ebd03ccceb
Allow user to set ssl cipher
...
Rex::Socket::Tcp now allows the user to specify a cipher or ciphers to
try and use for the ssl connection in addition to the version.
2013-02-06 16:57:47 -06:00
b3e828359d
Web::HTTP#_request: allow Rex opt level overrides
...
Allow overriding options at the Rex level when performing requests
via the Auxiliary::Web::HTTP wrapper.
2013-02-06 01:02:46 +02:00
888bb80ab6
more comments
2013-02-05 11:55:12 -06:00
16b4fb1faa
Added some comment documentation
2013-02-05 10:36:51 -06:00
463a45ccaf
if we don't support the auth return original res
...
make sure we return the original 401 if we don't support the auth.
2013-02-05 09:57:33 -06:00
877fb017b6
remove negotiate requirements
...
winrm can support basic, and now these modules can too, for free
2013-02-04 16:50:43 -06:00
af6b0615fb
fix pipelining
...
winrm is unforgiving of pipelining from non ntlm requests into the
challenge response cycle. we must clear our initial tcp session before
starting ntlm auth for winrm
2013-02-04 16:42:24 -06:00
44d4e298dc
Attempting to cleanup winrm auth
2013-02-04 15:48:31 -06:00
c71b803413
Add invisible auth to web crawler
...
the anemone web crawler now properly supports our invisible auth scheme
for rex http.
2013-02-04 14:38:08 -06:00
9b84e5b3c4
Fix raw requests to work as well as cgi
2013-02-04 13:59:58 -06:00
413c37e506
Add invisible auth to Web::HTTP
...
add the invisible auth support to tasos' http class
2013-02-04 13:39:40 -06:00
0c57026065
Remove junk added earlier
...
i added junk to tasos' class when we were going to attempt this a
different way. housekeeping to clean it up
2013-02-04 13:13:08 -06:00
8d013d1034
Merge branch 'master' into http/auth_methods
2013-02-04 13:11:57 -06:00
9497e38ef7
Fix http login scanner
...
Fix the http_login scanner to use new buitin auth
2013-02-04 12:31:19 -06:00
7faaa635d3
Fixed exception handling to use smb::proto
2013-02-03 18:46:41 -06:00
797e2604a0
Fix missing require in reverse_tcp_ssl
2013-02-03 17:41:45 -06:00
ffb88baf4a
initial module import from SV rev_ssl branch
2013-02-03 15:06:24 -05:00
c3801ad083
This adds an openssl CMD payload and handler
2013-02-03 04:44:25 -06:00
8d817dcbb5
fix iis digest support mistake
...
Digest auth working automatically
2013-02-01 15:49:18 -06:00
6c12fa26bc
oodles of small fixes
...
Basic, NTLM and Negotiate auth all working transparently
Have to test digest auth still
2013-02-01 15:12:11 -06:00
61969d575b
remove mixin require, more datastore clenaup
2013-02-01 15:12:11 -06:00
efe0947286
Start fixing datastore options
2013-02-01 15:12:11 -06:00
ef1fc58e5e
Remove mixin, start moving into Rex
...
move auth awareness into rex itself
2013-02-01 15:12:11 -06:00
c407fa9e74
add mixjn
2013-02-01 15:12:11 -06:00
5814c59620
move httpauth to mixin
...
HttpAuth stuff gets it's own little mixin
mix it in to Exploit::Http::Client
mix in it to Auxiliary::Web::HTTP
2013-02-01 15:12:10 -06:00
8e870f3654
merge in sinn3r's changes
2013-02-01 15:12:10 -06:00
70b252dc7b
Merge branch 'normalize_uri_update2' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-normalize_uri_update2
2013-01-31 22:32:50 +01:00
95cc84f5e8
Updates normalize_uri()
...
This function should not remove the trailing slash, because you may
end up getting a different HTTP response. The new function also
allows multiple URIs as argument, and will just merge & normalize
them together. [SeeRM #7733 ]
2013-01-30 15:42:21 -06:00
1e1cbd7445
Merge branch 'wldap32_railgun' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-wldap32_railgun
2013-01-30 21:01:31 +01:00
6002e35460
Merge pull request #1397 from wchen-r7/target_uri_fix
...
normalize_uri fixes (double slashes and trailing slash)
2013-01-29 11:26:30 -08:00
c42d4a6617
Merge for CVE-2013-0156 RoR Exploit
...
Also massages the RUBY payload.
2013-01-28 23:06:05 -06:00
92c736a6a9
Move fork stuff out of exploit into payload mixin
...
Tested xml against 3.2.10 and json against 3.0.19
2013-01-28 21:34:39 -06:00
9a58b7b732
Fix normalize_uri() function
...
This will make sure all the double slashes are gone. Also, the
function description is updated to clarify its purpose.
2013-01-28 12:10:21 -06:00
fc833ea8df
Catch exceptions and return value
2013-01-28 10:30:59 -06:00
3fc9b5d636
Doc cleanup
2013-01-28 00:01:45 -06:00
169f91159e
added 'from' PID to meterpreter migrate message
2013-01-27 21:18:49 -06:00
2965fa480e
Some errant spaces
2013-01-25 05:41:28 -06:00
a081389f86
Auxiliary::Web, Exploit::Remote::Web: style updates
2013-01-29 03:08:53 +02:00
76e0305dcf
Merge remote-tracking branch 'upstream/master' into web-modules
2013-01-29 01:06:26 +02:00
27aae87c18
Stop aggravating default show screenshot
...
A better fix would have it detect default browsers
as being text only like lynx. But this has got to
go one way or another. Loosing shell because I forgot
to do -v false is wall punch worthy
2013-01-24 22:06:51 -05:00
d9e1653443
Use EXITFUNC if present to save space and be more correct.
...
Jump straight to payload on process failure to save space.
2013-01-24 17:14:25 -06:00
9aaca2eae9
Auxiliary::Web::HTTP: updated exception handling
...
[FIXRM #7724 ]
Updated #run and #_requestto rescue and elog all exception.
2013-01-24 22:07:17 +02:00
60e871b8d4
Merge pull request #1365 from todb-r7/banner-logos
...
Delivers Pro #41793473
2013-01-24 09:07:41 -08:00
477ab65d55
Exploit::Remote::Web: added #tries method
...
#tries method indicates how many times we should run a module until
we establish a session.
2013-01-23 23:05:22 +02:00
e920594534
Whitespace cleanup, no blank lines plz
2013-01-23 14:23:38 -06:00
d0382b68c7
One more backslash
2013-01-23 14:18:40 -06:00
40dcbe0e89
Fix escaping, whitespace
...
Since banners are now just data and not code, they don't need their
backslashes escaped any more.
2013-01-23 14:16:49 -06:00
537e12cf16
Render the banners nicely
2013-01-23 13:59:34 -06:00
b4f5c3b6ed
Fix up set_rhosts for all db commands
2013-01-23 10:10:02 -06:00
1477cda3d4
fix set_rhosts behavior/bugs.
...
msf exploit(rails_xml_yaml_code_exec) > hosts
Hosts
=====
address mac name os_name os_flavor os_sp purpose info comments
------- --- ---- ------- --------- ----- ------- ---- --------
10.0.0.105 00:0C:29:59:65:08 VMWIN2000SP4 Microsoft Windows client
msf exploit(rails_xml_yaml_code_exec) > hosts -R
Hosts
=====
address mac name os_name os_flavor os_sp purpose info comments
------- --- ---- ------- --------- ----- ------- ---- --------
10.0.0.105 00:0C:29:59:65:08 VMWIN2000SP4 Microsoft Windows client
RHOSTS => 10.0.0.105
msf exploit(rails_xml_yaml_code_exec) > exit
2013-01-23 10:00:24 -06:00
9e5370eb2f
Merge branch 'slight_speedup_to_db_hosts-R' of github.com:kernelsmith/metasploit-framework into kernelsmith-slight_speedup_to_db_hosts-R
2013-01-23 00:20:55 -06:00
ff7756cd54
Make #prepends() actually work
2013-01-22 16:10:44 -06:00
33e9f182bd
Merge remote-tracking branch 'upstream/master' into web-modules
2013-01-22 23:43:25 +02:00
6b5c6c3a0c
Auxiliary::Web::Analysis::Differential
...
Removed payload option from #process_vulnerability call
2013-01-22 23:41:36 +02:00
0d564c1ce8
Auxiliary::Web::Analysis::Timing
...
Updated to pick the largest matching payload from the payload list.
2013-01-22 23:40:30 +02:00
f2beb5bf19
Auxiliary::Web#process_vulnerability: payload fix
...
Updated to pick the largest matching payload from the payload list.
2013-01-22 23:39:16 +02:00
c37510f777
Move prependmigrate.rb for naming consistency
2013-01-22 14:15:52 -06:00
04adaf0e9d
Unstupid the prepends callback
...
Windows#prepends was overriding PrependMigrate#prepends
2013-01-22 13:56:26 -06:00
32aa2c6d9c
Make asm spacing easier to read
...
Also adds a #prepends callback to Payload::Windows to make it a little
clearer what's happening.
2013-01-22 13:25:27 -06:00
fed4a836c6
Updated proof string for Web Differential Analysis
...
Manipulatable responses => Boolean manipulation
2013-01-22 20:29:57 +02:00
81625121f2
Cleaned up some code spacing
2013-01-22 09:49:03 -06:00
4740cb09a1
Fix NoMethodError if handler has no ParentModule
...
db.rb assumes that multi/handler sessions have a ParentModule defined
in their datastore. This assumption breaks when a user sets up a
multi/handler by hand to receive a session from another user (e.g.,
via multi_meter_inject).
When db.rb tries to access a member of a nil ParentModule, a
stacktrace is dumped to framework.log.
2013-01-22 02:56:43 -05:00
d6ed6cd5e4
Fix a stack overflow in bidirectional pipe
2013-01-22 00:27:03 -06:00
52596ae3b4
add -R capability like hosts -R
...
moves the set_rhosts method def out into a separate file so it can be
included by both db.rb cmd_hosts and core.rb cmd_grep
2013-01-21 18:17:28 -06:00
b2c7223108
Cleanup for mysql_file_enum.rb
2013-01-21 12:26:35 +01:00
f05e358058
replace unless rhosts.include? with rhosts.uniq!
...
seems like this will speed up the process due to far less Array lookups
2013-01-21 00:46:05 -06:00
23d1eb7a80
File/dir brute forcer using MySQL
2013-01-20 21:23:58 +00:00
567185ec65
Better cleanup and address comments
2013-01-20 00:19:17 +00:00
4ee80e76bd
msftidy wldap32
2013-01-19 23:15:20 +00:00
66d5f39057
Ensure prepend_migrate? always functions correctly.
2013-01-18 18:04:09 -06:00
6c046dfa69
Move PrependMigrate to a mixin
2013-01-18 17:45:36 -06:00
07bf36f62f
Ensure shell still works if PrependMigrateProc fails to launch.
...
Don't rely on GetStartupInfoA return value.
2013-01-18 17:32:50 -06:00
52251867d8
Ensure Windows single payloads use payload backend
...
This means the singles that define their own assembly will use the payload backend to generate it.
2013-01-18 16:34:39 -06:00
16d065adfc
Fix issue with singles.
...
Single now plays more nicely with other mixins, so PrependMigrate works.
2013-01-18 16:34:39 -06:00
b01374904b
tidy EOL spaces
2013-01-18 16:34:39 -06:00
15268cae73
Add X64 PrependMigrate support
2013-01-18 16:34:39 -06:00
c97be836c3
Fix error calculating payload sizes.
...
Error meant most Windows payloads were marked as incompatible with many exploits.
2013-01-18 16:34:39 -06:00
725d4d7194
Re-use block_api code in migrate stub if possible
...
Makes payload significantly smaller.
2013-01-18 16:34:38 -06:00
0b32111a9f
Revert "Revert "Merge branch 'migrator' of git://github.com/scriptjunkie/metasploit-framework into scriptjunkie-migrator""
...
This reverts commit 2436ac3a58
2013-01-18 16:34:38 -06:00
9f42abdb95
Whitespace fixup
2013-01-18 15:44:52 -06:00
0c3e7ee3e0
Merge remote-tracking branch 'Meatballs1/reboot_force2'
2013-01-18 15:01:51 -06:00
bfd58e9570
Add a comment doc for future parser writers
2013-01-18 14:59:41 -06:00
ef97b20cb7
Merge branch 'wds_unattend'
2013-01-18 14:42:00 -06:00
a2f66a8fef
Fixed msftidy complaints
2013-01-18 09:33:44 -06:00
00a9c72595
Fixed exception handeling. No longer using rescure StandardError
2013-01-17 19:02:13 -06:00
6e8e7a407d
adds a .nil? check as well
2013-01-17 00:30:58 -06:00
7090a4a82f
adds check for empty data b4 sending to parser [RM7269]
...
[fixes RM7269]
we discussed the solution to this bug a lot on IRC and in the ticket
itself, the consensus was to fix it as far upstream as possible before
sending to the parsers so as to avoid any future bugs of the same
nature, so this commit adds a check to import_nmap_xml to see if the
data is empty before passing it on to the parser, whether that parser
is nokogiri or the legacy parser.
db_nmap -h now produces the expected output and db_nmap still works as
expected.
2013-01-17 00:18:13 -06:00
4fd4af1f43
Fix typo that breaks record_mic command
2013-01-16 16:30:38 -06:00
f7571d89de
Fixed cleanup_after funciton to mimic file_dropper but not use file_dropper
2013-01-16 09:56:27 -06:00
b1dbbe3baa
msftidy eol fixes
2013-01-16 00:59:45 -06:00
3210c5382e
undo vestiges of attempt to add tab_complete nesting
...
return code to original state before I started editing
2013-01-16 00:49:54 -06:00
f7195fb5b5
handle unknown commands more informatively
...
before it just returned nothing, now it prints the familiar "Unkown
command: " message
2013-01-16 00:39:22 -06:00
c621e83ffe
Merge branch 'feature/stage_encoding' of github.com:jlee-r7/metasploit-framework into jlee-r7-feature/stage_encoding
2013-01-15 23:31:40 -06:00
204b43b0d3
fix typo in args.shift
2013-01-15 22:44:55 -06:00
2a6a833931
prompt fixes (restores prompt context) & normalization
...
Msf::Ui::Console::Driver::DefaultPrompt and
Msf::Ui::Console::Driver::Default should be used when default is desired
2013-01-15 22:24:36 -06:00
ad8516eacf
fixed prompt issue, still need to restore context
...
see line 2519 area.
msf exploit(psexec) > grep -i -A 2 encoding show
<snip>
msf>
2013-01-15 17:57:28 -06:00
4d33742482
fixed bug with -A
2013-01-15 17:35:57 -06:00
86e4bb2db5
yard doc fixed and added for all _tabs methods
2013-01-15 16:42:02 -06:00
6773a10632
Made changes to cleanup to use file_dropper instead
2013-01-15 16:24:16 -06:00
c60556389f
add yard doc and allow for -A and -B at same time
2013-01-15 16:22:04 -06:00
26b40666ce
Merge branch 'rapid7' into feature/stage_encoding
2013-01-15 15:10:58 -06:00
7361e1041f
Merge commit '5e8f388ab8425bf2ef4c2fe33e6133b99ceb46d4' into psexec-mixin2
2013-01-15 14:49:21 -06:00
6f17ed96db
Merge https://github.com/rapid7/metasploit-framework into psexec-mixin2
2013-01-15 14:48:20 -06:00
af2b1ec25b
Clean up doc comments
2013-01-15 14:22:11 -06:00
ee14c1c613
Merge remote-tracking branch 'R3dy/psexec-mixin2' into rapid7
2013-01-15 12:58:50 -06:00
4883cf4b01
Minor doc comment additions
2013-01-15 12:49:43 -06:00
d36e38fca6
Move encoding into handle_connection
...
* Allows payloads that override generate_stage to still take advantage
of stage encoding
* Also adds doc comments for a few methods
2013-01-15 10:34:31 -06:00
9d4366fdab
Merge remote-tracking branch 'wchen-r7/irb_terminatelineinput'
2013-01-15 01:50:15 -08:00
6064dfcb71
Merge remote-tracking branch 'wchen-r7/fail_to_reload_fix'
2013-01-15 01:43:07 -08:00
9ad726167e
changes to address scriptjunkie's rpc concerns
...
as described in https://github.com/rapid7/metasploit-framework/pull/820
2013-01-14 17:14:48 -06:00
a1e853500f
Merge branch 'bug/optint_empty' into feature/stage_encoding
2013-01-14 15:50:39 -06:00
21c18b78e6
Don't bother nil check, to_s handles it
2013-01-14 15:47:58 -06:00
0c90171fa7
Deal with alread-normalized ints
...
[See #1308 ][See #1304 ]
2013-01-14 15:31:14 -06:00
fb19ec1005
Merge branch 'rapid7' into feature/stage_encoding
2013-01-14 15:20:23 -06:00
b2ecb18a71
Allow OptInt to pass "" for special reasons
...
Cheap fix
2013-01-14 14:55:48 -06:00
9bb2dddf99
adds @todo for when tab_comp norm is completed
...
tab_completion normalization is RM7649
2013-01-14 14:53:31 -06:00
07d15baf89
Merge branch 'bug/opt_int_hex' of github.com:jlee-r7/metasploit-framework into jlee-r7-bug/opt_int_hex
2013-01-14 14:40:25 -06:00
bbb3fa25be
Allow negative values for OptInt
...
[FixRM #7540 ]
2013-01-14 14:18:56 -06:00
7ca9a216f4
Merge remote-tracking branch 'upstream/master' into msfconsole-grep
2013-01-14 14:15:32 -06:00
3c44769bd8
attempt to add nested tab completion
2013-01-14 14:15:13 -06:00
b3b68c1b90
Make stage encoding possible
...
* Fixes a bug in shikata where input greater than 0xffff length would
still use 16-bit counter
* Short circuits finding bad xor keys if there are no bad characters to
avoid
* Fixes huge performance issue with large inputs to xor-based encoders
due to the use of String#+ instead of String#<< in a loop. It now
takes ~3 seconds on modern hardware to encode a 750kB buffer with
shikata where it used to take more than 10 minutes. The decoding side
takes a similar amount of time and will increase the wait between
sending the second stage and opening a usable session by several
seconds.
I believe this addresses the intent of pull request 905
[See #905 ]
2013-01-13 21:07:39 -06:00
0d34e0b249
Fix regex for hex numbers
2013-01-13 20:53:40 -06:00
90b0a7035b
Recover the prompt again
2013-01-13 13:24:48 -06:00
7f90082bec
grep tab complete is working, but not fully
...
options tab complete, but not the commands at the end
2013-01-13 03:06:56 -06:00
d9990829d9
fixes some issues with -k and -s
2013-01-13 02:39:56 -06:00
1646fc8faa
Merge remote-tracking branch 'upstream/master' into msfconsole-grep
2013-01-13 02:18:54 -06:00
e7372250d2
added -k keep and -s skip
2013-01-13 02:18:45 -06:00
4703a6f737
Unbreak OptInt hex syntax
...
* Fix spec for no-longer-pending tests
* Fix regex in OptInt#valid? to allow hex syntax again
[See #1293 ][See #1296 ]
2013-01-12 14:17:29 -06:00
2f2a5c1d47
[FixRM: #2100 ] Rescue TerminateLineInput in irb
...
In irb, when you hit ^c, you will get an ugly backtrace. This
fix handles that exception.
2013-01-12 01:43:40 -06:00
b388f2357c
Reset modules_cached flag when database disconnects
2013-01-12 00:08:30 -06:00
06fb8f5443
Merge pull request #1293 from wchen-r7/optint_valid
...
Fix OptInt's valid?() function
2013-01-11 17:29:27 -08:00
8c04df4a47
[FixRM: #7535 ] Missing normalize() in OptPort
...
[FixRM: #7535 ] - Sometimes OptPort can return as a String instead
of Fixnum because OptPort is missing the normalize() function.
2013-01-11 18:34:27 -06:00
0347b173eb
Fix OptInt's valid?() function
...
[FixRM #7539 ] - The valid?() function will first normalize() the
user-supplied input before validation. The problem is that the
normalize() function will ALWAYS convert data to integer, therefore
whatever you validate, you will always get true. For example:
when I do "yomama".to_i, that returns 0, and of course will pass
integer validation.
2013-01-11 16:27:33 -06:00
4546d147d0
Merge branch 'master' of github.com:stephenfewer/metasploit-framework into stephenfewer-master
2013-01-11 01:43:45 -06:00
aa36b65aee
[FixRM #7673 ] "Failed to reload" error.
...
When db_disconnect is issued, this funtion does not update the status
of self.migrated to false. So when another reload command is used,
the update_module_details function will still try to connect to the
database, which causes the "Failed to reload" error.
2013-01-11 01:10:56 -06:00
19ff7f93ae
Merge remote-tracking branch 'wchen-r7/encoder_fixes' into rapid7
2013-01-10 17:41:08 -06:00
0f346dde9e
Some whitespace and ruby -c fixes
2013-01-10 17:29:54 -06:00
ab64c428ab
Merge remote-tracking branch 'kernelsmith/RM7676-migrate-h' into rapid7
2013-01-10 17:24:11 -06:00
d4854606f2
Cosmetic fixes
...
[FixRM #7223 ][See #1283 ]
2013-01-10 17:18:25 -06:00
192279544b
BufferRegister should be validated.
...
If BufferRegister is in lower-case, then gen_decoder_prefix will
return nil. When the return value is nil, other functions like
gen_decoder() will backtrace due to a "undefined method "+" for nil"
error. Therefore, this input should NOT be case-sensitive.
Also, if for some reason the user supplies an invalid BufferRegister,
the function should be aware of that and warn the user about the
bad input.
2013-01-10 17:14:38 -06:00
afb12983ab
Merge branch 'rapid7' into kernelsmith-msfconsole-suspend
2013-01-10 16:40:27 -06:00
e8c239dc81
changed TODO to @todo per egypt
2013-01-10 16:35:01 -06:00
b702263bbf
Added fix form Eric Milam to simple.disconnect
2013-01-10 16:33:03 -06:00
b3266823ba
Addressed egypt's comments
...
-changed the suspend/resume loop logic to reduce code duplication.
-fixed up some print_*'s to remove embedded \n's
-changed formatting on some error messages
-switched comment to a TODO:
-change host_processes.select (blah} to use .find instead
-adjusted code due to remvoal of the pids.dup, resulting in arr_pids
disappearing
2013-01-10 15:40:54 -06:00
7fd3440c1a
Fix hd's attempt to rename ruby payloads
2013-01-10 15:25:50 -06:00
4fcb8b6f8d
Revert "Rename again to be consistent with payload naming"
...
This reverts commit 0fa2fcd811
2013-01-10 15:24:25 -06:00
b11f941387
cleaned up at validate_pids conversion, fixed YARD doc
...
in validate_pids no longer need dup as conversion to ints was cleaned
up to use map. Which also improved readability and allowed adding uniq
and compact, thanks egypt.
YARD doc on cmd_suspend was incorrectly organized
2013-01-10 14:59:02 -06:00
6a10857daf
Merge remote-tracking branch 'bturner-r7/set_gem_path'
2013-01-10 12:55:55 -08:00
0fa2fcd811
Rename again to be consistent with payload naming
2013-01-10 14:16:37 -06:00
88b08087bf
Renamed and made more robust
2013-01-10 14:05:29 -06:00
8e6e1bc164
open up the bloxor encoder.
2013-01-10 17:39:40 +00:00
92e8def889
adds suspend to meterp and adds full pid validation
...
This fully fixes RM7223 and adds the suspend command to the meterpreter
interface.
Suspend allows you to suspend and resume running processes on the
targethost. It was originally written as a post module (and the dll
version will be submitted as such later), but egypt suggested I add it
to meterpreter
2013-01-09 23:25:32 -06:00
4c1e501ed0
Exploit for CVE-2013-0156 and new ruby-platform modules
2013-01-09 23:10:13 -06:00
950902f856
Add a tasteful URL to some banners.
2013-01-09 22:33:30 -06:00
6f26e9efb2
More banner sanity checking.
2013-01-09 22:32:53 -06:00
13140d05b1
Added some methods for checkout output and cleanup
2013-01-09 21:14:19 -06:00
12f0501f2f
Add a little erorr checking, another cow
2013-01-09 20:38:14 -06:00
a0ba2f4951
Seperate data from code
...
Banners are content more than anything.
2013-01-09 19:54:08 -06:00
4728a59189
fixes RM7676 migrate -h doesn't produce help
...
also adds YARD doc to cmd_migrate in collusion with egypt.
low threat change, but still tested on Win7-32 sp0, ruby 1.9.3-p125,
Framework Version: 4.6.0-dev just for kicks
2013-01-09 16:28:04 -06:00
a158611c95
Merge branch 'tasos-r7-web-modules'
2013-01-09 16:14:16 -06:00
8b25599feb
Merge branch 'web-modules' of github.com:tasos-r7/metasploit-framework into tasos-r7-web-modules
2013-01-09 16:14:04 -06:00
3b8914c270
skeleton & YARD doc for cmd_suspend added
...
functionality untested atm.
cmd_suspend_help also added
2013-01-09 15:34:04 -06:00
7a1a9985d5
Merge branch 'mysql_login_exceptions' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-mysql_login_exceptions
2013-01-09 18:21:03 +01:00
6490af720b
Make failures more verbose so people know what's going on
2013-01-09 11:11:26 -06:00
5ac6060fc1
Auxiliary::Web::HTTP_request: Updated to return an empty response on reset connections
2013-01-09 19:06:51 +02:00
74cdd918af
Auxiliary::Web::HTTP#run: don't allow connection or callback errors to abort the whole operation
2013-01-09 18:38:09 +02:00
c262288541
Fixed msftidy issues
2013-01-08 15:35:20 -06:00
3e1ea25207
Added Yard documentation
2013-01-08 15:20:13 -06:00
95a95d45ec
Fix importing msfxml files containing a session
...
[See #1179 ][SeeRM #7669 ]
2013-01-08 12:13:20 -06:00
c236e4e6e3
I took a stab at generating Yard documentation. I have never done it before...
2013-01-08 11:57:59 -06:00
4fd196c0de
Fixed typo, capitalization and column space
2013-01-08 11:52:40 -06:00
be36c4ebef
Some machines are sensitive about this.
2013-01-07 22:32:43 -06:00
1d3c1ec7fc
Merge branch 'master' of github.com:CharlieEriksen/metasploit-framework into CharlieEriksen-master
2013-01-07 19:03:35 -06:00
824bd84990
I forgot to add this exception
2013-01-07 18:06:39 -06:00
fc48cc117d
Merge branch 'bug/rm7665-netsparker-import' of github.com:jlee-r7/metasploit-framework into jlee-r7-bug/rm7665-netsparker-import
2013-01-07 17:19:52 -06:00
83ce282a75
Merge branch 'bug/rm7665-netsparker-import' of github.com:jlee-r7/metasploit-framework into jlee-r7-bug/rm7665-netsparker-import
2013-01-07 17:18:04 -06:00
a0e6c7043b
Add actual cdata handler
...
Netsparker puts requests, responses, and info for vulns inside a cdata
(which makes sense because it's usually html snippets). This commit
handles that so report_web_vuln will actually be somewhat useful. Note
that the request is ignored by report_web_vuln despite there being a
place for it in the WebVuln model.
[SeeRM #7665 ]
2013-01-07 17:16:48 -06:00
8bfca52941
Clear state for new vulns
...
[FixRM #7665 ]
2013-01-07 16:27:40 -06:00
5bc1066c69
Change how modules use the mysql login functions
2013-01-07 16:12:10 -06:00
261e095e5e
Handle exceptions in mysql_login
2013-01-07 16:02:59 -06:00
268de941c7
Merge branch 'tasos-r7-web-modules'
2013-01-07 13:37:32 -06:00
b53e8c794f
Fix indent level
2013-01-07 13:36:55 -06:00
3f9c459545
Fix ArgumentError when importing netsparker xml
2013-01-07 12:21:08 -06:00
7dd9d30363
Added a new mixin psexec.rb
2013-01-07 11:05:23 -06:00
986435c598
Fix typo
...
Typo found by @schierlm but mentioned after the commit of pull request #1187
Info: https://github.com/rapid7/metasploit-framework/pull/1187#commitcomment-2340457
2013-01-06 01:47:15 -05:00
3d3799d38d
Ok... even more explicit
2013-01-05 13:39:31 -06:00
25cadf8b87
Adding exploit for CVE 2012-4915
...
Initial commit.
Major functionality working. A bit of polish is still needed in a few
spots to handle exceptions and such.
2013-01-05 14:21:02 +00:00
4ff186c23d
Change the .text-too-small error message.
...
The original error message apparently confuses people, and this
can be easily improved. See the following:
https://community.rapid7.com/thread/2356
2013-01-05 01:57:41 -06:00
e1885cab0b
Merge remote-tracking branch 'upstream/master' into web-modules
2013-01-04 21:33:17 +02:00
3d4d6e9860
Crawler aux mixin updated to catch the mysterious and anonymous timeout exception and re-raise it as a Timeout::Error
2013-01-04 21:32:18 +02:00
04714893c8
Add force option to reboot command
2013-01-04 09:20:56 +00:00
d17a6f99e5
Merge branch 'feature/deprecated-module-mixin' of github.com:jlee-r7/metasploit-framework into jlee-r7-feature/deprecated-module-mixin
2013-01-04 00:38:01 -06:00
2f0e4cbd39
Merge pull request #1179 from rapid7/bug/bap-compro-hosts
...
Changes to BAP session storage
2013-01-03 14:27:13 -08:00
d9947a1515
Add a mixin for marking deprecated modules
...
* This mixin standardizes the previously ad-hoc deprecation warnings on
modules that have been moved.
* Uses the mixin in 3 existing modules that already have (or should have
had) deprecation warnings.
2013-01-02 19:14:44 -06:00
5777968c19
Set GEM_PATH when using built-in gemcache
...
This allows rubygems to work with gems loaded from lib/gemcache.
2013-01-01 21:25:24 -06:00
0b3143ff45
Fix railgun EOL
2012-12-30 16:32:15 +00:00
e05b55f32d
Add new functions
2012-12-28 03:48:35 -06:00
c695f429d5
Mirror upstream PacketFu fix on ICMP size
2012-12-27 14:56:49 -06:00
d2dc7ebc2d
Merge branch 'feature/windows-postgres-payload-dll' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-feature/windows-postgres-payload-dll
2012-12-26 11:18:21 -06:00
179e4cf870
Moving up to 4.6.0-dev
2012-12-24 08:40:29 -06:00
20cc2fa38d
Make Windows postgres_payload more generic
...
* Adds Exploit::EXE to windows/postgres/postgres_payload. This gives us
the ability to use generate_payload_dll() which generates a generic dll
that spawns rundll32 and runs the shellcode in that process. This is
basically what the linux version accomplishes by compiling the .so on
the fly. On major advantage of this is that the resulting DLL will
work on pretty much any version of postgres
* Adds Exploit::FileDropper to windows version as well. This gives us
the ability to delete the dll via the resulting session, which works
because the template dll contains code to shove the shellcode into a
new rundll32 process and exit, thus leaving the file closed after
Postgres calls FreeLibrary.
* Adds pre-auth fingerprints for 9.1.5 and 9.1.6 on Ubuntu and 9.2.1 on
Windows
* Adds a check method to both Windows and Linux versions that simply
makes sure that the given credentials work against the target service.
* Replaces the version-specific lo_create method with a generic
technique that works on both 9.x and 8.x
* Fixes a bug when targeting 9.x; "language C" in the UDF creation query
gets downcased and subsequently causes postgres to error out before
opening the DLL
* Cleans up lots of rdoc in Exploit::Postgres
2012-12-22 00:30:09 -06:00
9b768a2c62
Merge branch 'cleanup/post-windows-services' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-cleanup/post-windows-services
2012-12-21 23:42:17 -06:00
be7da83feb
Adds EHLO domain to smtp deliver
...
Allow the user to set the EHLO domain for the smtp deliver module.
This is needed for Pro functionality
[story #41549217 ]
2012-12-21 14:22:21 -06:00
2bb7b5ea11
Fixes error message for badchar
...
Note that only a custom module that allows for users to pass arguments
to nmap would be capable of hitting the error condition. Right now, only
auxiliary/scanner/oracle/oracle_login traverses the codepath, and that
doesn't allow for arbitrary args passed to nmap.
So... without contriving an example, it should be impossible to
experience or test.
[FixRM #7641 ]
2012-12-21 09:59:54 -06:00
be85cf54ab
Why in a quote?
2012-12-20 10:47:23 -06:00
f0991f3b3b
make "resp.body" as an advanced option
...
created a new advanced option "HttpUknownRequestResponse" that will be sent back in the HTML body of unknown requests instead of the old static "No site configured at this address" message.
2012-12-20 12:35:00 +03:00
0344c568fd
Merge branch 'smb_fixes' of git://github.com/alexmaloteaux/metasploit-framework into alexmaloteaux-smb_fixes
2012-12-18 11:38:14 -06:00
4b56e3c862
Merge branch 'tasos-r7-web-modules'
2012-12-18 10:38:00 -06:00
7602e6f3ca
Merge branch 'patch-6' of git://github.com/mubix/metasploit-framework into mubix-patch-6
2012-12-18 01:15:01 -06:00
10511e8281
Merge remote branch 'origin/bug/fix-double-slashes'
...
Ran the new normalize_uri() specs, all passes, so I'm quite confident in
this change.
2012-12-17 13:29:19 -06:00
378038afab
Merge remote-tracking branch 'upstream/master' into wldap32_railgun
2012-12-17 17:23:43 +00:00
6a92bd609a
Tidying and refactoring
2012-12-17 15:29:04 +00:00
b5fd3463d7
Initial working AD_LDAP lookup
2012-12-17 14:07:35 +00:00
b3118afcbb
Correct Railgun WriteProcessMemory var type
...
This is described here:
https://dev.metasploit.com/redmine/issues/7237
After change operates as expected.
2012-12-15 23:11:52 -05:00
36bcc1f7f5
Just show the relevant part of the error message
...
The full error is already in elog/dlog
2012-12-15 13:16:00 -06:00
4f3c6f973d
Changes to BAP session storage.
...
[SEERM #7294 ]
[Bug #40937817 ]
* exploit/multi/handler no longer filtered out from vuln creation and
other steps
* Name changed to parent module's name in session storage so we show something more helpful
than generic handler
* Same for vuln and attempt creation
2012-12-13 15:35:34 -06:00
f81ef9b68e
Merge branch 'bug/reload_all' of git://github.com/jlee-r7/metasploit-framework into jlee-r7-bug/reload_all
2012-12-13 12:33:39 -06:00
d7f6b0c373
Remove vestiges of ModuleManager's ModuleSet origins
2012-12-13 11:23:49 -06:00
3127808f76
Revert/remove unnecessary files
2012-12-13 11:02:54 +00:00
e60d10bd3d
Repackage as single module pull
2012-12-13 09:40:36 +00:00
c0b214c287
Merge branch 'bindaddress' of git://github.com/corelanc0d3r/metasploit-framework into corelanc0d3r-bindaddress
2012-12-13 02:06:23 -06:00
e762ca0d9b
Merge remote branch 'jlee-r7/midnitesnake-postgres_payload'
2012-12-12 15:30:56 -06:00
0d8d5baf6d
Resolve merge conflict from jlee-r7
2012-12-12 14:24:47 -06:00
6b4e021607
Make ModuleManager Enumerable
...
Fixes tools/module_* and probably some other lurking bugs
2012-12-12 13:41:04 -06:00
e09f4e609c
Merge remote branch 'jlee-r7/bug/rm7037-hash-iteration-redux'
2012-12-11 16:08:28 -06:00
a673c363fd
Use a more descriptive variable name
...
Also removes commented-out code.
2012-12-10 13:36:09 -06:00
11fec0bc07
adds rudimentary validity checking to pids for meterp kill
...
addresses redmine https://dev.metasploit.com/redmine/issues/7223 , but
may not be a truly encompassing solution. 'good bandaid' as egypt put
it
2012-12-05 13:17:33 -06:00
bc7cd4b452
Loop through module sets like super used to do
...
... since super doesn't exist any more.
Also changes to using ModuleSet#[] inside ModuleManager#[] instead of
ModuleSet#create to mimic original behavior when ModuleManager was a
subclass of ModuleSet.
2012-12-05 12:59:35 -06:00
d57c24dd5f
Use framework.payloads instead of modules
...
When we know the module we're creating is definitely a payload, don't
bother looking in the other module sets.
Also removes an exception message that gets ignored anyway because the
exception class has a hard-coded #to_s
2012-12-05 12:30:55 -06:00
62782f0273
Auxiliary::Web::Fuzzable: removed confusing HTTP response status messages [SEERM #7586 ]
2012-12-05 18:49:07 +02:00
77af4ba559
Missed a file in previous commit, thanks, travis!
2012-12-03 22:37:50 -06:00
f4476cb1b7
Really fix payload recalculation
...
Instead of deleting all non-symbolics before the re-adding phase of
PayloadSet#recalculate, store a list of old module names, populate a
list of new ones during the re-adding phase, and finally remove any
non-symbolic module that was in the old list but wasn't in the new list.
Also includes a minor refactoring to make ModuleManager its own thing
instead of being an awkard subclass of ModuleSet. Now PayloadSet doesn't
need to know about the existence of framework.modules, which makes the
separation a little more natural.
[FixRM #7037 ]
2012-12-03 22:23:40 -06:00
beffd1feda
Auxiliary::Web::Analysis::Taint#taint_analysis: added a bit of differential logic to avoid false positives in case the default responce matches the pattern we're looking for [FIXRM #7559 ]
2012-12-04 00:09:54 +02:00
dafa984166
Auxiliary::Web::Fuzzable#submit: bugfixed to call http.request instead of http.request_async
2012-12-04 00:06:17 +02:00
f6c27a4494
Auxiliary::Web#find_proof: updated doc comments
2012-12-04 00:05:12 +02:00
30d7de3157
The db search already prints results, return after
2012-12-02 01:14:56 -06:00
3ae47e2089
Move the thread tracking into the update method
2012-12-02 01:07:40 -06:00
51673ca152
Search reference values as well (ms08-067,etc)
2012-12-02 00:44:25 -06:00
f17ea91d7c
Whitespace changes only
2012-12-02 00:44:03 -06:00
7f822fabd7
Fix typo
2012-12-01 15:53:51 -06:00
7ada8aeac1
Correct bug number
2012-12-01 14:16:24 -06:00
725b085ef2
If there are no search results, try harder.
...
Sometimes, the database is active but the cache isn't filled out, or
doesn't contain the module you want. This can come up especially when
msfconsole first starts and you are programmatically searching for
modules, for whatever reason.
This allows for falling back to the regular (slow) search in the event
no hits have been returned. It does not actually address the caching
problem seen in QA, but it's generally going to be Good Enough. Search
is getting overhauled Real Soon Now anyway.
[FixRM #7533 ]
2012-12-01 14:06:32 -06:00
bc63ee9c46
Merge branch 'jvazquez-r7-file_dropper_support_local' into rapid7
2012-11-30 13:43:02 -06:00
1da3388194
Fix missing require
...
[Closes #1106 ]
2012-11-30 13:42:31 -06:00
a3c8e54d0a
Catch exceptions from broken modules
2012-11-30 11:04:23 -08:00
fee6ad9799
Bump to 4.5.0-release for testing
2012-11-30 11:04:23 -08:00
fc2feaaea3
Don't set BUNDLE_GEMFILE env var if already set
...
This allows setting BUNDLE_GEMFILE with `bundle exec` or some other
command in special cases.
2012-11-30 00:54:36 -06:00
213b3352fa
This adds report_last_detail() to Nexpose
2012-11-29 13:07:31 -08:00
c0c3dff4e6
Several fixes for smb, mainly win 8 compatibility
2012-11-28 22:49:40 +01:00
087ff328b6
correct comments documentation
2012-11-28 22:18:56 +01:00
David Maloney
Tasos Laskos
Royce Davis
HD Moore
RageLtMan
jvazquez-r7
sinn3r
Tod Beardsley
Tod Beardsley
James Lee
rogueclown
Rob Fuller
scriptjunkie
Trevor Rosen
Raphael Mudge
kernelsmith
Robin Wood
Meatballs1
Stephen Fewer
Charlie Eriksen
jvennix-r7
Brandon Turner
Sherif Eldeeb
Samuel Huckins
Alexandre Maloteaux