metasploit-framework

Commit Graph

Author	SHA1	Message	Date
Trevor Rosen	bebf11c969	Resolves some Login::Status migration issues MSP-10730	2014-07-16 21:52:08 -05:00
David Maloney	8e35f5fa12	username and password flipped we reported the username as the password and vice versa	2014-06-09 13:45:12 -05:00
David Maloney	da09a2725b	we need the service data in the login! ooopsie #2	2014-06-06 10:51:12 -05:00
David Maloney	a84980fa9d	login creation was missing!	2014-06-05 13:56:08 -05:00
David Maloney	62866374b8	refactor tomcat_mgr_deploy	2014-06-04 16:22:22 -05:00
sinn3r	689999c8b8	Saving progress Progress group 3: Making sure these checks comply with the new guidelines. Please read: "How to write a check() method" found in the wiki.	2014-01-21 13:03:36 -06:00
William Vu	2aed8a3aea	Update modules to use new ZDI reference	2013-10-21 15:13:46 -05:00
Tod Beardsley	23d058067a	Redo the boilerplate / splat [SeeRM #8496]	2013-10-15 13:51:57 -05:00
Tod Beardsley	c547e84fa7	Prefer Ruby style for single word collections According to the Ruby style guide, %w{} collections for arrays of single words are preferred. They're easier to type, and if you want a quick grep, they're easier to search. This change converts all Payloads to this format if there is more than one payload to choose from. It also alphabetizes the payloads, so the order can be more predictable, and for long sets, easier to scan with eyeballs. See: https://github.com/bbatsov/ruby-style-guide#collections	2013-09-24 12:33:31 -05:00
Tab Assassin	41e4375e43	Retab modules	2013-08-30 16:28:54 -05:00
HD Moore	6c1ba9c9c9	Switch to Failure vs Exploit::Failure	2013-08-15 14:14:46 -05:00
Ruslaideemin	71bc06d576	Fix undefined variable in tomcat_mgr_deploy.rb Exploit failed (multi/http/tomcat_mgr_deploy): NameError undefined local variable or method `path' for #<Msf...> [06/04/2013 10:14:03] [d(3)] core: Call stack: modules/exploits/multi/http/tomcat_mgr_deploy.rb:253:in `exploit' lib/msf/core/exploit_driver.rb:205:in `job_run_proc' lib/msf/core/exploit_driver.rb:166:in `run' lib/msf/base/simple/exploit.rb:136:in `exploit_simple' lib/msf/base/simple/exploit.rb:161:in `exploit_simple' lib/msf/ui/console/command_dispatcher/exploit.rb:111:in `cmd_exploit' lib/rex/ui/text/dispatcher_shell.rb:427:in `run_command' lib/rex/ui/text/dispatcher_shell.rb:389:in `block in run_single' lib/rex/ui/text/dispatcher_shell.rb:383:in `each' lib/rex/ui/text/dispatcher_shell.rb:383:in `run_single' lib/rex/ui/text/shell.rb:200:in `run' lib/msf/ui/web/console.rb:71:in `block in initialize' lib/msf/core/thread_manager.rb💯in `call' lib/msf/core/thread_manager.rb💯in `block in spawn' Uses path instead of path_tmp in error messages.	2013-06-04 11:19:28 +10:00
David Maloney	0ae489b37b	last of revert-merge snaffu	2013-02-19 23:16:46 -06:00
Tod Beardsley	8ddc19e842	Unmerge #1476 and #1444 In that order. #1476 was an attempt to salvage the functionality, but sinn3r found some more bugs. So, undoing that, and undoing #1444 as well. First, do no harm. It's obvious we cannot be making sweeping changes in libraries like this without a minimum of testing available. #1478 starts to address that, by the way. FixRM #7752	2013-02-11 20:49:55 -06:00
David Maloney	4c1e630bf3	BasicAuth datastore cleanup cleanup all the old BasicAuth datastore options	2013-02-04 13:02:26 -06:00
sinn3r	c174e6a208	Correctly use normalize_uri() normalize_uri() should be used when you're joining URIs. Because if you're merging URIs after it's normalized, you could get double slashes again.	2013-01-30 23:23:41 -06:00
Tod Beardsley	33751c7ce4	Merges and resolves CJR's normalize_uri fixes Merge remote-tracking branch 'ChrisJohnRiley/set_normalize_uri_on_modules' into set_normalize_uri_on_modules Note that this trips all kinds of msftidy warnings, but that's for another day. Conflicts: modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb modules/exploits/windows/http/xampp_webdav_upload_php.rb	2013-01-07 11:16:58 -06:00
Christian Mehlmauer	8f2dd8e2ce	msftidy: Remove $Revision$	2013-01-04 00:48:10 +01:00
Christian Mehlmauer	25aaf7a676	msftidy: Remove $Id$	2013-01-04 00:41:44 +01:00
Chris John Riley	f88ec5cbc8	Add normalize_uri to modules that may have been missed by PULL 1045. Please ensure PULL 1045 is in place prior to looking at this (as it implements normalize_uri) ref --> https://github.com/rapid7/metasploit-framework/pull/1045	2012-11-08 17:42:48 +01:00
sinn3r	f1423bf0b4	If a message is clearly a warning, then use print_warning	2012-10-24 00:44:53 -05:00
HD Moore	fb7f6b49f0	This mega-diff adds better error classification to existing modules	2012-06-19 12:59:15 -05:00
andurin	4e955e5870	replace spaces with tabs	2012-04-06 10:45:10 -05:00
andurin	67e6c7b850	tomcat_mgr_deploy may report successful creds Using following code for 'check' as 'exploit': report_auth_info( :host => rhost, :port => rport, :sname => (ssl ? "https" : "http"), :user => datastore['BasicAuthUser'], :pass => datastore['BasicAuthPass'], :proof => "WEBAPP=\"Tomcat Manager App\", VHOST=#{vhost}, PATH=#{datastore['PATH']}", :active => true ) Resulting in: Credentials =========== host port user pass type active? ---- ---- ---- ---- ---- ------- 192.168.x.xxx 8080 tomcat s3cret password true	2012-04-06 10:45:10 -05:00
Tod Beardsley	14e3cd75dc	Revert "tomcat_mgr_deploy may report successful creds" This reverts commit `937f8f035a`.	2012-04-05 16:17:06 -05:00
andurin	937f8f035a	tomcat_mgr_deploy may report successful creds	2012-04-05 11:09:56 +02:00
sinn3r	aeb691bbee	Massive whitespace cleanup	2012-03-18 00:07:27 -05:00
James Lee	8d93e3ad44	Actually use the password we were given...	2012-03-08 10:17:39 -07:00
James Lee	02ea38516f	Add a check method for tomcat_mgr_deploy	2012-03-06 23:22:44 -07:00
HD Moore	ceb4888772	Fix up the boilerplate comment to use a better url	2012-02-20 19:40:50 -06:00
Tod Beardsley	829040d527	A bunch of msftidy fixes, no functional changes.	2012-02-10 19:44:03 -06:00
Joshua J. Drake	ac7edc268a	Add some more clear documentation for selecting payloads for this module.	2011-12-05 00:35:11 -06:00
Will Vandevanter	a0d8a08851	java meterpreter should be used when the target is set to automatic git-svn-id: file:///home/svn/framework3/trunk@14068 4d416f70-5f16-0410-b530-b9f4589650da	2011-10-25 20:02:09 +00:00
James Lee	c412a836ed	add VERBOSE option to all modules and vprint_* methods to use it git-svn-id: file:///home/svn/framework3/trunk@13183 4d416f70-5f16-0410-b530-b9f4589650da	2011-07-15 15:33:35 +00:00
David Rude	a8b6c43636	reverting the disclosure dates for now need to clean up the patch git-svn-id: file:///home/svn/framework3/trunk@12540 4d416f70-5f16-0410-b530-b9f4589650da	2011-05-04 20:43:19 +00:00
David Rude	3b7ea08f6a	Fixes a ton of Disclosure Date discrepencies in various modules, thanks a ton to Michael Baker for spending the time to ensure accuracy git-svn-id: file:///home/svn/framework3/trunk@12539 4d416f70-5f16-0410-b530-b9f4589650da	2011-05-04 19:17:31 +00:00
James Lee	dd6afdc74c	make these titles a little clearer git-svn-id: file:///home/svn/framework3/trunk@11330 4d416f70-5f16-0410-b530-b9f4589650da	2010-12-14 17:26:44 +00:00
Joshua Drake	26a9fe6fc7	add some missing CVE references git-svn-id: file:///home/svn/framework3/trunk@11180 4d416f70-5f16-0410-b530-b9f4589650da	2010-11-30 20:19:18 +00:00
James Lee	326dc42bca	add EncodedPayload#encoded_exe, encoded_jar, and encoded_war. simplifies exploits that need java and native payloads. see #406 and #3009 git-svn-id: file:///home/svn/framework3/trunk@10999 4d416f70-5f16-0410-b530-b9f4589650da	2010-11-11 23:01:35 +00:00
Joshua Drake	1f235a8c9b	remove 64-bit targets since we dont have an x86_64 linux exe generator git-svn-id: file:///home/svn/framework3/trunk@10833 4d416f70-5f16-0410-b530-b9f4589650da	2010-10-27 17:21:54 +00:00
Joshua Drake	be841a4810	check for failed serverinfo result git-svn-id: file:///home/svn/framework3/trunk@10788 4d416f70-5f16-0410-b530-b9f4589650da	2010-10-22 21:32:12 +00:00
James Lee	3b2c43fac4	get rid of the redundant second java target git-svn-id: file:///home/svn/framework3/trunk@10785 4d416f70-5f16-0410-b530-b9f4589650da	2010-10-22 20:07:18 +00:00
James Lee	f33d7cc670	revamp java payloads and make shells work with tomcat_mgr_deploy. tested java_trusted_chain and java_tester to verify that this doesn't break other java payload usage. see #3009 and #2973 , meterpreter doesn't work yet, so not marking resolved. git-svn-id: file:///home/svn/framework3/trunk@10781 4d416f70-5f16-0410-b530-b9f4589650da	2010-10-22 10:19:51 +00:00
Joshua Drake	c6f1fa716d	add a java target, fixes #2973 git-svn-id: file:///home/svn/framework3/trunk@10755 4d416f70-5f16-0410-b530-b9f4589650da	2010-10-19 22:36:59 +00:00
Joshua Drake	042e71c357	add ports/refs for ZDI-10-214 git-svn-id: file:///home/svn/framework3/trunk@10747 4d416f70-5f16-0410-b530-b9f4589650da	2010-10-19 14:28:52 +00:00
Joshua Drake	b49e81300a	fix auto-target exe generation git-svn-id: file:///home/svn/framework3/trunk@10688 4d416f70-5f16-0410-b530-b9f4589650da	2010-10-14 21:26:05 +00:00
Joshua Drake	bd1eeb3722	rework to_jsp_war a bit, fix uses, default msfencode -t war to x86/win32 git-svn-id: file:///home/svn/framework3/trunk@10397 4d416f70-5f16-0410-b530-b9f4589650da	2010-09-20 15:59:46 +00:00
Joshua Drake	4590844871	tons of indentation fixes, some other style tweaks git-svn-id: file:///home/svn/framework3/trunk@10394 4d416f70-5f16-0410-b530-b9f4589650da	2010-09-20 08:06:27 +00:00
Joshua Drake	16ff17c9d1	add more http fingerprints -- thx mc git-svn-id: file:///home/svn/framework3/trunk@9797 4d416f70-5f16-0410-b530-b9f4589650da	2010-07-12 23:25:31 +00:00
Joshua Drake	a3d901a6b9	various minor fixes, some added fingerprinting git-svn-id: file:///home/svn/framework3/trunk@9671 4d416f70-5f16-0410-b530-b9f4589650da	2010-07-03 06:21:31 +00:00

1 2

64 Commits (e242bf914fab3f2afe167bfa42f93a5b2eb9413b)