Commit Graph

12925 Commits (8b3b952ccd0b0a6856f2eeb10eddea73390838e2)

Author SHA1 Message Date
sinn3r 37e75dc644 Make this description a little more sense 2012-04-20 12:25:51 -05:00
James Lee 6cb0fe9fbf Use the framework thread spawner instead of Rex
Not sure why this was Rex before, changed for consistency and to avail
of the ActiveRecord connection release code recently added to the
framework version.
2012-04-20 01:13:12 -06:00
sinn3r b955569b10 Update the use of get2() in order to support ruby 1.9.3 2012-04-20 01:37:24 -05:00
James Lee 6d0e4fba5e Go ahead and wrap the db commands as well.
Most of this probably isn't necessary, but better safe than sorry.
2012-04-19 23:53:00 -06:00
James Lee 29e01760f0 Wrap more database usage in with_connection block 2012-04-19 23:51:20 -06:00
James Lee d79f8b0492 Add with_connection wrappers to the database rpc calls
Certainly not all of these methods require a connection, but it is
better to check one out when we don't need it than to risk grabbing an
implicit connection that will never be handed back to the pool.
2012-04-19 22:58:24 -06:00
sinn3r c68a775106 Fix EDB references 2012-04-19 23:53:32 -05:00
David Maloney 5db3e5aa34 Fixes some issues with the nexpose integration library
Should now work for all cases
2012-04-19 23:04:14 -05:00
sinn3r 12bf301d2b Correct file name 2012-04-19 21:17:19 -05:00
sinn3r 05459ca3ff Change module description 2012-04-19 21:17:19 -05:00
sinn3r 072faa65ec Massive code cleanup 2012-04-19 21:17:19 -05:00
sinn3r 93134e6fd2 Change default target 2012-04-19 21:17:19 -05:00
unknown 47ecd36805 Implemented Changes suggested by wchen-r7 (sinn3r) 2012-04-19 21:17:19 -05:00
unknown feb625cab0 Updated module 2012-04-19 21:17:19 -05:00
unknown 8caec4777f TFTPserverST addition 2012-04-19 21:17:18 -05:00
Tod Beardsley d33cd386a8 Merge pull request #340 from rsmudge/armitage
fix a compatability issue with latest msf changes.
2012-04-19 17:50:43 -07:00
Alexander Klink 8c06e0d46e Squashed commit of the following:
commit 5c82f0acade617d8314858170752c498eac4b4fb
Author: Alexander Klink <git@alech.de>
Date:   Thu Apr 19 20:57:21 2012 +0200

    pdf2xdp.rb script to convert PDF file to XDP format

    XDP is an equivalent format for PDF, but is pretty useful in evading AV
    software.

    See
    https://www.metasploit.com/redmine/issues/3679
    http://shiftordie.de/blog/2011/02/09/evading-avs-using-the-xml-data-package-xdp-format/

[Closes #345]
2012-04-19 18:27:18 -06:00
sinn3r 93390fa6e2 Fix metadata and some cosmetic stuff 2012-04-19 19:12:27 -05:00
sinn3r bce6c9abcf Verify checksum to avoid jumping to a corrupt payload 2012-04-19 18:52:43 -05:00
sinn3r ae7c2acf9d Merge branch 'xradio-exploit-module' of https://github.com/b0telh0/metasploit-framework into b0telh0-xradio-exploit-module 2012-04-19 18:09:20 -05:00
sinn3r 9a00823828 Merge branch '0a2940-CVE-2008-5499_adobe_flashplayer_aslaunch' 2012-04-19 18:08:22 -05:00
sinn3r f5e8f57497 Minor fixes 2012-04-19 18:07:35 -05:00
James Lee 06b3ed2e13 Add with_connection wrappers to the methods I missed 2012-04-19 15:45:23 -06:00
James Lee 876c59b192 Make use of the new ActiveRecord 3.x concurrency contract
All Database usage must go through framework.db (which should have been
the case before, anyways) or explicitly checkout and checkin a
connection.  Failure to do so causes thread starvation and bizarre
random failures when attempting to use the database.

This commit also explicitly releases database connections at the end of
all threads created via framework.threads.spawn, which should alleviate
Deprecation Warning messages from ActiveRecord.

[Fixes #6613]
2012-04-19 14:21:21 -06:00
sinn3r 8d1d63dda8 Correct OSVDB reference, thanks modpr0be 2012-04-19 12:04:11 -05:00
sinn3r 45997b8dd4 Fix typos 2012-04-19 10:54:05 -05:00
sinn3r 37f4e7b3b9 Fix bug #6714, thanks Scott 2012-04-19 10:22:31 -05:00
Tod Beardsley 8edf3fc8bd Service info shouldn't be blanked if it exists.
Check service.info at the end of reporting a service instead of the
beginning. This will preserve an existing service info in the event
we're re-reporting a service.

[See #6701]
2012-04-19 09:47:41 -05:00
Tod Beardsley ce3d98bc88 vcms_login.rb description 2012-04-19 07:44:28 -05:00
sinn3r 5fde6b759f Add VCMS brute-force module 2012-04-19 02:25:03 -05:00
sinn3r 81b6e76619 Correct CVE/OSVDB/BID references, thanks Chad. 2012-04-19 00:24:56 -05:00
sinn3r 946ab1514e Correct module naming style 2012-04-18 20:45:25 -05:00
sinn3r 1065111817 Correct TARGETURI description 2012-04-18 18:57:37 -05:00
sinn3r 7071c30b4b These modules don't really print anything out with print_status(), which makes it weird to look now that we've implemented egypt's output style changes 2012-04-18 16:07:41 -05:00
sinn3r 0e45b6c06c Avoid printing ip:port twice 2012-04-18 16:01:10 -05:00
James Lee 1f577b24b2 Merge branch 'rapid7' into http-print-standardization 2012-04-18 08:51:42 -06:00
sinn3r f3ebe284ca Minor cosmetic changes 2012-04-18 02:38:25 -05:00
sinn3r 15539c633b Merge branch 'chap0-gsm' of https://github.com/chap0/metasploit-framework into chap0-chap0-gsm 2012-04-18 02:32:42 -05:00
sinn3r e52f40daf1 Cosmetic changes 2012-04-18 02:25:43 -05:00
sinn3r 01beddc609 Merge branch 'cyberlink' of https://github.com/mrmee/metasploit-framework into mrmee-cyberlink
Conflicts:
	modules/exploits/windows/fileformat/cyberlink_p2g_bof.rb
2012-04-18 02:03:59 -05:00
sinn3r 862869e4f2 Strip ms03_020_ie_objecttype from Browser AutoPwn because:
1. We have newer browser modules that can replace it, and already do.
2. It uses an egghunter that we don't favor in BAP
3. It uses system addresses, which we no longer favor.
2012-04-17 22:26:14 -05:00
sinn3r 120f2e5795 Merge pull request #341 from jlee-r7/bap-refactor
Fix an issue where ie_createobject and others weren't getting tried
2012-04-17 20:14:20 -07:00
James Lee a2dc890cfa Don't puke if the connection came from localhost 2012-04-17 19:49:42 -06:00
James Lee f9b2fe89b2 Merge branch 'rapid7' into http-print-standardization
Conflicts:
	modules/exploits/windows/browser/apple_quicktime_marshaled_punk.rb
	modules/exploits/windows/browser/apple_quicktime_rtsp.rb
	modules/exploits/windows/browser/apple_quicktime_smil_debug.rb
2012-04-17 19:15:06 -06:00
James Lee afe28523f3 Puts testAXO() on window so we can access it from anywhere
Also uses the new :method property which allows an array syntax.  See
ie_createobject for a usage example.
2012-04-17 18:54:26 -06:00
James Lee f9a48ace48 Switch to using :method, see previous commit 2012-04-17 18:48:14 -06:00
James Lee 741de34d92 Add a :method property for autopwn_info
Replaces the previous overloading of :vuln_test
2012-04-17 18:32:11 -06:00
James Lee eedf4520be Merge branch 'rapid7' into bap-refactor 2012-04-17 16:20:11 -06:00
James Lee c83f2460c5 Use framework's db wrapper instead of Mdm directly 2012-04-17 16:12:25 -06:00
sinn3r 0fccc67774 Add MS12-004 to BAP 2012-04-17 16:40:32 -05:00