ef87a63bde
modules: Check datastore ForceExploit before checking if session is root
2023-02-02 18:17:02 +11:00
319f15d938
Handle nil versions for rubygems 4
2021-02-25 16:47:49 +00:00
3a2932b798
Migrate old uses of manual autocheck to use the new prepend autocheck
2021-02-02 10:15:46 +00:00
1617b3ec9b
Use zeitwerk for lib/msf/core folder
2020-12-07 10:31:45 +00:00
30809787c4
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
38498305d3
Add module notes for Reliability and Stability
2019-11-03 00:33:24 +00:00
40bc44d2b6
Add ForceExploit to Linux local modules
2018-11-11 09:37:56 +00:00
c3080d69f2
Use writable? method for local modules
2018-11-04 05:28:32 +00:00
8826932f72
Fix syntax errors
2018-10-10 14:39:07 +00:00
7a048afd14
Make WritableDir an advanced option
2018-10-10 14:12:29 +00:00
fc7040099c
Update Linux sock_sendpage local exploit module
2018-04-10 11:15:42 +00:00
a40429158f
40% done
2017-08-28 20:17:58 -04:00
6300758c46
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
b8d80d87f1
Remove last newline after class - Make @wvu-r7 happy
2017-07-19 11:19:49 +01:00
64452de06d
Fix msf/core and self.class msftidy warnings
...
Also fixed rex requires.
2017-05-03 15:44:51 -05:00
3c56f1e1f7
Remove commented x64 arch from sock_sendpage
2016-11-01 01:29:11 +10:00
1d617ae389
Implement first pass of architecture/platform refactor
2016-10-28 07:16:05 +10:00
b08d1ad8d8
Revert "Land #6812 , remove broken OSVDB references"
...
This reverts commit 2b016e02167b1d9596c7
2016-07-15 12:00:31 -05:00
816bc91e45
Resolve #6807 , remove all OSVDB references.
...
OSVDB is no longer a vulnerability database, therefore all the
references linked to it are invalid.
Resolve #6807
2016-04-23 12:32:34 -05:00
3123175ac7
use MetasploitModule as a class name
2016-03-08 14:02:44 +01:00
44990e9721
Revert "change Metasploit4 class names"
...
This reverts commit 3da9535e22
2016-03-07 13:19:48 -06:00
3da9535e22
change Metasploit4 class names
2016-03-07 09:57:22 +01:00
154fb585f4
Remove bad references (dead links)
...
These links are no longer available. They are dead links.
2015-10-27 12:41:32 -05:00
3f40342ac5
Fix sock_sendpage
2015-04-21 14:17:19 -05:00
4224008709
Delete print_debug/vprint_debug
2015-04-21 11:14:03 -05:00
35d3bbf74d
Fix up comment splats with the correct URI
...
See the complaint on #4039 . This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
9e30c58495
Blow away remnants of Local::Unix
2013-11-05 13:51:45 -06:00
36f96d343e
Revert "Revert "Land #2505 " to resolve new rspec fails"
...
This reverts commit e7d3206dc9
2013-11-05 13:45:00 -06:00
e7d3206dc9
Revert "Land #2505 " to resolve new rspec fails
...
This reverts commit 717dfefead6430fa3354
2013-10-21 12:47:57 -05:00
717dfefead
Land #2505 , missing source fix for sock_sendpage
2013-10-21 11:47:55 -05:00
23d058067a
Redo the boilerplate / splat
...
[SeeRM #8496 ]
2013-10-15 13:51:57 -05:00
dfe74ce36c
Factorize sock_sendpage
2013-10-11 13:40:01 -05:00
b9b2c82023
Add some entropy
...
* Random filename
* Stop shipping debug strings to the exploit executable
Also makes the writable path configurable, so we don't always have to
use /tmp in case it is mounted noexec, etc.
2013-10-10 18:18:01 -05:00
947925e3a3
Use a proper main signature with arguments
...
Allows us to `unlink(argv[0])`
2013-10-09 17:22:01 -05:00
c251596f0b
Fix some bugs in preparation for factorizing
...
* Stop removing \x0a characters with String#scan, which of course breaks
the shellcode
* Fork so the original session continues to work
2013-10-09 16:03:40 -05:00
845bf7146b
Retab changes for PR #2304
2013-09-05 13:41:25 -05:00
adf9ff356c
Merge for retab
2013-09-05 13:41:23 -05:00
41e4375e43
Retab modules
2013-08-30 16:28:54 -05:00
63adde2429
Fix load order in posts, hopefully forever
2013-08-29 13:37:50 -05:00
ae17e9f7b5
add osvdb ref 56992
2013-06-02 18:32:46 -05:00
9c95c7992b
Require's for all the include's
2012-10-23 13:24:05 -05:00
3cb60fb42a
Fix 1.8-specific regexp syntax bug
...
The bug was:
line 343: warning: regexp has invalid interval
line 343: warning: regexp has '}' without escape
2012-07-26 02:19:13 -05:00
d238debb2f
Add disclo date, discoverers, and better description
2012-07-18 16:14:32 -06:00
ebe48ecf16
Add Rank for schelevator, update sock_sendpage's
2012-07-18 11:16:29 -06:00
7091d1c65b
Add an exploit for sock_sendpage
...
Unfortunately, adds a dep on bionic for runtime compilation.
Gets ring0, sets the (res)uid to 0 and jumps to the payload. Still some
payload issues because linux stagers don't mprotect(2) the buffer they
read(2) into. Single payloads work fine, though.
Also cleans up and improves local exploits' ability to compile C.
[SEERM #3038 ]
2012-07-15 20:29:48 -06:00
6913440d67
More progress on syscall wrappers
...
Something is still broken, my socket() is returning EAFNOSUPPORT whereas
what looks like the same syscall in wunderbar_emporium's exploit.c is
returning a socket. Similarly, my __mmap2() is returning EFAULT when
trying to map anything, not just NULL.
2012-06-22 17:45:49 -06:00
fd8b1636b9
Add the first bits of a sock_sendpage exploit
...
This can currently build an executable that creates a socket, opens a
temporary file, truncates that file with ftruncate(2) and calls
sendfile. Still needs to mmap NULL and figure out ring0 shellcode.
Baby steps.
2012-06-22 00:03:29 -06:00
bcoles