infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
30,747 Commits
7 Branches
556 Tags
419 MiB
Commit Graph

30747 Commits (578423501ad30a29edfea3211b50f3df388be566)

Author SHA1 Message Date
sinn3r 2dedaee9ca Working version after the upgrade 2015-01-27 12:02:36 -06:00
Brent Cook 8b3a0a0bb1 really fix the cmdweb test 
this test to include the CmdStager module, not the CmdStagerVbs class

Before:
```
msf > loadpath test/modules
Loaded 32 modules:
    8 posts
    12 auxiliarys
    12 exploits
```

After:
```
msf > loadpath test/modules
Loaded 33 modules:
    8 posts
    12 auxiliarys
    13 exploits
msf > use exploit/test/cmdweb
msf exploit(cmdweb) > info

       Name: Command Stager Web Test
     Module: exploit/test/cmdweb
   Platform: Windows
 Privileged: Yes
    License: Metasploit Framework License (BSD)
       Rank: Manual
  Disclosed: 2010-02-03

Provided by:
  bannedit <bannedit@metasploit.com>

Available targets:
  Id  Name
  --  ----
  0   Automatic Targeting

Basic options:
  Name     Current Setting  Required  Description
  ----     ---------------  --------  -----------
  Proxies                   no        A proxy chain of format type:host:port[,type:host:port][...]
  RHOST                     yes       The target address
  RPORT    8080             yes       The target port
  VHOST                     no        HTTP server virtual host

Payload information:

Description:
  This module tests the command stager mixin against a shell.jsp
  application installed on an Apache Tomcat server.

msf exploit(cmdweb) > set RHOST 127.0.0.1
RHOST => 127.0.0.1
msf exploit(cmdweb) > run

[*] Started reverse handler on 127.0.0.1:4444
[*] Command Stager progress -   2.01% done (2046/101881 bytes)
[*] Command Stager progress -   4.02% done (4092/101881 bytes)
[*] Command Stager progress -   6.02% done (6138/101881 bytes)
[*] Command Stager progress -   8.03% done (8184/101881 bytes)
[*] Command Stager progress -  10.04% done (10230/101881 bytes)
[*] Command Stager progress -  12.05% done (12276/101881 bytes)
[*] Command Stager progress -  14.06% done (14322/101881 bytes)
[*] Command Stager progress -  16.07% done (16368/101881 bytes)
[*] Command Stager progress -  18.07% done (18414/101881 bytes)
...
```
 2015-01-27 11:44:34 -06:00
William Vu ae22cf1b47
Land #4650, #strip NilClass fix 2015-01-27 11:13:33 -06:00
William Vu 7d7139d769
Consistent-ize whitespace 2015-01-27 11:11:02 -06:00
Tod Beardsley d8200c65a8
Strip safely, avoid nil.strip errors 2015-01-27 11:06:55 -06:00
William Vu 5b3d877b25
Land #4648, for real 2015-01-27 11:00:22 -06:00
William Vu 2b706f222a
Land #4648, YAML parsing fix 
Prefer regex. For reasons...
 2015-01-27 10:59:05 -06:00
William Vu a88a631b66
Fix #strip 2015-01-27 10:58:24 -06:00
Tod Beardsley d2bf1a73ff
Don't need to require YAML anymore either 2015-01-27 10:40:57 -06:00
William Vu bf39a7a933
Land #4648, YAML parsing fix 
Prefer regex. For reasons...
 2015-01-27 10:39:03 -06:00
Tod Beardsley cafbd1af51
Prefer a regex over YAML parsing 
Fixes a bug introduced in #4645
 2015-01-27 10:34:56 -06:00
Brent Cook 550e6efff8 improve resiliency of meterpreter session tests 
- Use separate names for files and directories to avoid cascading
   failures if one test fails and leaves a file or directory behind.
 - Use %TEMP% rather than %TMP - the former is defined on all Windows
   versions, whereas the later is not defined on Windows 2012, causing
   the test to fail.
 - Don't assume 'HACKING' is in the current working directory, which
   breaks remote test harnesses. Instead, send the source code to the
   current __FILE__ as the test file to upload, since that works from
   any directory or remotely.
 2015-01-27 09:07:21 -06:00
James Lee a2c7ebc2b1
Simplify logic 2015-01-27 09:05:11 -06:00
James Lee 5985f37fe8
Only need one origin 2015-01-27 09:02:30 -06:00
James Lee ca44ae2109
Consistent commas 2015-01-27 08:41:24 -06:00
James Lee eac7b11a87
Merge remote-tracking branch 'upstream/master' into bug/4634/blank-username 
Conflicts:
	lib/msf/ui/console/command_dispatcher/db.rb
	spec/lib/msf/ui/console/command_dispatcher/db_spec.rb
 2015-01-27 08:40:07 -06:00
James Lee aea26e1e21
Add negative spec 2015-01-27 08:14:48 -06:00
sinn3r ee922d141c Fix #4646 - get_module_resource should check nil before using get_resource 
Fix #4646. The get_module_resource needs to check nil first before
using the get_resource method (from HttpServer)
 2015-01-27 00:21:43 -06:00
sinn3r 9e3388df34 Use BES for MS13-037 and default to ntdll 2015-01-27 00:18:36 -06:00
William Vu 515b125192
Land #4645, for real 
Conflicts:
	modules/post/multi/gather/rubygems_api_key.rb
 2015-01-26 23:46:04 -06:00
William Vu fd4812fbab
Land #4645, @claudijd's RubyGems API key stealer 
Dedicating this merge to @todb-r7. :-)
 2015-01-26 23:29:36 -06:00
William Vu d53f4e1178
Fix bugs and make final changes 2015-01-26 23:29:10 -06:00
Jonathan Claudius f0bcf27110 Missing ? 2015-01-27 00:15:43 -05:00
Jonathan Claudius a3cf524162 Remove copy pasta 2015-01-27 00:13:51 -05:00
Jonathan Claudius 2bb9314b4b Switch to unless conditional 2015-01-27 00:10:33 -05:00
sinn3r 7b4fd2f618
Land #4642, Allow 'creds -u "" ' to return blank usernames 2015-01-26 23:01:03 -06:00
Jonathan Claudius 1f9286da69 Undo logic reversage 2015-01-26 23:54:41 -05:00
Jonathan Claudius a9e480e44a Fixed tilde 2015-01-26 23:53:08 -05:00
Jonathan Claudius eed9fbe024 Lose assignment in conditional 2015-01-26 23:48:08 -05:00
Jonathan Claudius c496d2c987 Remove nil check 2015-01-26 23:43:31 -05:00
Jonathan Claudius c29b7488b2 Fix double new line 2015-01-26 23:40:19 -05:00
Jonathan Claudius d77f112e82 Minor Formatting 2015-01-26 23:31:36 -05:00
Jonathan Claudius 06485d8c89 Fix naming of things 2015-01-26 23:17:44 -05:00
Jonathan Claudius 685c4804e5 Add trailing return 2015-01-26 23:15:00 -05:00
Jonathan Claudius 6b6e47a237 Fix sessiontypes, again 2015-01-26 23:13:17 -05:00
Jonathan Claudius 747349a57a Fix sessiontypes 2015-01-26 23:11:48 -05:00
Jonathan Claudius ee7ecb349d Fix description 2015-01-26 23:10:08 -05:00
Jonathan Claudius 106170eddc Add multi to name 2015-01-26 23:08:43 -05:00
Jonathan Claudius a3c7cf70f8 Make MSF Tidy more happy 2015-01-26 22:30:26 -05:00
Jonathan Claudius d37b3cf0c3 Use next instead of return 2015-01-26 22:26:56 -05:00
Jonathan Claudius f58dc2789f Remove creds 2015-01-26 22:13:15 -05:00
Jonathan Claudius a27c376ae7 Add service port and host 2015-01-26 22:06:07 -05:00
Jonathan Claudius dd34b58e49 Add add loot 2015-01-26 22:01:38 -05:00
Jonathan Claudius 3889ed5784 Add cred login 2015-01-26 21:50:10 -05:00
James Lee 964d37dbc5
Add a simple spec for -u 
Need lots more
 2015-01-26 20:37:17 -06:00
James Lee f2e0bd364a
Always include Service and Host 
See #4643
 2015-01-26 20:22:11 -06:00
James Lee 8dd56bb759
Do all the filtering in SQL instead of Ruby 
This also has the advantage of reducing the number of queries from at
least 3 for every Core we find to more like a total of 3.
 2015-01-26 20:21:55 -06:00
Jonathan Claudius eead063375 Add RubyGems API Post Gather Module 2015-01-26 20:53:39 -05:00
sinn3r fd954b550a
Drop psuedo-legalese, just give practical warning 2015-01-26 18:58:35 -06:00
Tod Beardsley 63c3832d7d
Also test for nonmatching passwords 2015-01-26 17:02:58 -06:00