34dccaaa1f
Clean use of -c on creds command
2013-11-19 13:26:14 -06:00
f690667294
Land #2617 , @FireFart's mixin and login bruteforcer for TYPO3
2013-11-18 13:37:16 -06:00
7dd70d4c19
Switch to vprint_debug some mixin messages
2013-11-18 13:33:45 -06:00
ae440130f5
Reduce code complexity easily
2013-11-18 13:25:50 -06:00
f61c1548ee
Use verbose by default on mixin error messages
2013-11-18 13:23:05 -06:00
eb8c3ba657
Switch to normal indentation
2013-11-18 13:20:49 -06:00
4cf16cf360
Land #2633 , @OJ's port of Kitrap0d as local exploit
2013-11-14 09:27:10 -06:00
0aef145f64
Merge remote-tracking branch 'upstream/master' into land-2532-enum-lsa
2013-11-13 18:11:21 -06:00
8471f74b75
Refactor ivar to a more reasonable method
...
Also changes jtr output for cachedump to produce hashes that can be
auto-detected as mscash2 format for a better user experience.
2013-11-13 18:09:41 -06:00
16627c1bd3
Add spec for capture_lsa_key
2013-11-13 15:16:34 -06:00
6bd82d8589
Land #2636 , Win8 for {constants,platform}.rb
2013-11-13 14:20:52 -06:00
3a923422a3
Update class for Win 8
2013-11-13 13:27:44 -06:00
94a2f52ccc
Land #2637 , version number bump to 4.9.0-dev
2013-11-13 13:20:18 -06:00
3168359a82
Refactor lsa and add a spec for its crypto methods
2013-11-13 11:55:39 -06:00
74df9bd037
Bump version number since 4.8.0 is out
2013-11-13 11:42:31 -06:00
8e90116c89
Add Win 8 to constants
2013-11-13 11:38:27 -06:00
2fc43182be
Land #2622 - Fix up proxy/socks4a.rb
2013-11-12 18:22:32 -06:00
ef6d9db48f
Land #2613 , @wchen-r7's BrowserExploitServer mixin
2013-11-12 17:33:12 -06:00
fbe1b92c8f
Good bye get_resource
2013-11-12 17:25:55 -06:00
2035983d3c
Fix a handful of msftidy warnings, and XXX SSL
...
Marked the SSL stuff as something that needs to be resolved in order to
fix a future bug in datastore manipulation. Also, fixed some whitespace
and exec complaints
[SeeRM #8498 ]
2013-11-11 21:23:35 -06:00
cf8f2940b0
Oops, this is the right filename
2013-11-11 15:45:11 -06:00
85150823cd
rename again
2013-11-11 15:44:27 -06:00
8c1d7d936b
Revert "Fix conflcit lib/msf/util/exe.rb"
...
This was causing build failures:
https://travis-ci.org/rapid7/metasploit-framework/builds/13816889
It looks like there were a whole bunch of changes that weren't intended.
This reverts commit 3996557ec662102dd1f9
2013-11-11 13:48:39 -06:00
6a840fc169
Move file to get a matching name
2013-11-11 12:41:03 -06:00
8d4d7dae50
Restore comment header and remove carriage returns
2013-11-11 12:16:14 -06:00
d483f2ad79
Land #2618 - rm shebangs
2013-11-11 11:55:23 -06:00
36064ca886
remove EOL carriage return from socks4a.rb
2013-11-11 12:47:41 -05:00
3996557ec6
Fix conflcit lib/msf/util/exe.rb
...
Conflicts:
lib/msf/util/exe.rb
2013-11-11 11:43:09 -06:00
62102dd1f9
Land #2544 - Vbs minimize
2013-11-11 11:14:56 -06:00
33f65dd611
Land #2577 - Use base64 to reduce psh-net payload size
2013-11-11 10:21:20 -06:00
6a25ba18be
Move kitrap0d exploit from getsystem to local exploit
...
This version modifies the existing meterpreter session and bumps the privs
up to SYSTEM. However it's not how local exploits are supposed to work.
More work will be done to make this create a new session with the elevated
privs instead.
2013-11-11 17:14:40 +10:00
26482f9ebd
reset head~2 and removed shebang from unattend.rb
2013-11-09 15:05:56 -05:00
cc9ac7695d
Land #2592 , add getproxy
...
Needed for new functionality in #2612
2013-11-08 13:20:20 -06:00
575072585f
removed shebangs from files within rex
2013-11-07 18:51:59 -05:00
866f240337
A little update on documentation
2013-11-07 17:06:43 -06:00
32b12609bd
Forgot to pass optional headers
2013-11-07 16:50:58 -06:00
bdd33d4daf
implement feedback from @jlee-r7
2013-11-07 23:07:58 +01:00
aab4d4ae76
first commit for typo3
2013-11-07 22:38:27 +01:00
7615264b17
Merge branch 'lanattacks_fix' of git://github.com/OJ/metasploit-framework into OJ-lanattacks_fix
2013-11-07 10:35:00 -06:00
991240a87e
Support java version detection
2013-11-07 00:54:52 -06:00
3e1771aa77
Being able to pass binding when we need to
2013-11-07 00:12:29 -06:00
23996ec32c
Fix up some things
2013-11-06 22:47:02 -06:00
1dacf7e57e
Last lot of shebangs removed
2013-11-07 07:35:51 +10:00
6422e1d6e8
Remove shebang, code tidy, as per @jlee-r7's gripes
2013-11-07 07:32:04 +10:00
c338f7a8c0
Change how requirements are defined, rspec, etc
2013-11-06 14:01:29 -06:00
c92116060e
Forgot to rm this line
2013-11-06 01:53:46 -06:00
f2e4d5507c
More rspec
2013-11-06 01:45:40 -06:00
636adc81de
Add rop_junk and rop_nop
2013-11-06 01:04:33 -06:00
65c96a1f45
Allow the module to be target specific
2013-11-06 00:57:53 -06:00
63d3c7e8bb
Put proxy headers in a constant
2013-11-05 16:33:36 -06:00
73701462ed
Fix ActiveX. Use ERB for Javascript detection code.
2013-11-05 16:26:41 -06:00
7dcb071f11
Remote shebang and fix pxexeploit
2013-11-06 07:10:25 +10:00
36f96d343e
Revert "Revert "Land #2505" to resolve new rspec fails"
...
This reverts commit e7d3206dc9
2013-11-05 13:45:00 -06:00
9c6b187cc6
stuff
2013-11-05 11:05:33 -06:00
0513dad789
-_-
2013-11-05 10:30:37 -06:00
9d1742ac47
Fix typos
2013-11-05 10:15:53 -06:00
8fb2b943be
Add ActiveX detection
2013-11-05 01:34:56 -06:00
5f2d8358c0
Be more browser specific with Javascript generation
2013-11-05 01:04:52 -06:00
844daf0e00
No regex for get_resource checking
2013-11-04 17:49:43 -06:00
054a525f35
Change profile data structure
2013-11-04 17:46:36 -06:00
ef57a38274
Move documentation about profile structure
2013-11-04 16:47:15 -06:00
d1e008387a
Stop auto preview, code clean
...
Removed the auto preview of captured images from the clipboard.
Removed parens from calls to print_line.
2013-11-05 07:15:31 +10:00
f62247e731
Fix comments, indenting and pxexploit module
...
Updated the comments and indentation so they're not blatantly wrong.
Adjusted the pxexploit module so that it doesn't break any more as
a result of the refactoring.
2013-11-05 06:35:50 +10:00
9c8ecd2ede
Fix encoding order
2013-11-04 14:06:42 -06:00
d970925cbf
Fix encoding bug
2013-11-04 13:45:29 -06:00
ed572d95ee
Merge joev's PR for Rex::Exploitation::Js::Network
2013-11-04 12:58:08 -06:00
23e5a9f048
Force on_request_exploit override
2013-11-04 12:54:52 -06:00
e83f4e5120
Use a warning
2013-11-04 12:54:41 -06:00
25787fbaa7
Change has_proxy?
2013-11-04 12:52:15 -06:00
c6fb570480
Correct bad method naming
2013-11-04 12:35:04 -06:00
016e686bcf
super chomp
2013-11-04 12:28:22 -06:00
c3d9f4064c
They are symbols not strings
2013-11-04 12:10:39 -06:00
0337e6ff54
Do yard documentation
2013-11-04 12:09:59 -06:00
ff78082004
Refactor lanattacks ruby code, add command dispatcher
...
The lanattacks module didn't seem to have a command dispatcher, and
hence loading the module would always result in a failure. This
commit fixes this problem.
The commit contains a bit of a refactor of the lanattacks code to be
a little more modular. It also has a shiny new dispatcher which breaks
the DHCP and TFTP functionality up into separate areas.
2013-11-04 17:37:42 +10:00
bccbed2757
Rename :use_xhr_shim to :inject_xhr_shim.
2013-11-02 16:52:04 -05:00
90d8da6a21
Fix some bugs in my edits, add a spec.
2013-11-02 16:46:33 -05:00
c7c1fcfa98
Pull shared XHR shim out, add option to static Js module method.
...
* Moves shim to data/js/network/xhr_shim.js
* Add some yardoc comments
2013-11-02 14:52:50 -05:00
d658fa46b4
Updated help, removed binaries
2013-11-02 23:10:16 +10:00
67fbeacbf0
Add support for optional image downloading
...
Without -d, `CF_DIB` types will just show image dimensions. Running
with -d will result in the image being looted.
2013-11-02 23:07:13 +10:00
abc06aa8aa
Use mutex
2013-11-01 11:35:23 -05:00
5fb261a974
Change var name
2013-10-31 23:48:41 -05:00
d54c8a359b
Fix bug in proxy detection
2013-10-31 23:42:43 -05:00
7a33c48a0f
No double slash
2013-10-31 23:17:38 -05:00
5851d502b5
Rename some stuff
2013-10-31 23:12:20 -05:00
21891a8337
Make sure the browser can't retry by going to the first URL
2013-10-31 23:08:17 -05:00
94d62613ab
Pretty much done with these, remove these comments.
2013-10-31 19:04:11 -05:00
828ef9c64c
Adds target-specific payload generator
2013-10-31 18:54:01 -05:00
8a0ebcbac7
Adds method get_module_resource
2013-10-31 14:34:38 -05:00
10fd892827
Fix a "undefined method to_sym" bug
...
If something is undetectable, the value may be empty, which triggers
a undefined method error because the regex always assumes there is
something. So instead of +, we use *.
2013-10-31 14:06:05 -05:00
6e7e5a0ff9
Put postInfo() in the js directory
2013-10-31 13:55:22 -05:00
00efad5c5d
Initial commit for BrowserExploitServer mixin
2013-10-31 13:17:06 -05:00
f5d1d8eace
chmod -x .rb files without #! in modules and lib
...
It wasn't just cmdstager_printf.rb. :/
2013-10-30 19:51:25 -05:00
3e1ae4c9b3
Land #2504 , @todb-r7's edit command for msfconsole
2013-10-30 15:38:07 -05:00
900ccc7ec9
VISUAL is okay. Also doesn't need to be a path.
...
I don't believe this opens an untoward attack vector -- if your attacker
can run Metasploit locally, you have much bigger problems.
2013-10-30 15:34:23 -05:00
2fbac9b129
Add `getproxy` command
...
This command pulls out system proxy details on windows machines.
2013-10-30 18:40:51 +10:00
26af6452da
Land #2588 , @wvu-r7's permissions change for cmdstager_printf.rb
2013-10-29 08:07:19 -05:00
1f6c320bb3
Tidy up of extapi code, new bins
...
* Rename methods to remove redundancy.
* Update bins to freshly compiled version.
* Use the Rex Table functionality instead of custom look.
* Use the `usage` feature of the Arguments class for help.
2013-10-29 21:22:05 +10:00
606411de81
Fix mimikatz error when password is nil
...
In some cases the password value that comes out of mimikatz results
is `nil`, instead of an empty string. This fixes this so that if
the string is `nil` is falls back to an empty string, resulting in
the call to `gsub` working instead of failing.
2013-10-29 15:13:32 +10:00
333a0d5820
chmod -x cmdstager_printf.rb
2013-10-28 18:47:14 -05:00
4bf041ec46
Use Rails, not Ruby, time formats.
...
Since MSF now equires ActiveSupport, may as well reference it correctly.
2013-10-25 11:52:54 -05:00
jvazquez-r7
James Lee
William Vu
sinn3r
Tod Beardsley
Jonathan
OJ
FireFart
scriptjunkie
joev
jvazquez-r7