Commit Graph

1831 Commits (9450906ca464e47b462cad5c22135b7ac688587d)

Author SHA1 Message Date
David Maloney 19af279ce9
Merge branch 'master' into staging/rails-upgrade 2016-05-05 10:46:12 -05:00
dmohanty-r7 f096c3bb99
Land #6821 Fix send_request_cgi! redirection 2016-05-05 09:09:30 -05:00
David Maloney 55b38ad089
Land #6398, content length header
lands wei's content length header pr
2016-05-04 11:53:46 -05:00
David Maloney fb5b228984
Merge branch 'master' into staging/rails-upgrade 2016-05-02 11:33:35 -05:00
dmohanty-r7 050061762b Fix db_manager rspec tests
MS-255
2016-04-28 13:17:02 -05:00
wchen-r7 d4b89edf9c Fix #6398, Missing Content-Length header in HTTP POST
RFC-7230 states that a Content-Length header is normally sent in
a POST request even when the value (length) is 0, indicating an
empty payload body. Rex HTTP client failed to follow this spec,
and caused some modules to fail (such as winrm_login).

Fix #6398
2016-04-28 11:44:10 -05:00
James Lee e7f0163c2e
Apparently super doesn't work the same here in 2.3
But it doesn't matter, the value just needs to be before the current
time, so replace it with a simpler solution.
2016-04-26 10:35:41 -05:00
wchen-r7 47d52a250e Fix #6806 and #6820 - Fix send_request_cgi! redirection
This patch fixes two problems:

1. 6820 - If the HTTP server returns a relative path
   (example: /test), there is no host to extract, therefore the HOST
   header in the HTTP request ends up being empty. When the web
   server sees this, it might return an HTTP 400 Bad Request, and
   the redirection fails.

2. 6806 - If the HTTP server returns a relative path that begins
   with a dot, send_request_cgi! will literally send that in the
   GET request. Since that isn't a valid GET request path format,
   the redirection fails.

Fix #6806
Fix #6820
2016-04-25 14:30:46 -05:00
Brent Cook 7ff5a5fd7e switch mainframe payloads to fixed size 2016-04-23 11:40:05 -04:00
Brent Cook e75ce8b248 update test to hook exist? rather than exists? 2016-04-21 06:56:48 -04:00
thao doan e70d967b4e Land #6763, Add rspec for lib/metasploit/framework/login_scanner/redis 2016-04-18 10:05:24 -07:00
David Maloney 3a623862e3
Merge branch 'master' into staging/rails-upgrade 2016-04-15 10:55:43 -05:00
Brent Cook d3e5dffe26
whitespace 2016-04-13 22:20:42 -05:00
Brent Cook 6ce7055130
Land #6737, Added reverse shell JCL payload for z/OS 2016-04-13 22:19:15 -05:00
Brent Cook 09873f2f9c
Land #6717, Add new cmd mainframe payload (generic_jcl) for z/OS 2016-04-13 22:10:23 -05:00
wchen-r7 6c5886afba Resolve #6736, Add rspec for login_scanner/redis lib
Resolve #6736
2016-04-08 11:41:08 -05:00
Fernando Arias 8f3f2f74b4
Move shared example from pro into framework
MS-1361
2016-04-07 13:09:52 -05:00
Fernando Arias f5415c8058
Move pro concern logic into framework
MS-1361
2016-04-07 10:59:40 -05:00
William Vu 22d08fdf39 Revert #6748, premature Gemfile* changes 2016-04-06 14:52:22 -05:00
David Maloney 8de58e4b80
Merge branch 'master' into staging/rails-upgrade 2016-04-04 09:30:01 -05:00
wchen-r7 f7dd326b16
Land #6455, Fix dns labels/names size limits for lib/net/dns/names/names 2016-04-01 21:57:09 -05:00
Bigendian Smalls 6a4d7e3b58
Revshell cmd JCL payload for z/OS
Added a JCL-based reverse shell.  Uses the same source code as the
shellcode version does.  Source code is in
external/source/shellcode/mainframe/shell_reverse_tcp.s
2016-03-31 20:42:42 -05:00
wchen-r7 46d4b533f3 Add rspec for lib/net/dns/names/names.rb 2016-03-31 11:29:30 -05:00
wchen-r7 bc48ebd43b Use patch_finder for msu_finder 2016-03-29 23:21:01 -05:00
wchen-r7 1bcd3fac25
Land #6724, Import workspace IP validation from Mdm
MS-902
2016-03-29 18:31:47 -05:00
Adam Cammack 3b0170e87d
Import workspace IP validation from Mdm
This allows us to actually test the validations, since the code calls
out to Rex::Socket::RangeWalker.

MS-902
2016-03-29 17:56:22 -05:00
Bigendian Smalls a6518b5273
Add generic JCL cmd payload for z/OS (mainframe)
This payload does nothing but return successfully.  It can be used to
test exploits and as a basis for other JCL cmd payloads.
2016-03-28 21:01:39 -05:00
wchen-r7 c4735bd72a Fix rspec pull_request_finder_spec.rb 2016-03-24 20:56:46 -05:00
wchen-r7 57984706b8 Resolve merge conflict with Gemfile 2016-03-24 18:13:31 -05:00
James Lee 1375600780
Land #6644, datastore validation on assignment 2016-03-17 11:16:12 -05:00
Adam Cammack 32fe9ae55d
Remove dead version check in db_manager.rb
The check appears to have been orphaned in the db_manager refactor, but
I can't track down the exact commit.
2016-03-16 15:24:55 -05:00
Brent Cook 903807d039 update spec for pre-check 2016-03-15 14:21:01 -05:00
Brent Cook dabe5c8465
Land #6655, use MetasploitModule as module class name 2016-03-13 13:48:31 -05:00
David Maloney 88697a5d3f
Merge branch 'master' into staging/rails-upgrade 2016-03-08 15:22:04 -06:00
wchen-r7 860159fa00 Update rspec 2016-03-08 11:37:25 -06:00
wchen-r7 58b8c35146 Escape HTML for KB and update rspec 2016-03-08 10:10:10 -06:00
Christian Mehlmauer 3123175ac7
use MetasploitModule as a class name 2016-03-08 14:02:44 +01:00
Brent Cook 659af68b16
Land #6388, update msftidy check for new preferred Metasploit module base class 2016-03-06 17:12:20 -06:00
Brent Cook cc436fe438 update to new preferred base class for modules 2016-03-06 17:11:51 -06:00
Brent Cook a2c3b05416
Land #6405, prefer default module base class of simply 'Metasploit' 2016-03-06 17:10:55 -06:00
Brent Cook e1db3ef369
Land #6388, Update msftidy to error when module super class is incorrect 2016-03-06 16:53:11 -06:00
Brent Cook 0fc4ebf4ab
Land #6618, Improve Content-Length behavior in Rex HTTP 2016-03-06 16:38:44 -06:00
Brent Cook 8faae94338
Land #6592, make linux/x86/shell_reverse_tcp's shell path configurable and remove shell_reverse_tcp2 2016-03-06 15:33:53 -06:00
Gregory Mikeska c2f7360a9a
replace deprecated 'ignore' with 'transient' 2016-02-29 14:57:09 -06:00
wchen-r7 bff4b4d5fc Fix #6609 and #6587 - Change Content-Length behavior in Rex HTTP
This patches changes two things:

1. If a module has a custom Content-Length, it will respect that
   instead of forcing its own.

2. If a request does not have anything in the body, the
   Content-Length header will not be set.

Fix #6609
Fix #6587
2016-02-29 10:50:21 -06:00
wchen-r7 814d53aee0 Add rspec for Msf::Util::DocumentGenerator::PullrequestFinder 2016-02-24 15:13:04 -06:00
wchen-r7 753e0f7693 Add rspec for Msf::Util::DocumentGenerator::DocumentNormalizer 2016-02-23 15:34:34 -06:00
joev 39f1113bca Remove unused spec. 2016-02-18 22:20:13 -06:00
OJ 44eb2d6a80
Merge branch 'upstream/master' into default-xor 2016-02-11 14:30:18 +10:00
Brent Cook 2386cb1344
Land #6527, add support for importing Burp suite vuln exports 2016-02-10 13:19:21 -06:00