ad308efc05
Really minimize commandline size
2014-02-08 22:53:47 +00:00
c37cb5075c
Merge remote-tracking branch 'upstream/master' into pr2075
2014-02-08 22:11:31 +00:00
c76862b391
Reduce payload size
2014-02-08 22:11:17 +00:00
b10df54dbb
Dont need to encode the compress payload
2014-02-08 21:34:51 +00:00
bd23fcf4b7
Land #2936 - Windows Command Shell Upgrade (Powershell)
2014-02-07 17:39:06 -06:00
f0fd2f0598
Land #2944 , add platforms to encoders
...
This allows encoders to advertise compatibility with a particular
platform (or more accurately, non-compatibility with everything that
isn't that platform).
See also #2939
2014-02-07 13:38:05 -06:00
bda93c2bbc
Land #2811 - Add generate_war to jsp_shell payloads
2014-02-04 15:06:45 -06:00
80e7ae144b
Use the platform when selecting the payload
2014-02-04 14:34:11 -06:00
a58698c177
Land #2922 , multithreaded check command
2014-02-04 11:21:05 -06:00
08493f2670
Merge remote-tracking branch 'upstream/master' into upgrade_psh
...
Conflicts:
lib/msf/core/post/file.rb
2014-02-03 18:02:09 +00:00
2ee1764ceb
Add method rhost, rport, and peer for post modules
...
[SeeRM #8761 ]
2014-02-03 01:05:43 -06:00
0d02f6d589
Add support for win shells for file?
2014-02-02 23:37:26 -06:00
95eb758642
Initial commit
2014-02-02 19:04:38 +00:00
45bb336c51
Loop do it
2014-01-26 16:27:36 -06:00
eec01e79ff
No explicit "return"
2014-01-26 16:25:30 -06:00
6ffb750633
Change Unsupported message
...
Auxiliary modules can use check, too. Not just exploits.
2014-01-26 01:14:11 -06:00
2d12c0a368
NoMethod check and stuff
2014-01-25 20:25:01 -06:00
93fa58ed45
aux scanner support
2014-01-24 17:54:40 -06:00
4bac297f66
Land #1473 , add LDAP hotness
2014-01-23 18:11:39 -06:00
4b21672b60
Remove hardcoded string
2014-01-23 23:55:09 +00:00
790e4d7559
Move options to mixin
2014-01-23 23:47:46 +00:00
398e8463b1
Add more informative errors
2014-01-23 23:19:00 +00:00
b5f61024c5
Land #2907 , fixes qual asset importer
...
Addresses MSP-9311
2014-01-23 13:32:22 -06:00
256f2b12eb
Land #2894 , @wchen-r7's CheckCode documentation update
2014-01-23 07:31:24 -06:00
58cf7193f9
fixing NameError undefined local variable in an import
2014-01-22 16:54:31 -06:00
9acd0f4b56
Merge remote-tracking branch 'upstream/master' into enum_ad_perf
2014-01-22 21:46:50 +00:00
90207628cc
Land #2666 , SSLCompression option
...
[SeeRM #823 ], where Stephen was asking for SSL compression for
Meterpreter -- this isn't that, but it's at least now possible for other
Metasploit functionality.
2014-01-22 10:42:13 -06:00
80452767c8
Comments
2014-01-22 10:24:24 +00:00
156e3c046e
Dont lookup twice
2014-01-22 10:14:56 +00:00
6d6d1e1033
No need to fiddle with naming context
2014-01-22 10:06:36 +00:00
0b6e03df75
More comment docs on SSLCompression
2014-01-21 16:48:26 -06:00
b8219e3e91
Warn the user about SSLCompression
2014-01-21 16:41:45 -06:00
720f892e2f
Merge remote-tracking branch 'upstream/master' into enum_ad_perf
2014-01-21 21:00:51 +00:00
ea47da5682
Add wiki link "How to write a check() method" to documentation
2014-01-20 20:10:50 -06:00
e48b8ae14c
Use a better term
2014-01-19 16:01:38 -06:00
afd0e71457
Use the term "exploit" is a little more correctly
...
So Metasploit uses the term "exploit" to describe something, a module
or an action, that results popping a shell. A check normally doesn't
pop a shell, so avoid that language.
2014-01-17 13:50:23 -06:00
363c53e14e
Clearify when to use a specific CheckCode
...
An example of the biggest confusion module developers face is not
actually knowing the difference between Detected vs Appears vs
Vulnerable. For example: a module might flag something as a
vulnerable by simply doing a banner check, but this is often
unreliable because either 1) that banner can be fooled, or 2)
the patch does not actually update the banner. More reasons may
apply. Just because the banner LOOKS vulnearble doesn't mean it is.
2014-01-17 13:35:17 -06:00
68ccdc8386
Fix a stack trace when module_payloads.rb is run
...
This fixes a missing check for self.target being nil in the compatible_payloads method
2014-01-13 15:36:33 -08:00
4ccf1a4720
Land #2873 , Msf::Handler::ReverseHttp::UriChecksum
2014-01-13 15:38:56 -06:00
41807d7e4e
move rev_http uri checksum code
...
need access to the uri checksum
routines outside of the handler.
moved them to their own mixin
and then mixed into the handler.
added specs also
2014-01-13 15:18:16 -06:00
e6e6d7aae4
Land #2868 , fix Firefox mixin requires
2014-01-13 14:23:51 -06:00
3db143c452
Remove explicit requires for FF payload.
...
Adds ff payload require to msf/core/payload.rb
2014-01-13 13:07:55 -06:00
95a5d12345
Merge #2835 , #2836 , #2837 , #2838 , #2839 , #2840 , #2841 , #2842 into one branch
2014-01-13 10:57:09 -06:00
cacd7ff9d4
Land #2827 - Add firefox js xpcom payloads for universal ff shells
2014-01-10 14:29:32 -06:00
7af8fe9cd1
Catch exceptions in an XSS script and return the error.
2014-01-07 16:23:24 -06:00
fb1a038024
Update async API to actually be async in all cases.
...
This avoids zalgo. Also optionally checks the return value
of the compiled Function in XSS to allow you to use send()
or an explicit return, which is maybe more natural for
synchronous xss payloads.
2014-01-07 16:17:34 -06:00
73e359ede1
Update reverse_tcp.rb
...
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
2014-01-07 22:06:11 +01:00
e3a3b560e2
Update bind_tcp.rb
...
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
2014-01-07 22:02:52 +01:00
3bf728da61
Dont store in DB by default
2014-01-07 12:20:44 +00:00
9d3b86ecf4
Add explicit require for JSON, so msfpayload runs.
2014-01-05 14:58:18 -06:00
Meatballs
sinn3r
James Lee
jvazquez-r7
William Vu
Tod Beardsley
lsanchez-r7
HD Moore
David Maloney
Joe Vennix
Niel Nielsen