2c013cada8
Update documentation for default values
2013-02-28 11:05:18 -06:00
86d78939ad
Make objId optional
2013-02-28 11:01:15 -06:00
9f35452d73
Beef up the default values for precise alloc size and consistency
2013-02-28 10:35:40 -06:00
425c245771
Axe set_cgi in favor of set_uri
...
They were identical except for a couple of extra bugs in set_cgi.
Also changes ```split("/")``` to ```split("/", -1)```, which behaves
correctly when the input has a seperator at the beginning or end.
2013-02-27 19:13:05 -06:00
16bba7a6ac
Add test for pad_get_params
2013-02-27 18:06:55 -06:00
b0745b090a
Msf HTTP uses this directly, can't axe it
2013-02-27 17:54:31 -06:00
4edd46216f
Refactor config -> opts
...
Puts all the evasion stuff in the same place as regular HTTP options to
make it easier to deal with.
2013-02-27 17:29:26 -06:00
5606db3f9c
Re-enable some commented tests
2013-02-27 16:28:17 -06:00
d5ae54cbb6
More accurate docs
2013-02-27 16:27:37 -06:00
e7015985e7
Added CVE-2012-2686
...
Added Module for a DoS issue in OpenSSL (pre 1.0.1d). Can be exploited
with services that use TLS >= 1.1 and AES-NI. Because of improper
length computation, an integer underflow occurs leading to a
segmentation fault. This module brute-forces serveral encrypted
messages - when the decrypted message coincidentally specifies a
certain value for the size, the integer underflow occurs. Though this
could be accomplished more effectively (e.g. implementing or
maninpulating and TLS implementation), this module still does what it
should do.
2013-02-27 22:57:53 +01:00
bb02dc43b3
Documentation
2013-02-27 15:34:21 -06:00
312638d6a5
Correct allocation size for IE10
2013-02-27 14:32:39 -06:00
e3f0757304
Improved version thanks to corelanc0d3r
2013-02-27 14:08:57 -06:00
d3b3587660
Merge branch 'rapid7' into dmaloney-r7-feature/http/authv2
2013-02-27 14:01:57 -06:00
6723352b9a
Merge branch 'master' into setstringproperty_spray
2013-02-27 11:17:23 -06:00
2a7b4ee3d8
Merge branch 'master' into setstringproperty_spray
2013-02-27 11:15:52 -06:00
4085fa73c5
Merge branch 'stephenfewer-master'
2013-02-27 11:13:10 -06:00
724b32af17
Fixed the importing of NBE files
2013-02-26 16:55:26 -08:00
7a7dd8975f
Hmm, turns out something actually used that
...
Despite comments to the contrary
2013-02-26 18:16:54 -06:00
29df20996e
Move most of the configuration into ClientRequest
...
Also fixes in-place modification of the query string which resulted in
duplication of the GET parameters when calling #to_s more than once.
2013-02-26 17:38:09 -06:00
935304ee0c
No longer pending
2013-02-26 16:36:36 -06:00
93537de68c
Use let and subject blocks for better readability
2013-02-26 16:27:32 -06:00
f16cec552a
increase timeout with new checks
2013-02-26 14:27:04 -06:00
2ec2489f52
Test for general ssl before testing ciphers
2013-02-26 14:26:14 -06:00
579c11bc69
Set reasonable defaults for more things
...
All current tests are passing now
2013-02-26 14:25:46 -06:00
d7de3b75a4
Format Authorization header like others
...
Also sorts the set_*_header methods
2013-02-26 14:18:20 -06:00
c206ac4998
Set some reasonable defaults
...
Fixes a number of nil deref issues
2013-02-26 14:15:51 -06:00
1cb2717fe7
fix weak and strong cipher enumerators
2013-02-26 14:13:17 -06:00
3334257aa4
Merge branch 'bug/fix_screenspy' of github.com:kernelsmith/metasploit-framework into kernelsmith-bug/fix_screenspy
2013-02-26 13:54:47 -06:00
38af8ba866
Merge branch 'feature/sqli-exploitation-mssql' of github.com:tasos-r7/metasploit-framework into tasos-r7-feature/sqli-exploitation-mssql
2013-02-26 13:41:32 -06:00
d463460da7
Default cgi to true when not given
2013-02-26 13:33:54 -06:00
764bbbb8e5
Whitespace
2013-02-26 13:33:19 -06:00
5e0161d3f7
Reflect new ClientRequst in docs
2013-02-26 13:31:24 -06:00
7b3a11f2f9
Axe tests that belong in client_request_spec
2013-02-26 13:28:44 -06:00
cae030ccd7
Whitespace
2013-02-26 13:25:37 -06:00
1869cb5f8d
fix timeout
...
20 seconds is way too long for jsut opening a socket
2013-02-26 13:20:16 -06:00
5ac20e1b02
Merge branch 'feature/http/authv2' of git://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-feature/http/authv2
...
Conflicts:
lib/rex/proto/http/client.rb
2013-02-26 12:08:00 -06:00
c104fa6d97
Add spec and a few fixes for set_uri
2013-02-26 11:01:16 -06:00
470a9be712
Merge branch 'master' of github.com:rapid7/metasploit-framework
2013-02-26 08:54:29 -06:00
75a36ce171
Merge pull request #1154 from todb/feature/go_pro
2013-02-26 01:09:24 -06:00
abdcde06cd
Fix polarcms_upload_exec exploit
2013-02-25 22:58:26 -08:00
08275e8d83
Process.spawn instead of system
...
Per @bturner-r7's comment here:
https://github.com/rapid7/metasploit-framework/pull/1514#discussion_r3129535
2013-02-25 19:49:02 -06:00
0158919031
Merge branch 'master' of github.com:L1ghtn1ng/metasploit-framework into L1ghtn1ng-master
2013-02-25 19:41:29 -06:00
a429dc1962
Merge branch 'polar_cms_upload_exec' of github.com:wchen-r7/metasploit-framework into wchen-r7-polar_cms_upload_exec
2013-02-25 19:40:21 -06:00
181e3c0496
Uses normalize_uri
2013-02-25 19:36:48 -06:00
cbce1bdff2
update module description
...
This adds the version of wordpress the issue was fixed in to the description
2013-02-26 00:24:46 +00:00
8cff88efac
Change from web ui to community / pro
2013-02-25 15:45:55 -06:00
d9627151c0
Add socket context option
...
Add the option for a socket context so pivoting will work
2013-02-25 15:01:42 -06:00
b6458d2bfa
Update MDM gem in gemcache
2013-02-25 15:01:08 -06:00
1ce86b7adb
Whitespace
2013-02-25 14:29:10 -06:00
sinn3r
James Lee
Wolfgang Ettlinger
Gerry Eisenhaur
David Maloney
Brandon Turner
Joe Rozner
Tod Beardsley
J.Townsend