Commit Graph

30582 Commits (79a3a483487b17b7e584f2c2d1d25f9cc807de97)

Author SHA1 Message Date
Meatballs 79a3a48348 Correct description 2015-01-30 11:20:02 +00:00
Meatballs e492f56ac0 Error if no database 2015-01-30 11:20:02 +00:00
Meatballs e6dbc15f40 Line length modification 2015-01-30 11:20:02 +00:00
Meatballs 044e3bd608 Golden Ticketz Post module 2015-01-30 11:20:02 +00:00
William Vu aec0067d14
Land #4673, screenshot -v hardcoded false fix 2015-01-29 19:40:15 -06:00
sinn3r 59eec8f81e
Land #4666 - Improve utility of meterpreter file upload command
Fix #4665
2015-01-29 19:12:31 -06:00
sinn3r 823c75908d Fix #4672 - Fix Hardcoded false for screenshot -v
Fix #4672
2015-01-29 16:54:41 -06:00
William Vu 7c793f9bbf
Land #4663, greppable msfvenom -l
And --payload-options.
2015-01-29 14:27:46 -06:00
sinn3r 4ad4765350 Merge pull request #25 from wvu-r7/pr/4663
Change "Options for" line to stderr
2015-01-29 14:00:23 -06:00
Brent Cook 212aeb9106 Improve utility of meterpreter file upload command
Rather than assume that the destination argument is a directory, check
first, and then do the same thing that 'cp' would do.

 - If dest exists and is a directory, copy to the directory.
 - If dest exists and is a file, copy over the file.
 - If dest does not exist and is a directory, fail.
 - If dest does not exist and is a file, create the file.
2015-01-29 13:45:15 -06:00
William Vu 6fdd2abc8d
Change "Options for" line to stderr 2015-01-29 13:38:29 -06:00
William Vu 6ecb36df52
Land #4653, get/set/unset description improvement 2015-01-29 13:28:06 -06:00
sinn3r b1b59dac7c Almost forgot this one again 2015-01-28 19:43:56 -06:00
sinn3r f6238f1ffb Auto-trim descriptions 2015-01-28 19:42:06 -06:00
sinn3r ae0214517a Fix #4662 - Change stderr to stdout so people can grep
Fix #4662
2015-01-28 18:23:36 -06:00
sinn3r 9d8d17805d
Land #4661 - Replace direct class comparison with kind_of? 2015-01-28 18:06:43 -06:00
James Lee bb17d75425
Replace direct class comparison with kind_of? 2015-01-28 17:00:15 -06:00
Samuel Huckins 8c55b660fc
Using latest MDM and credential gems
* Had to revert changes related to service uniqueness validation
(MSP-11643) due to newly discovered regressions
2015-01-28 16:14:48 -06:00
sinn3r 53af758a03
Land #4660 - Add a check() for mssql_payload 2015-01-28 15:47:33 -06:00
sinn3r 0f88d0ad75 Change print_* to vprint_*
According to our wiki doc, all print_* should be vprint_* for check()
2015-01-28 15:44:14 -06:00
sinn3r cc7be4a9c1
Land #4643 - Fix blank username bug in creds -u
Fix #4634
2015-01-28 15:31:54 -06:00
James Lee 51764eb207
Add a check() for mssql_payload 2015-01-28 13:44:16 -06:00
sinn3r f0742a38e2 The get command too 2015-01-28 12:59:51 -06:00
jvazquez-r7 5475cf50aa
Land #4655, @wchen-r7's custom 404 for BrowserExploitServer 2015-01-27 23:03:08 -06:00
sinn3r 457598eb02 print_error about unknown request.uri 2015-01-27 20:21:18 -06:00
sinn3r acf02647fb Add a check for Custom404 2015-01-27 20:18:10 -06:00
sinn3r 66703bfe5a Allow custom 404 as an option for BrowserExploitServer
When something fails, the target is given a hardcoded 404 message
generated by the framework. But the user (attacker) now can configure
this. When the Custom404 option is set, the mixin will actually
redirect (302) to that URL.

There are several scenarios that can trigger a 404 by BES (custom or
default):

* When the browser doesn't allow javascript
* When the browser directly visits the exploit URL, which is forbidden.
  If this actually happens, it probably means the attacker gave the
  wrong URL.
* The attacker doesn't allow the browser auto-recovery to retry the
  URL.
* If some browser requirements aren't met.
* The browser attempts to go to access a resource not set up by the
  mixin.
2015-01-27 18:53:02 -06:00
James Lee 895284cd12
Fix logic around empty usernames or passwords
See #4634 and #4642
2015-01-27 14:16:26 -06:00
James Lee 9f4daa4e03
Add a couple more specs 2015-01-27 14:09:00 -06:00
sinn3r 68fec0fee5 Update output for set/unset 2015-01-27 13:58:54 -06:00
jvazquez-r7 465b4a5c1b
Land #4652, @wchen-r7's ms13-037 svg exploit update to use BES 2015-01-27 13:47:35 -06:00
sinn3r d29a74cd8f Fix #4641 - Explain the set/unset command a little bit better
Sometimes we forget the set command is context specific. For example,
if run from a module's context, it will set the value in the module's
datastore.

Fix #4641
2015-01-27 13:35:05 -06:00
sinn3r ffd1257bff
Make sure this branch is up to date. 2015-01-27 12:16:15 -06:00
sinn3r bb9c961847 Change description a bit 2015-01-27 12:14:55 -06:00
William Vu b030327965
Land #4647, get_module_resource NilClass fix 2015-01-27 12:07:08 -06:00
sinn3r 2dedaee9ca Working version after the upgrade 2015-01-27 12:02:36 -06:00
William Vu ae22cf1b47
Land #4650, #strip NilClass fix 2015-01-27 11:13:33 -06:00
William Vu 7d7139d769
Consistent-ize whitespace 2015-01-27 11:11:02 -06:00
Tod Beardsley d8200c65a8
Strip safely, avoid nil.strip errors 2015-01-27 11:06:55 -06:00
William Vu 5b3d877b25
Land #4648, for real 2015-01-27 11:00:22 -06:00
William Vu 2b706f222a
Land #4648, YAML parsing fix
Prefer regex. For reasons...
2015-01-27 10:59:05 -06:00
William Vu a88a631b66
Fix #strip 2015-01-27 10:58:24 -06:00
Tod Beardsley d2bf1a73ff
Don't need to require YAML anymore either 2015-01-27 10:40:57 -06:00
William Vu bf39a7a933
Land #4648, YAML parsing fix
Prefer regex. For reasons...
2015-01-27 10:39:03 -06:00
Tod Beardsley cafbd1af51
Prefer a regex over YAML parsing
Fixes a bug introduced in #4645
2015-01-27 10:34:56 -06:00
James Lee a2c7ebc2b1
Simplify logic 2015-01-27 09:05:11 -06:00
James Lee 5985f37fe8
Only need one origin 2015-01-27 09:02:30 -06:00
James Lee ca44ae2109
Consistent commas 2015-01-27 08:41:24 -06:00
James Lee eac7b11a87
Merge remote-tracking branch 'upstream/master' into bug/4634/blank-username
Conflicts:
	lib/msf/ui/console/command_dispatcher/db.rb
	spec/lib/msf/ui/console/command_dispatcher/db_spec.rb
2015-01-27 08:40:07 -06:00
James Lee aea26e1e21
Add negative spec 2015-01-27 08:14:48 -06:00