adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,054 Commits 27 Branches 1,043 Tags
94de45d856b7d4ea32456bbdc7531af67bfbcaa1
Commit Graph

16492 Commits

Author SHA1 Message Date
William Vu f7d261516d Land #6968, get_uri URIPORT fix (again) 2016-06-13 10:52:29 -05:00
William Vu b7139da624 Clean up whitespace 2016-06-13 10:51:38 -05:00
Trenton Ivey 776dd57803 get_uri missing port fix 2016-06-12 19:27:34 -05:00
h00die 7831cb53c5 print status of opening browser at file 2016-06-11 21:13:31 -04:00
William Vu 5adc360b2a Make opts truly optional 2016-06-10 20:35:40 -05:00
Metasploit fd4a51cadb Bump version of framework to 4.12.8 2016-06-10 10:01:27 -07:00
wchen-r7 0d7b587b5d Avoid printing rhost:rport from AuthBrute 
When AuthBurte is mixed with other modules using the TCP mixin,
rhost:rport is printed twice. This info should come from the
protocol level mixin.
 2016-06-08 14:32:58 -05:00
Metasploit 815685992a Bump version of framework to 4.12.7 2016-06-07 13:14:34 -07:00
Brian Patterson 6d72b5b19f Land #6946 Fix a bug with OptPort validation when not req 2016-06-07 14:43:10 -05:00
David Maloney 53b989f283 fix normalisation so we don't coerce to 0 
don't coerce nil to 0
 2016-06-07 14:29:13 -05:00
David Maloney 16030cda30 simpler fix 
talking with adam shows that there is a simpler solution
to this problem
 2016-06-07 14:13:10 -05:00
David Maloney 9de27e0b9c add more specific normalise method to otpport 
add a normalise method that prevents emtpy string
from being converted to 0 for OptPort avoiding
a bad behaviour
 2016-06-07 14:03:34 -05:00
David Maloney 27b5d961fd fixes a bug with OptPort validation when not req 
OptPort lost the check for whether the option was required causing it
to incorrectly return false in certain cases

MS-1633
 2016-06-07 13:48:57 -05:00
Louis Sato d3a13f4b0c Merge pull request #6942 from acammack-r7/bug/MS-1517/fix-acunetix-again 
Fix Acunetix import with a blacklist
 2016-06-05 23:00:48 -05:00
Adam Cammack 08f1e68487 Fix Acunetix import with a blacklist 
If a host is blacklisted, we won't create the service for it. If we
don't create the service, we don't want to create entries for the web
pages.

MS-1517
 2016-06-03 19:40:29 -05:00
Brent Cook da532ecc5e Land #6919, Move LURI into a full URI for a new 'Payload opts" column in jobs output 2016-06-03 13:57:47 -05:00
James Barnett e0cf4721c5 Land #6927, Fix exception handling in #exploit_simple 2016-06-02 11:15:25 -05:00
David Maloney ffa4177575 missed a few joins 
missed a few joins statements before

MS-1593
 2016-06-01 15:32:51 -05:00
David Maloney 2047475901 host tags commands eagerloaded instead of joining 
someone tried to fix a rails deprecation warning by doing an
eager load, but caused an actual exception instead. switching to
propper joins makes everything work properly

MS-1593
 2016-06-01 13:50:38 -05:00
David Maloney a27d10c200 fixes the exception handling in #exploit_simple 
The exception handling in the #exploit_simple method tries to set
error on exploit but exploit is defined within the begin block
causing a noMethodError on nilClass

MS-1608
 2016-05-31 11:46:05 -05:00
Metasploit c35322ec3f Bump version of framework to 4.12.6 2016-05-30 22:34:13 -07:00
wchen-r7 61f9cc360b Correct casing - should be HttpUsername and HttpPassword 2016-05-27 18:31:54 -05:00
wchen-r7 4dcddb2399 Fix #4885, Support basic and form auth at the same time 
When a module uses the HttpClient mixin but registers the USERNAME
and PASSWORD datastore options in order to perform a form auth,
it ruins the ability to also perform a basic auth (sometimes it's
possible to see both). To avoid option naming conflicts, basic auth
options are now HTTPUSERNAME and HTTPPASSWORD.

Fix #4885
 2016-05-27 16:25:42 -05:00
James Lee f7382f5b3b Make jobs display a full uri 
Addresses the problem of LURI taking the place of URIPATH, which has
different semantics.

See #4623
 2016-05-27 11:15:12 -05:00
Brendan Watters 00b18c8ac5 Land #6917, Fix minor issues with the RC4 stager 2016-05-26 10:12:54 -05:00
Brent Cook a3d2cba698 Land #6906, Improve msfvenom error handling and spec coverage 2016-05-26 07:58:37 -05:00
Brent Cook 96c459c71d fix #6915, handle nil payloads and alert to the user 2016-05-26 07:22:09 -05:00
Brent Cook 8612eaa553 remove senduuid for now, give RC4PASSWORD a default 2016-05-26 06:34:51 -05:00
Brent Cook c65401026a wip fixup rc4 2016-05-25 06:17:02 -05:00
wchen-r7 05680ab6f3 Land #6887, add a missing postgresql 9.4.1-5 matching case 2016-05-24 22:19:03 -05:00
James Lee 5921ac7b47 Add a spec and fix ReverseHttp#luri 2016-05-24 17:22:14 -05:00
William Vu 3dfdf1d936 Land #6528, tilde expansion and more for OptPath 2016-05-24 16:01:59 -05:00
Jon Hart a23ce05752 File.exists? must cease to exist 2016-05-24 13:53:26 -07:00
wchen-r7 14cb85250e Land #6912, use the correct variable for cookie expiration in BAP2 2016-05-24 14:19:03 -05:00
wchen-r7 ff4d150449 Show IP for print_* 2016-05-24 14:12:54 -05:00
wchen-r7 b5987e1d51 Land #6907, Fix check command with an IP or IP range 2016-05-24 11:37:56 -05:00
James Lee 9807f9b796 Move Rex::Job into its own file 2016-05-24 11:24:47 -05:00
Metasploit 54f4389d31 Bump version of framework to 4.12.5 2016-05-24 08:54:14 -07:00
Brendan Watters 77a62ff7c0 Land #6905 RC4 Stagers 2016-05-24 09:34:32 -05:00
Brendan Watters 43f79f34a9 Removed superfluous instruction 2016-05-24 09:03:14 -05:00
Brent Cook 3bc020178f use the correct variable for cookie expiration 2016-05-24 07:16:55 -05:00
Brent Cook 76e8e8f6c7 really fix regex 2016-05-23 20:08:38 -05:00
Brent Cook eb26202961 fix regex 2016-05-23 17:33:06 -05:00
Louis Sato d0b87131a9 fixing import of zip workspace 
MS-1528
 2016-05-23 16:09:22 -05:00
Brent Cook 6af9a093d2 update bool 2016-05-23 15:48:03 -05:00
darkbushido 5e059e0c5b updating the error message 
changing the exception to be a little more specific.
 2016-05-23 15:40:32 -05:00
darkbushido d3cdcd5f99 Having the payload generator check the payload size 
Payload generator will raise an error if the payload is larger then the size option
 2016-05-23 15:17:41 -05:00
Brent Cook fe1b24e666 allow nil assignment to the datastore 2016-05-23 14:56:19 -05:00
Brent Cook f29463f119 include {peer} in the context of the command dispatcher 2016-05-23 14:55:58 -05:00
RageLtMan efc64eaa5f Implement reverse_tcp_rc4_dns payload in metasm 
Using the ruby methods for generating assembly blocks defined or
separated in prior commits, create a new payload from the existing
assembly blocks which performs a DNS lookup of the LHOST prior to
establishing a corresponding socket and downloading, and
decrypting the RC4 encrypted payload.

For anyone looking to learn how to build these payloads, these
three commits should provide a healthy primer. Small changes to
the payload structure can yield entropy enough to avoid signature
based detection by in-line or out-of-band static defenses. This
payload was completed in the time between this commit and the last.

Testing:
  Win2k8r2

ToDo:
  Update payload sizes when this branch is "complete"
  Ensure UUIDs and adjacent black magic all work properly
 2016-05-23 14:27:11 -05:00