adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
46,524 Commits 27 Branches 1,043 Tags
30b11edbfbdf12c00a60d87458f82a356d3b37ef
Commit Graph

209 Commits

Author SHA1 Message Date
bwatters-r7 acb31e2f74 Land #12458, Refactor extended check messages 
Merge branch 'land-12458' into upstream-master
 2019-10-21 12:24:37 -05:00
bwatters-r7 bb426c0cc7 Land #12428, Extend check codes with custom messages 
Merge branch 'land-12428' into upstream-master
 2019-10-15 11:16:33 -05:00
Brent Cook bce5955ba5 Land #12377, Fix stack_adjustment bug 2019-10-02 00:41:53 -05:00
William Vu 0b3b732fc6 Land #12223, module deprecation by alias 2019-08-30 12:16:27 -05:00
Jeffrey Martin 2e085b7b8d Land #12126, Implement "set PAYLOAD" by index 2019-07-31 15:11:44 -05:00
Jeffrey Martin 7ee156ddc8 Land #11819, Implement module use by previous search index 2019-07-16 13:47:24 -05:00
Jeffrey Martin 6d62bdae9f Land #12085, Fix is_payload_compatible? for nil payloads 2019-07-11 12:38:02 -07:00
Brent Cook 8235380a90 Land #11768, implement faster compatible payload logic 2019-04-24 03:21:04 -07:00
William Vu f3e94c6d20 Land #10637, exploit.rb autofilter doc fixes 2018-09-13 12:26:17 -07:00
Wei Chen 85475507b9 Land #10591, Fix target DisableNops not being passed to payload 2018-09-05 18:58:39 -07:00
Brent Cook 8c29a3b5da Land #10471, Import target DefaultOptions into the datastore 2018-08-21 09:05:06 -07:00
Brent Cook 861097d246 Land #10267, defer bind payload connections until exploit has run 2018-07-13 15:38:39 -07:00
Brent Cook 9b152cec72 Land #10009, Add initial check support to external modules 2018-05-21 17:01:35 -05:00
Brent Cook 78c07b86c4 Land #9962, tab-complete target options 2018-05-17 08:16:31 -07:00
Brent Cook 505eff4403 Land #9898, Fix target NOP generator not passed to payload 2018-04-23 11:21:10 -07:00
Brent Cook abfcdc3fa7 Land #9892, Fix target encoder not being passed to payload 2018-04-23 11:21:10 -07:00
Adam Cammack e43686177a Land #9833, Remove broken feature detection 2018-04-12 09:27:21 -07:00
Brent Cook 876df392f1 Land #9822, Fix backgrounded aggressive exploits 2018-04-10 06:55:58 -07:00
William Vu 333d57461a Check exploit stance for array as well as string 
An exploit can be both aggressive and passive.
 2018-01-08 13:52:04 -06:00
Brent Cook e414bdb876 don't try to guess intent for specified default targets, leave auto-auto targeting to unspecified modules 2017-05-11 15:19:11 -05:00
Brent Cook 0e3eba18b3 simplify guard logic 2017-02-17 16:00:15 -06:00
Brent Cook f4befda59b inherit the options from the default target so we can autocomplete before the rhost resolution occurs 2017-02-17 15:50:45 -06:00
Brent Cook 76529278b8 make sure we can actually invoke auto targeting before adding it 2017-01-30 05:24:57 -06:00
Brent Cook 7d32166c70 use a better check for whether rhosts exists 2017-01-29 19:18:23 -06:00
David Maloney d564f5d60a don't add auto targets to things without rhost 
Things like browser exploits don't have remote host options
which is what auto targeting relies on, so it does not make sense
to include the auto-targeting in these exploits

7837
 2017-01-17 11:40:07 -06:00
David Maloney 31d36d9112 if autotargeting fails fall back 
fallback to the original first target if auto-targeting fails
 2017-01-03 14:38:52 -06:00
David Maloney 5fd531028c ome minor guards and spec fixes 
some minor conditional guards and spec fixes
 2017-01-03 14:38:51 -06:00
David Maloney a61b92aa3e tweak target selection 
the target selection actually adjust the datastore
as if a user selected the target, this prevents
a mismatch between the target and the target index

MS-2325
 2017-01-03 14:38:51 -06:00
David Maloney 3d2957dff1 tying it all together 
insert our autotarget routine into
the main target selection process

MS-2325
 2017-01-03 14:38:50 -06:00
David Maloney 44830dfc54 prefer authour's target over ours 
if the module authour added an automatic target
we skip our routine, to let the module's own automatic targeting
take over as it likely be better

MS-2325
 2017-01-03 14:38:50 -06:00
David Maloney 4060e63b89 add tests for auto target addition 
tests to make sure we add auto targets only
in the appropriate conditions

MS-2325
 2017-01-03 14:38:49 -06:00
David Maloney 84d5e42e4f start gearing up for testing 
start getting auto-targeting test framework in place
so we can have unit tests for this behaviour

MS-2325
 2017-01-03 14:38:45 -06:00
David Maloney 769d477e97 if no automatic target defined, add one 
if an exploit does not have a defined automatic target
then we add one in for our fallback auto-targeting

MS-2325
 2017-01-03 13:54:34 -06:00
William Vu f95136ce67 Prefer && over and 2016-12-21 00:16:33 -06:00
Brent Cook efb015facc make assigning payload fast again 
This streamlines the check for whether the currently-selected payload is
compatible on assignment. Rather than building the entire list of
compatible payloads, and seeing if what the user typed is in it (and
making multiple giant lists on the way), we simply check the module the
user typed directly.
 2016-12-20 17:39:09 -06:00
Brent Cook 743bea912a fix exploit Passive / Aggressive overrides to do the right thing 2016-09-25 19:57:41 -04:00
wchen-r7 337e48dc07 Create #make_fast_nops for huge NOP chunks 
This creates a new method called #make_fast_nops for exploits that
actually need large chunks of NOPs.
 2016-06-13 15:25:46 -05:00
James Lee 2563634dce Fix inverted logic introduced by #6734 
MS-385
 2016-04-06 22:03:31 -05:00
David Maloney 64b94dfe3b reimplement HD's session interrupt handler 
reimplement HD's work on a session interrupt handler
so that if an exploit fails the handler does not continue
waiting for a session that will never come

MS-385
 2016-04-01 14:43:16 -05:00
Brent Cook 85acfabfca remove various library workarounds for the datastore not preserving types 2016-03-05 23:10:57 -06:00
James Lee 0f7e3e954e HttpServer's print prefix with... wait for it... 
print_prefix
 2016-01-20 13:44:18 -06:00
wchen-r7 a16a10aaf6 Fix #6371, being able to report an exception in #job_run_proc 
Fix #6371

When a browser fails to bind (probably due to an invalid port or
server IP), the module actually fails to report this exception from
exception, the method calls exploit.handle_exception(e). But since
handle_exception is not a valid method for that object, it is unable
to do so, and as a result the module fails to properly terminate
the module, or show any error on the console. For the user, this will
make it look like the module has started, the payload listener is up,
but there is no exploit job.

Rex::BindFailed actually isn't the only error that could be raised
by #job_run_proc. As far as I can tell registering the same resource
again could, too. With this patch, the user should be able to see this
error too.

Since the exploit object does not have access to the methods in
Msf::Simple::Exploit, plus there is no other code using
handle_exception and setup_fail_detail_from_exception, I decided
to move these to lib/msf/core/exploit.rb so they are actually
callable.
 2015-12-22 16:35:29 -06:00
jvazquez-r7 d85412b0fb Complete fix for generation of nop sleds 2015-10-16 14:01:00 -05:00
jvazquez-r7 b788772215 break only if 'make_nops' is able generate the nop sled 2015-10-16 13:28:37 -05:00
Fernando Arias eb479318b1 Use existing run for match result or create a new one if it doesnt exist 
MSP-13119
 2015-09-15 14:34:44 -05:00
Fernando Arias c7f15ca940 Rework how match results get created 
MSP-13119

* Create match result when we create vuln attempt
 2015-09-14 12:18:47 -05:00
Fernando Arias 0bb03db786 Rework vuln lookup logic to account for vuln with no service (nexpose import vuln with -1 port) 
MSP-13234
 2015-09-09 13:21:05 -05:00
Fernando Arias ed1065b297 Create MatchResult with status Failure on session failure 
MSP-13104
 2015-08-24 12:56:32 -05:00
jvazquez-r7 af326a4f88 Use compatible_payloads instead of copy and paste 2015-05-29 16:55:19 -05:00
wchen-r7 defda01d87 Some doc 2015-05-29 15:09:29 -05:00