infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
22,620 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

7051 Commits (52371be52af753d271103ffe0cba313d1e2b7a30)

Author SHA1 Message Date
William Vu dc4b4218b3 Make {COUNT,SIZE}_MAX more readable 
Good suggestion, @jlee-r7.
 2014-01-21 12:13:14 -06:00
William Vu 6a16cf96ba Fix bug in fsupload 
Badchar analysis: file may contain form feeds.
 2014-01-21 11:36:24 -06:00
jvazquez-r7 ac9e634cbb
Land #2874, @mandreko's sercomm exploit fixes 2014-01-16 16:35:32 -06:00
sinn3r a1eba03d1f
Land #2725 - Rex::Proto::PJL plus modules 2014-01-16 15:57:38 -06:00
William Vu 9bf90b836b Add environment variables support 2014-01-16 14:53:25 -06:00
William Vu 0915212249 Fix socket timeout bug 2014-01-16 11:58:37 -06:00
jvazquez-r7 0b9ff43217 Make slice_up_payload easier 2014-01-16 11:03:22 -06:00
jvazquez-r7 f41849c921 Clean CmdStagerEcho 2014-01-16 11:00:57 -06:00
William Vu 311704fc0a Perform final cleanup 2014-01-15 13:49:37 -06:00
HD Moore 68ccdc8386 Fix a stack trace when module_payloads.rb is run 
This fixes a missing check for self.target being nil in the compatible_payloads method
 2014-01-13 15:36:33 -08:00
Matt Andreko b7b1ddf1e8 Sercomm Exploit module fixes 
Added targets for 8 specific targets that I've tested: Cisco WAP4410N,
Honeywell WAP-PL2 IP Camera, Netgear DG834, Netgear DG834G, Netgear
DG834PN, Netgear DGN1000, Netgear DSG835, Netgear WPNT834
Added functionality to the CmdStagerEcho mix-in to support encoding via
octal instead of hex based on the :enc_type option. This is because many
devices would not output hex encoded values properly.
Added options on a per-target basis for the PackFormat (endian pack()
values for communication), UploadPath (because /tmp wasn't always
writable), and PayloadEncode (previously mentioned octal encoding
option)
Note for some reason, some devices communicate over one endianness, but
then require a payload for the other endianess. I'm not sure what's
causing this, but if those specific combinations are not used, the
exploit fails. More research may be required for this.
 2014-01-13 16:58:32 -05:00
William Vu 4ccf1a4720
Land #2873, Msf::Handler::ReverseHttp::UriChecksum 2014-01-13 15:38:56 -06:00
David Maloney 41807d7e4e move rev_http uri checksum code 
need access to the uri checksum
routines outside of the handler.
moved them to their own mixin
and then mixed into the handler.
added specs also
 2014-01-13 15:18:16 -06:00
Tod Beardsley e6e6d7aae4
Land #2868, fix Firefox mixin requires 2014-01-13 14:23:51 -06:00
Joe Vennix 3db143c452 Remove explicit requires for FF payload. 
Adds ff payload require to msf/core/payload.rb
 2014-01-13 13:07:55 -06:00
jvazquez-r7 95a5d12345 Merge #2835, #2836, #2837, #2838, #2839, #2840, #2841, #2842 into one branch 2014-01-13 10:57:09 -06:00
sinn3r cacd7ff9d4
Land #2827 - Add firefox js xpcom payloads for universal ff shells 2014-01-10 14:29:32 -06:00
William Vu b43a221959
Land #2855, Rex::Socket refactor and specs 2014-01-09 16:20:50 -06:00
James Lee ba252ec0c3
Use 'unless' instead of 'if not' 2014-01-09 16:01:58 -06:00
William Vu f00e5a678b
Land #2854, #next nil beug fix 2014-01-09 15:39:06 -06:00
William Vu c3b1eea5fd
Land #2853, user survey banner splat 2014-01-23 00:05:25 -06:00
Tod Beardsley 02018077ea
dangit odd number of ]s 2014-01-09 15:15:47 -06:00
James Lee 7cb6836209
Replace unused var with purpose-revealing comment 2014-01-09 15:07:04 -06:00
James Lee 27133257a4 Better docs, more accurate var names 2014-01-09 15:05:19 -06:00
James Lee 20a5bf45f5
Fix beug with #next raising after the end 
... instead of the old behavior or just returning nil again
 2014-01-09 15:03:11 -06:00
Tod Beardsley 25337888b0
Move back the expires date. 2014-01-09 14:51:23 -06:00
Tod Beardsley fe3fed1dba
Add a link to http://bit.ly/msfsurvey in banner 2014-01-09 14:37:41 -06:00
Tod Beardsley e4460278d2
Fix the closing brackets on the banner. 2014-01-09 14:37:25 -06:00
William Vu 1893cbca0e
Land #2843, RangeWalker resolution failure bug fix 2014-01-09 14:36:32 -06:00
James Lee 1519af33f5
Refactor `getaddress` in terms of `getaddresses` 2014-01-09 11:03:24 -06:00
jvazquez-r7 85203c2f2a
Land #2823, @mandreko's exploit module for OSVDB 101653 2014-01-09 10:27:44 -06:00
James Lee 01f350964f
Add specs for some stuff in Rex::Socket 2014-01-09 10:19:19 -06:00
William Vu 27f079ad7c Move {begin,end}_job from libs to modules 2014-01-09 01:03:01 -06:00
William Vu 025fc79683 Refactor commands for modularity 2014-01-09 01:03:01 -06:00
William Vu 3fca11e5ac Replace magic numbers with constants 2014-01-09 01:03:01 -06:00
William Vu 2f2823e323 Remove newline from end_job to conform to spec 2014-01-09 01:03:01 -06:00
William Vu d3bbe5b5d0 Add filesystem commands and new PoC modules 
This commit also refactors some of the code.
 2014-01-09 01:03:01 -06:00
William Vu af66310e3a Address @jlee-r7's comments 2014-01-09 01:03:01 -06:00
William Vu bab32d15f3 Address @wchen-r7's comments 2014-01-09 01:03:00 -06:00
William Vu 1c889beada Add Rex::Proto::PJL and PoC modules 2014-01-09 01:03:00 -06:00
Matt Andreko d2458bcd2a Code Review Feedback 
Migrated the Sercomm module to use the CmdStager mixin to provide
uploading of the ELF binary.
Modified the CmdStagerEcho mixin to allow bypass of the "-en " since in
this case, the device messed up when it was used, and would actually
write the "-en " to the file, from some flaky busybox version of "echo".
 2014-01-08 22:21:32 -05:00
James Lee 4bfe6b1b08
Remove pointless checks and add some docs 2014-01-08 14:37:40 -06:00
James Lee 4ba0020934
Simplify the logic deciding when we're finished 2014-01-08 14:22:44 -06:00
James Lee 22bdca92f4
Remove the ipv6 attr on Range 
Makes more sense in the option hash.
 2014-01-07 16:52:34 -06:00
James Lee 9c23910b69
Refactor Socket::Range 
There was really no reason for it to inherit from Array. Also adds a few
more specs and gets coverage up to a more respectable percentage.
 2014-01-07 16:31:55 -06:00
Joe Vennix 7af8fe9cd1 Catch exceptions in an XSS script and return the error. 2014-01-07 16:23:24 -06:00
Joe Vennix fb1a038024 Update async API to actually be async in all cases. 
This avoids zalgo. Also optionally checks the return value
of the compiled Function in XSS to allow you to use send()
or an explicit return, which is maybe more natural for
synchronous xss payloads.
 2014-01-07 16:17:34 -06:00
Niel Nielsen 73e359ede1 Update reverse_tcp.rb 
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
 2014-01-07 22:06:11 +01:00
Niel Nielsen e3a3b560e2 Update bind_tcp.rb 
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
 2014-01-07 22:02:52 +01:00
James Lee 2ed9772080
Fix unhandled exceptions when resolution fails 2014-01-07 12:00:04 -06:00