d4cccda8e1
Add in missing require
...
Reverse_https handler needs to specifically require reverse_http in
order to ensure that the Msf::Handler::ReverseHttp mixin is available at
run time.
2012-08-25 15:43:32 -04:00
b6d64b770a
Adding documentation to the post modules library.
2012-08-23 23:57:55 -04:00
a93c7836bd
Fixes load order with reverse http
...
This was originally intended to fix #664 .
SEERM #7141 also.
2012-08-23 12:16:47 -05:00
ac0198690c
Revert "Egypt's code is broken. Revert to old code until he fixes it agai"
...
This reverts commit 10cf466a99
2012-08-23 12:01:49 -05:00
e7b11575a5
Revert "Reapplying commit d266dc60"
...
This reverts commit d612d2a040
2012-08-23 12:01:24 -05:00
aac56fc29b
Fix load order issue
...
[See #664 ][SeeRM #7141 ]
2012-08-23 10:54:23 -05:00
d612d2a040
Reapplying commit d266dc60
...
Somewhere along the way, commit d266dc6031
2012-08-22 16:20:27 -05:00
10cf466a99
Egypt's code is broken. Revert to old code until he fixes it agai
...
See pull request:
https://github.com/rapid7/metasploit-framework/pull/664n
2012-08-21 20:33:24 -05:00
5e89c546c5
Merge branch 'reverse-http-redmine-7141' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-reverse-http-redmine-7141
2012-08-21 14:33:42 -05:00
1485f74670
Out of 4.4.0, and into 4.5.0-dev
2012-08-07 09:53:01 -05:00
58ce6fbac4
Adding author info for juan
2012-08-06 08:55:54 -05:00
66c5d8b617
Refactor reverse_*http(s) handlers
...
De-dups a whole bunch of copy pasted code. Should be a bit easier to
maintain now.
2012-08-03 13:27:40 -06:00
bf9d59003c
Always start a session when CONN comes in
...
Also gets rid of the conn_ids array, which was never pruned (and
without some extra gymnastics in meterpreter/client.rb *can't* be) when
handler URLs were removed.
2012-08-02 18:58:58 -06:00
832f47d467
Merge branch 'master' into jtr_seeding
2012-08-01 15:04:31 -05:00
fa2b0c26bb
Fixes password seeding for JtR modules
2012-08-01 14:15:51 -05:00
46312d9035
Add a comment describing function prototype
2012-08-01 00:28:18 -06:00
99aa78a371
Tab complete LHOST based on RHOST if it is set
2012-07-20 23:10:22 -06:00
c1cf71c4e9
Remove debugging load()
2012-07-18 11:02:21 -06:00
f4547527a8
Merge branch 'omg-post-exploits' of https://github.com/jlee-r7/metasploit-framework
2012-07-17 17:43:40 -05:00
6b0196eccc
Add a require for File in Common
2012-07-17 15:48:06 -06:00
c887e0aaff
Re-add AFP changes due to mangled merge
2012-07-17 00:42:49 -05:00
b6d05c77ca
No, really. Bump
2012-07-17 00:36:19 -05:00
f62e0b1cca
AFP fixes and JTR typo fix
2012-07-16 21:45:45 -05:00
7e50f91d59
Bump
2012-07-16 21:02:40 -05:00
bc2edeace2
Cleanup AFP module output
2012-07-16 21:02:40 -05:00
efe478f847
Merge branch 'master' into omg-post-exploits
2012-07-16 09:20:23 -06:00
7091d1c65b
Add an exploit for sock_sendpage
...
Unfortunately, adds a dep on bionic for runtime compilation.
Gets ring0, sets the (res)uid to 0 and jumps to the payload. Still some
payload issues because linux stagers don't mprotect(2) the buffer they
read(2) into. Single payloads work fine, though.
Also cleans up and improves local exploits' ability to compile C.
[SEERM #3038 ]
2012-07-15 20:29:48 -06:00
4509c11916
Fingerprint dd-wrt even when auth is required
2012-07-15 21:21:13 -05:00
f111ae097e
Bail early if the user did not configure an injection parameter
2012-07-15 21:14:39 -05:00
0230ef60f6
Cosmetic
2012-07-15 15:46:54 -05:00
d6c6a3d0c5
Correct an issue with payload recalc during iteration
2012-07-15 15:45:25 -05:00
2254086dbe
Replace event handler with a straightforward filter
2012-07-11 03:00:44 -05:00
430351fe79
Better handle of module cache when db_connect is run manually
2012-07-10 23:56:48 -05:00
a7d1a61af2
Handle non-failure module exits as well
2012-07-10 19:55:43 -05:00
64e8956319
More small tweaks to import/export of attempts
2012-07-10 00:18:06 -05:00
25fee46020
Quick typo fix
2012-07-09 23:31:53 -05:00
6c977535d0
Fix up attempt/detail import/export structure
2012-07-09 22:47:05 -05:00
bfde053cf4
Correct a flaw in vuln_attempt/vuln_detail import
2012-07-09 22:28:42 -05:00
36d27242c7
allow reverse tcp with proxies
2012-07-09 23:05:09 +02:00
8d9186748f
Fix logic fail
2012-07-08 20:46:37 -06:00
c82037d85b
Add an xxd decoder
2012-07-08 20:45:25 -06:00
6d6b4bfa92
Merge remote branch 'rapid7/master' into omg-post-exploits
2012-07-08 17:32:39 -06:00
f75edc0ca1
Correct fix for older PG support, thanks to Patrick Fitzgerald
2012-07-08 10:16:51 -05:00
4199b67879
Prevent an exception from breaking the sql cache
2012-07-07 17:30:31 -05:00
1d5b7a1a69
Fix an issue with PG's handling of group by on distinct
2012-07-07 17:27:11 -05:00
b102d869d7
Switch module search to the SQL backend. Fixes #565
2012-07-05 19:34:05 -07:00
d266dc6031
Revert what looks like an errant debug mode
2012-07-03 20:32:19 -05:00
64364e3f16
Handle failed reloads in a nicer way
2012-07-03 19:49:44 -05:00
4f9106b2e5
Reverse this back now that the bins are updated
2012-07-02 00:02:21 -05:00
d7d21f1bda
Merge branch 'patch-3' of https://github.com/mubix/metasploit-framework into mubix-patch-3
2012-07-01 19:42:49 -05:00
7298840478
Fix match on User-Agent for HTTPS
2012-07-01 21:32:29 -03:00
58dd2af998
Fix match on User-Agent for HTTP
2012-07-01 21:30:31 -03:00
18e8285322
Fix up rev_http handler
2012-07-01 10:46:13 -04:00
12a6d67be4
Add support for user-agent and server control
2012-06-30 21:01:08 -07:00
9204a5b124
Move the db skip into the "web" console driver. FIXRM #7031
2012-06-29 10:46:15 -05:00
1627720166
Skip module loads/db connect for existing framework sessions
2012-06-29 01:03:13 -05:00
d656e3185f
Mark all libraries as defaulting to 8-bit strings
2012-06-29 00:18:28 -05:00
0e55141fd9
Rename counts to count
2012-06-28 11:43:33 -05:00
5092152949
Fix the broken reload_modules method
...
When using the reload_all command, the framework will trigger an
'undefined method module_history' error, because we're missing
an accessor.
Also, even though reload_modules returns "counts". That actually
returns a hash instead of a real count of modules... the return
value is also never actually used anywhere. But to make this
part not broken, we return the actual count.
2012-06-28 11:39:14 -05:00
807142e988
'Size' may not exist in certain PDF structure.
...
This is a fix for issues related to:
'undefined method `[]' for nil:NilClass'
It is possible that a PDF may not have the 'Size' xref, and people
are running into the 'undefined method'[]' for NilClass' exception.
Because the pdf parser always assumes there is a Size field,
so it uses a match() function to find the value for Size, which
can be nil.
See the following bug report for example:
https://dev.metasploit.com/redmine/issues/7014
2012-06-26 16:09:13 -05:00
b04170b283
Unbreak loadpath
...
HD's vuln-info merge broke add_module_path by removing an argument.
2012-06-25 16:37:16 -06:00
4dbdadfa3d
Merge pull request #523 from alexmaloteaux/fixmsfvenom
...
Fix msfvenom to correctly generate elf binaries for bsd and solaris platform
2012-06-25 11:55:49 -07:00
3d0628debf
Handle unreachable errors better
2012-06-25 03:29:30 -05:00
584e0dbd98
Load console config AFTER module path initialization
2012-06-25 01:16:35 -05:00
1989f0ab46
IE 10/Win8 detection support
2012-06-25 00:36:04 -05:00
348a0b8f6e
Merge branch 'master' into feature/vuln-info
2012-06-24 23:00:13 -05:00
2eddfa3444
fix bsd ans solaris platform when using encoder too
2012-06-25 03:12:33 +01:00
4d2e74e2ad
Need to account for the fact the server may timeout during operation
...
See the following issue for more info:
http://dev.metasploit.com/redmine/issues/4866
2012-06-24 20:17:51 -05:00
6913440d67
More progress on syscall wrappers
...
Something is still broken, my socket() is returning EAFNOSUPPORT whereas
what looks like the same syscall in wunderbar_emporium's exploit.c is
returning a socket. Similarly, my __mmap2() is returning EFAULT when
trying to map anything, not just NULL.
2012-06-22 17:45:49 -06:00
dfe0e10dc6
Adding kernelsmith's -a datastore opt
...
Works well enough on its own. Note that you cannot mix -g and -a since
set doesn't actually parse out dash options in a OptParse sort of way.
That said, setg -a seems to work well. This mixing options business
will need to be addressed soon, but that day is not today.
[Closes #514 ]
2012-06-22 16:01:38 -05:00
1bcf241ec0
adds the -a (append) option to the console 'set' command
...
if RHOST is currently 192.168.20.1
set -a RHOST 5
appends 5 to RHOST making it 192.168.20.15
2012-06-22 01:23:54 -05:00
fd8b1636b9
Add the first bits of a sock_sendpage exploit
...
This can currently build an executable that creates a socket, opens a
temporary file, truncates that file with ftruncate(2) and calls
sendfile. Still needs to mmap NULL and figure out ring0 shellcode.
Baby steps.
2012-06-22 00:03:29 -06:00
815d80a2cc
Merge branch 'rapid7' into omg-post-exploits
2012-06-21 17:02:55 -06:00
f7ecc98923
Merge branch 'master' into feature/vuln-info
2012-06-20 13:34:53 -05:00
1468a904a7
More error cleanup
2012-06-20 13:34:31 -05:00
5a5166c90b
Merge branch 'gather-ssh-cleanup' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-gather-ssh-cleanup
2012-06-20 12:07:23 -05:00
60eedc46dd
Remove nils before sorting
...
Fixes a stack trace when one of the directory tests returns nil
2012-06-20 10:44:36 -06:00
83bf78c63b
New failure_reason messages
2012-06-19 13:31:39 -05:00
d5768080bf
Add a fail_message to attempts and fix bugs
2012-06-19 00:48:39 -05:00
bf3062aa89
Fix up opts.delete into temp storage for attempt tracking
2012-06-18 20:30:24 -05:00
0696748914
Import exploit attempts
2012-06-18 01:27:50 -05:00
d674ba103d
Export exploit_attempts & module_details, fix mixin load
2012-06-18 01:13:57 -05:00
e8ad66b799
Exploit attempt tracking is mostly complete
2012-06-17 23:00:21 -05:00
a8f7ea901a
Fix cache counters for vuln_attempts, tweak nexpose
2012-06-17 21:55:11 -05:00
d7d4d13076
Store platform as a shortname, tweaks to vulns_refs to fix validation
2012-06-17 12:27:58 -05:00
8709473e72
Add fullname to modules, load mixins, fix platform
2012-06-17 11:57:33 -05:00
999f7d7174
One more round of tweaks and finally back and running
2012-06-17 02:06:52 -05:00
980327dddf
Fix typo, redo add(), account for it in the loader
2012-06-17 01:59:19 -05:00
be9b7a88fb
Complicate the matching process in the name of memory
...
and loading speed. Use optional match_details param
to find matching vuln instances.
2012-06-17 00:07:00 -05:00
52150b0e89
Merge branch 'master' into feature/vuln-info
2012-06-16 15:43:52 -05:00
6dd8fd2e05
Move the cache rebuild into a background job
2012-06-16 15:41:37 -05:00
931f24b380
Merge branch 'php_apache_request_headers_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-php_apache_request_headers_bof
2012-06-16 14:56:45 -05:00
8425c8438d
Switch to a MDM/SQL-based module cache
2012-06-16 14:51:09 -05:00
122b34c703
fix missing bock transitions
...
the block objects weren't being transitioned over from the class
methods properly, so the callback blocks were never getting processed.
2012-06-15 14:25:47 -05:00
091b3bbbd9
Added module plus encoder for CVE-2012-2329
2012-06-15 00:29:52 +02:00
8177783681
Merge branch 'master' into feature/vuln-info
2012-06-14 16:21:51 -05:00
e2c1657eb4
Adds a block callback to work with the replicant
...
module instance prior to it being launched.
2012-06-14 16:21:06 -05:00
e59b33fc76
Incorporate egypt's feedback
2012-06-14 10:43:09 -05:00
2683bb0ba7
Add deprecation warnings for old commands
...
This should hopefully cut down a bit on support requests from people
asking about old commands they read about in _Metasploit: The
Penetration Tester's Guide_
2012-06-14 09:44:38 -05:00
03b29fff68
Merge up the latest, does not automaticlly load
...
the module tree into the database right now.
2012-06-14 04:35:43 -05:00
Tod Beardsley
Stephen Haywood
James Lee
sinn3r
David Maloney
HD Moore
m m
Rob Fuller
RageLtMan
Alexandre Maloteaux
kernelsmith
jvazquez-r7