infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,288 Commits
7 Branches
556 Tags
419 MiB
Commit Graph

12288 Commits (5b13b7d1d9c464c6525c5e8c1a3cff825d6c7aee)

Author SHA1 Message Date
Gregory Man 5b13b7d1d9 Extracted common AFP functionality to mixin 2012-03-13 09:56:03 +02:00
HD Moore 1a364df37e Pull payload/exploit options into nop modules as well 2012-03-12 23:28:47 -05:00
HD Moore 606ca82432 Share the datastore with encoders 2012-03-12 23:23:15 -05:00
HD Moore be6a64b3f7 Force option validation in exploit_simple for e & p 2012-03-12 22:57:23 -05:00
Jonathan Cran 1cf25e58d5 merge description change 2012-03-12 17:22:01 -05:00
HD Moore 7b32bc689f Swap URIPATH to TARGETURI for consistency 2012-03-12 13:58:33 -05:00
sinn3r 7d95132eab Use a cleaner way to calculate JRE ROP's NEG value 2012-03-11 17:27:47 -05:00
sinn3r 6c19466de8 Change output style 2012-03-11 13:59:18 -05:00
sinn3r 25a1552fbd Dynamic VirtualProtect dwSize. Change output style. 2012-03-11 13:49:46 -05:00
Tod Beardsley de888e50f0 Adding a cleaner RuntimeError to target_uri 
The purpose of re-raising an error from a library method like this is to
tell the user in no uncertain terms what all actually went wrong with the
module. This fix will cause a somewhat more pleasant error message than
the default message. Here's the raise from URI:

```
[-] Auxiliary failed: URI::InvalidURIError bad URI(is not URI?): what%ever
[-] Call stack:
[-]   /home/todb/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/uri/common.rb:156:in `split'
[-]   /home/todb/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/uri/common.rb:174:in `parse'
[-]   /home/todb/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/uri/common.rb:626:in `parse'
[-]   /home/todb/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/uri/common.rb:724:in `URI'
[-]   /home/todb/git/rapid7/metasploit-framework/lib/msf/core/exploit/http/client.rb:535:in `target_uri'
[-]   /home/todb/.msf4/modules/auxiliary/test_uri.rb:20:in `run'
[*] Auxiliary module execution completed
```

And here's the new, Metasploit-specific one:

```
[-] Invalid URI: "what%ever"
[-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: URIPATH.
[*] Auxiliary module execution completed
```

The user can now tell easily what's wrong with the module configuration,
and doesn't have to parse through a stack trace that leads down into
the Ruby stdlib.
 2012-03-10 10:58:16 -06:00
sinn3r b0e7c048c9 This module fits the GoodRanking description 2012-03-10 00:50:41 -06:00
sinn3r 710c66dbb0 Merge branch 'venom_opts' of https://github.com/kernelsmith/metasploit-framework into kernelsmith-venom_opts 2012-03-10 00:48:24 -06:00
sinn3r 1d5bad469c Add Windows 7 SP1 target 2012-03-10 00:11:25 -06:00
Joshua Smith 645f9b4f53 added -o,--options to list the options for a payload 2012-03-09 20:39:14 -05:00
sinn3r cc87ed8428 Remove weird error handling unless someone explains to me why I need to raise errors when it does already 2012-03-09 18:42:06 -06:00
sinn3r 0530eb4b09 Add target_uri 2012-03-09 14:44:32 -06:00
sinn3r 1ae779157d Disable Nops so we don't get an ugly crash after getting a shell 2012-03-08 18:56:58 -06:00
Tod Beardsley 1e4d4a5ba0 Removing EncoderType from flash module 
Also not very useful
 2012-03-08 16:57:41 -06:00
Tod Beardsley 302a42a495 Fixing up print statements 
Dropping the ROP prints since they're not all that useful.
 2012-03-08 16:56:44 -06:00
Tod Beardsley 1396fc19bd Fixup bad merge on flash mp4 2012-03-08 16:52:53 -06:00
sinn3r cb04e47304 Attempt #2: there's no cli in get_payload 2012-03-08 16:47:49 -06:00
sinn3r 3563fe1b36 The encoder "issue" was just a misconfig on my side. Also there's no cli in get_payload. 2012-03-08 16:41:32 -06:00
sinn3r fee2e1eff9 Minor spray size change 2012-03-08 16:19:51 -06:00
HD Moore 12395c719f Remove debugging code 2012-03-08 16:16:42 -06:00
HD Moore c8c73b076d Permisssions (ignore) 2012-03-08 16:16:13 -06:00
HD Moore 87274987c1 Remove the now obsolete text about SWF_PLAYER 2012-03-08 16:16:13 -06:00
HD Moore 28a58a39c2 Propagate the job_id back to the caller (often console's active_module) 
to restore job handling
 2012-03-08 16:14:52 -06:00
sinn3r 181fdb7365 A small title change 2012-03-08 16:10:16 -06:00
HD Moore 6b00848688 Propagate the job_id back to the caller (often console's active_module) 
to restore job handling
 2012-03-08 16:01:32 -06:00
HD Moore 0c70586625 Merge branch 'mp4-player' 2012-03-08 15:47:25 -06:00
HD Moore 1271368b6f Redirect to a trailing slash to make sure relative resources load 
properly
 2012-03-08 15:37:06 -06:00
HD Moore 3e6cbe9486 Add source code to the player 2012-03-08 15:23:10 -06:00
James Lee 090674386f Tell the user when we have to switch from a deleted workspace 2012-03-08 14:08:38 -07:00
HD Moore b0db18674c Test out new player code 2012-03-08 15:05:12 -06:00
James Lee b79e79022a Add a rename option to workspace command 
[Fixes #6498]
 2012-03-08 13:44:31 -07:00
HD Moore eb847a3dfb Add a nicer prefix to the target selection message 2012-03-08 13:46:14 -06:00
David Maloney 795a40218e Addresses a race condition with checking a scanner's status before it's run method has executed. 2012-03-08 13:18:02 -06:00
David Maloney 67c7971bdf Addresses a race condition with checking a scanner's status before it's run method has executed. 2012-03-08 13:07:03 -06:00
Tod Beardsley 5b566b43b4 Catching an update from @hdmoore-r7 
wrt the nuclear option.
 2012-03-08 12:08:39 -06:00
sinn3r edb3f19c12 A little more padding for Win Vista target 2012-03-08 12:04:04 -06:00
Tod Beardsley 97ba37f0c0 Adding compiled SWF as well. 
Dammit
 2012-03-08 12:03:51 -06:00
Tod Beardsley 18962e1180 Checking in the new Flash exploit to the release 
Using the checkout master directly:

 git checkout master external/source/exploits/CVE-2012-0754/Exploit.as
 git checkout master
modules/exploits/windows/browser/adobe_flash_mp4_cprt.rb
 2012-03-08 11:55:01 -06:00
Jonathan Cran 046857f3ab Merge branch 'release/2012030701' of r7.github.com:rapid7/metasploit-framework into release/2012030701 2012-03-08 10:23:46 -06:00
HD Moore 188f5c111c Simplify the module instance (required to call certain methods) 2012-03-08 10:22:32 -06:00
HD Moore f0685e4a1f Overwrite the local datastore with the normalized option, even if it 
came from a global datastore due to a fall-through
 2012-03-08 10:22:18 -06:00
HD Moore 36240b6fe4 Revert the previous global fix in favor of a different method. 
Fixes #6501
 2012-03-08 10:22:07 -06:00
HD Moore a6053b1ec3 Always clone modules before running them via the simplified wrappers. 
This prevents changes to the datastore or instance variables from
being carried over into a second run
 2012-03-08 10:21:00 -06:00
HD Moore 86fc45810b Remove the resource during cleanup 2012-03-07 23:04:53 -06:00
HD Moore b4e0daf3ca Small tweaks to the adobe mp4 exploit 2012-03-07 22:53:47 -06:00
James Lee 8d93e3ad44 Actually use the password we were given... 2012-03-08 10:17:39 -07:00