76e0305dcf
Merge remote-tracking branch 'upstream/master' into web-modules
2013-01-29 01:06:26 +02:00
fc833ea8df
Catch exceptions and return value
2013-01-28 10:30:59 -06:00
169f91159e
added 'from' PID to meterpreter migrate message
2013-01-27 21:18:49 -06:00
27aae87c18
Stop aggravating default show screenshot
...
A better fix would have it detect default browsers
as being text only like lynx. But this has got to
go one way or another. Loosing shell because I forgot
to do -v false is wall punch worthy
2013-01-24 22:06:51 -05:00
9aaca2eae9
Auxiliary::Web::HTTP: updated exception handling
...
[FIXRM #7724 ]
Updated #run and #_requestto rescue and elog all exception.
2013-01-24 22:07:17 +02:00
60e871b8d4
Merge pull request #1365 from todb-r7/banner-logos
...
Delivers Pro #41793473
2013-01-24 09:07:41 -08:00
477ab65d55
Exploit::Remote::Web: added #tries method
...
#tries method indicates how many times we should run a module until
we establish a session.
2013-01-23 23:05:22 +02:00
e920594534
Whitespace cleanup, no blank lines plz
2013-01-23 14:23:38 -06:00
d0382b68c7
One more backslash
2013-01-23 14:18:40 -06:00
40dcbe0e89
Fix escaping, whitespace
...
Since banners are now just data and not code, they don't need their
backslashes escaped any more.
2013-01-23 14:16:49 -06:00
537e12cf16
Render the banners nicely
2013-01-23 13:59:34 -06:00
b4f5c3b6ed
Fix up set_rhosts for all db commands
2013-01-23 10:10:02 -06:00
1477cda3d4
fix set_rhosts behavior/bugs.
...
msf exploit(rails_xml_yaml_code_exec) > hosts
Hosts
=====
address mac name os_name os_flavor os_sp purpose info comments
------- --- ---- ------- --------- ----- ------- ---- --------
10.0.0.105 00:0C:29:59:65:08 VMWIN2000SP4 Microsoft Windows client
msf exploit(rails_xml_yaml_code_exec) > hosts -R
Hosts
=====
address mac name os_name os_flavor os_sp purpose info comments
------- --- ---- ------- --------- ----- ------- ---- --------
10.0.0.105 00:0C:29:59:65:08 VMWIN2000SP4 Microsoft Windows client
RHOSTS => 10.0.0.105
msf exploit(rails_xml_yaml_code_exec) > exit
2013-01-23 10:00:24 -06:00
9e5370eb2f
Merge branch 'slight_speedup_to_db_hosts-R' of github.com:kernelsmith/metasploit-framework into kernelsmith-slight_speedup_to_db_hosts-R
2013-01-23 00:20:55 -06:00
33e9f182bd
Merge remote-tracking branch 'upstream/master' into web-modules
2013-01-22 23:43:25 +02:00
6b5c6c3a0c
Auxiliary::Web::Analysis::Differential
...
Removed payload option from #process_vulnerability call
2013-01-22 23:41:36 +02:00
0d564c1ce8
Auxiliary::Web::Analysis::Timing
...
Updated to pick the largest matching payload from the payload list.
2013-01-22 23:40:30 +02:00
f2beb5bf19
Auxiliary::Web#process_vulnerability: payload fix
...
Updated to pick the largest matching payload from the payload list.
2013-01-22 23:39:16 +02:00
fed4a836c6
Updated proof string for Web Differential Analysis
...
Manipulatable responses => Boolean manipulation
2013-01-22 20:29:57 +02:00
4740cb09a1
Fix NoMethodError if handler has no ParentModule
...
db.rb assumes that multi/handler sessions have a ParentModule defined
in their datastore. This assumption breaks when a user sets up a
multi/handler by hand to receive a session from another user (e.g.,
via multi_meter_inject).
When db.rb tries to access a member of a nil ParentModule, a
stacktrace is dumped to framework.log.
2013-01-22 02:56:43 -05:00
d6ed6cd5e4
Fix a stack overflow in bidirectional pipe
2013-01-22 00:27:03 -06:00
b2c7223108
Cleanup for mysql_file_enum.rb
2013-01-21 12:26:35 +01:00
f05e358058
replace unless rhosts.include? with rhosts.uniq!
...
seems like this will speed up the process due to far less Array lookups
2013-01-21 00:46:05 -06:00
23d1eb7a80
File/dir brute forcer using MySQL
2013-01-20 21:23:58 +00:00
9f42abdb95
Whitespace fixup
2013-01-18 15:44:52 -06:00
0c3e7ee3e0
Merge remote-tracking branch 'Meatballs1/reboot_force2'
2013-01-18 15:01:51 -06:00
bfd58e9570
Add a comment doc for future parser writers
2013-01-18 14:59:41 -06:00
ef97b20cb7
Merge branch 'wds_unattend'
2013-01-18 14:42:00 -06:00
6e8e7a407d
adds a .nil? check as well
2013-01-17 00:30:58 -06:00
7090a4a82f
adds check for empty data b4 sending to parser [RM7269]
...
[fixes RM7269]
we discussed the solution to this bug a lot on IRC and in the ticket
itself, the consensus was to fix it as far upstream as possible before
sending to the parsers so as to avoid any future bugs of the same
nature, so this commit adds a check to import_nmap_xml to see if the
data is empty before passing it on to the parser, whether that parser
is nokogiri or the legacy parser.
db_nmap -h now produces the expected output and db_nmap still works as
expected.
2013-01-17 00:18:13 -06:00
4fd4af1f43
Fix typo that breaks record_mic command
2013-01-16 16:30:38 -06:00
c621e83ffe
Merge branch 'feature/stage_encoding' of github.com:jlee-r7/metasploit-framework into jlee-r7-feature/stage_encoding
2013-01-15 23:31:40 -06:00
26b40666ce
Merge branch 'rapid7' into feature/stage_encoding
2013-01-15 15:10:58 -06:00
ee14c1c613
Merge remote-tracking branch 'R3dy/psexec-mixin2' into rapid7
2013-01-15 12:58:50 -06:00
4883cf4b01
Minor doc comment additions
2013-01-15 12:49:43 -06:00
d36e38fca6
Move encoding into handle_connection
...
* Allows payloads that override generate_stage to still take advantage
of stage encoding
* Also adds doc comments for a few methods
2013-01-15 10:34:31 -06:00
9d4366fdab
Merge remote-tracking branch 'wchen-r7/irb_terminatelineinput'
2013-01-15 01:50:15 -08:00
6064dfcb71
Merge remote-tracking branch 'wchen-r7/fail_to_reload_fix'
2013-01-15 01:43:07 -08:00
a1e853500f
Merge branch 'bug/optint_empty' into feature/stage_encoding
2013-01-14 15:50:39 -06:00
21c18b78e6
Don't bother nil check, to_s handles it
2013-01-14 15:47:58 -06:00
0c90171fa7
Deal with alread-normalized ints
...
[See #1308 ][See #1304 ]
2013-01-14 15:31:14 -06:00
fb19ec1005
Merge branch 'rapid7' into feature/stage_encoding
2013-01-14 15:20:23 -06:00
b2ecb18a71
Allow OptInt to pass "" for special reasons
...
Cheap fix
2013-01-14 14:55:48 -06:00
07d15baf89
Merge branch 'bug/opt_int_hex' of github.com:jlee-r7/metasploit-framework into jlee-r7-bug/opt_int_hex
2013-01-14 14:40:25 -06:00
bbb3fa25be
Allow negative values for OptInt
...
[FixRM #7540 ]
2013-01-14 14:18:56 -06:00
b3b68c1b90
Make stage encoding possible
...
* Fixes a bug in shikata where input greater than 0xffff length would
still use 16-bit counter
* Short circuits finding bad xor keys if there are no bad characters to
avoid
* Fixes huge performance issue with large inputs to xor-based encoders
due to the use of String#+ instead of String#<< in a loop. It now
takes ~3 seconds on modern hardware to encode a 750kB buffer with
shikata where it used to take more than 10 minutes. The decoding side
takes a similar amount of time and will increase the wait between
sending the second stage and opening a usable session by several
seconds.
I believe this addresses the intent of pull request 905
[See #905 ]
2013-01-13 21:07:39 -06:00
0d34e0b249
Fix regex for hex numbers
2013-01-13 20:53:40 -06:00
90b0a7035b
Recover the prompt again
2013-01-13 13:24:48 -06:00
4703a6f737
Unbreak OptInt hex syntax
...
* Fix spec for no-longer-pending tests
* Fix regex in OptInt#valid? to allow hex syntax again
[See #1293 ][See #1296 ]
2013-01-12 14:17:29 -06:00
2f2a5c1d47
[FixRM: #2100 ] Rescue TerminateLineInput in irb
...
In irb, when you hit ^c, you will get an ugly backtrace. This
fix handles that exception.
2013-01-12 01:43:40 -06:00
Tasos Laskos
sinn3r
rogueclown
Rob Fuller
Trevor Rosen
Tod Beardsley
HD Moore
Raphael Mudge
jvazquez-r7
kernelsmith
Robin Wood
James Lee