If MSF can not match the visible IP address of a Meterpreter session
to an interface--it will attempt to find an IP address associated
with a default route and use it as the session's address.
This commit fixes the logic associated with this process. The old
logic only considers one IP address per Interface, even though an
Interface may have multiple addresses/masks associated with it.
This flaw led to situations where MSF would favor an IPv6 link-local
address over the IPv4 address associated with the default route,
solely because the IPv4 address was not the first value in the
addresses array.
[FixRM #7259]
Also, fixed logging.rb link to Msf::Session
Added --no-private to .yardopts. This will hide anything marked with
@private from the generated documentation.
Previous additions in the msf/base directory and not msf/core.
This makes x86 more consistent with x64.
Also replaces a bunch of instances of:
File.join(Msf::Config.install_root, 'data', ...)
with the simpler
File.join(Msf::Config.data_directory, ...)
[See rapid7/meterpreter#19]
so we shouldn't have to load all of them to run this utility. The
overall goal of this PR is to narrow down what modules
(exploit/aux + payload + encoder + nop) you possibly need in order
to shave off loading time. By doing this, on my box this is 5-6
seconds faster than the original one.
I actually tried to avoid making too many changes in the library
(such as Module Manager), because we don't have test cases for them,
and we can't really afford to risk breaking it. I also developed
a test script to actually be able to test msfcli.
Aside from codebase-wide changes, nearly all of these tests haven't been
touched since before 2010, and there is no effort to maintain this style
of testing. We've moved on to (correctly) seperating out our tests from
our codebase.
[#46491831]
Comments at the start of the file with ## caused YARD to think the
comment was documenting the require call. By removing the ##, the
warning disappeared. I did not determine what is special about ## in
file comments.
When we know the module we're creating is definitely a payload, don't
bother looking in the other module sets.
Also removes an exception message that gets ignored anyway because the
exception class has a hard-coded #to_s
[#36737359]
Refactor the behavior of loading symbolic modules from cache by renaming
methods so it's clearer what they do and ensure that cached modules from
Fastlibs and directories can both be loaded, which was not previously
possible since the demand_load_module only called load_module_from_file.
Tod Beardsley
David Maloney
Meatballs
sinn3r
William Vu
James Lee
Raphael Mudge
Timothy Swartz
corelanc0d3r
Tab Assassin
Spencer McIntyre
Brandon Perry
Luke Imhoff
Joshua J. Drake
HD Moore