That's what I get for just committing willy-nilly with a fresh install
of Gvim for Windows.
Also, this is an experiment to see if linefeeds are being respected in
this editor Window. I doubt it will be, given GitHub's resistence to
50/72 as a sensible default.
Instead of a cryptic exception, let the user know if the HTTP target
isn't actually asking for WWW-Authenticate.
There are likely many more opportunities to catch errors, but this is
the most obvious.
Due to the vagaries of various Metasploit module description viewers, we
can't guarantee things like lists and bullet points render right.
Descriptions should avoid using these things.
AXFR support in net-dns is broken. This fixes it, and makes the
requisite modifications to enum_dns module. Basic problem is that AXFR
responses consist of a chain of DNS replies, not a single reply with
multiple answers. Previously, only the first of these replies, the SOA
record, was returned. Also added some exception handling to avoid
problems like #483.
Sometimes a nameserver won't have an A record for its own name. Check
for this and fall back to using the system resolver via
Rex::Socket.gethostbyname. Example:
$ dig +short zonetransfer.me NS
ns12.zoneedit.com.
ns16.zoneedit.com.
$ dig +short @ns12.zoneedit.com ns12.zoneedit.com A
$ dig +short @ns16.zoneedit.com ns12.zoneedit.com A
$ dig +short @ns16.zoneedit.com ns16.zoneedit.com A
$
Also removed an extra A lookup that was unnecessary.
but it expects a factory object not a string, when setting :proxy => datastore['Proxies'] user got:
"Auxiliary failed: NoMethodError private method `open' called for \"socks4:localhost:1080\":String."
VALID_OPTIONS in ssh.rb now takes :proxies option which is passed to the Rex socket in
Net::SSH::Transport::Session.new.
Testing: block all outgoing to SSH server, try to connect with a proxy. Try with :proxy option,
then merge this pull request and try again.
auxiliary/fuzzers/wifi/fuzz_beacon offers ADDR_DST option, probably
copy-pasted from some other wifi modules, but does not use it, likely
because beacons are meant to be sent to broadcast address only. Since
this is a fuzzer, changing the destination address may be desirable.
Used the option in building the frame to be sent.
auxiliary/scanner/http/glassfish_login offers URI option to set the path
where Glassfish is installed, but it doesn't work. Replaced it with
TARGETURI and call target_uri.path to get a base path.
Notably, DisclosureDate is required for other module parsers, so let's
not ignore those, even if you have to guess at the disclosure or call
the module's publish date the disclosure date.
commit dadb717f5e17851a85183847f3fdb01e45e6caaa
Author: James Lee <egypt@metasploit.com>
Date: Fri Aug 3 18:48:53 2012 -0600
Rescue SMB errors
Prevents backtraces and gives the user some idea of what happened.
Specifically useful for STATUS_ACCESS_DENIED and STATUS_LOGON_FAILURE.
commit aba203ead75eec22606f52d7eb67f1581c44c4df
Author: Rob Fuller <jd.mubix@gmail.com>
Date: Fri Jul 20 03:24:26 2012 -0400
add SMB list directory module
[Closes#628]
* Added option to retrieve all available files from remote SAP host to
sap_mgmt_con_getlogfiles, based on the listing request provided in
sap_mgmt_con_listlogfiles module, if the variable GETALL is set to true.
Kept previous functionality of retrieving just one chosen file.
* Added new module sap_mgmt_con_getprocesslist to remotely list SAP
processes using SAP SOAP interface. Based on the other sap_mgmt_con_*
modules by Chris John Riley.
The module starts a fake SIP server listening for incoming REGISTER requests.
It then triggers an authentication request at the client and captures the
response for cracking in JtR or Cain.
The oraenum module has errror handling to catch instances where the user used to run the checks doesn't have the appropriate rights, however in one place (The default password check) the error handling code isn't included. This patch just adds the same check for that code.
This module provides a fake MySQL service that is designed to
capture authentication credentials. It captures challenge and
response pairs that can be supplied to Cain or JTR for
cracking.
The .write function was having issues with large files, the
connection would close or sometimes there would be errors.
I changed thefunction to act more like smb_relay and it works better.
From pull request #549. Changes include:
* Use OptEnum to enforce the use of wpad.dat or proxy.pac
* Remove cli.peerhost:cli.peerport, the API does that already
* cleanup function to restore uripath datastore option
* More friendly error when the user doesn't have enough permission
to bind to port 80, that way they don't blame it's a bug on msf.
* Remove unnecessary SVN stuff in modinfo
The modified version of pull request #453. This addresses a couple
of things including:
* Change the description to better explain what the vulnerability is.
The advisory focuses the problem as an auth bypass, not DoS,
although it can end up dosing the server.
* The title and filename are changed as a result of matching that
advisory's description.
* Use 'TARGETURI' option instead of 'URI'.
* The reset attempt needs to check if the directory actually has
401 in place, otherwise this may result a false-positive.
* The last HTTP request needs to check a possible nil return value.
* More verbose outputs.
Watch the trailing commas, that wangs up Ruby 1.8.7 and prior.
Squashed commit of the following:
commit c00363993a726cd0c87fbaee769c44f680feff72
Author: Tod Beardsley <todb@metasploit.com>
Date: Mon Jun 4 09:33:18 2012 -0500
Removing trailing comma
commit 594cae0cab60ba0493a6c50a001cd6885f05522b
Author: Steve Tornio <swtornio@gmail.com>
Date: Mon Jun 4 09:10:36 2012 -0500
add osvdb ref
This was tested by creating a resource script to load every changed
module and displaying the options, like so:
````
use auxiliary/admin/2wire/xslt_password_reset
show options
use auxiliary/admin/http/contentkeeper_fileaccess
show options
````
...etc. This was run in both the master branch and FireFart's branch
while spooling out the results of msfconsole, then diffing those
results. All modules loaded successfully, and there were no changes to
the option sets, so it looks like a successful fix.
Thanks FireFart!
Squashed commit of the following:
commit 7c1eea53fe3743f59402e445cf34fab84cf5a4b7
Author: Christian Mehlmauer <FireFart@gmail.com>
Date: Fri May 25 22:09:42 2012 +0200
Cleanup Opt::RPORT(80) since it is already registered by Msf::Exploit::Remote::HttpClient
Have some minor edits below, looks like it all works now though.
Squashed commit of the following:
commit b7befd4889f12105f36794b1caca316d1691b335
Author: Tod Beardsley <todb@metasploit.com>
Date: Fri Jun 1 14:31:32 2012 -0500
Removing ord in favor of unpack.
Also renaming a 'character' variable to 'c' rather than 'i' which is
easy to mistake for an Integer counter variable.
commit e80f6a5622df2136bc3557b2385822ba077e6469
Author: Tod Beardsley <todb@metasploit.com>
Date: Fri Jun 1 14:24:41 2012 -0500
Cleaning up print msgs
commit 5fd65ed54cb47834dc646fdca8f047fca4b74953
Author: Tod Beardsley <todb@metasploit.com>
Date: Fri Jun 1 14:19:10 2012 -0500
Clean up hashcollision_dos description
Caps, mostly. One sentence I still don't get but it's not really a show
stopper.
commit bec0ee43dc9078d34a328eb416970cdc446e6430
Author: Christian Mehlmauer <FireFart@gmail.com>
Date: Thu May 24 19:11:32 2012 +0200
Removed RPORT, ruby 1.8 safe, no case insensitive check, error handling
commit 20793f0dfd9103c4d7067a71e81212b48318d183
Author: Christian Mehlmauer <FireFart@gmail.com>
Date: Tue May 22 23:11:53 2012 +0200
Hashcollision Script (again)
Tod Beardsley
jvazquez-r7
sinn3r
Cristiano Maruti
nullbind
Ewerson Guimaraes (Crash)
Rob Fuller
webstersprodigy
saint patrick
Daniel Miller
HD Moore
RageLtMan
David Maloney
Bruno Morisson
Bruno Morisson
Patrik Karlsson
Rory McCune
Alexandre Maloteaux
efraintorres
j0hn__f
James Lee
Thomas Grainger
Steve Tornio
Christian Mehlmauer