infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
30,257 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

9396 Commits (e0a7f531cc3e9beff767907cd37535e5c136aa1f)

Author SHA1 Message Date
Jon Hart d8743ea32b
Land #4539, @Meatballs1's creds cmd now supports type filters, -R for search 2015-01-08 18:48:27 -08:00
Jon Hart 7c4b86ca4c
If an unsupported cred type is given to -t, show what is valid 2015-01-08 18:42:25 -08:00
Jon Hart e4cdac1440
Land #4559, @FireFart's fix for wordpress version detection (from wpscan) 2015-01-08 15:19:29 -08:00
Brent Cook fb5170e8b3
Land #2766, Meatballs1's refactoring of ExtAPI services 
- Many code duplications are eliminated from modules in favor of shared
   implementations in the framework.
 - Paths are properly quoted in shell operations and duplicate operations are
   squashed.
 - Various subtle bugs in error handling are fixed.
 - Error handling is simpler.
 - Windows services API is revised and modules are updated to use it.
 - various API docs added
 - railgun API constants are organized and readable now.
 2015-01-08 16:54:01 -06:00
Jon Hart ed74271c26
Land #4548, @dmaloney-r7's fix to allow loginscanners to work w/o a DB 2015-01-08 14:50:08 -08:00
Christian Mehlmauer 14b1d8dc5f
no space required 2015-01-08 23:43:06 +01:00
Jon Hart 98cee8249d
Move non-active DB messages to warning and clarify/simplify 2015-01-08 14:40:47 -08:00
Christian Mehlmauer f7eb9a6cf8
update wordpress version detection regex 2015-01-08 23:36:59 +01:00
sinn3r 50ecfbf64c
Land #4553 - Update bypass UAC to work on 7, 8, 8.1, and 2012 2015-01-08 16:19:55 -06:00
Brent Cook 05279ef02a consistently use double-quoted paths 
allow for variable expansion if needed
 2015-01-08 16:10:28 -06:00
Christian Mehlmauer a5b56c7d09
fix error 2015-01-08 19:48:29 +01:00
David Maloney fd7e65d459
derp just check db active 
the other way of doing this was stupid, jsut check if
the db is active
 2015-01-08 11:58:56 -06:00
Meatballs 8f720ef766
Use get_env in runas 2015-01-08 11:07:40 +00:00
OJ 844460dd87
Update bypass UAC to work on 8.1 and 2012 
This commit contains a bunch of work that comes from Meatballs1 and
Lesage, and updates the bypassuac_inject module so that it works on
Windows 8.x and Windows 2012. Almost zero of the code in this module
can be attributed to me. Most of it comes from Ben's work.

I did do some code tidying, adjustment of style, etc. but other than
that it's all down to other people.
 2015-01-08 15:39:19 +10:00
Samuel Huckins f0261a418c
Lands #4535, report_auth_info shoring up 2015-01-07 16:32:14 -06:00
David Maloney 001b6d913e
allows loginscanners to work without db 
created stub methods around the credential
creation methods modules would use from
Metasploit::Credential, they try to call the real ones
but rescue a NoMethodError that arises if framework is setup
without the db. it just prints a message to the console
telling the user the cred data will not be saved

MSP-10969
 2015-01-07 16:09:04 -06:00
Meatballs e6f53ebcbc
Remove duplicate rhosts 2015-01-07 22:04:01 +00:00
Meatballs dccd21a559
Resolve #3870, reinstance creds -R 2015-01-07 22:01:45 +00:00
James Lee da2e088118
Land #4536, Ruby 2.2 compat fixes 
Note that ActiveRecord 3.2.21 still has a similar warning that will
probably cause bugs, preventing full support for 2.2 until that's fixed.
 2015-01-07 15:33:23 -06:00
Meatballs e3e9a64064
Land #4543, Update john.conf with korelogic rules 2015-01-07 21:30:44 +00:00
Meatballs bdbb26ba31
Land #4540, resolves #4532, honour DB_ALL_* options 2015-01-07 21:12:23 +00:00
Meatballs 0b0ac1455a
Merge remote-tracking branch 'upstream/master' into extapi_service_post 
Conflicts:
	test/modules/post/test/services.rb
 2015-01-07 20:53:34 +00:00
David Maloney 4ad7021336
give user option to turn on KoreLogic rules 
the cracker modules in framework now have a datastore option
to allow the user to select the KoreLogicRules
 2015-01-07 12:32:26 -06:00
David Maloney 5d68d48ca5
Land #4385, fixes bruteforce_speed validator 
bruteforce_speed validator now accepts nil
 2015-01-07 12:09:25 -06:00
David Maloney 702511dbc5
respect DB_ALL_USERS & DB_ALL_PASS 
fix last few things in authbrute
and make the CredentialCollections understand the
additional seperate components

MSP-11986
 2015-01-07 11:41:41 -06:00
David Maloney 7ff2ba0725
first pass on fixing DB_ALL authbrute stuff 
DB_ALL_CREDS worked but DB_ALL_USER and DB_ALL_PASS
did not. working on fixing that.
This commit also does some nice DRY work in the auth_brute mixin

MSP-11986
 2015-01-07 11:30:39 -06:00
Meatballs aef8c702d7
Filter creds by type 2015-01-07 17:19:31 +00:00
dmooray 478505c17a ruby 2.2 compatibility 
https://bugs.ruby-lang.org/issues/10314
 2015-01-07 11:41:34 +02:00
sinn3r 609c490b3c I missed nobfu 2015-01-06 12:49:39 -06:00
sinn3r 2ed05869b8 Make Msf::Exploit::PDF follow the Ruby method naming convention 
Just changing method names.

It will actually also fix #4520
 2015-01-06 12:42:06 -06:00
William Vu 0bece137c1
Land #4494, Object.class.to_s fix 2015-01-06 02:27:35 -06:00
Meatballs dd5c638ab0
Merge remote-tracking branch 'upstream/master' into extapi_service_post 2015-01-05 22:18:44 +00:00
David Maloney fc91244252
insert deprecation error message 
report_auth_info will now issue an error message
stating that the method is deprecated along with the module name
that called it

MSP-11919
 2015-01-05 14:02:16 -06:00
David Maloney db8f260557
add some YARD docs to report_auth_info 
add yard docs for the modified report_auth_info

MSP-11919
 2015-01-05 13:58:25 -06:00
David Maloney 71d600e829
make report_auth_info create new creds and logins 
report_auth_info coerces old data into the new credential
types as best as it is able

MSP-11919
 2015-01-05 13:41:30 -06:00
OJ 17ff546b0f Remove unnecessary calls to expand path 
When using the Meterpreter Binaries gem to locate the path to the
meterpreter DLLs, it's not necessary to use File.expand_path on
the result because the gem's code does this already.

This commit simple removes those unnecessary calls.
 2015-01-03 08:30:26 +10:00
sinn3r d45cdd61aa Resolve #4507 - respond_to? + send = evil 
Since Ruby 2.1, the respond_to? method is more strict because it does
not check protected methods. So when you use send(), clearly you're
ignoring this type of access control. The patch is meant to preserve
this behavior to avoid potential breakage.

Resolve #4507
 2015-01-02 13:29:17 -06:00
Christian Mehlmauer 056046f38b
update wordpress readme regex 2015-01-01 23:13:20 +01:00
Spencer McIntyre 6d966dbbcf
Land #4203, @jvazquez-r7's cleanup for java_rmi_server 2014-12-31 11:25:19 -05:00
Brent Cook 92bdf42496
Land #3594, jvazquez-r7's linux meterpreter migration support 2014-12-31 09:20:44 -06:00
Christian Mehlmauer 4f11dc009a
fixes #4490, class.to_s should not be used for checks 2014-12-31 10:46:24 +01:00
jvazquez-r7 722f86f361 Try to guess TMPDIR folder 2014-12-30 18:39:29 -06:00
jvazquez-r7 7596d211e9 Use length for comparision 2014-12-30 18:39:18 -06:00
jvazquez-r7 e903044fd5 Allow to provide writable dir 2014-12-30 18:36:30 -06:00
jvazquez-r7 f17a7e8a61 Better handling of the unix domain socket argument 2014-12-30 18:36:28 -06:00
jvazquez-r7 4df4e8b9d6 Add support for linux meterpreter migration 2014-12-30 18:34:24 -06:00
jvazquez-r7 56df2d0062 Add support for linux meterpreter migrate types 2014-12-30 18:30:15 -06:00
sinn3r 553030b22d
Land #4473 - Log backtraces by default 2014-12-30 18:13:33 -06:00
Tod Beardsley 135faeee29
Land #4095, specs for Rex::OLE 2014-12-30 14:25:09 -06:00
Christian Mehlmauer 6444d8ba64
use kind_of? for checking exceptions 2014-12-30 21:16:57 +01:00