cffa55b12e
Improve proxy chain description
2015-01-18 22:32:22 -06:00
86a37b4cff
First create NewClassDesc refactoring
2015-01-18 17:47:26 -06:00
5b964bba6a
Land #4518 , Wordpress long password DoS
2015-01-18 23:55:06 +01:00
84f5c7ed61
Use extract_string and extract_int
2015-01-18 01:23:19 -06:00
3a3e37ba6c
Refactor extract_mbean_server
2015-01-18 01:20:13 -06:00
4247747fc5
Refactor extract_object
2015-01-18 01:13:00 -06:00
ab391f3b32
Do minor JMX mixin cleanup
2015-01-17 22:40:43 -06:00
a2a1a90678
Land #4316 , Meatballs1 streamlines payload execution for exploits/windows/local/wmi
...
also fixes a typo bug in WMIC
2015-01-16 11:16:22 -06:00
c516190d07
Create Msf::Jmx::Util
2015-01-15 23:21:54 -06:00
d9c6c56779
Refactor extract_rmi_connection_stub
2015-01-15 23:15:30 -06:00
2d2f26a0e3
Change method names for stream builders
2015-01-15 23:01:27 -06:00
273ba54a21
Fix server/capture/smb to use create_credential
2015-01-15 22:39:11 -06:00
00117fc963
Do first and ugly refactoring
2015-01-15 21:18:03 -06:00
da1c56a65d
Add minimal tests for get/getg
2015-01-15 14:46:12 -08:00
7a900cc889
More Ruby-ish way for cmd_get
2015-01-15 11:54:01 -08:00
8aff50aed1
Make get/getg help more consistent
2015-01-15 11:36:32 -08:00
45cef82f6c
Use appropriate help for get/getg
2015-01-15 11:35:39 -08:00
621cada2ac
Undo build_gc_call_data refactoring
2015-01-14 16:47:28 -06:00
f0de45c371
Fix typo and add Subject support
2015-01-14 02:17:29 -06:00
ad082bc1af
Add specs for build_dgc_ack
2015-01-13 11:02:16 -06:00
6dad66c04c
add Date header support to SMTP deliver
...
the SMTP mixin now supports the Date header.
The user can supply a a value for the Date Header
or else it will automatically use the current local
DateTime. This will help alleviate certain issues
caused by servers setting this field for the cliebnt incorrectly
MSP-9390
2015-01-12 11:18:07 -06:00
d8743ea32b
Land #4539 , @Meatballs1's creds cmd now supports type filters, -R for search
2015-01-08 18:48:27 -08:00
7c4b86ca4c
If an unsupported cred type is given to -t, show what is valid
2015-01-08 18:42:25 -08:00
e4cdac1440
Land #4559 , @FireFart's fix for wordpress version detection (from wpscan)
2015-01-08 15:19:29 -08:00
fb5170e8b3
Land #2766 , Meatballs1's refactoring of ExtAPI services
...
- Many code duplications are eliminated from modules in favor of shared
implementations in the framework.
- Paths are properly quoted in shell operations and duplicate operations are
squashed.
- Various subtle bugs in error handling are fixed.
- Error handling is simpler.
- Windows services API is revised and modules are updated to use it.
- various API docs added
- railgun API constants are organized and readable now.
2015-01-08 16:54:01 -06:00
ed74271c26
Land #4548 , @dmaloney-r7's fix to allow loginscanners to work w/o a DB
2015-01-08 14:50:08 -08:00
14b1d8dc5f
no space required
2015-01-08 23:43:06 +01:00
98cee8249d
Move non-active DB messages to warning and clarify/simplify
2015-01-08 14:40:47 -08:00
f7eb9a6cf8
update wordpress version detection regex
2015-01-08 23:36:59 +01:00
50ecfbf64c
Land #4553 - Update bypass UAC to work on 7, 8, 8.1, and 2012
2015-01-08 16:19:55 -06:00
05279ef02a
consistently use double-quoted paths
...
allow for variable expansion if needed
2015-01-08 16:10:28 -06:00
fa5cd928a1
Refactor exploit to use the mixin
2015-01-08 16:04:56 -06:00
ca765e2cc5
Refactor client mixin
2015-01-08 15:46:24 -06:00
873ade3b8a
Refactor exploit module
2015-01-08 14:52:55 -06:00
956bf0c8f9
Fix indentation
2015-01-08 14:31:37 -06:00
e9e6c32769
Move build* calls to Streams
2015-01-08 14:13:06 -06:00
23d0ae9488
Add Streams mixin
2015-01-08 14:01:41 -06:00
c205ef28d4
Refactor build_gc_call
2015-01-08 14:01:04 -06:00
a5b56c7d09
fix error
2015-01-08 19:48:29 +01:00
fd7e65d459
derp just check db active
...
the other way of doing this was stupid, jsut check if
the db is active
2015-01-08 11:58:56 -06:00
bf482e806c
Add YARD documentation for the YARD mixin
2015-01-08 09:56:32 -06:00
8f720ef766
Use get_env in runas
2015-01-08 11:07:40 +00:00
73e3cd19c3
Convert java_rmi_server aux mod to use new mixin
2015-01-08 00:29:50 -06:00
844460dd87
Update bypass UAC to work on 8.1 and 2012
...
This commit contains a bunch of work that comes from Meatballs1 and
Lesage, and updates the bypassuac_inject module so that it works on
Windows 8.x and Windows 2012. Almost zero of the code in this module
can be attributed to me. Most of it comes from Ben's work.
I did do some code tidying, adjustment of style, etc. but other than
that it's all down to other people.
2015-01-08 15:39:19 +10:00
7dd7e62726
Add first mixin draft
2015-01-07 20:42:44 -06:00
d59805568e
Do first module refactoring try
2015-01-07 19:06:09 -06:00
f0261a418c
Lands #4535 , report_auth_info shoring up
2015-01-07 16:32:14 -06:00
001b6d913e
allows loginscanners to work without db
...
created stub methods around the credential
creation methods modules would use from
Metasploit::Credential, they try to call the real ones
but rescue a NoMethodError that arises if framework is setup
without the db. it just prints a message to the console
telling the user the cred data will not be saved
MSP-10969
2015-01-07 16:09:04 -06:00
e6f53ebcbc
Remove duplicate rhosts
2015-01-07 22:04:01 +00:00
dccd21a559
Resolve #3870 , reinstance creds -R
2015-01-07 22:01:45 +00:00
da2e088118
Land #4536 , Ruby 2.2 compat fixes
...
Note that ActiveRecord 3.2.21 still has a similar warning that will
probably cause bugs, preventing full support for 2.2 until that's fixed.
2015-01-07 15:33:23 -06:00
e3e9a64064
Land #4543 , Update john.conf with korelogic rules
2015-01-07 21:30:44 +00:00
0b0ac1455a
Merge remote-tracking branch 'upstream/master' into extapi_service_post
...
Conflicts:
test/modules/post/test/services.rb
2015-01-07 20:53:34 +00:00
294cd80a08
Update documentation for wordpress_login
2015-01-07 18:32:52 +00:00
4ad7021336
give user option to turn on KoreLogic rules
...
the cracker modules in framework now have a datastore option
to allow the user to select the KoreLogicRules
2015-01-07 12:32:26 -06:00
702511dbc5
respect DB_ALL_USERS & DB_ALL_PASS
...
fix last few things in authbrute
and make the CredentialCollections understand the
additional seperate components
MSP-11986
2015-01-07 11:41:41 -06:00
7ff2ba0725
first pass on fixing DB_ALL authbrute stuff
...
DB_ALL_CREDS worked but DB_ALL_USER and DB_ALL_PASS
did not. working on fixing that.
This commit also does some nice DRY work in the auth_brute mixin
MSP-11986
2015-01-07 11:30:39 -06:00
aef8c702d7
Filter creds by type
2015-01-07 17:19:31 +00:00
e90e98547b
Add configurable timeout to WordPress login
2015-01-07 17:06:31 +00:00
478505c17a
ruby 2.2 compatibility
...
https://bugs.ruby-lang.org/issues/10314
2015-01-07 11:41:34 +02:00
609c490b3c
I missed nobfu
2015-01-06 12:49:39 -06:00
2ed05869b8
Make Msf::Exploit::PDF follow the Ruby method naming convention
...
Just changing method names.
It will actually also fix #4520
2015-01-06 12:42:06 -06:00
0bece137c1
Land #4494 , Object.class.to_s fix
2015-01-06 02:27:35 -06:00
dd5c638ab0
Merge remote-tracking branch 'upstream/master' into extapi_service_post
2015-01-05 22:18:44 +00:00
fc91244252
insert deprecation error message
...
report_auth_info will now issue an error message
stating that the method is deprecated along with the module name
that called it
MSP-11919
2015-01-05 14:02:16 -06:00
db8f260557
add some YARD docs to report_auth_info
...
add yard docs for the modified report_auth_info
MSP-11919
2015-01-05 13:58:25 -06:00
71d600e829
make report_auth_info create new creds and logins
...
report_auth_info coerces old data into the new credential
types as best as it is able
MSP-11919
2015-01-05 13:41:30 -06:00
d45cdd61aa
Resolve #4507 - respond_to? + send = evil
...
Since Ruby 2.1, the respond_to? method is more strict because it does
not check protected methods. So when you use send(), clearly you're
ignoring this type of access control. The patch is meant to preserve
this behavior to avoid potential breakage.
Resolve #4507
2015-01-02 13:29:17 -06:00
b121e2c3fd
adds a get and getg method besides the already existing set/setg and unset/unsetg
2015-01-02 12:40:24 +01:00
056046f38b
update wordpress readme regex
2015-01-01 23:13:20 +01:00
6d966dbbcf
Land #4203 , @jvazquez-r7's cleanup for java_rmi_server
2014-12-31 11:25:19 -05:00
4f11dc009a
fixes #4490 , class.to_s should not be used for checks
2014-12-31 10:46:24 +01:00
553030b22d
Land #4473 - Log backtraces by default
2014-12-30 18:13:33 -06:00
6444d8ba64
use kind_of? for checking exceptions
2014-12-30 21:16:57 +01:00
9af3fd01d4
Fix response_timeout
...
response_timeout is a method specific to a meterpreter session, not
shell. So if the user is using a shell type payload, he will never
see a backtrace before interacting with the sessions.
2014-12-29 17:03:50 -06:00
555713b6ae
Land #4456 - MS14-068, Kerberos Checksum (plus krb protocol support)
2014-12-29 16:09:28 -06:00
f9b141c1e2
Land #4442 , wchen-r7's configurable session response timeout option
...
fixes #4431
2014-12-29 13:02:47 -06:00
3a73b40a1e
more error handling
2014-12-29 00:39:00 +01:00
7b52bcb657
log errors into framework.log
2014-12-29 00:20:26 +01:00
04772c8946
Ensure stop_service closes Rex::Proto::Http::Server
2014-12-26 13:50:03 -06:00
725a17c70b
override default attr for OptRegexp
...
Rather than literally returning the default Regex object, override the accessor
to return the string representation. This allows the RPC backend to properly
serialize the options hash values, since msgpack does not know how to serialize
a Regexp object. Fixes #3798 .
To verify the fix, run the steps for issue #3798 and ensure that the module
options are returned instead of a backtrace. Also, ensure that the module
continues to work as expected:
```
$ ./msfconsole -q
msf > use auxiliary/scanner/http/scraper
msf auxiliary(scraper) > info
Name: HTTP Page Scraper
Module: auxiliary/scanner/http/scraper
License: Metasploit Framework License (BSD)
Rank: Normal
Provided by:
et <et@metasploit.com>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
PATH / yes The test path to the page to analize
PATTERN (?i-mx:<title>(.*)<\/title>) yes The regex to use (default regex is a sample to grab page title)
Proxies no Use a proxy chain
RHOSTS yes The target address range or CIDR identifier
RPORT 80 yes The target port
THREADS 1 yes The number of concurrent threads
VHOST no HTTP server virtual host
override default attr for OptRegexp
Description:
Scrap defined data from a specific web page based on a regular
expresion
msf auxiliary(scraper) > set RHOSTS lwn.net
RHOSTS => lwn.net
msf auxiliary(scraper) > set RHOSTS 72.51.34.34
RHOSTS => 72.51.34.34
msf auxiliary(scraper) > set VHOST lwn.net
VHOST => lwn.net
msf auxiliary(scraper) > run
[*] [72.51.34.34] / [Welcome to LWN.net [LWN.net]]
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
```
2014-12-24 09:57:14 -06:00
c2bcde24ef
Land #4377 , Support DYNAMIC_BASE templates - resolves #4366
2014-12-23 11:57:33 +00:00
e974d272f0
Remove stray line comment that ruined things when minified.
2014-12-23 00:22:50 -06:00
f37cf555bb
Use random subkey
2014-12-22 15:39:08 -06:00
ad97457a39
Move more constants to Crypto
2014-12-22 15:27:16 -06:00
75a2846377
Add more PAC constants
2014-12-22 15:14:46 -06:00
5a6c915123
Clean options
2014-12-22 14:37:37 -06:00
bcf659792e
Restore original timeout
2014-12-22 12:34:52 -06:00
f3b263f57d
Use more crypto constants
2014-12-22 12:13:23 -06:00
b96d172ccc
Use constant names
2014-12-22 11:58:59 -06:00
ff208002d7
Reorganize the Crypto mixin
2014-12-22 11:57:35 -06:00
7a45918ecc
Add specs for Msf::Kerberos::Client::TgsRequest
2014-12-22 11:28:24 -06:00
8c62822ab9
Add specs for Msf::Client::Kerberos::AsRequest
2014-12-22 09:34:21 -06:00
b469ff3567
Add doc references to Msf::Kerberos::Client::CacheCredential
2014-12-22 08:54:09 -06:00
1f3eded4a8
Add specs for Msf::Kerberos::Client::CacheCredential
2014-12-21 23:47:40 -06:00
7cb27408b2
Add doc references por spec'd mixins
2014-12-21 21:03:58 -06:00
60d4525632
Add specs for Msf::Kerberos::Client::Pac
2014-12-21 17:49:36 -06:00
e219b0b249
Add specs for Msf::Kerberos::Client::AsResponse
2014-12-21 01:12:00 -06:00
9f1403a63e
Add initial specs for Msf::Kerberos::Client::TgsResponse
2014-12-20 20:29:00 -06:00
5f0c3ebb2b
Add documentation for Msf::Kerberos::Client::TgsResponse and TgsRequest
2014-12-20 19:32:38 -06:00
ffb319d703
Add documentation for Msf::Kerberos::Client::AsRequest
2014-12-20 18:57:49 -06:00
8929cbd6b3
Fix typo
2014-12-20 18:29:50 -06:00
e35218b6f1
Add documentation for Msf::Kerberos::Client::CacheCredential
2014-12-20 18:28:36 -06:00
ca75b4b74a
Add documentation for Msf::Client::Kerberos::Pac
2014-12-20 01:36:54 -06:00
cf13dc8d53
Do build_ap_req
2014-12-20 01:25:20 -06:00
422d3ce9b5
Take more care of options on build_tgs_request
2014-12-20 01:13:56 -06:00
ad8bbf4477
Rescue rescue Rex::TimeoutError so the iteration can keep going
2014-12-20 01:12:30 -06:00
a8e3ee033c
Fix #4431 - Support arbitrary session response timeout
...
Fix #4431
2014-12-20 00:25:02 -06:00
cd16e11b22
Make checksum from a method
2014-12-19 20:08:15 -06:00
b0ac68fbc3
Create build_subkey method
2014-12-19 19:46:57 -06:00
4a106089b9
Move options to build_tgs_request_body
2014-12-19 19:12:17 -06:00
e6781fcbea
Build AuthorizationData from the module
2014-12-19 18:59:39 -06:00
9bd454d288
Build PAC extensions from the module
2014-12-19 18:47:41 -06:00
04ef087434
Delete Microsoft namespace from the mixin
2014-12-19 18:41:27 -06:00
b78765e584
Create PAC mixin component
2014-12-19 18:36:02 -06:00
f332860c19
Clean creation of client and server principal names
2014-12-19 18:16:22 -06:00
bd85723a9d
Build pre auth array out of the mixin
2014-12-19 18:10:14 -06:00
d3050de862
Remove references to Redmine in code
...
See #4400 . This should be all of them, except for, of course, the module
that targets Redmine itself.
Note that this also updates the README.md with more current information
as well.
2014-12-19 17:27:08 -06:00
9cfc52b5af
Extract build_as_request_body
2014-12-19 17:00:39 -06:00
fcb801c729
Add Timeout datastore option
2014-12-19 16:53:12 -06:00
d058bd5259
Refact extraction of kerberos cache credentials
2014-12-19 15:53:24 -06:00
f4037b1003
Clean Kerberos Rex client code
2014-12-19 11:08:48 -06:00
f325d2f60e
Add support for cache credentials in the mixin
2014-12-18 16:31:46 -06:00
723998e1d4
Land #4425 , jobs tab completion NilClass fix
2014-12-18 15:25:57 -06:00
400bd9a094
Fix jobs NilClass tab complete bug
2014-12-18 15:43:04 -05:00
80cd04d76a
Land #4332 , test optimization for Cucumber
...
* Make Cuke run faster on TravisCI
2014-12-18 09:34:55 -06:00
f3f6a64f02
Add some AS response methods to a mixin
2014-12-17 19:50:42 -06:00
8e570cc19b
Initial support to send TGS-REQ
2014-12-17 18:55:30 -06:00
549f3c69ff
Dont crash when tab complete threads command with typos
2014-12-17 19:36:04 -05:00
698ca2639b
Do not delete files that do not exist in rm_f
2014-12-17 09:18:06 -05:00
662160ef61
Refactor mixin
2014-12-16 23:48:53 -06:00
594b9bcfc2
Add support for AuthorizationData
2014-12-16 23:21:13 -06:00
9de4137aa7
Patch UA/Proxy settings during migration, lands #3632
2014-12-16 22:21:48 -06:00
370f6003e3
Refactors metsrv patching in reverse_hop_htt.rb
2014-12-17 11:57:17 -05:00
1930eb1bf8
Refactors metsrv patching in reverse_http.rb
2014-12-17 10:04:43 -05:00
a93cbac7bf
Support ticket encoding
2014-12-16 16:04:13 -06:00
c2bc79c53c
Resolves #4275 - Configurable variable name as an option
...
Resolves #4275
2014-12-15 23:59:34 -06:00
c24fdb81b5
Land #4389 , Meatballs1's fix for enum_ad_* post module regressions
...
Fixes #4387 by adjusting for the new return type from ADSI queries.
2014-12-15 10:45:12 -06:00
0abf5d147e
Add some documentation
2014-12-14 00:51:44 -06:00
e2617c7095
Return the workspace id in responses, lands #4142
2014-12-13 18:04:58 -06:00
6ea5ed1a82
Shrinks windows payloads, lands #4391
2014-12-13 17:41:50 -06:00
f67a32ef9c
Add missing commits from #3770 , lands #4393
2014-12-13 17:36:26 -06:00
5d18de2ebf
Fix legacy railgun LDAP implementation
2014-12-13 18:26:26 +00:00
92490ab5e8
Singles updated from the source
2014-12-13 12:22:07 -06:00
4681416a0f
Update block_api with @schierlm's changes
2014-12-13 12:06:38 -06:00
bde8c380c2
Make mixin run
2014-12-13 02:46:00 -06:00
f676b72767
Add Kademlia scanner, lands #4210
2014-12-12 16:40:58 -06:00
9545b6e4d6
Land #4343 , os_flavor reduction
2014-12-12 14:49:15 -06:00
177cade6a5
Merge branch 'land-4274-ssl' into temp
2014-12-12 13:25:54 -06:00
985245e8a1
Document method
...
Fix #4366 (support dynamic_base templates)
2014-12-12 01:22:32 -06:00
78eb3325bc
Add initial Rex Client and mixin
2014-12-12 01:20:14 -06:00
b8e58d0f04
Support 32 and 64-bit for exe-only, and fix -k
2014-12-12 01:13:09 -06:00
d311059e75
Fix DYNAMIC_BASE templates
2014-12-11 20:44:03 -06:00
0c1d02c940
Fix event handlers on ruby 2
...
Fixes #4219
2014-12-11 20:08:45 -06:00
0eea9a02a1
Land #3144 , psexec refactoring
2014-12-10 17:30:39 -06:00
9202c4f2a1
No mercy for os_flavor
2014-12-10 11:46:21 -06:00
d74a8f6c41
Include the datastore options for the encoder too
2014-12-09 16:32:41 -05:00
a584a5982f
Clarify about how BES uses os_flavor
...
We don't. We don't use os_flavor anymore because it is no longer
implemented. We get the information from os_name instead.
2014-12-09 12:21:59 -06:00
42710cc32e
Error messages for the python meterpreter
2014-12-09 11:03:57 -06:00
8c0610cb7a
Merge branch 'master' into feature/MSP-11671/test-optimization
...
MSP-11671
Conflicts:
.travis.yml
2014-12-08 08:46:22 -06:00
19effa7eb9
Fix feedback's review
2014-12-06 21:47:55 -06:00
21742b6469
Test #3729
2014-12-06 21:20:52 -06:00
da92e4705c
Land #4319 , @wchen-r7's fix for #4307
2014-12-05 12:08:39 -08:00
0431720a07
Land #4294 , msfconsole speedups on module load
...
Related to #4257 and #4195 vaguely, and possibly even #4147 .
2014-12-05 13:45:11 -06:00
abf199f924
Remove junk code
2014-12-05 11:01:34 -06:00
cfc1acfcae
Fix #4307 - Check action for nil
...
Auxiiary modules already do this, but looks like we forgot to do the
same for post modules.
I also changed the error to allow "reason" in order to be more
informative about what the user should do.
Fix #4307
2014-12-04 17:07:59 -06:00
743e9fca9d
Correctly set default SECRET
2014-12-04 14:06:22 -08:00
1e423f415e
Add missing opt ,
2014-12-04 14:05:17 -08:00
7f425fc3ab
Configurable fix for #4305
...
Rename UDP_SECRET to just SECRET, as it is used for more than just UDP
Rename and properly document GATEWAY option
Introduce an option to configure what UDP port will be probed
2014-12-04 13:17:34 -08:00
186d8bd359
Fix starts_with?
2014-12-04 20:16:56 +00:00
f22d7191cd
Test fix for #4305
2014-12-04 10:59:57 -08:00
d8b1401545
Test fix for #4306
2014-12-03 19:54:31 -08:00
8f2e444aca
Land #4281 , ::Queue workarounds for 2.1.x
...
Conflicts:
lib/msf/core/handler/reverse_tcp.rb
2014-12-03 15:48:20 -06:00
f6f0050f56
Fix #3886 - Backtrace for #check when session is invalid
...
If the user supplies an invalid session (as in not on the session
list), it will cause a backtrace, because the setup method from
Msf::PostMixin isn't actually called.
We have thought about implementing this in a new OptSession instead.
But you can't use or even pass framework to option_container.rb, so
this is NOT possible.
The original PR was #3956 .
2014-12-02 17:22:46 -06:00
fb439258b9
Land #4298 , arbitrary Ruby extension for replicant
...
MSP-11673
* Adds Msf::Module#register_extensions
* Extensions are arbitrary Ruby modules
* Allows overriding of psuedo callbacks
2014-12-02 14:59:37 -06:00
f696a5ab0e
msfconsole --defer-module-loads
...
MSP-11671
Add command line option --defer-module-loads to msfconsole. It will
stop `Msf::Ui::Console::Driver` from calling
`framework.modules.init_module_paths` AND
`framework.modules.refresh_cache_from_database`. This flag is only
meant to speed up msfconsole boot when modules do not need to accessed,
such as during cucumber testing of command help or command line options.
2014-12-02 14:41:32 -06:00
2a033861dc
Just use constants directly
...
MSP-11673
2014-12-02 13:12:53 -06:00
784e138b14
Extend replicants via arbitrary Ruby code
...
MSP-11673
* Implements a #register_extensions method on Msf::Module
* Any registered Ruby modules will extend the cloned module returned by #replicant
2014-12-02 12:18:30 -06:00
35ff82c9d8
Merge branch 'bug/MSP-11672/double-init-module-paths' into feature/MSP-11671/msfconsole-defer-module-loads
...
MSP-11671
2014-12-02 11:57:47 -06:00
fc96d011ab
Python reverse_http stager, lands #4225
2014-12-02 11:47:31 -06:00
9272fe90ae
Merge branch 'master' into bug/MSP-11672/double-init-module-paths
...
MSP-11672
2014-12-02 11:23:51 -06:00
90c6764426
init_module_paths once in msfconsole
...
MSP-11672
Pass `'DeferModuleLoads' => false` to `Msf::Simple::Framework.create` so
that `framework.modules.init_module_paths` is only called once (directly
in `Msf::Ui::Console::Driver#initialize`) instead of twice (in
`Msf::Simple::Framework.create` and `Msf::Ui::Console::Driver#initialize).
2014-12-02 10:28:23 -06:00
653c71e029
Fail if init_module_paths called more than once
...
MSP-11672
Calling init_module_paths takes 6 seconds on my machine even when there are no
files to that are changed just because it takes that long to walk the
directories and gather the mtime for each file. Therefore, calling it
more than once should be avoided. Also, there is no reason to call it
twice as to add paths later, `modules.add_module_paths` should be used.
2014-12-02 10:17:09 -06:00
bd3d63a155
Land #4270 , Msf::Author cleanup and improvements
2014-12-02 01:26:42 -06:00
7e2b197f02
Document Msf::Simple::Framework.create
...
MSP-11671
2014-12-01 15:38:48 -06:00
57cabb4f10
Document Msf::Simple::Framework.simplify
...
MSP-11671
2014-12-01 15:36:38 -06:00
394d132d33
Land #2756 , tincd post-auth BOF exploit
2014-12-01 12:13:37 -06:00
c681654c10
Land #4252 - Rework meterpreter SSL & pass datastore to handle_connection()
2014-11-30 20:15:53 -06:00
f139795663
Rework queue handling and error reporting, close #4249
2014-11-28 14:56:02 -06:00
2bd7a67413
Restructure parts of Author, fix some doc bugs.
2014-11-26 13:54:23 -06:00
a34e721353
Check for load errors in reload_all
2014-11-25 13:13:40 -06:00
0ed356f71c
Move Kademlia stuff to a more OO model, etc, per reviews
...
All of the work is done in rex. The msf mixin just prevents the
desire to call rex directly from the module
2014-11-24 14:03:43 -08:00
4dc1183ff5
Protecting it once seems like enough (typo)
2014-11-22 17:42:07 -06:00
673e21cfaf
Rework meterpreter SSL & pass datastore to handle_connection()
...
This allows HandlerSSLCert to be used to pass a SSL certificate into the Meterpreter handler. The datastore has to be passed into handle_connection() for this to work, as SSL needs to be initialized on Session.new. This still doesn't pass the datastore into Meterpreter directly, but allows the Session::Meterpreter code to extract and pass down the :ssl_cert option if it was specified. This also fixes SSL certificate caching by expiring the cached cert from the class variables if the configuration has changed. A final change is to create a new SSL SessionID for each connection versus reusing the SSL context, which is incorrect and may lead to problems in the future (if not already).
2014-11-22 15:35:00 -06:00
823b4e259a
Make it clear SSLVersion is not advertised since it isn't used
2014-11-22 14:25:09 -06:00
842a7a38d8
Change SSLCert to HandlerSSLCert to avoid conflicts with modules
2014-11-22 14:23:56 -06:00
9ed8c59459
Bring options over from reverse_tcp (bind address, etc).
...
Also includes the SSLCert => HandlerSSLCert change
2014-11-22 14:22:54 -06:00
e255db9429
Partial commit
2014-11-20 13:49:36 -08:00
5d2c02f402
Initial commit of more OO version of Rex/Aux Kademlia support
2014-11-20 13:28:01 -08:00
2f92a83092
Change to example.com as the default domain
2014-11-20 14:53:36 -06:00
William Vu
jvazquez-r7
Christian Mehlmauer
Brent Cook
James Lee
Jon Hart
David Maloney
sinn3r
Meatballs
OJ
Samuel Huckins
rastating
dmooray
Sven Vetsch
Spencer McIntyre
Joe Vennix
Tod Beardsley
Trevor Rosen
HD Moore
Sean Verity
Luke Imhoff
Fernando Arias