b027176799
Land #7156 , use windows_error gem for constants
2016-08-10 11:47:37 -05:00
4055fd1930
Do e.message instead of e.to_s
2016-08-05 14:12:50 -05:00
d59b6d99ee
Make the debug output more readable
2016-08-05 13:20:53 -05:00
a8d9a5c02c
Print exceptions if needed
2016-08-04 18:14:22 -05:00
7538b3dcf8
Fix #7170 , Add HttpTrace option for HttpClient
...
Fix #7170
2016-08-04 16:09:17 -05:00
ee40c9d809
Land #6625 , Send base64ed shellcode and decode with certutil (Actually MSXML)
2016-07-28 13:01:05 -07:00
2525eab996
persistance -> persistence
2016-07-28 12:56:04 -07:00
1f5fbd4a67
Put remaining consts in exploit mixin...
2016-07-27 17:43:29 -05:00
bdf073516b
Switch errors over to windows_error gem...
2016-07-27 17:43:00 -05:00
a0c42f5dd2
Add wordpress_url_uploads
2016-07-26 19:10:19 -05:00
390f69313a
Fix grammar in browser_exploit_server
2016-07-21 11:51:10 -05:00
a54945c82c
whitespace
2016-07-19 17:07:17 -05:00
01d0d1702b
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup
2016-07-14 09:48:28 -05:00
277950cc79
Land #6733 , psexec StackAdjustment fix
2016-07-12 11:14:16 -05:00
108c3961e2
Make sure GATEWAY_PROBE_PORT is 0
...
This ensures that dst_port is set for UDPSocket#send.
2016-07-11 12:10:46 -05:00
cfb56211e7
Revert "Revert "Land #7009 , egypt's rubyntlm cleanup""
...
This reverts commit 1164c025a2
2016-07-07 15:00:41 -05:00
1164c025a2
Revert "Land #7009 , egypt's rubyntlm cleanup"
...
This reverts commit d90f0779f8e3e360cc83
2016-07-05 15:22:44 -05:00
5f9f3259f8
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup
2016-07-05 10:48:38 -05:00
118caa13bf
Fix #7021 , Pass exploit SRVPORT in BrowserAutopwn2
...
In BrowserAutoPwn2, the mixin forgets to pass the SRVPORT datastore
option to the exploits, so they always use the default 8080. As a
result, if a different SRVPORT is set, BAP2 would be serving the
target machine with bad exploit links.
Fix #7021
2016-06-30 14:20:53 -05:00
a796a1bc63
wierd namespace issues?
2016-06-28 16:13:49 -05:00
39fa8bf2d4
missing require
2016-06-28 15:40:56 -05:00
3d93c55174
move sshfactory into a mixin method
...
use a convience method to DRY up creation
of the SSHFactory inside modules. This will make it easier
to apply changes as needed in future. Also changed msframework attr
to just framework as per our normal convention
MS-1688
2016-06-28 15:23:12 -05:00
97f9ca4028
Merge branch 'master' into egypt/ruby-ntlm
2016-06-28 14:14:56 -05:00
d5d0b9e9b8
Revert "Land #6729 , Speed up the datastore"
...
This reverts commit c6b1955a5a4fb7472391
2016-06-28 13:39:52 -05:00
0126ec61d8
Style
2016-06-22 10:15:23 -05:00
b3f59ebd19
Whitespace
2016-06-22 10:15:23 -05:00
07f7e5e148
Convert non-loginscanner MSSQL to rubyntlm
2016-06-22 10:15:22 -05:00
4b3f6c5d29
Use rubyntlm for mssql login scanner
2016-06-22 10:15:22 -05:00
c6b1955a5a
Land #6729 , Speed up the datastore
2016-06-15 17:55:42 -05:00
563b8206c5
Land #6962 , Apache Continuum Exploit
2016-06-13 16:41:53 -05:00
b7139da624
Clean up whitespace
2016-06-13 10:51:38 -05:00
776dd57803
get_uri missing port fix
2016-06-12 19:27:34 -05:00
5adc360b2a
Make opts truly optional
2016-06-10 20:35:40 -05:00
61f9cc360b
Correct casing - should be HttpUsername and HttpPassword
2016-05-27 18:31:54 -05:00
4dcddb2399
Fix #4885 , Support basic and form auth at the same time
...
When a module uses the HttpClient mixin but registers the USERNAME
and PASSWORD datastore options in order to perform a form auth,
it ruins the ability to also perform a basic auth (sometimes it's
possible to see both). To avoid option naming conflicts, basic auth
options are now HTTPUSERNAME and HTTPPASSWORD.
Fix #4885
2016-05-27 16:25:42 -05:00
05680ab6f3
Land #6887 , add a missing postgresql 9.4.1-5 matching case
2016-05-24 22:19:03 -05:00
ff4d150449
Show IP for print_*
2016-05-24 14:12:54 -05:00
3bc020178f
use the correct variable for cookie expiration
2016-05-24 07:16:55 -05:00
fda4c62c1f
Respect SSLCipher in server mixins
...
This allows us to set a sane cipher spec for SSL-enabled server modules.
2016-05-20 16:59:36 -05:00
6a4a9742e8
handle bad user
2016-05-17 17:24:46 -05:00
c6db5bf34a
add a missing postgresql 9.4.1-5 matching case
2016-05-17 17:12:47 -05:00
f75009a9c6
Don't duplicate headers when sending emails
...
If Date: and Subject: are present, we should not try to add them again.
This made Amazon SES puke, and that made us sad :(.
MS-1476
2016-05-05 10:47:21 -05:00
47d52a250e
Fix #6806 and #6820 - Fix send_request_cgi! redirection
...
This patch fixes two problems:
1. 6820 - If the HTTP server returns a relative path
(example: /test), there is no host to extract, therefore the HOST
header in the HTTP request ends up being empty. When the web
server sees this, it might return an HTTP 400 Bad Request, and
the redirection fails.
2. 6806 - If the HTTP server returns a relative path that begins
with a dot, send_request_cgi! will literally send that in the
GET request. Since that isn't a valid GET request path format,
the redirection fails.
Fix #6806
Fix #6820
2016-04-25 14:30:46 -05:00
98f89ca23a
Land #6794 , Fixed yard doc errors
2016-04-21 13:16:45 -05:00
5e36a3128c
Fix #5197 , Fixed yard doc errors
...
Fix #5197 Fixed issues that caused errors during yard doc generation
2016-04-21 13:06:00 -05:00
57ab974737
File.exists? must die
2016-04-21 00:47:07 -04:00
93cb91a515
Remove an extra nil check
2016-04-08 21:18:24 -05:00
6b4dd8787b
Fix #6764 , nil SQL error in lib/msf/core/exploit/postgres
...
Fix #6764
2016-04-08 15:20:04 -05:00
ae46b5a688
Bring #6417 up to date with upstream-master
2016-04-08 13:41:40 -05:00
4c2e130470
fix spelling
2016-03-31 09:25:24 -05:00
dmohanty-r7