dnrops
/
metasploit-framework
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
44,345 Commits 10 Branches 885 Tags 1.3 GiB
Commit Graph

13551 Commits

Author SHA1 Message Date
William Vu 0a1eea9860 Allow local_editor in cmd_edit to take arguments 
Such as vim -i NONE. This may allow command injection via arguments.
However, you can already start an arbitrary program by setting
LocalEditor or escaping the editor.

msf > setg LocalEditor /bin/sh
LocalEditor => /bin/sh
msf > edit -i
[*] Launching /bin/sh -i
$
 2017-12-14 19:51:57 -06:00
William Webb 234ef5627e
Land #9299, Add arch to MS17-010 detection 2017-12-14 12:20:56 -08:00
Metasploit be4f9236f2
Bump version of framework to 4.16.24 2017-12-14 10:08:05 -08:00
bwatters-r7 9ea7747a5c
Land #9233, Fix #9232 corruption of non-latin characters in W methods 
Merge branch 'land-9233' into upstream-master
 2017-12-14 11:54:36 -06:00
William Vu 8e4b007edc Move verify_arch to dcerpc_getarch 
We can use this code elsewhere, such as the MS17-010 scanner.
 2017-12-14 02:08:25 -06:00
Brent Cook 1653e31f71 Merge branch 'upstream-master' into land-9126- 2017-12-11 03:57:00 -06:00
Metasploit 348cbe54b6
Bump version of framework to 4.16.23 2017-12-08 10:01:55 -08:00
William Vu 2565ad6a27 Handle IPv6 addresses in full_uri (add brackets) 2017-12-07 12:56:55 -06:00
Brent Cook c15f379343 remove some unneeded backward-compat code 2017-12-04 22:27:21 -06:00
William Vu 19b37c7070
Land #9263, drb_remote_codeexec fixes 
See pull requests #7531 and #7749 for hysterical raisins.
 2017-12-04 18:45:03 -06:00
Metasploit fd1681edd9
Bump version of framework to 4.16.22 2017-12-01 10:04:07 -08:00
Brent Cook 09dd5b8489 fix check command to not require an rport _method_ 2017-11-30 10:51:21 -06:00
Brent Cook c848379ecb simply use refname in the prompt? 2017-11-29 20:52:14 -06:00
Brent Cook e5a5d35ad8 add 'promptname' that expands the module path a bit more 
This allows the user to actually see the module context.
 2017-11-29 19:49:43 -06:00
Brent Cook 55f56a5350
Land #9110, added -C option to change default hosts columns 2017-11-29 17:48:44 -06:00
Brent Cook 0aeb245c9c
Land #9252, docker improvements 2017-11-29 17:15:47 -06:00
bwatters-r7 e8965767a0
Land 9207, Expose more uuid attributes 2017-11-29 16:25:05 -06:00
Metasploit 174d0d46de
Bump version of framework to 4.16.21 2017-11-29 10:45:55 -08:00
Brent Cook 70ec576d52 use correct session variable 2017-11-29 11:53:56 -06:00
Brent Cook ec2b5d48a6 add missing payload uuid accessors 2017-11-29 11:49:41 -06:00
Brent Cook 446f3fa675 more conversions 2017-11-29 11:49:41 -06:00
Brent Cook 59446f3d96 change ui to use new settings 2017-11-29 11:49:41 -06:00
Brent Cook 8051f790d0 if there is info in the uuid_db, put it in payload_uuid automatically 2017-11-29 11:49:41 -06:00
Jeffrey Martin e73ba0b3ca
Merge released '4.x' into master 2017-11-29 10:27:42 -06:00
Adam Cammack 3fff092042
Fix include scope in external module mixin 
The auxiliary report mixin overrides some of the methods in
Metasploit::Credential, which is fine in framework, but causes issues in
projects relying on the base behavior of Metasploit::Credential. This
changes the include scope from global to just whatever includes the
external module mixin.
 2017-11-28 21:41:52 -06:00
William Vu f132c1572f
Fix #9194, clarified error for reloading modules 2017-11-28 17:15:56 -06:00
William Vu 7b3bf85d03 Print the generated command stager for debugging 2017-11-28 16:00:28 -06:00
Christian Mehlmauer 50351320d7
more docker work 2017-11-28 21:35:20 +01:00
William Vu 65412cd2f1
Land #9201, enhanced tab completion 2017-11-27 11:37:04 -06:00
Brent Cook 2c6cfabbc3
Land #8948, allow configuring payload HTTP headers for domain fronting 2017-11-25 10:08:22 -06:00
Brent Cook 8645a518b3 add mettle support for custom headers 2017-11-24 20:27:34 -06:00
Metasploit c9da8f7a18
Bump version of framework to 4.16.20 2017-11-24 10:01:50 -08:00
scriptjunkie 9a81cc70dd Fix corruption of non-latin characters in W methods 2017-11-21 20:58:38 -06:00
Brent Cook 81c6823b72 handle interrupt and unknown exceptions properly with external modules 2017-11-21 17:50:53 -06:00
Adam Cammack 19844fb6ed
Land #9227, Add slowloris denial of service 2017-11-21 15:42:39 -06:00
Matthew Kienow b6c81e6da0
Reimplement slowloris as external module 2017-11-21 16:21:01 -05:00
OJ fea28a89a5 Fix TLV defs for http headers 2017-11-21 13:47:19 -06:00
Brent Cook ea37196614 use cooler names c/o @timwr, make options easier to grep 2017-11-21 13:47:19 -06:00
Brent Cook 85acbadf01 more DRYing 2017-11-21 13:47:19 -06:00
Brent Cook 37ab771ca9 uri is not always defined, fix python stager generation 2017-11-21 13:47:19 -06:00
Brent Cook 2076db2d61 DRY up common stager and payload http and retry options 2017-11-21 13:47:19 -06:00
Brent Cook 1fd7f7c8bc prefix MeterpreterUserAgent and PayloadProxy* with Http for consistency, 
this also adds aliases where needed
 2017-11-21 13:47:19 -06:00
Tim a5af21fa1a add http headers to Android/Java 2017-11-21 13:47:19 -06:00
OJ ac79cc9f78 Fix up header string generation in transports 2017-11-21 13:47:18 -06:00
OJ f6e9b12b43 Make sure stageless is supported 2017-11-21 13:47:18 -06:00
OJ 656babe9f4 Custom host header support in python meterp 2017-11-21 13:47:18 -06:00
OJ a78d8f83fc Add HTTP header support for Host/Cookie/Referer 
This is to start the support for things like domain fronting.
 2017-11-21 13:47:18 -06:00
Brent Cook a4e199a6dd
Land #9000, enhance module option registration 2017-11-21 12:09:21 -06:00
Brent Cook c5cc013819 auto-detect SSL supported options 2017-11-21 08:30:42 -06:00
Brent Cook 967b459ff1 restore default enum is first value behavior 2017-11-21 08:30:42 -06:00