Commit Graph

11725 Commits (f4e4bb803fb6387e2c93603a172213a5198f4eea)

Author SHA1 Message Date
David Maloney 15ba85bac2
fix missed deprecations
missed some deprecation warnings
2016-03-09 13:29:35 -06:00
David Maloney 88697a5d3f
Merge branch 'master' into staging/rails-upgrade 2016-03-08 15:22:04 -06:00
William Vu 3e0f8d67c9 Use #strip to more correctly simulate #blank?
See f900d9cf26.
2016-03-07 13:14:37 -06:00
Brent Cook 289f43bb80
Land #4848, remove some reliance on rails libraries from rex 2016-03-07 07:38:30 -06:00
Brent Cook 5a0bec81cb
disable warnings for now, to be reenabled when the module base class is updated 2016-03-06 17:19:05 -06:00
Brent Cook a2c3b05416
Land #6405, prefer default module base class of simply 'Metasploit' 2016-03-06 17:10:55 -06:00
Brent Cook 0fc4ebf4ab
Land #6618, Improve Content-Length behavior in Rex HTTP 2016-03-06 16:38:44 -06:00
Brent Cook a1190f4344
Land #6598, add post module for setting wallpaper 2016-03-06 15:00:10 -06:00
Spencer McIntyre a8ac078586
Land #6636, fix met finalizers to not double close 2016-03-06 12:55:39 -05:00
Metasploit a5cdd7e17f
Bump version of framework to 4.11.15 2016-03-04 16:56:02 -08:00
Metasploit ce675330c0
Bump version of framework to 4.11.14 2016-03-04 14:49:55 -08:00
Gregory Mikeska 7f2400dd1b Merge branch 'jbarnett-r7-feature/MS-833/ms08-067-automation' into upstream-master 2016-03-04 12:34:00 -06:00
Brent Cook dcba20ff60 only cleanup processes once too 2016-03-04 12:08:19 -06:00
Brent Cook c250740a81 Fixup finalizers to not double-close Meterpreter objects
We add finalizers to an assortment of Meterpreter-managed objects in order to
clean things up in the event that a post module crashes and does not clean
things up. However, this also means that even a properly-written post module
can lead to an object getting double-closed on the Meterpreter session when the
garbage collector kicks in. This can lead to quite non-deterministic behavior
and crashes.

This change modifies the instance close methods to unregister the finalizer on
close, ensuring we cannot do a double-close automatically if one is requested
explicitly first. As an additional measure, we check an instance variable to
see if we called close directly twice as well. This is not sufficient in
itself, since we do not have a reference to 'self' in the finalizer proc to
check the close state.

This also removes a couple of references to 'self' in the finalizer proc
itself, which may cure some memory leaks as well due to circular references.
2016-03-02 21:43:51 -06:00
Brian Patterson 30043bc519
Changed .all to .load in workspace.rb in order to eager load the relation and fix the 4.0 rails deprecation 2016-03-01 11:48:55 -06:00
William Vu c5a9d59455
Land #6612, one final missing change 2016-02-29 15:08:42 -06:00
William Vu cb0493e5bb Recreate Msf::Exploit::Remote::Fortinet
To match the path, even though it's kinda lame including it just for the
monkeypatch.
2016-02-29 15:04:02 -06:00
William Vu 300fdc87bb Move Fortinet backdoor to module and library 2016-02-29 12:06:33 -06:00
wchen-r7 2950996cb8
Land #6612, Add aux module for Fortinet backdoor 2016-02-29 12:02:49 -06:00
William Vu 53d703355f Move Fortinet backdoor to module and library 2016-02-29 11:57:42 -06:00
wchen-r7 bff4b4d5fc Fix #6609 and #6587 - Change Content-Length behavior in Rex HTTP
This patches changes two things:

1. If a module has a custom Content-Length, it will respect that
   instead of forcing its own.

2. If a request does not have anything in the body, the
   Content-Length header will not be set.

Fix #6609
Fix #6587
2016-02-29 10:50:21 -06:00
Fernando Arias c4c5944b25
Merge branch 'staging/rails-upgrade' into staging/MS-888/engines-is-deprecated
Conflicts:
	Gemfile.lock
	metasploit-framework.gemspec
2016-02-26 15:35:34 -06:00
Brent Cook 7acba69e37
Land #6577, add controls for Android ringer 2016-02-26 07:02:49 -06:00
Brent Cook 5899b8afc8 make help show up when things are not specified correctly 2016-02-26 06:09:05 -06:00
Brent Cook d891e27cdd
Land #6597, prefer Timeout.timeout since Object#timeout is deprecated 2016-02-25 22:17:49 -06:00
William Vu 83fad3e328 Add Fortinet backdoor 2016-02-25 21:29:08 -06:00
Brent Cook a87cf02b50
Land #6524, fix reverse_http to try binding to LHOST first 2016-02-25 20:25:02 -06:00
wchen-r7 2e268a25da
Land #6596, Apache Karaf Login Utility 2016-02-25 14:39:51 -06:00
wchen-r7 7e25c7b87b Handle OpenSSL::Cipher::CipherError
Our current net/ssh is petty outdated, so it is possible not being
able to connect to certain SSH servers.
2016-02-25 14:35:37 -06:00
Gregory Mikeska cbc5b296e4
implement engines method locally instead of adding refinement 2016-02-25 11:05:17 -06:00
darkbushido 2ec7149ae7
Logging deprecations to STDERR 2016-02-25 10:59:50 -06:00
Metasploit b32f474e99
Bump version of framework to 4.11.13 2016-02-24 11:37:42 -08:00
RageLtMan d7ba37d2e6 Msf::Exploit::Remote::HttpServer print_* fix
Exploit::Remote::HttpServer and every descendant utilizes the
print_prefix method which checks whether the module which mixes in
these modules is aggressive. This is done in a proc context most
of the time since its a callback on the underlying Rex HTTP server.

When modules do not define :aggressive? the resulting exceptions
are quietly swallowed, and requestors get an empty response as the
client object dies off.

Add check for response to :aggressive? in :print_prefix to address
this issue.
2016-02-21 20:20:22 -05:00
Tim cef1b77e26 fixes for android set_audio_mode 2016-02-20 12:01:10 +00:00
Metasploit b868f7cc89
Bump version of framework to 4.11.12 2016-02-19 20:19:43 -08:00
RubenRocha 72a69fcd16 Fixed timeout warning 2016-02-19 21:14:54 +00:00
Louis Sato 9ba82453f8
Land #6584, cidr notation addition for route command 2016-02-19 12:20:00 -06:00
Brent Cook b409b2237d update to use the common bind_addresses method 2016-02-18 18:17:56 -06:00
Brent Cook 1e58b1574a
Land #6502, add -x flag for showing extended sessions info 2016-02-18 15:37:41 -06:00
Brent Cook d316609fef put extra columns under the -x flag 2016-02-18 15:36:43 -06:00
James Lee 28e6d8ef9e
Allow CIDR notation for the route command 2016-02-17 09:44:32 -06:00
James Lee 35e0a433ea
Make error output more useful 2016-02-16 14:45:00 -06:00
Brent Cook 95484c81fd
Land #6526, fix browser exploit server spec 2016-02-15 16:23:04 -06:00
Brent Cook 1f58ad15ac Browser::Exploit::Server needs to have vprint* 2016-02-15 16:21:24 -06:00
Brent Cook 3d1861b3f4 Land #6526, integrate {peer} string into logging by default 2016-02-15 15:19:26 -06:00
Artem c5469be59e Add Android ringer change mode command 2016-02-15 15:07:48 -06:00
Brent Cook 2fddf333ed add TLV entry 2016-02-15 15:04:15 -06:00
Artem 59bf850bb0 Update android.rb
Add request for Ringer Mode Changer
2016-02-15 14:59:15 -06:00
Brent Cook 4db2840af9
Land #6385, add .apk template support for msfvenom 2016-02-15 14:27:08 -06:00
Metasploit 93cc7d58ba
Bump version of framework to 4.11.11 2016-02-12 15:38:50 -08:00