Commit Graph

17264 Commits (5967991f6f50bb30e8c4cf73026c4b79258e9bba)

Author SHA1 Message Date
Samuel Huckins 3840ddccbc Merge pull request #1534 from tasos-r7/bugfix/web-vuln-confidence
Auxiliary::Web: fixed confidence calculation in log methods
2013-03-01 09:25:07 -08:00
David Maloney 902948e5d3 cleanup options 2013-03-01 11:01:00 -06:00
Tasos Laskos 862b813786 Auxiliary::Web: fixed confidence calc in log methods 2013-03-01 18:33:16 +02:00
Luke Imhoff 239e1934b8 Use migrations from metasploit_data_models
[#44034071]

metasploit_data_models version 0.5.0 copied the migrations from
metasploit-framework/data/sql/migrate to
metasploit_data_models/db/migrate so that specs could be written the Mdm
models in metasploit_data_models.  As part of the specs, :null => false
columns that should be :null => true were discovered, so a new migration
was added, but to metasploit_data_models/db/migrate, so it could be
tested.  Instead of replicating migrations back and forth, I'm removing
the migrations completely from metasploit-framework and changing the
default migration path in Msf::DbManager#migration_paths to
MetasploitDataModels.root.join('db', 'migrate').
2013-03-01 09:03:45 -06:00
jvazquez-r7 e1891f0836 Merge branch 'setstringproperty_spray' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-setstringproperty_spray 2013-02-28 23:35:37 +01:00
David Maloney b2f68f0fdb Merge branch 'dmaloney-r7-feature/http/authv2' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-dmaloney-r7-feature/http/authv2 2013-02-28 14:37:37 -06:00
David Maloney c290bc565e Merge branch 'master' into feature/http/authv2 2013-02-28 14:33:44 -06:00
James Lee 5a79fcd11e Ensure we build only one Authorization header
Also fixes an issue where Host headers were generated with nil by
preferring the vhost from Client instead of the default nil from
ClientRequest.
2013-02-28 13:47:30 -06:00
jvazquez-r7 8f58c7b25e cleanup for sap_icf_public_info 2013-02-28 18:47:48 +01:00
jvazquez-r7 0dcfb51071 cleanup for sap_soap_rfc_system_info 2013-02-28 18:46:18 +01:00
jvazquez-r7 1a10c27872 Merge branch 'sap_rfc_system_info' of https://github.com/ChrisJohnRiley/metasploit-framework into ChrisJohnRiley-sap_rfc_system_info 2013-02-28 18:45:42 +01:00
sinn3r 18c0bb0ac8 Updates description again 2013-02-28 11:34:48 -06:00
sinn3r 8cb5da0794 One size rules them all. 2013-02-28 11:21:23 -06:00
sinn3r 722e077029 Update generic target 2013-02-28 11:09:52 -06:00
sinn3r 2c013cada8 Update documentation for default values 2013-02-28 11:05:18 -06:00
sinn3r 86d78939ad Make objId optional 2013-02-28 11:01:15 -06:00
sinn3r 9f35452d73 Beef up the default values for precise alloc size and consistency 2013-02-28 10:35:40 -06:00
James Lee 425c245771 Axe set_cgi in favor of set_uri
They were identical except for a couple of extra bugs in set_cgi.

Also changes ```split("/")``` to ```split("/", -1)```, which behaves
correctly when the input has a seperator at the beginning or end.
2013-02-27 19:13:05 -06:00
James Lee 16bba7a6ac Add test for pad_get_params 2013-02-27 18:06:55 -06:00
James Lee b0745b090a Msf HTTP uses this directly, can't axe it 2013-02-27 17:54:31 -06:00
James Lee 4edd46216f Refactor config -> opts
Puts all the evasion stuff in the same place as regular HTTP options to
make it easier to deal with.
2013-02-27 17:29:26 -06:00
James Lee 5606db3f9c Re-enable some commented tests 2013-02-27 16:28:17 -06:00
James Lee d5ae54cbb6 More accurate docs 2013-02-27 16:27:37 -06:00
Wolfgang Ettlinger e7015985e7 Added CVE-2012-2686
Added Module for a DoS issue in OpenSSL (pre 1.0.1d). Can be exploited
with services that use TLS >= 1.1 and AES-NI. Because of improper
length computation, an integer underflow occurs leading to a
segmentation fault. This module brute-forces serveral encrypted
messages - when the decrypted message coincidentally specifies a
certain value for the size, the integer underflow occurs. Though this
could be accomplished more effectively (e.g. implementing or
maninpulating and TLS implementation), this module still does what it
should do.
2013-02-27 22:57:53 +01:00
sinn3r bb02dc43b3 Documentation 2013-02-27 15:34:21 -06:00
sinn3r 312638d6a5 Correct allocation size for IE10 2013-02-27 14:32:39 -06:00
sinn3r e3f0757304 Improved version thanks to corelanc0d3r 2013-02-27 14:08:57 -06:00
James Lee d3b3587660 Merge branch 'rapid7' into dmaloney-r7-feature/http/authv2 2013-02-27 14:01:57 -06:00
sinn3r 6723352b9a Merge branch 'master' into setstringproperty_spray 2013-02-27 11:17:23 -06:00
sinn3r 2a7b4ee3d8 Merge branch 'master' into setstringproperty_spray 2013-02-27 11:15:52 -06:00
sinn3r 4085fa73c5 Merge branch 'stephenfewer-master' 2013-02-27 11:13:10 -06:00
Gerry Eisenhaur 724b32af17 Fixed the importing of NBE files 2013-02-26 16:55:26 -08:00
James Lee 7a7dd8975f Hmm, turns out something actually used that
Despite comments to the contrary
2013-02-26 18:16:54 -06:00
James Lee 29df20996e Move most of the configuration into ClientRequest
Also fixes in-place modification of the query string which resulted in
duplication of the GET parameters when calling #to_s more than once.
2013-02-26 17:38:09 -06:00
James Lee 935304ee0c No longer pending 2013-02-26 16:36:36 -06:00
James Lee 93537de68c Use let and subject blocks for better readability 2013-02-26 16:27:32 -06:00
David Maloney f16cec552a increase timeout with new checks 2013-02-26 14:27:04 -06:00
David Maloney 2ec2489f52 Test for general ssl before testing ciphers 2013-02-26 14:26:14 -06:00
James Lee 579c11bc69 Set reasonable defaults for more things
All current tests are passing now
2013-02-26 14:25:46 -06:00
James Lee d7de3b75a4 Format Authorization header like others
Also sorts the set_*_header methods
2013-02-26 14:18:20 -06:00
James Lee c206ac4998 Set some reasonable defaults
Fixes a number of nil deref issues
2013-02-26 14:15:51 -06:00
David Maloney 1cb2717fe7 fix weak and strong cipher enumerators 2013-02-26 14:13:17 -06:00
sinn3r 3334257aa4 Merge branch 'bug/fix_screenspy' of github.com:kernelsmith/metasploit-framework into kernelsmith-bug/fix_screenspy 2013-02-26 13:54:47 -06:00
sinn3r 38af8ba866 Merge branch 'feature/sqli-exploitation-mssql' of github.com:tasos-r7/metasploit-framework into tasos-r7-feature/sqli-exploitation-mssql 2013-02-26 13:41:32 -06:00
James Lee d463460da7 Default cgi to true when not given 2013-02-26 13:33:54 -06:00
James Lee 764bbbb8e5 Whitespace 2013-02-26 13:33:19 -06:00
James Lee 5e0161d3f7 Reflect new ClientRequst in docs 2013-02-26 13:31:24 -06:00
James Lee 7b3a11f2f9 Axe tests that belong in client_request_spec 2013-02-26 13:28:44 -06:00
James Lee cae030ccd7 Whitespace 2013-02-26 13:25:37 -06:00
David Maloney 1869cb5f8d fix timeout
20 seconds is way too long for jsut opening a socket
2013-02-26 13:20:16 -06:00