sinn3r
7b7603a5e7
Land #2104 - reverse_https_proxy
2013-07-25 17:26:56 -05:00
Meatballs
0235e6803d
Initial working
2013-07-25 23:24:11 +01:00
jvazquez-r7
33f6f7e8fc
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-25 17:03:45 -05:00
William Vu
27a540e12f
Land #1215 , creds reuse for AuthBrute modules
2013-07-25 16:54:44 -05:00
William Vu
dac9ac4a1d
Land #2159 , spool command nil dereference fix
2013-07-25 15:38:35 -05:00
James Lee
a5ca516435
Fix nil deref in spool command
...
Occurs when no module is currently `use`d
2013-07-25 14:51:39 -05:00
jvazquez-r7
2b3dcaf678
Land #2157 , @wvu and @averagesecurityguy patch for OpenVAS XML Reports importing
2013-07-25 12:04:38 -05:00
William Vu
97680304d6
Use index, since it can apparently do regex
2013-07-25 12:00:33 -05:00
jvazquez-r7
5014919198
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-25 09:02:20 -05:00
sinn3r
56367ef69c
Update documentation
2013-07-24 19:04:47 -05:00
sinn3r
0fd2c385fb
Update documentation
2013-07-24 19:02:10 -05:00
sinn3r
e266d1bd0a
Add comment about opts
2013-07-24 19:00:58 -05:00
sinn3r
a71d7eb372
Update archive.rb to handle whitelist
2013-07-24 18:59:43 -05:00
sinn3r
9ae550c883
Do if [].empty?. Avoid msfcli running as a job
2013-07-24 18:35:06 -05:00
sinn3r
ed51d284fa
Change name, change how data is passed, fix rspec
2013-07-24 17:15:56 -05:00
jvazquez-r7
214f337f58
Fix indentation
2013-07-24 16:55:01 -05:00
Meatballs
c221360cc1
Retab
2013-07-24 22:16:41 +01:00
sinn3r
e120ecfba9
msfcli is designed to load only one module (auxiliary or exploit),
...
so we shouldn't have to load all of them to run this utility. The
overall goal of this PR is to narrow down what modules
(exploit/aux + payload + encoder + nop) you possibly need in order
to shave off loading time. By doing this, on my box this is 5-6
seconds faster than the original one.
I actually tried to avoid making too many changes in the library
(such as Module Manager), because we don't have test cases for them,
and we can't really afford to risk breaking it. I also developed
a test script to actually be able to test msfcli.
2013-07-24 14:40:46 -05:00
jvazquez-r7
e9a4f6d5da
Merge branch 'dll_fix' of https://github.com/Meatballs1/metasploit-framework
2013-07-24 14:00:52 -05:00
Meatballs
edc297756b
Tabs
2013-07-24 19:14:11 +01:00
Meatballs
4b84b49674
Fix payload corruption
2013-07-24 19:08:02 +01:00
jvazquez-r7
47c21dfe85
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-24 11:42:11 -05:00
Tod Beardsley
00630376c3
Revert the default call to firefox
...
This reverts commit 0928a370f3
.
No, no, you guys are right in the comments for #2148 . The call to
system is inside the else, but the tabbing made my eyes cross.
Sorry about that. Someday soon, @tabassassin will save us all from these
kinds of screw ups in mental parsing.
2013-07-23 16:13:02 -05:00
William Vu
d493346691
Land #2137 , fixes and specs for Opt containers
2013-07-23 15:58:09 -05:00
jvazquez-r7
b0c17fdebc
Land #2002 , @jlee-r7's patch for better handling uri resources
2013-07-23 15:49:21 -05:00
David Maloney
621568bf8f
Another Error Type needs caught
...
Different systems throw a different error
Need to rescue that error too
2013-07-23 15:47:42 -05:00
William Vu
86ab942435
Land #2146 , Unix and Windows path normalization
2013-07-23 15:23:41 -05:00
Tod Beardsley
0928a370f3
Adding back default firefox
...
the default is triggered only outside the case statement, which itself
is totally bizarre. I can't tell if anyone is relying on this behavior
right now, but it's too premature to just remove it out at this point.
2013-07-23 14:43:30 -05:00
Tod Beardsley
53c3fd2ce7
Update comment docs on Rex::Compat.open_browser
2013-07-23 14:38:04 -05:00
ZeroChaos
ce5742461a
update open_browser functionality
...
open_browser didn't support xdg-open or firefox-bin. xdg-open was made the default as it is the most likely to succeed afaik.
the fallback to firefox was removed because since we check for the existence of firefox is makes no sense to try to run it after we failed to find it. This will silently fail if no supported browser is found due to suggestions from the msf team:
< Zero_Chaos> more importantly, it would be great if someone told me how to spit out a message to the user
< Zero_Chaos> because I have no clue :-)
<@egypt> Zero_Chaos: it's in rex, so the answer is "don't"
2013-07-23 14:58:16 -04:00
Tod Beardsley
bb16683415
Land #2087 , @egypt's random ID generator
2013-07-23 13:52:08 -05:00
sinn3r
958a4edd73
Keep the trailing slash if the user wishes
2013-07-22 20:46:18 -05:00
sinn3r
359009583f
Drop support for UNC path parsing in normalize_win_path
...
Not really a good idea to try to parse UNC format. Confuses the
purpose of the function.
2013-07-22 20:20:45 -05:00
sinn3r
4b3fce9349
Add functions to normalize Winodws & Unix paths
...
The purpose of these functions is to be able to join file/dir paths
safely without trailing slashes, basically for the same reason as
normalize_uri. Some modules are really buggy when merging paths,
so instead of letting them do it, it's better to use these functions.
2013-07-22 19:26:04 -05:00
jvazquez-r7
99a345f8d1
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-22 13:54:26 -05:00
jvazquez-r7
77e8250349
Add support for CWE
2013-07-22 12:13:56 -05:00
jvazquez-r7
15b0e39617
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-21 13:47:40 -05:00
David Maloney
943dde5c6c
OptRegexp specs
2013-07-20 18:44:55 -05:00
David Maloney
d66779ba4c
OptString specs and better validation
2013-07-20 17:49:03 -05:00
David Maloney
d6f2b28708
More opt specs
2013-07-20 17:37:39 -05:00
sinn3r
757cf18bb4
Land #2135 - Update FF detection
2013-07-20 13:10:14 -05:00
Samuel Huckins
832db57171
Removed requirement for note.data to be present. It wasn't required in
...
the model or in specs, but was in db.rb, resulting in an error during
certain import scenarios.
2013-07-20 10:27:12 -05:00
Joe Vennix
92ae90b828
Whitespace fixes.
2013-07-19 17:27:27 -05:00
Joe Vennix
2e838d7be3
Fix minor bugs discovered when testing.
2013-07-19 17:18:39 -05:00
Joe Vennix
7e2fc147f1
Add updated versions of firefox.
2013-07-18 16:35:57 -05:00
David Maloney
ec82644bd3
mo fixes mo specs
...
SEERM #7536
SEERM #7537
2013-07-18 15:00:57 -05:00
jvazquez-r7
1a5e0e10a5
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-18 13:53:57 -05:00
sinn3r
9d92b38dc7
Land #2121 - add specs for module search filter
2013-07-18 13:50:26 -05:00
Joe Vennix
67d8c1170b
Remove unnecessary whitespace.
2013-07-18 13:43:30 -05:00
David Maloney
57dd525714
More optaddressrange specs and fixes
...
SEERM #7536
2013-07-18 13:03:32 -05:00
Joe Vennix
f4b0ab8184
Adds 141 passing specs to Msf::Module#search_filter.
...
* tests exclusion functionality, type: matching, port: matching, app: matching,
platform: matching, author: matching, text: matching, name: matching, and
path: matching.
[RM #4790 ]
2013-07-18 12:47:08 -05:00
David Maloney
22e4db04e0
opening specs and fixes for OptAddressRange
2013-07-18 12:44:48 -05:00
David Maloney
27e2469d8e
Specs and code changes for OptAddress
...
handles wierness around Optaddress.
Still need to address isues in optaddressRange
FIXRM #7537
2013-07-17 20:21:24 -05:00
jvazquez-r7
58229ff8b7
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-17 20:18:48 -05:00
sinn3r
7f7cb4f59a
Land #2114 - Fix object detection for '5716599'
...
[FixRM 7252]
2013-07-17 18:23:17 -05:00
Tod Beardsley
72df070b80
Bump version to 4.8.0-dev, -rls is so fleeting
2013-07-17 16:43:24 -05:00
Tod Beardsley
8d1a760b1f
Bump version to -rls
2013-07-17 16:42:37 -05:00
James Lee
9d56e58e84
Rely on object detection for '5716599'
...
[SeeRM #7252 ]
2013-07-17 15:47:25 -05:00
jvazquez-r7
458ac5f289
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-17 15:02:33 -05:00
jvazquez-r7
11f8b351c0
Merge branch 'nvidia' of https://github.com/Meatballs1/metasploit-framework
2013-07-17 11:44:42 -05:00
William Vu
54af2929f5
Land #2109 , kill stray character
2013-07-16 11:11:06 -05:00
Joe Vennix
34e732eabd
Kill stray character in whitespace gutter.
2013-07-16 10:14:41 -05:00
Alexandre Maloteaux
a5d526d710
remove metsrv.dll
2013-07-15 17:16:21 +01:00
Alexandre Maloteaux
e28dd42992
add http authentification and socks
2013-07-15 15:36:58 +01:00
William Vu
fdd577598a
Land #2095 , go_pro fix for Kali
2013-07-15 04:27:56 -05:00
Alexandre Maloteaux
f48c70d468
enable tor and small fix
2013-07-13 17:59:49 +01:00
James Lee
94f8b1d177
Land #2073 , psexec_psh
2013-07-12 16:14:17 -05:00
James Lee
91b748a701
Make it clear where we failed
...
Even when VERBOSE=false
2013-07-12 15:57:30 -05:00
corelanc0d3r
e8983a21c5
New meterpreter payload reverse_https_proxy
2013-07-12 16:45:16 -04:00
William Vu
e8294b4f02
Add tentative fixes
2013-07-12 07:12:07 -05:00
James Lee
1ac1d322f2
Dup before modifying
...
Because `remove_resource` modifies @my_resources, we can't call it while
iterating over the actual @my_resources. The following snippet
illustrates why:
```
>> a = [1,2,3,4]; a.each {|elem| a.delete(elem); puts elem }
1
3
=> [2, 4]
```
[See #2002 ]
2013-07-12 00:57:10 -05:00
James Lee
38e837dc28
Remove inaccurate comment
2013-07-11 22:48:35 -05:00
g0tmi1k
a4d96d37f3
Updated regex
2013-07-11 21:16:02 +01:00
g0tmi1k
ff62a85501
command_dispatcher/core.rb - Made msftidy happy
2013-07-11 10:52:25 +01:00
g0tmi1k
b2fe31e30f
go_pro - fix start with kali linux
2013-07-11 10:42:26 +01:00
William Vu
f267c11bc4
Add regex fix
2013-07-10 15:43:16 -05:00
James Lee
85affe4d47
Land #2089 , smb last_filename can be nil
2013-07-10 14:18:00 -05:00
Tod Beardsley
56ffa4ae2f
Fixes for network_interface PR #2085
...
Implementing the suggestions from @limhoff-r7.
See #2085
FixRM #8023
FixRM #7943
2013-07-10 13:25:06 -05:00
Tod Beardsley
8ade33552c
Land #2085 , use the new network_interface gem.
2013-07-10 13:15:01 -05:00
James Lee
4cc179a24c
Store inverted hash for better lookups
...
Also clarifies comment about infinite loops
2013-07-10 12:38:42 -05:00
sinn3r
71974a8535
to_addr_hex_dump is never used and is too similar to to_hex_dump
...
Not so much value in to_addr_hex_dump, as Meatballs1 suggested, we
should remove this.
2013-07-10 11:09:47 -05:00
sinn3r
add294d999
Fix potential nil in last_filename
...
Replacing #2060 . It is possible to get a nil in last_filename if
the sub! function doesn't find any 0x00s to replace, so instead
it's best to use sub(), which should at least return the original
filename. To make sure we don't hit any other unknown conditions
that may result in nil last_filename, it's also convert with to_s
to make sure it's always a string.
2013-07-09 12:50:19 -05:00
James Lee
afa6a36df3
Make first char's character class configurable
2013-07-09 02:50:28 -05:00
James Lee
273046d8f0
Add a class for generating random identifiers
...
Will be useful for all kinds of things, but brought about in discussions
specifically for Util::EXE in #2037 .
2013-07-09 02:06:44 -05:00
lsanchez-r7
4541a9e49e
now with passing msftidy
2013-07-08 17:44:50 -05:00
lsanchez-r7
5c93fb2849
arp_sweep is once again working
...
modified the capture mixin to use NetworkInteface instead of
pcaprub for interfaces and addresses
FIXRM #8023,#7943
2013-07-08 17:24:28 -05:00
James Lee
00c7581099
Fix constant names and 'exe-only'
...
That'll teach me to commit before the specs finish.
Really [FixRM #8149 ]
2013-07-06 12:39:15 -05:00
James Lee
1b504197be
Check equality instead of regex
...
Thanks, @Meatballs1 for finding the cause of this bug!
[FixRM #8149 ]
2013-07-06 12:29:37 -05:00
Meatballs
2bfe8b3b29
msftidy
2013-07-05 22:35:22 +01:00
Meatballs
0ce3fe2e7c
Added service status checks to Post::Windows::Services
...
Added QueryServiceStatus to Railgun Advapi32 Definitions
Added Checks to module
2013-07-05 22:25:04 +01:00
jvazquez-r7
0e2380c115
Fix method documentation
2013-07-05 11:19:53 -05:00
jvazquez-r7
bcf6d11442
Land #2049 , @wchen-r7's had_pid? method work
2013-07-05 11:19:11 -05:00
Meatballs
1a0bdf335e
Retab lib
2013-07-04 12:09:46 +01:00
Meatballs
a76ee6c2ec
Add flexibility to lib
2013-07-04 11:03:48 +01:00
Meatballs
1368c1c27f
Move options to lib
2013-07-04 10:25:08 +01:00
Meatballs
03de8c1c3d
Pull in exploit/powershell
2013-07-04 09:54:40 +01:00
James Lee
e330916744
Pull out common stuff in Util::EXE/MsfVenom tests
2013-07-03 12:25:15 -05:00
g0tmi1k
38b83ba335
ui/banner~Made msftidy happy
2013-07-03 00:29:42 +01:00
William Vu
67f30a6828
Land #1739 , resolve workspace rename issues
2013-07-02 16:09:59 -05:00
sinn3r
0f37bbe78e
Add has_pid? function
...
[SeeRM:#8123] - Add commonly used function has_pid?. Related to
redmine issue 8123.
2013-07-02 14:33:15 -05:00
William Vu
28a4a05991
Land #2046 , base argument for to_hex_dump
2013-07-02 12:11:05 -05:00
sinn3r
98c214d2fb
Allow 0 base address, and dynamic left column length
2013-07-02 11:40:23 -05:00
jvazquez-r7
2ceb404f7d
Land #2047 , @hmoore-r7 ipmi related work
2013-07-02 11:13:25 -05:00
sinn3r
9eb32ea9af
Allow "base" argument for to_hex_dump
...
[SeeRM:#8121] - For debugging purposes, it's useful to be able to
specify a base.
2013-07-01 23:56:51 -05:00
jvazquez-r7
2751470c71
Add @jlee-r7's feedback to sapni proxies support
2013-07-01 21:37:53 -05:00
jvazquez-r7
9c4d869ed8
Land #1018 , @nmonkee's support for sap router proxies
2013-07-01 21:36:02 -05:00
James Lee
1466609c86
Add more supported formats to exe generation
...
- Already supported, just added calls to the the right methods in
the .to_executable_fmt method:
- Linux armle, mipsle, and mipsbe
- Mac arm, ppc
- makes the two (!?) copies of block_api for windows match more closely
with the source used elsewhere. This is still needs to be refactored
to get rid of the duplication.
- Get rid of some of the logic in msfvenom duplicated from Util::EXE
2013-07-01 17:36:58 -05:00
HD Moore
8e4dd29a4c
Add cipher zero scanner
2013-06-30 02:35:37 -05:00
jvazquez-r7
a5c3f4ca9b
Modify ruby code according to comments
2013-06-29 08:54:00 -05:00
sinn3r
e3989ad30c
Extra comments, no thanks
2013-06-28 15:44:06 -05:00
sinn3r
f4c805f5d6
Yarrrrrrrrd
2013-06-28 15:42:56 -05:00
sinn3r
6e1fa05757
Fix a handle leak & change thread creation flag
2013-06-28 13:23:08 -05:00
sinn3r
554d738f26
Update documentation
...
Fix broken English
2013-06-28 13:03:05 -05:00
sinn3r
b7430cb569
Add Msf::Post::Windows::Process
...
The purpose of Msf::Post::Windows::Process is have all the common
functions you might need to do something to a process, for example:
injecting something to a process and then run it.
2013-06-28 12:55:06 -05:00
David Maloney
ea13ac48ec
"fix" indentation to make egypt happy
2013-06-27 17:16:13 -05:00
David Maloney
89faba288d
damnit brandon turner
2013-06-27 17:12:37 -05:00
David Maloney
867be1257a
slight rearrangement
2013-06-27 17:09:20 -05:00
David Maloney
e3fde02eec
conditional wrapping
...
as per egypt's catch
2013-06-27 17:07:16 -05:00
David Maloney
70433820a9
fixes FD leak in RPC client
...
FD leak due to sockets not getting closed
on the rpc client
FIXRM #8107
2013-06-27 16:57:02 -05:00
Josh
d7eda343e9
fix typo in comment
...
change runing to running
2013-06-27 03:12:49 -05:00
HD Moore
4fb6fa67f2
Fix require for constants, trim useless fields from banner
2013-06-26 09:59:40 -05:00
HD Moore
84117e28a8
Remove stale constants.rb require
2013-06-26 09:52:15 -05:00
James Lee
31ad7b50a9
Fix write_file on FreeBSD
...
[SeeRM #8083 ]
2013-06-25 17:19:00 -05:00
James Lee
b3b94c7a73
Break packet classes into their own files
...
This makes the file structure match the class structure and makes the
source tree easier to grok.
2013-06-24 19:24:09 -05:00
HD Moore
1801a5a270
Better HP iLO compatibility (retry on session ID error)
2013-06-24 14:23:53 -05:00
Daniele Martini
c0fda81eb0
Removed options DB_ADD_ALL. Added options DB_ALL_PASS and DB_ALL_USERS
...
to add already known user and passwords to the lists.
2013-06-23 18:20:41 +02:00
HD Moore
c869112407
Cleanup, reporting, and automatic cracking
2013-06-23 01:35:31 -05:00
HD Moore
5656e0cb7a
Initial commit of IPMI library, scanner, & cracker
2013-06-22 23:38:28 -05:00
James Lee
3c42fe594e
No need to have rescue around a print
2013-06-21 15:55:43 -05:00
James Lee
2c12a43e77
Add a method for dealing with hardcoded URIs
2013-06-21 15:48:02 -05:00
James Lee
39d011780e
Move deletion into #remove_resource
...
Doing it here means that modules manually calling remove_resource won't
screw up the cleanup
2013-06-21 15:34:54 -05:00
James Lee
e8a92eb196
Keep better track of resources
...
[See #1623 ]
[SeeRM #7692 ]
2013-06-21 14:51:47 -05:00
James Lee
81b4efcdb8
Fix requires for PhpEXE
...
And incidentally fix some msftidy complaints
2013-06-19 16:27:59 -05:00
jvazquez-r7
1aff778a79
Fix unpack
2013-06-18 09:06:44 -05:00
jvazquez-r7
8ae8f25d56
Land #1961 , @wvu-r7's normalization of command_dispatcher/db.rb
2013-06-18 08:57:32 -05:00
jvazquez-r7
3f665ba5a0
Skip also max-age from cookies
2013-06-17 14:04:08 -05:00
HD Moore
819080a147
Enable rhost/rport option overrides in HttpClient
2013-06-17 11:45:01 -05:00
William Vu
53077d4c1a
Add a newline before the delete message
2013-06-14 19:58:19 -05:00
William Vu
cfd05bc68f
Normalize comments
2013-06-14 17:32:33 -05:00
William Vu
0a9a8a57e3
Remove double newlines
2013-06-14 17:20:26 -05:00
William Vu
bb02cc8509
Normalize the syntax and output of db.rb
2013-06-14 17:11:47 -05:00
Tod Beardsley
d341b825d0
Rename dirbust option to conform to style
2013-06-14 12:58:08 -05:00
Tod Beardsley
2971e50d06
Land #1949 , make dirbusting optional for crawler
2013-06-14 11:54:28 -05:00
jvazquez-r7
f5b00512e0
Fix sap ni proxy, hopefully
2013-06-13 17:15:48 -05:00
Brandon Perry
3cb851e4e0
Merge remote-tracking branch 'todb-r7/fix-msftidy-1944' into csharp_payload
2013-06-12 17:29:00 -05:00
Brandon Perry
0f06e9b08c
Merge branch 'master' of https://github.com/rapid7/metasploit-framework into csharp_payload
2013-06-12 17:27:55 -05:00
Tasos Laskos
b509ac8504
Crawler mixin: Dirbusting opt moved to advanced
2013-06-13 00:04:31 +03:00
Tasos Laskos
b474cda4aa
Crawler/Anemone: Dirbusting now optional
...
[FIXRM #8030 ]
Anemone updated to make dirbusting optional (on by default) and the Crawler core
module updated to provide an option to do so.
2013-06-13 00:00:09 +03:00
Samuel Huckins
8287dd314f
Merge pull request #1941 from jlee-r7/http-server-inspect
...
Functional tests in msfconsole passing, as are MSF and Pro specs. References in Pro to items that appeared session related were either debug oriented or commented out.
2013-06-12 12:54:29 -07:00
Tod Beardsley
9c75d821d1
Fix up msftidy warnings on rex/text.rb
2013-06-12 11:17:58 -05:00