infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
36,916 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

243 Commits (ac0b489a90d112287825ec8e96667affb96882d8)

Author SHA1 Message Date
wchen-r7 d6921fa133 Add Atlassian HipChat for Jira Plugin Velocity Template Injection 
CVE-2015-5603

Also fixes a bug in response.rb (Fix #6254)
 2015-11-18 11:34:25 -06:00
wchen-r7 f6b9f38326 This method is not needed because Nokogiri does that already 2015-10-23 19:38:17 -05:00
wchen-r7 065d042ec4 Update doc a little bit 2015-10-21 16:29:27 -05:00
wchen-r7 12cdd786a6 Add more Nokogiri and RKelly support for Rex::Proto::Http::Response 
These new methods allow the module writer to being able to parse
HTML/XML/JSON responses properly without using regex first.
 2015-10-21 16:26:31 -05:00
Jon Hart 407d701fd9
Remove unnecessary version_random_case option 2015-08-20 10:05:16 -07:00
Jon Hart 2e4944b8ec
Remove unnecessary version_random_case option 2015-08-20 10:05:04 -07:00
Brent Cook 015d045730 read max_size bytes at a time 2015-08-18 15:56:57 -05:00
Brent Cook c3438955d4
Land #5169, stop reading when the HTTP socket is closed 2015-05-01 11:40:49 -05:00
rwhitcroft 70f94bbd96 break loop if socket is closed 2015-04-21 11:09:17 -04:00
wchen-r7 f280e5191b I forgot to move this require statement 2015-04-16 21:11:09 -05:00
wchen-r7 3493d25ff9 Move all this to Rex 2015-04-16 21:07:23 -05:00
rwhitcroft 602e9c8df1 Update client.rb 2015-04-16 16:06:16 -04:00
rwhitcroft 6ef86b69a7 Fix loop spinning in HttpClient 2015-04-16 10:49:47 -04:00
William Vu 5eec07d4d1 Fix duplicate hash key "jpeg" 
In lib/rex/proto/http/server.rb.
 2015-02-24 05:19:42 -06:00
Christian Mehlmauer 4f11dc009a
fixes #4490, class.to_s should not be used for checks 2014-12-31 10:46:24 +01:00
James Lee a65ee6cf30
Land #3373, recog 
Conflicts:
	Gemfile
	Gemfile.lock
	data/js/detect/os.js
	lib/msf/core/exploit/remote/browser_exploit_server.rb
	modules/exploits/android/browser/webview_addjavascriptinterface.rb
 2014-10-03 18:05:58 -05:00
James Lee f68628c487 Add minimal specs for rex/proto/http/packet/header 2014-09-12 14:30:27 -05:00
HD Moore 6d92d701d7 Merge feature/recog into post-electro master for this PR 2014-08-16 01:19:08 -05:00
jvazquez-r7 f51feb7f52 Modify get_cookies regular expression 2014-07-06 13:22:31 -05:00
HD Moore 43d65cc93a Merge branch 'master' into feature/recog 
Resolves conflicts:
	Gemfile
	data/js/detect/os.js
	modules/exploits/android/browser/webview_addjavascriptinterface.rb
 2014-07-06 09:17:44 -05:00
William Vu 0133e861f8
Fix typo 2014-05-26 23:55:20 -05:00
Christian Mehlmauer da0a9f66ea
Resolved all msftidy vars_get warnings 2014-05-25 19:29:39 +02:00
HD Moore a844b5c30a Merge branch 'master' of github.com:hmoore-r7/metasploit-framework into feature/recog 
Conflicts:
	Gemfile
	Gemfile.lock
	data/js/detect/os.js
	lib/msf/core/exploit/remote/browser_exploit_server.rb
 2014-05-18 10:50:32 -05:00
James Lee 472f029576
Fix random bug when workstation_name is < 6 chars 
When the local workstation name is less than 6 characters, remote
authentication against a Windows 2008r2 WinRM service always fails. This
doesn't seem to affect authentication against IIS's negotiate
implementation.
 2014-05-15 13:27:37 -05:00
Jeff Jarmoc 2849a1bc0c Update comment again 2014-05-12 13:10:20 -05:00
Jeff Jarmoc a3cc499a17 Update comment w/ all modes 2014-05-12 13:02:54 -05:00
Jeff Jarmoc 5f523e8a04 Rex::Text::uri_encode - make 'hex-all' really mean all. 
'hex-all' encoding was previously ignoring slashes.
This pull adds 'hex-noslashes' mode which carries forward the previous functionality, and replaces all existing references to 'hex-all' with 'hex-noslashes'  It then adds a replacement 'hex-all' mode, which really encodes *ALL* characters.
 2014-05-12 11:26:27 -05:00
joev 42d59d269e Check #closed? instead of rescuing. 2014-04-03 14:20:48 -05:00
joev 98628b814e Prevent Rex::Proto::Http::Client from raising on close. 2014-04-03 11:36:18 -05:00
HD Moore 7e227581a7 Rework OS fingerprinting to match Recog changes 
This commit changes how os_name and os_flavor are handled
for client-side exploits, matching recent changes to the
server-side exploits and scanner fingerprints.

This commit also updates the client-side fingerprinting to
take into account Windows 8.1 and IE 9, 10, and 11.
 2014-04-01 08:14:58 -07:00
jvazquez-r7 57320a59f1 Do small clean up for mediawiki_thumb pr 2014-02-10 08:57:09 -06:00
Joe Vennix e10f9cc518 More whitespace fixes. 2013-11-20 15:07:51 -06:00
Joe Vennix 3ff9da5643 Remove compression options from client sockets. 
I couldn't verify that it was working, as it always sends 1 compression type of NULL.
 2013-11-20 14:41:45 -06:00
Joe Vennix b70b594a2a Kill extraneous comma. 2013-11-20 13:47:47 -06:00
Joe Vennix a7b01e3b72 Put initialize params back on one line, and move attr_accessors. 
As per @hdm's feedback
 2013-11-20 12:29:09 -06:00
Joe Vennix 9f103f8621 Whitespace tweak. 2013-11-20 01:15:15 -06:00
Joe Vennix f8b57d45cd Reenable the client SSLCompression advanced option. 
Add spec for some of the additions to Rex::Proto::Http::Client
 2013-11-20 01:03:13 -06:00
Joe Vennix 109fc5a834 Add SSLCompression datastore option. 
Also disables the compression by default. TLS-level compression is almost
never used by browsers, and openssl seems to be the only one that enables
it by default.

This also kills some ruby < 1.9.3 code.
 2013-11-19 22:34:39 -06:00
Joshua J. Drake d04c47d2b7 Remove comment since it was addressed in 4500d09c2f 2013-09-26 19:47:54 -05:00
jvazquez-r7 9cc446ae2a Get cookies with empty values 2013-09-25 14:31:34 -05:00
jvazquez-r7 58d4096e0f Resolv conflicts on #2267 2013-09-25 13:06:14 -05:00
FireFart 7c4708b1df -) Fix get_cookies to return multiple cookies. Before it only returned the first cookie 
-) Bugfix
 2013-09-23 23:59:45 +02:00
HD Moore 72dff03426 FixRM #8396 change all lib use of regex to 8-bit pattern 2013-09-12 16:58:49 -05:00
Tab Assassin 7e5e0f7fc8 Retab lib 2013-08-30 16:28:33 -05:00
jvazquez-r7 3f665ba5a0 Skip also max-age from cookies 2013-06-17 14:04:08 -05:00
James Lee af613ee254 Add a more readable #inspect 2013-06-11 15:22:49 -05:00
Tod Beardsley 05916c079e Inline unit tests are so last decade 
Aside from codebase-wide changes, nearly all of these tests haven't been
touched since before 2010, and there is no effort to maintain this style
of testing. We've moved on to (correctly) seperating out our tests from
our codebase.
 2013-05-23 12:41:14 -05:00
Tasos Laskos 6bf19c6fb8 HTTP::ClientRequest: Should handle nils in params 
When hashes for params contain nils, they should be converted to empty
strings instead of crashing.

* #to_s: Calls #to_s on vars_get and vars_post data
* #set_encode_uri: Calls #to_s on its arg
 2013-04-30 22:01:00 +03:00
Meatballs bbd53a2dbd Add domain to get_cookies 2013-04-26 20:34:21 +01:00
Meatballs b25b9e769c Msftidy 2013-04-26 20:30:04 +01:00