infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
27,822 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

27822 Commits (bf92769ba2a405c50d93f6d269f486ac056e441c)

Author SHA1 Message Date
nullbind bf92769ba2 added mssql_escalate_dbowner_sqli 2014-10-17 10:25:20 -05:00
Samuel Huckins 50a2f4c2a7
Adding missing lock changes from #4030 2014-10-15 20:39:13 -05:00
Samuel Huckins 87d8fc187e
Lands #4030, latest meterpreter bins 2014-10-15 20:35:26 -05:00
Tod Beardsley 4f32cc8c01
Bump to meterpreter_bins 0.0.10 2014-10-15 19:36:48 -05:00
Tod Beardsley 8afe4ab5e0
Update Gemspec for meterpreter 0.0.8 2014-10-15 19:00:19 -05:00
Tod Beardsley d5a0b81680
Land #4024, auto-negotiate SSL versions 
Thanks @hmoore-r7!
 2014-10-15 16:04:38 -05:00
HD Moore 5a350b2bf3 Merge pull request #6 from todb-r7/pr4024-auto-negotiate-ssl 
Add 'Auto' to tcp.rb as well.
 2014-10-15 16:03:52 -05:00
Tod Beardsley 62be638258
Add 'Auto' to tcp.rb as well. 2014-10-15 16:01:42 -05:00
Joshua Smith 8ec0aa0a75
Land 4006, msfcli support for show actions 2014-10-15 14:43:27 -05:00
Tod Beardsley b866983bc2
Land #4025, auto-negotiate meterpreter SSL 2014-10-15 14:25:44 -05:00
HD Moore fcd9b4b293 Allow non-SSLv3 Meterpreters (auto-negotiate) 2014-10-15 13:57:51 -05:00
HD Moore cb3a4afac5 Typo: request -> requested in message 2014-10-15 13:48:22 -05:00
HD Moore 7516512650 Raise an ArgumentError vs RuntimeError for backwards compatibility 2014-10-15 13:30:38 -05:00
HD Moore a762d871bf Autonegotiate SSL/TLS versions when not explicit 2014-10-15 13:26:40 -05:00
HD Moore 0941b98596 Unland #4022 with #4023 (more discussion) 
essage aborts
 2014-10-15 12:32:10 -05:00
Tod Beardsley c4d1a4c7dc
Revert #4022, as the solution is incomplete 
Revert "Land 4022, datastore should default TLS1 vs SSL3"

This reverts commit 4c8662c6c1, reversing
changes made to 0937f32ff9.
 2014-10-15 12:32:08 -05:00
Joshua Smith 4c8662c6c1
Land 4022, datastore should default TLS1 vs SSL3 2014-10-15 11:49:28 -05:00
Tod Beardsley 1754b23ffb
Datastore options should default to TLS1, not SSL3 
Otherwise, we risk getting our connections killed by particularly
aggressive DPI devices (IPS, firewalls, etc)

Squashed commit of the following:

commit 5e203851d5c9dce1fe984b106ce3031a3653e54b
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Wed Oct 15 10:19:04 2014 -0500

    Whoops missed one

commit 477b15a08e06e74d725f1c45486b37e4b403e3c2
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Wed Oct 15 10:16:59 2014 -0500

    Other datastore options also want TLS1 as default

commit 8d397bd9b500ff6a8462170b4c39849228494795
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Wed Oct 15 10:12:06 2014 -0500

    TCP datastore opts default to TLS1

    Old encryption is old. See also: POODLE
 2014-10-15 10:28:53 -05:00
William Vu 0937f32ff9
Land #4021, TLSv1 default for RPC connections 2014-10-15 01:32:45 -05:00
HD Moore 6cf62765de Default to TLSv1 for RPC connections 2014-10-15 01:20:43 -05:00
Tod Beardsley 1095d1dca3
Land #4015, dates in the info on modules 2014-10-14 16:37:26 -05:00
Tod Beardsley 592f1e9893
Land #3999, errors on login suppressed by default 
This also solved the merge conflict on:

	modules/auxiliary/scanner/http/jenkins_login.rb

Fixes #3995.
 2014-10-14 16:35:09 -05:00
wvu-r7 d775c6cfdb Merge pull request #9 from todb-r7/pr4015-disclosure-fix 
Pr4015 disclosure fix
 2014-10-14 16:12:36 -05:00
Tod Beardsley e68aaa4226
Don't disclose empty disclosure dates 
For rapid7#4015
 2014-10-14 16:02:23 -05:00
Tod Beardsley b8aa3f5357
Test #4015, disclosure dates on info 2014-10-14 16:01:59 -05:00
William Vu f612c8cd3e
Add disclosure date to info 2014-10-14 15:15:24 -05:00
William Vu fdd79e64c3
Land #4010, ReverseAllowProxy clarification 2014-10-14 15:10:50 -05:00
Tod Beardsley 8e58efbf4f
Land #4008, OLE specs 2014-10-14 13:57:54 -05:00
Tod Beardsley 9630d4676f
Land #4012, info showing actions 2014-10-14 13:51:37 -05:00
William Vu 309d578196
Land #4013, OSVDB refs for a couple modules 2014-10-14 13:44:31 -05:00
William Vu bdbad5a81d
Fix misaligned bracket 2014-10-14 13:43:59 -05:00
Tod Beardsley 9f6008e275
A couple OSVDB updates for recent modules 2014-10-14 13:39:36 -05:00
Tod Beardsley 4f8801eeba
Land #3651, local Bluetooth exploit a @KoreLogic 
This started life as #3653. I'll take this out of unstable as well,
since it got there on commit b10cbe4f
 2014-10-14 13:13:34 -05:00
William Vu 972efd423c
Land #4011, module description cleanup 2014-10-14 12:43:17 -05:00
William Vu 5c4f61057f
Show available actions for info 2014-10-14 12:41:02 -05:00
Tod Beardsley 56534e7ad3
Changed a login failed to vprint instead of print 
People often like to supress failed attempts. Note that this change may
or may not have any effect, given the status of #3995.

This module was introduced in PR #3947.
 2014-10-14 12:01:09 -05:00
Tod Beardsley b1223165d4
Trivial grammar fixes 2014-10-14 12:00:50 -05:00
Tod Beardsley 6ea3a78b47
Clarify the description on HP perfd module 
Introduced in #3992
 2014-10-14 11:58:52 -05:00
Pedro Laguna 70d1eefaa9 Update reverse_tcp.rb 
As I am using a exploit that does a check on the Server HTTP headers to identify the target I saw an error message that reads like this:

>The target server fingerprint "" does not match "(?-mix:(Jetty|JBoss))", use 'set FingerprintCheck false' to disable this check.

Then, while using a HTTP proxy to analyse the requests I am presented with an error that tells me to set another internal option to override a default behaviour. Although it should be pretty clear to everyone using the metasploit framework, I think it is more convenient if all error messages have the same format/way to present suggestions, in this case, presenting the full command the user needs to introduce in order to carry on with the execution of the exploit.
 2014-10-14 11:24:59 +01:00
jvazquez-r7 2f20998eaa Force Rex::OLE::Util to work on LITTLE_ENDIAN 2014-10-13 16:01:43 -05:00
jvazquez-r7 51f1309cc3 Add specs for Rex::OLE::CLSID 2014-10-13 14:28:58 -05:00
jvazquez-r7 8b9c8da4ac Add specs for Rex::OLE::Util 2014-10-13 13:41:43 -05:00
William Vu 6ffe0807af
Update msfcli to use HasActions 2014-10-13 10:24:05 -05:00
Jon Hart d51d2bf5a0
Land #3990, @wchen-r7's fix for #3984, a busted check in drupal_views_user_enum 2014-10-12 19:38:55 -07:00
Jon Hart 458da2bca4
Land #3988, @wchen-r7's fix for #3985, a lack of logging for 'check' 2014-10-12 18:46:35 -07:00
Jon Hart d4297a7159
Land #3992, @espreto's HP perfd gather module 2014-10-12 18:35:06 -07:00
Jon Hart 76275a259a
Minor style cleanup of help and a failure message 2014-10-12 18:34:13 -07:00
Roberto Soares d0f1cd1251 Merge pull request #1 from jhart-r7/landing-3992-jhart-fixes 
Refactor hp_enum_perfd for better looting
 2014-10-12 20:44:24 -03:00
sinn3r 96be53dcf1
Land #3962 - Show selected action 2014-10-12 14:02:40 -05:00
Jon Hart c3a58cec9e
Make note of other commands to investigate 2014-10-11 13:07:52 -07:00