4ab58caa93
Fix the help option for vulns command
2016-01-11 22:19:44 +01:00
dea4f35b0e
Bump to 4.11.7
2016-01-07 15:56:59 -08:00
e38ff7079a
changing the require to start at metasploit_credentials
2016-01-07 15:49:49 -06:00
eb0b66a4cf
Land #6390 , report exceptions on bind/listen failure
2016-01-06 21:44:06 -06:00
7f9b804060
Land #6410 , remove JtR binaries, update for independent framework releases
2016-01-06 14:16:49 -06:00
6e65d1d871
Land #6411 , chinese caidao asp/aspx/php backdoor bruteforce
2016-01-06 12:03:17 -06:00
480913cb32
Add rspec
2016-01-06 01:41:13 -06:00
c3158497c0
rebuild / add check_setup / send_request
2016-01-05 15:10:26 +08:00
2dd59a932b
Clean up some warnings
2016-01-04 16:02:43 -06:00
05d8f9d186
Make sure addr is not nil
...
See http://ruby-doc.org/stdlib-2.2.2/libdoc/socket/rdoc/Socket/Ifaddr.html#method-i-addr
Which says:
Returns the address of *ifaddr*. nil is returned if address is not
available in *ifaddr*.
I ran into this with a teql interface, but who knows what else might
trigger it.
2016-01-04 15:58:03 -06:00
44ece87480
Merge branch 'master' into framework-as-a-gem
2016-01-04 09:04:32 -06:00
370351ca88
chinese caidao asp/aspx/php backdoor bruteforce
2015-12-31 15:17:01 +08:00
bcd1a6d45e
make JSON key format a little more standard, emit options
2015-12-30 16:00:09 -06:00
2a0ae144df
Fixup rubocop warnings for cleanup purposes
2015-12-30 14:33:02 -06:00
bb857e7a33
Add new line after json output for cleaner usability
2015-12-30 14:32:31 -06:00
8090bbc750
Changes to support framework as a gem
2015-12-30 11:00:45 -06:00
3f98511d7c
Cleanup logic to force an output type
2015-12-29 15:11:16 -06:00
29ea553e03
Adding a json formatting option to the info command
2015-12-29 13:57:35 -06:00
e23b5c5435
Land #6179 , add NTP initial crypto nak spoofing module
2015-12-24 15:46:18 -06:00
eec6a6f905
Land #6304 , simplify Meterpreter livelness checks
2015-12-24 15:42:17 -06:00
beb2fa9f92
Use bind_addresses rather than bind_address; fixes #6394
2015-12-24 09:20:21 -08:00
efdb6a8885
Land #6392 , @wchen-r7's 'def peer' cleanup, fixing #6362
2015-12-24 08:53:32 -08:00
9c410e02e3
Merge branch 'master' into land-6111-android
2015-12-24 10:13:25 -06:00
17ad41070b
Land #6380 , allow linux x86 meterpreter in the pref list
2015-12-23 16:10:26 -06:00
e4f9594646
Land #6331 , ensure generic payloads raise correct exceptions on failure
2015-12-23 15:43:12 -06:00
cea3bc27b9
Fix #6362 , avoid overriding def peer repeatedly
...
def peer is a method that gets repeated a lot in modules, so we
should have it in the tcp mixin. This commit also clears a few
modules that use the HttpClient mixin with def peer.
2015-12-23 11:44:55 -06:00
a16a10aaf6
Fix #6371 , being able to report an exception in #job_run_proc
...
Fix #6371
When a browser fails to bind (probably due to an invalid port or
server IP), the module actually fails to report this exception from
exception, the method calls exploit.handle_exception(e). But since
handle_exception is not a valid method for that object, it is unable
to do so, and as a result the module fails to properly terminate
the module, or show any error on the console. For the user, this will
make it look like the module has started, the payload listener is up,
but there is no exploit job.
Rex::BindFailed actually isn't the only error that could be raised
by #job_run_proc. As far as I can tell registering the same resource
again could, too. With this patch, the user should be able to see this
error too.
Since the exploit object does not have access to the methods in
Msf::Simple::Exploit, plus there is no other code using
handle_exception and setup_fail_detail_from_exception, I decided
to move these to lib/msf/core/exploit.rb so they are actually
callable.
2015-12-22 16:35:29 -06:00
84675e352b
Land #6249 , check for nil when using read_exactly_n_bytes
2015-12-22 15:48:39 -06:00
3f4c6eb370
Land #5383 , allow tunneling reverse_tcp meterpreter sessions without 'route add'
2015-12-22 15:42:42 -06:00
f6eaff5d96
use the new and shiny joomla mixin
2015-12-22 21:36:42 +01:00
fa390358a2
Add linux/x86/meterpreter/reverse_tcp to the preference list
...
linux/x86/meterpreter/reverse_tcp was not added to the preference
list, because at the time it was reliable. For example: it would
crash while running a post module. This is not the case anymore,
so it looks like linux/x86/meterpreter/reverse_tcp is ready to
serve.
2015-12-21 23:09:54 -06:00
2cc54a7a43
Make joomla.xml go first
...
Reason is here:
https://github.com/rapid7/metasploit-framework/pull/6373#issuecomment-166446092
2015-12-21 22:59:13 -06:00
17b67b8f1b
Add trailing /
2015-12-19 17:18:34 -06:00
5ff02956c9
Lower joomla.xml
2015-12-19 13:46:13 -06:00
0fda963601
Have multiple paths to find the generator tag
2015-12-19 13:45:41 -06:00
6dada5f20f
add another we can check
...
administrator/manifests/files/joomla.xml
2015-12-19 12:06:06 -06:00
7d8ecf2341
Add Joomla mixin
2015-12-18 21:14:04 -06:00
b78f7b4d55
Land #6319 , @all3g's module for abusing redis to achieve file uploads
2015-12-14 18:00:44 -08:00
6611da9239
strip, not stripgit diff. strip! returns nil if the string was unmodified
2015-12-11 19:22:57 -08:00
dcdc21e2db
Correct unbalanced quotes
...
You down with OCD (Yeah you know me).
2015-12-11 18:44:14 -08:00
e23908d672
Improve verbose output related to authentication handling
2015-12-11 18:32:00 -08:00
1a0f71b6fa
Try to catch case where post-auth commands are failing
2015-12-11 17:23:03 -08:00
9cec3d9e6b
Move redis password option to non-advanced
2015-12-11 17:03:49 -08:00
1fecd9846c
Bury some helper methods behind private
2015-12-11 10:13:13 -08:00
9ef46140c0
Improve output when success
2015-12-11 10:10:44 -08:00
32a64c3d8e
Make auth easier, work automatically and on older redis versions
...
Also, improve check
2015-12-11 10:04:47 -08:00
ac47c87af4
Move Password option to redis mixin
2015-12-11 08:53:11 -08:00
38d0b0a0f2
Wire in @all3g's redis auth code
2015-12-11 08:42:59 -08:00
4858ae63bd
Thread class name for debugger has changed, so add new name
...
MSP-13484
2015-12-10 21:47:22 -06:00
555e52e416
Document the redis upload process more
2015-12-10 09:35:46 -08:00
Manuel Mancera