Adam Cammack
866c4718b0
Fix OptPort validation
...
Allow a port value of 0 and don't reject empty values if the option is
not required.
2016-03-22 23:01:18 -05:00
Adam Cammack
ec3a0a108d
Change OptPort to inherit from OptInt
...
Fixes the normalize and validate methods.
2016-03-22 19:25:51 -05:00
Adam Cammack
22df7c0071
Fix datastore to validate options w/o a default
...
Options without a default were not pulled into the `@options` hash and
therefore were not used to validate options on assignment.
I am not entirely sure how this fix works, since it would seem that
non-override options would not get pulled in if an option was first set
in the global datastore. However, a previous value does not get
overridden and new values are validated. Anything further is merely
speculation on my part.
2016-03-22 19:12:53 -05:00
Adam Cammack
5c163960ed
Fix datastore to not freeze options on the default
2016-03-22 19:07:58 -05:00
William Vu
0c7cf2924c
Land #6686 , Android dump_* -o fixes
2016-03-21 12:21:47 -05:00
RageLtMan
c871ceea0a
Implement consistent socket abstraction
...
In current nomenclature, Rex Sockets are objects created by calls
to Rex::Socket::<Transport>.create and Rex::Socket.create_...
When the LocalHost or Comm parameters are set to remotely routed
addresses (currently via Meterpreter sessions), Rex will create a
Channel which will abstract communications with the remote end of
the session. These channel based abstractions are called pivots,
and present in three separate flavors:
1 - TcpClientChannel, a fully abstracted, selectable Socket.
2 - TcpServerChannel, a virtual Channel which distributes client
channels.
3 - UdpChannel, a virtual Channel which provides common methods for
UDP socket operations, but is not a full (selectable) abstraction.
Unfortunately this differentiation results in inconsistent returns
from the aforementioned socket creation calls, as the call chain
creates parameters and supplies them to the create method on the
comm object referenced in the params. The comm object may be a
channel, and produce a virtual representation of a socket with
functional methods analogous to Sockets, but without a kernel FD.
This commit begins the work of ensuring that all calls for socket
creation return selectable Rex::Socket objects with semantics
familiar to Ruby developers who have not read into the details of
Rex::Socket and Rex::Post.
-----
Summary of changes:
Convert Rex::IO::StreamAbstraction to SocketAbstraction and use
the new mixin in StreamAbstraction and DatagramAbstraction. This
approach allows for common methods to reuse the abstraction data
flow, while initializing separate types of socket obects and an
optional monitor as needed.
In the Rex::Post::Meterpreter namespace, extract common methods
from Stream to a SocketAbstraction mixin, include that mixin in
Stream, and add Datagram with the dio_write handler override
exported from the current implementation of UdpChannel, also using
the mixin. This relies on the Rex::IO work above to implement the
proper type of socket abstraction to the Channel descendants.
In Rex::Post::Meterpreter::Extensions::Stdapi::Net, convert the
UdpChannel to inherit from the Rex::Post::Meterpreter::Datagram
class, implementing only the send method at this tier. Convert
create_udp_channel to return the local socket side of the datagram
abstraction presented analogous to the TcpClientChannel approach
used before.
-----
Notes and intricacies:
In order to implement recvfrom on the UDP abstraction, a shim layer
has been put in place to forward the sockaddr information from the
remote peer to the local UDP socketpair in the abstraction. This
information takes up buffer space in the UDP socket, and in order
to maintain compatibility with consumers, the dio_write_handler
pushes the data buffer, and in a separate send call, he sockaddr
information from the remote socket. On the abstraction side, the
recvfrom_nonblock call of the real UDPSocket has been overriden
via the mixed in module to call the real method twice, once for
the data buffer, and once for the packed sockaddr data. The Rex
level consumer for recvfrom calls the underlying nonblock method
and expects this exact set of returns (as opposed to what standard
library UDPSocket.recvfrom returns, which is a data buffer and an
Array of sockaddr data).
-----
Testing:
Local and lab testing only so far.
Test RC script to be added in GH comments.
-----
Issues:
Currently, sendto on a remote socket does not appear to honor
LocalPort which causes DNS responses (#6611 ) to come from the
wrong port to remote clients being serviced over a pivot socket.
2016-03-21 03:32:52 -04:00
OJ
80e0bbeb68
Add the interactive shell prompt with sessions
2016-03-21 15:44:20 +10:00
Metasploit
6e12e74e02
Bump version of framework to 4.11.17
2016-03-18 14:12:18 -07:00
Adam Cammack
67b9d053ec
Land #6679 , remove unreachable sanity checks
2016-03-18 11:25:51 -05:00
Brent Cook
9219efa512
remove unreachable ruby 1.x check
2016-03-18 11:16:44 -05:00
James Lee
1375600780
Land #6644 , datastore validation on assignment
2016-03-17 11:16:12 -05:00
Brent Cook
df2d0f7826
Indicate that output options take parameters
2016-03-17 11:13:34 -05:00
Brent Cook
1790f039c3
Land #6684 , remove obsolete warn_about_rubies
2016-03-17 08:26:57 -05:00
William Vu
59a55dec5b
Land #6676 , new Postgres fingerprints
2016-03-16 16:32:10 -05:00
Adam Cammack
32fe9ae55d
Remove dead version check in db_manager.rb
...
The check appears to have been orphaned in the db_manager refactor, but
I can't track down the exact commit.
2016-03-16 15:24:55 -05:00
James Lee
79c36c4f53
RPORT should be an OptPort
2016-03-16 14:13:19 -05:00
James Lee
c21bad78e8
Fix some more String defaults
2016-03-16 14:13:18 -05:00
James Lee
a878926f31
Remove unused datastore option
2016-03-16 14:13:17 -05:00
William Vu
adb275520b
Land #6680 , old SVN code deletion
2016-03-16 10:15:06 -05:00
Brent Cook
44e1fefa2e
when normalizing a string type, ensure we have a string first
2016-03-16 06:44:36 -05:00
Brent Cook
5a72f2df16
remove subversion support
2016-03-15 22:00:32 -05:00
Brent Cook
63263773d1
simplify sanity checks for Ruby 1.x
2016-03-15 21:55:25 -05:00
Brent Cook
3b6a3374ae
prefer explicit defaults to implicit
2016-03-15 20:58:14 -05:00
Brent Cook
87074c0638
Land #6651 , add android sqlite_query option, update metasploit-payloads
2016-03-15 18:27:49 -05:00
Brent Cook
257c8f4058
handle a sqlite table being empty
2016-03-15 18:26:38 -05:00
Adam Cammack
05f585157d
Land #6646 , add SSL SNI and unify SSLVersion opts
2016-03-15 16:35:22 -05:00
David Maloney
3cbc5684e1
iadd some preuath fps for postgres 9.4
...
the preauth fingerprinting for postgres is somewhat
unmaintainable, but due to a specific customer request
i have added these two FPs for 9.4.1-5
MS-1102
2016-03-15 14:50:07 -05:00
Brent Cook
654590911b
Enforce integrity of datastore options on assignment
2016-03-15 14:00:32 -05:00
OJ
d8c850aaf0
Add support for the execution of single powershell commands
2016-03-14 17:13:12 +10:00
OJ
f8f61e8d83
Basic shell of the MSF Powershell extension functionality
2016-03-14 12:55:58 +10:00
HD Moore
42689df6b3
Fix a stack trace with ``set PAYLOAD`` in ``msf>`` context
2016-03-13 14:56:54 -05:00
Christian Mehlmauer
4f09246c78
reenable module loader warnings
2016-03-13 20:04:05 +01:00
Brent Cook
dabe5c8465
Land #6655 , use MetasploitModule as module class name
2016-03-13 13:48:31 -05:00
Metasploit
e059f42094
Bump version of framework to 4.11.16
2016-03-11 14:17:28 -08:00
Adam Cammack
6f85c82dc0
Fix Nexpose import to truncate long vuln names
...
A warning is emitted since there is a potential for data loss, but since
we reference vulns by their ID, the data-integrity risk is small.
Initially triggered by some Nexpose data, this should probably be
properly fixed by removing the length bound on the field.
MS-1184
2016-03-11 11:02:55 -06:00
wchen-r7
5554138fac
Change the firing order
...
Ubuntu has this glib bug (g_slice_set_config) that results us
seeing a bunch of warnings when we call system("firefox") in
Ruby. It doesn't look like our fault, but since this generates
a lot of text on msfconsole, we try to avoid that.
2016-03-09 23:08:19 -06:00
Tim
dfd51a7032
Merge branch 'master' into android_sqlite_read
2016-03-10 01:46:30 +00:00
wchen-r7
38bc8c88ae
Fix open_webrtc_browser
...
Fix a bug where the code might spawn multiple browsers.
2016-03-09 17:10:22 -06:00
David Maloney
ca18996272
setup rails staging branch
...
rails 4.1 baby!
2016-03-09 15:35:00 -06:00
David Maloney
15ba85bac2
fix missed deprecations
...
missed some deprecation warnings
2016-03-09 13:29:35 -06:00
David Maloney
88697a5d3f
Merge branch 'master' into staging/rails-upgrade
2016-03-08 15:22:04 -06:00
wchen-r7
f831d58c1c
Support tables
2016-03-08 12:19:27 -06:00
wchen-r7
698f425821
Auto <hr>
2016-03-08 11:25:15 -06:00
wchen-r7
b91ee232ff
Change HTML parsing
2016-03-08 10:25:29 -06:00
wchen-r7
58b8c35146
Escape HTML for KB and update rspec
2016-03-08 10:10:10 -06:00
Christian Mehlmauer
3123175ac7
use MetasploitModule as a class name
2016-03-08 14:02:44 +01:00
Tim
5e83b2de51
remove extra new line
2016-03-07 23:17:45 +00:00
Tim
f6c06bedfe
fix e.g output
2016-03-07 23:15:05 +00:00
wchen-r7
c2f99b559c
Add documentation for auxiliary/scanner/http/tomcat_enum
...
Also fix a typo in normalizer
2016-03-07 15:39:15 -06:00
William Vu
3e0f8d67c9
Use #strip to more correctly simulate #blank?
...
See f900d9cf26
.
2016-03-07 13:14:37 -06:00
Brent Cook
289f43bb80
Land #4848 , remove some reliance on rails libraries from rex
2016-03-07 07:38:30 -06:00
Brent Cook
eea8fa86dc
unify the SSLVersion fields between modules and mixins
...
Also actually handle the 'Auto' option that we had in the crawler and remove
hardcoded defaults in modules that do not need them.
2016-03-06 22:06:27 -06:00
Brent Cook
05a91f1d82
set SNI if the SSL peer is specified as a hostname
2016-03-06 21:12:15 -06:00
Brent Cook
5a0bec81cb
disable warnings for now, to be reenabled when the module base class is updated
2016-03-06 17:19:05 -06:00
Brent Cook
a2c3b05416
Land #6405 , prefer default module base class of simply 'Metasploit'
2016-03-06 17:10:55 -06:00
Brent Cook
0fc4ebf4ab
Land #6618 , Improve Content-Length behavior in Rex HTTP
2016-03-06 16:38:44 -06:00
Brent Cook
a1190f4344
Land #6598 , add post module for setting wallpaper
2016-03-06 15:00:10 -06:00
Spencer McIntyre
a8ac078586
Land #6636 , fix met finalizers to not double close
2016-03-06 12:55:39 -05:00
Brent Cook
85acfabfca
remove various library workarounds for the datastore not preserving types
2016-03-05 23:10:57 -06:00
Brent Cook
694f7f0a65
stop turning all default options into strings
...
we need to adjust vprint* functions, since they now fallthrough to the
'framework.datastore' checks because the false case actually triggers.
2016-03-05 23:09:14 -06:00
wchen-r7
c811ed8d60
Correct name: PAYLOAD_DEMO_TEMPLATE
2016-03-05 00:42:36 -06:00
Metasploit
a5cdd7e17f
Bump version of framework to 4.11.15
2016-03-04 16:56:02 -08:00
Metasploit
ce675330c0
Bump version of framework to 4.11.14
2016-03-04 14:49:55 -08:00
Gregory Mikeska
7f2400dd1b
Merge branch 'jbarnett-r7-feature/MS-833/ms08-067-automation' into upstream-master
2016-03-04 12:34:00 -06:00
Brent Cook
dcba20ff60
only cleanup processes once too
2016-03-04 12:08:19 -06:00
Tim
2cfc9073a0
fixup sqlite_query
2016-03-04 11:56:37 +00:00
Tim
b7fe500788
sqlite_read -> sqlite_query
2016-03-04 11:56:23 +00:00
wchen-r7
934f8de9b7
Update the conditions of is_remote_exploit?
2016-03-03 00:53:00 -06:00
Brent Cook
c250740a81
Fixup finalizers to not double-close Meterpreter objects
...
We add finalizers to an assortment of Meterpreter-managed objects in order to
clean things up in the event that a post module crashes and does not clean
things up. However, this also means that even a properly-written post module
can lead to an object getting double-closed on the Meterpreter session when the
garbage collector kicks in. This can lead to quite non-deterministic behavior
and crashes.
This change modifies the instance close methods to unregister the finalizer on
close, ensuring we cannot do a double-close automatically if one is requested
explicitly first. As an additional measure, we check an instance variable to
see if we called close directly twice as well. This is not sufficient in
itself, since we do not have a reference to 'self' in the finalizer proc to
check the close state.
This also removes a couple of references to 'self' in the finalizer proc
itself, which may cure some memory leaks as well due to circular references.
2016-03-02 21:43:51 -06:00
wchen-r7
11964c5c1a
Add remote exploit demo and web_delivery doc
2016-03-02 19:52:11 -06:00
wchen-r7
5f510df2ab
Resolve merge conflict with upstream's Gemfile.lock
2016-03-01 22:06:17 -06:00
wchen-r7
f27d24fd60
Add module documentation for psexec
2016-03-01 18:52:47 -06:00
Brian Patterson
30043bc519
Changed .all to .load in workspace.rb in order to eager load the relation and fix the 4.0 rails deprecation
2016-03-01 11:48:55 -06:00
William Vu
c5a9d59455
Land #6612 , one final missing change
2016-02-29 15:08:42 -06:00
William Vu
cb0493e5bb
Recreate Msf::Exploit::Remote::Fortinet
...
To match the path, even though it's kinda lame including it just for the
monkeypatch.
2016-02-29 15:04:02 -06:00
William Vu
300fdc87bb
Move Fortinet backdoor to module and library
2016-02-29 12:06:33 -06:00
wchen-r7
2950996cb8
Land #6612 , Add aux module for Fortinet backdoor
2016-02-29 12:02:49 -06:00
William Vu
53d703355f
Move Fortinet backdoor to module and library
2016-02-29 11:57:42 -06:00
wchen-r7
bff4b4d5fc
Fix #6609 and #6587 - Change Content-Length behavior in Rex HTTP
...
This patches changes two things:
1. If a module has a custom Content-Length, it will respect that
instead of forcing its own.
2. If a request does not have anything in the body, the
Content-Length header will not be set.
Fix #6609
Fix #6587
2016-02-29 10:50:21 -06:00
Tim
afc6f6ff74
fix options
2016-02-29 15:21:33 +00:00
Tim
bd6fdbb545
android sqlite_read command
2016-02-29 15:05:57 +00:00
Fernando Arias
c4c5944b25
Merge branch 'staging/rails-upgrade' into staging/MS-888/engines-is-deprecated
...
Conflicts:
Gemfile.lock
metasploit-framework.gemspec
2016-02-26 15:35:34 -06:00
Brent Cook
7acba69e37
Land #6577 , add controls for Android ringer
2016-02-26 07:02:49 -06:00
Brent Cook
5899b8afc8
make help show up when things are not specified correctly
2016-02-26 06:09:05 -06:00
HD Moore
9010dac7bc
Wrap up the current WIP, still not functional
2016-02-26 05:36:40 +00:00
HD Moore
5bf308e720
WIP checkin
2016-02-26 05:36:40 +00:00
Brent Cook
d891e27cdd
Land #6597 , prefer Timeout.timeout since Object#timeout is deprecated
2016-02-25 22:17:49 -06:00
William Vu
83fad3e328
Add Fortinet backdoor
2016-02-25 21:29:08 -06:00
Brent Cook
a87cf02b50
Land #6524 , fix reverse_http to try binding to LHOST first
2016-02-25 20:25:02 -06:00
wchen-r7
2e268a25da
Land #6596 , Apache Karaf Login Utility
2016-02-25 14:39:51 -06:00
wchen-r7
7e25c7b87b
Handle OpenSSL::Cipher::CipherError
...
Our current net/ssh is petty outdated, so it is possible not being
able to connect to certain SSH servers.
2016-02-25 14:35:37 -06:00
Gregory Mikeska
cbc5b296e4
implement engines method locally instead of adding refinement
2016-02-25 11:05:17 -06:00
darkbushido
2ec7149ae7
Logging deprecations to STDERR
2016-02-25 10:59:50 -06:00
wchen-r7
58ad2175b8
Raise when no network connection
2016-02-24 18:57:40 -06:00
Metasploit
b32f474e99
Bump version of framework to 4.11.13
2016-02-24 11:37:42 -08:00
RageLtMan
d7ba37d2e6
Msf::Exploit::Remote::HttpServer print_* fix
...
Exploit::Remote::HttpServer and every descendant utilizes the
print_prefix method which checks whether the module which mixes in
these modules is aggressive. This is done in a proc context most
of the time since its a callback on the underlying Rex HTTP server.
When modules do not define :aggressive? the resulting exceptions
are quietly swallowed, and requestors get an empty response as the
client object dies off.
Add check for response to :aggressive? in :print_prefix to address
this issue.
2016-02-21 20:20:22 -05:00
Micheal
3e22de116f
Changes to fix peer and style as recommended by jhart-r7.
2016-02-20 13:53:32 -08:00
Tim
cef1b77e26
fixes for android set_audio_mode
2016-02-20 12:01:10 +00:00
Metasploit
b868f7cc89
Bump version of framework to 4.11.12
2016-02-19 20:19:43 -08:00
wchen-r7
24530e2734
Scrollable list, tab name change, print_status
2016-02-19 20:46:39 -06:00
RubenRocha
72a69fcd16
Fixed timeout warning
2016-02-19 21:14:54 +00:00
Louis Sato
9ba82453f8
Land #6584 , cidr notation addition for route command
2016-02-19 12:20:00 -06:00
Jon Hart
af33980b72
Load hinfo support, fix broken hinfo code
2016-02-18 23:22:17 -08:00
Brent Cook
b409b2237d
update to use the common bind_addresses method
2016-02-18 18:17:56 -06:00
wchen-r7
4c716a268d
Set some flags
2016-02-18 16:11:34 -06:00
Brent Cook
1e58b1574a
Land #6502 , add -x flag for showing extended sessions info
2016-02-18 15:37:41 -06:00
Brent Cook
d316609fef
put extra columns under the -x flag
2016-02-18 15:36:43 -06:00
wchen-r7
3beaeceb0e
Special-case bap2
2016-02-18 15:19:39 -06:00
wchen-r7
e5ad6fa781
Support "knowledge base"
2016-02-18 15:02:24 -06:00
wchen-r7
02834d4251
Add API documentation
2016-02-18 11:44:14 -06:00
wchen-r7
68703e1955
Break down DocumenGenerator, fix a bug when opening local md
2016-02-18 10:25:40 -06:00
Brent Cook
b5ae4c0322
remove the sleep
2016-02-18 08:33:44 -06:00
wchen-r7
a5f3bddfc8
Support RPC API
2016-02-18 00:39:12 -06:00
wchen-r7
089d6985b6
Add more demo templates
2016-02-18 00:17:32 -06:00
wchen-r7
1bfe1ad140
More demos
2016-02-17 19:04:06 -06:00
wchen-r7
76f2c917ee
Allow no GITHUB_OAUTH_TOKEN, and gsub for demo
2016-02-17 15:38:30 -06:00
wchen-r7
0b095cf08a
Remove unwanted variable
2016-02-17 15:25:31 -06:00
wchen-r7
8b267efa2d
No need to gsub the first 12 spaces anymore
2016-02-17 14:29:33 -06:00
wchen-r7
714106174e
Do external erb template
2016-02-17 14:27:29 -06:00
wchen-r7
d5c005d948
HTML-escape some fields
2016-02-17 13:56:03 -06:00
wchen-r7
5339bb50d8
Support targets
2016-02-17 13:48:24 -06:00
James Lee
28e6d8ef9e
Allow CIDR notation for the route command
2016-02-17 09:44:32 -06:00
wchen-r7
08dff6541d
rm junk code
2016-02-16 23:29:08 -06:00
wchen-r7
509a1e8de1
Add manual for demo purposes
2016-02-16 23:18:29 -06:00
wchen-r7
b0cfb4aacf
Add info -d to show module documentation in .md
2016-02-16 22:44:03 -06:00
James Lee
35e0a433ea
Make error output more useful
2016-02-16 14:45:00 -06:00
Brent Cook
aff118a3a5
don't send a response on invalid UUID
2016-02-16 09:19:45 -06:00
Brent Cook
95484c81fd
Land #6526 , fix browser exploit server spec
2016-02-15 16:23:04 -06:00
Brent Cook
1f58ad15ac
Browser::Exploit::Server needs to have vprint*
2016-02-15 16:21:24 -06:00
Brent Cook
3d1861b3f4
Land #6526 , integrate {peer} string into logging by default
2016-02-15 15:19:26 -06:00
Artem
c5469be59e
Add Android ringer change mode command
2016-02-15 15:07:48 -06:00
Brent Cook
2fddf333ed
add TLV entry
2016-02-15 15:04:15 -06:00
Artem
59bf850bb0
Update android.rb
...
Add request for Ringer Mode Changer
2016-02-15 14:59:15 -06:00
Brent Cook
4db2840af9
Land #6385 , add .apk template support for msfvenom
2016-02-15 14:27:08 -06:00
Metasploit
93cc7d58ba
Bump version of framework to 4.11.11
2016-02-12 15:38:50 -08:00
Brent Cook
db19a7d9b3
Merge branch 'upstream-master'
2016-02-10 23:15:21 -06:00
OJ
44eb2d6a80
Merge branch 'upstream/master' into default-xor
2016-02-11 14:30:18 +10:00
Brent Cook
2386cb1344
Land #6527 , add support for importing Burp suite vuln exports
2016-02-10 13:19:21 -06:00
darkbushido
d8a7421a0a
working on automated testing of 08-067
2016-02-09 13:43:34 -06:00
wchen-r7
d5c3fcae04
Land #6511 , Bump Jsobfu version to support preserved_identifiers
2016-02-05 15:57:53 -06:00
Metasploit
3c1ada46dd
Bump version of framework to 4.11.10
2016-02-05 13:40:02 -08:00
Jon Hart
a2a932e176
Dont store AXFR answers if there are no answers
2016-02-04 10:28:11 -08:00
Jon Hart
6882bf275e
Break out of the wait loop for this ns after a response is received
2016-02-04 10:07:53 -08:00
Brian Patterson
4dcbd7c1ae
Add a nokogiri xml stream parser for Burp issue xml and rename original burp parser to burp session parser so both are supported.
2016-02-04 10:30:56 -06:00
wchen-r7
d55e68e76b
Fix bug in js_obfuscate
2016-02-02 11:25:39 -06:00
James Lee
208420d741
Sort methods
2016-02-02 10:02:32 -06:00
William Vu
b4ed55b4d4
Fix reverse_http{,s} LHOST bind address
2016-02-02 09:57:11 -06:00
William Vu
93bdea0a60
Add tab completion for ReverseListenerBindAddress
2016-02-01 13:57:45 -06:00
Tim
d544bf9311
android set wallpaper
2016-02-01 01:16:17 +00:00
Tim
4d6791d432
fix returning of error
2016-01-31 15:13:21 +00:00
William Vu
1828b7fda6
Land #6512 , Acunetix importer missing scheme fix
2016-01-29 13:17:44 -06:00
Metasploit
7079110964
Bump version of framework to 4.11.9
2016-01-29 10:51:46 -08:00
Brent Cook
b6bc862c1b
Land #6267 , fix Rex::Parser::Ini#each_group
2016-01-29 11:19:40 -06:00
Brent Cook
cd56470759
Land #6493 , move SSL to the default options, other fixes
2016-01-29 11:09:51 -06:00
OJ
7b4f3f8148
Remove -vv, restore -v and add -ci
2016-01-29 11:52:21 +10:00
Adam Cammack
e542a6c8cf
Fix importing with Acunetix
...
Add a default scheme of `http://` to URIs without a scheme. Also update
some documentation.
2016-01-28 16:37:14 -06:00
wchen-r7
f4139f85cb
Change to JsIdentifiers
2016-01-28 15:18:25 -06:00
wchen-r7
4bd2be5dfa
Add preserved_identifiers support
2016-01-28 14:36:42 -06:00
James Lee
c2f8e95492
Missed one
2016-01-28 14:18:19 -06:00
James Lee
ad026b3a7a
Add #peer to Tcp
2016-01-28 13:58:24 -06:00
James Lee
537c7e790e
Use vprint_status instead of reimplementing it
2016-01-28 12:51:20 -06:00
Louis Sato
cb92d41356
Land #6508 , add dir alias for ls
2016-01-27 15:21:59 -06:00
wchen-r7
51efb2daee
Land #6422 , Add support for native target in Android webview exploit
2016-01-27 14:27:41 -06:00
OJ
3acb5d270b
Add `dir` as an alias for `ls`
2016-01-27 12:21:15 +10:00
OJ
69d9ff7958
Add an extended mode to the session list
2016-01-25 22:36:13 +10:00
OJ
0134161c1b
Fix another typo
2016-01-25 22:15:13 +10:00
OJ
7deae90185
Land #6499 : Fix reverse_tcp handling of disconnects
...
Fixes #6497
2016-01-23 17:59:23 +10:00
Brent Cook
a587975f90
be more robust and careful breaking from the accept thread
2016-01-23 01:46:58 -06:00
wchen-r7
6187354392
Land #6226 , Add Wordpress XML-RPC system.multicall Credential BF
2016-01-23 00:12:46 -06:00
KINGSABRI
ad3eed525b
Handing newer version of WP, fallback CHUNKSIE to 1
2016-01-23 08:06:27 +03:00
William Vu
d6facbe339
Land #6421 , ADB protocol and exploit
2016-01-22 20:45:44 -06:00
wchen-r7
0f9cf812b7
Bring wordpress_xmlrpc_login back, make wordpress_multicall as new
2016-01-22 18:54:20 -06:00
Brent Cook
b3e76f7793
Land #6484 , handle rspec failures gracefully if there is no database
2016-01-22 17:28:49 -06:00
Christian Mehlmauer
e6147d60e2
fix rspecs
2016-01-22 23:43:13 +01:00
Christian Mehlmauer
158b1e473c
revert value
2016-01-22 23:38:45 +01:00
Christian Mehlmauer
02841c79c3
some slight changes
2016-01-22 23:38:45 +01:00
Christian Mehlmauer
0546911eef
fix error when invalid classname eg "class Metasploit1 < .."
2016-01-22 23:38:45 +01:00
Christian Mehlmauer
8f4752d11e
show load warnings to the user
2016-01-22 23:38:45 +01:00
Christian Mehlmauer
7dac21f58c
do not fail on old class name
2016-01-22 23:36:37 +01:00
Christian Mehlmauer
51eb79adc7
first try in changing class names
2016-01-22 23:36:37 +01:00
Brent Cook
91700f17e3
tidy up the ruby style while we're in here testing
2016-01-22 14:43:19 -06:00
Brent Cook
ac8b483d32
don't break the accept loop just because we got a client connection that closed early
2016-01-22 13:52:00 -06:00
Christian Mehlmauer
0871fe25e8
change text
2016-01-22 07:38:44 +01:00
Christian Mehlmauer
e0de78280d
move SSL to the default options
2016-01-22 07:05:23 +01:00
wchen-r7
216986f7af
Do API documentation, rspec, and other small changes
2016-01-21 17:22:14 -06:00
Christian Mehlmauer
5a0e11fb72
revert file check
2016-01-21 20:21:41 +01:00
Adam Cammack
d544488409
Land #6461 , backport net-ssh ECDH kex algorithms
2016-01-20 14:05:39 -06:00
James Lee
0f7e3e954e
HttpServer's print prefix with... wait for it...
...
print_prefix
2016-01-20 13:44:18 -06:00
wchen-r7
d46ab29186
Don't name the method #send
2016-01-19 20:03:02 -06:00
Christian Mehlmauer
390b46dd25
also check file for existance
2016-01-19 23:55:49 +01:00
Christian Mehlmauer
b45e22b64d
use .any?
2016-01-19 23:16:10 +01:00
Christian Mehlmauer
aaa1174ca5
fix rspec errors without database
2016-01-19 20:28:58 +01:00
OJ
6c2391ed0d
Fix typo in random xor key generator
2016-01-19 15:37:10 +10:00
OJ
d92ca8f6b0
Merge branch 'upstream/master' into default-xor
2016-01-17 09:47:05 +10:00
nixawk
98cfd2de90
remove PING authentication
2016-01-16 12:42:15 +08:00
Metasploit
a030179577
Bump version of framework to 4.11.8
2016-01-15 15:17:13 -08:00
Brent Cook
59660dd6d0
Land #6465 , remove unneeded meterpreter extension post-installation copies
2016-01-15 17:04:14 -06:00
OJ
e7e63d92be
Land #6467 : fix missing requires in payloads
...
Fixes #6460
2016-01-15 07:42:14 +10:00
Brent Cook
e1be57d658
Land #6458 , Backport net-ssh AES CTR ciphers
2016-01-14 14:44:49 -06:00
Brent Cook
544b681981
Land #6451 , Backport net-ssh Diffie-Hellman Group Exchange SHA-256 key exchange
2016-01-14 14:43:52 -06:00