[#36737359]
active_support/dependencies cannot resolve missing constants in Metasploit
modules because the wrapper module is anonymous. In order to make the
wrapper module non-anonymous, the module must be assigned to a constant.
Since we don't want modules colliding, the wrapper module needs a unique
name, so use the module lookup name to derive the proper nested module names
to namespace the wrapper module. All derived modules are nested under
Msf::Modules. The name derivation handles invalid characters for constant
names such as digits as the first character or non-alphanumeric character.
The invalid constant name characters are converted to their hex value and
prefixed with X, so '-' in a name become 'X2d'.
for convenience when you don't need/want a full resource file, you just
want to run something quick
example usage:
# say you have a saved config ready to go on load
./msfconsole -s 'exploit -j'
# you can run multiple commands too
./msfconsole -s 'set ConsoleLogging true\nshow options'
Often in HTTP modules, people are forced to to use 'data' instead
of 'vars_get' or 'vars_post', because the parameters (especially
the names) are URI-encoded, and the application actually may not
recognize the names/values. The new 'encode_params' option allows
that feature to be disabled. However, to make sure we're not
changing existing HTTP modules' behaviors, 'encode_params' is
still true by default (which is the original behavior we've always
been using).
fs.rb was originally attempting to call the "close" method on a
string holding the temporary path to the file being editted.
Replaced with ::File.delete(temp_path).
The 'unless' statement expects there's always a value for USERNAME
and PASSWORD. We might as well just set '' as the default value
to avoid the NoMethodError mistake. Related to bug #7140.
utctl shouldn't check for stdapi_ui_disable_mouse or disable_keyboard
since neither exist.
Removed the check, tested both enable and disable on mouse and keyboard,
uictl seems to work as advertised now.
[FIXRM #7217]
Same semantics as Ruby stdlib File.open - if you give it a block, yields
a new File object and closes it after the block, otherwise same as
File.new.
[FixRM #6481]
This solves the looping problem. Since the TCP connection wouldn't
necessarily close, we couldn't count on a 0-length recv, and the
connection was timing out. Changed it so send_tcp can take a block, in
which we do parsing. AXFR responses are sandwiched between SOA answers,
so when the second one is reached, the transfer is done.
This is also cleaner for existing code that uses send_tcp, since if no
block is passed, it just returns the first response and tears down the
connection, just like it used to.
This required some changes to send_tcp: it now loops, reading as many
length-prefixed DNS responses as are available before the connection
closes. This shouldn't affect other uses of the function, since most
questions only have one response in answer.
AXFR support in net-dns is broken. This fixes it, and makes the
requisite modifications to enum_dns module. Basic problem is that AXFR
responses consist of a chain of DNS replies, not a single reply with
multiple answers. Previously, only the first of these replies, the SOA
record, was returned. Also added some exception handling to avoid
problems like #483.
but it expects a factory object not a string, when setting :proxy => datastore['Proxies'] user got:
"Auxiliary failed: NoMethodError private method `open' called for \"socks4:localhost:1080\":String."
VALID_OPTIONS in ssh.rb now takes :proxies option which is passed to the Rex socket in
Net::SSH::Transport::Session.new.
Testing: block all outgoing to SSH server, try to connect with a proxy. Try with :proxy option,
then merge this pull request and try again.
commit 665f3f5b993dfa48db817f6138ac356919af37fc
Author: Chris Lennert <calennert@gmail.com>
Date: Wed Aug 1 19:44:14 2012 -0500
Two corrections to NetGetJoinInformation args
[Closes#661]
Also gets rid of the conn_ids array, which was never pruned (and
without some extra gymnastics in meterpreter/client.rb *can't* be) when
handler URLs were removed.
Unfortunately, adds a dep on bionic for runtime compilation.
Gets ring0, sets the (res)uid to 0 and jumps to the payload. Still some
payload issues because linux stagers don't mprotect(2) the buffer they
read(2) into. Single payloads work fine, though.
Also cleans up and improves local exploits' ability to compile C.
[SEERM #3038]
HD Moore
Luke Imhoff
sinn3r
joe
Tod Beardsley
kernelsmith
David Maloney
Ramon de C Valle
Samuel Huckins
Adam Dalton
James Lee
RageLtMan
Stephen Haywood
eddiezab
m m
Daniel Miller
Chris Lennert
webstersprodigy
Rob Fuller