adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,677 Commits 27 Branches 1,043 Tags
23d0ffa3abbfcba7677e4358f6bd9d30b2b6ce68
Commit Graph

30 Commits

Author SHA1 Message Date
HD Moore f5c7f4c41a Remove trailing whitespace 2012-11-19 19:42:22 -06:00
HD Moore 4509c11916 Fingerprint dd-wrt even when auth is required 2012-07-15 21:21:13 -05:00
HD Moore d656e3185f Mark all libraries as defaulting to 8-bit strings 2012-06-29 00:18:28 -05:00
HD Moore 7c8cb2d79e Add vuln_attempts, track exploit attempts when a matching vuln exists. 
This also fixes an issue with report_vuln() from exploited hosts not
setting the service correctly. This introduces a fail_reason method
to the exploit base class, which attempts to determine why an exploit
did not work (closed port, unreachable host, missing page, etc). There
is still quite a bit of work to do around this to finish it up.
 2012-06-10 03:15:48 -05:00
James Lee 29e01760f0 Wrap more database usage in with_connection block 2012-04-19 23:51:20 -06:00
sinn3r c6162bbe08 I've changed my mind. Default to "/" anyway even if it's nil. 2012-04-07 19:47:28 -05:00
sinn3r cfb34739f9 Actually, let's default to "/" only if the TARGETURI option is empty. If it's nil, we prefer to throw the exception at the user. 2012-04-07 19:44:34 -05:00
sinn3r 9a229dfcff Make target_uri default to "/" in case the TARGETURI option is nil or empty 2012-04-07 19:43:19 -05:00
HD Moore 7b32bc689f Swap URIPATH to TARGETURI for consistency 2012-03-12 13:58:33 -05:00
Tod Beardsley de888e50f0 Adding a cleaner RuntimeError to target_uri 
The purpose of re-raising an error from a library method like this is to
tell the user in no uncertain terms what all actually went wrong with the
module. This fix will cause a somewhat more pleasant error message than
the default message. Here's the raise from URI:

```
[-] Auxiliary failed: URI::InvalidURIError bad URI(is not URI?): what%ever
[-] Call stack:
[-]   /home/todb/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/uri/common.rb:156:in `split'
[-]   /home/todb/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/uri/common.rb:174:in `parse'
[-]   /home/todb/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/uri/common.rb:626:in `parse'
[-]   /home/todb/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/uri/common.rb:724:in `URI'
[-]   /home/todb/git/rapid7/metasploit-framework/lib/msf/core/exploit/http/client.rb:535:in `target_uri'
[-]   /home/todb/.msf4/modules/auxiliary/test_uri.rb:20:in `run'
[*] Auxiliary module execution completed
```

And here's the new, Metasploit-specific one:

```
[-] Invalid URI: "what%ever"
[-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: URIPATH.
[*] Auxiliary module execution completed
```

The user can now tell easily what's wrong with the module configuration,
and doesn't have to parse through a stack trace that leads down into
the Ruby stdlib.
 2012-03-10 10:58:16 -06:00
sinn3r cc87ed8428 Remove weird error handling unless someone explains to me why I need to raise errors when it does already 2012-03-09 18:42:06 -06:00
sinn3r 0530eb4b09 Add target_uri 2012-03-09 14:44:32 -06:00
Tod Beardsley 148dddba2f http_fingerprint should use the ssl() function 
Instead of re-declaring ssl as a variable, just use the library's SSL
function, since it's there and it's incidentally more accurate.
 2012-02-03 15:31:20 -06:00
Tod Beardsley af506240cf http_fingerprint reports service info 
Service info once again is reported when http_fingerprint is run against
a target, along with http status codes.
 2012-02-03 12:15:11 -06:00
Tod Beardsley 786d75493c Fix up VMWware webscan to not false positive 
Checks to see if a target is actually vmware based on the provided
cookie, using the http_fingerprint() function from HttpClient.

[Fixes #6340]
 2012-02-02 22:19:57 -06:00
David Maloney 31f6c4dfff http_fingerprint now reports website isntead of just a service 
fixes #6277
 2012-01-26 11:05:06 -06:00
David Maloney 54bca49ef9 Slightly better fix to the digest request header issue 2012-01-05 12:25:32 -08:00
David Maloney e61b4ed65c Fixed issue with send_digest_request_cgi not keeping user supplied headers. 2012-01-05 12:02:21 -08:00
James Lee 07b402f29b more whitespace, in HttpClient 
git-svn-id: file:///home/svn/framework3/trunk@14044 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-24 04:58:59 +00:00
Tod Beardsley 550746e7c2 Adding a fingerprint for Metasploit. Turnabout is fair play and all. 
git-svn-id: file:///home/svn/framework3/trunk@13918 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-14 01:32:46 +00:00
James Lee d50577066f remove some silliness of registering UserAgent as an option since it's already an advanced option for HttpClient, make the default obvious 
git-svn-id: file:///home/svn/framework3/trunk@13394 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-28 22:57:47 +00:00
HD Moore 9ce47c01bd Reverting the autoload changes until we can upgrade to a new ActiveSupport library or find a workaround 
git-svn-id: file:///home/svn/framework3/trunk@12600 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-12 20:03:55 +00:00
James Lee 06779bc8c0 remove unnecessary requires for stuff in rex. autoload and a high-level require 'rex' in lib/msf/core.rb should take care of everything. see #4371, #4373, r12587, and r12554. 
git-svn-id: file:///home/svn/framework3/trunk@12588 4d416f70-5f16-0410-b530-b9f4589650da
 2011-05-12 00:53:33 +00:00
amaloteaux f9680c854b reworj http ntlm authentificaion and correct some bug 
git-svn-id: file:///home/svn/framework3/trunk@12225 4d416f70-5f16-0410-b530-b9f4589650da
 2011-04-03 20:38:27 +00:00
James Lee 7d12151ec6 add support for http digest authentication. fixes #2504, thanks oliver kleinecke for the patch! 
git-svn-id: file:///home/svn/framework3/trunk@11961 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-14 22:37:16 +00:00
amaloteaux 5f6995e8d3 enable ntlmv2 and signing for smb client stack (pth implementation is coming), fixes #11678 and #152 
git-svn-id: file:///home/svn/framework3/trunk@11893 4d416f70-5f16-0410-b530-b9f4589650da
 2011-03-07 19:57:53 +00:00
Joshua Drake 8353bf7bf3 move 100-continue processing into Rex, fixes #3109 
git-svn-id: file:///home/svn/framework3/trunk@10919 4d416f70-5f16-0410-b530-b9f4589650da
 2010-11-05 16:20:13 +00:00
Joshua Drake f07f354472 tidy pass on exploit mixins 
git-svn-id: file:///home/svn/framework3/trunk@10487 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-26 21:02:00 +00:00
James Lee eddd6d481d add some documentation for request_cgi 
git-svn-id: file:///home/svn/framework3/trunk@10293 4d416f70-5f16-0410-b530-b9f4589650da
 2010-09-11 17:31:26 +00:00
Joshua Drake d540818f01 split http exploit mixin into http/server and http/client 
git-svn-id: file:///home/svn/framework3/trunk@9971 4d416f70-5f16-0410-b530-b9f4589650da
 2010-08-07 06:59:16 +00:00