adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
41,886 Commits 27 Branches 1,043 Tags
f8a94de6710abe3042a26a9dca38dcccff2c93be
Commit Graph

460 Commits

Author SHA1 Message Date
Brent Cook 99047fa8a1 be stricter in what we accept for payload uri 
datastore needs to contain something to produce a valid URI
 2017-01-22 10:20:04 -06:00
Brent Cook f69b4a330e handle Ruby 2.4 Fixnum/Bignum -> Integer deprecations 2017-01-22 10:20:03 -06:00
David Maloney 9b9d3127a8 cleanup leaked constants 
use constant cleaner
7824
 2017-01-12 15:49:24 -06:00
David Maloney 4029dbd5ca try not to forget fixing the spec... 2017-01-10 14:33:18 -06:00
David Maloney 2108913e77 target_host method had a name collision 
this method appears to have been accidentaly overriding another
method causing sessions to never finish being established
 2017-01-06 12:44:37 -06:00
David Maloney 3d2957dff1 tying it all together 
insert our autotarget routine into
the main target selection process

MS-2325
 2017-01-03 14:38:50 -06:00
David Maloney 44830dfc54 prefer authour's target over ours 
if the module authour added an automatic target
we skip our routine, to let the module's own automatic targeting
take over as it likely be better

MS-2325
 2017-01-03 14:38:50 -06:00
David Maloney 1afc57da40 determine most precise filter 
drop back to our most precise level of filtering

MS-2325
 2017-01-03 14:38:50 -06:00
David Maloney 201b65e43d remaining os filtering 
now can filter by os name and service pack
need to do final logic to turn that into an actual
target selection

MS-2325
 2017-01-03 14:38:50 -06:00
David Maloney 05ac2ee6ed convert first stage to os_family 
added the new os-family column to Host
so now we use that as our first stage filter
for targets

MS-2325
 2017-01-03 14:38:49 -06:00
David Maloney 95d5c7a778 filtering by os_name 
targets now filtered by OS name, but a little
more processing may be needed on this part because
it looks like what you'd expect in os_flavor gets jammed
into name instead

MS-2325
 2017-01-03 14:38:49 -06:00
David Maloney f107408389 target_host specs 
add specs for finding the 'target host' ie.
the mdm::Host object related to the RHOST value
to see what we know about our target

MS-2325
 2017-01-03 14:38:49 -06:00
David Maloney 4060e63b89 add tests for auto target addition 
tests to make sure we add auto targets only
in the appropriate conditions

MS-2325
 2017-01-03 14:38:49 -06:00
David Maloney 84d5e42e4f start gearing up for testing 
start getting auto-targeting test framework in place
so we can have unit tests for this behaviour

MS-2325
 2017-01-03 14:38:45 -06:00
Brent Cook f313389be4 Merge remote-tracking branch 'upstream/master' into land-7507-uuid-arch 2016-11-20 19:08:56 -06:00
Tod Beardsley 1deacad2be Add a print_bad alias for print_error 
Came up on Twitter, where Justin may have been trolling a little:

https://twitter.com/jstnkndy/status/798671298302017536

We have a `print_good` method, but not a `print_bad`, which seems a
little weird for Ruby -- opposite methods should be intuitive as Justin
is implying.

Anyway, I went with alias_method, thanks to the compelling argument at

https://github.com/bbatsov/ruby-style-guide#alias-method

...since Metasploit is all about the singleton, and didn't want to risk
some unexpected scoping thing.

Also dang, we define the `print_` methods like fifty billion times!
Really should fix that some day.
 2016-11-15 19:20:42 -06:00
OJ abe46024de Fix tests after arch refactor 2016-11-05 05:15:57 +10:00
OJ e4edbb16fe Fix encoded_payload_spec 2016-10-29 15:29:23 +10:00
Jon Hart 12508f7140 Fix DRDoS mixin to handle empty responses 2016-10-24 14:21:28 -07:00
David Maloney 6b77f509ba fixes bad file refs for cmdstagers 
when moving to the rex-exploitation gem some of the
file references were missed, partially due to silly differences
between how each file was referenced

Fixes #7466
 2016-10-21 12:31:18 -05:00
darkbushido 5a1cd24350 finishing converting the last of this to credentials 2016-07-29 09:58:17 -05:00
darkbushido 0972005b24 updating 'ppp.*username secret' 2016-07-29 09:58:17 -05:00
darkbushido 1d33c9aa88 updating specs upto 'username secret' 2016-07-29 09:58:17 -05:00
darkbushido 73b362cade updating more spec 2016-07-29 09:58:16 -05:00
darkbushido d807a83bb1 fixing some more specs 2016-07-29 09:58:16 -05:00
darkbushido b66621af0d adding in a blank service_name 
fixing myworkspace
 2016-07-29 09:58:16 -05:00
darkbushido 219f9d5d57 updating parts of cisco to use creds 2016-07-29 09:58:15 -05:00
darkbushido 40240662db converting enable password to create_credentials 2016-07-29 09:58:15 -05:00
darkbushido 9fa1c597b1 specing out the cisco mixin 2016-07-29 09:55:08 -05:00
Brent Cook da532ecc5e Land #6919, Move LURI into a full URI for a new 'Payload opts" column in jobs output 2016-06-03 13:57:47 -05:00
James Lee f7382f5b3b Make jobs display a full uri 
Addresses the problem of LURI taking the place of URIPATH, which has
different semantics.

See #4623
 2016-05-27 11:15:12 -05:00
Brent Cook a3d2cba698 Land #6906, Improve msfvenom error handling and spec coverage 2016-05-26 07:58:37 -05:00
Brent Cook c2cf992560 added spec for #6915 2016-05-26 07:57:17 -05:00
darkbushido a298129463 adding specs and expanding options 
Tests shouldnt be DRY, they need to be easy to understand.
 2016-05-25 13:17:47 -05:00
James Lee 5921ac7b47 Add a spec and fix ReverseHttp#luri 2016-05-24 17:22:14 -05:00
Jon Hart 8bccfef571 Fix merge conflict 2016-05-16 17:29:45 -07:00
wchen-r7 47d52a250e Fix #6806 and #6820 - Fix send_request_cgi! redirection 
This patch fixes two problems:

1. 6820 - If the HTTP server returns a relative path
   (example: /test), there is no host to extract, therefore the HOST
   header in the HTTP request ends up being empty. When the web
   server sees this, it might return an HTTP 400 Bad Request, and
   the redirection fails.

2. 6806 - If the HTTP server returns a relative path that begins
   with a dot, send_request_cgi! will literally send that in the
   GET request. Since that isn't a valid GET request path format,
   the redirection fails.

Fix #6806
Fix #6820
 2016-04-25 14:30:46 -05:00
James Lee 1375600780 Land #6644, datastore validation on assignment 2016-03-17 11:16:12 -05:00
Brent Cook 903807d039 update spec for pre-check 2016-03-15 14:21:01 -05:00
Christian Mehlmauer 3123175ac7 use MetasploitModule as a class name 2016-03-08 14:02:44 +01:00
Brent Cook a2c3b05416 Land #6405, prefer default module base class of simply 'Metasploit' 2016-03-06 17:10:55 -06:00
Brent Cook e1db3ef369 Land #6388, Update msftidy to error when module super class is incorrect 2016-03-06 16:53:11 -06:00
Jon Hart 53d4e31844 Allow OptPath to valid symbolic paths that need expansion 2016-02-03 14:12:03 -08:00
Christian Mehlmauer e6147d60e2 fix rspecs 2016-01-22 23:43:13 +01:00
Christian Mehlmauer f92f59a4c8 remove corresponding spec files 2016-01-22 23:38:44 +01:00
David Maloney c6656e4031 example_group and hook_scope conversions 
not strictly required, these conversions keep us
up to date with latest rspec conventions and best practices
which will prevent use from having to convert them when they become
deprecated later
 2015-12-31 16:56:13 -06:00
Jon Hart 46a3c839b4 Refactor existing tests that had been duplicating get_std* 2015-12-24 11:03:11 -08:00
wchen-r7 7d8ecf2341 Add Joomla mixin 2015-12-18 21:14:04 -06:00
Brent Cook fb578e9063 use explicit exceptions for raise_error 2015-12-10 21:47:22 -06:00
Brent Cook f59446851f update namespace 2015-12-10 21:47:22 -06:00