infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
30,667 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

30667 Commits (9a56e5c4f9b210e4d3ea06578b20fe7999264025)

Author SHA1 Message Date
David Maloney 129e579e69
update gemspec for newest mdm 
this pulls latest mdm version into framework
which adds a uniqness validation to Service

MSP-11643
 2015-01-07 15:35:55 -06:00
James Lee da2e088118
Land #4536, Ruby 2.2 compat fixes 
Note that ActiveRecord 3.2.21 still has a similar warning that will
probably cause bugs, preventing full support for 2.2 until that's fixed.
 2015-01-07 15:33:23 -06:00
David Maloney a491f22a09
migration update 2015-01-07 15:32:31 -06:00
Meatballs e3e9a64064
Land #4543, Update john.conf with korelogic rules 2015-01-07 21:30:44 +00:00
Meatballs bdbb26ba31
Land #4540, resolves #4532, honour DB_ALL_* options 2015-01-07 21:12:23 +00:00
David Maloney fcf0a3f096
pull latest credential 2015-01-07 15:09:01 -06:00
Meatballs 361057ce6e
Land #4544, resolves #4511 - fix rails log location 2015-01-07 20:58:26 +00:00
Meatballs 0b0ac1455a
Merge remote-tracking branch 'upstream/master' into extapi_service_post 
Conflicts:
	test/modules/post/test/services.rb
 2015-01-07 20:53:34 +00:00
Meatballs db367895a8
Land #4491, Fix test modules 2015-01-07 20:48:49 +00:00
Brent Cook 0c94536b87 make post service manipulation tests work 
Fix a funny default service name, adjust test to be case-agnostic.

winmgmt on Windows XP and Windows 8 have different capitalization for this
service. I'm not sure why it's a module parameter though - the test will still
fail if its anything other than winmgmt.

The following RC script has 7 successful outputs when run against a reverse_tcp shell.

Run a reverse_tcp stager and the following RC script to run the test

```
loadpath test/modules
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.43.1
run -j
sleep 5
use post/test/services
set SESSION 1
run
```

Note: this test still doesn't run very reliably on windows 8 unless you're
using the code from rapid7/meterpreter#107 and #4411, though it runs ok on
Windows XP.
 2015-01-07 13:31:16 -06:00
Brent Cook c96c8a03cf CmdStagerVBS is now in Rex::Exploitation 
```
 $ ./msfconsole -qx "loadpath test/modules/; exit"
 Loaded 32 modules:
     12 auxiliarys
	 12 exploits
	 8 posts
```
 2015-01-07 13:31:15 -06:00
David Maloney 82d129bfc4
Merge branch 'master' into feature/jtr-korelogic-rules-update 2015-01-07 12:42:23 -06:00
David Maloney 9bcb3b95cd Merge branch 'master' of github.com:rapid7/metasploit-framework 2015-01-07 12:41:43 -06:00
David Maloney df70678762
tell suer KoreLogic rules have been applied 
make sure to rpovide console feedback that we are
actually applying the KoreLogic rules to wordlist mode
 2015-01-07 12:36:07 -06:00
rastating 294cd80a08 Update documentation for wordpress_login 2015-01-07 18:32:52 +00:00
David Maloney 4ad7021336
give user option to turn on KoreLogic rules 
the cracker modules in framework now have a datastore option
to allow the user to select the KoreLogicRules
 2015-01-07 12:32:26 -06:00
David Maloney 5480cb81f5
add updated KoreLogic rules to john.conf 
updated our shipped john.conf to include a
more up to date version of the KoreLogic JtR rules.
They add overhead to the cracking time but are
probably some of the best/most effective JtR
rules out there.
 2015-01-07 12:25:04 -06:00
sinn3r ef97d15158 Fix msftidy and make sure all print_*s in check() are vprint_*s 2015-01-07 12:12:25 -06:00
David Maloney 5d68d48ca5
Land #4385, fixes bruteforce_speed validator 
bruteforce_speed validator now accepts nil
 2015-01-07 12:09:25 -06:00
David Maloney 702511dbc5
respect DB_ALL_USERS & DB_ALL_PASS 
fix last few things in authbrute
and make the CredentialCollections understand the
additional seperate components

MSP-11986
 2015-01-07 11:41:41 -06:00
David Maloney 7ff2ba0725
first pass on fixing DB_ALL authbrute stuff 
DB_ALL_CREDS worked but DB_ALL_USER and DB_ALL_PASS
did not. working on fixing that.
This commit also does some nice DRY work in the auth_brute mixin

MSP-11986
 2015-01-07 11:30:39 -06:00
rastating a5f48b23df Add use of Msf::ThreadManager 2015-01-07 17:27:06 +00:00
Meatballs aef8c702d7
Filter creds by type 2015-01-07 17:19:31 +00:00
James Lee 3e80efb5a8
Land #4521, Pandora FMS upload 2015-01-07 11:13:57 -06:00
James Lee 1ccef7dc3c
Shorter timeout so we get shell sooner 
The request to execute our payload will never return, so waiting for the
default timeout (20 seconds) is pointless.
 2015-01-07 11:11:33 -06:00
rastating e90e98547b Add configurable timeout to WordPress login 2015-01-07 17:06:31 +00:00
sinn3r 4c240e8959 Fix #4098 - False negative check for script_mvel_rce 
Fix #4098, thanks @arnaudsoullie
 2015-01-07 10:40:58 -06:00
sinn3r c60b6969bc Oh so that's it 2015-01-07 10:39:46 -06:00
James Lee efe83a4f31
Whitespace 2015-01-07 10:19:17 -06:00
Trevor Rosen 3ba3465afb
Ensure logging in ~/.msf4/log 
Fix #4511
 2015-01-07 09:37:07 -06:00
m7x 89699d1549 Typo workspace_id 2015-01-07 10:58:59 +00:00
Christian Mehlmauer 09bd0465cf
fix regex 2015-01-07 11:54:55 +01:00
rcnunez b3def856fd Applied changes recommended by jlee-r7 
used Rex::ConnectionError
refactor begin/rescue blocks
removed ::URI::InvalidURIError
changed @peer with peer
used Exploit::CheckCode:Appears instead of Exploit::CheckCode::Vulnerable
 2015-01-07 18:38:19 +08:00
Christian Mehlmauer eaad4e0bea
fix check method 2015-01-07 11:01:08 +01:00
dmooray 8c23e8c2e8 ruby 2.2 compatibility 
Fix circular argument reference warnings for ruby 2.2
 2015-01-07 12:00:50 +02:00
dmooray 478505c17a ruby 2.2 compatibility 
https://bugs.ruby-lang.org/issues/10314
 2015-01-07 11:41:34 +02:00
Christian Mehlmauer 862af074e9
fix bug 2015-01-07 09:10:50 +01:00
Christian Mehlmauer d007b72ab3
favor include? over =~ 2015-01-07 07:33:16 +01:00
Christian Mehlmauer 4277c20a83
use include? 2015-01-07 06:51:28 +01:00
Christian Mehlmauer 39e33739ea
support for anonymous login 2015-01-07 00:08:04 +01:00
Christian Mehlmauer bf0bdd00df
added some links, use the res variable 2015-01-06 23:25:11 +01:00
William Vu fee49b0b85
Land #4531, Msf::Exploit::PDF method name fix 2015-01-06 14:26:58 -06:00
David Maloney a626c45813
update gemspec for newest credential 
we need the latest metasploit-credential to migrate
over any old style creds still lingering around in the
database.

MSP-11919
 2015-01-06 14:25:55 -06:00
sinn3r 609c490b3c I missed nobfu 2015-01-06 12:49:39 -06:00
sinn3r 2ed05869b8 Make Msf::Exploit::PDF follow the Ruby method naming convention 
Just changing method names.

It will actually also fix #4520
 2015-01-06 12:42:06 -06:00
Christian Mehlmauer f9f2bc07ac
some improvements to the mantis module 2015-01-06 11:33:45 +01:00
William Vu 0bece137c1
Land #4494, Object.class.to_s fix 2015-01-06 02:27:35 -06:00
William Vu f2710f6ba7
Land #4443, BulletProof FTP client exploit 2015-01-06 02:10:42 -06:00
William Vu 482cfb8d59
Clean up some stuff 2015-01-06 02:10:25 -06:00
William Vu 46aa165ca5
Land #4481, enum_users_history improvements 2015-01-06 01:52:38 -06:00