0562aa50b4
Update nuuo.rb
2019-01-22 12:45:18 +07:00
94f5b4081f
Fix file download / upload bug
2019-01-22 11:17:47 +07:00
459598b91b
Update mixins to include new nuuo file
2019-01-21 16:40:37 +07:00
72a55fe0fc
Add nuuo NUCS core lib
2019-01-21 16:39:16 +07:00
444555d3be
Land #11261 , Add maximum word length to JtR wordlist generation
2019-01-20 04:14:57 +00:00
4b87d54430
Add comment explaining why we prevent loot.data update
2019-01-16 15:29:27 -06:00
fd6527bac8
Prepend loot filenames with unique string
...
This should help prevent accidentally overwriting files with the same name
2019-01-16 15:20:41 -06:00
705c269d27
Handle empty data values for loot
2019-01-16 10:59:07 -06:00
d6462fed63
Dont allow users to update loot.data
2019-01-16 10:01:22 -06:00
06de16a36f
Merge remote-tracking branch 'upstream/master' into pr/10119
2019-01-15 18:33:48 -06:00
dc7d611780
Base64 encode the data field for each loot operation
2019-01-15 18:01:43 -06:00
5c308b1448
Remove nested loot object from host JSON
...
The code on the framework side that was utilizing this was removed
a while ago. It was never actually being used anywhere, and was causing
issues with getting host objects back when the loot contained
non-UTF-8 characters
2019-01-15 16:45:04 -06:00
3bf4726b15
Fix pid_uid
2019-01-15 14:34:29 -06:00
923a4ba098
Land #11263 , uppercase KoreLogic in JTR modules
2019-01-15 08:50:11 -06:00
93f66a1f22
uppercase
2019-01-15 08:04:11 -05:00
2c02dbc8a6
add max_length to wordlist generation
2019-01-14 22:20:33 -05:00
2543d60465
Use 'to_s.strip' for Msf::Post::File.pwd output
2019-01-12 08:47:23 +00:00
e9a8d5708a
Land #11234 , @bcoles revisionism
2019-01-11 20:15:34 -06:00
a575c6d7c3
revisionism
2019-01-11 16:52:26 +00:00
d18c6bd158
Land #11188 , Correct authentication logic in host and event servlets
2019-01-10 13:09:26 -06:00
65f127a66f
Land #11222 , Display error when update operation has invalid fields
2019-01-10 11:33:22 -06:00
0435d7e1d6
Return the updated objects
2019-01-10 11:04:42 -06:00
5055e421f5
Add ! to cred update
2019-01-10 10:56:28 -06:00
0ad89528ea
Update pattern for creds
2019-01-10 10:55:36 -06:00
f125526e09
Land #11207 , implement db_import for web service
2019-01-10 10:28:29 -06:00
24f5422db9
use analyze.host to reflect final location of util
2019-01-09 16:59:50 -06:00
f93497de8f
refactor to allow analyze via rpc
2019-01-09 16:48:54 -06:00
84a8c9b638
Minor method comment change
2019-01-08 14:02:40 -05:00
d677eb16a9
Enhance session_events query
2019-01-08 14:02:32 -05:00
d117e6a1d1
Land #11142 , use POST for API token generation
2019-01-08 11:59:30 -05:00
466b0004e1
Land #11163 , add API endpoint for retrieving Mdm::Events
2019-01-08 09:26:53 -06:00
69ee3a4a26
Land #11187 , Conform LoginServlet to API standards
2019-01-07 17:03:39 -06:00
f23142c19c
Land #11183 , add authentication to LoginServlet endpoints
2019-01-07 17:02:31 -06:00
cfa22bb4ec
Exclude key from VulnDetail update
2019-01-07 16:33:50 -06:00
771469f4cd
Update all Mdm::xx.update() instances
2019-01-07 16:24:13 -06:00
6641c606b2
Add support for db import from remote data service
2019-01-07 14:32:27 -06:00
02fda8625a
Address code review comments.
...
- Fix CSS on submit button
- Dont generate a new token when logging in to web form
- Also added text to account page to send the user to the login page when not logged in
2019-01-07 13:52:01 -06:00
101fbb7aa5
Address code review comments
2019-01-04 15:23:24 -06:00
83267d08e0
Update jquery version and use SRI
2019-01-04 15:23:24 -06:00
4bbf84b949
Update login test page to use POST for generate-token
2019-01-04 15:22:32 -06:00
60681e4385
Use POST for token generation
2019-01-04 15:22:32 -06:00
1b29e17827
Dont array wrap refs
2019-01-04 15:10:21 -06:00
b875d391fc
WIP: updating ref lookup based on code review comments
2019-01-04 15:10:20 -06:00
0281ddf78c
Remove vuln_refs from Vuln JSON schema
...
This object is just a pointer between Vulns and refs. We don't need to surface it
2019-01-04 15:10:20 -06:00
e9931fa70e
Fix bug when updating Mdm::Vuln.refs
2019-01-04 15:10:19 -06:00
4fc65b39a1
Make position of warden call the same as others
...
Minor correction for consistent usage since a previous refactoring moved
the authenticate call into the begin block.
2018-12-31 16:38:26 -05:00
7b22527f8f
Make error message use same language as others
2018-12-31 16:37:08 -05:00
05d810ac23
Add support for GET with ID in the path
2018-12-31 15:46:00 -05:00
0e56c30ab2
Use data object wrapper for JSON response
2018-12-31 15:43:16 -05:00
12f4222b2e
Fix to ensure authentication
2018-12-28 16:29:33 -05:00
8361dab983
Minor method comment change
2018-12-27 21:57:31 -05:00
66505790f9
Land #11179 , Replace Sysrandom with Ruby default SecureRandom
2018-12-27 11:33:29 -06:00
34e99c3857
Modify GET error message to match other servlets
2018-12-26 22:45:33 -05:00
0d0356ccdd
Land #11126 , Update sessions through the DBManager
2018-12-26 13:15:43 -06:00
ebc7a3a315
Replace sysrandom with ruby default securerandom
2018-12-26 13:40:44 -05:00
b5bc65c3bd
Add GET handler to query events
2018-12-21 22:18:10 -05:00
a448b26f73
Remove unnecessary argument default value
2018-12-21 22:13:52 -05:00
5e971132f3
Enhance events method to fully query events
2018-12-21 22:07:43 -05:00
b4ff3b544f
Add CMDSTAGER::SSL datastore option
...
It has come to my attention that since I added the HTTP(S) command
stagers, no one has used HTTPS. This is probably why.
The CmdStager options hash takes precedence over any datastore options.
2018-12-21 14:51:49 -06:00
5cff330a38
Land #11128 , Rex::Exploitation::CmdStagerFetch
2018-12-21 14:16:57 -06:00
3021a05553
Fix typo in report.rb
2018-12-21 17:51:46 +05:30
f7eb3452be
Land #11083 , set user agent in Windows reverse_http(s) stagers
2018-12-19 11:38:12 -06:00
09f9b887b9
don't bother handholding the empty string
2018-12-19 10:52:51 -06:00
8d93812c0a
Add Rex::Exploitation::CmdStagerFetch
2018-12-15 03:30:00 +00:00
eec7a3dafc
Remove debug code
2018-12-14 13:33:16 -05:00
a683cedcce
Enhance race condition workaround in report_host
2018-12-14 12:28:16 -05:00
c2af36f405
Use update_session rather than Mdm save method
...
The changes ensure that updates to an Mdm::Session are reflected on a
remote data service.
2018-12-14 12:22:49 -05:00
b6cdf7aa9d
Add update_session method
2018-12-14 12:04:55 -05:00
3f9b2dadc8
Remove unnecessary single object selection
2018-12-14 11:20:19 -05:00
4cefb8d06e
Fix typo
2018-12-14 11:19:40 -05:00
4963647bf6
remove call to method not defined
2018-12-13 17:00:41 -06:00
733c2f637d
Land #11081 , Add Msf::Post::Linux::Kernel.lkrg_installed? method
2018-12-08 09:14:57 -06:00
3dca52510d
pass NULL if the UA field is empty
2018-12-08 06:23:35 -06:00
6f8fc55b86
set user agent in Windows reverse_http(s) stagers
2018-12-07 14:03:03 -06:00
df76521100
Land #11066 , add rpc output locking, fix logging
2018-12-07 13:49:10 -06:00
09ffce4ec5
fix mutex locking, push to rpcSend
2018-12-07 13:28:34 -06:00
80d83720df
Add Msf::Post::Linux::Kernel.lkrg_installed? method
2018-12-07 14:42:16 +00:00
9e110eb9fc
Land #10940 , add default service mapping to imports
2018-12-06 21:04:05 -06:00
f4282bfb56
Land #11064 , Add Msf::Post::Linux::Kernel.kernel_config method
2018-12-06 20:52:12 -06:00
b0560c1ec8
Centralize logging sync, fix minor logging issues
2018-12-05 12:42:44 -06:00
25e4c4734f
return nil rather than empty array
2018-12-05 23:44:13 +11:00
9d690f4f8c
Add Msf::Post::Linux::Kernel.kernel_config method
2018-12-05 11:19:36 +00:00
6040f779c5
Supress 'Permission denied' error in get_suid_files
2018-12-05 00:35:32 +00:00
55a9a12670
Land #10964 , add initial golang modules for enumerating owa/o365
2018-12-04 10:33:37 -06:00
042a793648
Land #11050 , Add protection checks to Msf::Post::Linux::Kernel lib
2018-12-03 13:16:46 -06:00
6574ceaab8
Land #11053 , Add Openwall detection to Linux system lib
2018-12-03 12:46:36 -06:00
b11bcd92a4
Broken into 3 modules, addressed review comments
2018-12-03 10:25:21 -06:00
ab1bea1b22
Land #10798 , Cisco device manager update
2018-12-03 01:39:19 -06:00
f2b7036e37
Add Openwall detection to Linux system lib
2018-12-03 06:58:19 +00:00
0481cbffe6
Add check for Exec-Shield
2018-12-03 03:51:14 +00:00
d87fef5ee3
Add grsec/PaX checks to Msf::Post::Linux::Kernel lib
2018-12-02 08:11:17 +00:00
dc125d1dc5
return hostname
2018-12-01 05:20:47 +00:00
5b926bcbcf
Addressed feedback
2018-11-30 13:18:02 -06:00
6225c04b99
Address review feedback, fix bugs
2018-11-30 11:36:39 -06:00
88ca775fd3
Land #10952 , WP GDPR Compliance plugin exploit
2018-11-29 13:31:31 -06:00
117d8ad986
Change default behavior of required OptString to permit empty strings
2018-11-29 11:34:44 -06:00
9d33891652
Update register descriptions
2018-11-28 19:37:35 -06:00
c4959da77f
Email validation and user registration
2018-11-28 17:56:55 -06:00
d523124faf
Land #10965 , Add the macOS LPE from pwn2own2018 (CVE-2018-4237)
2018-11-27 14:00:35 -06:00
181fc292c2
Land #10861 , Add framework for JSON-RPC and future Sinatra apps
2018-11-26 14:12:08 -06:00
2cde2e4e21
Land #11017 , Fix userns_enabled? check for unprivileged_userns_clone
2018-11-26 14:07:14 -06:00
fd75b75c61
Add FrameworkExtension
2018-11-26 13:08:42 -05:00
e144cc6738
Move under Msf::WebServices namespace
2018-11-26 12:58:10 -05:00
0678d33760
Revert "ensure a value exists before returning the normalized key"
...
This reverts commit 063838fb17
2018-11-26 10:10:07 -06:00
a98dbd1d61
Revert "Return the original key if it does not exist in the datastore"
...
This reverts commit 7312fa774f
2018-11-26 10:10:07 -06:00
8f07f299b4
Fix userns_enabled? check for unprivileged_userns_clone
2018-11-25 01:26:49 +00:00
e07e5caebd
don't do a binary regex against a regular string
2018-11-22 09:19:38 -06:00
8694d6dd19
Land #10990 , move metasploit web service code
2018-11-21 16:49:56 -06:00
77723ba2f8
Land #11002 , Support Python 3.7 in external probe scanner code
2018-11-21 16:23:34 -06:00
682ebdc234
Land #11001 , Properly error out when attempting to format ELFs
2018-11-21 16:13:40 -06:00
317f71f7f4
Land #10802 , Make `msfvenom -f` case-insensitive
2018-11-21 16:04:30 -06:00
c9f8a591e5
Land #10872 , Add --pad-nops option for msfvenom
2018-11-21 16:02:02 -06:00
44da31edb8
Support Python 3.7 in external probe scanner code
2018-11-21 15:06:54 -06:00
818c3c9f57
Properly error out when attempting to format ELFs
2018-11-21 14:57:37 -06:00
7312fa774f
Return the original key if it does not exist in the datastore
2018-11-21 06:03:50 -06:00
063838fb17
ensure a value exists before returning the normalized key
2018-11-21 04:43:06 -06:00
da9e6edbf1
delete option aliases when an option is deleted
...
Otherwise the aliases will remain active and if the aliased value is redefined
2018-11-21 04:09:33 -06:00
30bf716827
Use --pad-nops as a boolean to make -n <size> the total payload size.
2018-11-20 23:26:03 -06:00
4cc9959e3f
Move MSF API App and associated servlets
...
The modules interact with the DbManager, however, are not a part of it
and belong in a more meaningful location for web services.
2018-11-19 18:46:15 -05:00
630de06f9e
Land #10972 , Rework session_compatible? check in post mixin, excluding ARCH_CMD modules
2018-11-19 16:08:15 -06:00
4726c58516
Update documentation
2018-11-16 12:40:42 -06:00
1e3515bddc
Clean up code
2018-11-16 05:04:54 -06:00
a58a91613a
Exclude ARCH_CMD modules, not local exploits
...
We don't want to lose SessionTypes. Brain fart.
2018-11-16 05:00:17 -06:00
b60ae0ff1a
Limit session_compatible? check to post modules
...
Local exploits may define a different payload platform or arch.
2018-11-16 02:59:59 -06:00
691b9276a6
Fix issue when re-establishing DB connection
2018-11-15 21:00:19 -05:00
420be60900
add CVE-2018-4237
2018-11-15 08:48:10 +08:00
38bea6c29c
Added msmailprobe to msf
2018-11-14 16:15:11 -06:00
795aa3c99c
Land #10828 , git submodule url exec CVE-2018-17456
2018-11-14 12:39:13 -06:00
97ee965c6e
Landing #10884 - Add JSON-RPC Client
2018-11-13 08:31:55 -06:00
d2a78cecd0
improvements to code commente and floe
2018-11-12 17:31:43 -06:00
1b44fd0ade
Remove conditional for path
2018-11-12 11:05:40 -06:00
a80ac67373
Prepend GO path
2018-11-12 11:03:19 -06:00
8dc974b51e
Prepend python path
2018-11-12 07:58:43 -06:00
8ea4ed6314
land #10927 proper identification of centos/alpine linux in post libs
2018-11-10 08:33:35 -05:00
5ba44ff12d
add default service mapping to imports
2018-11-08 18:14:22 -06:00
7127792fcf
tidy up external go modules
2018-11-06 20:23:10 +01:00
407a9f3de1
remove debug
2018-11-06 11:12:02 -06:00
76531cb818
gofmt all the things
2018-11-06 11:12:02 -06:00
97bee891ce
remove some ruby vestiges
2018-11-06 11:12:02 -06:00
df43b372fa
initial golang module support
2018-11-06 11:12:02 -06:00
cfbc0a9a0c
properly bubble up errors on external module load
2018-11-06 11:12:02 -06:00
dea460c813
golang module loader support
2018-11-06 11:12:02 -06:00
08d4e2265d
Add CentOS and Alpine Linux detection to Linux system lib
2018-11-06 03:16:07 +00:00
e7f5c0cfbf
additional solaris-ish regexes
2018-11-05 19:25:08 -05:00
ad58930e9b
Dump formats when invalid format is selected
2018-11-04 09:25:37 -05:00
9f77966ec9
Revert downcase throughout, instead use single downcase within option parsing
2018-11-04 08:57:45 -05:00
7326453024
Merge branch 'master' of https://github.com/rapid7/metasploit-framework into hosts_data
2018-11-03 17:06:00 -04:00
ca0249c539
enhancements to solaris host info db regex
2018-11-03 17:05:47 -04:00
8372007576
Prefer method_defined? for the class
2018-11-02 00:34:17 -05:00
c3311da6e2
Be specific about report_on_exception
2018-11-02 00:24:16 -05:00
Pedro Ribeiro
Brendan Coles
James Barnett
William Vu
Jacob Robles
h00die
Erin Bleiweiss
Brent Cook
Jeffrey Martin
Matthew Kienow
Garvit Dewan
Wei Chen
Christopher Lee
asoto-r7
Adam Cammack
Patrick
Tim W
Christian Mehlmauer
Kevin Kirsche