infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
38,432 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

11970 Commits (5bf8891c540283c994809d4e7d11870366652efe)

Author SHA1 Message Date
OJ c15a2e8787
Merge branch 'upstream/master' into reverse-port-forward 
Signed-off-by: OJ <oj@buffered.io>
 2016-04-26 09:48:40 +10:00
wchen-r7 47d52a250e Fix #6806 and #6820 - Fix send_request_cgi! redirection 
This patch fixes two problems:

1. 6820 - If the HTTP server returns a relative path
   (example: /test), there is no host to extract, therefore the HOST
   header in the HTTP request ends up being empty. When the web
   server sees this, it might return an HTTP 400 Bad Request, and
   the redirection fails.

2. 6806 - If the HTTP server returns a relative path that begins
   with a dot, send_request_cgi! will literally send that in the
   GET request. Since that isn't a valid GET request path format,
   the redirection fails.

Fix #6806
Fix #6820
 2016-04-25 14:30:46 -05:00
Adam Cammack f28d280199
Land #6814, move stdapi to exist? 2016-04-24 13:41:11 -04:00
Brent Cook 12a47b7fab prefer && 2016-04-24 11:56:32 -04:00
Brent Cook 194a84c793 Modify stdapi so it also uses exist? over exists? for ruby parity 
Also add an alias for backward compatibility.
 2016-04-23 17:31:22 -04:00
Brent Cook 45961f75d4 Fix the payload size updater for MetasploitModule 2016-04-23 11:38:42 -04:00
William Vu 9713124e54
Land #6802, resolve command for Meterpreter 2016-04-22 17:18:31 -05:00
William Vu 7f8491149f Fix minor whitespace issues 2016-04-22 17:18:10 -05:00
Jenkins d70dcbf4a4
Bump version of framework to 4.11.23 2016-04-22 09:34:10 -07:00
join-us c1a64b1f6f fix: issues/6803 - info command references bug 2016-04-22 15:14:35 +08:00
OJ 540409e735 Add `resolve` to the meterpreter command line 
I'm aware that this already exists as a post module, but there's nothing more annoying than having to bail out of Meterpreter, use the right module, set up the host list, etc all to just fire off a one-liner.

So this commit adds the command directly to Meterpreter's command line so that you don't have to do all that. This doesn't support specifying a file with the hosts in it (the post module does that). This is intended for quick resolution of particular hosts quickly.
 2016-04-22 13:21:19 +10:00
wchen-r7 98f89ca23a
Land #6794, Fixed yard doc errors 2016-04-21 13:16:45 -05:00
wchen-r7 6cb93f2af2 Make yard doc ignore @probe 2016-04-21 13:15:58 -05:00
thao doan 5e36a3128c Fix #5197, Fixed yard doc errors 
Fix #5197 Fixed issues that caused errors during yard doc generation
 2016-04-21 13:06:00 -05:00
Brent Cook 57ab974737 File.exists? must die 2016-04-21 00:47:07 -04:00
Louis Sato 6b3326eab2
Land #6707, support for LURI handler 2016-04-20 16:26:07 -05:00
David Maloney 5d0de63dc7
fiddling bits on db migrations 
getting duplicate migrations errors in pro,
trying to isolate
 2016-04-19 15:00:55 -05:00
David Maloney 1006902aea
fix migrations from deps 
the mgirations from mdm and credential were not
being pulled in correctly by the rake db tasks
fixed this in the databases.rake file
 2016-04-19 14:46:05 -05:00
Christian Mehlmauer 3b280d45a4
fix some yardoc issues 2016-04-18 21:00:21 +02:00
thao doan fd603102db Land #6765, Fixed SQL error in lib/msf/core/exploit/postgres 2016-04-18 10:44:20 -07:00
Brent Cook 4c0a53a809 replace 'and' with '&&' 2016-04-18 08:26:02 -05:00
OJ 555352b210 Force lurl string duplication to avoid stageless issues 
I have NO idea why this is even a problem. Mutating state is the spawn of satan.
 2016-04-18 08:25:19 -05:00
OJ a74a7dde55 More fixies for LURI in Python, and native too 2016-04-18 08:25:19 -05:00
OJ b95267997d Fix LURI support for stageless, transport add/change and code tidies 2016-04-18 08:24:41 -05:00
Rory McNamara 63e478c826 fix sessions -l bug 2016-04-18 08:21:50 -05:00
Rory McNamara a45d0aed53 show LURI in new connection log message 2016-04-18 08:21:50 -05:00
Rory McNamara 7eda08aa2e windows/x64 support 2016-04-18 08:16:35 -05:00
Rory McNamara 1e16804c63 size considerations for LURI, stageless 2016-04-18 08:16:35 -05:00
Rory McNamara 7e708e3159 sessions LURI display 2016-04-18 08:13:10 -05:00
Rory McNamara d2d36ca043 java handler, better default, jobs -v 2016-04-18 08:13:10 -05:00
Rory McNamara b122dffe3d initial LURI commit. windows, python functional 2016-04-18 08:13:10 -05:00
Metasploit d5085f6f0d
Bump version of framework to 4.11.22 2016-04-16 09:09:23 -07:00
David Maloney c52f3dcb0e
update to rails 4.2.6 
fix lost dep unlocks and upgrade rails to 4.2.6

MS-1400
 2016-04-15 11:45:43 -05:00
greg.mikeska@rapid7.com 2627a00727
Land #6750 Fix an error in the OpenVas and Burp Issue importers 2016-04-13 17:25:27 -05:00
Spencer McIntyre d3a832b31d
Land #6776, Fix #6775 update regex for Win 10 UAC 2016-04-13 17:03:45 -04:00
Brian Patterson 11d6740e7f
Modify syntax in burp_issue_nokogiri.rb to conform to code style guidelines 2016-04-12 17:33:20 -05:00
OJ 3898d11aa7 Add Windows 10 entry to the version check regex 2016-04-13 08:23:01 +10:00
Brian Patterson 6105822268 Merge branch 'master' of github.com:rapid7/metasploit-framework into bug/MS-247/OpenVas-default-workspace 2016-04-12 16:57:41 -05:00
Jon Hart ca6beeb676
Land #6187, @join-us' cleanup for enum_dns 2016-04-11 09:50:12 -07:00
OJ 5c2e5398ad Fix issue with flushing rev port forwards 2016-04-11 10:41:12 +10:00
William Vu feb1394630
Land #6752, compact table for advanced options 2016-04-09 21:25:43 -05:00
wchen-r7 93cb91a515 Remove an extra nil check 2016-04-08 21:18:24 -05:00
Jon Hart 7c70a554ea
Merge branch 'pr/6187' into pr/fixup-6187 for pre-master merge testing 2016-04-08 16:56:38 -07:00
Metasploit 16c599866c
Bump version of framework to 4.11.21 2016-04-08 16:23:33 -07:00
wchen-r7 6b4dd8787b Fix #6764, nil SQL error in lib/msf/core/exploit/postgres 
Fix #6764
 2016-04-08 15:20:04 -05:00
wchen-r7 ae46b5a688
Bring #6417 up to date with upstream-master 2016-04-08 13:41:40 -05:00
James Lee 2563634dce
Fix inverted logic introduced by #6734 
MS-385
 2016-04-06 22:03:31 -05:00
William Vu 22d08fdf39 Revert #6748, premature Gemfile* changes 2016-04-06 14:52:22 -05:00
Brian Patterson 78281213eb
Merge branch 'landing-6748' into upstream-master 2016-04-06 13:44:15 -05:00
OJ 866cb5a23b Fix usage of lport/rport while tracking rev forwards 2016-04-06 16:36:41 +10:00
OJ 6d504316ae Add MSF-side support for reverse port forwards 
This includes changes to the portfwd command so that the output is
nicer, things are easier to use, and users have the ability to create
reverse port forwards.
 2016-04-06 15:38:39 +10:00
James Lee 8cc1d2ec89
Make advanced and evasion options readable 2016-04-05 15:05:58 -05:00
wchen-r7 4d5695f7fc
Land #6743, reimplement HD's session interrupt handler 
MS-385
 2016-04-05 11:16:32 -05:00
Brian Patterson e5ee5b903b Merge branch 'master' of github.com:rapid7/metasploit-framework into bug/MS-247/OpenVas-default-workspace 2016-04-05 09:36:27 -05:00
David Maloney cde89b90cd
Land #6744, Deprecation on host eager load 
Lands SemperVictus' pr for fixing a deprecation warning
on eager loading the hosts table
 2016-04-05 09:19:16 -05:00
Justin Steven 3bcac49c21 Fix: badchars.present? is false for whitespace 
badchars.present? is false in the case of badchars containing only whitespace.

Instead check for is not empty and is not nil.
 2016-04-05 10:09:56 +10:00
Brian Patterson 2a7e3fb600
Fix an error in the OpenVas and Burp Issue importers where the vuln and host info would import into the default workspace instead of the current workspace 2016-04-04 17:35:31 -05:00
greg.mikeska@rapid7.com 5e8ed09b66 Merge branch 'task/MS-1354/OpenVAS-Nessus-Importer' of https://github.com/bpatterson-r7/metasploit-framework into bpatterson-r7-task/MS-1354/OpenVAS-Nessus-Importer 2016-04-04 17:07:05 -05:00
David Maloney 8de58e4b80
Merge branch 'master' into staging/rails-upgrade 2016-04-04 09:30:01 -05:00
wchen-r7 72d631a255
Land #6745, open_webrtc_browser fix for Windows 2016-04-02 13:54:05 -05:00
Brent Cook c6bdc3fa14 fix the path quoting in open_webrtc_browser 2016-04-02 13:18:23 -05:00
RageLtMan 992df12fa7 Address ActiveRecord deprecation warning 
AR will start to complain about eager loading in command_dispatcher
/db.rb:519 because it references hosts as string without explicitly
stating that the table is being referenced.

Add a call .references in the AR call chain after the where clause
to silence this abysmal warning.
 2016-04-02 00:22:26 -04:00
wchen-r7 f7dd326b16
Land #6455, Fix dns labels/names size limits for lib/net/dns/names/names 2016-04-01 21:57:09 -05:00
Brent Cook 3d995546d9 check for true before empty string 2016-04-01 21:30:11 -05:00
David Maloney 64b94dfe3b
reimplement HD's session interrupt handler 
reimplement HD's work on a session interrupt handler
so that if an exploit fails the handler does not continue
waiting for a session that will never come

MS-385
 2016-04-01 14:43:16 -05:00
OJ 2a9f813bcd Don't interpreter blank string as error 2016-04-01 09:53:25 +10:00
OJ 9f299f4f0c
Merge branch 'upstream/master' into powershell-meterpreter-bindings 2016-04-01 09:32:32 +10:00
wchen-r7 618f379488 Update auxiliary/scanner/redis/redis_server and mixin 2016-03-31 17:14:49 -05:00
wchen-r7 2e7d07ff53 Fix PASSWORD datastore option 2016-03-31 17:12:00 -05:00
wchen-r7 545cb11736
Bring #6409 up to date with upstream-master 2016-03-31 17:00:56 -05:00
wchen-r7 5fdea91e93 Change naming 2016-03-31 17:00:29 -05:00
Brian Patterson 8f0d664a38
Modify the open_vas importer to support both results.xml and reports.xml open_vas exports and modify the nessus importer to import what it can when it can't find a properly formatted port number 2016-03-30 17:44:26 -05:00
wchen-r7 a2a522be07
Land #6716, Add a rescue to catch method missing for stage_payload 2016-03-30 13:08:52 -05:00
wchen-r7 280aeb0b59
Land #6727, Show handler URI so we know which job's responding 2016-03-30 12:22:18 -05:00
James Lee ead6e6b6b6
Use a print_prefix instead 2016-03-30 11:50:45 -05:00
James Lee 0a239742f5
Show handler URI so we know which job's responding 2016-03-30 11:35:04 -05:00
wchen-r7 797acd625d
Land #6714, Kill defanged mode 2016-03-30 10:54:56 -05:00
Brent Cook b8d53dde4a Merge branch 'upstream-master' into staging/rails-upgrade 2016-03-29 15:56:50 -05:00
Metasploit b41ac10fe8
Bump version of framework to 4.11.20 2016-03-29 12:43:20 -07:00
wchen-r7 faaaf6b765 MS10-58 Call super in #set_sane_defaults for caidao login scanner 
MS10-58
 2016-03-29 13:40:51 -05:00
thao doan 587f1ee7b3 Land #6708, module documentation for msfconsole 2016-03-29 11:30:55 -07:00
Brent Cook e25525b4a7 avoid validating file-based datastore options on assignment 
file:/ strings are special with some datastore options, causing them to read a
file rather than emitting the exact string. This causes a couple of problems.

1. the valid? check needs to be special on assignment, since normalization
   really means normalizing the path, not playing with the value as we would do
   for other types

2. there are races or simply out-of-order assignments when running commands
   like 'services -p 80 -R', where the datastore option is assigned before the
   file is actually written.

This is the 'easy' fix of disabling assignment validation (which we didn't have
before anyway) for types that can expect a file:/ prefix.
 2016-03-28 23:03:17 -05:00
OJ 6523600952 Add a rescue to catch method missing for stage_payload 
This allows us to provide a friendlier message to users when they are
using a stageless listener with a staged payload.
 2016-03-29 09:46:09 +10:00
James Lee f1857d6350
Kill defanged mode 2016-03-28 09:02:07 -05:00
Metasploit 72bde63397
Bump version of framework to 4.11.19 2016-03-25 13:03:35 -07:00
James Lee 9d86a49c51
Land #6692, udp socket abstraction 2016-03-25 13:05:10 -05:00
Brent Cook 242ea8d9cd Merge branch 'master' into land-6691- 2016-03-24 22:19:57 -05:00
OJ ce8a6f57a0 Added powershell_import support 2016-03-25 12:17:03 +10:00
Brendan Watters 18604c3d44
Land #6705, Rectify MSF_CFGROOT_CONFIG comment 2016-03-24 18:21:05 -05:00
wchen-r7 57984706b8 Resolve merge conflict with Gemfile 2016-03-24 18:13:31 -05:00
James Lee dfa518b492
Whitespace 2016-03-24 15:21:03 -05:00
James Lee 0073a8f40e
Wrap comments at 78, style 2016-03-24 15:20:43 -05:00
Gregory Mikeska 7bd6d0c696
Merge branch 'master' into staging/rails-upgrade 2016-03-24 12:55:05 -05:00
Till Maas 7f002128ad Rectify MSF_CFGROOT_CONFIG comment 
Also remove reference to feature request that does not seem to be
available anymore.
 2016-03-23 22:23:30 +01:00
James Lee 6388578ee6
Style fixes 2016-03-23 16:15:46 -05:00
James Lee 98355c397c
Clean up some variable names 2016-03-23 15:07:00 -05:00
James Lee 685d8fc588
Use 2.x symbol literal syntax 2016-03-23 15:06:35 -05:00
James Lee effee42e2f
Raise a better exception for WSAEADDRINUSE 2016-03-23 13:15:38 -05:00
Louis Sato 0c19d89655
add more space for deprecation message 2016-03-23 11:39:42 -05:00
Metasploit e7b0c60e5c
Bump version of framework to 4.11.18 2016-03-23 07:55:29 -07:00