infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,507 Commits
7 Branches
556 Tags
419 MiB
Commit Graph

12507 Commits (dc6f76eb207fff134fd3778bbf5a9459e0c578a7)

Author SHA1 Message Date
HD Moore be6a64b3f7 Force option validation in exploit_simple for e & p 2012-03-12 22:57:23 -05:00
Jonathan Cran b5fea8cd35 Merge branch 'release/2012030701' 2012-03-12 17:25:46 -05:00
Jonathan Cran 1ff6f6756c updated to master 2012-03-12 17:25:16 -05:00
Jonathan Cran 1cf25e58d5 merge description change 2012-03-12 17:22:01 -05:00
HD Moore 7b32bc689f Swap URIPATH to TARGETURI for consistency 2012-03-12 13:58:33 -05:00
James Lee 5dc03c6ac0 Fix up Linux after changes for Windows 2012-03-11 22:08:44 -06:00
James Lee 602408743c Grab IPv6 addresses on Windows when possible 
Tries to GetProcAddress of GetAdaptersAddresses and falls back to the
old GetIpAddrTable() function when it isn't available. This should work
on XPSP1 and newer, albeit without netmasks on versions before Vista.
Still trying to figure that one out.
 2012-03-11 21:56:11 -06:00
sinn3r 7d95132eab Use a cleaner way to calculate JRE ROP's NEG value 2012-03-11 17:27:47 -05:00
sinn3r 6c19466de8 Change output style 2012-03-11 13:59:18 -05:00
sinn3r 25a1552fbd Dynamic VirtualProtect dwSize. Change output style. 2012-03-11 13:49:46 -05:00
Tod Beardsley de888e50f0 Adding a cleaner RuntimeError to target_uri 
The purpose of re-raising an error from a library method like this is to
tell the user in no uncertain terms what all actually went wrong with the
module. This fix will cause a somewhat more pleasant error message than
the default message. Here's the raise from URI:

```
[-] Auxiliary failed: URI::InvalidURIError bad URI(is not URI?): what%ever
[-] Call stack:
[-]   /home/todb/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/uri/common.rb:156:in `split'
[-]   /home/todb/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/uri/common.rb:174:in `parse'
[-]   /home/todb/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/uri/common.rb:626:in `parse'
[-]   /home/todb/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/uri/common.rb:724:in `URI'
[-]   /home/todb/git/rapid7/metasploit-framework/lib/msf/core/exploit/http/client.rb:535:in `target_uri'
[-]   /home/todb/.msf4/modules/auxiliary/test_uri.rb:20:in `run'
[*] Auxiliary module execution completed
```

And here's the new, Metasploit-specific one:

```
[-] Invalid URI: "what%ever"
[-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: URIPATH.
[*] Auxiliary module execution completed
```

The user can now tell easily what's wrong with the module configuration,
and doesn't have to parse through a stack trace that leads down into
the Ruby stdlib.
 2012-03-10 10:58:16 -06:00
sinn3r b0e7c048c9 This module fits the GoodRanking description 2012-03-10 00:50:41 -06:00
sinn3r 710c66dbb0 Merge branch 'venom_opts' of https://github.com/kernelsmith/metasploit-framework into kernelsmith-venom_opts 2012-03-10 00:48:24 -06:00
sinn3r 1d5bad469c Add Windows 7 SP1 target 2012-03-10 00:11:25 -06:00
Joshua Smith 645f9b4f53 added -o,--options to list the options for a payload 2012-03-09 20:39:14 -05:00
sinn3r cc87ed8428 Remove weird error handling unless someone explains to me why I need to raise errors when it does already 2012-03-09 18:42:06 -06:00
sinn3r 0530eb4b09 Add target_uri 2012-03-09 14:44:32 -06:00
sinn3r 1ae779157d Disable Nops so we don't get an ugly crash after getting a shell 2012-03-08 18:56:58 -06:00
Tod Beardsley 8ab783d3d9 Replicating master's fixes to flash. 
The Max Power way.
 2012-03-08 17:00:58 -06:00
Tod Beardsley 1e4d4a5ba0 Removing EncoderType from flash module 
Also not very useful
 2012-03-08 16:57:41 -06:00
Tod Beardsley 302a42a495 Fixing up print statements 
Dropping the ROP prints since they're not all that useful.
 2012-03-08 16:56:44 -06:00
Tod Beardsley 1396fc19bd Fixup bad merge on flash mp4 2012-03-08 16:52:53 -06:00
Tod Beardsley 19aaed05c9 Title change on .mp4 to MP4 
and that's all.
 2012-03-08 16:51:43 -06:00
sinn3r cb04e47304 Attempt #2: there's no cli in get_payload 2012-03-08 16:47:49 -06:00
sinn3r 3563fe1b36 The encoder "issue" was just a misconfig on my side. Also there's no cli in get_payload. 2012-03-08 16:41:32 -06:00
sinn3r fee2e1eff9 Minor spray size change 2012-03-08 16:19:51 -06:00
HD Moore 12395c719f Remove debugging code 2012-03-08 16:16:42 -06:00
HD Moore c8c73b076d Permisssions (ignore) 2012-03-08 16:16:13 -06:00
HD Moore 87274987c1 Remove the now obsolete text about SWF_PLAYER 2012-03-08 16:16:13 -06:00
HD Moore 28a58a39c2 Propagate the job_id back to the caller (often console's active_module) 
to restore job handling
 2012-03-08 16:14:52 -06:00
sinn3r 181fdb7365 A small title change 2012-03-08 16:10:16 -06:00
HD Moore 6b00848688 Propagate the job_id back to the caller (often console's active_module) 
to restore job handling
 2012-03-08 16:01:32 -06:00
HD Moore 0c70586625 Merge branch 'mp4-player' 2012-03-08 15:47:25 -06:00
HD Moore 1271368b6f Redirect to a trailing slash to make sure relative resources load 
properly
 2012-03-08 15:37:06 -06:00
HD Moore 3e6cbe9486 Add source code to the player 2012-03-08 15:23:10 -06:00
James Lee 090674386f Tell the user when we have to switch from a deleted workspace 2012-03-08 14:08:38 -07:00
HD Moore b0db18674c Test out new player code 2012-03-08 15:05:12 -06:00
James Lee b79e79022a Add a rename option to workspace command 
[Fixes #6498]
 2012-03-08 13:44:31 -07:00
HD Moore eb847a3dfb Add a nicer prefix to the target selection message 2012-03-08 13:46:14 -06:00
David Maloney 795a40218e Addresses a race condition with checking a scanner's status before it's run method has executed. 2012-03-08 13:18:02 -06:00
David Maloney 67c7971bdf Addresses a race condition with checking a scanner's status before it's run method has executed. 2012-03-08 13:07:03 -06:00
Tod Beardsley 5b566b43b4 Catching an update from @hdmoore-r7 
wrt the nuclear option.
 2012-03-08 12:08:39 -06:00
sinn3r edb3f19c12 A little more padding for Win Vista target 2012-03-08 12:04:04 -06:00
Tod Beardsley 97ba37f0c0 Adding compiled SWF as well. 
Dammit
 2012-03-08 12:03:51 -06:00
Tod Beardsley 18962e1180 Checking in the new Flash exploit to the release 
Using the checkout master directly:

 git checkout master external/source/exploits/CVE-2012-0754/Exploit.as
 git checkout master
modules/exploits/windows/browser/adobe_flash_mp4_cprt.rb
 2012-03-08 11:55:01 -06:00
Jonathan Cran 046857f3ab Merge branch 'release/2012030701' of r7.github.com:rapid7/metasploit-framework into release/2012030701 2012-03-08 10:23:46 -06:00
HD Moore 188f5c111c Simplify the module instance (required to call certain methods) 2012-03-08 10:22:32 -06:00
HD Moore f0685e4a1f Overwrite the local datastore with the normalized option, even if it 
came from a global datastore due to a fall-through
 2012-03-08 10:22:18 -06:00
HD Moore 36240b6fe4 Revert the previous global fix in favor of a different method. 
Fixes #6501
 2012-03-08 10:22:07 -06:00
HD Moore a6053b1ec3 Always clone modules before running them via the simplified wrappers. 
This prevents changes to the datastore or instance variables from
being carried over into a second run
 2012-03-08 10:21:00 -06:00