adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

13785 Commits

Author SHA1 Message Date
Jeffrey Martin 1e348e0a90 add root path of endpoints that accept :id in path 
When requesting all records of a type :id is not supplied. A behavior change
in `sinatra` now report a `param` of the missing object with value `nil`.
Since this parameter would be used as a search term further down the stack and
most objects cannot have `:id` = `nil` exposing the additional path is needed.
 2020-07-31 11:56:52 -05:00
Jeffrey Martin 0b65266ac1 adjust migration to proxy call to ActiveRecord 
By adding proxy method the call to ActiveRecord::Migrator.migrations_paths
is decoupled from the migration task allowing more flexibility for the
underlying migration set selection to change in future Rails versions.
 2020-07-31 11:56:51 -05:00
Jeffrey Martin 2c92d17ed9 refactor migration process for Rails 5 
As noted in https://github.com/rails/rails/issues/36544 using
ActiveRecord migrations internally is not truly supported. This
workaround is valid for Rails 5 and might be easily adjusted
in Rails 6 although that is still TBD.
 2020-07-31 11:56:51 -05:00
Jeffrey Martin 5d1c4dafa1 begin adjust migrations and remove old test 
removed connection tests are from rails 3 expectations
 2020-07-31 11:56:50 -05:00
Jeffrey Martin aeb6247e8e adjust vuln connection boundaries for rails 5 2020-07-31 11:56:50 -05:00
Jeffrey Martin 07cbe426e2 Rails 5, all models inherit from ApplicationRecord 
ApplicationRecord is a new superclass for all app models, analogous to app controllers subclassing ApplicationController instead of ActionController::Base. This gives apps a single spot to configure app-wide model behavior.
https://edgeguides.rubyonrails.org/upgrading_ruby_on_rails.html#active-record-models-now-inherit-from-applicationrecord-by-default

Deprecated Relation#uniq use Relation#distinct instead.
https://edgeguides.rubyonrails.org/5_0_release_notes.html#active-record-deprecations
 2020-07-31 11:56:49 -05:00
Jeffrey Martin 8fac591f7a rails 5.2 update 2020-07-31 11:56:42 -05:00
María Belén Tualombo Chimbo 372a0be0e1 minor changes 2020-07-31 10:47:37 -04:00
María Belén Tualombo Chimbo 091481b783 changes requested for the conditionality system for module OPTIONS/ACTIONS/TARGETS 2020-07-31 10:44:12 -04:00
María Belén Tualombo Chimbo 938173feb3 [GSoC] Ev1 - Conditionality system for module OPTIONS/ACTIONS/TARGETS 2020-07-31 10:28:21 -04:00
gwillcox-r7 b6bce114ea Add in further edits to the library code to remove the possiblity of dangling handles and also update the module code accordingly. 2020-07-30 10:45:19 -05:00
María Belén Tualombo Chimbo 9d09e7c2b7 pull request changes requestested for the automatic action commands system 2020-07-30 11:41:34 -04:00
h00die d366666418 add Mikrotik SwOS 2020-07-30 11:29:25 -04:00
Jeffrey Martin 0bd2a295d0 make default prompt always display running major # 2020-07-29 11:40:37 -05:00
María Belén Tualombo Chimbo b710cfae95 [GSoC] Ev2 - Easier actions interaction system for modules implemented 2020-07-29 11:46:30 -04:00
Spencer McIntyre 9ba9690c14 Put more information into the generated module docs 2020-07-26 13:14:16 -04:00
Spencer McIntyre 65f9b62c52 Initial outline of module doc info template 2020-07-24 18:09:52 -04:00
gwillcox-r7 35e48c83bb Add in call to session.fs.dir.rmdir() in library code and in the module as sometimes the file might not be deleted otherwise. 2020-07-24 15:39:19 -05:00
gwillcox-r7 88c10de36f Add in proposed changes to cve_2020_0688_service_tracing.rb and filesystem.rb so that we can properly create mount points without dangling handle references 2020-07-23 21:44:18 -05:00
William Vu 93df021c4a Land #13884, Linux::Priv#download_cmd removal 2020-07-23 09:36:39 -05:00
William Vu 8e94fd55db Force OpenSSL::SSL::VERIFY_NONE 
Thanks, @HynekPetrak!
 2020-07-22 16:33:37 -05:00
William Vu f736b0192f Add LDAPS support and update vCenter vmdir modules 2020-07-22 14:23:00 -05:00
Brendan Coles d986d27218 Remove Msf::Post::Linux::Priv.download_cmd 2020-07-22 15:45:50 +00:00
Alan Foster 632f1a1205 Update json rpc process request error handling 2020-07-21 18:39:02 +01:00
William Vu d494eb046d Fix RPC support by raising instead of returning 2020-07-20 14:04:38 -05:00
Brent Cook f70043bf4e check if a module has a check method first 
Currently, if you run 'check' on a module that does not have a check
method, it will first complain that you have not set the 'RHOSTS'
option, whether it's an exploit module or a scanner. Then, once you set
RHOSTS (or whatever else it needs), it will then say 'Psych! I didn't
have a method in the first place!'.

This switches that logic around so that it first alerts you that the
module doesn't have support in the first place. It also similarizes more
logic between aux and exploit for some future convergence possibility.
 2020-07-20 11:09:46 -05:00
h00die 61a4fa61e5 simplify wifi block 2020-07-19 11:58:49 -04:00
h00die e5e5faf084 add new field processors 2020-07-18 12:20:33 -04:00
h00die 9a4a6fbca5 fix unused variable 2020-07-18 07:47:33 -04:00
h00die eaf7161cae mikrotik 2020-07-18 07:45:24 -04:00
Jeffrey Martin 65039a5091 Merge upstream into 6.x 2020-07-15 09:58:07 -05:00
dwelch-r7 02b8d436c8 Import vulns discovered from nmap 2020-07-14 13:22:09 +01:00
Brendan Coles 090b80eea7 Add Msf::Post::Unix.is_root? method 2020-07-12 00:47:56 +00:00
Jeffrey Martin f6d21abb51 require instead of autoload for exploit mixin 2020-07-10 22:15:12 -05:00
Jeffrey Martin c61f34ed16 Land #13596, [GSoC] SQLi library with support to MySQL (and MariaDB) 2020-07-10 13:45:47 -05:00
William Vu 9fa8931b77 Land #13812, ARCH_CMD target for psexec module 2020-07-10 10:39:52 -05:00
bwatters 24bf14b4c0 Land #13832, Polymorphic x86/x64 Block API 
Merge branch 'land-13832' into upstream-6.x
 2020-07-09 16:04:37 -05:00
bwatters f3cfa4913a Land #13783, Support AES-128-CBC as an additional option for TLV encryption 
Merge branch 'land-13783' into upstream-6.x
 2020-07-09 08:09:06 -05:00
Spencer McIntyre 1518c6441b Use the new shuffled block api when generating EXEs too 2020-07-08 14:44:16 -04:00
Spencer McIntyre 6f153688ff Add labels to shuffled assembly source code for post-processing 2020-07-08 14:39:00 -04:00
Spencer McIntyre 90870c91de Refactor the shuffle code to place it in a more accessible location 2020-07-07 18:13:55 -04:00
Spencer McIntyre af4dcdb22f Add documentation and fix rubocop issues for the new library code 2020-07-07 15:56:22 -04:00
Spencer McIntyre cfae4c76d0 Shuffle the block API source code every time 2020-07-07 15:55:32 -04:00
Niboucha Redouane 4c229c0a24 Add method for writing to files using SQL injection 2020-07-06 16:53:46 +02:00
Spencer McIntyre 700d2ff819 Fix the SMB share for the psexec command target 2020-07-06 10:36:25 -04:00
Spencer McIntyre 9dc02229e9 Support ARCH_CMD payloads in the psexec exploit module 2020-07-06 10:33:03 -04:00
Niboucha Redouane 4950c2dacf Fix minor bugs, in safe mode, and in the name of the attribute passed to attr_accessor 2020-07-01 23:00:23 +02:00
William Vu f5e50eb4b0 Land #13795, helpful "use" tip when running search 2020-07-01 14:52:18 -05:00
William Vu 8186270538 Fix whitespace 2020-07-01 14:52:07 -05:00
William Vu ffc07d6c8f Merge remote-tracking branch 'upstream/master' into pr/13787 2020-07-01 14:42:16 -05:00