Commit Graph

14722 Commits (db12413b099f02eb7d5c945ee025cfe9bfa2059a)

Author SHA1 Message Date
James Lee db12413b09 Convert vcms_upload to use PhpEXE
Incidentally adds a Linux x86 target
2012-10-12 04:29:57 -05:00
James Lee 13a5892e95 Add a mixin for uploading/executing bins with PHP
And use it in three modules that had copy-paste versions of the same
idea.
2012-10-12 02:57:41 -05:00
James Lee 0adabb1e06 Merge branch 'wchen-r7-projectpier' into rapid7
[Closes #889]
2012-10-11 18:32:04 -05:00
sinn3r 55c0cda86c Merge branch 'fix_vprint_reduceright' of git://github.com/kernelsmith/metasploit-framework into kernelsmith-fix_vprint_reduceright 2012-10-11 16:55:52 -05:00
kernelsmith c911eeece2 change vprint_error to print_error
exploits/windows/browser/mozilla_reduceright does not tell you when an
incompatible browser connects like most other browser exploits do
(unless verbose is true).  This change just changes the vprint to print
to be more consistent w/other browser exploits
2012-10-11 16:51:17 -05:00
sinn3r 9ea208d129 Oops, overwrote egypt's changes by accident 2012-10-11 16:40:52 -05:00
sinn3r 82eaa322fe Make cleanup work better 2012-10-11 16:39:54 -05:00
James Lee 3a66a07844 Proposed re-wording of description
[See #889]
2012-10-11 15:48:04 -05:00
sinn3r 24980e735b I found an OSVDB ID 2012-10-11 15:28:07 -05:00
sinn3r 55128f5bb3 Make sure res has value before passing it on to exec_php 2012-10-11 14:43:38 -05:00
sinn3r 033a11eff5 Add Project Pier File Upload Vulnerability 2012-10-11 13:47:40 -05:00
Tod Beardsley 7d848c7147 Merge remote branch 'origin/bug/fastlib-nested-pathnames' 2012-10-10 17:31:36 -05:00
sinn3r b8e880bf82 Merge branch 'post-module-sdel' of https://github.com/bmerinofe/metasploit-framework into bmerinofe-post-module-sdel 2012-10-10 13:42:20 -05:00
sinn3r 32ad20d0e0 Merge branch 'jlee-r7-bug/activerecord-dep' 2012-10-10 13:41:51 -05:00
sinn3r 1ea73b7bd2 Small description change and favor the use of print_error 2012-10-10 13:37:23 -05:00
jvazquez-r7 f32ce87071 delete comment added by error 2012-10-10 19:32:25 +02:00
jvazquez-r7 13e914d65e added on_new_session handler to warn users about cleanup 2012-10-10 19:31:38 +02:00
jvazquez-r7 b4485fdb2b added chm templates 2012-10-10 19:21:47 +02:00
jvazquez-r7 37dc19951b Added module for ZDI-12-169 2012-10-10 19:14:54 +02:00
HD Moore 98c387cc81 Merge pull request #886 from todb-r7/fix-msfupdate
Fix msfupdate for #7297
2012-10-10 09:23:28 -07:00
Tod Beardsley 09f34268d2 Deal with blank or missing config-dir better
Just deleting at an index will be surprising when you've already deleted
the wait/nowait. Use an Array#compact strategy instead.

Also, always define a sensible config-dir, even if none is given. If the
user wants to pass one especially, they can.

[FixRM #7297]
2012-10-10 10:18:40 -05:00
Tod Beardsley f247379bb1 Handle the old wait/nowait shift behavior.
The old msfupdate would shift the first argument off the stack
regardless what it was. We have two possible candaidates now, wait and
nowait. Shouldn't be any others.

[SeeRM #7297]
2012-10-10 09:50:30 -05:00
Borja Merino 21d1a5857a Adding Iterations options 2012-10-10 12:32:30 +02:00
James Lee 9a0a063048 Whitespace at EOL 2012-10-09 16:56:22 -05:00
James Lee 32680df7ec Merge branch 'todb-r7-fix-msfupdate' into rapid7
[Closes #883][Closes #882]
2012-10-09 16:54:25 -05:00
Tod Beardsley a31984c0ab Always provide --config-dir for msfupdate
Otherwise, you will run into problems described in #882.
2012-10-09 16:25:06 -05:00
Borja Merino 7b45ef6038 Applying changes. Blocks -Begin .. End- deleted 2012-10-09 21:52:49 +02:00
James Lee db4ba472d5 [Closes #881] 2012-10-09 13:29:31 -05:00
HD Moore 22f7c42b85 Merge branch 'master' into feature/updated-mobile 2012-10-09 12:58:19 -05:00
sinn3r 5ce26c4524 Merge branch 'bug/activerecord-dep' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-bug/activerecord-dep 2012-10-09 11:18:02 -05:00
sinn3r 1ba57af00a Merge branch 'master' into bug/windows-pro-modules 2012-10-09 11:15:45 -05:00
Luke Imhoff 2d1fd1c305 Pass file size to read for faster reads on Windows 2012-10-09 11:04:05 -05:00
jvazquez-r7 4fa3631e34 avoiding the python support on the barracuda one if cannot be tested 2012-10-09 18:01:23 +02:00
jvazquez-r7 f33411abd1 Merge branch 'python_payload_support' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-python_payload_support 2012-10-09 18:00:44 +02:00
James Lee 592851e155 Add requires for active_support deps in use
Hash for #assert_valid_keys, Module for #parent.
2012-10-09 02:05:08 -05:00
James Lee b3e27b16d5 Derp, include is a class method 2012-10-09 01:52:19 -05:00
sinn3r a12aed7ffc Don't really need these keywords 2012-10-09 00:49:05 -05:00
sinn3r b657fd31cc Merge branch 'php_include' of https://github.com/ethicalhack3r/metasploit-framework into ethicalhack3r-php_include 2012-10-09 00:45:46 -05:00
James Lee 227418bd11 Make AR a soft dependency again
Ensures that the absence of activerecord does not prevent msfconsole
from loading. This returns us to the previous state of affairs where it
is possible to use the framework entirely without a database.

To test:
  1. rm -rf lib/gemcache/ruby/1.9.1/gems/activerecord*
  2. remove any locally installed versions of activerecord
  3. msfconsole

msfconsole should load up with a warning like so:

[-] ***
[-] * WARNING: No database support: LoadError cannot load such file -- active_record
[-] ***

... and should still be functional.
2012-10-08 23:07:04 -05:00
sinn3r c094508119 Support Python payload
Pretty sure if the app is run on Unix/Apache, or supports perl and
ruby, chances are python works too.
2012-10-08 22:17:11 -05:00
James Lee 3888c5212f Change file header comment to new format 2012-10-08 21:30:42 -05:00
James Lee 03e2cda9e1 Make sample modules conform to modern mod format
Wow, these are old.
2012-10-08 21:23:38 -05:00
Tod Beardsley 562612f96c Merge branch 'hmoore-r7-module-loader' 2012-10-08 17:52:26 -05:00
HD Moore 8f07a18d74 Fix comment indentation 2012-10-08 17:29:36 -05:00
HD Moore eb0f0fee0c Correct an extra parenthesis 2012-10-08 17:20:25 -05:00
HD Moore 8cdb76d269 Switch to normal String API vs ActiveSupport method 2012-10-08 17:18:40 -05:00
jvazquez-r7 b356b403b0 Merge branch 'phptax' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-phptax 2012-10-09 00:10:31 +02:00
HD Moore 2dce6e6347 FIXRM #7292 by using hex class names 2012-10-08 17:03:41 -05:00
Luke Imhoff 93469604a7 Fix missed rename when adding fastlib under directory
I missed a spot where I referenced the nested_paths as nested_pathnams
after I renamed the variable.  Now, Msf::ModuleManager#add_module_paths
has rspec tests.

Rspec can be invoked with `rake` as the default task or `rake spec`
explicitly.

I changed RuntimeError to ArgumentError since that error  was more
specific to having a bad argument error.  I adding missing dependencies
to the Gemfile and a require to msf/core/db_manager.rb where it errored
out trying to access Msf::Config when I just did require 'msf/core' in
the spec.
2012-10-08 16:14:37 -05:00
HD Moore 6bb1b83de3 Align the comments with the space indents for now 2012-10-08 16:09:12 -05:00