infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
16,948 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

3835 Commits (e41922853ed6160977a3b5dde906638c3f615d2d)

Author SHA1 Message Date
James Lee e41922853e Merge branch 'rapid7' into dmaloney-r7-feature/http/authv2 2013-02-25 14:15:22 -06:00
HD Moore 9d9d83cf8b Implement per-target arch/platform searches SeeRM #7754 2013-02-24 11:06:29 -06:00
Tod Beardsley 0977d1a9b0 help shouldn't go past 80 columns 2013-02-23 08:49:47 -06:00
James Lee fc07bf16e7 Merge branch 'rapid7' into dmaloney-r7-feature/http/authv2 2013-02-22 15:41:49 -06:00
James Lee c423ad2583 Merge branch 'master' of github.com:rapid7/metasploit-framework into rapid7 2013-02-21 15:30:43 -06:00
David Maloney ac6fdf24a2 Fix winrm mixin from revert merge 2013-02-19 22:01:43 -06:00
David Maloney b2563dd6c2 trying to clean up the mess from the revert 2013-02-19 21:25:37 -06:00
Tod Beardsley 3949c851a4 Was, indeed, missing an or pipe 2013-02-19 17:53:48 -06:00
Tod Beardsley d81f177ab6 Adding Nemski's fix 
[FixRM #7451]
 2013-02-19 17:51:51 -06:00
James Lee aea76a56de Add some docs to FtpServer 2013-02-13 14:39:19 -06:00
Tod Beardsley 8ddc19e842 Unmerge #1476 and #1444 
In that order. #1476 was an attempt to salvage the functionality, but
sinn3r found some more bugs. So, undoing that, and undoing #1444 as
well.

First, do no harm. It's obvious we cannot be making sweeping changes in
libraries like this without a minimum of testing available. #1478 starts
to address that, by the way.

FixRM #7752
 2013-02-11 20:49:55 -06:00
nemski b8b445c834 Update lib/msf/core/auxiliary/login.rb 
Fix for Bug #7451
 2013-02-09 15:32:47 +11:00
James Lee 5b3b0a8b6d Merge branch 'dmaloney-r7-http/auth_methods' into rapid7 2013-02-08 12:45:35 -06:00
James Lee 2b3c8a68ad Merge remote-tracking branch 'tasos-r7/feature/web_http_request_opts_override' into rapid7 2013-02-08 12:45:02 -06:00
James Lee d2c7dbe160 Merge remote-tracking branch 'wchen-r7/type_error_dir_scanner' into rapid7 2013-02-08 12:39:08 -06:00
sinn3r 8798567d79 Fix bug: TypeError can't convert Fixnum into String 
wmap_target_port is retrieved from datastore['RPORT'], and that's a
Fixnum. But wmap_base_url is treating that like a String, so when a
module uses that function, it's doomed.

See:
http://dev.metasploit.com/redmine/issues/7748
 2013-02-08 12:05:27 -06:00
James Lee 071df7241b Merge branch 'rapid7' into sonicwall_gms 
Conflicts:
	modules/exploits/multi/http/sonicwall_gms_upload.rb

Adds a loop around triggering the WAR payload, which was causing some
unreliability with the Java target.
 2013-02-07 21:53:49 -06:00
James Lee e535a3e93f Guard against running broken method on non-windows 
This just puts a bandaid around the issue and makes it so FileDropper
doesn't completely break java and posix meterpreter sessions.

[SeeRM #7721]
 2013-02-07 21:10:27 -06:00
James Lee 16a0ab1933 Fix comment link and some whitespace 2013-02-07 18:37:11 -06:00
James Lee 13d1045989 Works for java and native linux targets 2013-02-07 16:56:38 -06:00
Tasos Laskos b3e828359d Web::HTTP#_request: allow Rex opt level overrides 
Allow overriding options at the Rex level when performing requests
via the Auxiliary::Web::HTTP wrapper.
 2013-02-06 01:02:46 +02:00
David Maloney 877fb017b6 remove negotiate requirements 
winrm can support basic, and now these modules can too, for free
 2013-02-04 16:50:43 -06:00
David Maloney 44d4e298dc Attempting to cleanup winrm auth 2013-02-04 15:48:31 -06:00
David Maloney c71b803413 Add invisible auth to web crawler 
the anemone web crawler now properly supports our invisible auth scheme
for rex http.
 2013-02-04 14:38:08 -06:00
David Maloney 413c37e506 Add invisible auth to Web::HTTP 
add the invisible auth support to tasos' http class
 2013-02-04 13:39:40 -06:00
David Maloney 0c57026065 Remove junk added earlier 
i added junk to tasos' class when we were going to attempt this a
different way. housekeeping to clean it up
 2013-02-04 13:13:08 -06:00
David Maloney 8d013d1034 Merge branch 'master' into http/auth_methods 2013-02-04 13:11:57 -06:00
David Maloney 9497e38ef7 Fix http login scanner 
Fix the http_login scanner to use new buitin auth
 2013-02-04 12:31:19 -06:00
HD Moore 797e2604a0 Fix missing require in reverse_tcp_ssl 2013-02-03 17:41:45 -06:00
RageLtMan ffb88baf4a initial module import from SV rev_ssl branch 2013-02-03 15:06:24 -05:00
HD Moore c3801ad083 This adds an openssl CMD payload and handler 2013-02-03 04:44:25 -06:00
David Maloney 61969d575b remove mixin require, more datastore clenaup 2013-02-01 15:12:11 -06:00
David Maloney efe0947286 Start fixing datastore options 2013-02-01 15:12:11 -06:00
David Maloney ef1fc58e5e Remove mixin, start moving into Rex 
move auth awareness into rex itself
 2013-02-01 15:12:11 -06:00
David Maloney c407fa9e74 add mixjn 2013-02-01 15:12:11 -06:00
David Maloney 5814c59620 move httpauth to mixin 
HttpAuth stuff gets it's own little mixin
mix it in to Exploit::Http::Client
mix in it to Auxiliary::Web::HTTP
 2013-02-01 15:12:10 -06:00
David Maloney 8e870f3654 merge in sinn3r's changes 2013-02-01 15:12:10 -06:00
sinn3r 95cc84f5e8 Updates normalize_uri() 
This function should not remove the trailing slash, because you may
end up getting a different HTTP response.  The new function also
allows multiple URIs as argument, and will just merge & normalize
them together. [SeeRM #7733]
 2013-01-30 15:42:21 -06:00
Tod Beardsley 6002e35460 Merge pull request #1397 from wchen-r7/target_uri_fix 
normalize_uri fixes (double slashes and trailing slash)
 2013-01-29 11:26:30 -08:00
Tod Beardsley c42d4a6617 Merge for CVE-2013-0156 RoR Exploit 
Also massages the RUBY payload.
 2013-01-28 23:06:05 -06:00
James Lee 92c736a6a9 Move fork stuff out of exploit into payload mixin 
Tested xml against 3.2.10 and json against 3.0.19
 2013-01-28 21:34:39 -06:00
sinn3r 9a58b7b732 Fix normalize_uri() function 
This will make sure all the double slashes are gone.  Also, the
function description is updated to clarify its purpose.
 2013-01-28 12:10:21 -06:00
James Lee 3fc9b5d636 Doc cleanup 2013-01-28 00:01:45 -06:00
Tod Beardsley 2965fa480e Some errant spaces 2013-01-25 05:41:28 -06:00
Tasos Laskos a081389f86 Auxiliary::Web, Exploit::Remote::Web: style updates 2013-01-29 03:08:53 +02:00
Tasos Laskos 76e0305dcf Merge remote-tracking branch 'upstream/master' into web-modules 2013-01-29 01:06:26 +02:00
scriptjunkie d9e1653443 Use EXITFUNC if present to save space and be more correct. 
Jump straight to payload on process failure to save space.
 2013-01-24 17:14:25 -06:00
Tasos Laskos 9aaca2eae9 Auxiliary::Web::HTTP: updated exception handling 
[FIXRM #7724]

Updated #run and #_requestto rescue and elog all exception.
 2013-01-24 22:07:17 +02:00
Trevor Rosen 60e871b8d4 Merge pull request #1365 from todb-r7/banner-logos 
Delivers Pro #41793473
 2013-01-24 09:07:41 -08:00
Tasos Laskos 477ab65d55 Exploit::Remote::Web: added #tries method 
#tries method indicates how many times we should run a module until
we establish a session.
 2013-01-23 23:05:22 +02:00