adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
16,599 Commits 27 Branches 1,043 Tags
463a45ccafd3ceb6fefffa2a2375615bf64569ec
Commit Graph

5801 Commits

Author SHA1 Message Date
David Maloney 463a45ccaf if we don't support the auth return original res 
make sure we return the original 401 if we don't support the auth.
 2013-02-05 09:57:33 -06:00
David Maloney 877fb017b6 remove negotiate requirements 
winrm can support basic, and now these modules can too, for free
 2013-02-04 16:50:43 -06:00
David Maloney af6b0615fb fix pipelining 
winrm is unforgiving of pipelining from non ntlm requests into the
challenge response cycle. we must clear our initial tcp session before
starting ntlm auth for winrm
 2013-02-04 16:42:24 -06:00
David Maloney 44d4e298dc Attempting to cleanup winrm auth 2013-02-04 15:48:31 -06:00
David Maloney c71b803413 Add invisible auth to web crawler 
the anemone web crawler now properly supports our invisible auth scheme
for rex http.
 2013-02-04 14:38:08 -06:00
David Maloney 9b84e5b3c4 Fix raw requests to work as well as cgi 2013-02-04 13:59:58 -06:00
David Maloney 413c37e506 Add invisible auth to Web::HTTP 
add the invisible auth support to tasos' http class
 2013-02-04 13:39:40 -06:00
David Maloney 0c57026065 Remove junk added earlier 
i added junk to tasos' class when we were going to attempt this a
different way. housekeeping to clean it up
 2013-02-04 13:13:08 -06:00
David Maloney 8d013d1034 Merge branch 'master' into http/auth_methods 2013-02-04 13:11:57 -06:00
David Maloney 9497e38ef7 Fix http login scanner 
Fix the http_login scanner to use new buitin auth
 2013-02-04 12:31:19 -06:00
HD Moore 797e2604a0 Fix missing require in reverse_tcp_ssl 2013-02-03 17:41:45 -06:00
RageLtMan ffb88baf4a initial module import from SV rev_ssl branch 2013-02-03 15:06:24 -05:00
HD Moore c3801ad083 This adds an openssl CMD payload and handler 2013-02-03 04:44:25 -06:00
David Maloney 8d817dcbb5 fix iis digest support mistake 
Digest auth working automatically
 2013-02-01 15:49:18 -06:00
David Maloney 6c12fa26bc oodles of small fixes 
Basic, NTLM and Negotiate auth all working transparently
Have to test digest auth still
 2013-02-01 15:12:11 -06:00
David Maloney 61969d575b remove mixin require, more datastore clenaup 2013-02-01 15:12:11 -06:00
David Maloney efe0947286 Start fixing datastore options 2013-02-01 15:12:11 -06:00
David Maloney ef1fc58e5e Remove mixin, start moving into Rex 
move auth awareness into rex itself
 2013-02-01 15:12:11 -06:00
David Maloney c407fa9e74 add mixjn 2013-02-01 15:12:11 -06:00
David Maloney 5814c59620 move httpauth to mixin 
HttpAuth stuff gets it's own little mixin
mix it in to Exploit::Http::Client
mix in it to Auxiliary::Web::HTTP
 2013-02-01 15:12:10 -06:00
David Maloney 8e870f3654 merge in sinn3r's changes 2013-02-01 15:12:10 -06:00
jvazquez-r7 70b252dc7b Merge branch 'normalize_uri_update2' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-normalize_uri_update2 2013-01-31 22:32:50 +01:00
sinn3r 95cc84f5e8 Updates normalize_uri() 
This function should not remove the trailing slash, because you may
end up getting a different HTTP response.  The new function also
allows multiple URIs as argument, and will just merge & normalize
them together. [SeeRM #7733]
 2013-01-30 15:42:21 -06:00
jvazquez-r7 1e1cbd7445 Merge branch 'wldap32_railgun' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-wldap32_railgun 2013-01-30 21:01:31 +01:00
Tod Beardsley 6002e35460 Merge pull request #1397 from wchen-r7/target_uri_fix 
normalize_uri fixes (double slashes and trailing slash)
 2013-01-29 11:26:30 -08:00
Tod Beardsley c42d4a6617 Merge for CVE-2013-0156 RoR Exploit 
Also massages the RUBY payload.
 2013-01-28 23:06:05 -06:00
James Lee 92c736a6a9 Move fork stuff out of exploit into payload mixin 
Tested xml against 3.2.10 and json against 3.0.19
 2013-01-28 21:34:39 -06:00
sinn3r 9a58b7b732 Fix normalize_uri() function 
This will make sure all the double slashes are gone.  Also, the
function description is updated to clarify its purpose.
 2013-01-28 12:10:21 -06:00
sinn3r fc833ea8df Catch exceptions and return value 2013-01-28 10:30:59 -06:00
rogueclown 169f91159e added 'from' PID to meterpreter migrate message 2013-01-27 21:18:49 -06:00
Tod Beardsley 2965fa480e Some errant spaces 2013-01-25 05:41:28 -06:00
Tasos Laskos a081389f86 Auxiliary::Web, Exploit::Remote::Web: style updates 2013-01-29 03:08:53 +02:00
Tasos Laskos 76e0305dcf Merge remote-tracking branch 'upstream/master' into web-modules 2013-01-29 01:06:26 +02:00
Rob Fuller 27aae87c18 Stop aggravating default show screenshot 
A better fix would have it detect default browsers 
as being text only like lynx. But this has got to
go one way or another. Loosing shell because I forgot
to do -v false is wall punch worthy
 2013-01-24 22:06:51 -05:00
Tasos Laskos 9aaca2eae9 Auxiliary::Web::HTTP: updated exception handling 
[FIXRM #7724]

Updated #run and #_requestto rescue and elog all exception.
 2013-01-24 22:07:17 +02:00
Trevor Rosen 60e871b8d4 Merge pull request #1365 from todb-r7/banner-logos 
Delivers Pro #41793473
 2013-01-24 09:07:41 -08:00
Tasos Laskos 477ab65d55 Exploit::Remote::Web: added #tries method 
#tries method indicates how many times we should run a module until
we establish a session.
 2013-01-23 23:05:22 +02:00
Tod Beardsley e920594534 Whitespace cleanup, no blank lines plz 2013-01-23 14:23:38 -06:00
Tod Beardsley d0382b68c7 One more backslash 2013-01-23 14:18:40 -06:00
Tod Beardsley 40dcbe0e89 Fix escaping, whitespace 
Since banners are now just data and not code, they don't need their
backslashes escaped any more.
 2013-01-23 14:16:49 -06:00
Tod Beardsley 537e12cf16 Render the banners nicely 2013-01-23 13:59:34 -06:00
HD Moore b4f5c3b6ed Fix up set_rhosts for all db commands 2013-01-23 10:10:02 -06:00
HD Moore 1477cda3d4 fix set_rhosts behavior/bugs. 
msf  exploit(rails_xml_yaml_code_exec) > hosts

Hosts
=====

address     mac                name          os_name            os_flavor  os_sp  purpose  info  comments
-------     ---                ----          -------            ---------  -----  -------  ----  --------
10.0.0.105  00:0C:29:59:65:08  VMWIN2000SP4  Microsoft Windows                    client

msf  exploit(rails_xml_yaml_code_exec) > hosts -R

Hosts
=====

address     mac                name          os_name            os_flavor  os_sp  purpose  info  comments
-------     ---                ----          -------            ---------  -----  -------  ----  --------
10.0.0.105  00:0C:29:59:65:08  VMWIN2000SP4  Microsoft Windows                    client

RHOSTS => 10.0.0.105

msf  exploit(rails_xml_yaml_code_exec) > exit
 2013-01-23 10:00:24 -06:00
sinn3r 9e5370eb2f Merge branch 'slight_speedup_to_db_hosts-R' of github.com:kernelsmith/metasploit-framework into kernelsmith-slight_speedup_to_db_hosts-R 2013-01-23 00:20:55 -06:00
Tasos Laskos 33e9f182bd Merge remote-tracking branch 'upstream/master' into web-modules 2013-01-22 23:43:25 +02:00
Tasos Laskos 6b5c6c3a0c Auxiliary::Web::Analysis::Differential 
Removed payload option from #process_vulnerability call
 2013-01-22 23:41:36 +02:00
Tasos Laskos 0d564c1ce8 Auxiliary::Web::Analysis::Timing 
Updated to pick the largest matching payload from the payload list.
 2013-01-22 23:40:30 +02:00
Tasos Laskos f2beb5bf19 Auxiliary::Web#process_vulnerability: payload fix 
Updated to pick the largest matching payload from the payload list.
 2013-01-22 23:39:16 +02:00
Tasos Laskos fed4a836c6 Updated proof string for Web Differential Analysis 
Manipulatable responses => Boolean manipulation
 2013-01-22 20:29:57 +02:00
Raphael Mudge 4740cb09a1 Fix NoMethodError if handler has no ParentModule 
db.rb assumes that multi/handler sessions have a ParentModule defined
in their datastore. This assumption breaks when a user sets up a
multi/handler by hand to receive a session from another user (e.g.,
via multi_meter_inject).

When db.rb tries to access a member of a nil ParentModule, a
stacktrace is dumped to framework.log.
 2013-01-22 02:56:43 -05:00