eb6a5a4c19
Tweak checks.
2014-02-04 02:49:44 -06:00
4923a93974
Tweak description.
2014-02-04 02:47:49 -06:00
37479884a5
Add browserautopwn support.
2014-02-04 02:32:12 -06:00
636d7016a8
Fix android detection in os.js.
2014-02-04 02:31:46 -06:00
eba3a5aab0
More accurate description.
2014-02-04 01:44:39 -06:00
177bd35552
Add webview HTTP exploit.
2014-02-04 01:37:09 -06:00
e50077844c
Expand path in metasm_shell#file.
2014-02-02 17:26:48 -06:00
de06480f4f
Add a defined? check to fix older versions of OpenSSL.
...
Older versions of OpenSSL did not export the OP_NO_COMPRESSION constant,
so users running metasploit on systems with old copies of openssl
would throw a NameError since the constant did not exist.
2014-01-23 14:51:47 -06:00
b5f61024c5
Land #2907 , fixes qual asset importer
...
Addresses MSP-9311
2014-01-23 13:32:22 -06:00
256f2b12eb
Land #2894 , @wchen-r7's CheckCode documentation update
2014-01-23 07:31:24 -06:00
58cf7193f9
fixing NameError undefined local variable in an import
2014-01-22 16:54:31 -06:00
636c43dcdc
Land #2736 , basic ADSI support via meterp extapi
2014-01-22 15:24:01 -06:00
0a3ee573bc
Uncomment spec_helper require
2014-01-22 11:58:10 -06:00
2b7a993f65
Land #2902 , updated PJL spec
2014-01-22 11:57:28 -06:00
90207628cc
Land #2666 , SSLCompression option
...
[SeeRM #823 ], where Stephen was asking for SSL compression for
Meterpreter -- this isn't that, but it's at least now possible for other
Metasploit functionality.
2014-01-22 10:42:13 -06:00
1c1597973e
Update PJL rspec to comply with guidelines
...
Basically the updated version is more explicit. If a moethod doesn't
return anything but might raise an error, then we focus on that.
Also use . to # for instance methods.
2014-01-22 03:34:49 -06:00
29d6f7c720
Merge pull request #9 from todb-r7/warn-about-deflate
...
Warn the user about SSLCompression
2014-01-21 15:25:41 -08:00
0b6e03df75
More comment docs on SSLCompression
2014-01-21 16:48:26 -06:00
b8219e3e91
Warn the user about SSLCompression
2014-01-21 16:41:45 -06:00
ca7a8203ff
Land #2901 , gooder spelling
2014-01-21 15:59:59 -06:00
f5809423a3
Let's spell right in my spellcheck PR
...
Updates #2900
2014-01-21 15:57:59 -06:00
7660e2d3b7
Land #2899 , don't stop at the first \f
2014-01-21 14:55:26 -06:00
6359a443ac
Land #2900 , @todb-r7's fixups for release
2014-01-21 14:36:07 -06:00
b3b51eb48c
Pre-release fixup
...
* Updated descriptions to be a little more descriptive.
* Updated store_loot calls to inform the user where the
loot is stored.
* Removed newlines in print_* statments -- these will screw
up Scanner output when dealing with multiple hosts.
Of the fixed newlines, I haven't see any output, so I'm not sure what
the actual message is going to look like -- I expect it's a whole bunch
of newlines in there so it'll be kinda ugly as is (not a blocker for
this but should clean up eventually)
2014-01-21 13:29:08 -06:00
dc4b4218b3
Make {COUNT,SIZE}_MAX more readable
...
Good suggestion, @jlee-r7.
2014-01-21 12:13:14 -06:00
6a16cf96ba
Fix bug in fsupload
...
Badchar analysis: file may contain form feeds.
2014-01-21 11:36:24 -06:00
b8d868d0f0
Land #2888 , updated Meterpreter bins: e77c87cd
...
This lands Meterpreter binaries as of commit e77c87cd
The compare view is the easiest way to see what's different since the
last update:
https://github.com/rapid7/meterpreter/compare/9e33acf...e77c87cd
Not seeing a lot of bugs being ref'ed there, sadly.
2014-01-21 10:56:49 -06:00
82bd1fa466
Land #2898 , msftidy articles fix.
2014-01-21 09:37:56 -06:00
3a943c719e
Implement a whitelist for suspect capitalization
2014-01-21 09:26:16 -06:00
ea47da5682
Add wiki link "How to write a check() method" to documentation
2014-01-20 20:10:50 -06:00
7cc3c47349
Land #2891 - HP Data Protector Backup Client Service Directory Traversal
2014-01-20 20:08:01 -06:00
e48b8ae14c
Use a better term
2014-01-19 16:01:38 -06:00
4e224132e8
Land #2893 , @wchen-r7's patch for jboss_invoke_deploy
2014-01-17 22:06:11 -06:00
e2fa581b8c
Delete empty line
2014-01-17 22:05:14 -06:00
afd0e71457
Use the term "exploit" is a little more correctly
...
So Metasploit uses the term "exploit" to describe something, a module
or an action, that results popping a shell. A check normally doesn't
pop a shell, so avoid that language.
2014-01-17 13:50:23 -06:00
363c53e14e
Clearify when to use a specific CheckCode
...
An example of the biggest confusion module developers face is not
actually knowing the difference between Detected vs Appears vs
Vulnerable. For example: a module might flag something as a
vulnerable by simply doing a banner check, but this is often
unreliable because either 1) that banner can be fooled, or 2)
the patch does not actually update the banner. More reasons may
apply. Just because the banner LOOKS vulnearble doesn't mean it is.
2014-01-17 13:35:17 -06:00
57318ef009
Fix nil bug in jboss_invoke_deploy.rb
...
If there is a connection timeout, the module shouldn't access the
"code" method because that does not exist.
2014-01-17 11:47:18 -06:00
c670259539
Fix protocol handling
2014-01-17 00:49:44 -06:00
eaf1b0caf6
Add minor clean up
2014-01-16 17:55:45 -06:00
f3c912bd32
Add module for ZDI-14-003
2014-01-16 17:49:49 -06:00
80c4a6e9eb
Updated binaries for Meterpreter
...
This includes changes up to commit hash e77c87cdb79a2732108be937e056622b45cb093c
2014-01-17 09:02:48 +10:00
ac9e634cbb
Land #2874 , @mandreko's sercomm exploit fixes
2014-01-16 16:35:32 -06:00
62c7839b4c
Land #2850 , fix msftidy to respect \x22 and \x27
2014-01-16 16:26:34 -06:00
272fe5ddfd
Delete debug comments
2014-01-16 16:12:12 -06:00
f6f2da09aa
Merge pull request #4 from jvazquez-r7/review_2874
...
Clean CmdStagerEcho and Add module targets
2014-01-16 13:57:59 -08:00
a1eba03d1f
Land #2725 - Rex::Proto::PJL plus modules
2014-01-16 15:57:38 -06:00
8213eed49f
Delete Netgear N150 target, ist's a Netgear DGN1000 model
2014-01-16 15:14:31 -06:00
6110ad72b3
Update tests and ensure full coverage
2014-01-16 15:11:04 -06:00
9bf90b836b
Add environment variables support
2014-01-16 14:53:25 -06:00
139119d32c
Add Manual targets to sercomm_exec
2014-01-16 12:44:26 -06:00
Joe Vennix