Meatballs
79a3a48348
Correct description
2015-01-30 11:20:02 +00:00
Meatballs
e492f56ac0
Error if no database
2015-01-30 11:20:02 +00:00
Meatballs
e6dbc15f40
Line length modification
2015-01-30 11:20:02 +00:00
Meatballs
044e3bd608
Golden Ticketz Post module
2015-01-30 11:20:02 +00:00
William Vu
aec0067d14
Land #4673 , screenshot -v hardcoded false fix
2015-01-29 19:40:15 -06:00
sinn3r
59eec8f81e
Land #4666 - Improve utility of meterpreter file upload command
...
Fix #4665
2015-01-29 19:12:31 -06:00
sinn3r
823c75908d
Fix #4672 - Fix Hardcoded false for screenshot -v
...
Fix #4672
2015-01-29 16:54:41 -06:00
William Vu
7c793f9bbf
Land #4663 , greppable msfvenom -l
...
And --payload-options.
2015-01-29 14:27:46 -06:00
sinn3r
4ad4765350
Merge pull request #25 from wvu-r7/pr/4663
...
Change "Options for" line to stderr
2015-01-29 14:00:23 -06:00
Brent Cook
212aeb9106
Improve utility of meterpreter file upload command
...
Rather than assume that the destination argument is a directory, check
first, and then do the same thing that 'cp' would do.
- If dest exists and is a directory, copy to the directory.
- If dest exists and is a file, copy over the file.
- If dest does not exist and is a directory, fail.
- If dest does not exist and is a file, create the file.
2015-01-29 13:45:15 -06:00
William Vu
6fdd2abc8d
Change "Options for" line to stderr
2015-01-29 13:38:29 -06:00
William Vu
6ecb36df52
Land #4653 , get/set/unset description improvement
2015-01-29 13:28:06 -06:00
sinn3r
b1b59dac7c
Almost forgot this one again
2015-01-28 19:43:56 -06:00
sinn3r
f6238f1ffb
Auto-trim descriptions
2015-01-28 19:42:06 -06:00
sinn3r
ae0214517a
Fix #4662 - Change stderr to stdout so people can grep
...
Fix #4662
2015-01-28 18:23:36 -06:00
sinn3r
9d8d17805d
Land #4661 - Replace direct class comparison with kind_of?
2015-01-28 18:06:43 -06:00
James Lee
bb17d75425
Replace direct class comparison with kind_of?
2015-01-28 17:00:15 -06:00
Samuel Huckins
8c55b660fc
Using latest MDM and credential gems
...
* Had to revert changes related to service uniqueness validation
(MSP-11643) due to newly discovered regressions
2015-01-28 16:14:48 -06:00
sinn3r
53af758a03
Land #4660 - Add a check() for mssql_payload
2015-01-28 15:47:33 -06:00
sinn3r
0f88d0ad75
Change print_* to vprint_*
...
According to our wiki doc, all print_* should be vprint_* for check()
2015-01-28 15:44:14 -06:00
sinn3r
cc7be4a9c1
Land #4643 - Fix blank username bug in creds -u
...
Fix #4634
2015-01-28 15:31:54 -06:00
James Lee
51764eb207
Add a check() for mssql_payload
2015-01-28 13:44:16 -06:00
sinn3r
f0742a38e2
The get command too
2015-01-28 12:59:51 -06:00
jvazquez-r7
5475cf50aa
Land #4655 , @wchen-r7's custom 404 for BrowserExploitServer
2015-01-27 23:03:08 -06:00
sinn3r
457598eb02
print_error about unknown request.uri
2015-01-27 20:21:18 -06:00
sinn3r
acf02647fb
Add a check for Custom404
2015-01-27 20:18:10 -06:00
sinn3r
66703bfe5a
Allow custom 404 as an option for BrowserExploitServer
...
When something fails, the target is given a hardcoded 404 message
generated by the framework. But the user (attacker) now can configure
this. When the Custom404 option is set, the mixin will actually
redirect (302) to that URL.
There are several scenarios that can trigger a 404 by BES (custom or
default):
* When the browser doesn't allow javascript
* When the browser directly visits the exploit URL, which is forbidden.
If this actually happens, it probably means the attacker gave the
wrong URL.
* The attacker doesn't allow the browser auto-recovery to retry the
URL.
* If some browser requirements aren't met.
* The browser attempts to go to access a resource not set up by the
mixin.
2015-01-27 18:53:02 -06:00
James Lee
895284cd12
Fix logic around empty usernames or passwords
...
See #4634 and #4642
2015-01-27 14:16:26 -06:00
James Lee
9f4daa4e03
Add a couple more specs
2015-01-27 14:09:00 -06:00
sinn3r
68fec0fee5
Update output for set/unset
2015-01-27 13:58:54 -06:00
jvazquez-r7
465b4a5c1b
Land #4652 , @wchen-r7's ms13-037 svg exploit update to use BES
2015-01-27 13:47:35 -06:00
sinn3r
d29a74cd8f
Fix #4641 - Explain the set/unset command a little bit better
...
Sometimes we forget the set command is context specific. For example,
if run from a module's context, it will set the value in the module's
datastore.
Fix #4641
2015-01-27 13:35:05 -06:00
sinn3r
ffd1257bff
Make sure this branch is up to date.
2015-01-27 12:16:15 -06:00
sinn3r
bb9c961847
Change description a bit
2015-01-27 12:14:55 -06:00
William Vu
b030327965
Land #4647 , get_module_resource NilClass fix
2015-01-27 12:07:08 -06:00
sinn3r
2dedaee9ca
Working version after the upgrade
2015-01-27 12:02:36 -06:00
William Vu
ae22cf1b47
Land #4650 , #strip NilClass fix
2015-01-27 11:13:33 -06:00
William Vu
7d7139d769
Consistent-ize whitespace
2015-01-27 11:11:02 -06:00
Tod Beardsley
d8200c65a8
Strip safely, avoid nil.strip errors
2015-01-27 11:06:55 -06:00
William Vu
5b3d877b25
Land #4648 , for real
2015-01-27 11:00:22 -06:00
William Vu
2b706f222a
Land #4648 , YAML parsing fix
...
Prefer regex. For reasons...
2015-01-27 10:59:05 -06:00
William Vu
a88a631b66
Fix #strip
2015-01-27 10:58:24 -06:00
Tod Beardsley
d2bf1a73ff
Don't need to require YAML anymore either
2015-01-27 10:40:57 -06:00
William Vu
bf39a7a933
Land #4648 , YAML parsing fix
...
Prefer regex. For reasons...
2015-01-27 10:39:03 -06:00
Tod Beardsley
cafbd1af51
Prefer a regex over YAML parsing
...
Fixes a bug introduced in #4645
2015-01-27 10:34:56 -06:00
James Lee
a2c7ebc2b1
Simplify logic
2015-01-27 09:05:11 -06:00
James Lee
5985f37fe8
Only need one origin
2015-01-27 09:02:30 -06:00
James Lee
ca44ae2109
Consistent commas
2015-01-27 08:41:24 -06:00
James Lee
eac7b11a87
Merge remote-tracking branch 'upstream/master' into bug/4634/blank-username
...
Conflicts:
lib/msf/ui/console/command_dispatcher/db.rb
spec/lib/msf/ui/console/command_dispatcher/db_spec.rb
2015-01-27 08:40:07 -06:00
James Lee
aea26e1e21
Add negative spec
2015-01-27 08:14:48 -06:00