809969b49f
Merge branch 'master' into feature/patchable-web-vuln-import
2013-04-02 22:38:54 -05:00
0bb79ba890
Msf::DBManager#import_msf_xml refactor
...
[#46491831 ]
Move Msf::DBManager#import_msf_xml into
Msf::DBManager::ImportMsfXml#import_msf_xml and include
Msf::DBManager::ImportMsfXml to cut down size of the infamous db.rb.
Break up #import_msf_xml to have separate methods for parsing web_forms,
web_pages, and web_vulns. The method for
web_vulns, #import_msf_web_vuln_element is needed so that it can be overridden in
Pro to handle the Pro-only changes to Mdm::WebVuln.
2013-04-01 16:06:40 -05:00
2317e9cced
Fix yard tag warnings
...
[#46491831 ]
2013-03-30 17:13:12 -05:00
7ed2812ec3
Fix Cannot resolve link YARD warnings
...
[#46491831 ]
2013-03-30 16:58:49 -05:00
bc4b87ebd9
Fix Undocumentable method defined on object instance YARD warnings
...
[#46491831 ]
Change code to use format that YARD can document without changing
semantics.
2013-03-30 16:05:12 -05:00
c210260845
Fix Undocumentable method, missing name YARD warning
...
[#46491831 ]
Comments at the start of the file with ## caused YARD to think the
comment was documenting the require call. By removing the ##, the
warning disappeared. I did not determine what is special about ## in
file comments.
2013-03-30 15:32:38 -05:00
463725efec
Merge branch 'bug/winrm_poke' of github.com:dmaloney-r7/metasploit-framework into dmaloney-r7-bug/winrm_poke
2013-03-29 09:30:21 -05:00
79a72a18a9
Merge branch 'exe_only_patch' of git://github.com/agix/metasploit-framework
2013-03-27 18:30:07 -05:00
7bf87f3546
Merge branch 'mipsbe_elf' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-mipsbe_elf
2013-03-27 11:55:09 -05:00
380f5f56ae
Auxiliary::Web::HTTP#_request: print_error => elog
...
[SEERM #7839 ]
Reverted earlier commit.
2013-03-27 16:36:50 +02:00
a87e414274
fix winrm poke method
2013-03-26 13:05:33 -05:00
a644ceb016
Added support for mipsbe elf
2013-03-26 17:20:43 +01:00
4fff624632
added initial support for ELF misple
2013-03-26 01:08:31 +01:00
509ae76dc9
make sure we grab the workspace for store_local
...
store_local calls report note from db.rb directly instead of going
through the report method. this means we might miss the workspace
causing a stack trace
2013-03-22 16:52:38 -05:00
0634cb9892
Need to avoid badchar 0x00
...
0x00 becomes double null, which functions like a terminator
2013-03-22 13:18:32 -05:00
566806487c
Randomize the "div_container" var because it's global
...
It's best to randomize this variable name because it's global.
2013-03-22 13:16:14 -05:00
1ac31a3e12
Merge branch 'bug/web-path-api-update' of github.com:tasos-r7/metasploit-framework into tasos-r7-bug/web-path-api-update
2013-03-22 12:54:23 -05:00
bf85545b4d
Fix egypt's typo
2013-03-20 17:15:14 -05:00
cce74246d8
Merge branch 'master' of github.com:rapid7/metasploit-framework
2013-03-19 15:03:24 -05:00
6618c098c4
Merges 'bug/obsolete-activerecord-patch'
...
Not only does this remove the patch, but adds in specs to cover the test
cases that the patch resolved. Verified all steps and landed #1592 before
landing #1611 , so this is complete.
[Closes #1611 ]
2013-03-19 13:10:42 -05:00
11c38d925b
Auxiliary::Web::Path: Fuzzable API update
...
[FIXRM #7817 ]
Path object was using an outdated fuzzable API which was causing
scan errors.
2013-03-19 18:41:52 +02:00
ad39a5cdc3
Auxiliary::Web::HTTP#_request: elog => print_error
...
[SEERM #7815 ]
Switched form elog to print_error to make reporting bugs easier on users.
2013-03-19 17:18:44 +02:00
1873053a34
Restore win32pe as the default (not _only)
2013-03-18 15:55:01 -05:00
3a183ffa94
Retabbed for consistent whitespace
2013-03-18 15:40:26 -05:00
418a373f6c
Avoid merge conflict over Id SVN tag
2013-03-18 15:39:16 -05:00
afcbaffa2b
Revert "add -R capability like hosts -R"
...
Pulling out the set_rhosts_from_addrs -- that's not required for
grep-like functionality, and adding this method to the global namespace
is undesirable.
This reverts commit 52596ae3b4
2013-03-18 15:28:19 -05:00
91e3f4cca6
Merge 'kernelsmith/msfconsole-grep'
...
Resolved a conflict between grep and go_pro (go_pro was added after
grep). Adds @kernelsmith's grep command. Josh is determined to have
msfconsole be his default shell, it seems.
[Closes #1320 ]
Conflicts:
lib/msf/ui/console/command_dispatcher/core.rb
2013-03-18 14:39:45 -05:00
2075a7b46c
Remove active_record patch
...
[#46141013 ]
Version 3.2.12 of activerecord contains the changes that the original
patch made so the patch is no longer needed.
2013-03-18 11:32:21 -05:00
f46ec73ff0
Fix up usage help for loot cmd
2013-03-14 14:37:15 -05:00
3dca63fee2
Make it clear that you're deleting all loot
...
You don't get to delete just one chunk of loot.
2013-03-14 14:37:15 -05:00
56611230ff
fixed header
2013-03-14 14:37:15 -05:00
0ca0cd5ee1
loot add/remove command for msfconsole
2013-03-14 14:37:15 -05:00
5967991f6f
Auxiliary::Web#log_*: details[:category] => #name
...
Recent category updates to modules caused variations of vulns of the
same type to be ignored leading to a smaller exploitation surface.
Thus, use the #name of the module as the key instead of the category name.
2013-03-12 19:43:47 +02:00
32bf7cf8f4
Merge remote-tracking branch 'tasos-r7/bug/web-fuzzable-path' into rapid7
...
[Closes #1578 ]
2013-03-12 12:31:32 -05:00
c641ca96c1
Auxiliary::Web::Path.from_model: inputs => form.inputs
...
Fixed uninitialized variable error.
2013-03-11 23:08:41 +02:00
d764740779
Convert user/pass tokens to ASCII in db.rb
...
This commit fixes an Encoding::CompatibilityError incompatible
encoding regexp match (ASCII-8BIT regexp with UTF-8 string) when
sanitizing non-printable tokens from a user/pass string.
The UTF-8 strings are derived from strings passed through the
module.execute RPC call.
2013-03-11 15:02:28 -04:00
f0cee29100
modified CommandDispatcher::Exploit to have the change into account
2013-03-11 18:08:46 +01:00
7e15788bb5
Auxiliary::Web: updated form of vuln storage in parent
...
#log_fingerprint and #log_resource now create a key in the
parent's #vulns attribute with the name of the vuln type and
store the details of each such vuln under it.
2013-03-08 22:38:23 +02:00
8b5a83c7f5
Remove the DECODER option
2013-03-08 15:25:16 -05:00
ac6065d8f9
Merge remote-tracking branch 'upstream/master' into bug/web-vuln-logging
2013-03-08 21:50:49 +02:00
3422a7c098
Auxiliary::Web: force vuln proof to_s
2013-03-08 21:50:01 +02:00
aceba9fc8a
Revert "escape ticks and spaces in paths"
...
This reverts commit 4c87b1ba36
2013-03-08 14:37:28 -05:00
db676f1a88
Whitespace at EOL
2013-03-07 18:20:08 -06:00
cf3df4b179
Auxiliary::Web::HTTP: added error output
...
Instead of using elog when an HTTP request callback throws an
exception, use the HTTP class' parent #print_error.
2013-03-07 20:14:38 +02:00
c3b3da4254
Merge remote-tracking branch 'upstream/master' into bug/web-vuln-logging
2013-03-06 23:04:10 +02:00
5dff043e3c
Whitespace
2013-03-06 14:52:32 -06:00
d9a6f5f0ca
Merge remote-tracking branch 'upstream/master' into bug/web-vuln-logging
2013-03-06 18:26:18 +02:00
c497d5ffef
Auxiliary::Web: log methods pass vuln info to parent
2013-03-06 18:25:25 +02:00
09fc52f3d9
Merge pull request #1536 from rapid7/feature/active-record-migrator-migrations-paths
...
Use ActiveRecord::Migrator multiple migrations paths support
2013-03-06 08:20:36 -08:00
24c0da0adb
Merge branch 'rapid7' into doc/cleanup-peparsey
2013-03-05 21:00:26 -06:00
27727df415
Merge branch 'R3dy-psexec-mixin2' into rapid7
2013-03-05 14:36:55 -06:00
a928e5f963
Whitespace
2013-03-05 14:34:56 -06:00
f5c23e4b02
fix typo snaffu
2013-03-05 12:35:21 -06:00
1407886e83
Revert "fix a major typo snaffu"
...
This reverts commit c639de7ccc
2013-03-05 12:34:51 -06:00
c639de7ccc
fix a major typo snaffu
2013-03-05 12:33:37 -06:00
9084e2a3bb
Merge branch 'master' of github.com:rapid7/metasploit-framework into rapid7
2013-03-04 21:10:39 -06:00
ac63965e4d
Merge remote-tracking branch 'gerry/nbe_importing_fix' into rapid7
2013-03-04 20:00:50 -06:00
4e31187f72
Use start.sh to start Pro via go_pro command
...
start.sh (installed with community/pro on apt installs) automatically
starts dependency services (such as postgresql).
2013-03-04 18:35:47 -06:00
370aed5973
Silence status output, it is distracting
2013-03-04 18:27:22 -06:00
fb0237a180
Fix typo
2013-03-04 18:26:59 -06:00
c0689a7d43
Merge branch 'master' of github.com:rapid7/metasploit-framework into rapid7
2013-03-04 12:14:33 -06:00
6dcca7df78
Remove duplicated header issues
...
Headers were getting duped back into client config, causing invalid
requests to be sent out
2013-03-04 11:24:26 -06:00
0ddc6b3afa
Document Msf::DBManager#initialize_metasploit_data_models
2013-03-02 21:16:02 -06:00
c9a162ac33
Correct return type of Msf::DBManager#migrate.
2013-03-02 21:09:45 -06:00
af4b3fa287
Use ActiveRecord::Migrator multiple migrations paths support
...
[#44034071 ]
ActiveRecord::Migrator has a class attribute, migrations_paths,
specificially for storing a list of different directories that have
migrations in them. ActiveRecord::Migrator.migrations_paths is used in
rake db:load_config, which is a dependency of db:migrate, etc. that is
passed to ActiveRecord::Migrator.migrate. Since migrate supports an
array of directories, and not just a single directory, there is no need
to merge all the migrations paths into one temporary directory as was
previously done.
2013-03-02 20:33:48 -06:00
2e4760c486
Merge pull request #1533 from rapid7/feature/migrations-in-metasploit_data_models
...
All steps passing as described.
2013-03-01 12:54:41 -08:00
99a8ec593b
Fixing merge conflicts
2013-03-01 20:21:02 +02:00
4212c36566
Fix up basic auth madness
2013-03-01 11:59:02 -06:00
7b8654a71d
Revert "Merge pull request #1534 from tasos-r7/bugfix/web-vuln-confidence"
...
This reverts commit 3840ddccbce1891f0836
2013-03-01 11:41:06 -06:00
3840ddccbc
Merge pull request #1534 from tasos-r7/bugfix/web-vuln-confidence
...
Auxiliary::Web: fixed confidence calculation in log methods
2013-03-01 09:25:07 -08:00
862b813786
Auxiliary::Web: fixed confidence calc in log methods
2013-03-01 18:33:16 +02:00
239e1934b8
Use migrations from metasploit_data_models
...
[#44034071 ]
metasploit_data_models version 0.5.0 copied the migrations from
metasploit-framework/data/sql/migrate to
metasploit_data_models/db/migrate so that specs could be written the Mdm
models in metasploit_data_models. As part of the specs, :null => false
columns that should be :null => true were discovered, so a new migration
was added, but to metasploit_data_models/db/migrate, so it could be
tested. Instead of replicating migrations back and forth, I'm removing
the migrations completely from metasploit-framework and changing the
default migration path in Msf::DbManager#migration_paths to
MetasploitDataModels.root.join('db', 'migrate').
2013-03-01 09:03:45 -06:00
c290bc565e
Merge branch 'master' into feature/http/authv2
2013-02-28 14:33:44 -06:00
18c0bb0ac8
Updates description again
2013-02-28 11:34:48 -06:00
8cb5da0794
One size rules them all.
2013-02-28 11:21:23 -06:00
722e077029
Update generic target
2013-02-28 11:09:52 -06:00
2c013cada8
Update documentation for default values
2013-02-28 11:05:18 -06:00
86d78939ad
Make objId optional
2013-02-28 11:01:15 -06:00
9f35452d73
Beef up the default values for precise alloc size and consistency
2013-02-28 10:35:40 -06:00
bb02dc43b3
Documentation
2013-02-27 15:34:21 -06:00
312638d6a5
Correct allocation size for IE10
2013-02-27 14:32:39 -06:00
e3f0757304
Improved version thanks to corelanc0d3r
2013-02-27 14:08:57 -06:00
2a7b4ee3d8
Merge branch 'master' into setstringproperty_spray
2013-02-27 11:15:52 -06:00
724b32af17
Fixed the importing of NBE files
2013-02-26 16:55:26 -08:00
38af8ba866
Merge branch 'feature/sqli-exploitation-mssql' of github.com:tasos-r7/metasploit-framework into tasos-r7-feature/sqli-exploitation-mssql
2013-02-26 13:41:32 -06:00
75a36ce171
Merge pull request #1154 from todb/feature/go_pro
2013-02-26 01:09:24 -06:00
08275e8d83
Process.spawn instead of system
...
Per @bturner-r7's comment here:
https://github.com/rapid7/metasploit-framework/pull/1514#discussion_r3129535
2013-02-25 19:49:02 -06:00
8cff88efac
Change from web ui to community / pro
2013-02-25 15:45:55 -06:00
0421cff913
Exploit::Remote::Web#perform_request: timeout set to 10
2013-02-25 19:49:39 +02:00
2141492654
Per @brandont comment, use exit status instead.
2013-02-24 15:24:21 -06:00
9d9d83cf8b
Implement per-target arch/platform searches SeeRM #7754
2013-02-24 11:06:29 -06:00
5e1119e2ed
A little more error handling for browser launches
...
Implement a timeout and deal with the case where xdg-open isn't
avialable for whatever reason.
2013-02-24 10:23:12 -06:00
8010cdbd8b
Shuffled methods around
2013-02-24 09:33:15 -06:00
8caedd4290
Can't apt-get install inside msfconsole
...
At least, you can't and expect the service to connect correctly. You
must exit msfconsole and restart it for the migrations to take place.
2013-02-23 23:41:14 -06:00
a7c0d62106
Cleanup after some testing
2013-02-23 23:33:08 -06:00
d5a074283a
Fill in the details of starting, launching, etc
2013-02-23 22:38:29 -06:00
a3886a1a6b
No smartquotes plz
2013-02-23 17:17:18 -06:00
b80343817c
Skeleton for acutally go_pro'ing
2013-02-23 09:48:18 -06:00
90a1dcffa3
Adds a random banner offering go_pro
2013-02-23 09:36:06 -06:00
2af930f1ff
Adds msfbase_dir, switches on apt existance
2013-02-23 09:19:31 -06:00
0977d1a9b0
help shouldn't go past 80 columns
2013-02-23 08:49:47 -06:00
7509501b18
Adding a go_pro command
2013-02-23 08:46:51 -06:00
aa007b9e0a
Updates
2013-02-22 20:07:16 -06:00
56fa5ead37
Initial version of js_property_spray
2013-02-22 10:21:20 -06:00
c423ad2583
Merge branch 'master' of github.com:rapid7/metasploit-framework into rapid7
2013-02-21 15:30:43 -06:00
ac6fdf24a2
Fix winrm mixin from revert merge
2013-02-19 22:01:43 -06:00
b2563dd6c2
trying to clean up the mess from the revert
2013-02-19 21:25:37 -06:00
3949c851a4
Was, indeed, missing an or pipe
2013-02-19 17:53:48 -06:00
d81f177ab6
Adding Nemski's fix
...
[FixRM #7451 ]
2013-02-19 17:51:51 -06:00
4703278183
Move SMB mixins into their own directory
2013-02-19 12:55:06 -06:00
ede804e6af
Make psexec mixin a bit better
...
* Removes copy-pasted code from psexec_command module and uses the mixin
instead
* Uses the SMB protocol to delete files rather than psexec'ing to call
cmd.exe and del
* Replaces several instances of "rescue StandardError" with better
exception handling so we don't accidentally swallow things like
NoMethodError
* Moves file reading and existence checking into the Exploit::SMB mixin
2013-02-19 12:33:19 -06:00
b72d2b59f8
Add logging in case of exceptions during rm
2013-02-18 18:02:51 -06:00
0938190063
Merge branch 'rapid7' into R3dy-psexec-mixin2
2013-02-17 06:08:09 -06:00
aea76a56de
Add some docs to FtpServer
2013-02-13 14:39:19 -06:00
8ddc19e842
Unmerge #1476 and #1444
...
In that order. #1476 was an attempt to salvage the functionality, but
sinn3r found some more bugs. So, undoing that, and undoing #1444 as
well.
First, do no harm. It's obvious we cannot be making sweeping changes in
libraries like this without a minimum of testing available. #1478 starts
to address that, by the way.
FixRM #7752
2013-02-11 20:49:55 -06:00
b8b445c834
Update lib/msf/core/auxiliary/login.rb
...
Fix for Bug #7451
2013-02-09 15:32:47 +11:00
99218d142b
Merge branch 'rapid7' into R3dy-psexec-mixin2
2013-02-08 12:48:06 -06:00
5b3b0a8b6d
Merge branch 'dmaloney-r7-http/auth_methods' into rapid7
2013-02-08 12:45:35 -06:00
2b3c8a68ad
Merge remote-tracking branch 'tasos-r7/feature/web_http_request_opts_override' into rapid7
2013-02-08 12:45:02 -06:00
d2c7dbe160
Merge remote-tracking branch 'wchen-r7/type_error_dir_scanner' into rapid7
2013-02-08 12:39:08 -06:00
8798567d79
Fix bug: TypeError can't convert Fixnum into String
...
wmap_target_port is retrieved from datastore['RPORT'], and that's a
Fixnum. But wmap_base_url is treating that like a String, so when a
module uses that function, it's doomed.
See:
http://dev.metasploit.com/redmine/issues/7748
2013-02-08 12:05:27 -06:00
071df7241b
Merge branch 'rapid7' into sonicwall_gms
...
Conflicts:
modules/exploits/multi/http/sonicwall_gms_upload.rb
Adds a loop around triggering the WAR payload, which was causing some
unreliability with the Java target.
2013-02-07 21:53:49 -06:00
e535a3e93f
Guard against running broken method on non-windows
...
This just puts a bandaid around the issue and makes it so FileDropper
doesn't completely break java and posix meterpreter sessions.
[SeeRM #7721 ]
2013-02-07 21:10:27 -06:00
16a0ab1933
Fix comment link and some whitespace
2013-02-07 18:37:11 -06:00
13d1045989
Works for java and native linux targets
2013-02-07 16:56:38 -06:00
b3e828359d
Web::HTTP#_request: allow Rex opt level overrides
...
Allow overriding options at the Rex level when performing requests
via the Auxiliary::Web::HTTP wrapper.
2013-02-06 01:02:46 +02:00
877fb017b6
remove negotiate requirements
...
winrm can support basic, and now these modules can too, for free
2013-02-04 16:50:43 -06:00
44d4e298dc
Attempting to cleanup winrm auth
2013-02-04 15:48:31 -06:00
c71b803413
Add invisible auth to web crawler
...
the anemone web crawler now properly supports our invisible auth scheme
for rex http.
2013-02-04 14:38:08 -06:00
413c37e506
Add invisible auth to Web::HTTP
...
add the invisible auth support to tasos' http class
2013-02-04 13:39:40 -06:00
0c57026065
Remove junk added earlier
...
i added junk to tasos' class when we were going to attempt this a
different way. housekeeping to clean it up
2013-02-04 13:13:08 -06:00
8d013d1034
Merge branch 'master' into http/auth_methods
2013-02-04 13:11:57 -06:00
9497e38ef7
Fix http login scanner
...
Fix the http_login scanner to use new buitin auth
2013-02-04 12:31:19 -06:00
7faaa635d3
Fixed exception handling to use smb::proto
2013-02-03 18:46:41 -06:00
797e2604a0
Fix missing require in reverse_tcp_ssl
2013-02-03 17:41:45 -06:00
ffb88baf4a
initial module import from SV rev_ssl branch
2013-02-03 15:06:24 -05:00
c3801ad083
This adds an openssl CMD payload and handler
2013-02-03 04:44:25 -06:00
61969d575b
remove mixin require, more datastore clenaup
2013-02-01 15:12:11 -06:00
efe0947286
Start fixing datastore options
2013-02-01 15:12:11 -06:00
ef1fc58e5e
Remove mixin, start moving into Rex
...
move auth awareness into rex itself
2013-02-01 15:12:11 -06:00
c407fa9e74
add mixjn
2013-02-01 15:12:11 -06:00
5814c59620
move httpauth to mixin
...
HttpAuth stuff gets it's own little mixin
mix it in to Exploit::Http::Client
mix in it to Auxiliary::Web::HTTP
2013-02-01 15:12:10 -06:00
8e870f3654
merge in sinn3r's changes
2013-02-01 15:12:10 -06:00
95cc84f5e8
Updates normalize_uri()
...
This function should not remove the trailing slash, because you may
end up getting a different HTTP response. The new function also
allows multiple URIs as argument, and will just merge & normalize
them together. [SeeRM #7733 ]
2013-01-30 15:42:21 -06:00
6002e35460
Merge pull request #1397 from wchen-r7/target_uri_fix
...
normalize_uri fixes (double slashes and trailing slash)
2013-01-29 11:26:30 -08:00
c42d4a6617
Merge for CVE-2013-0156 RoR Exploit
...
Also massages the RUBY payload.
2013-01-28 23:06:05 -06:00
92c736a6a9
Move fork stuff out of exploit into payload mixin
...
Tested xml against 3.2.10 and json against 3.0.19
2013-01-28 21:34:39 -06:00
9a58b7b732
Fix normalize_uri() function
...
This will make sure all the double slashes are gone. Also, the
function description is updated to clarify its purpose.
2013-01-28 12:10:21 -06:00
3fc9b5d636
Doc cleanup
2013-01-28 00:01:45 -06:00
2965fa480e
Some errant spaces
2013-01-25 05:41:28 -06:00
Luke Imhoff
sinn3r
scriptjunkie
Tasos Laskos
David Maloney
jvazquez-r7
Tod Beardsley
Joshua Abraham
James Lee
Raphael Mudge
Spencer McIntyre
Samuel Huckins
Brandon Turner
Gerry Eisenhaur
HD Moore
nemski
Royce Davis
RageLtMan
Tod Beardsley