Commit Graph

722 Commits (b99a9e5075f6505d3b67a8dd9a043f91e3900b47)

Author SHA1 Message Date
bmc 1351ceed1c * add support to hex/%u encode a URI
git-svn-id: file:///home/svn/incoming/trunk@3517 4d416f70-5f16-0410-b530-b9f4589650da
2006-02-06 22:48:57 +00:00
bmc ca315abe1b * add uri-encoding as an evasion method (though, exploits could hard code it if they need to...)
git-svn-id: file:///home/svn/incoming/trunk@3516 4d416f70-5f16-0410-b530-b9f4589650da
2006-02-06 22:48:10 +00:00
bmc c2c01a2d9e * use full path to the const, since in odd situations, the const isn't in scope. (WTF?)
git-svn-id: file:///home/svn/incoming/trunk@3513 4d416f70-5f16-0410-b530-b9f4589650da
2006-02-06 20:24:45 +00:00
bmc 0f6055c73c support both POST and SEARCH as basic post request types.
git-svn-id: file:///home/svn/incoming/trunk@3512 4d416f70-5f16-0410-b530-b9f4589650da
2006-02-06 20:23:52 +00:00
bmc 32dfdc114c * allow a request to pass a timeout (and by allowing passing a timeout, the ability to not parse the response)
git-svn-id: file:///home/svn/incoming/trunk@3511 4d416f70-5f16-0410-b530-b9f4589650da
2006-02-06 20:22:47 +00:00
HD Moore 0ea7fc3ec4 Minor tweaks
git-svn-id: file:///home/svn/incoming/trunk@3508 4d416f70-5f16-0410-b530-b9f4589650da
2006-02-05 20:18:45 +00:00
HD Moore dc42740402 Added a new JObs tab
git-svn-id: file:///home/svn/incoming/trunk@3507 4d416f70-5f16-0410-b530-b9f4589650da
2006-02-05 19:43:05 +00:00
HD Moore 5b497d5e4d Added Irix platform
Tweaked reverse.rb to use a subshell and background it
Added Irix lpdexec


git-svn-id: file:///home/svn/incoming/trunk@3505 4d416f70-5f16-0410-b530-b9f4589650da
2006-02-05 18:10:08 +00:00
vlad902 3acdd81b9e metasploit -> mozilla
git-svn-id: file:///home/svn/incoming/trunk@3504 4d416f70-5f16-0410-b530-b9f4589650da
2006-02-05 01:56:34 +00:00
HD Moore 868d7bf561 Working findtag + samba
Removed call to evasions that didnt have corresponding definition


git-svn-id: file:///home/svn/incoming/trunk@3501 4d416f70-5f16-0410-b530-b9f4589650da
2006-02-04 21:04:50 +00:00
bmc 40961655d6 * enable evasions on the socket as they come in
git-svn-id: file:///home/svn/incoming/trunk@3498 4d416f70-5f16-0410-b530-b9f4589650da
2006-02-03 19:56:50 +00:00
bmc 3adb2211b8 * add tcp segment size evasion
* add tcp write delay evasion


git-svn-id: file:///home/svn/incoming/trunk@3497 4d416f70-5f16-0410-b530-b9f4589650da
2006-02-03 19:55:56 +00:00
bmc f5affd4b41 ugh, nasty bug where if an exception is raised during on_client_data in which the client was shut down, the select loop will still state that the client has data to be processed, which causes an exception to be raised, starting to loop over again
git-svn-id: file:///home/svn/incoming/trunk@3496 4d416f70-5f16-0410-b530-b9f4589650da
2006-02-03 19:54:08 +00:00
bmc 620dfad4a9 gee, these were not cut and paste targets...
git-svn-id: file:///home/svn/incoming/trunk@3490 4d416f70-5f16-0410-b530-b9f4589650da
2006-02-01 22:33:49 +00:00
bmc 2f2790386f providing the XDR alias is important...
git-svn-id: file:///home/svn/incoming/trunk@3489 4d416f70-5f16-0410-b530-b9f4589650da
2006-02-01 22:31:28 +00:00
bmc f3ae631d59 tabify
git-svn-id: file:///home/svn/incoming/trunk@3488 4d416f70-5f16-0410-b530-b9f4589650da
2006-02-01 18:42:14 +00:00
vlad902 27e12952d0 Replace get_once with get()
git-svn-id: file:///home/svn/incoming/trunk@3487 4d416f70-5f16-0410-b530-b9f4589650da
2006-02-01 00:01:57 +00:00
bmc 6c8f513e47 * add "good" char list as well, since well... otherwise its painful.
git-svn-id: file:///home/svn/incoming/trunk@3485 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-31 22:25:55 +00:00
bmc 8d2582dffa use a slightly different port than other tests
git-svn-id: file:///home/svn/incoming/trunk@3483 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-30 22:11:36 +00:00
bmc 750e119a76 * use a slightly different port than other tests
git-svn-id: file:///home/svn/incoming/trunk@3482 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-30 22:11:09 +00:00
bmc d668b87f68 * remove some comments
git-svn-id: file:///home/svn/incoming/trunk@3481 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-30 22:09:58 +00:00
HD Moore f4c07e8a54 Catch an exception thrown if no default route exists
git-svn-id: file:///home/svn/incoming/trunk@3480 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-30 21:57:24 +00:00
bmc cd06c10aba * fixup include path
git-svn-id: file:///home/svn/incoming/trunk@3478 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-30 18:58:16 +00:00
bmc 93ad7045ba * rex exception names are used, therefor rex/exceptions is required
git-svn-id: file:///home/svn/incoming/trunk@3477 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-30 18:50:43 +00:00
bmc f76becf428 * make the connection failure use 1 instead of 0, since many OSs bitch differentlly about port 0 than other ports
git-svn-id: file:///home/svn/incoming/trunk@3476 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-30 18:49:08 +00:00
bmc 05b9aacbc1 'none' is an ok content-encoding, just does nothing... (passed in from the exploit mixin)
git-svn-id: file:///home/svn/incoming/trunk@3475 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-30 17:31:32 +00:00
HD Moore c1b9129bca A couple more assertions in the tcp_server test suite.
Added template for the winamp pls overflow (unc computer name)


git-svn-id: file:///home/svn/incoming/trunk@3474 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-30 17:25:44 +00:00
bmc be31eead6f * client and server (once accepted) should have the same functionality. so, make the tests do that.
git-svn-id: file:///home/svn/incoming/trunk@3473 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-30 17:12:51 +00:00
HD Moore 5661598ef3 Addign read function >>
git-svn-id: file:///home/svn/incoming/trunk@3472 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-30 16:37:41 +00:00
bmc 9193668e9d * use a different port than the UDP tests, as to allow running the tests in parallel
git-svn-id: file:///home/svn/incoming/trunk@3471 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-30 15:47:47 +00:00
bmc 48611adb2c * making constants look like reality is a good thing
git-svn-id: file:///home/svn/incoming/trunk@3470 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-30 15:13:25 +00:00
HD Moore e01b5aee85 More code
git-svn-id: file:///home/svn/incoming/trunk@3468 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-29 03:08:04 +00:00
HD Moore 7a086113d3 More gooey
git-svn-id: file:///home/svn/incoming/trunk@3467 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-29 00:10:25 +00:00
HD Moore 495a1dd88d More of the gui working
git-svn-id: file:///home/svn/incoming/trunk@3466 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-28 23:33:55 +00:00
HD Moore adadbbe6ae Minr updates
git-svn-id: file:///home/svn/incoming/trunk@3465 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-28 20:22:18 +00:00
HD Moore bb6d5c38a3 Better WX stub
git-svn-id: file:///home/svn/incoming/trunk@3464 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-28 20:11:28 +00:00
HD Moore 9b9bd2b7a7 Fixed bugs in io/stream:
1) no longer modify the buffer argument in send
 2) no longer duplicate the buffer argument in write

Added some basic telnet control character detection to socket:
 1) ^D closes a connection
 2) ^C closes a connection
 3) ^Z just prints it out

Problems with control character handling in msfd:
 1) The current handlers are signal based, could be more than one msfd client
 2) Calling ui._suspend isn't possible from the Input driver class (no context now)


git-svn-id: file:///home/svn/incoming/trunk@3462 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-28 07:12:35 +00:00
bmc 98dcf5b539 * s/\t/ / doesn't always work...
git-svn-id: file:///home/svn/incoming/trunk@3461 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-28 01:23:46 +00:00
bmc d4d73114c1 * add the following evasions for attacks against HTTP servers:
HTTP::chunked
    HTTP::header_folding
    HTTP::junk_headers
    HTTP::junk_slashes
    HTTP::junk_directories
    HTTP::junk_params
    HTTP::junk_self_referring_directories
    HTTP::junk_pipeline

* add the following evasions for attacks against HTTP clients:
    HTTP::junk_headers
    HTTP::compression (was gzip)

* added an exploit mixin for HTML based attacks with HTML based evasions.  eg: aim_goaway.rb
    HTML::unicode
    HTML::javascript::base64
    HTML::javascript::escape


git-svn-id: file:///home/svn/incoming/trunk@3458 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-27 22:02:35 +00:00
bmc 20fec01d68 * add junk pipelined request support
* fix socket creation on pipelined requests
* when a server says that the connection should be closed (Connection: closed), then close the connection, since its going to regardless, and we don't want to loose our state
* support non-standard line termination in headers.  ie \n instead of \r\n
* add junk headers (X-rand: rand)
* add header folding (for evasion)
* add parse_header_re (still leaving parse_header around, though its dead code ATM) that does the right thing on non-standard line endings
* move 'gzip' to a 'compression' option
* add 'deflate' compression option (really, just raw zlib, and only firefox does deflate right)
* fix a bunch of TE:chunked decoding bugs based based on the fact that Apache doesn't always close chunks appropriately
* modify parse_body to not return state, since it doesn't always do that, and the return isn't used... self.state is.
* add TE:chunked request support
* normalize URIs in requests before saving them
* Move params out of the URI, but when the uri is requested, and the method is GET, and there are params, return a URI that has the params that are approrpiately encoded (needed for junk_params, see below)
* move request.to_s support of params to use the request params array when a POST, allows use of junk params support (see below).  NOTE:  If the body is provided, use the body instead of params, in case you want to hardcode the params in a POST request, eg: php_xmlrpc_eval.rb
* Add junk params when building a param list, eg: a=b becomes asdfasdf=asdrt32a&asdfad=okhgasd&a=b&hjklasdf=hkasgd
* add URI junk slash support (eg: /////foo.html)
* param splitting now supports both '&', and ';', which CGI.pm and PHP both allow
* add URI junk directory support, eg: /asdf/../foo.html
* add param encoding support, eg: param A with value '=' is  A=%3d
* add URI junk self referring directory support, eg: /././foo.html


git-svn-id: file:///home/svn/incoming/trunk@3457 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-27 21:57:44 +00:00
bmc 6064bf7c60 * add jmp and jmp_reg
git-svn-id: file:///home/svn/incoming/trunk@3455 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-27 21:14:24 +00:00
HD Moore b4ad4a5d75 Tabs vs Spaces
git-svn-id: file:///home/svn/incoming/trunk@3453 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-27 05:33:08 +00:00
HD Moore e9b4b96f0d Tabs vs spaces
git-svn-id: file:///home/svn/incoming/trunk@3452 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-27 05:29:06 +00:00
HD Moore 93045fa927 Tab fixes
git-svn-id: file:///home/svn/incoming/trunk@3451 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-27 05:28:16 +00:00
bmc a1db0b6196 space to tab (happy skape?)
git-svn-id: file:///home/svn/incoming/trunk@3445 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-25 21:57:30 +00:00
bmc 7f9baa9744 * update OptEnum so that desc displays the valid options, less duplication of data
* add OptEnum to the test suite


git-svn-id: file:///home/svn/incoming/trunk@3442 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-25 19:15:09 +00:00
HD Moore ffd0ffe5b5 Patches in from PC
git-svn-id: file:///home/svn/incoming/trunk@3441 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-24 23:08:20 +00:00
bmc 98b9a977f4 * these need to go away
git-svn-id: file:///home/svn/incoming/trunk@3440 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-24 16:01:49 +00:00
bmc 6c76e44013 this needs to go away
git-svn-id: file:///home/svn/incoming/trunk@3439 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-24 16:00:45 +00:00
HD Moore bdfd2c5152 Recon modules and the recon event subsystem have been temporarily removed.
The 'auxiliary' system is designed to replace it and recon features will
slowly be moved back into the framework


git-svn-id: file:///home/svn/incoming/trunk@3438 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-24 03:59:44 +00:00