a59fa059dc
Fix #5675 Synchronize access to stop_handler
2015-07-20 16:09:13 -05:00
035c0a8a38
Fix #5078 by improving actual_timeout calculation
2015-07-20 11:27:48 -05:00
1a9664fcba
Delete default option
2015-07-20 09:54:51 -05:00
da445a52aa
Update URIHOST and URIPORT
2015-07-16 14:27:46 -05:00
1fdbcc71c1
Support URIHOST and URIPORT for exploit URI generation
2015-07-16 14:10:49 -05:00
73fd4bd853
Allow the notes command to save notes as a file
...
The -o option can save notes as a file.
2015-07-16 00:28:15 -05:00
18ca617c23
Land #5649 , Fix undefined sysinfo method error in meterpreter.rb
2015-07-15 23:27:02 -05:00
886ca47dfb
Land #5650 , @wchen-r7's browser autopwn 2
2015-07-15 10:21:44 -05:00
b6e25506d0
Add a common user agent list, use the shortest for Meterpreter
2015-07-15 13:03:47 +10:00
4f8f640189
Rename autopwnv2 to just autopwn2
2015-07-14 17:38:51 -05:00
709676e6cc
Make exploits quiet
2015-07-14 17:00:44 -05:00
219d0032fa
Do print_good to make this important stand up more
2015-07-14 15:36:35 -05:00
1992a5648d
Make up our damn mind
2015-07-14 15:09:23 -05:00
d64f4be691
Check if URIPORT is 0
2015-07-14 14:45:10 -05:00
5e63b5f93e
Can't use cli
2015-07-14 14:37:45 -05:00
cf714fe4aa
Change port logic too
2015-07-14 14:19:00 -05:00
61d49f29e8
Check nil for SRVHOST option
2015-07-14 14:16:49 -05:00
8efb4df8af
Change the HOST IP logic again
2015-07-14 14:15:32 -05:00
9980e8f285
Change SRVHOST vs URIHOST vs Rex again
2015-07-14 14:06:33 -05:00
f76fe07872
Fix SRVHOST
2015-07-14 13:49:28 -05:00
9be030bbff
Fix nil in executable generation
2015-07-14 18:47:33 +00:00
9dddb13d0b
Slow down on killing exploits
...
Jobs aren't thread safe, so we kind of have to take it easy.
2015-07-14 13:10:57 -05:00
2264efac15
Reduce output
2015-07-14 12:22:38 -05:00
100d3c8d46
A number of small fixes for BAPv2
...
* Use module.register_parent() to pass WORKSPACE and other fields
* Prevent partial resource matching in URIs
* Make disclosure_date sorting resilient
2015-07-14 11:40:28 -05:00
60444c208b
Land #5658 , MSF version includes git hash now
2015-07-14 09:21:25 -05:00
0582e7e3ca
Return nil instead of "null"
...
A scenario is when FF disables Flash, BES returns "null", and when
modules try to use Gem::Version, the "null" is considered a malformed
data and it won't be able to continue.
2015-07-14 01:25:41 -05:00
8384be6466
Fix rand_text_alpha and bump max exploit count to 21
2015-07-14 01:02:01 -05:00
d6565a9aee
Merge branch 'bes_flash' into bapv2_flash_test
2015-07-14 00:34:54 -05:00
8fb6bedd94
Delete as3 detecotr
2015-07-13 18:23:39 -05:00
8928c5529c
Fix Javascript code
2015-07-13 17:43:04 -05:00
244d9bae64
Add max timeout
2015-07-13 16:52:25 -05:00
9116460cb0
Add prototype with AS3
2015-07-13 16:33:55 -05:00
07d05828d0
Land #5688 , remove msfcli
2015-07-13 15:27:38 -05:00
93f154b395
Land #5695 , SMTPDeliver STARTTLS unspecific SSL
2015-07-13 18:54:41 +00:00
0a5119a4ac
Land #5702 , vprint_* optional parameter
2015-07-13 18:47:22 +00:00
884b779b36
Land #5593 , CVE-2015-1155 Safari file:// Redirection Sandbox Escape
2015-07-13 11:28:39 -05:00
e638d85f30
Merge branch 'upstream-master' into bapv2
2015-07-12 02:01:09 -05:00
8d40d30d47
Comemnt
2015-07-11 23:24:01 -05:00
88357857a0
These datastore options don't need to set anymore
2015-07-11 23:22:05 -05:00
a4dc409c12
Add empty default vprint value
2015-07-11 19:38:27 +01:00
8349a274ea
use and include git hash of Framework as part of the version
...
Because we do not always update the version number, multiple releases have
shown version string, which is not useful for helping debug issues, or for
knowing what features are enabled.
This adds the git hash or reads from a file a copy of the git hash (useful for
doing packaged builds without git) so that it is clear the origin of a
particular metasploit-framework version.
2015-07-10 18:03:37 -05:00
89aa00cfc4
Check job workspace
2015-07-10 13:09:42 -05:00
086de2c030
Pass more options
2015-07-10 12:39:43 -05:00
513dcf3574
We don't need these methods anymore
2015-07-10 12:12:53 -05:00
493971245a
switch nsock locally to TLS - don't assume self.sock is set
2015-07-10 12:10:53 -05:00
3495d317b5
Do not lock SMTP STARTTLS to only use SSLv3
...
SSLv3 has been deprecated for some time, and is being actively disabled more
and more (http://disablessl3.com , https://tools.ietf.org/html/rfc7568 ).
To maintain forward compatibility, do not specify a maximum version
and insteady use the default from the local OpenSSL library instead. Fallbacks
to older versions will happen on handshake as needed.
2015-07-10 11:17:31 -05:00
51f59b3c8c
Re-add URI generation to reverse_http
2015-07-10 16:21:55 +10:00
f59c99e2ff
Remove msfcli, please use msfconsole -x instead
...
msfcli is no longer supported, please use msfconsole.
Announcement on SecurityStreet:
Weekly Metasploit Wrapup
Posted by Tod Beardsley in Metasploit on Jan 23, 2015 11:57:05 AM
2015-07-09 12:50:02 -05:00
21e44f235e
Example of doing Flash detection with Flash
2015-07-08 13:18:57 -05:00
0b59e63084
keep advanced options on the fat side of the conditional
2015-07-07 22:44:34 -05:00
23abc288c8
Resolved conflicts with master
2015-07-07 22:34:30 -05:00
fdb715c9dd
Merge branch 'upstream-master' into bapv2
2015-07-07 13:45:39 -05:00
dc0ce88279
We're note actually using Mubex, it might be causing a crash too
...
A problem we are seeing is that sometimes when BAP terminates
(ie: jobs -K), we hit a deadlock while jobs are trying to cleanup,
and sometimes that might cause msfconsole to crash and terminate.
We suspect this Mubex is a contributing factor but it has been hard
to prove because it's very hard to reproduce the crash.
2015-07-07 00:32:20 -05:00
4a70e23f9a
Add ExploitReloadTimeout datastore option
...
Some exploits require more time, and if we try the next exploit too
soon, it may crash the browser.
2015-07-06 19:20:15 -05:00
0a4c6fb92f
Merge branch 'master' of github.com:rapid7/metasploit-framework
2015-07-06 14:24:52 -05:00
c68064ba36
Lands #5671 , re-integrates SMB fdleak/timeout settings
2015-07-06 14:23:59 -05:00
366d42a0d8
Land #5609 , Fuzzer.rb and file_info.rb YARD doc update
2015-07-06 14:12:55 -05:00
25bdf7a50a
Land #5427 , check payload compatability for set payload fix
2015-07-06 12:56:21 -05:00
3595a23673
Restore #3738
2015-07-06 11:22:22 -05:00
2a89e248d7
Pymet fix send uuid logic for Python 3.x
2015-07-06 11:20:34 -04:00
3150549634
Experimental output show/hide for BAPv2
2015-07-05 19:07:10 -05:00
d2063c92e1
Refactor datastore names to match standards
2015-07-05 18:21:45 -05:00
60a896f58b
Adjust extension timeout.
2015-07-05 16:48:25 -05:00
b577f79845
Fix some bugs in the safari file navigation module.
2015-07-05 16:46:18 -05:00
aaaf6807ed
Minor indentation/space fixes
2015-07-05 09:18:27 +10:00
3c7298ba80
Fix additional copy-pasta cases of #5662
2015-07-04 12:38:04 -05:00
fb2da00bfd
Fix #5662 by not generating a small uri by default
2015-07-04 09:27:18 -07:00
29d45e3b18
Pymet patch in timeout info on generate_stage
2015-07-03 14:12:29 -04:00
2b0f6e723d
Explain the byte sequence
2015-07-03 11:12:59 -05:00
5c582b76ca
Resolves #4380 , check for warbird template
...
Resolves #4380 . Adds a check for warbird (license verification)
windows template. For reference please see:
http://thisissecurity.net/2014/10/15/warbird-operation/
2015-07-03 02:38:52 -05:00
5be94c12b6
Land #5602 , adds irb -e to core
2015-07-02 16:21:20 -05:00
434cffa258
clean up so idiomatic ruby details
2015-07-02 16:16:57 -05:00
7858d63036
Typo
2015-07-02 15:34:44 -05:00
43d47ad83e
Port BAPv2 to Auxiliary
2015-07-02 15:29:24 -05:00
6e31b9ef53
Initialize and rename the BES mutex
2015-07-02 15:11:03 -05:00
c5c7de0091
Rework browser profiles, get back to functional mode
2015-07-02 14:58:43 -05:00
c0969d4497
Fix module.uuid references
2015-07-02 13:45:38 -05:00
0e7f610836
Finish browser profile rework in BES
2015-07-02 12:58:21 -05:00
b9a8308138
Replace BAP profiles with a framework-instance hash
2015-07-02 12:53:24 -05:00
87e6325737
Revert BAPv2 changes to framework/libraries/handlers
2015-07-02 12:10:21 -05:00
0af397217c
Merge pymet transport feature into fresh branch
2015-07-02 08:43:13 -04:00
c4875a8821
Change sysinfo to sys.config.sysinfo
2015-07-02 11:38:37 +05:00
8051a99f4a
Merge branch 'upstream-master' into bapv2
2015-07-01 18:45:42 -05:00
a5ad56754f
Use full namespace for PACKET_TYPE_RESPONSE
2015-07-02 08:03:39 +10:00
e7271e3c04
Call the Meterpreter methods directly vs pollute the namespace
2015-07-01 16:04:54 -05:00
399b3d2810
Land #5629 , moar cmd_exec refactoring
2015-07-01 00:36:19 -05:00
e99d63687f
Land #5608 , android and java meterpreter transport and sleep support
...
This also includes stageless Windows meterpreter fixes for process migration.
2015-07-01 00:23:36 -05:00
7aeb9e555b
Change ranking and support CAMPAIGN_ID
2015-06-29 12:13:46 -05:00
02cd2a9cd9
Fix #3951 Update Windows::Registry to use cmd_exec
2015-06-29 12:07:37 -05:00
1bfa84b37b
Land #5628 , sessions -d removal
2015-06-29 11:45:27 -05:00
834c0e594a
Update multi modules
2015-06-29 11:36:28 -05:00
dde853b0a0
Fixed "linee" to "line"
2015-06-29 11:27:50 -05:00
e5836fbdac
Removed session -d from core.rb
...
Ticket #4423
2015-06-29 10:57:50 -05:00
7742d85f2f
I guess that's fine
2015-06-27 20:58:19 -05:00
6136269ace
No can't do this
2015-06-27 13:53:29 -05:00
5c039ccfd7
Even faster
2015-06-27 13:51:21 -05:00
9bd920b169
Merge branch 'upstream-master' into bapv2
2015-06-27 12:19:55 -05:00
88e58cbdc5
Better performance
2015-06-27 12:19:07 -05:00
007da4af41
Force :init_connect for stageless
2015-06-27 18:21:15 +10:00
79185e91c6
Refactor the pymet to use transport objects
2015-06-26 14:56:31 -04:00
jvazquez-r7
wchen-r7
OJ
William Vu
HD Moore
Samuel Huckins
Brent Cook
g0tmi1k
Mo Sadek
Spencer McIntyre
joev
Joshua Smith
root