74aa1f40df
Fix sneaky return in capture_send
2015-02-24 15:37:38 -08:00
a9a6a564c6
Use LLMNR multicast address for RHOSTS by default
2015-02-24 15:37:37 -08:00
f4a1ce7fb6
Default RHOSTS to 224.0.0.252, the multicast group for LLMNR
2015-02-24 15:37:37 -08:00
7917a70216
Initial commit of some code for LLMNR research
...
This is largely useless right now because LLMNR is only supposed to
work in the same multicast/broadcast domain and implementations are
supposed to ignore requests with an IP TTL != 1.
2015-02-24 15:37:37 -08:00
f537f91943
Bump scanner THREADS to 10 by default
2015-02-24 15:37:37 -08:00
ec53e27249
Do better handling of TRAN2_QUERY_FILE_INFORMATION requests
2015-02-24 17:20:41 -06:00
d29e9fc20b
Parse TRAN2_FIND_FIRST2 commands
2015-02-24 17:02:49 -06:00
231a2f3110
Fix handlers
2015-02-24 16:03:13 -06:00
e4a58a2ec5
import notes attached to vulns
...
add the ability to import notes that
are attached to vulns instead of hosts
MSP-12183
2015-02-24 13:36:57 -06:00
389bcbd343
refactor note import into sep method
...
we will now be importing notes from multiple
place within the XML document. the importing
of notes has been refactored into a seperate
method to be easily reused in this fashion
MSP-12183
2015-02-24 12:18:32 -06:00
2389185376
export notes associated to a vuln
...
in addition to ntoes asscoiated directly
to a host, the XML export will now
export notes that are tied to a vuln
MSP-12183
2015-02-24 12:17:44 -06:00
c5d36ec24d
remove unused handler methods
...
already defined in the base class
2015-02-24 11:23:08 -06:00
ca7aabe9bc
handle SMB_QUERY_FILE_NETWORK_OPEN_INFO
2015-02-24 11:13:18 -06:00
3bed2d5136
fix for properly stopping the reverse_http/https handler
...
The issue seems to be at the root of #4669 is that reverse_http
registers an HTTP service but never releases its reference to it. If
we stop it directly, there may be a session already connected to it that
we kill, so we can't do that. Instead, track if we got a connection or
not, and conditionally release our reference based on whether the
connection succeeded.
This should fix #4669
2015-02-24 11:06:50 -06:00
31d1ba7100
Simplify debug to inspect smb_cmd_trans_query_file_info_network
2015-02-24 10:54:45 -06:00
c3c9b233dd
Land #4834 , a few more duplicate hash key fixes
2015-02-24 10:32:55 -06:00
12a99ecee5
Land #4796 , Handle incompatible payload architecture in BES
2015-02-24 10:02:25 -06:00
ab4a416958
comment out duplicate keys that can only be used for reference
...
ruby is ignoring all but the second instances, and 2.2 still throws a
warning
2015-02-24 08:50:02 -06:00
d0d124eb19
Mimic original handling
2015-02-23 20:42:49 -06:00
32046f9c47
smb_cmd_trans_query_path_info_standard
2015-02-23 19:57:16 -06:00
ea483f14a1
Try to fix logic for query information levels
2015-02-23 17:17:33 -06:00
3fca26a5de
Add support for SMB_COM_TRANSACTION2 data blocks and params
2015-02-23 16:37:39 -06:00
623d319ca7
Fix offsets
2015-02-23 14:43:06 -06:00
2653ff9d58
Try to simplify request query and find request handling
2015-02-23 14:06:23 -06:00
36711e801c
Fix comment
2015-02-23 13:09:23 -06:00
99483f88f1
Fix, hopefully, dispatching
2015-02-23 13:08:45 -06:00
87176b9b37
Redo TRANS2_QUERY_PATH_INFORMATION dispatching
2015-02-23 12:52:50 -06:00
a06d07d6da
Clean smb_cmd_trans2_query_file_information dispatching
2015-02-23 12:03:08 -06:00
c39d6e152e
Land #4819 , Normalize HTTP LoginScanner modules
2015-02-23 11:43:42 -06:00
abe5ea42cb
Clean smb_cmd_trans
2015-02-23 11:34:19 -06:00
3d7381b62a
Handle TRANS2 commands
2015-02-23 11:33:49 -06:00
fe00cadd18
Delete require
2015-02-23 11:15:55 -06:00
1dba961698
delete SubCommand namespace
2015-02-23 11:15:14 -06:00
7d9f661d78
Fix includes
2015-02-23 11:14:45 -06:00
439507d359
Move trans2 files
2015-02-23 11:13:08 -06:00
bdd5276524
This fixes a number of issues with the Capture mixin
...
* The use of www.metasploit.com in a datastore option results in a DNS lookup (infoleak). Switch to 8.8.8.8 (TTL=1)
* The hackey code around #each_packet is no longer necessary in newer Ruby versions
* The arp()/probe_gateway() calls to inject_reply() had broken logic leading to early exit and missed replies
* The arp() function now tries up to three times to get a reply (helpful with lossy L2)
* GC.start is extraneous and should be removed
* Increased timeouts
2015-02-22 21:53:47 -06:00
615d71de6e
Remove extraneous calls to GC.start()
2015-02-22 21:51:33 -06:00
251c284458
modernizes some of the rpc code
2015-02-22 15:37:55 -06:00
888c718f40
Fix two typos
2015-02-22 02:45:50 -06:00
8e8a366889
Pass Http::Client parameters into LoginScanner::Http (see #4803 )
2015-02-22 02:26:15 -06:00
b39e2bea8e
Land #4806 , EXE::Custom case-sensitivity fix
2015-02-21 20:49:53 -06:00
f900d9cf26
Handle whitespace as per blank?
...
!~ /\S/ as per the original implementation of blank? also works.
2015-02-21 20:36:16 -06:00
80aef690a0
Do first commands refactoring
2015-02-21 01:48:47 -06:00
52b41ab4f8
Do first Share refactoring
2015-02-21 01:00:46 -06:00
df903120e3
Reorganize trans2_find_first2 requests
2015-02-20 18:28:49 -06:00
52a0e6dd1c
Mark a couple of handlers for later review
2015-02-20 16:28:04 -06:00
dc4898765f
Fix EXE::Custom
2015-02-20 16:59:18 +00:00
a91d19e0e7
Add template for SMB_QUERY_FILE_STANDARD_INFO
2015-02-20 10:58:15 -06:00
21978a1bfe
Add template for SMB_QUERY_FILE_BASIC_INFO
2015-02-20 10:40:45 -06:00
cf63e09188
Add templates for SMB_FIND_FILE_FULL_DIRECTORY_INFO_HDR and SMB_FIND_FILE_NAMES_INFO_HDR
2015-02-20 09:17:51 -06:00
Jon Hart