie.
the mdm::Host object related to the RHOST value
to see what we know about our target

MS-2325
2017-01-03 14:38:49 -06:00
David Maloney 4060e63b89 add tests for auto target addition
tests to make sure we add auto targets only
in the appropriate conditions

MS-2325
2017-01-03 14:38:49 -06:00
David Maloney 84d5e42e4f start gearing up for testing
start getting auto-targeting test framework in place
so we can have unit tests for this behaviour

MS-2325
2017-01-03 14:38:45 -06:00
David Maloney 769d477e97 if no automatic target defined, add one
if an exploit does not have a defined automatic target
then we add one in for our fallback auto-targeting

MS-2325
2017-01-03 13:54:34 -06:00
William Vu f25ced04af
Update rex-exploitation to 0.1.8 2017-01-03 12:04:18 -06:00
Brent Cook 3808eebad8
Land #7704, Update jobs output to show TCP listener information 2017-01-02 15:44:49 -06:00