Commit Graph

841 Commits (479664b5aab7cf7f622afd78cfa613ca07258b9b)

Author SHA1 Message Date
Meatballs a76ee6c2ec Add flexibility to lib 2013-07-04 11:03:48 +01:00
Meatballs 1368c1c27f Move options to lib 2013-07-04 10:25:08 +01:00
Meatballs 03de8c1c3d Pull in exploit/powershell 2013-07-04 09:54:40 +01:00
Josh d7eda343e9 fix typo in comment
change runing to running
2013-06-27 03:12:49 -05:00
James Lee 81b4efcdb8 Fix requires for PhpEXE
And incidentally fix some msftidy complaints
2013-06-19 16:27:59 -05:00
HD Moore 819080a147 Enable rhost/rport option overrides in HttpClient 2013-06-17 11:45:01 -05:00
sinn3r e97aad1111 Restore file_create
file_create shouldn't have the 'filename' argument, because that
defeats the purpose of function 'file_format_filename'.  The code
change was committed by accident.  Related to #1934.
2013-06-13 16:42:18 -05:00
sinn3r 0440c03c7a Land #1934 - Fix UltraISO Exploit File Creation 2013-06-13 13:57:09 -05:00
Tod Beardsley 9a08090b0f Inch toward making modules more testable 2013-06-10 16:02:19 -05:00
Ruslaideemin cd64e3593c Fix UltraISO file creation
This makes file creation where datastore['FILENAME'] is not used when
a different filename is required, and ends up creating files in the
wrong place.
2013-06-09 12:37:34 +10:00
sinn3r 8e2de6d14f Updates js_property_spray documentation
After many tests, it turns out address 0x0c0d2020 is the most
consistent location acorss various IE versions.  For dev purposes,
it's rather important to have this documented somewhere.

Thanks to corelanc0d3r for the data.
2013-06-07 00:28:22 -05:00
James Lee f3ff5b5205 Factorize and remove includes
Speeds up compilation and removes dependency on bionic source
2013-05-28 15:46:06 -05:00
James Lee 0466cce7b1 Move PostMixin to its own file
Also replaces dead code in lib/msf/core/exploit/local.rb with what was
actually being used for the Exploit::Local class that lived in
lib/msf/core/exploit.rb.
2013-05-28 15:46:06 -05:00
Tod Beardsley 05916c079e Inline unit tests are so last decade
Aside from codebase-wide changes, nearly all of these tests haven't been
touched since before 2010, and there is no effort to maintain this style
of testing. We've moved on to (correctly) seperating out our tests from
our codebase.
2013-05-23 12:41:14 -05:00
sinn3r 1cf485fad1 Restore tcp.rb to its current state 2013-05-22 12:06:36 -05:00
James Lee f4498c3916 Remove $Id tags
Also adds binary coding magic comment to a few files
2013-05-20 16:21:03 -05:00
James Lee 61afe1449e Landing #1275, bash cmdstager
Conflicts:
	lib/rex/exploitation/cmdstager.rb

Conflict was just the $Id$ tag, which is no longer used anyway.
2013-05-15 10:44:05 -05:00
jvazquez-r7 5cfc306466 Land @1785, @wchen-r7's API addition for the mstime ie8 technique 2013-05-02 00:00:49 -05:00
sinn3r 69f8103ffe Make animatecolor element optional by using innerHTML 2013-05-01 14:21:52 -05:00
sinn3r 3d2cb9ec3f Uses rand_text_hex for RGB values, and correcting exception handling 2013-05-01 13:41:36 -05:00
sinn3r 71afd762a9 According to MSFG, I can use RGB, so here goes 2013-04-30 18:48:21 -05:00
sinn3r ae94fbdf6c Updates documentation 2013-04-30 17:11:19 -05:00
sinn3r 9cc624456a Adds function js_mstime_malloc
This function takes advantage of MSTIME's CTIMEAnimationBase::put_values
function that's suitable for a no-spray technique (based on wtfuzz's
PoC for MS13-008)
2013-04-30 16:40:10 -05:00
James Lee 906863676e Fix a logic error in HttpServer
When a module is configured to listen on the INADDR_ANY interface, with
a payload that does not have an LHOST option, it attempts to determine
the srvhost from a client socket which would only be available when the
module has included the TcpClient mixin (i.e., it is both passive and
aggressive stance), causing a NameError for the undefined +sock+.

This commit fixes the problem in two ways:

1. It changes the default cli in get_uri to be the module's self.cli,
   which should always be set when passive modules would need it (e.g., in
   the on_request_uri method).

2. It adds a check to make sure that the calling module has a sock
   before trying to get its peerhost. This was @marthieubean's suggested
   solution in #1775.

[Closes #1775]
2013-04-29 13:44:58 -05:00
sinn3r b1e49e7116 Merge branch 'master' of github.com:rapid7/metasploit-framework into upstream-master 2013-04-25 20:54:28 -05:00
sinn3r 5b0ae1476b Let's word this a little differently 2013-04-25 20:52:51 -05:00
Meatballs b58a775af5 Added opt delay to file_dropper 2013-04-25 20:52:51 -05:00
sinn3r 008266a581 Corrects documentation. Thanks Meatballs1 2013-04-25 19:13:16 -05:00
sinn3r ff87e3622b Changes made according to feedback from Juan and James 2013-04-25 15:19:44 -05:00
sinn3r 6642545551 Adds new JavaScript function "js_download"
"js_download" is a JavaScript function used to download data (text
or binary) from the web server.
2013-04-24 17:36:45 -05:00
Tod Beardsley 25fcbd4e70 Landing #1733, setting a sensible heapsray offset
@wchen-r7 says that nobody's using it today, much less relying on the
default, so this should make no functional difference to any browser
exploits.
2013-04-15 16:32:48 -05:00
sinn3r d28db8a2a3 Forgot the comment 2013-04-12 20:21:10 -05:00
sinn3r f2cbbf43e8 Changes default offset
Points to the beginning of the block
2013-04-12 20:19:47 -05:00
James Lee 6a0b240d10 Add some better docs for Rex::Socket 2013-04-10 12:41:41 -05:00
Luke Imhoff 809969b49f Merge branch 'master' into feature/patchable-web-vuln-import 2013-04-02 22:38:54 -05:00
Luke Imhoff c210260845 Fix Undocumentable method, missing name YARD warning
[#46491831]

Comments at the start of the file with ## caused YARD to think the
comment was documenting the require call.  By removing the ##, the
warning disappeared.  I did not determine what is special about ## in
file comments.
2013-03-30 15:32:38 -05:00
David Maloney a87e414274 fix winrm poke method 2013-03-26 13:05:33 -05:00
sinn3r 0634cb9892 Need to avoid badchar 0x00
0x00 becomes double null, which functions like a terminator
2013-03-22 13:18:32 -05:00
sinn3r 566806487c Randomize the "div_container" var because it's global
It's best to randomize this variable name because it's global.
2013-03-22 13:16:14 -05:00
Spencer McIntyre 8b5a83c7f5 Remove the DECODER option 2013-03-08 15:25:16 -05:00
Spencer McIntyre aceba9fc8a Revert "escape ticks and spaces in paths"
This reverts commit 4c87b1ba36.
2013-03-08 14:37:28 -05:00
James Lee db676f1a88 Whitespace at EOL 2013-03-07 18:20:08 -06:00
James Lee 27727df415 Merge branch 'R3dy-psexec-mixin2' into rapid7 2013-03-05 14:36:55 -06:00
James Lee c0689a7d43 Merge branch 'master' of github.com:rapid7/metasploit-framework into rapid7 2013-03-04 12:14:33 -06:00
David Maloney 6dcca7df78 Remove duplicated header issues
Headers were getting duped back into client config, causing invalid
requests to be sent out
2013-03-04 11:24:26 -06:00
David Maloney 4212c36566 Fix up basic auth madness 2013-03-01 11:59:02 -06:00
David Maloney c290bc565e Merge branch 'master' into feature/http/authv2 2013-02-28 14:33:44 -06:00
sinn3r 18c0bb0ac8 Updates description again 2013-02-28 11:34:48 -06:00
sinn3r 8cb5da0794 One size rules them all. 2013-02-28 11:21:23 -06:00
sinn3r 722e077029 Update generic target 2013-02-28 11:09:52 -06:00