516b61ebaa
Merged master
2018-04-26 16:02:56 -05:00
e97693d056
Cleanup
2018-04-26 16:01:15 -05:00
195b405d69
First pass at all test working, added travis ci build
2018-04-26 15:12:53 -05:00
0fa0358993
Land #9853 , Update Linux sock_sendpage local exploit module
2018-04-26 14:30:51 -05:00
67e7f917e7
Weekly dependency update
2018-04-26 10:05:16 -07:00
dbdb35cf08
Land #9877 , Add kernel feature post API methods
2018-04-25 22:18:28 -05:00
fc83a130f8
Land #9885 , datastore fixes for stager retry code
2018-04-25 18:53:00 -05:00
31563a977c
use OO rather than duck typing for parameter copying
2018-04-25 18:41:14 -05:00
9bdba7e234
s/clone/ds/g
2018-04-25 18:35:45 -05:00
fdc11ac607
Land #9931 , minor fixes for #9876 (Drupalgeddon 2)
2018-04-25 18:14:12 -05:00
873cbcee27
Fix #9876 , minor updates to Drupalgeddon 2
...
1. Tested versions are already listed in the module doc, and we've
tested more than just 7.57 and 8.4.5 now. Removing a source of potential
inconsistency in the future.
2. No problem with ivars anymore. No idea what happened, but maybe I was
just too tired to code. Removing cleanup method.
2018-04-25 18:09:54 -05:00
eb79bc47f0
update module metadata
2018-04-25 17:09:39 -05:00
2487314821
Land #9869 , Add support for shellcode encryption for msfvenom
2018-04-25 15:51:05 -05:00
f52e6a18a2
Land #9876 , Drupalgeddon 2
2018-04-25 15:49:53 -05:00
644889a324
Add TurnKey Linux ISOs to module doc setup section
2018-04-25 14:32:26 -05:00
a5172e066d
Land #9926 , check remote data service before connecting
...
This PR adds a check prior to connecting to a remote data service
to verify it is online and returning expected data. This prevents
crashes that were occurring when unexpected responses were returned
2018-04-25 14:07:33 -05:00
071a191055
Merge master + workspace removal from http remote data service
2018-04-25 13:39:46 -05:00
b8eb7f2a86
Set target type instead of regexing names
...
We're no longer matching multiple targets like /In-Memory/ or /Dropper/,
so it makes sense to match on a specific value now.
Old matching in this commit: 1900aa2708
2018-04-25 11:53:26 -05:00
2cd0228db2
Land #9900 , add base64 encoder for ruby
2018-04-25 04:06:50 -05:00
d1fc112441
Land #9924 , Improve debug output in ETERNALBLUE's verify_arch
2018-04-25 03:57:52 -05:00
4cba6d1df4
suggest a reason if we get no server response
2018-04-25 03:57:12 -05:00
3eac989fb0
Land #9886 , ignore unused tags on host import
2018-04-25 03:41:55 -05:00
675ed78948
Update module doc with patch level detection
2018-04-24 23:30:05 -05:00
910e9337fb
Use print_good for patch level check, oops
2018-04-24 23:21:22 -05:00
b7ac16038b
Correct comment about PHP CLI (it's not our last!)
2018-04-24 23:18:51 -05:00
ec43801564
Add check for patch level in CHANGELOG.txt
...
Looks like 8.x has core/CHANGELOG.txt instead.
2018-04-24 23:12:33 -05:00
2ff0e597a0
Add SA-CORE-2018-002 as an AKA ref
...
Makes sense to me. Even though it's technically the advisory.
2018-04-24 22:51:33 -05:00
8bc1417c8c
Use PHP_FUNC as a fallback in case assert() fails
...
Additionally drop a file in a writable directory in case CWD fails.
2018-04-24 22:29:27 -05:00
e03ebf9446
Don't make a header out of tested version
...
Reads a little better now.
2018-04-24 21:06:38 -05:00
89c95cae08
Remove block quote and add version to sample run
...
The block quote was ripped directly from the module description. It
isn't necessary in the dedicated documentation. Reads better now.
2018-04-24 21:02:30 -05:00
8ff4407ca6
Clarify version detection error message
...
This was supposed to imply that we couldn't configure the exploit for a
targetable version. Instead, it just read weirdly. I think it was
missing "to target" at the end. "Determine" is a much better word,
though, since we may be doing detection instead of mere configuration.
2018-04-24 20:51:51 -05:00
1040713d30
Land #9925 , fix db_import for workspaces
2018-04-24 18:19:15 -05:00
43edf46c43
Fix set data service for no database YAML case
2018-04-24 18:34:16 -04:00
359ef27834
Narrow rescue scope to StandardError
2018-04-24 17:19:54 -04:00
f66029d129
Validate remote data service instance
...
Adds simple data service instance validation when registering and
setting a data service.
2018-04-24 16:54:10 -04:00
01dd79173b
Add data proxy and service for online check
2018-04-24 15:11:16 -04:00
0d284197cb
Add MsfServlet to host endpoint for online check
2018-04-24 15:01:17 -04:00
e5513409db
Include :workspace in db_import opts
2018-04-24 13:53:55 -05:00
c81ad8fec0
Changes after review
2018-04-24 18:33:27 +02:00
cfaca5baa3
Restore a return lost in the refactor :(
...
Also spiff up comments.
2018-04-24 11:25:55 -05:00
a0f16b4a66
Prefer print_warning for consistency
2018-04-24 11:17:19 -05:00
7ef8b99480
Improve printing in ETERNALBLUE's verify_arch
...
Now shows the invalid arch instead of showing nothing.
2018-04-24 11:09:54 -05:00
08c1cd5909
Land #9851 , add workaround require for non-powershell psexec
2018-04-24 08:22:58 -05:00
b3118193e8
add todo comment on require
2018-04-24 08:22:31 -05:00
30abdfe2fd
move copy up so it's clear what we call by default
2018-04-24 06:40:15 -05:00
7afefe07a6
aliases was not being copied, dup it
2018-04-24 06:32:54 -05:00
1d376c78e2
ensure copy exists on DataStore too
2018-04-24 06:32:38 -05:00
505810ffd6
introspect the RHS since it it is not guaranteed to be a Datastore
2018-04-24 06:15:05 -05:00
d34119548d
replace some @ with self.
2018-04-24 06:03:02 -05:00
cd4861610f
Explain available targets in documentation
...
Oops.
2018-04-24 04:31:30 -05:00
christopher lee
Brent Cook
Metasploit
William Vu
Jeffrey Martin
James Barnett
Matthew Kienow
Robin Stenvi