876c59b192
Make use of the new ActiveRecord 3.x concurrency contract
...
All Database usage must go through framework.db (which should have been
the case before, anyways) or explicitly checkout and checkin a
connection. Failure to do so causes thread starvation and bizarre
random failures when attempting to use the database.
This commit also explicitly releases database connections at the end of
all threads created via framework.threads.spawn, which should alleviate
Deprecation Warning messages from ActiveRecord.
[Fixes #6613 ]
2012-04-19 14:21:21 -06:00
8d1d63dda8
Correct OSVDB reference, thanks modpr0be
2012-04-19 12:04:11 -05:00
45997b8dd4
Fix typos
2012-04-19 10:54:05 -05:00
37f4e7b3b9
Fix bug #6714 , thanks Scott
2012-04-19 10:22:31 -05:00
8edf3fc8bd
Service info shouldn't be blanked if it exists.
...
Check service.info at the end of reporting a service instead of the
beginning. This will preserve an existing service info in the event
we're re-reporting a service.
[See #6701 ]
2012-04-19 09:47:41 -05:00
ce3d98bc88
vcms_login.rb description
2012-04-19 07:44:28 -05:00
5fde6b759f
Add VCMS brute-force module
2012-04-19 02:25:03 -05:00
81b6e76619
Correct CVE/OSVDB/BID references, thanks Chad.
2012-04-19 00:24:56 -05:00
946ab1514e
Correct module naming style
2012-04-18 20:45:25 -05:00
1065111817
Correct TARGETURI description
2012-04-18 18:57:37 -05:00
7071c30b4b
These modules don't really print anything out with print_status(), which makes it weird to look now that we've implemented egypt's output style changes
2012-04-18 16:07:41 -05:00
0e45b6c06c
Avoid printing ip:port twice
2012-04-18 16:01:10 -05:00
1f577b24b2
Merge branch 'rapid7' into http-print-standardization
2012-04-18 08:51:42 -06:00
f3ebe284ca
Minor cosmetic changes
2012-04-18 02:38:25 -05:00
15539c633b
Merge branch 'chap0-gsm' of https://github.com/chap0/metasploit-framework into chap0-chap0-gsm
2012-04-18 02:32:42 -05:00
e52f40daf1
Cosmetic changes
2012-04-18 02:25:43 -05:00
01beddc609
Merge branch 'cyberlink' of https://github.com/mrmee/metasploit-framework into mrmee-cyberlink
...
Conflicts:
modules/exploits/windows/fileformat/cyberlink_p2g_bof.rb
2012-04-18 02:03:59 -05:00
862869e4f2
Strip ms03_020_ie_objecttype from Browser AutoPwn because:
...
1. We have newer browser modules that can replace it, and already do.
2. It uses an egghunter that we don't favor in BAP
3. It uses system addresses, which we no longer favor.
2012-04-17 22:26:14 -05:00
120f2e5795
Merge pull request #341 from jlee-r7/bap-refactor
...
Fix an issue where ie_createobject and others weren't getting tried
2012-04-17 20:14:20 -07:00
a2dc890cfa
Don't puke if the connection came from localhost
2012-04-17 19:49:42 -06:00
f9b2fe89b2
Merge branch 'rapid7' into http-print-standardization
...
Conflicts:
modules/exploits/windows/browser/apple_quicktime_marshaled_punk.rb
modules/exploits/windows/browser/apple_quicktime_rtsp.rb
modules/exploits/windows/browser/apple_quicktime_smil_debug.rb
2012-04-17 19:15:06 -06:00
afe28523f3
Puts testAXO() on window so we can access it from anywhere
...
Also uses the new :method property which allows an array syntax. See
ie_createobject for a usage example.
2012-04-17 18:54:26 -06:00
f9a48ace48
Switch to using :method, see previous commit
2012-04-17 18:48:14 -06:00
741de34d92
Add a :method property for autopwn_info
...
Replaces the previous overloading of :vuln_test
2012-04-17 18:32:11 -06:00
eedf4520be
Merge branch 'rapid7' into bap-refactor
2012-04-17 16:20:11 -06:00
c83f2460c5
Use framework's db wrapper instead of Mdm directly
2012-04-17 16:12:25 -06:00
0fccc67774
Add MS12-004 to BAP
2012-04-17 16:40:32 -05:00
02c3b7df7a
'cli' should be 'client'
2012-04-17 07:13:17 -05:00
1a0c8e5d42
'cli' should be 'client'
2012-04-17 07:12:08 -05:00
dd7caa5186
'cli' should be 'client'
2012-04-17 07:10:32 -05:00
2aba65f82d
Fixes importing metasploit.xml exports with tags.
...
New Rails3 magic now actually exercised.
2012-04-17 01:06:40 -05:00
c3a86eef66
Declare warn_about_rubies as a class method
...
Since that's how it's being called. Also, define it before calling it.
2012-04-16 23:25:04 -06:00
3116f66d4d
MDM update
...
[Fixes #6649 ]
2012-04-16 23:22:57 -06:00
db02a8f582
fix a compatability issue with latest msf changes.
2012-04-17 01:04:12 -04:00
cdd130d7ad
Fix an overzealous refactoring change
...
::Mdm::Export doesn't exist, Export is a utility class under
::Msf::DBManager.
[Fixes #6647 ]
2012-04-16 21:53:05 -06:00
12102b9adc
Close any open connections if the thread happens to have one when it finishes.
...
Partial bandaid for new AR pool mgmt methods
2012-04-16 21:50:26 -05:00
362e80dc41
Warn about incompatible Rubies.
...
Also encourage users to use RVM to upgrade, because RVM is the
awesomest.
2012-04-16 21:13:31 -05:00
27ed06f8e0
Use an exponential function for session grabbing
...
Ensures that the retries have a backoff time, not just 10 half second
pauses. Makes for a more forgiving environment for post modules.
[See #6638 ]
2012-04-16 20:56:55 -05:00
bea5d04871
Whitespace and rdoc cleanup
2012-04-16 19:34:21 -06:00
e0dcf85a0e
Cleanup overall, fix issue with ambiguous id column in order clause
2012-04-16 17:41:39 -05:00
5366e58e72
Merge pull request #336 from rsmudge/armitage
...
Armitage 04.16.12 - a few small improvements.
2012-04-16 13:31:02 -07:00
a8eada6016
This module should be able to support more payloads
2012-04-16 14:43:36 -05:00
edadc19757
This module should be able to support more payloads than it should be
2012-04-16 14:41:11 -05:00
a957a68d65
Rebuild meterpreter.jar after changes from #303
...
Basically just to make sure I didn't hose it in my confusion with git's
conflict resolution.
2012-04-16 13:16:38 -06:00
15913dd92c
Squashed commit of the following:
...
commit 97755336f2227a7db668b61e548d2956dddaccb8
Author: Michael Schierl <schierlm@gmx.de>
Date: Thu Apr 5 22:33:40 2012 +0200
make sure PayloadTrustManager gets dropped when using Spawn > 0
commit 0d096043e23af5d46a20b7f2c30c5d926ff66f8d
Author: Michael Schierl <schierlm@gmx.de>
Date: Wed Apr 4 22:15:23 2012 +0200
Fix connection hangs when using java/meterpreter/reverse_https with recent Java versions
Reason is that Java thinks the SSL certificate presented by Metasploit is untrusted;
therefore add a hack similar to the one in the metasploit.Payload class to trust all
certificates here.
[Closes #303 ]
2012-04-16 13:15:33 -06:00
b1dbb50953
Squashed commit of the following:
...
commit 2b24a5e93da0b0dd61c29b6124794fa11c5b3d92
Author: scriptjunkie <scriptjunkie@scriptjunkie.us>
Date: Sun Apr 15 22:01:23 2012 -0500
Document HTTPS options for Proxy
commit 24a8635b96d723465eb2bf212c83d31325990c28
Author: scriptjunkie <scriptjunkie@scriptjunkie.us>
Date: Sun Apr 15 21:52:47 2012 -0500
Document HTTPS options
[Closes #337 ]
2012-04-16 12:57:03 -06:00
1e2203867c
Repair 'no encoders encoded the buffer successfully' issues
2012-04-16 13:43:25 -05:00
eedd7be453
Squashed commit of the following:
...
commit 9afece529a33739a088c9c4d10b76dd52f23b99e
Author: Michael Schierl <schierlm@gmx.de>
Date: Thu Apr 12 17:58:12 2012 +0200
fix cat ... command by making stdapi_fs_stat return a sensible result
[Closes #330 ]
2012-04-16 12:24:54 -06:00
4181fd9709
Add support for EXE::Custom in EncodedPayload#encoded_exe
...
Fixes an issue with java_signed_applet (and probably others) not
honoring EXE::Custom settings.
2012-04-16 12:09:25 -06:00
3e0747f5d2
Randomize guid and payload filename
2012-04-16 12:09:25 -06:00
James Lee
sinn3r
Tod Beardsley
sinn3r
Raphael Mudge
HD Moore
Tod Beardsley
Michael Schierl