infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
25,460 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

5056 Commits (a41768fd7d04e8b1ba0edf56b5b953eb8918bdff)

Author SHA1 Message Date
scriptjunkie 8fe508207c Merge Meatballs' gpp_again pull into new branch 2014-07-19 11:10:14 -05:00
William Vu 25f74b79b8
Land #3484, bad pack/unpack specifier fix 2014-07-16 14:52:23 -05:00
Christian Mehlmauer 29bb788d96
Better login detection for wordpress 2014-07-15 07:04:14 +02:00
Christian Mehlmauer 144c6aecba
Added WPTouch fileupload exploit 2014-07-14 21:35:18 +02:00
William Vu 79603c9a73
Land #3505, a bunch o' Linux post module fixes 2014-07-11 12:39:31 -05:00
Joshua Smith dbe9b47937
lands 3469, fixes handler deadlock in corner cases 
May affect the following RM issues which need to be retested:
  https://dev.metasploit.com/redmine/issues/8407
  https://dev.metasploit.com/redmine/issues/4314
  https://dev.metasploit.com/redmine/issues/6829
 2014-07-10 16:20:33 -05:00
Tod Beardsley 688c31cc44
Switch to a space. It gets eaten anyway. 2014-07-10 13:59:30 -05:00
Tod Beardsley 5bb3c8a581
Make merged module descriptions more grammar. 2014-07-10 13:31:57 -05:00
jvazquez-r7 c19deddfb1 Delete debug messages 2014-07-08 16:24:45 -05:00
jvazquez-r7 c25c5f6806 Make linux gather post modules compatible with meterpreter 2014-07-08 16:23:57 -05:00
HD Moore ab7848a895
Merge master for testing of #2809 2014-07-06 22:27:58 -05:00
jvazquez-r7 405de05e4b Add specs for module_flavors 2014-07-03 10:31:39 -05:00
Spencer McIntyre d93bf55435 Add a module_flavors method for all available flavors 2014-07-03 11:01:21 -04:00
HD Moore 84c0504b1b MSI sections actually need to be signed after all 2014-06-30 13:08:28 -05:00
HD Moore c9b6c05eab Fix improper use of host-endian or signed pack/unpack 
Note that there are some cases of host-endian left, these
are intentional because they operate on host-local memory
or services.

When in doubt, please use:

```
ri pack
```
 2014-06-30 02:50:10 -05:00
HD Moore 255e792ed3 Fix host-endian related pack errors. See below for details. 
Ruby treats endianess in pack operators in the opposite way
of python. For example, using pack('<I') actually ignores the
endianess specifier. These need to be 'I<' or better yet, 'V'.
The endian specify must occur after the pack specifier and
multiple instances in meterpreter and exe generation were
broken in thier usage.

The summary:

Instead of I/L or I< use V
Instead of I/L or I> use N
For Q, you need to always use Q< (LE) or Q> (BE)
For c/s/l/i and other lowercase variants, you probably dont
need or want a *signed* value, so stick with vV nN and cC.
 2014-06-30 02:46:36 -05:00
Spencer McIntyre ea077b2f12 Improve the guess_flavor logic to pull from module info 2014-06-27 08:34:57 -04:00
Spencer McIntyre 952c935730 Use a semi-intelligent OptEnum for CMDSTAGER::FLAVOR 2014-06-27 08:34:57 -04:00
Spencer McIntyre 219153c887 Raise NotImplementedError and let :flavor be guessed 2014-06-27 08:34:56 -04:00
jvazquez-r7 dcd0e77f9e Change #compatible? method name because it's used by Module 2014-06-27 08:34:56 -04:00
jvazquez-r7 31acc4a528 Fix #compatible? method 2014-06-27 08:34:56 -04:00
jvazquez-r7 ddd1dd5155 The check for required decoder hasn't a lot of sense 2014-06-27 08:34:56 -04:00
jvazquez-r7 9c6a521b94 Fix select_decoder 2014-06-27 08:34:56 -04:00
jvazquez-r7 dad2c75592 Initialize opts arguments 2014-06-27 08:34:56 -04:00
jvazquez-r7 381dea94d0 Fix typo 2014-06-27 08:34:56 -04:00
jvazquez-r7 cbc1bd9966 Redesign constants 2014-06-27 08:34:56 -04:00
jvazquez-r7 160147b370 Make some methods not dependant of the instance flavor 2014-06-27 08:34:56 -04:00
jvazquez-r7 45248dcdec Add YARD documentation for methods 2014-06-27 08:34:56 -04:00
jvazquez-r7 68938e3d7a Add select_cmdstager 2014-06-27 08:34:56 -04:00
jvazquez-r7 35d035fa4e Add YARD docu for execute_cmdstager 2014-06-27 08:34:56 -04:00
jvazquez-r7 e8f9dde50f Allow datastore options and opts to use strings instead of sym 2014-06-27 08:34:56 -04:00
jvazquez-r7 870fa96bd4 Allow quotes in CmdStagerFlavor metadata 2014-06-27 08:34:56 -04:00
jvazquez-r7 37d0dd59e8 Clean up a little CMDStager methods 2014-06-27 08:34:56 -04:00
jvazquez-r7 8db7ec683f Fix setup and teardown stager methods 2014-06-27 08:34:55 -04:00
jvazquez-r7 dd7b2fc541 Use constants 2014-06-27 08:34:55 -04:00
jvazquez-r7 778f34bab6 Allow targets and modules to define compatible stagers 2014-06-27 08:34:55 -04:00
jvazquez-r7 74a6de828a Cannot delete @cmd_list, is used at least by one module 2014-06-27 08:34:55 -04:00
jvazquez-r7 7ced5927d8 Use One CMDStagermixin 2014-06-27 08:34:55 -04:00
jvazquez-r7 0a99b549d6 Change filenames 2014-06-27 08:34:55 -04:00
jvazquez-r7 cff580162b Move stagers 2014-06-27 08:34:55 -04:00
Spencer McIntyre 9991316ae6 Minor code cleanup and honor the datastore decoder. 2014-06-27 08:34:55 -04:00
Spencer McIntyre 80bdf750e9 Multi-fy the new printf stager and add to sshexec. 2014-06-27 08:34:55 -04:00
Spencer McIntyre ae25c300e5 Initial attempt to unify the command stagers. 2014-06-27 08:34:55 -04:00
HD Moore d6a263d538 Identify the hung host in the thread info 2014-06-22 16:01:03 -05:00
HD Moore 538a520445 Remove redundant option (threads are always used in reverse_tcp_double) 2014-06-22 16:00:44 -05:00
HD Moore b3d83720ca Add ReverseListenerThreaded option to prevent deadlocks 
JodaZ reported that the handle_connection() sock.put call can
result in the entire reverse_tcp stager hanging if the client
stops receiving or is on a very slow link. The solution emulates
what ReverseTcpDouble already does, which is stage each connection
in a new thread. However, given that a high number of threads
can be a problem on some operating systems (*ahem* win32) this
option is not enabled by default.

We should look into thread pooling and handle_connection() timeouts
as well as event-based polling of multiple clients as alternatives,
but this option will improve the situation for our existing users.
 2014-06-22 15:55:20 -05:00
HD Moore 6e5f528332 Prevent stager deadlock if inp/out detection hangs for some reason 
Even though there are calls to has_read_data(), it doesn't prevent
the put() call from blocking in a dead client or slowaris-like
situation. By moving the inp/out detection into the thread, we
allow the main handler to keep processing connections even if
a single connection hangs.
 2014-06-22 15:25:19 -05:00
OJ 5879ca3340
Merge branch 'upstream/master' into meatballs x64_injection 2014-06-18 10:24:33 +10:00
scriptjunkie d38a95a352 Merge branch 'bugfixes/post-module-execution-causing-duplicate-search-results' of github.com:nstarke/metasploit-framework into nstarke-bugfixes/post-module-execution-causing-duplicate-search-results 2014-06-15 13:15:57 -05:00
Tim Wright 9b43749916
Land #3418 - android adobe reader addjisf pdf exploit 
Merge branch 'landing-3418' into upstream-master
 2014-06-14 11:25:29 +01:00