Commit Graph

812 Commits (5f1a1f8ed3637c124bd932326ef55a0ccb275ebf)

Author SHA1 Message Date
HD Moore 6b4eb9a8e2 Differentiate failed binds from connects, closes #4169
This change adds two new Rex exceptions and changes the local comm to raise the right one depending on the circumstances. The problem with the existing model is
that failed binds and failed connections both raised the same exception. This change is backwards compatible with modules that rescue Rex::AddressInUse in additi
on to Rex::ConnectionError. There were two corner cases that rescued Rex::AddressInUse specifically:

1. The 'r'-services mixin and modules caught the old exception when handling bind errors. These have been updated to use BindFailed
2. The meterpreter client had a catch for the old exception when the socket reports a bad destination (usually a network connection dropped). This has been updat
ed to use InvalidDestination as that was the intention prior to this change.

Since AddressInUse was part of ConnectionError, modules and mixins which caught both in the same rescue have been updated to just catch ConnectionError.
2014-11-11 14:59:41 -06:00
Joe Vennix c6bbc5bccf
Merge branch 'landing-4055' into upstream-master 2014-10-28 11:18:20 -05:00
Luke Imhoff 216360d664
Add missing require
MSP-11145
2014-10-27 15:19:59 -05:00
sinn3r 7cb4320a76
Land #3561 - unix cmd generic_sh encoder 2014-10-23 15:48:00 -05:00
sinn3r 13fd6a3374
Land #4046 - Centreon SQL and Command Injection 2014-10-23 13:17:00 -05:00
sinn3r ce841e57e2 Rephrase about centreon.session 2014-10-23 13:15:55 -05:00
sinn3r 889045d1b6 Change failure message 2014-10-23 12:55:27 -05:00
William Vu d5b698bf2d
Land #3944, pkexec exploit 2014-10-17 16:30:55 -05:00
jvazquez-r7 7652b580cd Beautify description 2014-10-17 15:31:37 -05:00
jvazquez-r7 d831a20629 Add references and fix typos 2014-10-17 15:29:28 -05:00
URI Assassin 35d3bbf74d
Fix up comment splats with the correct URI
See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
0a2940 e689a0626d Use Rex.sleep :-)
"Right is right even if no one is doing it; wrong is wrong even if everyone is doing it"

user@x:/opt/metasploit$ grep -nr "select(nil, nil, nil" . | wc -l
189
user@x:/opt/metasploit$ grep -nr "Rex.sleep" . | wc -l
25
2014-10-10 10:05:46 +01:00
sinn3r c5494e037d
Land #3900 - Add F5 iControl Remote Root Command Execution 2014-10-08 00:30:07 -05:00
jvazquez-r7 299d9afa6f Add module for centreon vulnerabilities 2014-10-07 14:40:51 -05:00
jvazquez-r7 3daa1ed4c5 Avoid changing modules indentation in this pull request 2014-10-07 10:41:25 -05:00
jvazquez-r7 341d8b01cc Favor echo encoder for back compatibility 2014-10-07 10:24:32 -05:00
jvazquez-r7 0089810026 Merge to update 2014-10-06 19:09:31 -05:00
jvazquez-r7 212762e1d6 Delete RequiredCmd for unix cmd encoders, favor EncoderType 2014-10-06 18:42:21 -05:00
0a2940 f2b9aeed74 typo 2014-10-03 11:02:56 +01:00
0a2940 f60f6d9c92 add exploit for CVE-2011-1485 2014-10-03 10:54:43 +01:00
Brandon Perry 2c9446e6a8 Update f5_icontrol_exec.rb 2014-10-02 17:56:24 -05:00
Tod Beardsley 4fbab43f27
Release fixes, all titles and descs 2014-10-01 14:26:09 -05:00
William Vu 039e544ffa
Land #3925, rm indeces_enum
Deprecated.
2014-09-30 17:45:38 -05:00
Brandon Perry 161a145ec2 Create f5_icontrol_exec.rb 2014-09-27 10:40:13 -05:00
jvazquez-r7 f2cfbebbfb Add module for ZDI-14-305 2014-09-24 00:22:16 -05:00
Jon Hart 495e1c14a1
Land #3721, @brandonprry's module for Railo CVE-2014-5468 2014-09-09 19:10:46 -07:00
Jon Hart 26d8432a22
Minor style and usability changes to @brandonprry's #3721 2014-09-09 19:09:45 -07:00
Brandon Perry db6052ec6a Update check method 2014-09-09 18:51:42 -05:00
Brandon Perry ee3e5c9159 Add check method 2014-09-02 21:35:47 -05:00
Brandon Perry 438f0e6365 typos 2014-08-30 09:22:58 -05:00
Brandon Perry f72cce9ff2 Update railo_cfml_rfi.rb 2014-08-29 17:33:15 -05:00
Brandon Perry f4965ec5cf Create railo_cfml_rfi.rb 2014-08-28 08:42:07 -05:00
jvazquez-r7 f6f8d7b993 Delete debug print_status 2014-07-22 15:00:03 -05:00
jvazquez-r7 b086462ed6 More cleanups of modules which REALLY need the 'old' generic encoder 2014-07-22 14:57:53 -05:00
jvazquez-r7 3d7ed10ea0 Second review of modules which shouldn't be affected by changes 2014-07-22 14:33:57 -05:00
jvazquez-r7 5e8da09b2d Allow some modules to use the old encoder 2014-07-22 14:28:11 -05:00
jvazquez-r7 b0f8d8eaf1 Delete debug print_status 2014-07-22 13:29:00 -05:00
jvazquez-r7 f546eae464 Modify encoders to allow back compatibility 2014-07-22 13:27:12 -05:00
William Vu ff6c8bd5de
Land #3479, broken sock.get fix 2014-07-16 14:57:32 -05:00
Tod Beardsley 6c595f28d7
Set up a proper peer method 2014-07-14 13:29:07 -05:00
Michael Messner 1b7008dafa typo in name 2014-07-13 13:24:54 +02:00
jvazquez-r7 8937fbb2f5 Fix email format 2014-07-11 12:45:23 -05:00
jvazquez-r7 eb9d2f130c Change title 2014-07-11 12:03:09 -05:00
jvazquez-r7 a356a0e818 Code cleanup 2014-07-11 12:00:31 -05:00
jvazquez-r7 6fd1ff6870 Merge master 2014-07-11 11:40:39 -05:00
jvazquez-r7 d637171ac0 Change module filename 2014-07-11 11:39:32 -05:00
jvazquez-r7 c55117d455 Some cleanup 2014-07-11 11:39:01 -05:00
jvazquez-r7 a7a700c70d
Land #3502, @m-1-k-3's DLink devices HNAP Buffer Overflow CVE-2014-3936 2014-07-11 11:25:03 -05:00
jvazquez-r7 b9cda5110c Add target info to message 2014-07-11 11:24:33 -05:00
jvazquez-r7 dea68c66f4 Update title and description 2014-07-11 10:38:53 -05:00