Commit Graph

18271 Commits (e169ccab4ff7f15c4682ab8bb04b120998221c7d)

Author SHA1 Message Date
jvazquez-r7 a95de101e7 Delete extra line 2013-05-02 22:04:27 -05:00
jvazquez-r7 6210b42912 Port EDB 25141 to msf 2013-05-02 22:00:43 -05:00
jvazquez-r7 a2e1fbe7a9 Make msftidy happy 2013-05-02 19:46:26 -05:00
jvazquez-r7 f57b2de632 Land #1787, @wchen-r7's mod to ie_cbutton_uaf to use the js_mstime_malloc API 2013-05-02 19:44:19 -05:00
sinn3r fe57b9d6e2 Landing #1784 - Handles nils in params
Nils are handled by converting values into strings
2013-05-02 18:43:10 -05:00
James Lee 9e7885857c Land #1776, assembly payload blob cache fix 2013-05-02 16:58:14 -05:00
James Lee 0d9b120bac Get rid of the suffix
This makes blob cache a little cleaner

[FixRM #7898]
2013-05-02 16:55:14 -05:00
jvazquez-r7 d6568b3902 Land #1788, @todb's switch from nokogiri to rexml 2013-05-02 15:15:54 -05:00
Tod Beardsley 7579b574cb Rework parse_xml
We try to avoid using Nokogiri in modules due to the sometimes
uncomfortable dependencies it creates with particular compiled libxml
versions. Also, the previous parse_xml doesn't seem to be correctly
skipping item entries with blank names.

I will paste the test XML in the PR proper, but do check against a live
target to make sure I'm not screwing it up.
2013-05-02 14:43:30 -05:00
Tod Beardsley 902cd7ec85 Revert removal of the SAP module
This reverts commit 26da7a6ee7.
2013-05-02 14:42:35 -05:00
sinn3r eb23b5feeb Forgot to remove function ie8_smil. Don't need this anymore. 2013-05-02 14:04:15 -05:00
sinn3r 329e8228d1 Uses js_mstime_malloc to do the no-spray technique 2013-05-02 14:00:15 -05:00
Tod Beardsley 26da7a6ee7 Removing this from master due to test problems
This module was moved over to the unstable branch in commit
7106afdf7d , working up a fix now. Stay
tuned.
2013-05-02 13:43:02 -05:00
jvazquez-r7 132c09af82 Add BID reference 2013-05-02 10:21:09 -05:00
jvazquez-r7 6e68f3cf34 Clean up sap_soap_rfc_pfl_check_os_file_existence 2013-05-02 10:19:15 -05:00
jvazquez-r7 244bf71d4a Change module filename 2013-05-02 10:15:50 -05:00
jvazquez-r7 d9cdb6a138 Fix more feedback provided by @nmonkee: CMD vs COMMAND 2013-05-02 09:08:48 -05:00
jvazquez-r7 c6c7998e3b Fix feedback provided by @nmonkee 2013-05-02 09:06:51 -05:00
jvazquez-r7 4db81923bf Update description 2013-05-02 08:45:01 -05:00
jvazquez-r7 4054d91955 Land #1657, @nmonkee's RZL_READ_DIR_LOCAL SAP dir listing module 2013-05-02 08:38:50 -05:00
nmonkee 8e9789b71d Merge pull request #5 from jvazquez-r7/sap_soap_rfc_rzl_read_dir_local_dir_cleanup
Cleanup for sap_soap_rfc_rzl_read_dir_local_dir_listing_and_smb_relay
2013-05-02 02:55:23 -07:00
jvazquez-r7 5cfc306466 Land @1785, @wchen-r7's API addition for the mstime ie8 technique 2013-05-02 00:00:49 -05:00
jvazquez-r7 e25057b64a Fix indent level 2013-05-01 22:01:36 -05:00
jvazquez-r7 c406271921 Cleanup sap_soap_rfc_rzl_read_dir 2013-05-01 21:51:06 -05:00
jvazquez-r7 98dd96c57d Change module filename 2013-05-01 21:50:24 -05:00
sinn3r 69f8103ffe Make animatecolor element optional by using innerHTML 2013-05-01 14:21:52 -05:00
jvazquez-r7 6b6b53240b Fix SAP modules, mainly to make a better use of send_request_cgi 2013-05-01 14:06:53 -05:00
sinn3r 3d2cb9ec3f Uses rand_text_hex for RGB values, and correcting exception handling 2013-05-01 13:41:36 -05:00
jvazquez-r7 567d2bb14b Land #1687, @bmerinofe's forensic file recovery post module 2013-05-01 08:13:08 -05:00
Borja Merino d360d3607e Merge pull request #1 from jvazquez-r7/recoveryfiles_cleanup
Clean recovery_files
2013-05-01 01:13:16 -07:00
sinn3r 71afd762a9 According to MSFG, I can use RGB, so here goes 2013-04-30 18:48:21 -05:00
sinn3r ae94fbdf6c Updates documentation 2013-04-30 17:11:19 -05:00
sinn3r 9cc624456a Adds function js_mstime_malloc
This function takes advantage of MSTIME's CTIMEAnimationBase::put_values
function that's suitable for a no-spray technique (based on wtfuzz's
PoC for MS13-008)
2013-04-30 16:40:10 -05:00
xard4s 930c9dc835 undo free bsd error handling 2013-04-30 16:32:37 -04:00
Tasos Laskos 6bf19c6fb8 HTTP::ClientRequest: Should handle nils in params
When hashes for params contain nils, they should be converted to empty
strings instead of crashing.

* #to_s: Calls #to_s on vars_get and vars_post data
* #set_encode_uri: Calls #to_s on its arg
2013-04-30 22:01:00 +03:00
HD Moore 3a7dbd772d Merge pull request #1783 from kernelsmith/bug/RM7926-msfconsole_search_app_server_busted
fixes RM7926 msfconsole search busted
2013-04-30 11:29:21 -07:00
jvazquez-r7 a201391ee6 Clean recovery_files 2013-04-30 13:18:32 -05:00
kernelsmith cf7702f7e9 "acitve" should be "aggressive"
fixes http://dev.metasploit.com/redmine/issues/7926 which prevented a
proper search using:
msf> search exploit:type app:server
2013-04-30 13:04:19 -05:00
Meatballs 293c847a32 Fix table.print 2013-04-29 22:02:41 -05:00
James Lee 3f1693556e Merge branch 'master' of github.com:rapid7/metasploit-framework into rapid7 2013-04-29 14:46:11 -05:00
James Lee d53d6370b3 Land #1747, mimikatz meterpreter extension
[Closes #1747]

See rapid7/meterpreter#9
2013-04-29 14:45:07 -05:00
James Lee 99f5376606 Binaries for #1747
See rapid7/meterpeter#9
2013-04-29 14:44:18 -05:00
Tod Beardsley 60e0cfb17b Trivial description cleanup 2013-04-29 14:11:20 -05:00
Tod Beardsley 4227c23133 Add a reference for Safari module 2013-04-29 14:07:55 -05:00
James Lee 906863676e Fix a logic error in HttpServer
When a module is configured to listen on the INADDR_ANY interface, with
a payload that does not have an LHOST option, it attempts to determine
the srvhost from a client socket which would only be available when the
module has included the TcpClient mixin (i.e., it is both passive and
aggressive stance), causing a NameError for the undefined +sock+.

This commit fixes the problem in two ways:

1. It changes the default cli in get_uri to be the module's self.cli,
   which should always be set when passive modules would need it (e.g., in
   the on_request_uri method).

2. It adds a check to make sure that the calling module has a sock
   before trying to get its peerhost. This was @marthieubean's suggested
   solution in #1775.

[Closes #1775]
2013-04-29 13:44:58 -05:00
Tod Beardsley d857b81d98 Land #1777, usability fix for Safari module 2013-04-29 13:41:25 -05:00
Joe Vennix 431cba8f36 Update print_status labels. 2013-04-29 11:13:53 -05:00
Joe Vennix c2a1d296a2 Rename DOWNLOAD_URI -> DOWNLOAD_PATH.
Conflicts:
	modules/auxiliary/gather/apple_safari_webarchive_uxss.rb
2013-04-29 11:11:06 -05:00
Joe Vennix 55e0ec3187 Add support for DOWNLOAD_URI option.
* Fixes some comments that were no longer accurate.

Conflicts:
	modules/auxiliary/gather/apple_safari_webarchive_uxss.rb
2013-04-29 11:10:19 -05:00
Raphael Mudge 21f8e19d55 Single Payloads Cache Assembled Payload Improperly
An earlier change to the framework (prepend_migrate) forced single
payloads to use the internal_generate method of payload.rb.

internal_generate calls build which has a cache to track assembled
payloads. This method assumes that a payload only needs to be
assembled once, with optional values patched in later.

Single payloads do not work this way. Each time they are generated
new assembly source is created with the options hardcoded in.

This fix updates build to use the hashcode of the assembly code as
part of the cache key.

This fixes #7898 -- a bug that prevents a user from generating
multiple variations of a single payload without a restart.
2013-04-29 11:54:53 -04:00