Commit Graph

5274 Commits (869aec5e3e2fc3f93f1afd4e8531de0ea1449780)

Author SHA1 Message Date
root d0f49c1213 Finished! Importing wapiti now adds Mdm::WebVulns to the db.
However, I see no way to actually seeing the webvulns in framework
after importing the report.
2012-05-13 13:58:25 -07:00
Brandon Perry b0b72b05d5 Adding the beginning of the wapiti report import nokogiri document 2012-05-13 13:02:48 -05:00
Tod Beardsley 36c805c5ff Move the context setting to the module
Apparently you can't hit the framework object before running the module
any more. Bummer.

[Fixes #6843]
2012-05-10 21:21:32 -05:00
sinn3r 4f2226e3b9 Make sure vim_index_array is actually an array before doing the delete_if. Bug #6809 2012-05-04 11:26:03 -05:00
HD Moore bbca2c4649 Remove reference to missing dispatch_ninja 2012-05-01 10:31:18 -05:00
HD Moore a9dd2f49d7 Bump versions to 4.4.0-dev 2012-05-01 00:43:06 -05:00
HD Moore 0367b7b3f2 Fix a mangled merge that prevent imported vulns from being registered in some cases 2012-05-01 00:35:01 -05:00
David Maloney 82b8042d2d Fix an error condition with the afp server info module
Better exception handling is probably needed for the entire thing
2012-04-30 18:29:44 -05:00
sinn3r cc76438a75 Merge branch 'jlee-r7-http-print-standardization' 2012-04-25 15:38:46 -05:00
HD Moore a261adaaea Fix broken comparison 2012-04-23 23:06:52 -05:00
HD Moore 5282f9fd0a Update MDM 2012-04-23 22:21:13 -05:00
HD Moore 0e4593ce5b Purge the NoteSerializer and switch to Base64, have Base64 use the old format as well 2012-04-23 22:20:41 -05:00
HD Moore 0a0f5459b4 Version bump 2012-04-23 22:01:42 -05:00
HD Moore 3d24af8fd6 Add the fixed nokogiri gems (corrected rpath) 2012-04-23 19:00:10 -05:00
David Maloney 680e92968a Fixes some msyql issues by forcing read/write timepouts on the
connection object
Fixes #6297
2012-04-23 18:44:14 -05:00
HD Moore 206018c8a3 Patched with a small tweak to avoid a raise 2012-04-23 14:58:25 -05:00
HD Moore a0815223e8 Patch this with a newer/manually built extension 2012-04-23 13:41:56 -05:00
HD Moore efc589c1e2 Fix up Net::HTTP usage so that it works with newer ruby as well 2012-04-23 03:53:50 -05:00
HD Moore a1f9d2c27a Bump up the wait_timeout (works with the recent AR patch) and fix a typo in the http_version commit 2012-04-23 02:44:56 -05:00
HD Moore a6787106a5 This ports two active_record patches over that deal with database thread pooling 2012-04-23 02:37:47 -05:00
HD Moore 5302c83db9 Remove extranenous .so files (ext not lib) 2012-04-22 21:30:05 -05:00
James Lee 6cb0fe9fbf Use the framework thread spawner instead of Rex
Not sure why this was Rex before, changed for consistency and to avail
of the ActiveRecord connection release code recently added to the
framework version.
2012-04-20 01:13:12 -06:00
James Lee 6d0e4fba5e Go ahead and wrap the db commands as well.
Most of this probably isn't necessary, but better safe than sorry.
2012-04-19 23:53:00 -06:00
James Lee 29e01760f0 Wrap more database usage in with_connection block 2012-04-19 23:51:20 -06:00
James Lee d79f8b0492 Add with_connection wrappers to the database rpc calls
Certainly not all of these methods require a connection, but it is
better to check one out when we don't need it than to risk grabbing an
implicit connection that will never be handed back to the pool.
2012-04-19 22:58:24 -06:00
David Maloney 5db3e5aa34 Fixes some issues with the nexpose integration library
Should now work for all cases
2012-04-19 23:04:14 -05:00
James Lee 06b3ed2e13 Add with_connection wrappers to the methods I missed 2012-04-19 15:45:23 -06:00
James Lee 876c59b192 Make use of the new ActiveRecord 3.x concurrency contract
All Database usage must go through framework.db (which should have been
the case before, anyways) or explicitly checkout and checkin a
connection.  Failure to do so causes thread starvation and bizarre
random failures when attempting to use the database.

This commit also explicitly releases database connections at the end of
all threads created via framework.threads.spawn, which should alleviate
Deprecation Warning messages from ActiveRecord.

[Fixes #6613]
2012-04-19 14:21:21 -06:00
Tod Beardsley 8edf3fc8bd Service info shouldn't be blanked if it exists.
Check service.info at the end of reporting a service instead of the
beginning. This will preserve an existing service info in the event
we're re-reporting a service.

[See #6701]
2012-04-19 09:47:41 -05:00
James Lee 1f577b24b2 Merge branch 'rapid7' into http-print-standardization 2012-04-18 08:51:42 -06:00
James Lee f9b2fe89b2 Merge branch 'rapid7' into http-print-standardization
Conflicts:
	modules/exploits/windows/browser/apple_quicktime_marshaled_punk.rb
	modules/exploits/windows/browser/apple_quicktime_rtsp.rb
	modules/exploits/windows/browser/apple_quicktime_smil_debug.rb
2012-04-17 19:15:06 -06:00
James Lee 741de34d92 Add a :method property for autopwn_info
Replaces the previous overloading of :vuln_test
2012-04-17 18:32:11 -06:00
James Lee eedf4520be Merge branch 'rapid7' into bap-refactor 2012-04-17 16:20:11 -06:00
James Lee c83f2460c5 Use framework's db wrapper instead of Mdm directly 2012-04-17 16:12:25 -06:00
Tod Beardsley 2aba65f82d Fixes importing metasploit.xml exports with tags.
New Rails3 magic now actually exercised.
2012-04-17 01:06:40 -05:00
James Lee c3a86eef66 Declare warn_about_rubies as a class method
Since that's how it's being called.  Also, define it before calling it.
2012-04-16 23:25:04 -06:00
James Lee 3116f66d4d MDM update
[Fixes #6649]
2012-04-16 23:22:57 -06:00
James Lee cdd130d7ad Fix an overzealous refactoring change
::Mdm::Export doesn't exist, Export is a utility class under
::Msf::DBManager.

[Fixes #6647]
2012-04-16 21:53:05 -06:00
HD Moore 12102b9adc Close any open connections if the thread happens to have one when it finishes.
Partial bandaid for new AR pool mgmt methods
2012-04-16 21:50:26 -05:00
Tod Beardsley 362e80dc41 Warn about incompatible Rubies.
Also encourage users to use RVM to upgrade, because RVM is the
awesomest.
2012-04-16 21:13:31 -05:00
Tod Beardsley 27ed06f8e0 Use an exponential function for session grabbing
Ensures that the retries have a backoff time, not just 10 half second
pauses. Makes for a more forgiving environment for post modules.

[See #6638]
2012-04-16 20:56:55 -05:00
James Lee bea5d04871 Whitespace and rdoc cleanup 2012-04-16 19:34:21 -06:00
HD Moore e0dcf85a0e Cleanup overall, fix issue with ambiguous id column in order clause 2012-04-16 17:41:39 -05:00
James Lee 4181fd9709 Add support for EXE::Custom in EncodedPayload#encoded_exe
Fixes an issue with java_signed_applet (and probably others) not
honoring EXE::Custom settings.
2012-04-16 12:09:25 -06:00
James Lee 57ecc29b31 Add a rand_guid method for generating GUIDs 2012-04-16 12:09:25 -06:00
Tod Beardsley ef762c5d57 Delete files locally, not over RPC.
In the event we're just msfconsole.
2012-04-16 11:39:59 -05:00
Tod Beardsley 4b943c8769 RPC calls in the models should be wrapped
Sometimes we're not talking RPC, and the model shouldn't stack trace in
those cases.
2012-04-16 11:03:23 -05:00
Tod Beardsley 4bcbdc54c9 Cutting over rails3 to master.
This switches the Metasploit Framework to a Rails 3 backend. If you run
into new problems (especially around Active Record or your postgresql
gem) you should try first updating your Ruby installation to 1.9.3 and
use a more recent 'pg' gem.

If that fails, we'd love to see your bug report (just drop all the
detail you can into an issue on GitHub). In the meantime, you can
checkout the rails2 branch, which was branched from master immediately
before this cutover.

Squashed commit of the following:

commit 5802ec851580341c6717dfea529027c12678d35f
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 23:30:12 2012 -0500

    Enable MSF_BUNDLE_GEMS mode by default (set to N/F/0 to disable)

commit 8102f98dce9eb0c73c4374e40dce09af7b51d060
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 23:30:03 2012 -0500

    Add a method to expand win32 file paths

commit bda6479d154cf75572dd5de8b66bfde661a55de9
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 18:53:44 2012 -0500

    Fix 1.8.x compatibility

commit 101ce4eb17bfdf755ef8c0a5198174668b6cd6fd
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 18:40:59 2012 -0500

    Use verbose instead of stringio

commit 5db467ffb593488285576d183b1662093e454b3e
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 18:30:06 2012 -0500

    Hide the iconv warning, were stuck with it due to EBCDIC support

commit 63b9cb20eb6a61daf4effb4c8d2761c16ff0c4e0
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 18:29:58 2012 -0500

    Dont use GEM_HOME by default

commit ca49271c22c314a4465fff934334df18c704cbc0
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 18:23:34 2012 -0500

    Move Gemfile to root (there be dragons, lets find them) and catch failed bundler loads

commit 34af04076a068e9f60c5526045ddbba5fca359fd
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 18:18:29 2012 -0500

    Fallback to bundler when not running inside of a installer env

commit ed1066a4f3f12fae7d4afc03eb1ab70ffe2f9cf3
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 16:26:55 2012 -0500

    Remove a mess of gems that were not actually required

commit 21290a73926809e9049a59359449168f740d13d2
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 15:59:10 2012 -0500

    Hack around a gem() call that is well-intentioned but an obstacle in this case

commit 8e414a8bfab9641c81088d22f73033be5b37a700
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Apr 15 15:06:08 2012 -0500

    Ruby, come on. Ducktype this. Please.

    Use interpolated strings to get the to_s behavior you don't get with
    just plussing.

commit 0fa92c58750f8f84edbecfaab72cd2da5062743f
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 15:05:42 2012 -0500

    Add new eventmachine/thin gems

commit 819d5e7d45e0a16741d3852df3ed110b4d7abc44
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 15:01:18 2012 -0500

    Purge (reimport in a second)

commit ea6f3f6c434537ca15b6c6674e31081e27ce7f86
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 14:54:42 2012 -0500

    Cleanup uncessary .so files (ext vs lib)

commit d219330a3cc563e9da9f01fade016c9ed8cda21c
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 14:53:02 2012 -0500

    PG gems built against the older installation environment

commit d6e590cfa331ae7b25313ff1471c6148a6b36f3b
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 14:06:35 2012 -0500

    Rename to include the version

commit a893de222b97ce1222a55324f1811b0262aae2d0
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 13:56:47 2012 -0500

    Detect older installation environments and load the arch-lib directories into the search path

commit 6444bba0a421921e2ebe2df2323277a586f9736f
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 13:49:25 2012 -0500

    Merge in windows gems

commit 95efbcfde220917bc7ee08e6083d7b383240d185
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Apr 15 13:49:33 2012 -0500

    Report_vuln shouldn't use :include in finder

    find_or_create_by doesn't take :include as a param.

commit c5f99eb87f0874ef7d32fa42828841c9a714b787
Author: David Maloney <DMaloney@rapid7.com>
Date:   Sun Apr 15 12:44:09 2012 -0500

    One more msised Mdm namespace issue

commit 2184e2bbc3dd9b0993e8f21d2811a65a0c694d68
Author: David Maloney <DMaloney@rapid7.com>
Date:   Sun Apr 15 12:33:41 2012 -0500

    Fixes some mroe Mdm namespace confusion
    Fixes #6626

commit 10cee17f391f398bb2be3409137ff7348c7a66ee
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 03:40:44 2012 -0500

    Add robots gem (required by webscan)

commit 327e674c83850101364c9cca8f8d16da1de3dfb5
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 03:39:05 2012 -0500

    Fix missing error checks

commit a5a24641866e47e611d7636a3f19ba3b3ed10ac5
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 01:15:37 2012 -0500

    Reorder requires and add a method for injecting a new migration path

commit 250a5fa5ae8cb05807af022aa4168907772c15f8
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 00:56:09 2012 -0500

    Remove missing constant (use string) and add gemcache cleaner

commit 37ad6063fce0a41dddedb857fa49aa2c4834a508
Merge: d47ee82 4be0361
Author: Tod Beardsley <todb@metasploit.com>
Date:   Sun Apr 15 00:40:16 2012 -0500

    Merge branch 'master-clone' into rails3-clone

commit d47ee82ad7e66de53dd3d3a65649cc37299a2479
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 00:30:03 2012 -0500

    cleanup leftovers from gems

commit 6d883b5aa8a3a7ddbcde5bfd4521d57c5b30d3c2
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sun Apr 15 00:25:47 2012 -0500

    MDM update with purged DBSave module

commit 71e4f2d81f6da221b76150562a16c730888f5925
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 23:19:37 2012 -0500

    Add new mdm

commit 651cd5adac8211d65e0c8079371d8264e549533a
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 23:19:13 2012 -0500

    Update mdm

commit 0191a8bd0acec30ddb2a9e9c291111a12378537f
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 22:30:40 2012 -0500

    This fixes numerous cases of missed Mdm:: prefixes on db objects

commit a2a9bb3f2148622c135663dead80b3367b6f7695
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 18:30:18 2012 -0500

    Add eventmachine

commit 301ddeb12b906ed3c508613ca894347bedc3b499
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 18:18:12 2012 -0500

    A nicer error for folks who need to upgrade pg

commit fa6bde1e67b12e2d3d9978f59bbc98e0c1a1a707
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 17:54:55 2012 -0500

    Remove bundler requirements

commit 2e3ab9ed211303f1116e602b9a450141b71e56a4
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 17:35:38 2012 -0500

    Pull in eventmachine with actual .so's this time

commit 901fb33ff6b754ce2c2cfd51e3b0b669f6ec600b
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 17:19:12 2012 -0500

    Update deps, still need to add eventmachine

commit 6b0e17068e8caa0601f3ef81e8dbdb672758fcbe
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 13:07:06 2012 -0500

    Handle older installer environments and only allow binary gems when the
    environment specifically asks for it

commit b98eb7873a6342834840424699caa414a5cb172a
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 04:05:13 2012 -0500

    Bump version to -testing

commit 6ac508c4ba3fdc278aaf8cfe2c58d01de3395431
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 02:25:09 2012 -0500

    Remove msf3 subdir

commit a27dac5067635a95b4cbb773df1985f2a2dc2c5a
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 02:24:39 2012 -0500

    Remove the old busted external

commit 5fb5a0fc642b6c301934c319db854cc3145427a1
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 02:03:10 2012 -0500

    Add the gemcache loader

commit 09e2d89dfd09b9ac0c123fcc4e19816c86725627
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Apr 14 02:02:23 2012 -0500

    Purge gemfile/bundler configure in exchange for new gemcache setup

commit 3cc0264e1cfb027b515d7f24b95a74b023bd905c
Author: Tod Beardsley <todb@metasploit.com>
Date:   Thu Apr 12 14:11:45 2012 -0500

    Mode change on modicon_ladder.apx

commit c18b3d56efd639e461137acdc76b4b283fe978d4
Author: HD Moore <hd_moore@rapid7.com>
Date:   Thu Apr 12 01:38:56 2012 -0500

    The go faster button

commit ca2a67d51d6d4c7c3ca2e745f8b018279aef668a
Merge: 674ee09 b8129f9
Author: Tod Beardsley <todb@metasploit.com>
Date:   Mon Apr 9 15:50:33 2012 -0500

    Merge branch 'master-clone' into rails3-clone

    Picking up Packetfu upstream changes, all pretty minor

commit 674ee097ab8a6bc9608bf377479ccd0b87e7302b
Merge: e9513e5 a26e844
Author: Tod Beardsley <todb@metasploit.com>
Date:   Mon Apr 9 13:57:26 2012 -0500

    Merge branch 'master-clone' into rails3-clone

    Conflicts:
    	lib/msf/core/handler/reverse_http.rb
    	lib/msf/core/handler/reverse_https.rb
    	modules/auxiliary/scanner/discovery/udp_probe.rb
    	modules/auxiliary/scanner/discovery/udp_sweep.rb

    Resolved conflicts with the reverse_http handlers and the udp probe /
    scanners byt favoring the more recent changes (which happened to be the
    intent anyway). The reverse_http and reverse_https changes were mine so
    I know what the intent was, and @dmaloney-r7 changed udp_probe and
    udp_sweep to use pcAnywhere_stat instead of merely pcAnywhere, so the
    intent is clear there as well.

commit e9513e54f984fdb100c13b44a1724246779ccb76
Author: David Maloney <dmaloney@melodie.gateway.2wire.net>
Date:   Fri Apr 6 18:21:46 2012 -0500

    Some fixes to how services get reported to prevent issues with the web interface

commit adeb44e9aaf1a329a0e587d2b26e678398730422
Author: David Maloney <David_Maloney@rapid7.com>
Date:   Mon Apr 2 15:39:46 2012 -0500

    Some corrections to pcAnywhere discovery modules to distinguish between the two services

commit b13900176484fea8f5217a2ef925ae2ad9b7af47
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Mar 31 12:03:21 2012 -0500

    Enable additional migration-path parameters, use a temporary directory to bring the database online

commit 526b4c56883f461417f71269404faef38639917c
Author: David Maloney <David_Maloney@rapid7.com>
Date:   Wed Mar 28 23:24:56 2012 -0500

    A bunch of Mdsm fixes for .kind_of? calls, to make sure we ponit to the right place

commit 2cf3143370af808637d164ce59400605300f922c
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Mar 26 16:22:09 2012 -0500

    Check for ruby 2.0 as well as 1.9 for encoding override

commit 4d0f51b76d89f00f7acbce6b1f00dc6e4c4545ee
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Mar 26 15:36:04 2012 -0500

    Remove debug statement

commit f5d2335e7745aa1a354f4d6c8fc9d0b3876c472a
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Mar 26 15:01:55 2012 -0500

    Be explicit about the Mdm namespace

commit bc8be225606d6ea38dd2a85ab4310c1c181a94ee
Author: hdm <hdm@hypo.(none)>
Date:   Mon Mar 26 11:49:51 2012 -0500

    Precalculate some uri strings in case the 1000-round generation fails

commit 4254f419723349ffb93e4aebdaeabbd7d66bf8c0
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Sat Mar 24 14:03:44 2012 -0500

    Removed some non-namespaced calls to Host

commit c8190e1bb8ad365fb0d7a1c4a9173e6c739be85c
Author: HD Moore <hd_moore@rapid7.com>
Date:   Tue Mar 20 00:37:00 2012 -0500

    Purge the rvmrc, this is causing major headaches

commit 76df18588917b7150a3bedf2569710a80bab51f8
Author: HD Moore <hd_moore@rapid7.com>
Date:   Tue Mar 20 00:31:52 2012 -0500

    Switch .rvmrc to the shipping 1.9.3 version

commit 7124971d0032b268f4ddf89aca125f15e284f345
Author: David Maloney <David_Maloney@rapid7.com>
Date:   Mon Mar 12 16:56:40 2012 -0500

    Adds mixin for looking up Mime Types by extension

commit b7ca8353164c43db6bacb2f3f16afa1269f66e43
Merge: a0b0c75 6b9a219
Author: Matt Buck <techpeace@gmail.com>
Date:   Tue Mar 6 19:38:53 2012 -0600

    Merge from develop.

commit a0b0c7528d2b8fabb76b2246a15004bc89239cf0
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Tue Mar 6 11:08:59 2012 -0600

    Somehow migration file is new?

commit 84d2b3cb1ad6290413c3ea3222ddf9932270b105
Author: David Maloney <David_Maloney@rapid7.com>
Date:   Wed Feb 29 16:38:55 2012 -0600

    Added ability to specify headers to redirects in http server

commit e50d27cda83872c616722adb03dc1a6a5e685405
Author: HD Moore <hd_moore@rapid7.com>
Date:   Sat Feb 4 04:44:50 2012 -0600

    Tweak the event dispatcher to enable customer events without a category
    and trigger http request events from the main exploit mixin.
    Experimental

commit 0e4fd2040df49df2e6cb0e8d2c6240a03d108033
Author: Matt Buck <Matthew_Buck@rapid7.com>
Date:   Thu Feb 2 22:09:05 2012 -0600

    Change Msm -> Mdm in migrations. This is what was preventing migrations from finishing on first boot.

commit c94a2961d04eee84adfd42bb01ed7a3e3846b83a
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Wed Feb 1 12:48:48 2012 -0600

    Changed Gemfile to use new gem name

commit 245c2063f06b4fddbfc607d243796669ef236136
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Wed Feb 1 12:47:42 2012 -0600

    Did find/replace for final namespace of Mdm

commit 6ed9bf8430b555dcbe62daeddb2f33bd400ab5bc
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Tue Jan 24 10:47:44 2012 -0600

    Fix a bunch of namespace issues

commit 2fe08d9e4226c27e78d07a00178c58f528cbc72e
Author: Matt Buck <Matthew_Buck@rapid7.com>
Date:   Fri Jan 20 14:37:37 2012 -0600

    Update Msm contstants in migrations for initial DB builds.

commit 4cc6b8fb0440c6258bf70de77a9153468fea4ea5
Author: Matt Buck <Matthew_Buck@rapid7.com>
Date:   Fri Jan 20 14:37:25 2012 -0600

    Update Gemfile.lock.

commit 1cc655b678f0a054a9a783da119237fe3f67faa4
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Thu Jan 19 11:48:29 2012 -0600

    Errant Workspaces needed namespace

commit 607a78285582c530a68985add33ccf4d899c467a
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Tue Jan 17 15:44:02 2012 -0600

    Refactored all models to use the new namespace

    * Every model using DBManager::* namespace is now Msm namespace
    * Almost all of this in msf/base/core
    * Some in modules

commit a690cd959b3560fa2284975ca7ecca10c228fb05
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Tue Jan 17 13:41:44 2012 -0600

    Move bundler setup

commit dae115cc8f7619ca7a827123079cb67fb4d9354b
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Mon Jan 9 15:51:07 2012 -0600

    Moved ActiveSupport dep to gem

commit d32f8edb6e7f82079b775ffbc2b9a405d1f32b3b
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Mon Jan 9 14:40:05 2012 -0600

    Removed model require file

commit d0c74cff8c44771e566ec63b03eda10d03b25c42
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Tue Jan 3 16:06:10 2012 -0600

    Update some more finds

commit 4eb79ea6b58b74c309ab1f1bb0bd35fe9041de46
Author: Trevor Rosen <Trevor_Rosen@rapid7.com>
Date:   Tue Jan 3 14:21:15 2012 -0600

    Yet another dumb commit

commit a75febcb593d52fdfe930306b4275829759d81d1
Author: Trevor Rosen <trevor@catapult-creative.com>
Date:   Thu Dec 29 19:20:51 2011 -0600

    Fixing deletion

commit dc139ff2fdfc4e7cdee3901dfb863e70913d6b92
Author: Trevor Rosen <trevor@catapult-creative.com>
Date:   Wed Dec 7 17:06:45 2011 -0600

    Fixed erroneous commit

commit 531c1e611cf4d23aeb9c48350dabf7630d662d25
Author: Trevor Rosen <trevor@catapult-creative.com>
Date:   Mon Nov 21 16:11:35 2011 -0600

    Remove AR patch stuff; attempting to debug non-connection between MSF and Pro

commit 458611224189c7aa27e500aabd373d85dc2dc5c0
Author: Trevor Rosen <trevor@catapult-creative.com>
Date:   Fri Nov 18 16:17:27 2011 -0600

    Drop ActiveRecord/ActiveSupport in preparation for upgrade
2012-04-15 23:35:38 -05:00
HD Moore 91e8c713f2 The go faster button 2012-04-12 01:39:18 -05:00
James Lee 8ee0a5533c Fix a NoMethodError on nil when cat'ing a file in meterpreter
Thanks, mihi for the report.
2012-04-11 11:46:52 -06:00
James Lee 627ae308b3 Couple of small rdoc cleanups 2012-04-11 11:45:48 -06:00
James Lee a86bdf883e Add defaults to the print_* method arguments
Fixes breakage with modules that use print_line() or similar.

This commit also includes some RDoc additions and markup fixes
2012-04-11 00:14:03 -06:00
James Lee 3ad3caf450 Save the connecting client in thread-local storage
Allows print_* overrides to show it when it's available.
2012-04-10 23:21:55 -06:00
James Lee 28534d5f6e Merge branch 'rapid7' into bap-refactor 2012-04-10 12:42:27 -06:00
James Lee e7809b1b3b Remove print_status line from db.rb
Not defined in that context, causes stack traces on db_import
2012-04-10 11:07:23 -06:00
Tod Beardsley 366cb2ff08 Merge branch 'egypt-packetwise'
Added in the upstream PacketFu changes and this all looks good for the
importer. Thanks!
2012-04-09 15:59:33 -05:00
Tod Beardsley b8129f9463 Updating PacketFu to match upstream 2012-04-09 15:47:21 -05:00
sinn3r 71d2ef71f8 Don't want to print vuln.info if it's nil 2012-04-09 15:38:02 -05:00
sinn3r ab5a4beb99 Merge branch 'andurin-5837' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-andurin-5837 2012-04-09 15:18:55 -05:00
James Lee c19a4d7a23 Put final detection results on window.os_detect object
Makes it easier to grab results from within a module without having to
run the detection again.  I thought I had committed something like this
before, I wonder what other code I've lost...
2012-04-09 14:08:35 -06:00
sinn3r bef12478fc Merge branch 'bap-refactor' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-bap-refactor 2012-04-09 09:58:22 -05:00
James Lee b58a87b7a8 Skip ::1 as well as 127.0.0.1 for session_host
Thanks rsmudge for pointing this out.

[Fixes #6599]
2012-04-08 14:58:39 -06:00
James Lee 9ae9509cfe More fingerprints from browsershots 2012-04-08 11:12:32 -06:00
sinn3r c6162bbe08 I've changed my mind. Default to "/" anyway even if it's nil. 2012-04-07 19:47:28 -05:00
sinn3r cfb34739f9 Actually, let's default to "/" only if the TARGETURI option is empty. If it's nil, we prefer to throw the exception at the user. 2012-04-07 19:44:34 -05:00
sinn3r 9a229dfcff Make target_uri default to "/" in case the TARGETURI option is nil or empty 2012-04-07 19:43:19 -05:00
James Lee bac6bcd6f1 More fingerprints from browsershots 2012-04-06 18:41:14 -06:00
James Lee 31e3eb7d91 Merge branch 'rapid7' into bap-refactor 2012-04-06 18:12:49 -06:00
James Lee bb4e37b7aa Add a few fingerprints. Thanks browsershots.org! 2012-04-06 18:09:19 -06:00
andurin 274404716f Show vuln.info on db_vuln command
IssueID #5837
2012-04-06 14:47:36 +02:00
HD Moore 0f7b08781f Fix regular expression match number 2012-04-05 12:55:54 -05:00
James Lee 585245501a Print an error when trying to open a dir as a file
Prevents unnecessary stack traces
2012-04-05 11:49:03 -06:00
James Lee 2c992c976d Cut session info at 80 columns
Prevents a long "id" line from destroying the layout
2012-04-05 11:07:42 -06:00
sinn3r 8628991b1d Merge pull request #305 from jlee-r7/bap-refactor
Bap refactor
2012-04-05 08:02:43 -07:00
James Lee 778fed9a19 Put things in the right namespace 2012-04-05 01:22:27 -06:00
James Lee 0ddfa79a34 Move javascriptosdetect out to its own file
Allows editors to easily highlight correctly which makes editing a
little nicer. Also makes it easier to debug because line numbers are
only off by the length of the custom_js argument.
2012-04-04 17:07:17 -06:00
sinn3r 57c22a50fa Merge pull request #296 from allfro/patch-1
rpc_loots method uses the wrong iteration variable ('n' instead of 'l')
2012-04-04 13:58:18 -07:00
James Lee 32654b3578 Whitespace at EOL 2012-04-04 09:41:50 -06:00
James Lee e901f9cc50 Add a couple of fingerprints and sort some
This is in terrible need of some more crowd-sourced fingerprint
gathering.
2012-04-03 18:18:32 -06:00
allfro bed6e06e0a Error in tag. Should be :updated_at instead of :modified_at. 2012-04-03 14:52:45 -03:00
James Lee 32b1e22d25 Revert "Update packetfu to 1.1.4"
This reverts commit 24e6131ad7.
2012-04-03 10:28:22 -06:00
James Lee 04858220f2 Don't read in the whole pcap file when importing
Still not amazingly fast (about 500 packets per second in my tests), but
now it won't eat all your ram and start crashing things when given a
large file. Requires an upgrade to PacketFu containing pull request 5.
2012-04-03 10:22:36 -06:00
allfro 60fa58c9cf rpc_loots method uses the wrong iteration variable ('n' instead of 'l') for service.port and service:
n.service.port should be l.service.port
n.service should be l.service
2012-04-03 13:10:10 -03:00
Brandon Perry 4a3d2a18de hard tabs 2012-04-02 21:42:51 -05:00
Brandon Perry a4d9e59934 silly registry typos 2012-04-02 21:33:01 -05:00
Jonathan Cran 9dbd5e87fd move the lab code to a gem, and make sure the plugin warns users to install the gem 2012-04-02 16:00:43 -05:00
James Lee 24e6131ad7 Update packetfu to 1.1.4 2012-04-01 20:00:17 -06:00
HD Moore afe3168a36 Enable additional migration-path parameters, use a temporary directory to bring the database online
Conflicts:

	lib/msf/core/db_manager.rb
2012-03-31 12:05:54 -05:00
James Lee 62a54e0ad6 Account for stagers that use Assembly
Since staged payloads end up with an array of architectures, this was
failing to find a cpu and causing uncaught exceptions that crashed
msfconsole at startup. This only occurred when a stager contained an
Assembly directive. None of the default paylaods do this, so users
should generally not have been affected.
2012-03-30 17:57:56 -06:00
James Lee 11a1ae3a8d Typo in a comment 2012-03-30 16:30:13 -06:00
Tod Beardsley bd4819e8f2 Merge pull request #238 from mak/linux-x64-find-port
linux/x64/shell_find_port payload
2012-03-29 05:54:54 -07:00
Michael Schierl 016ba1613d fix generating war files for Java payloads from within msfconsole
This fixes this use case:
use payload/java/meterpreter/reverse_tcp
generate -t war -f filename.war
2012-03-28 14:02:46 -06:00
James Lee e522b40465 Make sure session.target_host gets resolved
Not sure why this isn't already resolved when we read it out of the
datastore.  May have something to do with the recent options madness.

[Fixes #6567]
2012-03-28 13:44:23 -06:00
Tod Beardsley b1683c94ef Merge pull request #281 from jlee-r7/module-tests
Module tests
2012-03-27 10:23:20 -07:00
James Lee 812457fed0 Rename enum_user_dirs 2012-03-27 10:52:16 -06:00
Tod Beardsley a0f0aadad3 Fixing checksum uri generator again.
This time, it's ensured that generate_uri_checksum(sum) will succeed,
provided the sum is an even number between 80 and 100 (tested)

It's still not great for arbitrary checksum targets, but that's because
there are lots of strings that cannot satisfy the requirement. I kind of
think this is the fault of Rex.
2012-03-27 08:34:52 -05:00
HD Moore ad92eff66c Correct an issue where launched exploits only used saved configurations 2012-03-26 22:43:33 -05:00
Tod Beardsley eb9b92268e Merge pull request #257 from ChrisJohnRiley/base32
Added a Rex library for encoding to/from Base32, based on Samuel Tesla's free Ruby implementation.
2012-03-26 17:34:19 -07:00
James Lee 98882621c0 Allow empty values for OptRegexp options 2012-03-26 17:06:43 -06:00
James Lee 84197a8903 Return a proper value instead of a silly print 2012-03-26 15:40:43 -06:00
Tod Beardsley 5cacf5f8f6 A still cleaner checksummed URI generator
Now with http and https support.
2012-03-26 12:34:30 -05:00
Tod Beardsley 899c6529c3 Revert "Precalculate some uri strings in case the 1000-round generation fails"
This reverts commit 7161a548f4.

Prepping for a more sane solution that doesn't change the URI sizes and
succeeds without fallingback to a pre-generated list.
2012-03-26 12:34:30 -05:00
hdm 27d3f490f7 Precalculate some uri strings in case the 1000-round generation fails 2012-03-26 12:33:54 -05:00
Tod Beardsley 9fad028d8a A nicer checksum fixer
Just use a checksum digit like a cc#, no need for precalculated lists,
will be correct every time.
2012-03-26 11:59:29 -05:00
Tod Beardsley b2b2580dbf Adding the correct url for exploit-db exploits. 2012-03-22 14:26:46 -05:00
Tod Beardsley c589420f42 Typo fix, missing comma 2012-03-21 16:43:21 -05:00
Tod Beardsley 75785a8b9f Got tired of writing out Exploit-DB identifiers
There are 143 modules with exploit-db references, may as well make them
easier to write and find. This change introduces the EDB identifier.
2012-03-21 16:43:21 -05:00
Chris John Riley b49b947b9a Added Base32 Support 2012-03-21 22:02:46 +01:00
James Lee bba98136b6 Clarify the driver situation a bit
Tell the user what's really going on instead of what was going on before
4.2 was released and we still supported databases other than postgres.
2012-03-19 21:13:49 -06:00
Tod Beardsley e938f24267 Update Spiceworks importer to use CSV, keep info
Instead of data.each, use the stdlib CSV importer. This will avoid
accidentally splitting on ',' characters at a minimum.

If the device has a serial number and/or a location, keep that and
reflect it in the info.
2012-03-19 12:45:25 -05:00
James Lee d25756976c Add a binary-safe method for writing files on unix shell sessions
Also some tests for doing so, all of which pass on Linux, Windows, and
Java meterpreter, as well as shell sessions on Linux and Solaris. They
will fail miserably on Windows shell sessions.
2012-03-19 01:10:23 -06:00
James Lee 66727043f9 Add an inspect method that doesn't print the entire buffer
Also cleans up some whitespace
2012-03-19 01:10:23 -06:00
James Lee 14fdde67ab Use a proper mode for appending 2012-03-16 17:18:44 -06:00
James Lee 47ce05cc27 Add a couple methods and some tests for Post::File 2012-03-16 16:27:06 -06:00
James Lee 6754bccf78 Use `#session_compatible?` instead of looping through `#compatible_sessions` 2012-03-16 12:12:08 -06:00
James Lee 65b92efe8c Fix an ancient syntax fail 2012-03-16 02:03:54 -06:00
James Lee 9aaf6af072 Return network prefixes when available
Solves #6525 on Vista+.  Win2k still works using the old MIB method
(which doesn't support ipv6).  Win2k3 and XP are still busted for
unknown reasons.
2012-03-16 01:50:26 -06:00
James Lee 916f23fe4e Add IPv6 support for bit2netmask 2012-03-16 01:50:26 -06:00
James Lee a3db547c76 Justify TLVs to be a little easier to read 2012-03-16 01:50:26 -06:00
David Maloney 6011da7db8 More Virtualisation SSL fixes 2012-03-15 19:06:48 -05:00
James Lee 6895ff9cbb Whitespace at EOL 2012-03-14 21:42:00 -06:00
James Lee 9d563d4d9e Pastographical error 2012-03-14 21:41:14 -06:00
Maciej Kotowicz f91b894375 added posibilities for generating payload from asm to more arch's
added linux/x64/shell_find_port payload
2012-03-14 22:39:56 +01:00
James Lee 2c34b7d599 Alias `ifconfig` to `ipconfig`
This has bugged me for *years*.
2012-03-14 11:07:31 -06:00
James Lee 40e1cafd6e Remove extraneous debug print 2012-03-14 11:07:31 -06:00
gaspmat@gmail.com 248a73a73c change sniffer behaviour when stopping capture. workaround if pcap_findalldev fails 2012-03-14 11:07:31 -06:00
sinn3r 46da36d3a0 Fix bug: undefined method `size' for nil:NilClass (Bug #6526) by Raphael 2012-03-14 11:49:49 -05:00
David Maloney 5a69c896fc Fixes #6465
Properly imports vulnerability titles from Qualys Scan Reports
2012-03-13 16:45:55 -05:00
James Lee 6cfb3ff4fc Comment out extension TLV types
I suspect this is a load order issue where sometimes the extension's TLV
types are defined before hitting this and sometimes aren't.
Nevertheless, pretty printing a TLV is not worth breaking all the
payloads.
2012-03-13 14:08:58 -06:00
James Lee 6a6dd06103 Merge branch 'feature/6476-list-all-ifaces'
Conflicts:
	modules/auxiliary/scanner/afp/afp_server_info.rb
2012-03-13 13:55:45 -06:00
James Lee 89e3fee5a8 Revert "Squashed commit of the following:"
This reverts commit dd9ac8a6c0.
2012-03-13 13:38:35 -06:00
James Lee dd9ac8a6c0 Squashed commit of the following:
commit 8b4750d0dcbac0686f9403acdf5cab50c918212f
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 13 13:14:43 2012 -0600

    Add bins for listing all addresses

    [Fixes #6476]

commit 213dd92ebc9b706a45725e6515c7939d2edace0e
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 13 02:08:34 2012 -0600

    Accept multiple addresses and netmasks

    [See #6476]

commit 2e8bd3c3ecfb319bf9456485d2420bb5829b60cc
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 13 01:55:57 2012 -0600

    Make inspecting meterpreter packets a little less painful

    Not sure why I originally thought there was no way to access extensions'
    constants before.  A simple `require` makes it all happy.

commit da367907cf579bd3aefaffbc84d2f96a41b85f00
Author: James Lee <egypt@metasploit.com>
Date:   Sun Mar 11 22:08:44 2012 -0600

    Fix up Linux after changes for Windows

commit ec9f04378b0155f69df95d4a94e62d33ce61977c
Author: James Lee <egypt@metasploit.com>
Date:   Sun Mar 11 21:56:11 2012 -0600

    Grab IPv6 addresses on Windows when possible

    Tries to GetProcAddress of GetAdaptersAddresses and falls back to the
    old GetIpAddrTable() function when it isn't available. This should work
    on XPSP1 and newer, albeit without netmasks on versions before Vista.
    Still trying to figure that one out.

commit 1052ebdcf86114fbc03d1a37ab5d4c6a78e82daa
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 6 15:34:09 2012 -0700

    Wrap Windows-specifc headers in ifdef

commit f23f20587b3117c38a77e7e5a93d542411e9504f
Author: James Lee <egypt@metasploit.com>
Date:   Tue Mar 6 14:36:34 2012 -0700

    Handle multiple addrs on one iface on the ruby side

commit d7207d075ac6462875d9da531cf20c175629a416
Author: James Lee <egypt@metasploit.com>
Date:   Mon Mar 5 21:57:39 2012 -0700

    Adds IPv6 addrs to win32 get_interfaces response

commit 11ae7e8a45bd56d25841ea8724377e0fb6789d72
Author: James Lee <egypt@metasploit.com>
Date:   Mon Mar 5 09:07:28 2012 -0700

    Don't distinguish between 4 and 6.

    The client can figure it out from the length.

commit 2c7490bdf3e4079f30857ee323d2ce23ab1bd9a5
Author: James Lee <egypt@metasploit.com>
Date:   Sun Mar 4 04:25:26 2012 -0700

    Append to the list instead of assigning to it

    All addresses are being sent to the client now.  Just need a way to
    parse them out correctly on the other side and meterpreter will be able
    to list all addresses on all interfaces on Linux.  Next step is to
    allocate the proper number of TLVs to avoid good ol' stack smashes on
    systems with lots of addresses and then make sure we clean all the
    memory leaks.

    [See #6476]

commit 73bba037ad968b922341c02459017afcc8407a76
Author: James Lee <egypt@metasploit.com>
Date:   Sun Mar 4 03:12:28 2012 -0700

    Lay the groundwork for returning all addresses

    This commit only sends the last interface in the list, but it is looping
    through all of them as evidenced by the log, just need to make sure
    we're not overwriting as we go.

    [See #6476]
2012-03-13 13:19:18 -06:00
sinn3r 50d2796899 Merge branch 'afp' of https://github.com/gregory-m/metasploit-framework into gregory-m-afp 2012-03-13 11:30:34 -05:00
Brandon Perry 7275e91698 spiceworks tab fix 2012-03-13 08:46:11 -07:00
James Lee 1d99330795 Accept multiple addresses and netmasks
[See #6476]
2012-03-13 02:08:34 -06:00
Gregory Man b0ba10f79c Added afp_login module. 2012-03-13 10:01:42 +02:00
Gregory Man 5b13b7d1d9 Extracted common AFP functionality to mixin 2012-03-13 09:56:03 +02:00
James Lee 58bc9346f4 Make inspecting meterpreter packets a little less painful
Not sure why I originally thought there was no way to access extensions'
constants before.  A simple `require` makes it all happy.
2012-03-13 01:55:57 -06:00
James Lee b815955e09 Allow file argument for the `ls` command
Previously only worked for directories.

[Fixes #3055]
2012-03-13 00:52:42 -06:00
HD Moore 1a364df37e Pull payload/exploit options into nop modules as well 2012-03-12 23:28:47 -05:00
HD Moore 606ca82432 Share the datastore with encoders 2012-03-12 23:23:15 -05:00
HD Moore be6a64b3f7 Force option validation in exploit_simple for e & p 2012-03-12 22:57:23 -05:00
HD Moore 7b32bc689f Swap URIPATH to TARGETURI for consistency 2012-03-12 13:58:33 -05:00
Tod Beardsley de888e50f0 Adding a cleaner RuntimeError to target_uri
The purpose of re-raising an error from a library method like this is to
tell the user in no uncertain terms what all actually went wrong with the
module. This fix will cause a somewhat more pleasant error message than
the default message. Here's the raise from URI:

```
[-] Auxiliary failed: URI::InvalidURIError bad URI(is not URI?): what%ever
[-] Call stack:
[-]   /home/todb/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/uri/common.rb:156:in `split'
[-]   /home/todb/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/uri/common.rb:174:in `parse'
[-]   /home/todb/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/uri/common.rb:626:in `parse'
[-]   /home/todb/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/uri/common.rb:724:in `URI'
[-]   /home/todb/git/rapid7/metasploit-framework/lib/msf/core/exploit/http/client.rb:535:in `target_uri'
[-]   /home/todb/.msf4/modules/auxiliary/test_uri.rb:20:in `run'
[*] Auxiliary module execution completed
```

And here's the new, Metasploit-specific one:

```
[-] Invalid URI: "what%ever"
[-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: URIPATH.
[*] Auxiliary module execution completed
```

The user can now tell easily what's wrong with the module configuration,
and doesn't have to parse through a stack trace that leads down into
the Ruby stdlib.
2012-03-10 10:58:16 -06:00
sinn3r cc87ed8428 Remove weird error handling unless someone explains to me why I need to raise errors when it does already 2012-03-09 18:42:06 -06:00
sinn3r 0530eb4b09 Add target_uri 2012-03-09 14:44:32 -06:00
HD Moore 6b00848688 Propagate the job_id back to the caller (often console's active_module)
to restore job handling
2012-03-08 16:01:32 -06:00
James Lee 090674386f Tell the user when we have to switch from a deleted workspace 2012-03-08 14:08:38 -07:00
James Lee b79e79022a Add a rename option to workspace command
[Fixes #6498]
2012-03-08 13:44:31 -07:00
David Maloney 67c7971bdf Addresses a race condition with checking a scanner's status before it's run method has executed. 2012-03-08 13:07:03 -06:00
David Maloney 9d343ea1c1 Fix to dividie by zero issue in scannenr progress method 2012-03-08 11:03:33 -06:00
HD Moore 761f859695 Simplify the module instance (required to call certain methods) 2012-03-07 07:59:41 -06:00
HD Moore 5054840165 Overwrite the local datastore with the normalized option, even if it
came from a global datastore due to a fall-through
2012-03-07 07:37:36 -06:00
HD Moore b89af3546d Revert the previous global fix in favor of a different method.
Fixes #6501
2012-03-07 07:37:36 -06:00
HD Moore 9975d5a220 Always clone modules before running them via the simplified wrappers.
This prevents changes to the datastore or instance variables from
being carried over into a second run
2012-03-07 07:37:36 -06:00
James Lee d99df825b3 Handle multiple addrs on one iface on the ruby side 2012-03-06 14:36:34 -07:00
James Lee 6b9a21936e Whitespace at EOL 2012-03-06 14:14:02 -07:00
James Lee 2b9acb61ad Clean up some incosistent verbosity
Modules should use `vprint_*` instead of `print... if
datastore["VERBOSE"]` or similar constructs
2012-03-06 12:01:20 -07:00
HD Moore 8cbe5d8a54 Force many integer arguments to be integers 2012-03-06 09:28:29 -06:00
Tod Beardsley 7f9880a1fc Fixes whitespace on linux shellcode from @mak
Also repairs some weirdly broken comment.

[Closes #131]
2012-03-05 16:59:37 -06:00
Tod Beardsley 9e380d9e88 Merge remote branch 'mak/payload-linux-x64' into l64 2012-03-05 14:58:24 -06:00
Tod Beardsley e014e9a5c3 Fix up notes search implementation
Uses delete_if and a negative assertion, rather than the (much nicer but
unavailable) keep_if method.
2012-03-05 13:50:02 -07:00
Tod Beardsley b847d48927 Tidies up sempervictus's search patch
Affects the console's db commands of hosts, services, vulns, creds, notes,
loot

Skips searching entirely unless a search term is provided, and
explicitly casts the term as a Regexp object from the outset.

Avoids using Object#to_sym in preference of Object#intern (safer in
nearly all cases)

Temporarily disables functionality on notes since Array#keep_if isn't
available prior to Ruby 1.9.2
2012-03-05 13:50:02 -07:00
RageLtMan 3270976d7b Search functionality for db dispatcher commands 2012-03-05 13:50:02 -07:00
Tod Beardsley 85d1b77ed3 Fix up notes search implementation
Uses delete_if and a negative assertion, rather than the (much nicer but
unavailable) keep_if method.
2012-03-05 13:40:26 -06:00
Tod Beardsley a957c45daf Tidies up sempervictus's search patch
Affects the console's db commands of hosts, services, vulns, creds, notes,
loot

Skips searching entirely unless a search term is provided, and
explicitly casts the term as a Regexp object from the outset.

Avoids using Object#to_sym in preference of Object#intern (safer in
nearly all cases)

Temporarily disables functionality on notes since Array#keep_if isn't
available prior to Ruby 1.9.2
2012-03-05 13:40:26 -06:00
RageLtMan fb475ca49c Search functionality for db dispatcher commands 2012-03-05 13:40:26 -06:00
HD Moore de9b35d7b0 Fixes #6485 by allowing validation to write back normalized values to
global. This isn't perfect, but we have no better solution unless we
clone the module datastore and unset the default imported_by for the
module run (actively testing that too in a branch)
2012-02-29 01:49:26 -06:00
HD Moore 7b40d8d819 Allow updates to fallthrough to the global store just like reads 2012-02-29 01:40:54 -06:00
James Lee 9f05562a18 Don't distinguish between IPv4 and IPv6 routes
It's easier to deal with one Array of all routes regardless of INET
family than having get_routes() return a two-element Array of Arrays.
Also fixes a bug in each_route() which was expecting get_routes() to
return a single Array of all routes. Thanks to valsmith for reporting.
2012-03-02 18:26:57 -07:00
Tod Beardsley 6c0f8636ec Merge pull request #217 from rapid7/reverse-http-randomness
Reverse http randomness
2012-03-02 16:36:26 -08:00
HD Moore b70b41091b Tested fairly well - this randomizes the URLs and removes the user-agent string from the request 2012-03-02 17:44:23 -06:00
James Lee 9e2a1b6d52 Allow channel -k as a synonym for -c
Makes it consistent with "jobs", "sessions", and "threads" commands in
msfconsole.  Because I keep using the wrong thing and being confused
about why it doesn't work.
2012-03-02 15:11:00 -07:00
James Lee 884550ce7c Fix undefined constant bug in session.fs.seek
How did this ever work?  Clearly nothing exercises this code.
2012-03-02 14:43:00 -07:00
James Lee 65c0cbdc00 Allow tab completion for resource files in current dir 2012-03-02 11:19:46 -07:00
Efrain Torres a2e5a4d9d5 New wmap version 1.5. Plugin and mixin changes. Modules edited to adjust to naming convention 2012-03-02 10:18:31 -06:00
James Lee 4f2fd918e4 Only add a Content-Type when it's not nil
Makes it possible to create MIME parts for non-file POST parameters when
sending a file.
2012-03-01 16:28:55 -07:00
James Lee bde9a846b9 Default the index to -1
This prevents stack traces on Java which doesn't provide the index.
2012-02-29 20:27:10 -07:00
James Lee 8380d0e9e0 No need to set the driver anymore
Fixes a ridiculous stack trace when connecting with a yaml file.
2012-02-29 15:47:45 -07:00
James Lee f5e2d1c19b Grevious typo causing load_session_info failure
That's the problem with rescue ::Exception, it catches crap like this
and it takes a while before anyone notices. =(
2012-02-29 08:14:02 -07:00
James Lee 624e19fd8b Merge session-host-rework branch back to master
Squashed commit of the following:

commit 2f4e8df33c5b4baa8d6fd67b400778a3f93482aa
Author: James Lee <egypt@metasploit.com>
Date:   Tue Feb 28 16:31:03 2012 -0700

    Clean up some rdoc comments

    This adds categories for the various interfaces that meterpreter and
    shell sessions implement so they are grouped logically in the docs.

commit 9d31bc1b35845f7279148412f49bda56a39c9d9d
Author: James Lee <egypt@metasploit.com>
Date:   Tue Feb 28 13:00:25 2012 -0700

    Combine the docs into one output dir

    There's really no need to separate the API sections into their own
    directory.  Combining them makes it much easier to read.

commit eadd7fc136a9e7e4d9652d55dfb86e6f318332e0
Author: James Lee <egypt@metasploit.com>
Date:   Tue Feb 28 08:27:22 2012 -0700

    Keep the order of iface attributes the same accross rubies

    1.8 doesn't maintain insertion order for Hash keys like 1.9 does so we
    end up with ~random order for the display with the previous technique.
    Switch to an Array instead of a Hash so it's always the same.

commit 6f66dd40f39959711f9bacbda99717253a375d21
Author: James Lee <egypt@metasploit.com>
Date:   Tue Feb 28 08:23:35 2012 -0700

    Fix a few more compiler warnings

commit f39cb536a80c5000a5b9ca1fec5902300ae4b440
Author: James Lee <egypt@metasploit.com>
Date:   Tue Feb 28 08:17:39 2012 -0700

    Fix a type-safety warning

commit 1e52785f38146515409da3724f858b9603d19454
Author: James Lee <egypt@metasploit.com>
Date:   Mon Feb 27 15:21:36 2012 -0700

    LHOST should be OptAddress, not OptAddressRange

commit acef978aa4233c7bd0b00ef63646eb4da5457f67
Author: James Lee <egypt@metasploit.com>
Date:   Sun Feb 26 17:45:59 2012 -0700

    Fix a couple of warnings and a typo

commit 29d87f88790aa1b3e5db6df650ecfb3fb93c675b
Author: HD Moore <hdm@digitaloffense.net>
Date:   Mon Feb 27 11:54:29 2012 -0600

    Fix ctype vs content_type typo

commit 83b5400356c47dd1973e6be3aa343084dfd09c73
Author: Gregory Man <man.gregory@gmail.com>
Date:   Sun Feb 26 15:38:33 2012 +0200

    Fixed scripts/meterpreter/enum_firefox to work with firefox > 3.6.x

commit 49c2c80b347820d02348d694cc71f1b3028b4365
Author: Steve Tornio <swtornio@gmail.com>
Date:   Sun Feb 26 07:13:13 2012 -0600

    add osvdb ref

commit e18e1fe97b89c3a2b8c22bc6c18726853d2c2bee
Author: Matt Andreko <mandreko@gmail.com>
Date:   Sat Feb 25 18:02:56 2012 -0500

    Added aspx target to msfvenom.  This in turn added it to msfencode as well.
    Ref: https://github.com/rapid7/metasploit-framework/pull/188
    Tested on winxp with IIS in .net 1.1 and 2.0 modes

commit e6aa5072112d79bbf8a4d2289cf8d301db3932f5
Author: Joshua J. Drake <github.jdrake@qoop.org>
Date:   Sat Feb 25 13:00:48 2012 -0600

    Fixes #6308: Fall back to 127.0.0.1 when SocketError is raised from the resolver

commit b3371e8bfeea4d84f9d0cba100352b57d7e9e78b
Author: James Lee <egypt@metasploit.com>
Date:   Tue Feb 28 17:07:42 2012 -0700

    Simplify logic for whether an inner iface has the same address

commit 5417419f35a40d1c08ca11ca40744722692d3b0d
Author: James Lee <egypt@metasploit.com>
Date:   Tue Feb 28 16:58:16 2012 -0700

    Whitespace

commit 9036875c2918439ae23e11ee7b958e30ccc29545
Author: James Lee <egypt@metasploit.com>
Date:   Tue Feb 28 16:53:45 2012 -0700

    Set session info before worrying about address

    get_interfaces can take a while on Linux, grab uid and hostname earlier
    so we can give the user an idea of what they popped as soon as possible.

commit f34b51c6291031ab25b5bfb1ac6307a516ab0ee9
Author: James Lee <egypt@metasploit.com>
Date:   Tue Feb 28 16:48:42 2012 -0700

    Clean up rdoc

commit e61a0663454400ec66f59a80d18b0baff4cb8cd9
Author: HD Moore <hd_moore@rapid7.com>
Date:   Tue Feb 28 04:54:45 2012 -0600

    Ensure the architecture is only the first word (not the full WOW64
    message in some cases)

commit 4c701610976a92298c1182eecc9291a1b301e43b
Author: HD Moore <hd_moore@rapid7.com>
Date:   Tue Feb 28 04:49:17 2012 -0600

    More paranoia code, just in case RHOST is set to whitespace

commit c5ff89fe3dc9061e0fa9f761e6530f6571989d28
Author: HD Moore <hd_moore@rapid7.com>
Date:   Tue Feb 28 04:47:01 2012 -0600

    A few more small bug fixes to handle cases with an empty string target
    host resulting in a bad address

commit 462d0188a1298f29ac83b10349aec6737efc5b19
Author: HD Moore <hd_moore@rapid7.com>
Date:   Tue Feb 28 03:55:10 2012 -0600

    Fix up the logic (reversed by accident)

commit 2b2b0adaec2448423dbd3ec54d90a5721965e2df
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Feb 27 23:29:52 2012 -0600

    Automatically parse system information and populate the db, identify and
    report NAT when detected, show the real session_host in the sessions -l
    listing

commit 547a4ab4c62dc3248f847dd5d305ad3b74157348
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Feb 27 22:16:03 2012 -0600

    Fix typo introduced

commit 27a7b7961e61894bdecd55310a8f45d0917c5a5c
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Feb 27 22:11:38 2012 -0600

    More session.session_host tweaks

commit e447302a1a9915795e89b5e29c89ff2ab9b6209b
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Feb 27 22:08:20 2012 -0600

    Additional tunnel_peer changes

commit 93369fcffaf8c6b00d992526b4083acfce036bb3
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Feb 27 22:06:21 2012 -0600

    Additional changes to session.session_host

commit c3552f66d158685909e2c8b51dfead7c240c4f40
Author: HD Moore <hd_moore@rapid7.com>
Date:   Mon Feb 27 22:00:19 2012 -0600

    Merge changes into the new branch
2012-02-28 18:29:39 -07:00
James Lee 46fef357f4 Clean up some rdoc comments
This adds categories for the various interfaces that meterpreter and
shell sessions implement so they are grouped logically in the docs.
2012-02-28 16:31:03 -07:00
James Lee db88145294 Keep the order of iface attributes the same accross rubies
1.8 doesn't maintain insertion order for Hash keys like 1.9 does so we
end up with ~random order for the display with the previous technique.
Switch to an Array instead of a Hash so it's always the same.
2012-02-28 08:27:22 -07:00
HD Moore d0bf833942 Fix ctype vs content_type typo 2012-02-27 11:54:29 -06:00
sinn3r 58dfe32b0a Merge branch 'aspx-msfvenom' of https://github.com/mandreko/metasploit-framework into mandreko-aspx-msfvenom 2012-02-26 18:40:30 -06:00
HD Moore 139136e033 Fix a handful of typos in the regex/parsing code 2012-02-26 02:10:06 -06:00
Matt Andreko 85645a81c1 Added aspx target to msfvenom. This in turn added it to msfencode as well.
Ref: https://github.com/rapid7/metasploit-framework/pull/188
Tested on winxp with IIS in .net 1.1 and 2.0 modes
2012-02-25 18:02:56 -05:00
James Lee 2b8d16203a Refactor Interfac#pretty to be more rubyish 2012-02-24 16:42:12 -07:00
MM f83a7f14ac Switch to netlink for listing interfaces
* Adds support for listing IPv6 addresses on POSIX meterpreter
* Ensures crash logs are only created if debugging is enabled
* Fixes a bug in sniffer where a lock was not acquired correctly

Squashed commit of the following:

commit 955124b264a675c7d67187703bf23b58f0aba6d8
Author: MM <gaspmat@gmail.com>
Date:   Thu Feb 23 23:42:26 2012 +0100

    posix meterpreter - IPv6 support for route and ipconfig using netlink sockets

[Closes #196]
2012-02-24 16:42:12 -07:00
Tod Beardsley cf0fd2bc93 Version bump to 4.3.0-dev
Closed or moved all the remaining 4.2 bugs, so
now we're in 4.3.0-dev. 4.2.0-release (and really
any -release) is intentionally very short-lived.
2012-02-24 15:06:24 -06:00
James Lee a81868b6b3 Fix a nil comparison bug
I swear there was a ticket for this but now I can't find it.
2012-02-23 16:30:29 -07:00
James Lee f7e60cefed Add a fingerprint for pg on ubuntu 8.04.2 2012-02-23 16:11:52 -07:00
James Lee db4bb0e537 Clean up comments for rdoc
Fixes some ugly formatting
2012-02-23 15:32:05 -07:00
James Lee 72038df7b5 Allow :sname as a synonym for :name when reporting services 2012-02-21 22:59:20 -07:00
Tod Beardsley b87d9a3a80 Version bump. 2012-02-21 17:54:23 -06:00
James Lee 0e375fc555 Remove superfluous db_driver command now that only pg is supported 2012-02-21 10:10:42 -07:00
James Lee 3857bef9f6 Adds help and tabs for commands in meterpreter core 2012-02-21 10:10:42 -07:00
James Lee 89e0842b1e Add vim_soap to the mixins list.
Fixes an issue where a different module load order would result in one
of the vmware modules failing to load be cause vim_soap hadn't been
required yet. Thanks d0rm0us3 for having a weird system and spotting
stuff like this.
2012-02-20 13:17:45 -07:00
Matt Buck e0a75c1b2c Merge branch 'release/4.2-stable'
Conflicts:
	lib/msf/core/model/host.rb
2012-02-19 22:57:22 -06:00
HD Moore c220a80494 Revert "Mark branch as -release (not final, just prep work)"
This reverts commit b02c368c55.
2012-02-19 18:52:10 -06:00