sinn3r
689999c8b8
Saving progress
...
Progress group 3: Making sure these checks comply with the new
guidelines. Please read: "How to write a check() method" found in
the wiki.
2014-01-21 13:03:36 -06:00
William Vu
2aed8a3aea
Update modules to use new ZDI reference
2013-10-21 15:13:46 -05:00
Tod Beardsley
23d058067a
Redo the boilerplate / splat
...
[SeeRM #8496 ]
2013-10-15 13:51:57 -05:00
Tod Beardsley
c547e84fa7
Prefer Ruby style for single word collections
...
According to the Ruby style guide, %w{} collections for arrays of single
words are preferred. They're easier to type, and if you want a quick
grep, they're easier to search.
This change converts all Payloads to this format if there is more than
one payload to choose from.
It also alphabetizes the payloads, so the order can be more predictable,
and for long sets, easier to scan with eyeballs.
See:
https://github.com/bbatsov/ruby-style-guide#collections
2013-09-24 12:33:31 -05:00
Tab Assassin
41e4375e43
Retab modules
2013-08-30 16:28:54 -05:00
HD Moore
6c1ba9c9c9
Switch to Failure vs Exploit::Failure
2013-08-15 14:14:46 -05:00
Ruslaideemin
71bc06d576
Fix undefined variable in tomcat_mgr_deploy.rb
...
Exploit failed (multi/http/tomcat_mgr_deploy): NameError undefined
local variable or method `path' for #<Msf...>
[06/04/2013 10:14:03] [d(3)] core: Call stack:
modules/exploits/multi/http/tomcat_mgr_deploy.rb:253:in `exploit'
lib/msf/core/exploit_driver.rb:205:in `job_run_proc'
lib/msf/core/exploit_driver.rb:166:in `run'
lib/msf/base/simple/exploit.rb:136:in `exploit_simple'
lib/msf/base/simple/exploit.rb:161:in `exploit_simple'
lib/msf/ui/console/command_dispatcher/exploit.rb:111:in `cmd_exploit'
lib/rex/ui/text/dispatcher_shell.rb:427:in `run_command'
lib/rex/ui/text/dispatcher_shell.rb:389:in `block in run_single'
lib/rex/ui/text/dispatcher_shell.rb:383:in `each'
lib/rex/ui/text/dispatcher_shell.rb:383:in `run_single'
lib/rex/ui/text/shell.rb:200:in `run'
lib/msf/ui/web/console.rb:71:in `block in initialize'
lib/msf/core/thread_manager.rb💯 in `call'
lib/msf/core/thread_manager.rb💯 in `block in spawn'
Uses path instead of path_tmp in error messages.
2013-06-04 11:19:28 +10:00
David Maloney
0ae489b37b
last of revert-merge snaffu
2013-02-19 23:16:46 -06:00
Tod Beardsley
8ddc19e842
Unmerge #1476 and #1444
...
In that order. #1476 was an attempt to salvage the functionality, but
sinn3r found some more bugs. So, undoing that, and undoing #1444 as
well.
First, do no harm. It's obvious we cannot be making sweeping changes in
libraries like this without a minimum of testing available. #1478 starts
to address that, by the way.
FixRM #7752
2013-02-11 20:49:55 -06:00
David Maloney
4c1e630bf3
BasicAuth datastore cleanup
...
cleanup all the old BasicAuth datastore options
2013-02-04 13:02:26 -06:00
sinn3r
c174e6a208
Correctly use normalize_uri()
...
normalize_uri() should be used when you're joining URIs. Because if
you're merging URIs after it's normalized, you could get double
slashes again.
2013-01-30 23:23:41 -06:00
Tod Beardsley
33751c7ce4
Merges and resolves CJR's normalize_uri fixes
...
Merge remote-tracking branch 'ChrisJohnRiley/set_normalize_uri_on_modules'
into set_normalize_uri_on_modules
Note that this trips all kinds of msftidy warnings, but that's for another
day.
Conflicts:
modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb
modules/exploits/windows/http/xampp_webdav_upload_php.rb
2013-01-07 11:16:58 -06:00
Christian Mehlmauer
8f2dd8e2ce
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
Christian Mehlmauer
25aaf7a676
msftidy: Remove $Id$
2013-01-04 00:41:44 +01:00
Chris John Riley
f88ec5cbc8
Add normalize_uri to modules that may have
...
been missed by PULL 1045.
Please ensure PULL 1045 is in place prior to
looking at this (as it implements normalize_uri)
ref --> https://github.com/rapid7/metasploit-framework/pull/1045
2012-11-08 17:42:48 +01:00
sinn3r
f1423bf0b4
If a message is clearly a warning, then use print_warning
2012-10-24 00:44:53 -05:00
HD Moore
fb7f6b49f0
This mega-diff adds better error classification to existing modules
2012-06-19 12:59:15 -05:00
andurin
4e955e5870
replace spaces with tabs
2012-04-06 10:45:10 -05:00
andurin
67e6c7b850
tomcat_mgr_deploy may report successful creds
...
Using following code for 'check' as 'exploit':
report_auth_info(
:host => rhost,
:port => rport,
:sname => (ssl ? "https" : "http"),
:user => datastore['BasicAuthUser'],
:pass => datastore['BasicAuthPass'],
:proof => "WEBAPP=\"Tomcat Manager App\", VHOST=#{vhost}, PATH=#{datastore['PATH']}",
:active => true
)
Resulting in:
Credentials
===========
host port user pass type active?
---- ---- ---- ---- ---- -------
192.168.x.xxx 8080 tomcat s3cret password true
2012-04-06 10:45:10 -05:00
Tod Beardsley
14e3cd75dc
Revert "tomcat_mgr_deploy may report successful creds"
...
This reverts commit 937f8f035a
.
2012-04-05 16:17:06 -05:00
andurin
937f8f035a
tomcat_mgr_deploy may report successful creds
2012-04-05 11:09:56 +02:00
sinn3r
aeb691bbee
Massive whitespace cleanup
2012-03-18 00:07:27 -05:00
James Lee
8d93e3ad44
Actually use the password we were given...
2012-03-08 10:17:39 -07:00
James Lee
02ea38516f
Add a check method for tomcat_mgr_deploy
2012-03-06 23:22:44 -07:00
HD Moore
ceb4888772
Fix up the boilerplate comment to use a better url
2012-02-20 19:40:50 -06:00
Tod Beardsley
829040d527
A bunch of msftidy fixes, no functional changes.
2012-02-10 19:44:03 -06:00
Joshua J. Drake
ac7edc268a
Add some more clear documentation for selecting payloads for this module.
2011-12-05 00:35:11 -06:00
Will Vandevanter
a0d8a08851
java meterpreter should be used when the target is set to automatic
...
git-svn-id: file:///home/svn/framework3/trunk@14068 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-25 20:02:09 +00:00
James Lee
c412a836ed
add VERBOSE option to all modules and vprint_* methods to use it
...
git-svn-id: file:///home/svn/framework3/trunk@13183 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-15 15:33:35 +00:00
David Rude
a8b6c43636
reverting the disclosure dates for now need to clean up the patch
...
git-svn-id: file:///home/svn/framework3/trunk@12540 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-04 20:43:19 +00:00
David Rude
3b7ea08f6a
Fixes a ton of Disclosure Date discrepencies in various modules, thanks a ton to Michael Baker for spending the time to ensure accuracy
...
git-svn-id: file:///home/svn/framework3/trunk@12539 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-04 19:17:31 +00:00
James Lee
dd6afdc74c
make these titles a little clearer
...
git-svn-id: file:///home/svn/framework3/trunk@11330 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-14 17:26:44 +00:00
Joshua Drake
26a9fe6fc7
add some missing CVE references
...
git-svn-id: file:///home/svn/framework3/trunk@11180 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-30 20:19:18 +00:00
James Lee
326dc42bca
add EncodedPayload#encoded_exe, encoded_jar, and encoded_war. simplifies exploits that need java and native payloads. see #406 and #3009
...
git-svn-id: file:///home/svn/framework3/trunk@10999 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-11 23:01:35 +00:00
Joshua Drake
1f235a8c9b
remove 64-bit targets since we dont have an x86_64 linux exe generator
...
git-svn-id: file:///home/svn/framework3/trunk@10833 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-27 17:21:54 +00:00
Joshua Drake
be841a4810
check for failed serverinfo result
...
git-svn-id: file:///home/svn/framework3/trunk@10788 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-22 21:32:12 +00:00
James Lee
3b2c43fac4
get rid of the redundant second java target
...
git-svn-id: file:///home/svn/framework3/trunk@10785 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-22 20:07:18 +00:00
James Lee
f33d7cc670
revamp java payloads and make shells work with tomcat_mgr_deploy. tested java_trusted_chain and java_tester to verify that this doesn't break other java payload usage. see #3009 and #2973 , meterpreter doesn't work yet, so not marking resolved.
...
git-svn-id: file:///home/svn/framework3/trunk@10781 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-22 10:19:51 +00:00
Joshua Drake
c6f1fa716d
add a java target, fixes #2973
...
git-svn-id: file:///home/svn/framework3/trunk@10755 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-19 22:36:59 +00:00
Joshua Drake
042e71c357
add ports/refs for ZDI-10-214
...
git-svn-id: file:///home/svn/framework3/trunk@10747 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-19 14:28:52 +00:00
Joshua Drake
b49e81300a
fix auto-target exe generation
...
git-svn-id: file:///home/svn/framework3/trunk@10688 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-14 21:26:05 +00:00
Joshua Drake
bd1eeb3722
rework to_jsp_war a bit, fix uses, default msfencode -t war to x86/win32
...
git-svn-id: file:///home/svn/framework3/trunk@10397 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-20 15:59:46 +00:00
Joshua Drake
4590844871
tons of indentation fixes, some other style tweaks
...
git-svn-id: file:///home/svn/framework3/trunk@10394 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-20 08:06:27 +00:00
Joshua Drake
16ff17c9d1
add more http fingerprints -- thx mc
...
git-svn-id: file:///home/svn/framework3/trunk@9797 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-12 23:25:31 +00:00
Joshua Drake
a3d901a6b9
various minor fixes, some added fingerprinting
...
git-svn-id: file:///home/svn/framework3/trunk@9671 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-03 06:21:31 +00:00
Joshua Drake
7d945ed9dc
add lots of disclosure dates from OSVDB
...
git-svn-id: file:///home/svn/framework3/trunk@9669 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-03 03:13:45 +00:00
Joshua Drake
93b09648c7
add additional CVE reference, cleanup references
...
git-svn-id: file:///home/svn/framework3/trunk@9642 4d416f70-5f16-0410-b530-b9f4589650da
2010-07-01 19:42:11 +00:00
Joshua Drake
698da3bdea
add CVE for cognos express
...
git-svn-id: file:///home/svn/framework3/trunk@9502 4d416f70-5f16-0410-b530-b9f4589650da
2010-06-12 09:37:21 +00:00
Joshua Drake
0ea6eca4bc
big module whitespace/formatting cleanup pass
...
git-svn-id: file:///home/svn/framework3/trunk@9179 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-30 08:40:19 +00:00
Joshua Drake
1a47c436d3
support amd64 arch
...
git-svn-id: file:///home/svn/framework3/trunk@9025 4d416f70-5f16-0410-b530-b9f4589650da
2010-04-06 04:08:39 +00:00