eb0b66a4cf
Land #6390 , report exceptions on bind/listen failure
2016-01-06 21:44:06 -06:00
7f9b804060
Land #6410 , remove JtR binaries, update for independent framework releases
2016-01-06 14:16:49 -06:00
6e65d1d871
Land #6411 , chinese caidao asp/aspx/php backdoor bruteforce
2016-01-06 12:03:17 -06:00
480913cb32
Add rspec
2016-01-06 01:41:13 -06:00
c3158497c0
rebuild / add check_setup / send_request
2016-01-05 15:10:26 +08:00
2dd59a932b
Clean up some warnings
2016-01-04 16:02:43 -06:00
05d8f9d186
Make sure addr is not nil
...
See http://ruby-doc.org/stdlib-2.2.2/libdoc/socket/rdoc/Socket/Ifaddr.html#method-i-addr
Which says:
Returns the address of *ifaddr*. nil is returned if address is not
available in *ifaddr*.
I ran into this with a teql interface, but who knows what else might
trigger it.
2016-01-04 15:58:03 -06:00
44ece87480
Merge branch 'master' into framework-as-a-gem
2016-01-04 09:04:32 -06:00
00f1511b46
Use the right op for the data checksum.
2016-01-03 01:48:25 -06:00
00dc6364b5
Add support for native target in addjsif exploit.
2016-01-03 01:07:36 -06:00
849857a418
Fix spacing issues in message.rb.
2016-01-02 22:57:26 -06:00
6668dbec41
Remove stray binding.pry.
2016-01-02 22:50:06 -06:00
dcd36b74db
Last mile polish and tweaks.
2016-01-02 22:41:38 -06:00
6575f4fe4a
Use the cmdstager mixin.
2016-01-02 14:09:56 -06:00
9c85c5d4fe
Add newline.
2016-01-02 01:17:28 -06:00
a88471dc8d
Add ADB client and module for obtaining shell.
2016-01-02 01:13:53 -06:00
370351ca88
chinese caidao asp/aspx/php backdoor bruteforce
2015-12-31 15:17:01 +08:00
bcd1a6d45e
make JSON key format a little more standard, emit options
2015-12-30 16:00:09 -06:00
2a0ae144df
Fixup rubocop warnings for cleanup purposes
2015-12-30 14:33:02 -06:00
bb857e7a33
Add new line after json output for cleaner usability
2015-12-30 14:32:31 -06:00
8090bbc750
Changes to support framework as a gem
2015-12-30 11:00:45 -06:00
a929dc0e35
add redis_login
2015-12-30 18:54:25 +08:00
3f98511d7c
Cleanup logic to force an output type
2015-12-29 15:11:16 -06:00
29ea553e03
Adding a json formatting option to the info command
2015-12-29 13:57:35 -06:00
e23b5c5435
Land #6179 , add NTP initial crypto nak spoofing module
2015-12-24 15:46:18 -06:00
eec6a6f905
Land #6304 , simplify Meterpreter livelness checks
2015-12-24 15:42:17 -06:00
beb2fa9f92
Use bind_addresses rather than bind_address; fixes #6394
2015-12-24 09:20:21 -08:00
efdb6a8885
Land #6392 , @wchen-r7's 'def peer' cleanup, fixing #6362
2015-12-24 08:53:32 -08:00
9c410e02e3
Merge branch 'master' into land-6111-android
2015-12-24 10:13:25 -06:00
5d0e868fd6
facebook.orca fixes
2015-12-24 12:21:08 +00:00
69b65e7d39
fix error handling
2015-12-24 09:13:56 +00:00
17ad41070b
Land #6380 , allow linux x86 meterpreter in the pref list
2015-12-23 16:10:26 -06:00
e4f9594646
Land #6331 , ensure generic payloads raise correct exceptions on failure
2015-12-23 15:43:12 -06:00
cea3bc27b9
Fix #6362 , avoid overriding def peer repeatedly
...
def peer is a method that gets repeated a lot in modules, so we
should have it in the tcp mixin. This commit also clears a few
modules that use the HttpClient mixin with def peer.
2015-12-23 11:44:55 -06:00
a16a10aaf6
Fix #6371 , being able to report an exception in #job_run_proc
...
Fix #6371
When a browser fails to bind (probably due to an invalid port or
server IP), the module actually fails to report this exception from
exception, the method calls exploit.handle_exception(e). But since
handle_exception is not a valid method for that object, it is unable
to do so, and as a result the module fails to properly terminate
the module, or show any error on the console. For the user, this will
make it look like the module has started, the payload listener is up,
but there is no exploit job.
Rex::BindFailed actually isn't the only error that could be raised
by #job_run_proc. As far as I can tell registering the same resource
again could, too. With this patch, the user should be able to see this
error too.
Since the exploit object does not have access to the methods in
Msf::Simple::Exploit, plus there is no other code using
handle_exception and setup_fail_detail_from_exception, I decided
to move these to lib/msf/core/exploit.rb so they are actually
callable.
2015-12-22 16:35:29 -06:00
84675e352b
Land #6249 , check for nil when using read_exactly_n_bytes
2015-12-22 15:48:39 -06:00
3f4c6eb370
Land #5383 , allow tunneling reverse_tcp meterpreter sessions without 'route add'
2015-12-22 15:42:42 -06:00
f6eaff5d96
use the new and shiny joomla mixin
2015-12-22 21:36:42 +01:00
d2a9aa18d8
fix sillyness
2015-12-22 16:06:01 +00:00
eeea4bde9d
integrate ./msfvenom -x for android payloads
2015-12-22 15:58:27 +00:00
662a6dfd53
¯\_(ツ)_/¯
2015-12-22 14:49:00 +00:00
d2cc32a389
integrate apk_backdoor with msfvenom
2015-12-22 14:49:00 +00:00
fa390358a2
Add linux/x86/meterpreter/reverse_tcp to the preference list
...
linux/x86/meterpreter/reverse_tcp was not added to the preference
list, because at the time it was reliable. For example: it would
crash while running a post module. This is not the case anymore,
so it looks like linux/x86/meterpreter/reverse_tcp is ready to
serve.
2015-12-21 23:09:54 -06:00
2cc54a7a43
Make joomla.xml go first
...
Reason is here:
https://github.com/rapid7/metasploit-framework/pull/6373#issuecomment-166446092
2015-12-21 22:59:13 -06:00
17b67b8f1b
Add trailing /
2015-12-19 17:18:34 -06:00
5ff02956c9
Lower joomla.xml
2015-12-19 13:46:13 -06:00
0fda963601
Have multiple paths to find the generator tag
2015-12-19 13:45:41 -06:00
6dada5f20f
add another we can check
...
administrator/manifests/files/joomla.xml
2015-12-19 12:06:06 -06:00
7d8ecf2341
Add Joomla mixin
2015-12-18 21:14:04 -06:00
b78f7b4d55
Land #6319 , @all3g's module for abusing redis to achieve file uploads
2015-12-14 18:00:44 -08:00
Brent Cook