HD Moore
38ad7230d2
Fix up a typo
2012-06-17 01:35:39 -05:00
HD Moore
e4fffc36de
Move to one to many instead of m2m for module_detail tracking
2012-06-17 01:21:38 -05:00
HD Moore
780b8ee48b
Remove the vulns_refs destroy, this causes issues
...
when the join table has no .id
2012-06-17 00:12:10 -05:00
HD Moore
be9b7a88fb
Complicate the matching process in the name of memory
...
and loading speed. Use optional match_details param
to find matching vuln instances.
2012-06-17 00:07:00 -05:00
HD Moore
7d9d6f11e5
Comitting a copy of the "old" mode of loading,
...
still hoping to avoid having to do this due to
memory bloat and slowness.
2012-06-16 22:42:31 -05:00
HD Moore
52150b0e89
Merge branch 'master' into feature/vuln-info
2012-06-16 15:43:52 -05:00
HD Moore
6dd8fd2e05
Move the cache rebuild into a background job
2012-06-16 15:41:37 -05:00
sinn3r
931f24b380
Merge branch 'php_apache_request_headers_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-php_apache_request_headers_bof
2012-06-16 14:56:45 -05:00
HD Moore
8425c8438d
Switch to a MDM/SQL-based module cache
2012-06-16 14:51:09 -05:00
David Maloney
122b34c703
fix missing bock transitions
...
the block objects weren't being transitioned over from the class
methods properly, so the callback blocks were never getting processed.
2012-06-15 14:25:47 -05:00
jvazquez-r7
091b3bbbd9
Added module plus encoder for CVE-2012-2329
2012-06-15 00:29:52 +02:00
HD Moore
8177783681
Merge branch 'master' into feature/vuln-info
2012-06-14 16:21:51 -05:00
HD Moore
e2c1657eb4
Adds a block callback to work with the replicant
...
module instance prior to it being launched.
2012-06-14 16:21:06 -05:00
HD Moore
e59b33fc76
Incorporate egypt's feedback
2012-06-14 10:43:09 -05:00
Tod Beardsley
bffb3571c2
Adding URL ref for db_autopwn deprecation message
2012-06-14 09:53:59 -05:00
James Lee
2683bb0ba7
Add deprecation warnings for old commands
...
This should hopefully cut down a bit on support requests from people
asking about old commands they read about in _Metasploit: The
Penetration Tester's Guide_
2012-06-14 09:44:38 -05:00
HD Moore
03b29fff68
Merge up the latest, does not automaticlly load
...
the module tree into the database right now.
2012-06-14 04:35:43 -05:00
HD Moore
a6070f8584
Tweak schema (type gets mangled by AR), add caching routine
2012-06-14 03:27:36 -05:00
HD Moore
cc56f43532
Merge in new MDM with corrected relationships
2012-06-14 00:24:21 -05:00
HD Moore
65686824e0
Merge in the MDM with module tables
2012-06-13 21:59:55 -05:00
HD Moore
554defa9c0
Merge MDM changes to fix the vuln refs relationship
2012-06-13 20:43:30 -05:00
HD Moore
8f448c9159
Merge MDM
2012-06-13 14:06:12 -07:00
HD Moore
9351e3ab25
MDM update to support fusion import
2012-06-13 14:02:40 -07:00
David Maloney
08cbd87541
Default mime-types to octet-stream
2012-06-13 14:48:58 -05:00
HD Moore
de45630092
Merge branch 'master' into feature/vuln-info
2012-06-12 15:36:16 -05:00
Jeff Jarmoc
e820d23f73
Cleanup whitespace
2012-06-12 15:32:50 -05:00
HD Moore
374b5b86f7
Merge branch 'master' into feature/vuln-info
2012-06-12 15:24:50 -05:00
Tod Beardsley
3756a5031f
Adding carrierwave to metasploit's gemcache.
2012-06-12 14:47:50 -05:00
HD Moore
6290bba71b
Merge branch 'master' into feature/vuln-info
2012-06-12 12:41:41 -05:00
Michael Schierl
34ecc7fd18
Adding @schierlm 's AES encryption for Java
...
Tested with and without AES, works as advertised. Set an AESPassword,
get encryptification. Score.
Squashed commit of the following:
commit cca6c5c36ca51d585b8d2fd0840ba34776bc0668
Author: Michael Schierl <schierlm@gmx.de>
Date: Wed Apr 4 00:45:24 2012 +0200
Do not break other architectures
even when using `setg AESPassword`
commit 422d1e341b3865b02591d4c135427903c8da8ac5
Author: Michael Schierl <schierlm@gmx.de>
Date: Tue Apr 3 21:50:42 2012 +0200
binaries
commit 27368b5675222cc1730ac22e4b7a387b88d0d2b3
Author: Michael Schierl <schierlm@gmx.de>
Date: Tue Apr 3 21:49:10 2012 +0200
Add AES support to Java stager
This is compatible to the AES mode of the JavaPayload project.
I'm pretty sure the way I did it in the handlers (Rex::Socket::tcp_socket_pair())
is not the supposed way, but it works :-)
2012-06-11 16:13:25 -05:00
HD Moore
bbd500aca9
Show a stack trace in auxiliary timeouts [ temp ]
2012-06-11 01:40:57 -05:00
HD Moore
d975d1a236
Add counter caches for host_details, vuln_details, vuln_attempts
2012-06-10 17:15:53 -05:00
David Maloney
fc0dc23752
Some handling around empty elements
2012-06-10 17:04:47 -05:00
David Maloney
a20c85a655
Remove binding.pry call
2012-06-10 17:01:31 -05:00
David Maloney
f9999a3033
Add FusiuonVM Importer
...
This adds a nokogiri stream parser for XML reports from
Critical Watch's FusionVM.
2012-06-10 16:38:28 -05:00
HD Moore
4f55452153
This adds import/export support for vuln_attempts
2012-06-10 12:50:59 -05:00
HD Moore
9dcb3059f8
MDM update
2012-06-10 03:46:58 -05:00
HD Moore
7c8cb2d79e
Add vuln_attempts, track exploit attempts when a matching vuln exists.
...
This also fixes an issue with report_vuln() from exploited hosts not
setting the service correctly. This introduces a fail_reason method
to the exploit base class, which attempts to determine why an exploit
did not work (closed port, unreachable host, missing page, etc). There
is still quite a bit of work to do around this to finish it up.
2012-06-10 03:15:48 -05:00
HD Moore
55bdbb6ec9
Merge branch 'master' into feature/vuln-info
2012-06-09 01:37:11 -05:00
HD Moore
e840f7e9ee
Add additional host detail columns and parsers
2012-06-09 00:43:03 -05:00
HD Moore
dabda58f17
Import host_details and vuln_details now
2012-06-08 23:27:02 -05:00
HD Moore
465998bc17
Export host_details and vuln_details, add missing refs to db_export
2012-06-08 22:55:55 -05:00
HD Moore
376aaa410b
Fix tag deuplication and reset after each vuln properly
2012-06-08 22:55:37 -05:00
James Lee
1be9ce8649
Fixes command parsing in Post::Common
...
The meterpreter API wants arguments in a seperate string (not an array,
mind you) just so it can concatenate them on the server side.
Originally, I worked around that by using Shellwords.shellwords to pull
out the first token. But! Shellwords.shellwords inexplicably and
inexcusably removes backslashes in ways that make it impossible to quote
things on Windows. This commit works around both of those things.
2012-06-07 22:24:59 -06:00
HD Moore
d393dbb28f
MDM update
2012-06-07 21:27:41 -05:00
HD Moore
49b3c9b0e8
More cleanup related to vuln schema
2012-06-07 04:42:16 -05:00
HD Moore
42c3bedfad
Merge MDM, add migrations, tweak report_vuln
2012-06-07 00:40:26 -05:00
James Lee
a2751e3ccd
Rdoc fixes
2012-06-06 17:04:54 -06:00
Joe Vennix
a20cec75cc
Rollback activerecord to 3.2.2 to prevent asset inclusion issues.
2012-06-06 11:08:39 -05:00
James Lee
fc7293baae
Arguments have to be joined with a space
...
Fixes cmd_exec() calls with more than one argument
2012-06-04 18:12:45 -06:00