infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
27,851 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

8594 Commits (967800eed09f82bca52bdae67098e5e7d9c0a4b9)

Author SHA1 Message Date
Tod Beardsley d5a0b81680
Land #4024, auto-negotiate SSL versions 
Thanks @hmoore-r7!
 2014-10-15 16:04:38 -05:00
Tod Beardsley 62be638258
Add 'Auto' to tcp.rb as well. 2014-10-15 16:01:42 -05:00
HD Moore fcd9b4b293 Allow non-SSLv3 Meterpreters (auto-negotiate) 2014-10-15 13:57:51 -05:00
HD Moore cb3a4afac5 Typo: request -> requested in message 2014-10-15 13:48:22 -05:00
HD Moore 7516512650 Raise an ArgumentError vs RuntimeError for backwards compatibility 2014-10-15 13:30:38 -05:00
HD Moore a762d871bf Autonegotiate SSL/TLS versions when not explicit 2014-10-15 13:26:40 -05:00
Tod Beardsley c4d1a4c7dc
Revert #4022, as the solution is incomplete 
Revert "Land 4022, datastore should default TLS1 vs SSL3"

This reverts commit 4c8662c6c1, reversing
changes made to 0937f32ff9.
 2014-10-15 12:32:08 -05:00
Tod Beardsley 1754b23ffb
Datastore options should default to TLS1, not SSL3 
Otherwise, we risk getting our connections killed by particularly
aggressive DPI devices (IPS, firewalls, etc)

Squashed commit of the following:

commit 5e203851d5c9dce1fe984b106ce3031a3653e54b
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Wed Oct 15 10:19:04 2014 -0500

    Whoops missed one

commit 477b15a08e06e74d725f1c45486b37e4b403e3c2
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Wed Oct 15 10:16:59 2014 -0500

    Other datastore options also want TLS1 as default

commit 8d397bd9b500ff6a8462170b4c39849228494795
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Wed Oct 15 10:12:06 2014 -0500

    TCP datastore opts default to TLS1

    Old encryption is old. See also: POODLE
 2014-10-15 10:28:53 -05:00
HD Moore 6cf62765de Default to TLSv1 for RPC connections 2014-10-15 01:20:43 -05:00
Tod Beardsley e68aaa4226
Don't disclose empty disclosure dates 
For rapid7#4015
 2014-10-14 16:02:23 -05:00
William Vu f612c8cd3e
Add disclosure date to info 2014-10-14 15:15:24 -05:00
William Vu fdd79e64c3
Land #4010, ReverseAllowProxy clarification 2014-10-14 15:10:50 -05:00
William Vu 5c4f61057f
Show available actions for info 2014-10-14 12:41:02 -05:00
Pedro Laguna 70d1eefaa9 Update reverse_tcp.rb 
As I am using a exploit that does a check on the Server HTTP headers to identify the target I saw an error message that reads like this:

>The target server fingerprint "" does not match "(?-mix:(Jetty|JBoss))", use 'set FingerprintCheck false' to disable this check.

Then, while using a HTTP proxy to analyse the requests I am presented with an error that tells me to set another internal option to override a default behaviour. Although it should be pretty clear to everyone using the metasploit framework, I think it is more convenient if all error messages have the same format/way to present suggestions, in this case, presenting the full command the user needs to introduce in order to carry on with the execution of the exploit.
 2014-10-14 11:24:59 +01:00
Jon Hart 458da2bca4
Land #3988, @wchen-r7's fix for #3985, a lack of logging for 'check' 2014-10-12 18:46:35 -07:00
sinn3r 96be53dcf1
Land #3962 - Show selected action 2014-10-12 14:02:40 -05:00
William Vu a04ad3aa8c
Update print_error to reflect new usage 2014-10-10 14:38:26 -05:00
William Vu 26743b4c38
Rewrite existing code to use HasActions 
And fix a bug in the initial use case where mod.action was dropped.
 2014-10-10 14:35:54 -05:00
William Vu 7e7e0259e4 Fix tab completion for post actions 2014-10-10 12:24:23 -05:00
William Vu 238a30a769
Update print_error to include post modules 2014-10-10 12:12:43 -05:00
sinn3r 48d2343152 Fix #3985 - check command should elog 2014-10-10 01:06:37 -05:00
Spencer McIntyre a535d236f6
Land #3947, login scanner for jenkins by @nstarke 2014-10-09 12:59:02 -04:00
William Vu 1d766ba95b
Rename dump_auxiliary_action{,s} 
To dump_module_action{,s} to accommodate post modules, etc.
 2014-10-08 14:49:14 -05:00
jvazquez-r7 f30309fe81
Land #3919, @wchen-r7's Fixes #3914, Inconsistent unicode names 2014-10-08 14:46:14 -05:00
William Vu f6a9cfcc52
Break away the elsif into a separate if 
In case exploits support actions for some crazy reason in the future.
 2014-10-08 14:30:41 -05:00
William Vu b2ba6e7ae1
Make the code more maintainable 
Despite the code around it.

Thanks for the advice, @jlee-r7!
 2014-10-08 14:14:28 -05:00
jvazquez-r7 dbc199ad77 space after commas 2014-10-08 13:56:59 -05:00
William Vu c0ef2c7938
Support post modules 
I kinda hate this code.

TODO: Get rid of and/or and the extra parens.
 2014-10-08 13:23:50 -05:00
William Vu a8b5bf4625
Show selected auxiliary action 2014-10-07 14:34:41 -05:00
nstarke eed0958de5 Fixing Comment 
Comment was incorrect and needed to be fixed.
 2014-10-07 11:28:40 -05:00
nstarke b8c2643d56 Converting Module to LoginScanner w/ Specs 
The previous commits for this Jenkins CI module relied on an
obsolete pattern.  Consequently, it was necessary to write
this module as a LoginScanner and incorporate the appropriate
specs so that the tests will run properly.
 2014-10-06 21:14:10 -05:00
sinn3r 17f278effd Fix #3822 - Support file:// syntax for check() 2014-10-06 13:37:14 -05:00
James Lee a65ee6cf30
Land #3373, recog 
Conflicts:
	Gemfile
	Gemfile.lock
	data/js/detect/os.js
	lib/msf/core/exploit/remote/browser_exploit_server.rb
	modules/exploits/android/browser/webview_addjavascriptinterface.rb
 2014-10-03 18:05:58 -05:00
Tod Beardsley 097d2bfbb5
Land #3922: Metasploit Park banner 2014-10-03 16:32:56 -05:00
Tod Beardsley d048bb7725 Add some color to the msfpark banner 
It looks kind of naked without some color compared to all the other
banners.
 2014-10-03 14:52:54 -05:00
Samuel Huckins f2fc0d88ef Lands #3943, changes to engine require 2014-10-03 14:26:50 -05:00
Matt Buck 0bb4eac259
Rename the method for optional requires 
MSP-11412
 2014-10-03 14:06:13 -05:00
Matt Buck 88cbf22ef0
Optionally require mdm, as well 
MSP-11412
 2014-10-03 13:49:39 -05:00
William Vu f7e709dcb3
Land #3941, new WPVDB reference 2014-10-03 10:17:02 -05:00
Christian Mehlmauer f45b89503d change WPVULNDBID to WPVDB 2014-10-03 17:13:18 +02:00
sinn3r 6f50ef581c
Land #3935 - Fix SNMP scanners on OS X/FreeBSD 2014-10-02 16:38:36 -05:00
sinn3r 6d7870a4ac
Land #3934 - New :vuln_test option to BES 2014-10-02 16:31:50 -05:00
Christian Mehlmauer 33b37727c7 Added wpvulndb links 2014-10-02 23:03:31 +02:00
Matt Buck dabec92e61
Ensure require of metasploit/credential/engine is optional 2014-10-02 14:46:56 -05:00
Matt Buck 7ed1977d0b
Specific require all metasploit gem dependencies' engines 
MSP-11412
 2014-10-02 14:20:10 -05:00
sinn3r 0820a4fe6a
Land #3933 - Fix cmd_exec with Python Meterpreter on OS X 2014-10-02 13:48:19 -05:00
Samuel Huckins 0dfd8e25b8
Land #3846, Rex::ImageSource specs 2014-10-02 12:33:56 -05:00
Joe Vennix 7861b17e16
Use write() to fix SNMP on osx/freebsd. 2014-10-02 09:15:43 -05:00
Joe Vennix 6571213f1c
Remove un-truthy doc string. 2014-10-01 23:41:02 -05:00
Joe Vennix 5a8eca8946
Adds a :vuln_test option to BES, just like in BAP. 
I needed this to run a custom JS check for the Android
webview vuln when the exploit is served straight
through BES. The check already existed when using BAP,
so I tried to preserve that syntax, and also added a
:vuln_test_error as an optional error message.

This commit also does some mild refactoring of un-
useful behavior in BES.
 2014-10-01 23:34:31 -05:00