infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
16,809 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

90 Commits (a4905e43a2ebcabf8d8f3ef82f9964c09797a4c8)

Author SHA1 Message Date
David Maloney a4905e43a2 Fix the way creds are passed + YARD 
some ayrddocs on send_auth plus fix the wierd way i was passing creds
around
 2013-02-19 18:40:39 -06:00
David Maloney 0662677a72 First minor cleanup sweep 2013-02-19 17:19:16 -06:00
David Maloney 87d9af585e fix request_raw 2013-02-17 21:35:19 -06:00
David Maloney dd26b08197 first run at Clientrequest object 
need a reliable object class for request_raw and request_cgi so that we
can manipulate requests in a safe and sane manner. It is not a eprfect
solution, but should fix what we need for the auth work.
 2013-02-17 19:25:27 -06:00
David Maloney f90fdcd5eb Missed nil check 2013-02-11 13:14:05 -06:00
David Maloney 0ccf7dd58a trust any manualy set basic auth header 
for now we will assume the module author knows what they are doing.
 2013-02-11 13:06:26 -06:00
David Maloney 84534caae1 Fix expliciti basic_auth for http 2013-02-11 10:32:44 -06:00
James Lee a15889305a Return a Request object 
Still changes the return type, but now at least .to_s will give you the
right thing and at least a Request object is a logical thing to return.
 2013-02-06 18:56:06 -06:00
David Maloney 888bb80ab6 more comments 2013-02-05 11:55:12 -06:00
David Maloney 16b4fb1faa Added some comment documentation 2013-02-05 10:36:51 -06:00
David Maloney 463a45ccaf if we don't support the auth return original res 
make sure we return the original 401 if we don't support the auth.
 2013-02-05 09:57:33 -06:00
David Maloney af6b0615fb fix pipelining 
winrm is unforgiving of pipelining from non ntlm requests into the
challenge response cycle. we must clear our initial tcp session before
starting ntlm auth for winrm
 2013-02-04 16:42:24 -06:00
David Maloney 9b84e5b3c4 Fix raw requests to work as well as cgi 2013-02-04 13:59:58 -06:00
David Maloney 9497e38ef7 Fix http login scanner 
Fix the http_login scanner to use new buitin auth
 2013-02-04 12:31:19 -06:00
David Maloney 8d817dcbb5 fix iis digest support mistake 
Digest auth working automatically
 2013-02-01 15:49:18 -06:00
David Maloney 6c12fa26bc oodles of small fixes 
Basic, NTLM and Negotiate auth all working transparently
Have to test digest auth still
 2013-02-01 15:12:11 -06:00
David Maloney 61969d575b remove mixin require, more datastore clenaup 2013-02-01 15:12:11 -06:00
David Maloney efe0947286 Start fixing datastore options 2013-02-01 15:12:11 -06:00
David Maloney ef1fc58e5e Remove mixin, start moving into Rex 
move auth awareness into rex itself
 2013-02-01 15:12:11 -06:00
HD Moore adc9532ec7 Reset this back to master's copy, fixes this pull 2012-10-28 23:13:32 -05:00
HD Moore 43fe219a05 This improves handling of 100-continue responses 2012-10-28 22:57:18 -05:00
sinn3r 1828857a63 Change conditions 
When 'encod_params' is set to true explicitly, or does not have a
value, we make sure it's true. Otherwise, false.
 2012-09-15 18:08:29 -05:00
sinn3r 0967d1bfc4 Allow modules to disable URI encoding for GET/POST variables 
Often in HTTP modules, people are forced to to use 'data' instead
of 'vars_get' or 'vars_post', because the parameters (especially
the names) are URI-encoded, and the application actually may not
recognize the names/values.  The new 'encode_params' option allows
that feature to be disabled.  However, to make sure we're not
changing existing HTTP modules' behaviors, 'encode_params' is
still true by default (which is the original behavior we've always
been using).
 2012-09-15 17:40:42 -05:00
James Lee a1cfb32f93 Fix a typo that breaks post param padding 
Corner case and doesn't really *break* things, just means you end up
with one big param instead of multiple due to missing ampersands.
 2012-07-17 12:29:28 -06:00
HD Moore d656e3185f Mark all libraries as defaulting to 8-bit strings 2012-06-29 00:18:28 -05:00
HD Moore 03b65c6a48 Handle cases where a user-agent was set via headers 2012-05-31 14:59:25 -05:00
James Lee 7c85a2796a Whitespace cleanup 2012-05-24 17:10:26 -06:00
James Lee 7ea5f87960 Allow proper ruby types for evasion configuration 
At some point in the distant past, the datastore was all strings and the
various option types got parsed out in the appropriate places. Then, in
the somewhat more recent past, the options started getting converted to
regular ruby types (such as TrueClass for a BOOL options, etc) earlier
in their life.  Apparently, that change broke boolean http evasions.
This commit fixes them by ensuring that +true+ is just as acceptable as
"true".

Fixes #6198, thanks Ashish for the report
 2012-01-06 20:05:29 -07:00
HD Moore 49ff9f594a Properly enclose IPv6 addresses with brackets inside of the Host header 2011-12-10 13:24:58 -06:00
HD Moore 5fec13a389 Propogate the timeout in send_recv() down to the TCP connect call as well 
git-svn-id: file:///home/svn/framework3/trunk@14021 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-21 15:41:37 +00:00
James Lee d50577066f remove some silliness of registering UserAgent as an option since it's already an advanced option for HttpClient, make the default obvious 
git-svn-id: file:///home/svn/framework3/trunk@13394 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-28 22:57:47 +00:00
HD Moore e3f909cef9 Fixes for chunked http reply processing, additional cisco configuration support, and a scanner module for unprotected cisco device managers. 
git-svn-id: file:///home/svn/framework3/trunk@11287 4d416f70-5f16-0410-b530-b9f4589650da
 2010-12-11 07:37:09 +00:00
HD Moore 5b43ea2c15 Buffer data before sending it to the response parser, handle buffered data on disconnect 
git-svn-id: file:///home/svn/framework3/trunk@11286 4d416f70-5f16-0410-b530-b9f4589650da
 2010-12-11 06:19:36 +00:00
Joshua Drake 5a01ede38a only assign the original request if a response was returned 
git-svn-id: file:///home/svn/framework3/trunk@11193 4d416f70-5f16-0410-b530-b9f4589650da
 2010-12-01 16:32:40 +00:00
HD Moore 54f3563c7e Store the http request in the http response object when Rex::HTTP::Client.send_recv() is used. Let Anemone store the request as well, passing it into the Page object for further analysis. 
git-svn-id: file:///home/svn/framework3/trunk@11023 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-13 05:25:39 +00:00
Joshua Drake 8353bf7bf3 move 100-continue processing into Rex, fixes #3109 
git-svn-id: file:///home/svn/framework3/trunk@10919 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-05 16:20:13 +00:00
James Lee eddd6d481d add some documentation for request_cgi 
git-svn-id: file:///home/svn/framework3/trunk@10293 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-11 17:31:26 +00:00
Joshua Drake 8463e026bd read responses until EOF per RFC 
git-svn-id: file:///home/svn/framework3/trunk@10045 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-18 22:41:07 +00:00
HD Moore 843b6ffa00 Make the http client try harder 
git-svn-id: file:///home/svn/framework3/trunk@9698 4d416f70-5f16-0410-b530-b9f4589650da
 2010-07-06 23:08:28 +00:00
Joshua Drake e32abab8dc a HTTP -> an HTTP (http://www.english-zone.com/grammar/a-anlessn.html) 
git-svn-id: file:///home/svn/framework3/trunk@9488 4d416f70-5f16-0410-b530-b9f4589650da
 2010-06-11 16:12:05 +00:00
James Lee 32c24b944a actually increment the loop variable; document the deficiencies of the employed technique 
git-svn-id: file:///home/svn/framework3/trunk@9449 4d416f70-5f16-0410-b530-b9f4589650da
 2010-06-07 23:56:35 +00:00
Tod Beardsley 1a2be34a63 Fixes #2002. Needed to work with some pipelining to get this all to work right, but it seems to function now pretty well -- if the target takes Basic, do basic, if the target takes NTLM, do NTLM. Should implement Digest too, but I don't think hardly anyone uses that. 
git-svn-id: file:///home/svn/framework3/trunk@9346 4d416f70-5f16-0410-b530-b9f4589650da
 2010-05-22 17:58:01 +00:00
HD Moore cd71cfbad1 Handle buggy HTTP servers better 
git-svn-id: file:///home/svn/framework3/trunk@8921 4d416f70-5f16-0410-b530-b9f4589650da
 2010-03-25 21:35:37 +00:00
HD Moore a753666073 Switch sysread back to get_once(). This reverts a previous change, but the sysread breaks SSL support 
git-svn-id: file:///home/svn/framework3/trunk@8124 4d416f70-5f16-0410-b530-b9f4589650da
 2010-01-14 21:40:30 +00:00
HD Moore 4c6fd97b0e Handles some broken TCP stack implementations better (but not perfectly) 
git-svn-id: file:///home/svn/framework3/trunk@7991 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-27 07:02:55 +00:00
HD Moore a16feb01bc Minor tweaks to http processing 
git-svn-id: file:///home/svn/framework3/trunk@7805 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-10 18:12:38 +00:00
HD Moore 5ef9a1c040 Wipe the headers before reparsing 
git-svn-id: file:///home/svn/framework3/trunk@7801 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-10 17:04:52 +00:00
HD Moore 006d5d51fc Fixes #674 by adding 100-continue support 
git-svn-id: file:///home/svn/framework3/trunk@7799 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-10 16:54:27 +00:00
HD Moore fc983ef7e3 Many bug fixes to db_autopwn, cross-referencing of OS-level vulnerabilities, small bug fixes to HTTP client API 
git-svn-id: file:///home/svn/framework3/trunk@7676 4d416f70-5f16-0410-b530-b9f4589650da
 2009-12-03 01:36:17 +00:00
HD Moore ed7b7ac6f0 Fixes #491 and fixes #543 by updating the HTTP stack and validating configuration options 
git-svn-id: file:///home/svn/framework3/trunk@7652 4d416f70-5f16-0410-b530-b9f4589650da
 2009-11-30 21:15:06 +00:00