adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
38,375 Commits 27 Branches 1,043 Tags
5361aaadbd043b3dffcc00fa35cd8a566b42e044
Commit Graph

229 Commits

Author SHA1 Message Date
wchen-r7 47d52a250e Fix #6806 and #6820 - Fix send_request_cgi! redirection 
This patch fixes two problems:

1. 6820 - If the HTTP server returns a relative path
   (example: /test), there is no host to extract, therefore the HOST
   header in the HTTP request ends up being empty. When the web
   server sees this, it might return an HTTP 400 Bad Request, and
   the redirection fails.

2. 6806 - If the HTTP server returns a relative path that begins
   with a dot, send_request_cgi! will literally send that in the
   GET request. Since that isn't a valid GET request path format,
   the redirection fails.

Fix #6806
Fix #6820
 2016-04-25 14:30:46 -05:00
James Lee 1375600780 Land #6644, datastore validation on assignment 2016-03-17 11:16:12 -05:00
James Lee c21bad78e8 Fix some more String defaults 2016-03-16 14:13:18 -05:00
Brent Cook eea8fa86dc unify the SSLVersion fields between modules and mixins 
Also actually handle the 'Auto' option that we had in the crawler and remove
hardcoded defaults in modules that do not need them.
 2016-03-06 22:06:27 -06:00
Brent Cook 85acfabfca remove various library workarounds for the datastore not preserving types 2016-03-05 23:10:57 -06:00
RageLtMan d7ba37d2e6 Msf::Exploit::Remote::HttpServer print_* fix 
Exploit::Remote::HttpServer and every descendant utilizes the
print_prefix method which checks whether the module which mixes in
these modules is aggressive. This is done in a proc context most
of the time since its a callback on the underlying Rex HTTP server.

When modules do not define :aggressive? the resulting exceptions
are quietly swallowed, and requestors get an empty response as the
client object dies off.

Add check for response to :aggressive? in :print_prefix to address
this issue.
 2016-02-21 20:20:22 -05:00
Brent Cook 3d1861b3f4 Land #6526, integrate {peer} string into logging by default 2016-02-15 15:19:26 -06:00
James Lee ad026b3a7a Add #peer to Tcp 2016-01-28 13:58:24 -06:00
Christian Mehlmauer 0871fe25e8 change text 2016-01-22 07:38:44 +01:00
Christian Mehlmauer e0de78280d move SSL to the default options 2016-01-22 07:05:23 +01:00
James Lee 0f7e3e954e HttpServer's print prefix with... wait for it... 
print_prefix
 2016-01-20 13:44:18 -06:00
wchen-r7 2cc54a7a43 Make joomla.xml go first 
Reason is here:
https://github.com/rapid7/metasploit-framework/pull/6373#issuecomment-166446092
 2015-12-21 22:59:13 -06:00
wchen-r7 17b67b8f1b Add trailing / 2015-12-19 17:18:34 -06:00
wchen-r7 5ff02956c9 Lower joomla.xml 2015-12-19 13:46:13 -06:00
wchen-r7 0fda963601 Have multiple paths to find the generator tag 2015-12-19 13:45:41 -06:00
wchen-r7 6dada5f20f add another we can check 
administrator/manifests/files/joomla.xml
 2015-12-19 12:06:06 -06:00
wchen-r7 7d8ecf2341 Add Joomla mixin 2015-12-18 21:14:04 -06:00
jvazquez-r7 7da3b4958e Change mixins namespaces 2015-10-15 10:35:07 -05:00
jvazquez-r7 6571a8f2c3 Move http apps mixins to the old convention folder 2015-10-15 10:22:54 -05:00
Jon Hart 0bb9324c8d Pass HTTP::version_random_valid and HTTP::version_random_invalid 
Fixes #5871
 2015-08-20 10:05:42 -07:00
jvazquez-r7 035c0a8a38 Fix #5078 by improving actual_timeout calculation 2015-07-20 11:27:48 -05:00
jvazquez-r7 1a9664fcba Delete default option 2015-07-20 09:54:51 -05:00
HD Moore 87e6325737 Revert BAPv2 changes to framework/libraries/handlers 2015-07-02 12:10:21 -05:00
wchen-r7 9da99a8265 Merge branch 'upstream-master' into bapv2 2015-06-19 11:36:27 -05:00
g0tmi1k 6dcc9b7dab More inconsistencies 2015-06-12 21:59:15 +01:00
wchen-r7 6be363d82a Merge branch 'upstream-master' into bapv2 2015-05-29 14:58:38 -05:00
wchen-r7 6de75ffd9f Merge branch 'upstream-master' into bapv2 2015-05-22 17:11:03 -05:00
jvazquez-r7 e0d9ee062f Use HttpClientTimeout 2015-05-22 13:35:37 -05:00
wchen-r7 c29bb35e28 Change datastore name 2015-05-21 10:15:03 -05:00
wchen-r7 93900087c7 Resolve #5219, user-configurable HTTP timeout 
Resolve #5219
 2015-05-20 13:30:45 -05:00
wchen-r7 8e86a92210 Update 2015-05-08 00:25:34 -05:00
wchen-r7 ca32db3e23 Merge branch 'upstream-master' into BAPv2 2015-04-29 18:53:37 -05:00
wchen-r7 65b7659d27 Some progress 2015-04-29 01:01:36 -05:00
wchen-r7 43f5323e8d More progress 2015-04-28 21:26:31 -05:00
wchen-r7 43492b7c67 Some progress 2015-04-28 18:17:32 -05:00
jvazquez-r7 4224008709 Delete print_debug/vprint_debug 2015-04-21 11:14:03 -05:00
sinn3r 61b709b8c5 Extra space in message "Local IP:" 2015-04-14 01:34:07 -05:00
root 51dd88114b Fix grammer in comments 2015-04-13 13:21:41 +05:00
sinn3r e1adcfee1e No case sensitive 2015-04-01 16:14:54 -05:00
sinn3r c4def25e82 Resolve #4986, add support for IE11 for fingerprint_user_agent 
Resolve #4986
 2015-03-27 17:51:14 -05:00
g0tmi1k 72794e4c1a Removed double spaces 2015-03-20 01:16:49 +00:00
HD Moore 888c718f40 Fix two typos 2015-02-22 02:45:50 -06:00
HD Moore 8e8a366889 Pass Http::Client parameters into LoginScanner::Http (see #4803) 2015-02-22 02:26:15 -06:00
James Lee 1fbed1dcfc Autoload instead of require 2015-01-30 15:42:16 -06:00
James Lee 062529ce3b Move HttpServer::HTML into its own file 2015-01-30 15:24:15 -06:00
James Lee 3572ce9a37 Break PHPInclude into its own file 2015-01-30 15:16:54 -06:00
William Vu 89a8d27602 Fix port 0 bug in URIPORT 2014-11-11 15:57:41 -06:00
jvazquez-r7 4e96833408 Check service before using it 2014-11-10 14:14:20 -06:00
jvazquez-r7 1064049729 Revert "Fix buggy calls to stop_service" 
This reverts commit 613f5309bb.
 2014-11-10 14:05:57 -06:00
Julio Auto 613f5309bb Fix buggy calls to stop_service 2014-11-09 02:15:30 -06:00