2a7b4ee3d8
Merge branch 'master' into setstringproperty_spray
2013-02-27 11:15:52 -06:00
4085fa73c5
Merge branch 'stephenfewer-master'
2013-02-27 11:13:10 -06:00
724b32af17
Fixed the importing of NBE files
2013-02-26 16:55:26 -08:00
7a7dd8975f
Hmm, turns out something actually used that
...
Despite comments to the contrary
2013-02-26 18:16:54 -06:00
29df20996e
Move most of the configuration into ClientRequest
...
Also fixes in-place modification of the query string which resulted in
duplication of the GET parameters when calling #to_s more than once.
2013-02-26 17:38:09 -06:00
f16cec552a
increase timeout with new checks
2013-02-26 14:27:04 -06:00
2ec2489f52
Test for general ssl before testing ciphers
2013-02-26 14:26:14 -06:00
579c11bc69
Set reasonable defaults for more things
...
All current tests are passing now
2013-02-26 14:25:46 -06:00
d7de3b75a4
Format Authorization header like others
...
Also sorts the set_*_header methods
2013-02-26 14:18:20 -06:00
c206ac4998
Set some reasonable defaults
...
Fixes a number of nil deref issues
2013-02-26 14:15:51 -06:00
1cb2717fe7
fix weak and strong cipher enumerators
2013-02-26 14:13:17 -06:00
38af8ba866
Merge branch 'feature/sqli-exploitation-mssql' of github.com:tasos-r7/metasploit-framework into tasos-r7-feature/sqli-exploitation-mssql
2013-02-26 13:41:32 -06:00
d463460da7
Default cgi to true when not given
2013-02-26 13:33:54 -06:00
764bbbb8e5
Whitespace
2013-02-26 13:33:19 -06:00
5e0161d3f7
Reflect new ClientRequst in docs
2013-02-26 13:31:24 -06:00
1869cb5f8d
fix timeout
...
20 seconds is way too long for jsut opening a socket
2013-02-26 13:20:16 -06:00
5ac20e1b02
Merge branch 'feature/http/authv2' of git://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-feature/http/authv2
...
Conflicts:
lib/rex/proto/http/client.rb
2013-02-26 12:08:00 -06:00
c104fa6d97
Add spec and a few fixes for set_uri
2013-02-26 11:01:16 -06:00
75a36ce171
Merge pull request #1154 from todb/feature/go_pro
2013-02-26 01:09:24 -06:00
08275e8d83
Process.spawn instead of system
...
Per @bturner-r7's comment here:
https://github.com/rapid7/metasploit-framework/pull/1514#discussion_r3129535
2013-02-25 19:49:02 -06:00
8cff88efac
Change from web ui to community / pro
2013-02-25 15:45:55 -06:00
d9627151c0
Add socket context option
...
Add the option for a socket context so pivoting will work
2013-02-25 15:01:42 -06:00
b6458d2bfa
Update MDM gem in gemcache
2013-02-25 15:01:08 -06:00
1ce86b7adb
Whitespace
2013-02-25 14:29:10 -06:00
e41922853e
Merge branch 'rapid7' into dmaloney-r7-feature/http/authv2
2013-02-25 14:15:22 -06:00
0421cff913
Exploit::Remote::Web#perform_request: timeout set to 10
2013-02-25 19:49:39 +02:00
2141492654
Per @brandont comment, use exit status instead.
2013-02-24 15:24:21 -06:00
ed93a7932c
Clean up Iconv usage and fix indents
2013-02-24 13:11:15 -06:00
b1355fa326
Avoid utf8 regular expression error in Ruby 2.0
2013-02-24 13:10:40 -06:00
8e8fecd208
Prefer String#encode over Iconv for Ruby 2.0 compat
2013-02-24 13:10:16 -06:00
9d9d83cf8b
Implement per-target arch/platform searches SeeRM #7754
2013-02-24 11:06:29 -06:00
5e1119e2ed
A little more error handling for browser launches
...
Implement a timeout and deal with the case where xdg-open isn't
avialable for whatever reason.
2013-02-24 10:23:12 -06:00
8010cdbd8b
Shuffled methods around
2013-02-24 09:33:15 -06:00
8caedd4290
Can't apt-get install inside msfconsole
...
At least, you can't and expect the service to connect correctly. You
must exit msfconsole and restart it for the migrations to take place.
2013-02-23 23:41:14 -06:00
a7c0d62106
Cleanup after some testing
2013-02-23 23:33:08 -06:00
d5a074283a
Fill in the details of starting, launching, etc
2013-02-23 22:38:29 -06:00
a3886a1a6b
No smartquotes plz
2013-02-23 17:17:18 -06:00
b80343817c
Skeleton for acutally go_pro'ing
2013-02-23 09:48:18 -06:00
90a1dcffa3
Adds a random banner offering go_pro
2013-02-23 09:36:06 -06:00
2af930f1ff
Adds msfbase_dir, switches on apt existance
2013-02-23 09:19:31 -06:00
0977d1a9b0
help shouldn't go past 80 columns
2013-02-23 08:49:47 -06:00
7509501b18
Adding a go_pro command
2013-02-23 08:46:51 -06:00
aa007b9e0a
Updates
2013-02-22 20:07:16 -06:00
fc07bf16e7
Merge branch 'rapid7' into dmaloney-r7-feature/http/authv2
2013-02-22 15:41:49 -06:00
56fa5ead37
Initial version of js_property_spray
2013-02-22 10:21:20 -06:00
c423ad2583
Merge branch 'master' of github.com:rapid7/metasploit-framework into rapid7
2013-02-21 15:30:43 -06:00
d15e202f19
Add some YARD docs
2013-02-20 18:47:20 -06:00
8d2233bbdd
first minor cleanup
2013-02-20 15:33:24 -06:00
accd620843
Clean up pry
2013-02-19 23:50:30 -06:00
6abbbeb3ca
put gemcache for methodsource back
2013-02-19 22:17:25 -06:00
ac6fdf24a2
Fix winrm mixin from revert merge
2013-02-19 22:01:43 -06:00
b2563dd6c2
trying to clean up the mess from the revert
2013-02-19 21:25:37 -06:00
dac1147473
merge client config into opts
2013-02-19 19:41:42 -06:00
de4234f0ad
Some more YARD docs
2013-02-19 18:48:03 -06:00
a4905e43a2
Fix the way creds are passed + YARD
...
some ayrddocs on send_auth plus fix the wierd way i was passing creds
around
2013-02-19 18:40:39 -06:00
3949c851a4
Was, indeed, missing an or pipe
2013-02-19 17:53:48 -06:00
d81f177ab6
Adding Nemski's fix
...
[FixRM #7451 ]
2013-02-19 17:51:51 -06:00
0662677a72
First minor cleanup sweep
2013-02-19 17:19:16 -06:00
4703278183
Move SMB mixins into their own directory
2013-02-19 12:55:06 -06:00
ede804e6af
Make psexec mixin a bit better
...
* Removes copy-pasted code from psexec_command module and uses the mixin
instead
* Uses the SMB protocol to delete files rather than psexec'ing to call
cmd.exe and del
* Replaces several instances of "rescue StandardError" with better
exception handling so we don't accidentally swallow things like
NoMethodError
* Moves file reading and existence checking into the Exploit::SMB mixin
2013-02-19 12:33:19 -06:00
867ab2f269
Whitespace
2013-02-18 19:01:03 -06:00
b72d2b59f8
Add logging in case of exceptions during rm
2013-02-18 18:02:51 -06:00
0d4a6c6a04
support for searchforward option in egghunter
2013-02-18 12:45:49 +01:00
d23ca8f599
Merge branch 'master' into feature/http/authv2
...
Conflicts:
lib/rex/proto/http/client.rb
2013-02-17 22:58:23 -06:00
87d9af585e
fix request_raw
2013-02-17 21:35:19 -06:00
dd26b08197
first run at Clientrequest object
...
need a reliable object class for request_raw and request_cgi so that we
can manipulate requests in a safe and sane manner. It is not a eprfect
solution, but should fix what we need for the auth work.
2013-02-17 19:25:27 -06:00
a902480576
Break out subclasses into their own files
2013-02-17 06:57:35 -06:00
0938190063
Merge branch 'rapid7' into R3dy-psexec-mixin2
2013-02-17 06:08:09 -06:00
aea76a56de
Add some docs to FtpServer
2013-02-13 14:39:19 -06:00
8ddc19e842
Unmerge #1476 and #1444
...
In that order. #1476 was an attempt to salvage the functionality, but
sinn3r found some more bugs. So, undoing that, and undoing #1444 as
well.
First, do no harm. It's obvious we cannot be making sweeping changes in
libraries like this without a minimum of testing available. #1478 starts
to address that, by the way.
FixRM #7752
2013-02-11 20:49:55 -06:00
adfd26eb2d
Cleanup to_s output
2013-02-11 17:08:14 -06:00
d4d41f36d4
Merge branch 'bug/basic_auth' of https://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-bug/basic_auth
2013-02-11 21:16:35 +01:00
f90fdcd5eb
Missed nil check
2013-02-11 13:14:05 -06:00
0ccf7dd58a
trust any manualy set basic auth header
...
for now we will assume the module author knows what they are doing.
2013-02-11 13:06:26 -06:00
6e9232bf72
Merge branch 'addr_hex_dump' of github.com:Meatballs1/metasploit-framework into Meatballs1-addr_hex_dump
2013-02-11 11:31:54 -06:00
84534caae1
Fix expliciti basic_auth for http
2013-02-11 10:32:44 -06:00
0f9b16d07f
Scanner class finished, result needs more work
...
the result class needs a nice clean to_s method to print easily readable
output. mostly working now. a few more tweaks needed.
2013-02-09 19:06:17 -06:00
acdd952eb2
Initial commit
2013-02-09 21:50:12 +00:00
c25d4b4863
Test Cipher method underway
...
Trying to get a clever test plan under way to actually test the network
side of this. Not quite working yet
2013-02-09 01:07:56 -06:00
ebb0f166ca
Accept propper formats for SSL version
...
we were only accepting sloppy string values and not accepting input of
the actual symbols that OpenSSL expects in the first place. Allow the
user to enter it right themselves to be compat with OpenSSL
2013-02-09 00:40:58 -06:00
38d0a244fd
Beginings of the actual scanner
...
configuration and configuration validation in place with tests.
2013-02-09 00:03:58 -06:00
b8b445c834
Update lib/msf/core/auxiliary/login.rb
...
Fix for Bug #7451
2013-02-09 15:32:47 +11:00
3295157f78
More support for various checks
2013-02-08 13:25:49 -06:00
99218d142b
Merge branch 'rapid7' into R3dy-psexec-mixin2
2013-02-08 12:48:06 -06:00
5b3b0a8b6d
Merge branch 'dmaloney-r7-http/auth_methods' into rapid7
2013-02-08 12:45:35 -06:00
2b3c8a68ad
Merge remote-tracking branch 'tasos-r7/feature/web_http_request_opts_override' into rapid7
2013-02-08 12:45:02 -06:00
d2c7dbe160
Merge remote-tracking branch 'wchen-r7/type_error_dir_scanner' into rapid7
2013-02-08 12:39:08 -06:00
8798567d79
Fix bug: TypeError can't convert Fixnum into String
...
wmap_target_port is retrieved from datastore['RPORT'], and that's a
Fixnum. But wmap_base_url is treating that like a String, so when a
module uses that function, it's doomed.
See:
http://dev.metasploit.com/redmine/issues/7748
2013-02-08 12:05:27 -06:00
dfc7ce9381
fix stupid datat structure
...
also supports a boolean value for whether the cipher is weak or not
2013-02-08 11:33:36 -06:00
071df7241b
Merge branch 'rapid7' into sonicwall_gms
...
Conflicts:
modules/exploits/multi/http/sonicwall_gms_upload.rb
Adds a loop around triggering the WAR payload, which was causing some
unreliability with the Java target.
2013-02-07 21:53:49 -06:00
e535a3e93f
Guard against running broken method on non-windows
...
This just puts a bandaid around the issue and makes it so FileDropper
doesn't completely break java and posix meterpreter sessions.
[SeeRM #7721 ]
2013-02-07 21:10:27 -06:00
16a0ab1933
Fix comment link and some whitespace
2013-02-07 18:37:11 -06:00
bf28be7cff
Fix some comments that yard parsed incorrectly
2013-02-07 18:36:04 -06:00
13d1045989
Works for java and native linux targets
2013-02-07 16:56:38 -06:00
5c9f946927
empty shells for the scanner and its specs
2013-02-07 16:16:41 -06:00
096360261e
De-dup cipher results
2013-02-07 16:09:47 -06:00
4e87bf4ab3
Add enumeration and support options
...
i lied, there's more. Adds two enumerators and methods to check for
specific ssl version support as well as a quick method to tell if the
server supports ssl at all.
2013-02-07 15:51:07 -06:00
10e017ae73
finish up the SSLScan::Result class
...
finishes up result class for SSLScan , compelte with tests
2013-02-07 14:56:26 -06:00
7036365e04
Start adding sslscan results object
...
Building out the result object for the SSlScan
2013-02-07 12:42:18 -06:00
a15889305a
Return a Request object
...
Still changes the return type, but now at least .to_s will give you the
right thing and at least a Request object is a logical thing to return.
2013-02-06 18:56:06 -06:00
ebd03ccceb
Allow user to set ssl cipher
...
Rex::Socket::Tcp now allows the user to specify a cipher or ciphers to
try and use for the ssl connection in addition to the version.
2013-02-06 16:57:47 -06:00
b3e828359d
Web::HTTP#_request: allow Rex opt level overrides
...
Allow overriding options at the Rex level when performing requests
via the Auxiliary::Web::HTTP wrapper.
2013-02-06 01:02:46 +02:00
888bb80ab6
more comments
2013-02-05 11:55:12 -06:00
16b4fb1faa
Added some comment documentation
2013-02-05 10:36:51 -06:00
463a45ccaf
if we don't support the auth return original res
...
make sure we return the original 401 if we don't support the auth.
2013-02-05 09:57:33 -06:00
877fb017b6
remove negotiate requirements
...
winrm can support basic, and now these modules can too, for free
2013-02-04 16:50:43 -06:00
af6b0615fb
fix pipelining
...
winrm is unforgiving of pipelining from non ntlm requests into the
challenge response cycle. we must clear our initial tcp session before
starting ntlm auth for winrm
2013-02-04 16:42:24 -06:00
44d4e298dc
Attempting to cleanup winrm auth
2013-02-04 15:48:31 -06:00
c71b803413
Add invisible auth to web crawler
...
the anemone web crawler now properly supports our invisible auth scheme
for rex http.
2013-02-04 14:38:08 -06:00
9b84e5b3c4
Fix raw requests to work as well as cgi
2013-02-04 13:59:58 -06:00
413c37e506
Add invisible auth to Web::HTTP
...
add the invisible auth support to tasos' http class
2013-02-04 13:39:40 -06:00
0c57026065
Remove junk added earlier
...
i added junk to tasos' class when we were going to attempt this a
different way. housekeeping to clean it up
2013-02-04 13:13:08 -06:00
8d013d1034
Merge branch 'master' into http/auth_methods
2013-02-04 13:11:57 -06:00
9497e38ef7
Fix http login scanner
...
Fix the http_login scanner to use new buitin auth
2013-02-04 12:31:19 -06:00
7faaa635d3
Fixed exception handling to use smb::proto
2013-02-03 18:46:41 -06:00
797e2604a0
Fix missing require in reverse_tcp_ssl
2013-02-03 17:41:45 -06:00
ffb88baf4a
initial module import from SV rev_ssl branch
2013-02-03 15:06:24 -05:00
c3801ad083
This adds an openssl CMD payload and handler
2013-02-03 04:44:25 -06:00
8d817dcbb5
fix iis digest support mistake
...
Digest auth working automatically
2013-02-01 15:49:18 -06:00
6c12fa26bc
oodles of small fixes
...
Basic, NTLM and Negotiate auth all working transparently
Have to test digest auth still
2013-02-01 15:12:11 -06:00
61969d575b
remove mixin require, more datastore clenaup
2013-02-01 15:12:11 -06:00
efe0947286
Start fixing datastore options
2013-02-01 15:12:11 -06:00
ef1fc58e5e
Remove mixin, start moving into Rex
...
move auth awareness into rex itself
2013-02-01 15:12:11 -06:00
c407fa9e74
add mixjn
2013-02-01 15:12:11 -06:00
5814c59620
move httpauth to mixin
...
HttpAuth stuff gets it's own little mixin
mix it in to Exploit::Http::Client
mix in it to Auxiliary::Web::HTTP
2013-02-01 15:12:10 -06:00
8e870f3654
merge in sinn3r's changes
2013-02-01 15:12:10 -06:00
70b252dc7b
Merge branch 'normalize_uri_update2' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-normalize_uri_update2
2013-01-31 22:32:50 +01:00
95cc84f5e8
Updates normalize_uri()
...
This function should not remove the trailing slash, because you may
end up getting a different HTTP response. The new function also
allows multiple URIs as argument, and will just merge & normalize
them together. [SeeRM #7733 ]
2013-01-30 15:42:21 -06:00
1e1cbd7445
Merge branch 'wldap32_railgun' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-wldap32_railgun
2013-01-30 21:01:31 +01:00
6002e35460
Merge pull request #1397 from wchen-r7/target_uri_fix
...
normalize_uri fixes (double slashes and trailing slash)
2013-01-29 11:26:30 -08:00
c42d4a6617
Merge for CVE-2013-0156 RoR Exploit
...
Also massages the RUBY payload.
2013-01-28 23:06:05 -06:00
92c736a6a9
Move fork stuff out of exploit into payload mixin
...
Tested xml against 3.2.10 and json against 3.0.19
2013-01-28 21:34:39 -06:00
9a58b7b732
Fix normalize_uri() function
...
This will make sure all the double slashes are gone. Also, the
function description is updated to clarify its purpose.
2013-01-28 12:10:21 -06:00
fc833ea8df
Catch exceptions and return value
2013-01-28 10:30:59 -06:00
3fc9b5d636
Doc cleanup
2013-01-28 00:01:45 -06:00
169f91159e
added 'from' PID to meterpreter migrate message
2013-01-27 21:18:49 -06:00
2965fa480e
Some errant spaces
2013-01-25 05:41:28 -06:00
a081389f86
Auxiliary::Web, Exploit::Remote::Web: style updates
2013-01-29 03:08:53 +02:00
76e0305dcf
Merge remote-tracking branch 'upstream/master' into web-modules
2013-01-29 01:06:26 +02:00
27aae87c18
Stop aggravating default show screenshot
...
A better fix would have it detect default browsers
as being text only like lynx. But this has got to
go one way or another. Loosing shell because I forgot
to do -v false is wall punch worthy
2013-01-24 22:06:51 -05:00
d9e1653443
Use EXITFUNC if present to save space and be more correct.
...
Jump straight to payload on process failure to save space.
2013-01-24 17:14:25 -06:00
9aaca2eae9
Auxiliary::Web::HTTP: updated exception handling
...
[FIXRM #7724 ]
Updated #run and #_requestto rescue and elog all exception.
2013-01-24 22:07:17 +02:00
60e871b8d4
Merge pull request #1365 from todb-r7/banner-logos
...
Delivers Pro #41793473
2013-01-24 09:07:41 -08:00
477ab65d55
Exploit::Remote::Web: added #tries method
...
#tries method indicates how many times we should run a module until
we establish a session.
2013-01-23 23:05:22 +02:00
e920594534
Whitespace cleanup, no blank lines plz
2013-01-23 14:23:38 -06:00
d0382b68c7
One more backslash
2013-01-23 14:18:40 -06:00
40dcbe0e89
Fix escaping, whitespace
...
Since banners are now just data and not code, they don't need their
backslashes escaped any more.
2013-01-23 14:16:49 -06:00
537e12cf16
Render the banners nicely
2013-01-23 13:59:34 -06:00
b4f5c3b6ed
Fix up set_rhosts for all db commands
2013-01-23 10:10:02 -06:00
1477cda3d4
fix set_rhosts behavior/bugs.
...
msf exploit(rails_xml_yaml_code_exec) > hosts
Hosts
=====
address mac name os_name os_flavor os_sp purpose info comments
------- --- ---- ------- --------- ----- ------- ---- --------
10.0.0.105 00:0C:29:59:65:08 VMWIN2000SP4 Microsoft Windows client
msf exploit(rails_xml_yaml_code_exec) > hosts -R
Hosts
=====
address mac name os_name os_flavor os_sp purpose info comments
------- --- ---- ------- --------- ----- ------- ---- --------
10.0.0.105 00:0C:29:59:65:08 VMWIN2000SP4 Microsoft Windows client
RHOSTS => 10.0.0.105
msf exploit(rails_xml_yaml_code_exec) > exit
2013-01-23 10:00:24 -06:00
sinn3r
Gerry Eisenhaur
James Lee
David Maloney
Brandon Turner
Tod Beardsley
Tasos Laskos
HD Moore
corelanc0d3r
jvazquez-r7
Meatballs
nemski
Royce Davis
RageLtMan
Tod Beardsley
rogueclown
Rob Fuller
scriptjunkie
Trevor Rosen