Tweaked reverse.rb to use a subshell and background it
Added Irix lpdexec
git-svn-id: file:///home/svn/incoming/trunk@3505 4d416f70-5f16-0410-b530-b9f4589650da
Removed call to evasions that didnt have corresponding definition
git-svn-id: file:///home/svn/incoming/trunk@3501 4d416f70-5f16-0410-b530-b9f4589650da
1) no longer modify the buffer argument in send
2) no longer duplicate the buffer argument in write
Added some basic telnet control character detection to socket:
1) ^D closes a connection
2) ^C closes a connection
3) ^Z just prints it out
Problems with control character handling in msfd:
1) The current handlers are signal based, could be more than one msfd client
2) Calling ui._suspend isn't possible from the Input driver class (no context now)
git-svn-id: file:///home/svn/incoming/trunk@3462 4d416f70-5f16-0410-b530-b9f4589650da
HTTP::chunked
HTTP::header_folding
HTTP::junk_headers
HTTP::junk_slashes
HTTP::junk_directories
HTTP::junk_params
HTTP::junk_self_referring_directories
HTTP::junk_pipeline
* add the following evasions for attacks against HTTP clients:
HTTP::junk_headers
HTTP::compression (was gzip)
* added an exploit mixin for HTML based attacks with HTML based evasions. eg: aim_goaway.rb
HTML::unicode
HTML::javascript::base64
HTML::javascript::escape
git-svn-id: file:///home/svn/incoming/trunk@3458 4d416f70-5f16-0410-b530-b9f4589650da
* fix socket creation on pipelined requests
* when a server says that the connection should be closed (Connection: closed), then close the connection, since its going to regardless, and we don't want to loose our state
* support non-standard line termination in headers. ie \n instead of \r\n
* add junk headers (X-rand: rand)
* add header folding (for evasion)
* add parse_header_re (still leaving parse_header around, though its dead code ATM) that does the right thing on non-standard line endings
* move 'gzip' to a 'compression' option
* add 'deflate' compression option (really, just raw zlib, and only firefox does deflate right)
* fix a bunch of TE:chunked decoding bugs based based on the fact that Apache doesn't always close chunks appropriately
* modify parse_body to not return state, since it doesn't always do that, and the return isn't used... self.state is.
* add TE:chunked request support
* normalize URIs in requests before saving them
* Move params out of the URI, but when the uri is requested, and the method is GET, and there are params, return a URI that has the params that are approrpiately encoded (needed for junk_params, see below)
* move request.to_s support of params to use the request params array when a POST, allows use of junk params support (see below). NOTE: If the body is provided, use the body instead of params, in case you want to hardcode the params in a POST request, eg: php_xmlrpc_eval.rb
* Add junk params when building a param list, eg: a=b becomes asdfasdf=asdrt32a&asdfad=okhgasd&a=b&hjklasdf=hkasgd
* add URI junk slash support (eg: /////foo.html)
* param splitting now supports both '&', and ';', which CGI.pm and PHP both allow
* add URI junk directory support, eg: /asdf/../foo.html
* add param encoding support, eg: param A with value '=' is A=%3d
* add URI junk self referring directory support, eg: /././foo.html
git-svn-id: file:///home/svn/incoming/trunk@3457 4d416f70-5f16-0410-b530-b9f4589650da
The 'auxiliary' system is designed to replace it and recon features will
slowly be moved back into the framework
git-svn-id: file:///home/svn/incoming/trunk@3438 4d416f70-5f16-0410-b530-b9f4589650da