b78f7b4d55
Land #6319 , @all3g's module for abusing redis to achieve file uploads
2015-12-14 18:00:44 -08:00
6611da9239
strip, not stripgit diff. strip! returns nil if the string was unmodified
2015-12-11 19:22:57 -08:00
dcdc21e2db
Correct unbalanced quotes
...
You down with OCD (Yeah you know me).
2015-12-11 18:44:14 -08:00
e23908d672
Improve verbose output related to authentication handling
2015-12-11 18:32:00 -08:00
1a0f71b6fa
Try to catch case where post-auth commands are failing
2015-12-11 17:23:03 -08:00
9cec3d9e6b
Move redis password option to non-advanced
2015-12-11 17:03:49 -08:00
1fecd9846c
Bury some helper methods behind private
2015-12-11 10:13:13 -08:00
9ef46140c0
Improve output when success
2015-12-11 10:10:44 -08:00
32a64c3d8e
Make auth easier, work automatically and on older redis versions
...
Also, improve check
2015-12-11 10:04:47 -08:00
ac47c87af4
Move Password option to redis mixin
2015-12-11 08:53:11 -08:00
38d0b0a0f2
Wire in @all3g's redis auth code
2015-12-11 08:42:59 -08:00
555e52e416
Document the redis upload process more
2015-12-10 09:35:46 -08:00
00f72b279b
Cleaner printing when in verbose
2015-12-10 09:12:54 -08:00
21ab4e96e5
First pass at redis mixin
2015-12-10 08:29:59 -08:00
080ec26afb
Land #4489 , Update SMB admin modules to use Scanner & fixes
2015-12-08 14:49:26 -06:00
14b1b3a1f0
Land #6299 , Stageless HTTP(S) Python Meterpreter
2015-12-04 16:16:54 -06:00
d7aeabbb71
Land #6293 , listener bind_port fix
2015-12-02 13:16:23 -06:00
58cf9f4fcd
Land #6301 for sure, @busterb's REALLY wants to delete go_pro :)
2015-12-02 09:38:40 -06:00
545e8a2ea0
Land #6301 , @busterb removes the go_pro command
2015-12-02 09:28:08 -06:00
6d3c4868a3
Land #6286 , bind port display in jobs
2015-12-02 02:21:14 -06:00
098c573f82
Land #6291 , DisablePayloadHandler Boolean fix
...
Nice call with Regexp#===, @wchen-r7. :)
2015-12-02 02:17:59 -06:00
fbeaeb2877
remove more unneeded machinery for go_pro
2015-12-01 22:32:50 -06:00
6ab2919c40
remove go_pro command
2015-12-01 15:29:21 -06:00
388edd3207
Fix the scheme for the pymet ProxyHandler
2015-11-30 13:45:24 -05:00
fba9715a56
Add stageless python meterpreter http & https payloads
2015-11-28 17:41:55 -05:00
0c8eb6fb37
Display ReverseListenerBindPort if it is set
...
ReverseListenerBindPort overrides LPORT if it is used. The `listener_uri`
method should use the output `bind_port` to account for this.
2015-11-27 09:16:20 +00:00
c888726a1a
Fix #6287 , check DisablePayloadHandler value in exploit.rb
...
It looks active_module datastore options are always strings. They
are actually different than what the module uses (normalized), so
we have to always have to check it.
2015-11-26 18:30:31 -06:00
e5119e6446
use payload_uri's result to derive lhost / lport
2015-11-26 15:21:51 -06:00
216119c05c
unfold override lhost/lport logic
2015-11-26 15:15:21 -06:00
1b495e73ac
Further reduce python reverse_http duplicate code
2015-11-26 14:31:00 -05:00
bd25ffa48c
Consolidate py reverse http uri code into a mixin
2015-11-26 13:32:50 -05:00
f4d35116bd
land #6288 , fix regression using non-default port with reverse_http
2015-11-26 11:04:24 -06:00
d9655fc882
Use LPORT if opts[:lport] is undefined
...
`nil.to_i` returns 0 which will short circuit the || resulting in port 0
being used. nil should be checked for prior to casting to int.
2015-11-26 16:08:22 +00:00
87507e19a9
Change job view to show bind port if applicable
2015-11-26 16:18:00 +10:00
776455d10a
Add another sound and event
...
Add sound: "We've got a shell"
Add event on_session_fail
2015-11-25 22:46:51 -06:00
8923252de7
Land #6259 , NoMethodError in vim_soap.rb fix
...
We haven't been able to get the XML data that would cause the error, all we have is a backtrace. So "verification" is purely code reading. Thanks @wchen-r7
Fixes #6085
Merge remote-tracking branch 'origin/pr/6259'
2015-11-24 17:33:35 -06:00
7ad8adf67f
Land #6240 , change default SMBDomain to '.'
2015-11-24 12:58:46 -06:00
5303079ba4
Land #6262 , local exploit add not implemented error
2015-11-23 14:23:13 -06:00
5654b6b2e2
Land #6227 , reverse_hop_http updates and HTTPS unification
2015-11-23 06:29:15 -06:00
25f2241aa3
Land #6246 , show the user errors from create_session
2015-11-23 06:01:08 -06:00
353cad2cc6
Update to match active & github account merge
2015-11-22 13:38:26 -06:00
b636aeb303
rm print_warning
2015-11-20 19:38:33 -06:00
d405f31c35
Add a NotImplementedError if run is used to run a local exploit
...
Running a local exploit like a post is not currently supported,
we should at least raise a warning or something, and not just
let it backtrace and confuse the user.
2015-11-19 14:31:31 -06:00
a78fa7c3d9
Fix #4273 , print error in create_session
...
Fix #4273
2015-11-16 17:17:20 -06:00
708cbe9479
change the default SMBDomain to .
...
Due to a recent change using WORKGROUP
as the SMBDomain causes Trust errors.
Using '.' instead works fine.
2015-11-16 12:20:27 -06:00
a1ab8f1dc7
added Session info display to module output
...
output from the mssql_local_auth_bypass module
is now prefixed with the Session id and address
of the target host so it is explicitly clear
where it is performing each action
MS-706
2015-11-16 12:13:26 -06:00
06a5b5b0bd
Land #6234 , Host header transport
2015-11-14 11:35:47 -06:00
cd4aa28d11
Transport priority changes
...
Pass in the "lhost" and "lport" options to the default transport during the native payload. This takes the following LHOST priorities:
1. OverrideLHOST, only if OverrideRequestHost is TRUE
2. The request Host: header.
3. The LHOST datastore.
2015-11-13 13:21:46 +00:00
9d9865150b
Transport priority changes
...
Default transport request should set the priority to the Host: request header, and the subsequent OverrideRequestHost, OverrideLHOST, and OverrideLPORT options in the handler for reverse_http(s).
2015-11-13 13:19:01 +00:00
0e121df69d
Need a default template
...
The set_template_default actually needs the second argument,
otherwise we hit a RuntimeError.
2015-11-12 15:17:03 -06:00
Jon Hart
wchen-r7
Sonny Gonzalez
jvazquez-r7
William Vu
Brent Cook
Spencer McIntyre
Jon Cave
OJ
Kyle Gray
Louis Sato
HD Moore
David Maloney
scriptjunkie
sammbertram