infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
40,383 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

254 Commits (e9ce622db7c043de02d209cafcff5dca557d1f29)

Author SHA1 Message Date
Jin Qian cdc82891d8 Fix the issue 7593 where I get a stacktrace when running module auxiliary/scanner/http/blind_sql_query 
Add a guard against the case when opts['vars_get'] is nil
 2016-11-21 17:39:09 -06:00
Brent Cook 1d4b0de560
Land #6616, Added an Outlook EWS NTLM login module. 2016-09-09 11:43:52 -05:00
James Lee cfb56211e7
Revert "Revert "Land #7009, egypt's rubyntlm cleanup"" 
This reverts commit 1164c025a2.
 2016-07-07 15:00:41 -05:00
James Lee 1164c025a2 Revert "Land #7009, egypt's rubyntlm cleanup" 
This reverts commit d90f0779f8, reversing
changes made to e3e360cc83.
 2016-07-05 15:22:44 -05:00
James Lee 4b3f6c5d29
Use rubyntlm for mssql login scanner 2016-06-22 10:15:22 -05:00
James Lee 039e8f5899
Use rubyntlm for HTTP Negotiate auth 2016-06-22 10:15:22 -05:00
Adam Cammack fda4c62c1f
Respect SSLCipher in server mixins 
This allows us to set a sane cipher spec for SSL-enabled server modules.
 2016-05-20 16:59:36 -05:00
wchen-r7 d4b89edf9c Fix #6398, Missing Content-Length header in HTTP POST 
RFC-7230 states that a Content-Length header is normally sent in
a POST request even when the value (length) is 0, indicating an
empty payload body. Rex HTTP client failed to follow this spec,
and caused some modules to fail (such as winrm_login).

Fix #6398
 2016-04-28 11:44:10 -05:00
rwhitcroft 4b10331cf0 style fixups 2016-03-01 10:18:25 -05:00
wchen-r7 bff4b4d5fc Fix #6609 and #6587 - Change Content-Length behavior in Rex HTTP 
This patches changes two things:

1. If a module has a custom Content-Length, it will respect that
   instead of forcing its own.

2. If a request does not have anything in the body, the
   Content-Length header will not be set.

Fix #6609
Fix #6587
 2016-02-29 10:50:21 -06:00
rwhitcroft f735a904ff create owa_ews_login module, modify HttpClient to accept preferred_auth option 2016-02-28 22:01:05 -05:00
wchen-r7 d6921fa133 Add Atlassian HipChat for Jira Plugin Velocity Template Injection 
CVE-2015-5603

Also fixes a bug in response.rb (Fix #6254)
 2015-11-18 11:34:25 -06:00
wchen-r7 f6b9f38326 This method is not needed because Nokogiri does that already 2015-10-23 19:38:17 -05:00
wchen-r7 065d042ec4 Update doc a little bit 2015-10-21 16:29:27 -05:00
wchen-r7 12cdd786a6 Add more Nokogiri and RKelly support for Rex::Proto::Http::Response 
These new methods allow the module writer to being able to parse
HTML/XML/JSON responses properly without using regex first.
 2015-10-21 16:26:31 -05:00
Jon Hart 407d701fd9
Remove unnecessary version_random_case option 2015-08-20 10:05:16 -07:00
Jon Hart 2e4944b8ec
Remove unnecessary version_random_case option 2015-08-20 10:05:04 -07:00
Brent Cook 015d045730 read max_size bytes at a time 2015-08-18 15:56:57 -05:00
Brent Cook c3438955d4
Land #5169, stop reading when the HTTP socket is closed 2015-05-01 11:40:49 -05:00
rwhitcroft 70f94bbd96 break loop if socket is closed 2015-04-21 11:09:17 -04:00
wchen-r7 f280e5191b I forgot to move this require statement 2015-04-16 21:11:09 -05:00
wchen-r7 3493d25ff9 Move all this to Rex 2015-04-16 21:07:23 -05:00
rwhitcroft 602e9c8df1 Update client.rb 2015-04-16 16:06:16 -04:00
rwhitcroft 6ef86b69a7 Fix loop spinning in HttpClient 2015-04-16 10:49:47 -04:00
William Vu 5eec07d4d1 Fix duplicate hash key "jpeg" 
In lib/rex/proto/http/server.rb.
 2015-02-24 05:19:42 -06:00
Christian Mehlmauer 4f11dc009a
fixes #4490, class.to_s should not be used for checks 2014-12-31 10:46:24 +01:00
James Lee a65ee6cf30
Land #3373, recog 
Conflicts:
	Gemfile
	Gemfile.lock
	data/js/detect/os.js
	lib/msf/core/exploit/remote/browser_exploit_server.rb
	modules/exploits/android/browser/webview_addjavascriptinterface.rb
 2014-10-03 18:05:58 -05:00
James Lee f68628c487 Add minimal specs for rex/proto/http/packet/header 2014-09-12 14:30:27 -05:00
HD Moore 6d92d701d7 Merge feature/recog into post-electro master for this PR 2014-08-16 01:19:08 -05:00
jvazquez-r7 f51feb7f52 Modify get_cookies regular expression 2014-07-06 13:22:31 -05:00
HD Moore 43d65cc93a Merge branch 'master' into feature/recog 
Resolves conflicts:
	Gemfile
	data/js/detect/os.js
	modules/exploits/android/browser/webview_addjavascriptinterface.rb
 2014-07-06 09:17:44 -05:00
William Vu 0133e861f8
Fix typo 2014-05-26 23:55:20 -05:00
Christian Mehlmauer da0a9f66ea
Resolved all msftidy vars_get warnings 2014-05-25 19:29:39 +02:00
HD Moore a844b5c30a Merge branch 'master' of github.com:hmoore-r7/metasploit-framework into feature/recog 
Conflicts:
	Gemfile
	Gemfile.lock
	data/js/detect/os.js
	lib/msf/core/exploit/remote/browser_exploit_server.rb
 2014-05-18 10:50:32 -05:00
James Lee 472f029576
Fix random bug when workstation_name is < 6 chars 
When the local workstation name is less than 6 characters, remote
authentication against a Windows 2008r2 WinRM service always fails. This
doesn't seem to affect authentication against IIS's negotiate
implementation.
 2014-05-15 13:27:37 -05:00
Jeff Jarmoc 2849a1bc0c Update comment again 2014-05-12 13:10:20 -05:00
Jeff Jarmoc a3cc499a17 Update comment w/ all modes 2014-05-12 13:02:54 -05:00
Jeff Jarmoc 5f523e8a04 Rex::Text::uri_encode - make 'hex-all' really mean all. 
'hex-all' encoding was previously ignoring slashes.
This pull adds 'hex-noslashes' mode which carries forward the previous functionality, and replaces all existing references to 'hex-all' with 'hex-noslashes'  It then adds a replacement 'hex-all' mode, which really encodes *ALL* characters.
 2014-05-12 11:26:27 -05:00
joev 42d59d269e Check #closed? instead of rescuing. 2014-04-03 14:20:48 -05:00
joev 98628b814e Prevent Rex::Proto::Http::Client from raising on close. 2014-04-03 11:36:18 -05:00
HD Moore 7e227581a7 Rework OS fingerprinting to match Recog changes 
This commit changes how os_name and os_flavor are handled
for client-side exploits, matching recent changes to the
server-side exploits and scanner fingerprints.

This commit also updates the client-side fingerprinting to
take into account Windows 8.1 and IE 9, 10, and 11.
 2014-04-01 08:14:58 -07:00
jvazquez-r7 57320a59f1 Do small clean up for mediawiki_thumb pr 2014-02-10 08:57:09 -06:00
Joe Vennix e10f9cc518 More whitespace fixes. 2013-11-20 15:07:51 -06:00
Joe Vennix 3ff9da5643 Remove compression options from client sockets. 
I couldn't verify that it was working, as it always sends 1 compression type of NULL.
 2013-11-20 14:41:45 -06:00
Joe Vennix b70b594a2a Kill extraneous comma. 2013-11-20 13:47:47 -06:00
Joe Vennix a7b01e3b72 Put initialize params back on one line, and move attr_accessors. 
As per @hdm's feedback
 2013-11-20 12:29:09 -06:00
Joe Vennix 9f103f8621 Whitespace tweak. 2013-11-20 01:15:15 -06:00
Joe Vennix f8b57d45cd Reenable the client SSLCompression advanced option. 
Add spec for some of the additions to Rex::Proto::Http::Client
 2013-11-20 01:03:13 -06:00
Joe Vennix 109fc5a834 Add SSLCompression datastore option. 
Also disables the compression by default. TLS-level compression is almost
never used by browsers, and openssl seems to be the only one that enables
it by default.

This also kills some ruby < 1.9.3 code.
 2013-11-19 22:34:39 -06:00
Joshua J. Drake d04c47d2b7 Remove comment since it was addressed in 4500d09c2f 2013-09-26 19:47:54 -05:00