2955a2f6ac
Skip CNAME records in DNS SRV parsing - Fix #13952
2020-08-07 08:45:07 +00:00
35017886b8
Land #13935 , Preliminary Version 6
2020-08-06 10:19:34 -05:00
9aa26d1208
Merge upstream into 6.x
2020-08-03 11:43:47 -05:00
07cbe426e2
Rails 5, all models inherit from ApplicationRecord
...
ApplicationRecord is a new superclass for all app models, analogous to app controllers subclassing ApplicationController instead of ActionController::Base. This gives apps a single spot to configure app-wide model behavior.
https://edgeguides.rubyonrails.org/upgrading_ruby_on_rails.html#active-record-models-now-inherit-from-applicationrecord-by-default
Deprecated Relation#uniq use Relation#distinct instead.
https://edgeguides.rubyonrails.org/5_0_release_notes.html#active-record-deprecations
2020-07-31 11:56:49 -05:00
8e94fd55db
Force OpenSSL::SSL::VERIFY_NONE
...
Thanks, @HynekPetrak!
2020-07-22 16:33:37 -05:00
f736b0192f
Add LDAPS support and update vCenter vmdir modules
2020-07-22 14:23:00 -05:00
65039a5091
Merge upstream into 6.x
2020-07-15 09:58:07 -05:00
f6d21abb51
require instead of autoload for exploit mixin
2020-07-10 22:15:12 -05:00
c61f34ed16
Land #13596 , [GSoC] SQLi library with support to MySQL (and MariaDB)
2020-07-10 13:45:47 -05:00
4c229c0a24
Add method for writing to files using SQL injection
2020-07-06 16:53:46 +02:00
700d2ff819
Fix the SMB share for the psexec command target
2020-07-06 10:36:25 -04:00
9dc02229e9
Support ARCH_CMD payloads in the psexec exploit module
2020-07-06 10:33:03 -04:00
4950c2dacf
Fix minor bugs, in safe mode, and in the name of the attribute passed to attr_accessor
2020-07-01 23:00:23 +02:00
89f7be3ef0
Improve error message
2020-07-01 14:20:04 -05:00
f9ade608b5
minor change: add default value to some arguments
2020-07-01 02:56:01 +02:00
4b78de5416
Refactor AutoCheck a bit more
2020-06-30 11:58:42 -05:00
0680113288
get rid of database parameter in MySQLi methods
2020-06-30 18:49:13 +02:00
b230adebba
Add check for positional arguments on class constructor (SQLi::Common)
2020-06-30 16:16:35 +02:00
b841246536
Update autocheck to use prepend instead of include, add ForceExploit functionality
2020-06-30 11:40:46 +01:00
440294ff07
make some attributes writable, and specify its the SQLi library in any verbose message
2020-06-27 18:28:12 +02:00
2c4ca04dca
Rename the factory method for SQLi classes, and add a check on the class to instanciate
2020-06-27 14:51:54 +02:00
aa6c037dbd
refactor mixin as factory for sqli classes
2020-06-26 15:09:01 -05:00
34e8eae471
move hex_encode_strings to MySQLi::Common, as it is specific to MySQL
2020-06-26 16:04:51 +02:00
7291a77807
minor fix to verbose logging / some comments
2020-06-25 12:46:05 +02:00
f89f80be47
add default value for options of SQLi constructors, and fix eyesofnetwork module
2020-06-24 00:38:13 +02:00
c94bd3b2d8
remove verbose prints in blind injections
2020-06-23 21:33:03 +02:00
2bdc693930
Replace puts with print_status and similar
2020-06-23 21:25:59 +02:00
aaa38a3188
Fix formatting
2020-06-22 17:41:20 +02:00
fba2d2e7be
inject the datastore into the SQLi library, and register advanced options
2020-06-22 17:36:38 +02:00
1a2bf98222
creates standard elog & updates exisiting usages
2020-06-22 12:48:39 +01:00
4f756ba229
replace some classes with modules
2020-06-20 21:09:13 +02:00
9d36076264
Add option to specify the range of characters to retrieve
2020-06-19 16:41:57 +02:00
7c630f0403
Avoid repetitive code in blind injections
2020-06-18 20:52:02 +02:00
fa43dc6dfb
minor fix to the structure
2020-06-18 17:28:47 +02:00
305dbe9e2f
refactor structure, get rid of prefix and suffix
2020-06-18 17:21:10 +02:00
0887f3feee
Improve the blind injection queries
2020-06-13 12:24:22 +02:00
3639765277
Improve code quality: less repetitive code
2020-06-11 19:16:23 +02:00
c319799c44
Add more comments
2020-06-11 00:07:53 +02:00
ecb1a0bb16
add test_vulnerable to MySQLi class, and fix minor issues with the test modules
2020-06-10 21:59:51 +02:00
12681b0746
Add support for encodings to exfiltrate data containing bad characters/multibyte characters
2020-06-10 21:40:22 +02:00
0f936f7500
Various fixes and enhancements
2020-06-09 23:43:15 +02:00
a9a1d01419
Update some libraries and modules
2020-06-09 14:18:52 +02:00
0bb93b4efb
Update modules
...
- ms17_010_command and ms17_010_psexec: deregister
SMB::ProtocolVersion option
- client: update error handling
- is_known_pipename: force SMB1 only for #enumerate_directories and
update error handling
2020-06-09 14:18:52 +02:00
04a44d2334
Improve client error/warning/debug messages
2020-06-09 14:18:52 +02:00
31a117f8f7
Update modules
...
- smb_ms17_010.rb
- psexec_ms17_010.rb
- psexec_psh.rb
- smb_enumshares.rb
2020-06-09 14:18:52 +02:00
474d7ebbab
Update SMB client
...
- Add SMB::AlwaysEncrypt option
- Force SMB1 for SMB fingerprint
- Update smb_netshareenumall
2020-06-09 14:18:51 +02:00
6ab47eb001
Update SMB Client and SimpleClient
...
- multiple protocol version negotiation
- SMB 1, 2 and 3 by default
- add SMB::ProtocolVersion option to SMB Client mixin
2020-06-09 14:18:51 +02:00
92d8464ac1
Various fixes and enhancements
2020-06-05 21:59:16 +02:00
118ada96a2
Merge branch 'master' of https://github.com/rapid7/metasploit-framework into GSOC/SQLi_Engine
2020-06-04 17:55:38 +02:00
001910473b
Land #13448 , Fix relative location redirects
2020-06-04 09:17:45 -05:00
Brendan Coles