adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
67,220 Commits 27 Branches 1,043 Tags
d1f6433a779e78b5c76c61fb35d11748a0f2d55e
Commit Graph

43 Commits

Author SHA1 Message Date
bcoles bbbec267b6 exploits: Set tftphost option for modules which use Windows TFTP stager 2022-06-29 19:10:52 +10:00
Alan Foster 30809787c4 Convert disclosure dates to iso8601 2020-10-02 21:00:37 +01:00
Adam Cammack cf9b94a964 Set needs_cleanup flag for exploits that need it 
The `needs_cleanup` flag needs to be set per-module when an exploit
needs an interactive session to clean up. Some `FileDropper` exploits
need additional cleanup to what the mixin provides, but since all
`FileDropper`s already mark themselves as needing cleanup those are not
covered here. A few of these could potentially be refactored to use the
original exploitation method to clean up or to compile the list of
files/commands to clean up ahead of time, but that is out of the scope
of this fix.
 2019-08-02 10:23:53 -05:00
Adam Cammack 5e64f8560a Fix whitespace 2019-08-02 10:23:41 -05:00
Brent Cook 6300758c46 use https for metaploit.com links 2017-07-24 06:26:21 -07:00
William Vu 64452de06d Fix msf/core and self.class msftidy warnings 
Also fixed rex requires.
 2017-05-03 15:44:51 -05:00
Brent Cook b08d1ad8d8 Revert "Land #6812, remove broken OSVDB references" 
This reverts commit 2b016e0216, reversing
changes made to 7b1d9596c7.
 2016-07-15 12:00:31 -05:00
Brent Cook 2b016e0216 Land #6812, remove broken OSVDB references 2016-07-11 22:59:11 -05:00
wchen-r7 99a573a013 Do unless instead "if !" to follow the Ruby guideline 2016-05-19 19:21:45 -05:00
Vex Woo bc257ea628 fix struts_code_exec - NoMethodError undefined method 'empty?' for nil:NilClass 2016-05-18 00:10:32 -05:00
wchen-r7 816bc91e45 Resolve #6807, remove all OSVDB references. 
OSVDB is no longer a vulnerability database, therefore all the
references linked to it are invalid.

Resolve #6807
 2016-04-23 12:32:34 -05:00
Christian Mehlmauer 3123175ac7 use MetasploitModule as a class name 2016-03-08 14:02:44 +01:00
Brent Cook f703fa21d6 Revert "change Metasploit3 class names" 
This reverts commit 666ae14259.
 2016-03-07 13:19:55 -06:00
Christian Mehlmauer 666ae14259 change Metasploit3 class names 2016-03-07 09:56:58 +01:00
sinn3r cd0dbc0e24 Missed another 2014-11-09 14:06:39 -06:00
URI Assassin 35d3bbf74d Fix up comment splats with the correct URI 
See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
 2014-10-17 11:47:33 -05:00
Spencer McIntyre 748589f56a Make cmdstager flavor explicit or from info 
Every module that uses cmdstager either passes the flavor
as an option to the execute_cmdstager function or relies
on the module / target info now.
 2014-06-28 17:40:49 -04:00
jvazquez-r7 870fa96bd4 Allow quotes in CmdStagerFlavor metadata 2014-06-27 08:34:56 -04:00
jvazquez-r7 91e2e63f42 Add CmdStagerFlavor to metadata 2014-06-27 08:34:55 -04:00
jvazquez-r7 7ced5927d8 Use One CMDStagermixin 2014-06-27 08:34:55 -04:00
William Vu 170608e97b Fix first chunk of msftidy "bad char" errors 
There needs to be a better way to go about preventing/fixing these.
 2014-03-11 11:18:54 -05:00
Tod Beardsley 23d058067a Redo the boilerplate / splat 
[SeeRM #8496]
 2013-10-15 13:51:57 -05:00
Tod Beardsley c547e84fa7 Prefer Ruby style for single word collections 
According to the Ruby style guide, %w{} collections for arrays of single
words are preferred. They're easier to type, and if you want a quick
grep, they're easier to search.

This change converts all Payloads to this format if there is more than
one payload to choose from.

It also alphabetizes the payloads, so the order can be more predictable,
and for long sets, easier to scan with eyeballs.

See:
  https://github.com/bbatsov/ruby-style-guide#collections
 2013-09-24 12:33:31 -05:00
Tab Assassin 41e4375e43 Retab modules 2013-08-30 16:28:54 -05:00
HD Moore 6c1ba9c9c9 Switch to Failure vs Exploit::Failure 2013-08-15 14:14:46 -05:00
sinn3r 0c0f4a3e66 Lower ranking because they cannot auto-target 
In order to be qualified as ExcellentRanking, auto-target is a must,
or the module has to default to a payload that's universal for
multiple platforms.  Otherwise you're wasting time in Pro.
 2013-01-23 23:35:31 -06:00
Tod Beardsley 36adf86184 Various and sundry fixes for normalize_uri 2013-01-07 12:02:08 -06:00
Tod Beardsley 33751c7ce4 Merges and resolves CJR's normalize_uri fixes 
Merge remote-tracking branch 'ChrisJohnRiley/set_normalize_uri_on_modules'
into set_normalize_uri_on_modules

Note that this trips all kinds of msftidy warnings, but that's for another
day.

Conflicts:
	modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb
	modules/exploits/windows/http/xampp_webdav_upload_php.rb
 2013-01-07 11:16:58 -06:00
Christian Mehlmauer 8f2dd8e2ce msftidy: Remove $Revision$ 2013-01-04 00:48:10 +01:00
Christian Mehlmauer 25aaf7a676 msftidy: Remove $Id$ 2013-01-04 00:41:44 +01:00
Chris John Riley f88ec5cbc8 Add normalize_uri to modules that may have 
been missed by PULL 1045.

Please ensure PULL 1045 is in place prior to
looking at this (as it implements normalize_uri)

ref --> https://github.com/rapid7/metasploit-framework/pull/1045
 2012-11-08 17:42:48 +01:00
sinn3r 799c22554e Warn user if a file/permission is being modified during new session 2012-10-24 00:54:17 -05:00
Michael Schierl 910644400d References EDB cleanup 
All other types of references use String arguments, but approximately half
of the EDB references use Fixnums. Fix this by using Strings here too.
 2012-10-23 21:02:09 +02:00
HD Moore fb7f6b49f0 This mega-diff adds better error classification to existing modules 2012-06-19 12:59:15 -05:00
Tod Beardsley 2f3bbdc00c Sed replacement of exploit-db links with EDB refs 
This is the result of:

find modules/ -name \*.rb -exec sed -i -e 's#\x27URL\x27,
\x27http://www.exploit-db.com/exploits/\([0-9]\+\).*\x27#\x27EDB\x27,
\1#' modules/*.rb {} \
 2012-03-21 16:43:21 -05:00
HD Moore ceb4888772 Fix up the boilerplate comment to use a better url 2012-02-20 19:40:50 -06:00
Rob Fuller c411c216c0 Solved most of msftidy issues with the /modules directory 2011-11-28 17:10:29 -06:00
Wei Chen 975cc52bac Fix spelling errors 
git-svn-id: file:///home/svn/framework3/trunk@13983 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-18 00:54:05 +00:00
Tod Beardsley 30ac88694f More msftidy fixes. Now I'm going to get a little more surgical to get this to move faster. 
git-svn-id: file:///home/svn/framework3/trunk@13963 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-17 02:58:53 +00:00
Joshua Drake 496170eac1 aDjUsT tHe CaSe 
git-svn-id: file:///home/svn/framework3/trunk@13644 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-26 23:46:49 +00:00
David Rude c78ba0e4d5 hehe remove debugging put call 
git-svn-id: file:///home/svn/framework3/trunk@13586 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-19 05:59:32 +00:00
David Rude 63e2b759e7 require the URI option 
git-svn-id: file:///home/svn/framework3/trunk@13585 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-19 05:54:58 +00:00
David Rude 402ca57bb4 Adds Struts2 Remote Code Execution exploit CVE-2010-1870 
git-svn-id: file:///home/svn/framework3/trunk@13584 4d416f70-5f16-0410-b530-b9f4589650da
 2011-08-19 05:52:09 +00:00