darkbushido
3e1cd0c789
adding a check to make sure you only give a signle private type
2017-01-09 15:13:36 -06:00
darkbushido
6bd2e03f37
dding realm tests showed a bug. its now squashed.
2017-01-09 13:04:34 -06:00
darkbushido
fe3885f88a
changing expect do end back to expect {}
2017-01-09 13:04:34 -06:00
darkbushido
30fe429ada
fixing more whitespace issues
...
converting double quotes to single
2017-01-09 13:04:34 -06:00
darkbushido
0c3760a843
adding more tests
...
rubocoping the file
2017-01-09 13:04:34 -06:00
darkbushido
3674b25885
fixing the tests, more need to be added
2017-01-09 13:04:34 -06:00
darkbushido
a3b1f7e360
the commands now work, onto tests
2017-01-09 13:04:34 -06:00
darkbushido
23cbc99341
changing the creds add command to use named params
2017-01-09 13:04:34 -06:00
darkbushido
c179e0358f
origin_type manual requires a user...
2017-01-09 13:04:34 -06:00
darkbushido
18c7fc5a85
moving the cred tests out of the db tests
2017-01-09 13:04:34 -06:00
darkbushido
ed3b34179b
moving creds to its own dispatcher
2017-01-09 13:04:34 -06:00
William Vu
1a04691201
Fix #2504 , edit command fixes I missed 3y ago
...
local_editor was never nil, so there was some dead code.
2017-01-08 03:02:19 -06:00
Adam Cammack
dbdc558f0b
Land #7776 , don't log on harmless DB errors
2017-01-06 18:25:13 -06:00
dmohanty-r7
5cba9b0034
Land #7747 , Add LoginScanner module for BAVision IP cameras
2017-01-06 16:25:44 -06:00
Metasploit
b074042b99
Bump version of framework to 4.13.13
2017-01-06 12:00:26 -08:00
dmohanty-r7
171f3b3e7d
Land #7791 , Fix target_host name collision
2017-01-06 13:50:52 -06:00
David Maloney
2108913e77
target_host method had a name collision
...
this method appears to have been accidentaly overriding another
method causing sessions to never finish being established
2017-01-06 12:44:37 -06:00
Metasploit
1ef2e54539
Bump version of framework to 4.13.12
2017-01-06 10:03:13 -08:00
William Vu
969df408c7
Land #7786 , Microsoft Edge constant for HttpClient
2017-01-05 21:07:57 -06:00
dmohanty-r7
a5665d53f2
Land #7766 , Add Automatic Targeting to all Exploits
2017-01-05 11:05:53 -06:00
Carter
c42295b9ac
Delete extraneous documentation
2017-01-04 22:44:44 -05:00
Carter
55ccfa7679
fix doc location from previous branch
2017-01-04 22:32:44 -05:00
Carter
e85721113a
Add Edge to constants
2017-01-04 22:20:42 -05:00
William Vu
19319f15d4
Land #7626 , Eir D1000 modem exploit
2017-01-04 17:02:39 -06:00
Metasploit
7ef4db1465
Bump version of framework to 4.13.11
2017-01-04 14:53:33 -08:00
William Vu
b0e79076fe
Switch to wget CmdStager and tune timing
...
We don't want to trample the device with requests.
2017-01-04 16:42:53 -06:00
William Vu
94d76cfb06
Merge remote-tracking branch 'upstream/master' into tr-069-ntpserver-command-injection
2017-01-03 17:04:04 -06:00
Brent Cook
7585999e18
Land #7782 , Update themoon exploit to use wget command stager
2017-01-03 16:30:12 -06:00
wchen-r7
ed74b239e3
Land #7768 , PHPMailer Sendmail Argument Injection exploit
2017-01-03 16:04:05 -06:00
wchen-r7
3155af679a
Fix a typo
2017-01-03 16:03:45 -06:00
Adam Cammack
fe0a3c8669
Update themoon exploit to use wget command stager
2017-01-03 15:50:57 -06:00
David Maloney
dcd7ba11bf
update mdm
...
update mdm to use the new os family
2017-01-03 15:04:15 -06:00
David Maloney
31d36d9112
if autotargeting fails fall back
...
fallback to the original first target if auto-targeting fails
2017-01-03 14:38:52 -06:00
David Maloney
9dc4ee57b6
minor fixes to linux example module
...
fixed a copy paste error in the linux_autotarget
test exploit and added actual linux targets to it
2017-01-03 14:38:52 -06:00
David Maloney
5fd531028c
ome minor guards and spec fixes
...
some minor conditional guards and spec fixes
2017-01-03 14:38:51 -06:00
David Maloney
5b512819c8
revert testing changes from gemfile
...
MS-2325
2017-01-03 14:38:51 -06:00
David Maloney
2d5158403b
add YARD docs to auto target methods
...
added YARD docs
MS-2325
2017-01-03 14:38:51 -06:00
David Maloney
a61b92aa3e
tweak target selection
...
the target selection actually adjust the datastore
as if a user selected the target, this prevents
a mismatch between the target and the target index
MS-2325
2017-01-03 14:38:51 -06:00
David Maloney
3d2957dff1
tying it all together
...
insert our autotarget routine into
the main target selection process
MS-2325
2017-01-03 14:38:50 -06:00
David Maloney
44830dfc54
prefer authour's target over ours
...
if the module authour added an automatic target
we skip our routine, to let the module's own automatic targeting
take over as it likely be better
MS-2325
2017-01-03 14:38:50 -06:00
David Maloney
1afc57da40
determine most precise filter
...
drop back to our most precise level of filtering
MS-2325
2017-01-03 14:38:50 -06:00
David Maloney
201b65e43d
remaining os filtering
...
now can filter by os name and service pack
need to do final logic to turn that into an actual
target selection
MS-2325
2017-01-03 14:38:50 -06:00
David Maloney
05ac2ee6ed
convert first stage to os_family
...
added the new os-family column to Host
so now we use that as our first stage filter
for targets
MS-2325
2017-01-03 14:38:49 -06:00
David Maloney
95d5c7a778
filtering by os_name
...
targets now filtered by OS name, but a little
more processing may be needed on this part because
it looks like what you'd expect in os_flavor gets jammed
into name instead
MS-2325
2017-01-03 14:38:49 -06:00
David Maloney
f107408389
target_host specs
...
add specs for finding the 'target host' ie.
the mdm::Host object related to the RHOST value
to see what we know about our target
MS-2325
2017-01-03 14:38:49 -06:00
David Maloney
4060e63b89
add tests for auto target addition
...
tests to make sure we add auto targets only
in the appropriate conditions
MS-2325
2017-01-03 14:38:49 -06:00
David Maloney
84d5e42e4f
start gearing up for testing
...
start getting auto-targeting test framework in place
so we can have unit tests for this behaviour
MS-2325
2017-01-03 14:38:45 -06:00
David Maloney
769d477e97
if no automatic target defined, add one
...
if an exploit does not have a defined automatic target
then we add one in for our fallback auto-targeting
MS-2325
2017-01-03 13:54:34 -06:00
William Vu
f25ced04af
Update rex-exploitation to 0.1.8
2017-01-03 12:04:18 -06:00
Brent Cook
3808eebad8
Land #7704 , Update jobs output to show TCP listener information
2017-01-02 15:44:49 -06:00