4c004d51a7
Add an exploit for CVE-2020-0618
2020-03-06 16:21:37 -05:00
fda8b6df3c
Note that unsetting HttpTraceColors disables color
2020-02-21 14:39:38 -06:00
83e06ab59e
DRY send_request_cgi into using send_request_raw
2020-02-21 14:36:58 -06:00
0a1313f183
Show both color and banners and refactor code
...
This is the best of both worlds for visibility and copy/pasted output.
2020-02-21 14:18:58 -06:00
e315e207f1
Refactor HttpTrace and add color and headers only
2020-02-14 17:13:11 -06:00
0aca3f0712
Switch back to if statement
2020-02-14 15:07:12 -06:00
137fee2570
Make first pass at colorized HttpTrace output
2020-02-14 15:07:09 -06:00
3b258eeb19
Refactor plugin editing
2020-02-07 01:10:42 -06:00
972cb545f0
Restore the original PLUGIN_FILE contents
2020-01-18 14:57:41 -06:00
f5c36ffd92
Add methods we'll use to the WordPress mixin
2020-01-17 20:04:23 -06:00
92de0b132f
Make HttpClientTimeout a float, f'ing finally
2020-01-13 22:25:18 -06:00
857677f39d
Update log message
2019-11-29 11:35:14 +01:00
39ab534773
Improve Wordpress version check
...
- Add log message to Detected and Unknown check codes
- Add an exception handler to catch Gem::Version parsing errors
2019-11-28 12:56:08 +01:00
f302df31aa
Add note about opts['headers']
2019-10-31 12:24:04 -05:00
b9baa80823
Refactor to use config hash and new option
2019-10-31 11:11:43 -05:00
b268feda73
Allow partial response due to timeout
2019-10-29 21:25:21 -05:00
9f29f5f419
fix spelling received
2019-10-05 14:40:27 -04:00
bd90241192
set opts['SSL'] above for consistency
2019-08-20 04:03:10 -05:00
3b7abfcaf2
Use correct case for SSL option
2019-08-06 15:25:34 -05:00
a22ad9ad42
Templatize HttpRawHeaders with ERB
2019-07-24 21:23:22 -05:00
1ba0d1ee5b
Once more, with feeling
2019-07-24 14:59:12 -05:00
7730b510c1
Update HttpHeaders to HttpRawHeaders to match desc
2019-07-24 14:52:56 -05:00
800737690a
Add HttpHeaders file advanced option to HttpClient
2019-07-24 13:15:44 -05:00
01b308fe7c
Fix get_resource nil bug in HttpServer#get_uri
2019-06-25 23:10:50 -05:00
6658584142
Update HttpServer documentation
2019-03-16 13:55:04 -05:00
433af12942
add deregister_http_client_options
2019-03-06 19:37:56 -06:00
b2aa06560f
Add drupal_patch method to Drupal mixin
2019-03-05 18:52:27 -06:00
d55fbdfbe5
Add VHOST support to full_uri
2019-02-25 14:45:26 -06:00
9d33891652
Update register descriptions
2018-11-28 19:37:35 -06:00
c4959da77f
Email validation and user registration
2018-11-28 17:56:55 -06:00
bcf78e6067
use tr instead of gsub
2018-09-17 09:45:52 -04:00
8e6a1d203b
Futureproof FingerprintCheck until we delete it
2018-07-25 21:39:02 -05:00
25ef422168
Handle connection errors and fail_with in check
...
Also fix FingerprintCheck to tell us when it doesn't receive a response.
2018-07-25 21:11:40 -05:00
f5b8b4dd7c
Update send_request_cgi/raw
2018-07-12 23:51:41 -04:00
65627e06e2
Update send_request_cgi/raw
2018-07-12 23:51:18 -04:00
df2f58fb08
Add WPCHECK (Bool) advanced option to Exploit::Remote::HTTP::Wordpress
2018-07-11 07:09:28 +00:00
f17140bdc3
fix nil error in HttpTrace
2018-05-26 10:04:26 +02:00
88f09dc302
Update a few stragglers in Drupalgeddon 2
...
1. I added a missed header and YARD to the Drupal mixin.
2. I decided to match discovered versions more liberally.
2018-05-03 18:35:25 -05:00
728d7bc065
Fix #9876 , second round of Drupalgeddon 2 updates
...
Thanks to a reviewer for noticing my drupal_unpatched? method was
tri-state because of an unrefactored return. Oops! :)
2018-05-03 17:38:32 -05:00
2565ad6a27
Handle IPv6 addresses in full_uri (add brackets)
2017-12-07 12:56:55 -06:00
a3912e4913
Provide disconnect option to send_request_cgi
...
The HTTP client mixin provides a #send_request_cgi method which
forcibly disconnects the client after receiving a response. This
terminates certain types of resulting sessions which depend on the
connection from the client to maintain a subprocess housing the
shell invocation.
Provide a disconnect boolean option to #send_request_cgi which
is checked in the disconnect(c) call after receiving the response.
Testing:
Locally tested on in-house exploit module written for disclosure
report.
TODO:
Discuss possibility of implementing fully asynchronous methods
like #send_request_cgi_async which won't bother getting a response
for cases such as the module mentioned above which is a command
injection via unfiltered POST var.
2017-10-19 21:22:31 -04:00
fde68acc0e
Styling changes in wordpress helpers
...
Changes based on rubocop output
2017-09-02 22:26:04 -05:00
fdf7149438
Add support for multi-site wp instances in wp_admin_shell_upload
...
This change allows for redirects to be followed in wordpress_helper_get_plugin_upload_nonce
Redirect is from:
/wp-admin/plugin-install.php
to
/wp-admin/network/plugin-install.php
2017-09-02 22:12:56 -05:00
26193216d1
Land #8686 , add 'download' and simplified URI request methods to http client mixin
...
Updated PDF author metadata downloader to support the new methods.
2017-08-14 01:40:17 -04:00
5d05ca154a
added http client 'download' method and updates to pdf author module from @bcoles
2017-08-14 01:08:53 -04:00
c9853a6bfe
Land #8735 , robots.txt for HttpServer
2017-07-24 18:26:41 -05:00
a950ecc345
Clean up style
2017-07-24 18:26:05 -05:00
378375c822
replaced devil tabs with spaces
2017-07-17 20:29:33 -07:00
e6fe90ea08
added robots.txt support for http exploit server
2017-07-17 17:47:36 -07:00
7e487ec745
fix request_ops per bcoles
2017-07-13 01:16:27 -04:00
Spencer McIntyre