86d8aab854
Land #5040 : Remove wininet hack for http/s meterp
2015-03-31 14:50:13 +10:00
d89cd118e0
remove wininet workaround in meterpreter http/s
...
We had a workaround to close connections on very old wininet implementations
that would not do it themselves. With the new WinHttp API-using meterpreters
and stagers, we no longer should use this workaround. It can actually be
actively bad and prematurely close the connection.
This needs testing around different payloads, and they should be on real
networks, ideally where TCP really has to work to get data transfered.
2015-03-30 23:38:32 -05:00
dfaf1b3a8f
Stub monitor_sock so we don't leak threads
2015-03-30 22:03:39 -05:00
47d85af811
Really truly update schema for reals
...
Srsly
2015-03-30 18:35:17 -05:00
e73286cfa5
update stale references
2015-03-30 17:17:48 -05:00
97d788676c
Set dynamic_size true for x64 stageless
2015-03-31 07:37:46 +10:00
253e5d7dff
Include correct module, remove specified encoder type
2015-03-31 07:23:51 +10:00
790a08a848
It's pronounced "exploit", not "assoc_exploit"
2015-03-30 16:21:17 -05:00
3f0f659eaf
Land #5019 , add rescues to some LoginScanners
2015-03-30 16:06:51 -05:00
bf2d37c511
Axe superfluous line in Gemfile
...
Covered by the gemspec
2015-03-30 14:57:12 -05:00
d3dd7ecfc5
Update to latest schema
2015-03-30 14:10:06 -05:00
2394d4bae8
Merge branch 'staging/single-vuln-push' into feature/MSP-11934/refactor-report-exploit-success
...
Conflicts:
Gemfile
Gemfile.lock
spec/support/shared/examples/msf/db_manager/exploit_attempt.rb
2015-03-30 14:08:54 -05:00
2ab4584079
Merge remote-tracking branch 'upstream/master' into staging/single-vuln-push
2015-03-30 13:50:52 -05:00
46d4d6b588
Update to latest Mdm
2015-03-30 13:48:21 -05:00
1b0e3f13c6
Remove unnecessary extra assignment
2015-03-30 13:14:36 -05:00
310779d7bf
Death to hashrockets
2015-03-30 13:13:58 -05:00
6386289d80
Remove bogus spec
...
No longer necessary to check that we're instantiating an Msf::Module
because we get the same information by reusing an existing
Mdm::Module::Detail
2015-03-30 13:10:36 -05:00
e65f4e92ea
Separate the two ways to make `Mdm::Session`s
...
Failing spec due to reuse of Mdm::Module::Detail instead of also
instantiating an Msf::Module
2015-03-30 13:05:20 -05:00
b770f8dca4
Land #5026 , #5027 , #5028 : Doc grammar
...
This merge covers three PRs. It /should/ autoresolve #5026 and #5028 , but
I will have to manually close #5027 with this comment.
2015-03-30 12:55:19 -05:00
18e3a78285
Using latest released MDM
2015-03-30 12:51:12 -05:00
613f4777ce
Land #5024 , add joomla_ecommercewd_sqli_scanner.rb
2015-03-30 12:45:09 -05:00
374db22d5b
Re-enable host lookup for _failure
...
Again needed when called from exploit_driver because nothing is reported
yet at that point.
Also adds some yardoc
2015-03-30 12:30:52 -05:00
f663f39e1f
Bring in #5026 for minor edits
2015-03-30 12:11:29 -05:00
be7ffc9a0d
Bring in #5027 for only a couple edits
...
Switching from " to ' is usually more trouble than it's worth, even if
it's more technically correct. The original PR had a great example of
that kind of error, where you accidentally screw up an interior
apostraphe.
[See #5027 ]
2015-03-30 12:08:52 -05:00
7697ff1295
Revert a couple of the suggested edits
...
In the main, though, the edits are good. Just disagree with a couple.
[See #5028 ]
2015-03-30 12:04:15 -05:00
ffc9659024
Bring in #5028 for more edits
2015-03-30 11:59:18 -05:00
2181c572b8
Land #5021 , nessus.rb "imported" status
2015-03-30 11:33:55 -05:00
8ea1ffc6ff
Land #5030 , CVE-2015-0313 Flash Exploit
2015-03-30 11:31:53 -05:00
103373a7eb
add back accidentally remvoed error
...
accidentally dropped Errno::ETIMEDOUT from the exception
handling
MSP-12389
2015-03-30 11:19:28 -05:00
ee404713f1
Land #5014 , @wchen-r7's module for MS14-052
...
* As auxiliary module to gather info about existent local files
2015-03-30 11:02:56 -05:00
8ff54ff98d
Add msb reference
2015-03-30 10:58:08 -05:00
9af1e76bf7
Obfuscate js
2015-03-30 10:52:01 -05:00
c7fa01c5ae
Rename file
2015-03-30 10:39:33 -05:00
6610504b10
Update payload spec
2015-03-30 21:07:30 +10:00
c28cc66398
Add x64 bind_tcp and reverse_ipv6_tcp
...
Also fix up a couple of modules to use Metasploit4 instead of
Metasploit3.
2015-03-30 18:59:30 +10:00
f0eeef3cbb
Move copy-pasta into a new method
2015-03-30 01:43:56 -05:00
49902a6395
We actually do need the port/proto for failure
...
Because it is called from lib/msf/core/exploit.rb Exploit#report_failure
with datstore values
Partial revert of e3605aa252
2015-03-30 01:01:34 -05:00
7b1ac29788
Fix subject
2015-03-30 00:53:31 -05:00
415510ca6a
Fix stupid typo that made vuln_id an Array
2015-03-30 00:52:02 -05:00
283e50fd42
Check the case of having no vuln
2015-03-30 00:09:49 -05:00
3d2f9b282d
Land #5031 , fix ms10_104_sharepoint description
2015-03-30 00:00:21 -05:00
13fc498523
Land #4948 , fixes several AppScan import issues
2015-03-29 23:33:01 -05:00
26792975eb
Refactor of code to reduce duplication
...
Add mixin for the stageless http preparation
2015-03-30 13:18:56 +10:00
f8851551c5
Add initial x64 stageless meterrpeter module
2015-03-30 11:23:51 +10:00
fdcf1297a6
Tweaks to the stageless materpreter x64 payload
2015-03-30 11:09:49 +10:00
0fa812e5ba
Merge upstrea/master
2015-03-30 10:17:17 +10:00
ae86f23b4d
Land #5033 : Fix logic in EncodedPayload
2015-03-30 10:16:35 +10:00
e65ac57d1b
Fix a logic check in EncodedPayload, which unbreaks stageless testing
2015-03-29 19:08:35 -05:00
ce8f6d72e1
More work on x64 stageless
...
Testing with HD's new changes that allow for generation of larger x64
payloads
2015-03-30 09:51:04 +10:00
28b9e89963
removed duplicate "uses" from description
2015-03-29 19:40:31 -04:00
OJ
Brent Cook
James Lee
Brandon Perry
Tod Beardsley
Samuel Huckins
sinn3r
Dillon Korman
David Maloney
jvazquez-r7
Joshua Smith
HD Moore
h00die