5a0bec81cb
disable warnings for now, to be reenabled when the module base class is updated
2016-03-06 17:19:05 -06:00
659af68b16
Land #6388 , update msftidy check for new preferred Metasploit module base class
2016-03-06 17:12:20 -06:00
cc436fe438
update to new preferred base class for modules
2016-03-06 17:11:51 -06:00
a2c3b05416
Land #6405 , prefer default module base class of simply 'Metasploit'
2016-03-06 17:10:55 -06:00
e1db3ef369
Land #6388 , Update msftidy to error when module super class is incorrect
2016-03-06 16:53:11 -06:00
0fc4ebf4ab
Land #6618 , Improve Content-Length behavior in Rex HTTP
2016-03-06 16:38:44 -06:00
8faae94338
Land #6592 , make linux/x86/shell_reverse_tcp's shell path configurable and remove shell_reverse_tcp2
2016-03-06 15:33:53 -06:00
66c697d2e4
Land #6602 , update author info for dahua_dvr_auth_bypass
2016-03-06 15:13:01 -06:00
4711191def
remove non-specific URL
2016-03-06 15:12:25 -06:00
a1190f4344
Land #6598 , add post module for setting wallpaper
2016-03-06 15:00:10 -06:00
86845222ef
add meterpreter platform workaround
2016-03-06 14:51:34 -06:00
a8ac078586
Land #6636 , fix met finalizers to not double close
2016-03-06 12:55:39 -05:00
a5cdd7e17f
Bump version of framework to 4.11.15
2016-03-04 16:56:02 -08:00
ce675330c0
Bump version of framework to 4.11.14
2016-03-04 14:49:55 -08:00
7f2400dd1b
Merge branch 'jbarnett-r7-feature/MS-833/ms08-067-automation' into upstream-master
2016-03-04 12:34:00 -06:00
dcba20ff60
only cleanup processes once too
2016-03-04 12:08:19 -06:00
71b034a566
Land #6627 , atutor_sqli regex fix
2016-03-03 16:54:38 -06:00
ba4e0d304b
Do regex \d+ instead
2016-03-03 11:05:16 -06:00
c250740a81
Fixup finalizers to not double-close Meterpreter objects
...
We add finalizers to an assortment of Meterpreter-managed objects in order to
clean things up in the event that a post module crashes and does not clean
things up. However, this also means that even a properly-written post module
can lead to an object getting double-closed on the Meterpreter session when the
garbage collector kicks in. This can lead to quite non-deterministic behavior
and crashes.
This change modifies the instance close methods to unregister the finalizer on
close, ensuring we cannot do a double-close automatically if one is requested
explicitly first. As an additional measure, we check an instance variable to
see if we called close directly twice as well. This is not sufficient in
itself, since we do not have a reference to 'self' in the finalizer proc to
check the close state.
This also removes a couple of references to 'self' in the finalizer proc
itself, which may cure some memory leaks as well due to circular references.
2016-03-02 21:43:51 -06:00
8b32f22a17
Land #6633 , install bundler on msfupdate conditionally
2016-03-02 16:18:30 -06:00
fae45f651e
Land #6628 , clean output file_pull_requests tool
2016-03-02 16:09:47 -06:00
d355b0e8b7
update payload sizes
2016-03-02 13:55:32 -06:00
851e8b610e
Land metasploit-payloads#80, update to fix #6593
2016-03-02 13:44:02 -06:00
25a0581395
Install Bundler in msfupdate if we don't have it
2016-03-02 10:12:45 -06:00
55724eb777
Set the exit status correctly
2016-03-02 09:39:23 -06:00
538ee1ec36
Print a helpful message on LoadError
2016-03-02 09:39:23 -06:00
22b69c8dee
Land #6588 , Add AppLocker Execution Prevention Bypass module
2016-03-01 22:30:23 -06:00
a798581fa3
Update #get_dotnet_path
2016-03-01 22:25:40 -06:00
368af93cfe
Merge branch 'master' of github.com:rapid7/metasploit-framework
2016-03-01 10:52:00 -06:00
cda4c6b3b3
Update the regex for the number of students in ATutor
2016-03-01 09:41:17 -06:00
5d64346a63
Land #6623 , Add CVE-2016-2555: ATutor 2.2.1 SQL Injection Exploit Module
2016-02-29 19:33:25 -06:00
274b9acb75
rm #push
2016-02-29 18:58:05 -06:00
f55835cceb
Merge new code changes from mr_me
2016-02-29 18:39:52 -06:00
638d91197e
Override print_* to always print the IP and port
2016-02-29 16:18:03 -06:00
54ede19150
Use FileDropper to cleanup
2016-02-29 16:15:50 -06:00
727a119e5b
Report cred
2016-02-29 16:06:31 -06:00
4cc690fd8d
Let the user specify username/password
2016-02-29 15:45:33 -06:00
726c1c8d1e
There is no http_send_command, so I guess the check should not work
2016-02-29 15:43:47 -06:00
c5a9d59455
Land #6612 , one final missing change
2016-02-29 15:08:42 -06:00
cb0493e5bb
Recreate Msf::Exploit::Remote::Fortinet
...
To match the path, even though it's kinda lame including it just for the
monkeypatch.
2016-02-29 15:04:02 -06:00
a3fa57c8f6
Add CVE-2016-2555: ATutor 2.2.1 SQL Injection Exploit Module
2016-02-29 14:59:26 -06:00
8c2ce9687a
Land #6620 , fix typo in jtr_linux
2016-02-29 14:58:58 -06:00
d955c6a8f6
style fixes
2016-02-29 14:06:49 -06:00
a6a37b3089
Land #6612 , missing commits included
2016-02-29 14:06:21 -06:00
f5ad1286d2
Fix #6615 , fix typo "format"
...
Fix #6615
2016-02-29 12:44:25 -06:00
300fdc87bb
Move Fortinet backdoor to module and library
2016-02-29 12:06:33 -06:00
2950996cb8
Land #6612 , Add aux module for Fortinet backdoor
2016-02-29 12:02:49 -06:00
53d703355f
Move Fortinet backdoor to module and library
2016-02-29 11:57:42 -06:00
bff4b4d5fc
Fix #6609 and #6587 - Change Content-Length behavior in Rex HTTP
...
This patches changes two things:
1. If a module has a custom Content-Length, it will respect that
instead of forcing its own.
2. If a request does not have anything in the body, the
Content-Length header will not be set.
Fix #6609
Fix #6587
2016-02-29 10:50:21 -06:00
b7ba38a4c6
update mdm version
2016-02-26 14:32:03 -06:00
Brent Cook
Spencer McIntyre
Metasploit
Gregory Mikeska
William Vu
wchen-r7
Louis Sato
David Maloney
net-ninja