b78f7b4d55
Land #6319 , @all3g's module for abusing redis to achieve file uploads
2015-12-14 18:00:44 -08:00
6611da9239
strip, not stripgit diff. strip! returns nil if the string was unmodified
2015-12-11 19:22:57 -08:00
dcdc21e2db
Correct unbalanced quotes
...
You down with OCD (Yeah you know me).
2015-12-11 18:44:14 -08:00
e23908d672
Improve verbose output related to authentication handling
2015-12-11 18:32:00 -08:00
1a0f71b6fa
Try to catch case where post-auth commands are failing
2015-12-11 17:23:03 -08:00
9cec3d9e6b
Move redis password option to non-advanced
2015-12-11 17:03:49 -08:00
1fecd9846c
Bury some helper methods behind private
2015-12-11 10:13:13 -08:00
9ef46140c0
Improve output when success
2015-12-11 10:10:44 -08:00
32a64c3d8e
Make auth easier, work automatically and on older redis versions
...
Also, improve check
2015-12-11 10:04:47 -08:00
ac47c87af4
Move Password option to redis mixin
2015-12-11 08:53:11 -08:00
38d0b0a0f2
Wire in @all3g's redis auth code
2015-12-11 08:42:59 -08:00
555e52e416
Document the redis upload process more
2015-12-10 09:35:46 -08:00
00f72b279b
Cleaner printing when in verbose
2015-12-10 09:12:54 -08:00
21ab4e96e5
First pass at redis mixin
2015-12-10 08:29:59 -08:00
080ec26afb
Land #4489 , Update SMB admin modules to use Scanner & fixes
2015-12-08 14:49:26 -06:00
14b1b3a1f0
Land #6299 , Stageless HTTP(S) Python Meterpreter
2015-12-04 16:16:54 -06:00
d7aeabbb71
Land #6293 , listener bind_port fix
2015-12-02 13:16:23 -06:00
388edd3207
Fix the scheme for the pymet ProxyHandler
2015-11-30 13:45:24 -05:00
fba9715a56
Add stageless python meterpreter http & https payloads
2015-11-28 17:41:55 -05:00
0c8eb6fb37
Display ReverseListenerBindPort if it is set
...
ReverseListenerBindPort overrides LPORT if it is used. The `listener_uri`
method should use the output `bind_port` to account for this.
2015-11-27 09:16:20 +00:00
e5119e6446
use payload_uri's result to derive lhost / lport
2015-11-26 15:21:51 -06:00
216119c05c
unfold override lhost/lport logic
2015-11-26 15:15:21 -06:00
1b495e73ac
Further reduce python reverse_http duplicate code
2015-11-26 14:31:00 -05:00
bd25ffa48c
Consolidate py reverse http uri code into a mixin
2015-11-26 13:32:50 -05:00
d9655fc882
Use LPORT if opts[:lport] is undefined
...
`nil.to_i` returns 0 which will short circuit the || resulting in port 0
being used. nil should be checked for prior to casting to int.
2015-11-26 16:08:22 +00:00
8923252de7
Land #6259 , NoMethodError in vim_soap.rb fix
...
We haven't been able to get the XML data that would cause the error, all we have is a backtrace. So "verification" is purely code reading. Thanks @wchen-r7
Fixes #6085
Merge remote-tracking branch 'origin/pr/6259'
2015-11-24 17:33:35 -06:00
7ad8adf67f
Land #6240 , change default SMBDomain to '.'
2015-11-24 12:58:46 -06:00
5303079ba4
Land #6262 , local exploit add not implemented error
2015-11-23 14:23:13 -06:00
5654b6b2e2
Land #6227 , reverse_hop_http updates and HTTPS unification
2015-11-23 06:29:15 -06:00
25f2241aa3
Land #6246 , show the user errors from create_session
2015-11-23 06:01:08 -06:00
353cad2cc6
Update to match active & github account merge
2015-11-22 13:38:26 -06:00
b636aeb303
rm print_warning
2015-11-20 19:38:33 -06:00
d405f31c35
Add a NotImplementedError if run is used to run a local exploit
...
Running a local exploit like a post is not currently supported,
we should at least raise a warning or something, and not just
let it backtrace and confuse the user.
2015-11-19 14:31:31 -06:00
a78fa7c3d9
Fix #4273 , print error in create_session
...
Fix #4273
2015-11-16 17:17:20 -06:00
708cbe9479
change the default SMBDomain to .
...
Due to a recent change using WORKGROUP
as the SMBDomain causes Trust errors.
Using '.' instead works fine.
2015-11-16 12:20:27 -06:00
a1ab8f1dc7
added Session info display to module output
...
output from the mssql_local_auth_bypass module
is now prefixed with the Session id and address
of the target host so it is explicitly clear
where it is performing each action
MS-706
2015-11-16 12:13:26 -06:00
cd4aa28d11
Transport priority changes
...
Pass in the "lhost" and "lport" options to the default transport during the native payload. This takes the following LHOST priorities:
1. OverrideLHOST, only if OverrideRequestHost is TRUE
2. The request Host: header.
3. The LHOST datastore.
2015-11-13 13:21:46 +00:00
9d9865150b
Transport priority changes
...
Default transport request should set the priority to the Host: request header, and the subsequent OverrideRequestHost, OverrideLHOST, and OverrideLPORT options in the handler for reverse_http(s).
2015-11-13 13:19:01 +00:00
8703987535
Add HTTPS and new transport support for hop
2015-11-11 21:25:23 -06:00
15eb135295
Resolve merge conflicts
2015-11-09 18:15:40 -08:00
ceaf7440a7
Send full message
2015-11-06 12:15:17 -06:00
19652e79c3
Delete comments
2015-11-06 12:15:07 -06:00
ca1502c00a
Fix SMTP send_message to not block
2015-11-06 12:14:59 -06:00
a71d7ae2ae
Land #6089 , @jvazquez-r7 Fix HTTP mixins namespaces
2015-11-05 16:56:41 -06:00
f629f98fdc
Resolve 6174, require meterpreter_options
2015-10-31 18:47:22 +05:00
be23da1c1f
Merge branch 'upstream-master' into land-6120-python-stageless
2015-10-30 17:26:26 -05:00
977b3449b7
Fix #6085 , NoMethodError in vim_soap.rb
...
Fix #6085
2015-10-30 11:02:02 -05:00
657a5481dc
fix rpc session conditional to allow powershell read/write
2015-10-28 11:49:32 -05:00
f2b4737e4a
Land #6127 , Fix #3859 Add support for registry_key_exist?
2015-10-23 10:59:57 -05:00
b76192dbcb
Land #6099 , make_nops doesn't take into account all the compatible encoders
2015-10-22 21:26:25 -05:00
Jon Hart
wchen-r7
Sonny Gonzalez
Spencer McIntyre
Jon Cave
Brent Cook
Kyle Gray
Louis Sato
HD Moore
David Maloney
sammbertram
scriptjunkie
jvazquez-r7
dmohanty-r7
void-in