infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
34,680 Commits
7 Branches
556 Tags
419 MiB
Commit Graph

48 Commits (54a45ac80c9042bcad20be7aaa2612b25ec3cefd)

Author SHA1 Message Date
URI Assassin 35d3bbf74d
Fix up comment splats with the correct URI 
See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
 2014-10-17 11:47:33 -05:00
Tom Sellers 8f47edb899 JBoss_Maindeployer: improve feedback against CVE-2010-0738 
The exploit against CVE-2010-0738 won't work when using GET or POST.  In the existing code the request would fail and the function would return a nil.  This would be passed to detect_platform without being checked and cause the module to crash ungracefully with the error:

Exploit failed: NoMethodError undefined method `body' for nil:NilClass

The first changes detect a 401 authentication message and provide useful feedback.  Given that if, in any case, 'res' is not a valid or useful response the second change just terminates processing.

I've stayed with the module's coding style for consistency.
 2014-04-24 12:37:14 -05:00
Tod Beardsley 23d058067a
Redo the boilerplate / splat 
[SeeRM #8496]
 2013-10-15 13:51:57 -05:00
Tod Beardsley c547e84fa7 Prefer Ruby style for single word collections 
According to the Ruby style guide, %w{} collections for arrays of single
words are preferred. They're easier to type, and if you want a quick
grep, they're easier to search.

This change converts all Payloads to this format if there is more than
one payload to choose from.

It also alphabetizes the payloads, so the order can be more predictable,
and for long sets, easier to scan with eyeballs.

See:
  https://github.com/bbatsov/ruby-style-guide#collections
 2013-09-24 12:33:31 -05:00
Tab Assassin 41e4375e43 Retab modules 2013-08-30 16:28:54 -05:00
HD Moore 6c1ba9c9c9 Switch to Failure vs Exploit::Failure 2013-08-15 14:14:46 -05:00
David Maloney c290bc565e Merge branch 'master' into feature/http/authv2 2013-02-28 14:33:44 -06:00
David Maloney 0ae489b37b last of revert-merge snaffu 2013-02-19 23:16:46 -06:00
James Lee 9d4a3ca729 Fix a typo that broke this module against x64 
[SeeRM #7747]
 2013-02-19 19:22:42 -06:00
Tod Beardsley 8ddc19e842 Unmerge #1476 and #1444 
In that order. #1476 was an attempt to salvage the functionality, but
sinn3r found some more bugs. So, undoing that, and undoing #1444 as
well.

First, do no harm. It's obvious we cannot be making sweeping changes in
libraries like this without a minimum of testing available. #1478 starts
to address that, by the way.

FixRM #7752
 2013-02-11 20:49:55 -06:00
David Maloney 4c1e630bf3 BasicAuth datastore cleanup 
cleanup all the old BasicAuth datastore options
 2013-02-04 13:02:26 -06:00
sinn3r c174e6a208 Correctly use normalize_uri() 
normalize_uri() should be used when you're joining URIs.  Because if
you're merging URIs after it's normalized, you could get double
slashes again.
 2013-01-30 23:23:41 -06:00
Tod Beardsley 33751c7ce4 Merges and resolves CJR's normalize_uri fixes 
Merge remote-tracking branch 'ChrisJohnRiley/set_normalize_uri_on_modules'
into set_normalize_uri_on_modules

Note that this trips all kinds of msftidy warnings, but that's for another
day.

Conflicts:
	modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb
	modules/exploits/windows/http/xampp_webdav_upload_php.rb
 2013-01-07 11:16:58 -06:00
Christian Mehlmauer 8f2dd8e2ce msftidy: Remove $Revision$ 2013-01-04 00:48:10 +01:00
Christian Mehlmauer 25aaf7a676 msftidy: Remove $Id$ 2013-01-04 00:41:44 +01:00
Garret Picchioni fa42d0c7fe Fixed minor spelling errors 2012-12-17 15:18:08 -07:00
Chris John Riley f88ec5cbc8 Add normalize_uri to modules that may have 
been missed by PULL 1045.

Please ensure PULL 1045 is in place prior to
looking at this (as it implements normalize_uri)

ref --> https://github.com/rapid7/metasploit-framework/pull/1045
 2012-11-08 17:42:48 +01:00
sinn3r f1423bf0b4 If a message is clearly a warning, then use print_warning 2012-10-24 00:44:53 -05:00
h0ng10 6965431389 Added support for CVE-2010-0738, msftidy 2012-08-15 15:47:14 -04:00
h0ng10 8872ea693c real support for cve-2010-0738/verb bypass 2012-08-03 14:22:40 -04:00
h0ng10 52b1919315 Additional cleanups, verb tampering 2012-08-02 17:33:17 -04:00
h0ng10 61ec07a10c additional targets, meterpreter, bugfixes 2012-07-10 13:33:28 -04:00
HD Moore e31a09203d Take into account an integer-normalized datastore 2012-06-24 22:59:14 -05:00
HD Moore fb7f6b49f0 This mega-diff adds better error classification to existing modules 2012-06-19 12:59:15 -05:00
HD Moore ceb4888772 Fix up the boilerplate comment to use a better url 2012-02-20 19:40:50 -06:00
Wei Chen 2da07d4963 Fix bug #5834 (uri being nil in print_good) 
git-svn-id: file:///home/svn/framework3/trunk@14057 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-25 00:40:03 +00:00
Wei Chen 14d7db1641 Add disclosure dates to all the exploit modules that didn't have one 
git-svn-id: file:///home/svn/framework3/trunk@13938 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-15 21:09:17 +00:00
Wei Chen d13654740a Update some jboss modules' metadata associated with CVE-2010-0738 
git-svn-id: file:///home/svn/framework3/trunk@13204 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-18 05:18:25 +00:00
David Rude a8b6c43636 reverting the disclosure dates for now need to clean up the patch 
git-svn-id: file:///home/svn/framework3/trunk@12540 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-04 20:43:19 +00:00
David Rude 3b7ea08f6a Fixes a ton of Disclosure Date discrepencies in various modules, thanks a ton to Michael Baker for spending the time to ensure accuracy 
git-svn-id: file:///home/svn/framework3/trunk@12539 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-04 19:17:31 +00:00
Joshua Drake f0673cb1ac Tweak to work with FreeBSD, thx for the patch! 
git-svn-id: file:///home/svn/framework3/trunk@12224 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-03 17:40:45 +00:00
Joshua Drake 771ea5862c fix typo 
git-svn-id: file:///home/svn/framework3/trunk@10754 4d416f70-5f16-0410-b530-b9f4589650da
 2010-10-19 22:24:33 +00:00
Joshua Drake 1935f2007f fix exe generation for auto-targetting 
git-svn-id: file:///home/svn/framework3/trunk@10753 4d416f70-5f16-0410-b530-b9f4589650da
 2010-10-19 22:21:19 +00:00
Joshua Drake 279c604015 missed a couple exe generater includes 
git-svn-id: file:///home/svn/framework3/trunk@10504 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-28 16:19:50 +00:00
Joshua Drake bd1eeb3722 rework to_jsp_war a bit, fix uses, default msfencode -t war to x86/win32 
git-svn-id: file:///home/svn/framework3/trunk@10397 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-20 15:59:46 +00:00
Joshua Drake 2f384cde82 add alias for calling Msf::Exploit regenerate_payload explicitly -- fixes #2312 
git-svn-id: file:///home/svn/framework3/trunk@9950 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-03 15:14:34 +00:00
Joshua Drake 16ff17c9d1 add more http fingerprints -- thx mc 
git-svn-id: file:///home/svn/framework3/trunk@9797 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-12 23:25:31 +00:00
Joshua Drake 0882838491 ensure binary mode when opening files, whitespace fixes 
git-svn-id: file:///home/svn/framework3/trunk@9653 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-01 23:33:07 +00:00
Joshua Drake 48994d234a oops, remove java from platform list 
git-svn-id: file:///home/svn/framework3/trunk@9609 4d416f70-5f16-0410-b530-b9f4589650da
 2010-06-24 16:38:24 +00:00
Joshua Drake 099b90b0d6 another update for jboss stuff, thanks Patrick! 
git-svn-id: file:///home/svn/framework3/trunk@9596 4d416f70-5f16-0410-b530-b9f4589650da
 2010-06-23 22:25:03 +00:00
Joshua Drake 58cbf5d6ad oops, fixed app_base mistake 
git-svn-id: file:///home/svn/framework3/trunk@9586 4d416f70-5f16-0410-b530-b9f4589650da
 2010-06-22 23:10:30 +00:00
Joshua Drake 4ceb936533 some jboss updates, much thanks to Patrick Hof 
git-svn-id: file:///home/svn/framework3/trunk@9568 4d416f70-5f16-0410-b530-b9f4589650da
 2010-06-21 16:26:14 +00:00
Joshua Drake 711e08b5e9 make sure to use correct verbs, thanks mc! 
git-svn-id: file:///home/svn/framework3/trunk@9285 4d416f70-5f16-0410-b530-b9f4589650da
 2010-05-11 16:20:46 +00:00
Joshua Drake 7f758d5a02 add VERB option to enable exploiting cve-2010-0738 
git-svn-id: file:///home/svn/framework3/trunk@9282 4d416f70-5f16-0410-b530-b9f4589650da
 2010-05-11 09:14:36 +00:00
Joshua Drake 22529ae81b add USERNAME/PASSWORD options 
git-svn-id: file:///home/svn/framework3/trunk@9177 4d416f70-5f16-0410-b530-b9f4589650da
 2010-04-30 06:30:59 +00:00
Joshua Drake e80df81350 correct the CVE reference 
git-svn-id: file:///home/svn/framework3/trunk@8678 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-01 19:47:13 +00:00
Joshua Drake 865969e059 whitespace adjustments - finally closes #773 
git-svn-id: file:///home/svn/framework3/trunk@8575 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-21 01:44:34 +00:00
Joshua Drake 32bf50c627 add exploit module to get code exec from jboss.system:MainDeployer access 
git-svn-id: file:///home/svn/framework3/trunk@8574 4d416f70-5f16-0410-b530-b9f4589650da
 2010-02-21 01:41:24 +00:00