Commit Graph

7447 Commits (b8e2c9fe42f58e45f3e541b4a17e67b8bb92ae12)

Author SHA1 Message Date
David Maloney 4565be18e3 require active_support numeric
ensure we have the activesupport numeric bytes extension
loaded for calling .gigabyte
2014-02-12 13:20:13 -06:00
jvazquez-r7 8b25b6e343
Land #2980, @wvu-r7 fix to handle invalid session id on post module runs 2014-02-12 13:13:34 -06:00
jvazquez-r7 ff267a64b1 Have into account the Content-Transfer-Encoding header 2014-02-12 12:40:11 -06:00
William Vu 40db1c4d0d s/auxiliarly/auxiliary/ 2014-02-12 12:17:53 -06:00
sinn3r 45d4b1e1fd
Land #2958 - Add options: Applicaiton-Name, Permissions for jar.rb 2014-02-12 11:14:25 -06:00
sinn3r 750ce3c4db Make server configurable 2014-02-11 23:07:43 -06:00
OJ beca4b8bc3 Fix issue with getenv failing
The call to `getenv` failed when `%` or `$` were used because of the
differences between Meterpreter handling and MSF handling.

Meterpreter effectively ignores (ie. strips out) the platform-specific
characters which are used for environment variables. In the `getenv`
call, MSF was invoking `getenvs` and getting a full hash of values, then
attempting to index into the hash using a string which may be "polluted"
with those platform-specific characters. This meant that there was a
discrepency between what was returned and what was used to index and
as a result, the value would come out as `nil`.

For example, calling `getenv('%FOO%')` would result in a hash with
`{'FOO'=>'bar'}`, so looking for '%FOO%' in this result would yield
nothing.

This commit changes this so that the name is ignored and the first
value is returned.
2014-02-12 13:51:30 +10:00
William Vu 5a488b310d Use a more correct error message
-1 is a valid session ID, even though it's a fake one.
2014-02-11 18:06:43 -06:00
William Vu 4a603b9a8d Merge remote-tracking branch 'upstream/master' into beug/session
Conflicts:
	lib/msf/base/simple/post.rb
2014-02-11 16:38:16 -06:00
William Vu 18816f3d5e
Land #2952, -1 for last session ID 2014-02-11 16:22:36 -06:00
William Vu 2476d9be2d Fix invalid session ID bug
This fix should work seamlessly with #2952.
2014-02-11 15:43:35 -06:00
jvazquez-r7 1f0020a61c
Land #2946, @jlee-r7's optimization of the x86 block_api code 2014-02-11 15:00:00 -06:00
jvazquez-r7 e3aa838e52 Fix on_session_module_run bug 2014-02-11 11:37:58 -06:00
jvazquez-r7 51df2d8b51 Use the fixed API on the mediawiki exploit 2014-02-11 08:28:58 -06:00
sinn3r 2bb15d3a87 answerer's interface gets a makeover 2014-02-11 02:15:22 -06:00
jvazquez-r7 79d559a0c9 Fix MIME message to_s 2014-02-10 22:23:23 -06:00
Spencer McIntyre a67a14ff60
Land #2975 @wchen-r7's extra vprint_debug statements for ms13-090 2014-02-10 20:57:55 -05:00
sinn3r fdd696fc31 Drop Opera support
It's sad nobody is actually using it. See article: "Across desktop and
mobile, Chrome is used more than Firefox, IE, and Opera combined" -
thenextweb.com
2014-02-10 18:03:42 -06:00
sinn3r 1414f6794c Change the name of the video chat command 2014-02-10 17:44:47 -06:00
Meatballs d8ea11b851
Redirect HTTP too 2014-02-10 23:41:15 +00:00
sinn3r 442d212a94 Add vprint_debug to show what requirements are being compared 2014-02-10 17:33:36 -06:00
Meatballs 4a0f37dc21
Save lost changes 2014-02-10 23:24:26 +00:00
sinn3r 44282d8a83 Add an exception handling 2014-02-10 17:06:56 -06:00
sinn3r 1114913298 Automatically turn on webcam in Firefox 2014-02-10 17:05:08 -06:00
Meatballs a87f604c98
Merge remote-tracking branch 'upstream/master' into mediawiki 2014-02-10 21:43:56 +00:00
sinn3r 48fdb08164 Add flag --use-fake-ui-for-media-stream
Thanks Joev!!
2014-02-10 14:47:25 -06:00
Matteo Cantoni 427fece52c Add random mail address function 2014-02-10 21:04:44 +01:00
James Lee fab8e16a87
Unbreak server exploits 2014-02-10 10:54:14 -06:00
jvazquez-r7 57320a59f1 Do small clean up for mediawiki_thumb pr 2014-02-10 08:57:09 -06:00
Spencer McIntyre 4eb9a16b2c Remove unnecessary return statement. 2014-02-09 13:06:21 -05:00
sinn3r 93ef3c784d Update some JavaScript and other things 2014-02-08 22:23:19 -06:00
sinn3r b279c45db5 Update open_webrtc_browser method 2014-02-08 20:47:02 -06:00
sinn3r 0d24f06109 Not adding remote support for Linux meterpreter, here's why 2014-02-08 20:30:53 -06:00
sinn3r be8538f3bd Tweak video attributes 2014-02-08 19:56:43 -06:00
sinn3r 8d55104712 Random channel 2014-02-08 19:36:33 -06:00
sinn3r e25767ceab More progress 2014-02-08 17:28:15 -06:00
sinn3r 2cfc662e43 Use en-us instead 2014-02-08 16:16:09 -06:00
sinn3r 3f9ad8a6d5 Fix bugs and stuff 2014-02-08 16:11:39 -06:00
sinn3r 22cc665115 More error handling 2014-02-08 16:06:51 -06:00
sinn3r 07ad99ba3a Remove unnecessary methods 2014-02-08 15:51:33 -06:00
sinn3r a70c77c9eb Handle some more exceptions 2014-02-08 15:51:11 -06:00
sinn3r 325214e37f Fix bugs and stuff 2014-02-08 15:41:44 -06:00
Meatballs d1f3afeacc
Correct MSB refs 2014-02-08 13:32:56 +00:00
Meatballs 76f0783eef
Raise error if no domain found or specified 2014-02-08 12:16:48 +00:00
Meatballs a5cb03e409
Copy Meterpreter return hash
Dont add a key if no value is found
2014-02-08 12:12:45 +00:00
Meatballs 6e197ce535
Post get_envs library methods 2014-02-08 11:37:25 +00:00
sinn3r e8ec6d1062 Rename command name 2014-02-08 03:53:49 -06:00
sinn3r ee1900c273 progress 2014-02-08 03:29:15 -06:00
sinn3r b188943bd1 Progress 2014-02-08 02:57:49 -06:00
sinn3r 526bf9f6bc This should work 2014-02-07 22:17:42 -06:00
sinn3r bd23fcf4b7
Land #2936 - Windows Command Shell Upgrade (Powershell) 2014-02-07 17:39:06 -06:00
David Maloney f189b753e5 use more clear syntax for space
use 1.gigabyte as kronicdeth suggested, for great awesomeness
2014-02-07 15:52:19 -06:00
Meatballs 56359aa99f
Merge changes from other dev machine 2014-02-07 21:22:44 +00:00
Meatballs 103780c3da
Merge remote-tracking branch 'upstream/master' into mediawiki 2014-02-07 20:07:04 +00:00
James Lee f0fd2f0598
Land #2944, add platforms to encoders
This allows encoders to advertise compatibility with a particular
platform (or more accurately, non-compatibility with everything that
isn't that platform).

See also #2939
2014-02-07 13:38:05 -06:00
sinn3r 36f3a82b5c A wise man once said do not abuse the power of expand_path 2014-02-07 12:10:58 -06:00
sinn3r bab9a5522b You will go deaf with the default volume value. No thanks. 2014-02-07 11:35:57 -06:00
sinn3r 3c3bd11aca Oh look, more progress 2014-02-07 11:25:20 -06:00
David Maloney aa3985c5e3 relign attribute tags 2014-02-07 11:04:17 -06:00
David Maloney 5d8dc76f48 put verbose messages to stderr
egypt pointed out we'll stomp on the payload output
otherwise. Good catch
2014-02-07 10:22:39 -06:00
grimmlin 2d93b38e2a Fixed java_signed_applet for Java 7u51 2014-02-07 16:29:50 +01:00
sinn3r 43be99f31b Save some progress 2014-02-07 03:06:52 -06:00
Spencer McIntyre 27d7df554c Use a single return statement defaulting to nil. 2014-02-06 14:50:59 -05:00
Spencer McIntyre b9fb8decad Support a (latest) session id of -1. 2014-02-06 14:11:38 -05:00
sinn3r 3a95a169e1
Land #2930 - clipboard monitor for meterpreter 2014-02-06 11:29:22 -06:00
David Maloney 9d9305d2c0 more yardtag cleanup 2014-02-06 11:16:00 -06:00
sinn3r f66fc15b9e Add support for webrtc in meterpreter 2014-02-06 10:44:24 -06:00
David Maloney 34c4718e95 more style fixups
further kronicdeth appeasement
2014-02-05 18:12:44 -06:00
David Maloney 1bf11e5b92 some alpha-sorting
begining to appease KronicDeth
2014-02-05 17:47:32 -06:00
James Lee b226ecf591
Add block_api changes to prepend_migrate 2014-02-05 15:32:59 -06:00
David Maloney ca48fb6590 fix encoding cycle if all encoders fail
we need to raise an exception if all encoders fail
2014-02-05 15:25:14 -06:00
David Maloney 1227a47342 fix exe template
don't pass an emtpy string for templates
this causes read errors. pass no value instead
2014-02-05 12:10:14 -06:00
David Maloney 508f251db2 add cli compat
add cli capability to putut verbose info to the console
2014-02-05 11:00:57 -06:00
David Maloney 293c231dfe alpha-sort methods for ease
lexically sorted methods to make it easier to
look through code
2014-02-04 18:05:03 -06:00
David Maloney fc9105d862 final generation and specs
generation wrapped method complete with specs
2014-02-04 17:52:20 -06:00
David Maloney 4dcae920f8 add specs for generate_java_payload
pretty self-explanatory
2014-02-04 17:40:59 -06:00
David Maloney 70d8246791 finish wiring up the final generation
formating and main generate methods wired up
still need to add some final tests
2014-02-04 15:52:18 -06:00
sinn3r bda93c2bbc
Land #2811 - Add generate_war to jsp_shell payloads 2014-02-04 15:06:45 -06:00
jvazquez-r7 80e7ae144b Use the platform when selecting the payload 2014-02-04 14:34:11 -06:00
William Vu a58698c177
Land #2922, multithreaded check command 2014-02-04 11:21:05 -06:00
Meatballs 0a3cb3377f
AppendEncoder 2014-02-04 15:41:10 +00:00
Meatballs 26c506da42
Naming of follow method 2014-02-04 15:25:51 +00:00
David Maloney c8b7dc30b4 added encoding routines
now has a method for encoding the shellcode
and tests to go with
2014-02-03 17:51:22 -06:00
Meatballs 76515092ce
Small mime changes 2014-02-03 23:28:26 +00:00
Meatballs 595e5fd8b1
Correct mime logic 2014-02-03 21:59:17 +00:00
Meatballs a8ff6eb429
Refactor send_request_cgi_follow_redirect 2014-02-03 21:49:49 +00:00
Meatballs 83925da2f1
Refactor form_data code 2014-02-03 21:16:58 +00:00
Meatballs 08493f2670
Merge remote-tracking branch 'upstream/master' into upgrade_psh
Conflicts:
	lib/msf/core/post/file.rb
2014-02-03 18:02:09 +00:00
sinn3r 2ee1764ceb Add method rhost, rport, and peer for post modules
[SeeRM #8761]
2014-02-03 01:05:43 -06:00
David Maloney 3b648346da starting in on encoders
added get_encoders method to find propper encoders
started on encode_payload, incomplete
added specs
2014-02-03 00:59:08 -06:00
sinn3r 0d02f6d589
Add support for win shells for file? 2014-02-02 23:37:26 -06:00
David Maloney 4a82bc74cf added nop sled generator
added code to prepend a nop sled
with tests to match
2014-02-02 22:51:12 -06:00
James Lee b9e234f62d
Log the size if it doesn't fit 2014-02-02 22:28:23 -06:00
David Maloney bb5f5542f0 generating raw payload bits now
added raw payload generation, arch selection,
and specs for everything thus far
2014-02-02 21:09:17 -06:00
David Maloney f9c31f988e test platform selection
added tests around platform selection
2014-02-02 16:52:41 -06:00
David Maloney f5d730e874 write specs around initialiser
added specs around object initialisation
2014-02-02 16:05:11 -06:00
David Maloney e265d6f54c begining of payload generator
started basics of generator
started adding specs
added option to simple framework to disable logging
2014-02-02 14:35:16 -06:00
Meatballs 95eb758642
Initial commit 2014-02-02 19:04:38 +00:00
Meatballs 9fa9402eb2
Better check and better follow redirect 2014-02-02 16:07:46 +00:00
Meatballs 0d3a40613e
Add auto 30x redirect to send_request_cgi 2014-02-02 15:03:44 +00:00
Meatballs 8b33ef1874
Not html its form-data... 2014-02-02 13:57:29 +00:00
Meatballs 9f35407a0c
Add MIME to_html method 2014-02-01 00:37:01 +00:00
sinn3r 4d008ca3f3 Fix ::Interrupt exception handling 2014-01-30 18:57:27 -06:00
sinn3r 9f669a8e39 Make check_multiple() thread-safe 2014-01-30 16:46:36 -06:00
OJ b60398b020 Merge branch 'upstream/master' into clipboard_monitor
Conflicts:
	lib/rex/post/meterpreter/extensions/extapi/tlv.rb
2014-01-29 23:07:05 +10:00
OJ ad1dce38d2 Final fixes before the monitor PR 2014-01-29 23:04:43 +10:00
OJ 2ef0e7e2a5 Small tidy of code 2014-01-29 17:07:06 +10:00
OJ e27707cac3 More tweaking of the clipboard monitor with dump/purge 2014-01-29 14:51:03 +10:00
OJ 10ac7a22af
Land #2897 Sane address resolution [FixRM #7259] 2014-01-28 23:09:44 +10:00
sinn3r 6435ddd162 loop do this too 2014-01-26 16:35:44 -06:00
sinn3r 0ffacc3420 { } block this 2014-01-26 16:33:21 -06:00
sinn3r 45bb336c51 Loop do it 2014-01-26 16:27:36 -06:00
sinn3r eec01e79ff No explicit "return" 2014-01-26 16:25:30 -06:00
sinn3r 48836b45cf Last commit before PR
Code changes address these feature requests:
[SeeRM #8737]
[SeeRM #8752]
[SeeRM #8755]
2014-01-26 12:15:47 -06:00
sinn3r a14dddd1ef Show warning 2014-01-26 12:08:20 -06:00
sinn3r f0ebd13447 Make sure all threads are killed after interrupt
If threads aren't killed, then when the user triggers interrupt,
the console will keep the threads (vuln checks) running, which
looks weird.
2014-01-26 02:49:16 -06:00
sinn3r 6ffb750633 Change Unsupported message
Auxiliary modules can use check, too. Not just exploits.
2014-01-26 01:14:11 -06:00
sinn3r 60f1688bb8 Fix option validation 2014-01-26 00:57:02 -06:00
sinn3r 2d12c0a368 NoMethod check and stuff 2014-01-25 20:25:01 -06:00
sinn3r 3bb17dad72 Check argument 2014-01-25 20:10:22 -06:00
Meatballs 33da3a414b
Remove unnecessary options 2014-01-25 13:52:52 +00:00
Meatballs 27a434205c
More flexible domain and DN 2014-01-25 13:17:00 +00:00
sinn3r 7dfd4ab22c Change default thread count 2014-01-25 01:40:05 -06:00
sinn3r 2046209291 This one looks like is working 2014-01-25 01:27:48 -06:00
sinn3r 216fa4503a Save progress 2014-01-24 23:32:29 -06:00
sinn3r 93fa58ed45 aux scanner support 2014-01-24 17:54:40 -06:00
Meatballs 08885bde19
Always forget debugging stuff 2014-01-24 23:45:12 +00:00
Meatballs be1da0e8a8
Move print statement 2014-01-24 23:37:20 +00:00
Meatballs cb53ca261f
Tidyup logic
ADSI doesn't care about distinguished names or domain and can take
either, but legacy API needs a domain for binding and a dn for
searching.

Send nil if we dont know the domain rather than a ptr to an empty
string.
2014-01-24 23:28:08 +00:00
Meatballs 6d9e395d40
Use LPVOID to avoid ptr trunc 2014-01-24 23:27:56 +00:00
Tod Beardsley 856feb82e8
Land #2906, check a given range 2014-01-24 16:01:57 -06:00
Tod Beardsley 1ff063d7de
Test the object not the class duhhh 2014-01-24 11:46:48 -06:00
Tod Beardsley 37b11ce2e1
Use Class#kind_of? instead of == 2014-01-24 11:31:04 -06:00
Meatballs ae13d1f3e6
Grab the default domain to improve ldap 2014-01-24 16:36:37 +00:00
Meatballs 23ba52641b
Revert ldap 2014-01-24 16:25:48 +00:00
Meatballs 9fce617462
Fixup railgun utils
Implement DsGetDcNamea to return current domain using example
railgun utils techniques.
2014-01-24 16:22:05 +00:00
sinn3r 3c8d82e363 Ensure the rhost datastore option is restored 2014-01-23 21:12:59 -06:00
Tod Beardsley 4bac297f66
Land #1473, add LDAP hotness 2014-01-23 18:11:39 -06:00
Meatballs 4b21672b60 Remove hardcoded string 2014-01-23 23:55:09 +00:00
Meatballs 790e4d7559
Move options to mixin 2014-01-23 23:47:46 +00:00
Meatballs 398e8463b1
Add more informative errors 2014-01-23 23:19:00 +00:00
Joe Vennix de06480f4f Add a defined? check to fix older versions of OpenSSL.
Older versions of OpenSSL did not export the OP_NO_COMPRESSION constant,
so users running metasploit on systems with old copies of openssl
would throw a NameError since the constant did not exist.
2014-01-23 14:51:47 -06:00
Tod Beardsley b5f61024c5
Land #2907, fixes qual asset importer
Addresses MSP-9311
2014-01-23 13:32:22 -06:00
sinn3r b07e87b1d6 Fix nil rhost 2014-01-23 10:33:05 -06:00
jvazquez-r7 256f2b12eb
Land #2894, @wchen-r7's CheckCode documentation update 2014-01-23 07:31:24 -06:00
sinn3r c48595f239 Add support to scan a range of IPs for the check command
[SeeRM #8737] This allows the check command to scan multiple hosts.
2014-01-23 00:37:32 -06:00
lsanchez-r7 58cf7193f9 fixing NameError undefined local variable in an import 2014-01-22 16:54:31 -06:00
Meatballs 9acd0f4b56
Merge remote-tracking branch 'upstream/master' into enum_ad_perf 2014-01-22 21:46:50 +00:00
Tod Beardsley 636c43dcdc
Land #2736, basic ADSI support via meterp extapi 2014-01-22 15:24:01 -06:00
Tod Beardsley 90207628cc
Land #2666, SSLCompression option
[SeeRM #823], where Stephen was asking for SSL compression for
Meterpreter -- this isn't that, but it's at least now possible for other
Metasploit functionality.
2014-01-22 10:42:13 -06:00
OJ 83358fbbf0 More work on the clipboard monitor 2014-01-22 22:56:13 +10:00
Meatballs 80452767c8
Comments 2014-01-22 10:24:24 +00:00
Meatballs 156e3c046e
Dont lookup twice 2014-01-22 10:14:56 +00:00
Meatballs 6d6d1e1033
No need to fiddle with naming context 2014-01-22 10:06:36 +00:00
OJ a7d4aa5d46 Merge branch 'upstream/master' into clipboard_monitor
Conflicts:
	lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/clipboard.rb
2014-01-22 11:51:10 +10:00
James Lee e9ccec4755
Refactor load_session_info
All of this code is in sore need of some specs but I think this change
makes it a bit easier to understand what it is supposed to be doing.
2014-01-21 18:55:54 -06:00
Tod Beardsley 0b6e03df75
More comment docs on SSLCompression 2014-01-21 16:48:26 -06:00
Tod Beardsley b8219e3e91
Warn the user about SSLCompression 2014-01-21 16:41:45 -06:00
Meatballs 720f892e2f
Merge remote-tracking branch 'upstream/master' into enum_ad_perf 2014-01-21 21:00:51 +00:00
William Vu dc4b4218b3 Make {COUNT,SIZE}_MAX more readable
Good suggestion, @jlee-r7.
2014-01-21 12:13:14 -06:00
William Vu 6a16cf96ba Fix bug in fsupload
Badchar analysis: file may contain form feeds.
2014-01-21 11:36:24 -06:00
Raphael Mudge ac151794f3 Make Meterpreter Session Address Resolution Sane
If MSF can not match the visible IP address of a Meterpreter session
to an interface--it will attempt to find an IP address associated
with a default route and use it as the session's address.

This commit fixes the logic associated with this process. The old
logic only considers one IP address per Interface, even though an
Interface may have multiple addresses/masks associated with it.

This flaw led to situations where MSF would favor an IPv6 link-local
address over the IPv4 address associated with the default route,
solely because the IPv4 address was not the first value in the
addresses array.

[FixRM #7259]
2014-01-21 00:32:50 -05:00
sinn3r ea47da5682 Add wiki link "How to write a check() method" to documentation 2014-01-20 20:10:50 -06:00
sinn3r e48b8ae14c Use a better term 2014-01-19 16:01:38 -06:00
sinn3r afd0e71457 Use the term "exploit" is a little more correctly
So Metasploit uses the term "exploit" to describe something, a module
or an action, that results popping a shell. A check normally doesn't
pop a shell, so avoid that language.
2014-01-17 13:50:23 -06:00
sinn3r 363c53e14e Clearify when to use a specific CheckCode
An example of the biggest confusion module developers face is not
actually knowing the difference between Detected vs Appears vs
Vulnerable. For example: a module might flag something as a
vulnerable by simply doing a banner check, but this is often
unreliable because either 1) that banner can be fooled, or 2)
the patch does not actually update the banner. More reasons may
apply. Just because the banner LOOKS vulnearble doesn't mean it is.
2014-01-17 13:35:17 -06:00
OJ 9212013c3e Add error message support
This commit enables returning of error messages based on the HRESULT.
They still aren't nice, but they're better than nothing.
2014-01-17 11:42:07 +10:00
jvazquez-r7 ac9e634cbb
Land #2874, @mandreko's sercomm exploit fixes 2014-01-16 16:35:32 -06:00
sinn3r a1eba03d1f
Land #2725 - Rex::Proto::PJL plus modules 2014-01-16 15:57:38 -06:00
William Vu 9bf90b836b Add environment variables support 2014-01-16 14:53:25 -06:00
William Vu 0915212249 Fix socket timeout bug 2014-01-16 11:58:37 -06:00
jvazquez-r7 0b9ff43217 Make slice_up_payload easier 2014-01-16 11:03:22 -06:00
jvazquez-r7 f41849c921 Clean CmdStagerEcho 2014-01-16 11:00:57 -06:00
OJ 8e1d3c9c2a Final tweaks for WMI support 2014-01-16 22:02:28 +10:00
OJ 69abffaff6 First pass of WMI support
Close but more to do.
2014-01-16 13:47:46 +10:00
William Vu 311704fc0a Perform final cleanup 2014-01-15 13:49:37 -06:00
OJ 870349acd0
Merge branch 'upstream/master' into basic_adsi_support 2014-01-15 19:57:07 +10:00
HD Moore 68ccdc8386 Fix a stack trace when module_payloads.rb is run
This fixes a missing check for self.target being nil in the compatible_payloads method
2014-01-13 15:36:33 -08:00
Matt Andreko b7b1ddf1e8 Sercomm Exploit module fixes
Added targets for 8 specific targets that I've tested: Cisco WAP4410N,
Honeywell WAP-PL2 IP Camera, Netgear DG834, Netgear DG834G, Netgear
DG834PN, Netgear DGN1000, Netgear DSG835, Netgear WPNT834
Added functionality to the CmdStagerEcho mix-in to support encoding via
octal instead of hex based on the :enc_type option. This is because many
devices would not output hex encoded values properly.
Added options on a per-target basis for the PackFormat (endian pack()
values for communication), UploadPath (because /tmp wasn't always
writable), and PayloadEncode (previously mentioned octal encoding
option)
Note for some reason, some devices communicate over one endianness, but
then require a payload for the other endianess. I'm not sure what's
causing this, but if those specific combinations are not used, the
exploit fails. More research may be required for this.
2014-01-13 16:58:32 -05:00
William Vu 4ccf1a4720
Land #2873, Msf::Handler::ReverseHttp::UriChecksum 2014-01-13 15:38:56 -06:00
David Maloney 41807d7e4e move rev_http uri checksum code
need access to the uri checksum
routines outside of the handler.
moved them to their own mixin
and then mixed into the handler.
added specs also
2014-01-13 15:18:16 -06:00
Tod Beardsley e6e6d7aae4
Land #2868, fix Firefox mixin requires 2014-01-13 14:23:51 -06:00
Joe Vennix 3db143c452 Remove explicit requires for FF payload.
Adds ff payload require to msf/core/payload.rb
2014-01-13 13:07:55 -06:00
jvazquez-r7 95a5d12345 Merge #2835, #2836, #2837, #2838, #2839, #2840, #2841, #2842 into one branch 2014-01-13 10:57:09 -06:00
sinn3r cacd7ff9d4
Land #2827 - Add firefox js xpcom payloads for universal ff shells 2014-01-10 14:29:32 -06:00
William Vu b43a221959
Land #2855, Rex::Socket refactor and specs 2014-01-09 16:20:50 -06:00
James Lee ba252ec0c3
Use 'unless' instead of 'if not' 2014-01-09 16:01:58 -06:00
William Vu f00e5a678b
Land #2854, #next nil beug fix 2014-01-09 15:39:06 -06:00
William Vu c3b1eea5fd
Land #2853, user survey banner splat 2014-01-23 00:05:25 -06:00
Tod Beardsley 02018077ea
dangit odd number of ]s 2014-01-09 15:15:47 -06:00
James Lee 7cb6836209
Replace unused var with purpose-revealing comment 2014-01-09 15:07:04 -06:00
James Lee 27133257a4 Better docs, more accurate var names 2014-01-09 15:05:19 -06:00
James Lee 20a5bf45f5
Fix beug with #next raising after the end
... instead of the old behavior or just returning nil again
2014-01-09 15:03:11 -06:00
Tod Beardsley 25337888b0
Move back the expires date. 2014-01-09 14:51:23 -06:00
Tod Beardsley fe3fed1dba
Add a link to http://bit.ly/msfsurvey in banner 2014-01-09 14:37:41 -06:00
Tod Beardsley e4460278d2
Fix the closing brackets on the banner. 2014-01-09 14:37:25 -06:00
William Vu 1893cbca0e
Land #2843, RangeWalker resolution failure bug fix 2014-01-09 14:36:32 -06:00
James Lee 1519af33f5
Refactor `getaddress` in terms of `getaddresses` 2014-01-09 11:03:24 -06:00
jvazquez-r7 85203c2f2a
Land #2823, @mandreko's exploit module for OSVDB 101653 2014-01-09 10:27:44 -06:00
James Lee 01f350964f
Add specs for some stuff in Rex::Socket 2014-01-09 10:19:19 -06:00