Commit Graph

558 Commits (6a194b3a88915f7370454f8e6dbcfe25283d7940)

Author SHA1 Message Date
joev 98628b814e Prevent Rex::Proto::Http::Client from raising on close. 2014-04-03 11:36:18 -05:00
HD Moore 7e227581a7 Rework OS fingerprinting to match Recog changes
This commit changes how os_name and os_flavor are handled
for client-side exploits, matching recent changes to the
server-side exploits and scanner fingerprints.

This commit also updates the client-side fingerprinting to
take into account Windows 8.1 and IE 9, 10, and 11.
2014-04-01 08:14:58 -07:00
jvazquez-r7 57320a59f1 Do small clean up for mediawiki_thumb pr 2014-02-10 08:57:09 -06:00
Tod Beardsley 90207628cc
Land #2666, SSLCompression option
[SeeRM #823], where Stephen was asking for SSL compression for
Meterpreter -- this isn't that, but it's at least now possible for other
Metasploit functionality.
2014-01-22 10:42:13 -06:00
William Vu dc4b4218b3 Make {COUNT,SIZE}_MAX more readable
Good suggestion, @jlee-r7.
2014-01-21 12:13:14 -06:00
William Vu 6a16cf96ba Fix bug in fsupload
Badchar analysis: file may contain form feeds.
2014-01-21 11:36:24 -06:00
William Vu 9bf90b836b Add environment variables support 2014-01-16 14:53:25 -06:00
William Vu 0915212249 Fix socket timeout bug 2014-01-16 11:58:37 -06:00
William Vu 311704fc0a Perform final cleanup 2014-01-15 13:49:37 -06:00
William Vu 27f079ad7c Move {begin,end}_job from libs to modules 2014-01-09 01:03:01 -06:00
William Vu 025fc79683 Refactor commands for modularity 2014-01-09 01:03:01 -06:00
William Vu 3fca11e5ac Replace magic numbers with constants 2014-01-09 01:03:01 -06:00
William Vu 2f2823e323 Remove newline from end_job to conform to spec 2014-01-09 01:03:01 -06:00
William Vu d3bbe5b5d0 Add filesystem commands and new PoC modules
This commit also refactors some of the code.
2014-01-09 01:03:01 -06:00
William Vu af66310e3a Address @jlee-r7's comments 2014-01-09 01:03:01 -06:00
William Vu bab32d15f3 Address @wchen-r7's comments 2014-01-09 01:03:00 -06:00
William Vu 1c889beada Add Rex::Proto::PJL and PoC modules 2014-01-09 01:03:00 -06:00
Tod Beardsley feaf6c23cf
Merge and Unconflict client.rb, new module splat
The only conflict was the regex option for no encoding, which was added
after @Meatballs1's original PR for rapid7/metasploit-framework#1421

Also fixes the module with the new license splat.

Conflicts:
	lib/rex/proto/smb/client.rb
2013-12-30 16:53:13 -06:00
Joe Vennix e10f9cc518 More whitespace fixes. 2013-11-20 15:07:51 -06:00
Joe Vennix 3ff9da5643 Remove compression options from client sockets.
I couldn't verify that it was working, as it always sends 1 compression type of NULL.
2013-11-20 14:41:45 -06:00
Joe Vennix b70b594a2a Kill extraneous comma. 2013-11-20 13:47:47 -06:00
Joe Vennix a7b01e3b72 Put initialize params back on one line, and move attr_accessors.
As per @hdm's feedback
2013-11-20 12:29:09 -06:00
Joe Vennix 9f103f8621 Whitespace tweak. 2013-11-20 01:15:15 -06:00
Joe Vennix f8b57d45cd Reenable the client SSLCompression advanced option.
Add spec for some of the additions to Rex::Proto::Http::Client
2013-11-20 01:03:13 -06:00
Joe Vennix 109fc5a834 Add SSLCompression datastore option.
Also disables the compression by default. TLS-level compression is almost
never used by browsers, and openssl seems to be the only one that enables
it by default.

This also kills some ruby < 1.9.3 code.
2013-11-19 22:34:39 -06:00
William Vu 8d4d7dae50 Restore comment header and remove carriage returns 2013-11-11 12:16:14 -06:00
Jonathan 36064ca886 remove EOL carriage return from socks4a.rb 2013-11-11 12:47:41 -05:00
Jonathan 575072585f removed shebangs from files within rex 2013-11-07 18:51:59 -05:00
Meatballs cad717a186
Use NDR 32bit syntax.
Compatible with both x86 and x64 systems.
Tidy up the module...
2013-10-12 18:52:45 +01:00
Tod Beardsley 876d4e0aa8
Land #1420, WDS scanner 2013-10-11 16:53:25 -05:00
Joshua J. Drake d04c47d2b7 Remove comment since it was addressed in 4500d09c2f 2013-09-26 19:47:54 -05:00
jvazquez-r7 9cc446ae2a Get cookies with empty values 2013-09-25 14:31:34 -05:00
jvazquez-r7 58d4096e0f Resolv conflicts on #2267 2013-09-25 13:06:14 -05:00
FireFart 7c4708b1df -) Fix get_cookies to return multiple cookies. Before it only returned the first cookie
-) Bugfix
2013-09-23 23:59:45 +02:00
HD Moore 72dff03426 FixRM #8396 change all lib use of regex to 8-bit pattern 2013-09-12 16:58:49 -05:00
Tab Assassin 8bc83f4922 Retab changes for PR #1420 2013-09-05 16:21:26 -05:00
Tab Assassin d6a7ce5328 Merge for retab 2013-09-05 16:21:13 -05:00
Tab Assassin 785c2eeb95 Retab changes for PR #1421 2013-09-05 16:20:04 -05:00
Tab Assassin a5cf67a9af Merge for retab 2013-09-05 16:19:51 -05:00
Tab Assassin 7e5e0f7fc8 Retab lib 2013-08-30 16:28:33 -05:00
sinn3r add294d999 Fix potential nil in last_filename
Replacing #2060.  It is possible to get a nil in last_filename if
the sub! function doesn't find any 0x00s to replace, so instead
it's best to use sub(), which should at least return the original
filename.  To make sure we don't hit any other unknown conditions
that may result in nil last_filename, it's also convert with to_s
to make sure it's always a string.
2013-07-09 12:50:19 -05:00
HD Moore 8e4dd29a4c Add cipher zero scanner 2013-06-30 02:35:37 -05:00
HD Moore 4fb6fa67f2 Fix require for constants, trim useless fields from banner 2013-06-26 09:59:40 -05:00
HD Moore 84117e28a8 Remove stale constants.rb require 2013-06-26 09:52:15 -05:00
James Lee b3b94c7a73 Break packet classes into their own files
This makes the file structure match the class structure and makes the
source tree easier to grok.
2013-06-24 19:24:09 -05:00
HD Moore 1801a5a270 Better HP iLO compatibility (retry on session ID error) 2013-06-24 14:23:53 -05:00
HD Moore c869112407 Cleanup, reporting, and automatic cracking 2013-06-23 01:35:31 -05:00
HD Moore 5656e0cb7a Initial commit of IPMI library, scanner, & cracker 2013-06-22 23:38:28 -05:00
jvazquez-r7 3f665ba5a0 Skip also max-age from cookies 2013-06-17 14:04:08 -05:00
James Lee af613ee254 Add a more readable #inspect 2013-06-11 15:22:49 -05:00
Tod Beardsley 14c4dbcf8c Also remove *.ts.rb files
On the heels of #1862, this gets rid of the "test suites" that bound
together all the old unit tests.
2013-05-28 17:05:44 -05:00
Tod Beardsley 05916c079e Inline unit tests are so last decade
Aside from codebase-wide changes, nearly all of these tests haven't been
touched since before 2010, and there is no effort to maintain this style
of testing. We've moved on to (correctly) seperating out our tests from
our codebase.
2013-05-23 12:41:14 -05:00
James Lee f4498c3916 Remove $Id tags
Also adds binary coding magic comment to a few files
2013-05-20 16:21:03 -05:00
Tasos Laskos 6bf19c6fb8 HTTP::ClientRequest: Should handle nils in params
When hashes for params contain nils, they should be converted to empty
strings instead of crashing.

* #to_s: Calls #to_s on vars_get and vars_post data
* #set_encode_uri: Calls #to_s on its arg
2013-04-30 22:01:00 +03:00
Meatballs bbd53a2dbd Add domain to get_cookies 2013-04-26 20:34:21 +01:00
Meatballs b25b9e769c Msftidy 2013-04-26 20:30:04 +01:00
Meatballs 1f2cab7aef Tidyup and getcookies 2013-04-26 20:26:04 +01:00
Meatballs 9ad19ed2bf Final tidyup 2013-04-26 15:41:28 +01:00
Meatballs c7ac647e4e Initial attempt lfi 2013-04-26 14:32:18 +01:00
Meatballs e4ff7a2f2c Address egypt's feedback 2013-04-09 21:15:04 +01:00
Luke Imhoff bc4b87ebd9 Fix Undocumentable method defined on object instance YARD warnings
[#46491831]

Change code to use format that YARD can document without changing
semantics.
2013-03-30 16:05:12 -05:00
Luke Imhoff c210260845 Fix Undocumentable method, missing name YARD warning
[#46491831]

Comments at the start of the file with ## caused YARD to think the
comment was documenting the require call.  By removing the ##, the
warning disappeared.  I did not determine what is special about ## in
file comments.
2013-03-30 15:32:38 -05:00
James Lee 0a9b00e24c Apparently missed part of mubix's original changes
Used by auxiliary/admin/smb/list_directory
2013-03-07 21:20:46 -06:00
James Lee c3fa62cd59 Whitespace at EOL 2013-03-07 18:16:57 -06:00
Meatballs df3361df50 Merge branch 'master' into wds_scanner_repull 2013-03-07 20:09:44 +00:00
James Lee 27727df415 Merge branch 'R3dy-psexec-mixin2' into rapid7 2013-03-05 14:36:55 -06:00
David Maloney 6dcca7df78 Remove duplicated header issues
Headers were getting duped back into client config, causing invalid
requests to be sent out
2013-03-04 11:24:26 -06:00
David Maloney 6d811ce4b9 empty passwords should be allowed 2013-03-04 09:09:11 -06:00
David Maloney 4212c36566 Fix up basic auth madness 2013-03-01 11:59:02 -06:00
David Maloney 902948e5d3 cleanup options 2013-03-01 11:01:00 -06:00
James Lee 5a79fcd11e Ensure we build only one Authorization header
Also fixes an issue where Host headers were generated with nil by
preferring the vhost from Client instead of the default nil from
ClientRequest.
2013-02-28 13:47:30 -06:00
James Lee 425c245771 Axe set_cgi in favor of set_uri
They were identical except for a couple of extra bugs in set_cgi.

Also changes ```split("/")``` to ```split("/", -1)```, which behaves
correctly when the input has a seperator at the beginning or end.
2013-02-27 19:13:05 -06:00
James Lee b0745b090a Msf HTTP uses this directly, can't axe it 2013-02-27 17:54:31 -06:00
James Lee 4edd46216f Refactor config -> opts
Puts all the evasion stuff in the same place as regular HTTP options to
make it easier to deal with.
2013-02-27 17:29:26 -06:00
James Lee d5ae54cbb6 More accurate docs 2013-02-27 16:27:37 -06:00
James Lee 7a7dd8975f Hmm, turns out something actually used that
Despite comments to the contrary
2013-02-26 18:16:54 -06:00
James Lee 29df20996e Move most of the configuration into ClientRequest
Also fixes in-place modification of the query string which resulted in
duplication of the GET parameters when calling #to_s more than once.
2013-02-26 17:38:09 -06:00
James Lee 579c11bc69 Set reasonable defaults for more things
All current tests are passing now
2013-02-26 14:25:46 -06:00
James Lee d7de3b75a4 Format Authorization header like others
Also sorts the set_*_header methods
2013-02-26 14:18:20 -06:00
James Lee c206ac4998 Set some reasonable defaults
Fixes a number of nil deref issues
2013-02-26 14:15:51 -06:00
James Lee d463460da7 Default cgi to true when not given 2013-02-26 13:33:54 -06:00
James Lee 764bbbb8e5 Whitespace 2013-02-26 13:33:19 -06:00
James Lee 5e0161d3f7 Reflect new ClientRequst in docs 2013-02-26 13:31:24 -06:00
James Lee 5ac20e1b02 Merge branch 'feature/http/authv2' of git://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-feature/http/authv2
Conflicts:
	lib/rex/proto/http/client.rb
2013-02-26 12:08:00 -06:00
David Maloney c104fa6d97 Add spec and a few fixes for set_uri 2013-02-26 11:01:16 -06:00
James Lee 1ce86b7adb Whitespace 2013-02-25 14:29:10 -06:00
David Maloney accd620843 Clean up pry 2013-02-19 23:50:30 -06:00
David Maloney b2563dd6c2 trying to clean up the mess from the revert 2013-02-19 21:25:37 -06:00
David Maloney dac1147473 merge client config into opts 2013-02-19 19:41:42 -06:00
David Maloney de4234f0ad Some more YARD docs 2013-02-19 18:48:03 -06:00
David Maloney a4905e43a2 Fix the way creds are passed + YARD
some ayrddocs on send_auth plus fix the wierd way i was passing creds
around
2013-02-19 18:40:39 -06:00
David Maloney 0662677a72 First minor cleanup sweep 2013-02-19 17:19:16 -06:00
James Lee 867ab2f269 Whitespace 2013-02-18 19:01:03 -06:00
David Maloney d23ca8f599 Merge branch 'master' into feature/http/authv2
Conflicts:
	lib/rex/proto/http/client.rb
2013-02-17 22:58:23 -06:00
David Maloney 87d9af585e fix request_raw 2013-02-17 21:35:19 -06:00
David Maloney dd26b08197 first run at Clientrequest object
need a reliable object class for request_raw and request_cgi so that we
can manipulate requests in a safe and sane manner. It is not a eprfect
solution, but should fix what we need for the auth work.
2013-02-17 19:25:27 -06:00
James Lee a902480576 Break out subclasses into their own files 2013-02-17 06:57:35 -06:00
Tod Beardsley 8ddc19e842 Unmerge #1476 and #1444
In that order. #1476 was an attempt to salvage the functionality, but
sinn3r found some more bugs. So, undoing that, and undoing #1444 as
well.

First, do no harm. It's obvious we cannot be making sweeping changes in
libraries like this without a minimum of testing available. #1478 starts
to address that, by the way.

FixRM #7752
2013-02-11 20:49:55 -06:00
David Maloney f90fdcd5eb Missed nil check 2013-02-11 13:14:05 -06:00
David Maloney 0ccf7dd58a trust any manualy set basic auth header
for now we will assume the module author knows what they are doing.
2013-02-11 13:06:26 -06:00