infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into staging/rails-upgrade

bug/bundler_fix
Gregory Mikeska 2016-03-24 12:55:05 -05:00
parent 8fec3e8d21 6b4b523521
commit 7bd6d0c696
No known key found for this signature in database
GPG Key ID: 35F0DEED7BFB817A
3128 changed files with 4591 additions and 3958 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
.github/ISSUE_TEMPLATE.md vendored Normal file
View File

@ -0,0 +1,41 @@
## Steps to reproduce
How'd you do it?
1. ...
2. ...
This section should also tell us any relevant information about the
environment; for example, if an exploit that used to work is failing,
tell us the victim operating system and service versions.
## Expected behavior
What should happen?
## Current behavior
What happens instead?
You might also want to check the last ~1k lines of
`/opt/metasploit/apps/pro/engine/config/logs/framework.log` or
`~/.msf4/logs/framework.log` for relevant stack traces
## System stuff
### Metasploit version
Get this with the `version` command in msfconsole (or `git log -1 --pretty=oneline` for a source install).
### I installed Metasploit with:
- [ ] Kali package via apt
- [ ] Omnibus installer (nightly)
- [ ] Commercial/Community installer (from http://www.rapid7.com/products/metasploit/download.jsp)
- [ ] Source install (please specify ruby version)
### OS
What OS are you running Metasploit on?

14
.github/PULL_REQUEST_TEMPLATE.md vendored Normal file
View File

@ -0,0 +1,14 @@
Tell us what this change does. If you're fixing a bug, please mention
the github issue number.
## Verification
List the steps needed to make sure this thing works
- [ ] Start `msfconsole`
- [ ] `use exploit/windows/smb/ms08_067_netapi`
- [ ] ...
- [ ] **Verify** the thing does what it should
- [ ] **Verify** the thing does not do what it should not

1
.mailmap
View File

@ -114,6 +114,7 @@ m-1-k-3 <m-1-k-3@github> Michael Messner <devnull@s3cur1ty.de>
Meatballs1 <Meatballs1@github> <eat_meatballs@hotmail.co.uk>
Meatballs1 <Meatballs1@github> <Meatballs1@users.noreply.github.com>
mubix <mubix@github> Rob Fuller <jd.mubix@gmail.com>
net-ninja <net-ninja@github.com> Steven Seeley <steventhomasseeley@gmail.com>
nevdull77 <nevdull77@github> Patrik Karlsson <patrik@cqure.net>
nmonkee <nmonkee@github> nmonkee <dave@northern-monkee.co.uk>
nullbind <nullbind@github> nullbind <scott.sutherland@nullbind.com>

BIN
data/exploits/R7_2015_17/stream.raw Normal file
View File

Binary file not shown.

2
lib/metasploit/framework/version.rb
View File

@ -30,7 +30,7 @@ module Metasploit
end
end
VERSION = "4.11.15"
VERSION = "4.11.18"
MAJOR, MINOR, PATCH = VERSION.split('.').map { |x| x.to_i }
PRERELEASE = 'dev'
HASH = get_hash

2
lib/msf/base/sessions/command_shell.rb
View File

@ -216,7 +216,7 @@ class CommandShell
end
end
if (datastore['InitialAutoRunScript'] && datastore['InitialAutoRunScript'].empty? == false)
if datastore['InitialAutoRunScript'] && !datastore['InitialAutoRunScript'].empty?
args = Shellwords.shellwords( datastore['InitialAutoRunScript'] )
print_status("Session ID #{sid} (#{tunnel_to_s}) processing InitialAutoRunScript '#{datastore['InitialAutoRunScript']}'")
execute_script(args.shift, *args)

8
lib/msf/base/sessions/meterpreter_options.rb
View File

@ -37,13 +37,13 @@ module MeterpreterOptions
framework.sessions.schedule Proc.new {
# Configure unicode encoding before loading stdapi
session.encode_unicode = ( datastore['EnableUnicodeEncoding'] ? true : false )
session.encode_unicode = datastore['EnableUnicodeEncoding']
session.init_ui(self.user_input, self.user_output)
valid = true
if datastore['AutoVerifySession'] == true
if datastore['AutoVerifySession']
if not session.is_valid_session?(datastore['AutoVerifySessionTimeout'].to_i)
print_error("Meterpreter session #{session.sid} is not valid and will be closed")
valid = false
@ -52,7 +52,7 @@ module MeterpreterOptions
if valid
if datastore['AutoLoadStdapi'] == true
if datastore['AutoLoadStdapi']
session.load_stdapi
@ -72,7 +72,7 @@ module MeterpreterOptions
end
[ 'InitialAutoRunScript', 'AutoRunScript' ].each do |key|
if (datastore[key].empty? == false)
if !datastore[key].empty?
args = Shellwords.shellwords( datastore[key] )
print_status("Session ID #{session.sid} (#{session.tunnel_to_s}) processing #{key} '#{datastore[key]}'")
session.execute_script(args.shift, *args)

2
lib/msf/base/sessions/vncinject_options.rb
View File

@ -84,7 +84,7 @@ module VncInjectOptions
print_status("Local TCP relay started.")
# If the AUTOVNC flag is set, launch VNC viewer.
if (datastore['AUTOVNC'] == true)
if datastore['AUTOVNC']
if (session.autovnc(datastore['ViewOnly']))
print_status("Launched vncviewer.")
else

2
lib/msf/core/auxiliary/crawler.rb
View File

@ -44,7 +44,7 @@ module Auxiliary::HttpCrawler
OptString.new('BasicAuthPass', [false, 'The HTTP password to specify for basic authentication']),
OptString.new('HTTPAdditionalHeaders', [false, "A list of additional headers to send (separated by \\x01)"]),
OptString.new('HTTPCookie', [false, "A HTTP cookie header to send with each request"]),
OptEnum.new('SSLVersion', [ false, 'Specify the version of SSL that should be used', 'Auto', ['Auto', 'SSL2', 'SSL23', 'SSL3', 'TLS1']]),
Opt::SSLVersion
], self.class
)

28
lib/msf/core/data_store.rb
View File

@ -13,6 +13,7 @@ class DataStore < Hash
# Initializes the data store's internal state.
#
def initialize()
@options = Hash.new
@imported = Hash.new
@imported_by = Hash.new
end
@ -26,6 +27,14 @@ class DataStore < Hash
@imported[k] = false
@imported_by[k] = nil
opt = @options[k]
unless opt.nil?
unless opt.valid?(v)
raise OptionValidateError.new(["Value '#{v}' is not valid for option '#{k}'#{['', ', try harder'].sample}"])
end
v = opt.normalize(v)
end
super(k,v)
end
@ -65,17 +74,11 @@ class DataStore < Hash
# all of the supplied options
#
def import_options(options, imported_by = nil, overwrite = false)
options.each_option { |name, opt|
# If there's already a value defined for this option, then skip it
# and don't import it.
next if self.has_key?(name) and overwrite == false
# If the option has a default value, import it, but only if the
# datastore doesn't already have a value set for it.
if ((opt.default != nil) and (overwrite or self[name] == nil))
import_option(name, opt.default.to_s, true, imported_by)
options.each_option do |name, opt|
if self[name].nil? || overwrite
import_option(name, opt.default, true, imported_by, opt)
end
}
end
end
#
@ -124,13 +127,14 @@ class DataStore < Hash
#
def import_options_from_hash(option_hash, imported = true, imported_by = nil)
option_hash.each_pair { |key, val|
import_option(key, val.to_s, imported, imported_by)
import_option(key, val, imported, imported_by)
}
end
def import_option(key, val, imported=true, imported_by=nil)
def import_option(key, val, imported=true, imported_by=nil, option=nil)
self.store(key, val)
@options[key] = option
@imported[key] = imported
@imported_by[key] = imported_by
end

10
lib/msf/core/db_manager.rb
View File

@ -163,14 +163,4 @@ class Msf::DBManager
true
end
# Mainly, it's Ruby 1.9.1 that cause a lot of problems now, along with Ruby 1.8.6.
# Ruby 1.8.7 actually seems okay, but why tempt fate? Let's say 1.9.3 and beyond.
def warn_about_rubies
if ::RUBY_VERSION =~ /^1\.9\.[012]($|[^\d])/
$stderr.puts "**************************************************************************************"
$stderr.puts "Metasploit requires at least Ruby 1.9.3. For an easy upgrade path, see https://rvm.io/"
$stderr.puts "**************************************************************************************"
end
end
end

2
lib/msf/core/encoder.rb
View File

@ -537,7 +537,7 @@ protected
#
def find_context_key(buf, badchars, state)
# Make sure our context information file is sane
if File.exists?(datastore['ContextInformationFile']) == false
if !File.exists?(datastore['ContextInformationFile'])
raise NoKeyError, "A context information file must specified when using context encoding", caller
end

2
lib/msf/core/exploit.rb
View File

@ -1506,7 +1506,7 @@ protected
# required when wanting to support context keyed encoding
#
def define_context_encoding_reqs(reqs)
return if datastore['EnableContextEncoding'] != true
return unless datastore['EnableContextEncoding']
# At present, we don't support any automatic methods of obtaining
# context information. In the future, we might support obtaining

3
lib/msf/core/exploit/ftpserver.rb
View File

@ -56,7 +56,7 @@ module Exploit::Remote::FtpServer
# exists for the given command, returns a generic default response.
#
# @example Handle SYST requests
# class Metasploit < Msf::Exploit
# class MetasploitModule < Msf::Exploit
# include Msf::Exploit::Remote::FtpServer
# ...
# def on_client_command_syst(cmd_conn, arg)
@ -237,4 +237,3 @@ module Exploit::Remote::FtpServer
end
end

4
lib/msf/core/exploit/http/client.rb
View File

@ -50,7 +50,7 @@ module Exploit::Remote::HttpClient
OptString.new('USERNAME', [false, 'The HTTP username to specify for authentication', '']),
OptString.new('PASSWORD', [false, 'The HTTP password to specify for authentication', '']),
OptBool.new('DigestAuthIIS', [false, 'Conform to IIS, should work for most servers. Only set to false for non-IIS servers', true]),
OptEnum.new('SSLVersion', [ false, 'Specify the version of SSL that should be used', 'Auto', ['Auto', 'SSL2', 'SSL3', 'TLS1']]),
Opt::SSLVersion,
OptBool.new('FingerprintCheck', [ false, 'Conduct a pre-exploit fingerprint verification', true]),
OptString.new('DOMAIN', [ true, 'The domain to use for windows authentification', 'WORKSTATION']),
OptInt.new('HttpClientTimeout', [false, 'HTTP connection and receive timeout'])
@ -85,7 +85,7 @@ module Exploit::Remote::HttpClient
#
# Remaining evasions to implement
#
# OptBool.new('HTTP::chunked', [false, 'Enable chunking of HTTP request via "Transfer-Encoding: chunked"', 'false']),
# OptBool.new('HTTP::chunked', [false, 'Enable chunking of HTTP request via "Transfer-Encoding: chunked"', false]),
# OptInt.new('HTTP::junk_pipeline', [true, 'Insert the specified number of junk pipeline requests', 0]),
], self.class
)

14
lib/msf/core/exploit/http/server.rb
View File

@ -32,9 +32,9 @@ module Exploit::Remote::HttpServer
register_evasion_options(
[
OptBool.new('HTTP::chunked', [false, 'Enable chunking of HTTP responses via "Transfer-Encoding: chunked"', 'false']),
OptBool.new('HTTP::header_folding', [false, 'Enable folding of HTTP headers', 'false']),
OptBool.new('HTTP::junk_headers', [false, 'Enable insertion of random junk HTTP headers', 'false']),
OptBool.new('HTTP::chunked', [false, 'Enable chunking of HTTP responses via "Transfer-Encoding: chunked"', false]),
OptBool.new('HTTP::header_folding', [false, 'Enable folding of HTTP headers', false]),
OptBool.new('HTTP::junk_headers', [false, 'Enable insertion of random junk HTTP headers', false]),
OptEnum.new('HTTP::compression', [false, 'Enable compression of HTTP responses via content encoding', 'none', ['none','gzip','deflate']]),
OptString.new('HTTP::server_name', [true, 'Configures the Server header of all outgoing replies', 'Apache'])
], Exploit::Remote::HttpServer
@ -86,7 +86,7 @@ module Exploit::Remote::HttpServer
# set.
#
def use_zlib
if (!Rex::Text.zlib_present? and datastore['HTTP::compression'] == true)
if !Rex::Text.zlib_present? && datastore['HTTP::compression']
raise RuntimeError, "zlib support was not detected, yet the HTTP::compression option was set. Don't do that!"
end
end
@ -530,16 +530,16 @@ module Exploit::Remote::HttpServer
response.compress = datastore['HTTP::compression']
end
if (datastore['HTTP::chunked'] == true)
if datastore['HTTP::chunked']
response.auto_cl = false
response.transfer_chunked = true
end
if (datastore['HTTP::header_folding'] == true)
if datastore['HTTP::header_folding']
response.headers.fold = 1
end
if (datastore['HTTP::junk_headers'] == true)
if datastore['HTTP::junk_headers']
response.headers.junk_headers = 1
end

2
lib/msf/core/exploit/postgres.rb
View File

@ -292,6 +292,8 @@ module Exploit::Remote::Postgres
when "Fauth.c:L302:Rauth_failed" ; return {:preauth => "9.1.6"} # Bad password, good database
when "Fpostinit.c:L718:RInitPostgres" ; return {:preauth => "9.1.6"} # Good creds, non-existent but allowed database
when "Fauth.c:L483:RClientAuthentication" ; return {:preauth => "9.1.6"} # Bad user
when "Fauth.c:L285:Rauth_failed" ; return {:preauth => "9.4.1-5"} # Bad creds, good database
when "Fauth.c:L481:RClientAuthentication" ; return {:preauth => "9.4.1-5"} # bad user or host
# Windows

2
lib/msf/core/exploit/remote/browser_exploit_server.rb
View File

@ -588,7 +588,7 @@ module Msf
if profile.nil?
print_status("Browsing directly to the exploit URL is forbidden.")
send_not_found(cli)
elsif profile[:tried] and datastore['Retries'] == false
elsif profile[:tried] && !datastore['Retries']
print_status("Target with tag \"#{tag}\" wants to retry the module, not allowed.")
send_not_found(cli)
else

2
lib/msf/core/exploit/smb/client.rb
View File

@ -64,7 +64,7 @@ module Msf
register_options(
[
Opt::RHOST,
OptInt.new('RPORT', [ true, 'Set the SMB service port', 445])
OptPort.new('RPORT', [ true, 'The SMB service port', 445])
], Msf::Exploit::Remote::SMB::Client)
register_autofilter_ports([ 139, 445])

4
lib/msf/core/exploit/smb/server/share.rb
View File

@ -17,7 +17,7 @@ module Msf
# @example Use it from an Auxiliary module
# require 'msf/core'
#
# class Metasploit < Msf::Auxiliary
# class MetasploitModule < Msf::Auxiliary
#
# include Msf::Exploit::Remote::SMB::Server::Share
#
@ -59,7 +59,7 @@ module Msf
# @example Use it from an Exploit module
# require 'msf/core'
#
# class Metasploit < Msf::Exploit::Remote
# class MetasploitModule < Msf::Exploit::Remote
# Rank = ExcellentRanking
#
# include Msf::Exploit::EXE

4
lib/msf/core/exploit/sunrpc.rb
View File

@ -31,7 +31,7 @@ module Exploit::Remote::SunRPC
register_evasion_options(
[
OptBool.new('ONCRPC::tcp_request_fragmentation', [false, 'Enable fragmentation of TCP ONC/RPC requests', 'false']),
OptBool.new('ONCRPC::tcp_request_fragmentation', [false, 'Enable fragmentation of TCP ONC/RPC requests', false]),
], Msf::Exploit::Remote::SunRPC
)
@ -65,7 +65,7 @@ module Exploit::Remote::SunRPC
}
)
if datastore['ONCRPC::tcp_request_fragmentation'] == true
if datastore['ONCRPC::tcp_request_fragmentation']
self.rpcobj.should_fragment = 1
end

2
lib/msf/core/exploit/tcp.rb
View File

@ -64,7 +64,7 @@ module Exploit::Remote::Tcp
register_advanced_options(
[
OptBool.new('SSL', [ false, 'Negotiate SSL/TLS for outgoing connections', false]),
OptEnum.new('SSLVersion', [ false, 'Specify the version of SSL/TLS to be used (TLS and SSL23 are auto-negotiate)', 'TLS1', ['SSL2', 'SSL3', 'SSL23', 'TLS', 'TLS1', 'TLS1.1', 'TLS1.2']]),
Opt::SSLVersion,
OptEnum.new('SSLVerifyMode', [ false, 'SSL verification method', 'PEER', %W{CLIENT_ONCE FAIL_IF_NO_PEER_CERT NONE PEER}]),
OptString.new('SSLCipher', [ false, 'String for SSL cipher - "DHE-RSA-AES256-SHA" or "ADH"']),
Opt::Proxies,

1
lib/msf/core/exploit/tcp_server.rb
View File

@ -19,7 +19,6 @@ module Exploit::Remote::TcpServer
[
OptBool.new('SSL', [ false, 'Negotiate SSL for incoming connections', false]),
# SSLVersion is currently unsupported for TCP servers (only supported by clients at the moment)
# OptEnum.new('SSLVersion', [ false, 'Specify the version of SSL that should be used', 'TLS1', ['SSL2', 'SSL3', 'TLS1']]),
OptPath.new('SSLCert', [ false, 'Path to a custom SSL certificate (default is randomly generated)']),
OptAddress.new('SRVHOST', [ true, "The local host to listen on. This must be an address on the local machine or 0.0.0.0", '0.0.0.0' ]),
OptPort.new('SRVPORT', [ true, "The local port to listen on.", 8080 ]),

8
lib/msf/core/framework.rb
View File

@ -38,14 +38,6 @@ class Framework
Revision = "$Revision$"
# Repository information
RepoRevision = ::Msf::Util::SVN.revision
RepoUpdated = ::Msf::Util::SVN.updated
RepoUpdatedDays = ::Msf::Util::SVN.days_since_update
RepoUpdatedDaysNote = ::Msf::Util::SVN.last_updated_friendly
RepoUpdatedDate = ::Msf::Util::SVN.last_updated_date
RepoRoot = ::Msf::Util::SVN.root
# EICAR canary
EICARCorrupted = ::Msf::Util::EXE.is_eicar_corrupted?

5
lib/msf/core/module.rb
View File

@ -266,11 +266,10 @@ class Module
end
#
# Returns true if this module is being debugged. The debug flag is set
# by setting datastore['DEBUG'] to 1|true|yes
# Returns true if this module is being debugged.
#
def debugging?
(datastore['DEBUG'] || '') =~ /^(1|t|y)/i
datastore['DEBUG']
end
#

10
lib/msf/core/module/deprecated.rb
View File

@ -60,15 +60,15 @@ module Msf::Module::Deprecated
#
# @return [void]
def print_deprecation_warning
print_warning("*"*72)
print_warning("*%red"+"The module #{refname} is deprecated!".center(70)+"%clr*")
print_warning("*"*90)
print_warning("*%red"+"The module #{refname} is deprecated!".center(88)+"%clr*")
if deprecation_date
print_warning("*"+"It will be removed on or about #{deprecation_date}".center(70)+"*")
print_warning("*"+"It will be removed on or about #{deprecation_date}".center(88)+"*")
end
if replacement_module
print_warning("*"+"Use #{replacement_module} instead".center(70)+"*")
print_warning("*"+"Use #{replacement_module} instead".center(88)+"*")
end
print_warning("*"*72)
print_warning("*"*90)
end
def init_ui(input = nil, output = nil)

5
lib/msf/core/module/ui/message.rb
View File

@ -14,9 +14,8 @@ module Msf::Module::UI::Message
def print_prefix
prefix = ''
if (datastore['TimestampOutput'] =~ /^(t|y|1)/i) || (
framework && framework.datastore['TimestampOutput'] =~ /^(t|y|1)/i
)
if datastore['TimestampOutput'] ||
(framework && framework.datastore['TimestampOutput'])
prefix << "[#{Time.now.strftime("%Y.%m.%d-%H:%M:%S")}] "
xn ||= datastore['ExploitNumber']

8
lib/msf/core/module/ui/message/verbose.rb
View File

@ -1,21 +1,21 @@
module Msf::Module::UI::Message::Verbose
# Verbose version of #print_error
def vprint_error(msg='')
print_error(msg) if datastore['VERBOSE'] || framework.datastore['VERBOSE']
print_error(msg) if datastore['VERBOSE'] || (!framework.nil? && framework.datastore['VERBOSE'])
end
# Verbose version of #print_good
def vprint_good(msg='')
print_good(msg) if datastore['VERBOSE'] || framework.datastore['VERBOSE']
print_good(msg) if datastore['VERBOSE'] || (!framework.nil? && framework.datastore['VERBOSE'])
end
# Verbose version of #print_status
def vprint_status(msg='')
print_status(msg) if datastore['VERBOSE'] || framework.datastore['VERBOSE']
print_status(msg) if datastore['VERBOSE'] || (!framework.nil? && framework.datastore['VERBOSE'])
end
# Verbose version of #print_warning
def vprint_warning(msg='')
print_warning(msg) if datastore['VERBOSE'] || framework.datastore['VERBOSE']
print_warning(msg) if datastore['VERBOSE'] || (!framework.nil? && framework.datastore['VERBOSE'])
end
end

5
lib/msf/core/module_manager.rb
View File

@ -147,11 +147,6 @@ module Msf
# @param klass [Class<Msf::Module>] The module class
# @return [void]
def auto_subscribe_module(klass)
# If auto-subscribe has been disabled
if (framework.datastore['DisableAutoSubscribe'] and
framework.datastore['DisableAutoSubscribe'] =~ /^(y|1|t)/)
return
end
# If auto-subscription is enabled (which it is by default), figure out
# if it subscribes to any particular interfaces.

15
lib/msf/core/modules/loader/base.rb
View File

@ -147,18 +147,17 @@ class Msf::Modules::Loader::Base
if namespace_module.const_defined?('Metasploit3', false)
klass = namespace_module.const_get('Metasploit3', false)
# We are not quite yet ready for the warnings to bubble to the user
# load_warning(module_path, 'Please change the modules class name from Metasploit3 to Metasploit')
load_warning(module_path, 'Please change the modules class name from Metasploit3 to MetasploitModule')
elsif namespace_module.const_defined?('Metasploit4', false)
klass = namespace_module.const_get('Metasploit4', false)
# load_warning(module_path, 'Please change the modules class name from Metasploit4 to Metasploit')
elsif namespace_module.const_defined?('Metasploit', false)
klass = namespace_module.const_get('Metasploit', false)
load_warning(module_path, 'Please change the modules class name from Metasploit4 to MetasploitModule')
elsif namespace_module.const_defined?('MetasploitModule', false)
klass = namespace_module.const_get('MetasploitModule', false)
else
load_error(module_path, Msf::Modules::Error.new({
:module_path => module_path,
:module_reference_name => module_reference_name,
:causal_message => 'Invalid module (no Metasploit class or module name)'
:causal_message => 'Invalid module (no MetasploitModule class or module name)'
}))
return false
end
@ -314,7 +313,7 @@ class Msf::Modules::Loader::Base
protected
# Returns a nested module to wrap the Metasploit class so that it doesn't overwrite other (metasploit)
# Returns a nested module to wrap the MetasploitModule class so that it doesn't overwrite other (metasploit)
# module's classes. The wrapper module must be named so that active_support's autoloading code doesn't break when
# searching constants from inside the Metasploit class.
#
@ -496,7 +495,7 @@ class Msf::Modules::Loader::Base
end
# Returns an Array of names to make a fully qualified module name to
# wrap the Metasploit class so that it doesn't overwrite other
# wrap the MetasploitModule class so that it doesn't overwrite other
# (metasploit) module's classes. Invalid module name characters are
# escaped by using 'H*' unpacking and prefixing each code with X so
# the code remains a valid module name when it starts with a digit.

4
lib/msf/core/modules/loader/directory.rb
View File

@ -32,10 +32,6 @@ class Msf::Modules::Loader::Directory < Msf::Modules::Loader::Base
def each_module_reference_name(path, opts={})
whitelist = opts[:whitelist] || []
::Dir.foreach(path) do |entry|
if entry.downcase == '.svn'
next
end
full_entry_path = ::File.join(path, entry)
type = entry.singularize

8
lib/msf/core/opt.rb
View File

@ -51,6 +51,13 @@ module Msf
Msf::OptPort.new(__method__.to_s, [ required, desc, default ])
end
# @return [OptEnum]
def self.SSLVersion
Msf::OptEnum.new('SSLVersion', [ false,
'Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate)', 'Auto',
['Auto', 'SSL2', 'SSL3', 'SSL23', 'TLS', 'TLS1', 'TLS1.1', 'TLS1.2']])
end
# These are unused but remain for historical reasons
class << self
alias builtin_chost CHOST
@ -69,6 +76,7 @@ module Msf
Proxies = Proxies()
RHOST = RHOST()
RPORT = RPORT()
SSLVersion = SSLVersion()
end
end

17
lib/msf/core/opt_port.rb
View File

@ -7,24 +7,17 @@ module Msf
# Network port option.
#
###
class OptPort < OptBase
class OptPort < OptInt
def type
return 'port'
end
def normalize(value)
value.to_i
end
def valid?(value)
return false if empty_required_value?(value)
if ((value != nil and value.to_s.empty? == false) and
((value.to_s.match(/^\d+$/) == nil or value.to_i < 0 or value.to_i > 65535)))
return false
if !required? and value.to_s.empty?
super
else
super && normalize(value) <= 65535 && normalize(value) >= 0
end
return super
end
end

2
lib/msf/core/opt_raw.rb
View File

@ -13,7 +13,7 @@ class OptRaw < OptBase
end
def normalize(value)
if (value =~ /^file:(.*)/)
if (value.to_s =~ /^file:(.*)/)
path = $1
begin
value = File.read(path)

2
lib/msf/core/opt_regexp.rb
View File

@ -29,7 +29,7 @@ class OptRegexp < OptBase
def normalize(value)
return nil if value.nil?
return Regexp.compile(value)
return Regexp.compile(value.to_s)
end
def display_value(value)

2
lib/msf/core/opt_string.rb
View File

@ -13,7 +13,7 @@ class OptString < OptBase
end
def normalize(value)
if (value =~ /^file:(.*)/)
if (value.to_s =~ /^file:(.*)/)
path = $1
begin
value = File.read(path)

2
lib/msf/core/payload/ruby.rb
View File

@ -10,7 +10,7 @@ module Msf::Payload::Ruby
[
# Since space restrictions aren't really a problem, default this to
# true.
Msf::OptBool.new('PrependFork', [ false, "Start the payload in its own process via fork or popen", "true" ])
Msf::OptBool.new('PrependFork', [ false, "Start the payload in its own process via fork or popen", true ])
]
)
end

2
lib/msf/core/payload/windows/prepend_migrate.rb
View File

@ -28,7 +28,7 @@ module Msf::Payload::Windows::PrependMigrate
# for discussion.
#
def prepend_migrate?
!!(datastore['PrependMigrate'] && datastore['PrependMigrate'].to_s.downcase == 'true')
datastore['PrependMigrate']
end
#

83
lib/msf/sanity.rb
View File

@ -3,36 +3,6 @@
# Provides some sanity checks against the ruby build and version
#
# Check for the broken pack/unpack in OS X 10.4.x
if ([1].pack('n') == "\x01\x00")
$stderr.puts "*** This ruby build has a broken pack/unpack implementation! "
if (RUBY_PLATFORM =~ /darwin/)
$stderr.puts " Apple shipped a broken version of ruby with the 10.4.x "
$stderr.puts " release. Please install ruby from source, or use one of "
$stderr.puts " the free package managers to obtain a working ruby build."
end
exit(0)
end
# Check for ruby 1.8.2 as the minimal supported version
if (RUBY_VERSION =~ /^1\.[0-7]\./ or RUBY_VERSION =~ /^1\.8\.[0-1]$/)
$stderr.puts "*** This version of ruby is not supported, please upgrade to 1.8.7+"
exit(0)
end
# Check for ruby 1.9.0 and throw a big nasty warning
if (RUBY_VERSION =~ /^1\.9\.0/)
$stderr.puts "*** Ruby 1.9.0 is not supported, please upgrade to Ruby 1.9.3 or newer."
exit(0)
end
# Check for ruby 1.9.1 and throw a warning
if (RUBY_VERSION =~ /^1\.9\.1/)
$stderr.puts "*** Ruby 1.9.1 is not supported, please upgrade to Ruby 1.9.3 or newer."
end
if(RUBY_PLATFORM == 'java')
require 'socket'
s = Socket.new(::Socket::AF_INET, ::Socket::SOCK_STREAM, ::Socket::IPPROTO_TCP)
@ -56,56 +26,3 @@ rescue ::LoadError
$stderr.puts "*** The ruby-openssl library is not installed, many features will be disabled!"
$stderr.puts "*** Examples: Meterpreter, SSL Sockets, SMB/NTLM Authentication, and more"
end
#
# Check for the ugly 1.8.7 short-named constants bug
#
class ConstBugTestA
Const = 'A'
def test
Const == 'A'
end
end
ConstBugTestC = ConstBugTestA.dup
class ConstBugTestB < ConstBugTestC
Const = 'B'
end
def ruby_187_const_bug
bugged = false
begin
ConstBugTestA.new.test()
ConstBugTestB.new.test()
rescue ::NameError
bugged = true
end
bugged
end
if(ruby_187_const_bug())
$stderr.puts ""
$stderr.puts "***********************************************************************"
$stderr.puts "*** *"
$stderr.puts "*** This version of the Ruby interpreter contains a serious bug *"
$stderr.puts "*** related to short-named constants, we strongly recommend that you *"
$stderr.puts "*** switch to a fixed version. Unfortunately, some Linux distros have *"
$stderr.puts "*** backported the buggy patch into 1.8.6, so you may need to contact *"
$stderr.puts "*** your vendor and ask them to review the URL below. *"
$stderr.puts "*** *"
$stderr.puts "*** Alternatively, you can download, build, and install the latest *"
$stderr.puts "*** stable snapshot of Ruby from the following URL: *"
$stderr.puts "*** - http://www.ruby-lang.org/ *"
$stderr.puts "*** *"
$stderr.puts "*** For more information, please see the following URL: *"
$stderr.puts "*** - https://bugs.launchpad.net/bugs/282302 *"
$stderr.puts "*** *"
$stderr.puts "***********************************************************************"
$stderr.puts ""
end

30
lib/msf/ui/console/command_dispatcher/core.rb
View File

@ -2178,10 +2178,15 @@ class Core
return true
end
if append
datastore[name] = datastore[name] + value
else
datastore[name] = value
begin
if append
datastore[name] = datastore[name] + value
else
datastore[name] = value
end
rescue OptionValidateError => e
print_error(e.message)
elog(e.message)
end
print_line("#{name} => #{datastore[name]}")
@ -2193,7 +2198,6 @@ class Core
# @param str [String] the string currently being typed before tab was hit
# @param words [Array<String>] the previously completed words on the command line. words is always
# at least 1 when tab completion has reached this stage since the command itself has been completed
def cmd_set_tabs(str, words)
# A value has already been specified
@ -2837,16 +2841,8 @@ class Core
# Returns the revision of the framework and console library
#
def cmd_version(*args)
svn_console_version = "$Revision: 15168 $"
svn_metasploit_version = Msf::Framework::Revision.match(/ (.+?) \$/)[1] rescue nil
if svn_metasploit_version
print_line("Framework: #{Msf::Framework::Version}.#{svn_metasploit_version}")
else
print_line("Framework: #{Msf::Framework::Version}")
end
print_line("Console : #{Msf::Framework::Version}.#{svn_console_version.match(/ (.+?) \$/)[1]}")
return true
print_line("Framework: #{Msf::Framework::Version}")
print_line("Console : #{Msf::Framework::Version}")
end
def cmd_grep_help
@ -3523,7 +3519,7 @@ class Core
next if not o
# handle a search string, search deep
if(
if (
not regex or
o.name.match(regex) or
o.description.match(regex) or
@ -3537,7 +3533,7 @@ class Core
mod_opt_keys = o.options.keys.map { |x| x.downcase }
opts.each do |opt,val|
if mod_opt_keys.include?(opt.downcase) == false or (val != nil and o.datastore[opt] != val)
if !mod_opt_keys.include?(opt.downcase) || (val != nil && o.datastore[opt] != val)
show = false
end
end

3
lib/msf/ui/console/command_dispatcher/exploit.rb
View File

@ -154,8 +154,7 @@ class Exploit
else
# If we didn't run a payload handler for this exploit it doesn't
# make sense to complain to the user that we didn't get a session
disable_handler = /^true$/i === mod.datastore["DisablePayloadHandler"] ? true : false
unless disable_handler
unless mod.datastore["DisablePayloadHandler"]
fail_msg = 'Exploit completed, but no session was created.'
print_status(fail_msg)
begin

10
lib/msf/ui/console/driver.rb
View File

@ -139,13 +139,13 @@ class Driver < Msf::Ui::Driver
self.disable_output = false
# Whether or not command passthru should be allowed
self.command_passthru = (opts['AllowCommandPassthru'] == false) ? false : true
self.command_passthru = opts.fetch('AllowCommandPassthru', true)
# Whether or not to confirm before exiting
self.confirm_exit = (opts['ConfirmExit'] == true) ? true : false
self.confirm_exit = opts['ConfirmExit']
# Disables "dangerous" functionality of the console
@defanged = opts['Defanged'] == true
@defanged = opts['Defanged']
# If we're defanged, then command passthru should be disabled
if @defanged
@ -570,7 +570,7 @@ class Driver < Msf::Ui::Driver
if (framework and framework.payloads.valid?(val) == false)
return false
elsif active_module.type == 'exploit' && !active_module.is_payload_compatible?(val)
elsif active_module && active_module.type == 'exploit' && !active_module.is_payload_compatible?(val)
return false
elsif (active_module)
active_module.datastore.clear_non_user_defined
@ -659,7 +659,7 @@ protected
def unknown_command(method, line)
[method, method+".exe"].each do |cmd|
if (command_passthru == true and Rex::FileUtils.find_full_path(cmd))
if command_passthru && Rex::FileUtils.find_full_path(cmd)
print_status("exec: #{line}")
print_line('')

4
lib/msf/util.rb
View File

@ -21,7 +21,3 @@ end
# Executable generation and encoding
require 'msf/util/exe'
# Parse SVN entries
require 'msf/util/svn'

120
lib/msf/util/svn.rb
View File

@ -1,120 +0,0 @@
# -*- coding: binary -*-
###
#
# framework-util-svn
# --------------
#
# The class provides methods for parsing the SVN information in the framework directory
#
###
require 'date'
module Msf
module Util
class SVN
def self.load_root
info = {}
path = ::File.join(::File.dirname(__FILE__), "..", "..", "..", ".svn", "entries")
if !::File.exists?(path)
return info
end
contents = ''
File.open(path, "rb") do |fd|
contents = fd.read(::File.size(path))
end
if contents.include? "<?xml"
require 'rexml/document'
rd = REXML::Document.new(contents).root
rd.elements.each { |e|
if e.attributes['name'] == ""
info[:root] = e.attributes['url']
info[:revision] = e.attributes['revision']
info[:updated] = e.attributes['committed-date']
break
end
}
else
ents = contents.split("\x0c")
ents[0].split("\n").each do |line|
line.strip!
next if line.empty?
case line
when /framework3/
info[:root] = line
when /^\d+$/
info[:revision] = line.to_i
when /^\d{4}-\d.*T/
info[:updated] = line
end
break if (info[:root] and info[:revision] and info[:updated])
end
end
info
end
def self.revision
@@info ||= load_root
@@info[:revision]
end
def self.updated
@@info ||= load_root
@@info[:updated]
end
def self.root
@@info ||= load_root
@@info[:root]
end
def self.days_since_update
@@info ||= load_root
svnt = @@info[:updated]
if(not svnt)
return
end
# Date.parse and Date.strptime are both broken beyond repair in
# ruby 1.8.6 and older. Just bail if the parsing doesn't work.
begin
diff = (Date.parse(Time.now.to_s) - Date.parse(svnt)).to_f
rescue ArgumentError
end
end
def self.last_updated_friendly
diff = self.days_since_update
case diff
when nil
"at an unknown date"
when -2.0 .. 1.0
"today"
when 1.0 .. 2.0
"yesterday"
else
if (diff.to_i > 7)
"%red#{diff.to_i} days ago%clr"
else
"#{diff.to_i} days ago"
end
end
end
def self.last_updated_date
@@info ||= load_root
svnt = @@info[:updated]
if(not svnt)
return
end
begin
Date.parse(@@info[:updated])
rescue ArgumentError
end
end
end
end
end

7
lib/rex/parser/nexpose_raw_nokogiri.rb
View File

@ -193,6 +193,13 @@ module Rex
vuln_instances = @report_data[:vuln][:matches].size
db.emit(:vuln, [refs.last,vuln_instances], &block) if block
# TODO: potential remove the size limit on this field, might require
# some additional UX
if @report_data[:vuln]['title'].length > 255
db.emit :warning, 'Vulnerability name longer than 255 characters, truncating.', &block if block
@report_data[:vuln]['title'] = @report_data[:vuln]['title'][0..254]
end
vuln_ids = @report_data[:vuln][:matches].map{ |v| v[0] }
vdet_ids = @report_data[:vuln][:matches].map{ |v| v[1] }

27
lib/rex/post/meterpreter/extensions/android/android.rb
View File

@ -295,6 +295,33 @@ class Android < Extension
end
networks
end
def sqlite_query(dbname, query, writeable)
request = Packet.create_request('sqlite_query')
request.add_tlv(TLV_TYPE_SQLITE_NAME, dbname)
request.add_tlv(TLV_TYPE_SQLITE_QUERY, query)
request.add_tlv(TLV_TYPE_SQLITE_WRITE, writeable)
response = client.send_request(request, 30)
error_msg = response.get_tlv(TLV_TYPE_SQLITE_ERROR)
raise "SQLiteException: #{error_msg.value}" if error_msg
unless writeable
result = {
columns: [],
rows: []
}
data = response.get_tlv(TLV_TYPE_SQLITE_RESULT_GROUP)
unless data.nil?
columns = data.get_tlv(TLV_TYPE_SQLITE_RESULT_COLS)
result[:columns] = columns.get_tlv_values(TLV_TYPE_SQLITE_VALUE)
data.each(TLV_TYPE_SQLITE_RESULT_ROW) do |row|
result[:rows] << row.get_tlv_values(TLV_TYPE_SQLITE_VALUE)
end
end
result
end
end
end
end
end

9
lib/rex/post/meterpreter/extensions/android/tlv.rb
View File

@ -81,6 +81,15 @@ TLV_TYPE_URI_STRING = TLV_META_TYPE_STRING | (TLV_EXTENSIONS
TLV_TYPE_ACTIVITY_START_RESULT = TLV_META_TYPE_BOOL | (TLV_EXTENSIONS + 9102)
TLV_TYPE_ACTIVITY_START_ERROR = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 9103)
TLV_TYPE_SQLITE_RESULT_GROUP = TLV_META_TYPE_GROUP | (TLV_EXTENSIONS + 9080)
TLV_TYPE_SQLITE_NAME = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 9081)
TLV_TYPE_SQLITE_QUERY = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 9082)
TLV_TYPE_SQLITE_RESULT_COLS = TLV_META_TYPE_GROUP | (TLV_EXTENSIONS + 9083)
TLV_TYPE_SQLITE_RESULT_ROW = TLV_META_TYPE_GROUP | (TLV_EXTENSIONS + 9084)
TLV_TYPE_SQLITE_VALUE = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 9085)
TLV_TYPE_SQLITE_ERROR = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 9086)
TLV_TYPE_SQLITE_WRITE = TLV_META_TYPE_BOOL | (TLV_EXTENSIONS + 9087)
TLV_TYPE_WALLPAPER_DATA = TLV_META_TYPE_RAW | (TLV_EXTENSIONS + 9201)
end

57
lib/rex/post/meterpreter/ui/console/command_dispatcher/android.rb
View File

@ -31,6 +31,7 @@ class Console::CommandDispatcher::Android
'wlan_geolocate' => 'Get current lat-long using WLAN information',
'interval_collect' => 'Manage interval collection capabilities',
'activity_start' => 'Start an Android activity from a Uri string',
'sqlite_query' => 'Query a SQLite database from storage',
'set_audio_mode' => 'Set Ringer Mode'
}
@ -45,6 +46,7 @@ class Console::CommandDispatcher::Android
'wlan_geolocate' => ['wlan_geolocate'],
'interval_collect' => ['interval_collect'],
'activity_start' => ['activity_start'],
'sqlite_query' => ['sqlite_query'],
'set_audio_mode' => ['set_audio_mode']
}
@ -189,7 +191,7 @@ class Console::CommandDispatcher::Android
path = "sms_dump_#{Time.new.strftime('%Y%m%d%H%M%S')}.txt"
dump_sms_opts = Rex::Parser::Arguments.new(
'-h' => [ false, 'Help Banner' ],
'-o' => [ false, 'Output path for sms list']
'-o' => [ true, 'Output path for sms list']
)
dump_sms_opts.parse(args) do |opt, _idx, val|
@ -277,7 +279,7 @@ class Console::CommandDispatcher::Android
dump_contacts_opts = Rex::Parser::Arguments.new(
'-h' => [ false, 'Help Banner' ],
'-o' => [ false, 'Output path for contacts list']
'-o' => [ true, 'Output path for contacts list']
)
dump_contacts_opts.parse(args) do |opt, _idx, val|
@ -381,7 +383,7 @@ class Console::CommandDispatcher::Android
dump_calllog_opts = Rex::Parser::Arguments.new(
'-h' => [ false, 'Help Banner' ],
'-o' => [ false, 'Output path for call log']
'-o' => [ true, 'Output path for call log']
)
@ -578,6 +580,55 @@ class Console::CommandDispatcher::Android
end
end
def cmd_sqlite_query(*args)
sqlite_query_opts = Rex::Parser::Arguments.new(
'-h' => [ false, 'Help Banner' ],
'-d' => [ true, 'The sqlite database file'],
'-q' => [ true, 'The sqlite statement to execute'],
'-w' => [ false, 'Open the database in writable mode (for INSERT/UPDATE statements)']
)
writeable = false
database = ''
query = ''
sqlite_query_opts.parse(args) do |opt, _idx, val|
case opt
when '-h'
print_line("Usage: sqlite_query -d <database_file> -q <statement>\n")
print_line(sqlite_query_opts.usage)
return
when '-d'
database = val
when '-q'
query = val
when '-w'
writeable = true
end
end
if database.blank? || query.blank?
print_error("You must enter both a database files and a query")
print_error("e.g. sqlite_query -d /data/data/com.android.browser/databases/webviewCookiesChromium.db -q 'SELECT * from cookies'")
print_line(sqlite_query_opts.usage)
return
end
result = client.android.sqlite_query(database, query, writeable)
unless writeable
header = "#{query} on database file #{database}"
table = Rex::Ui::Text::Table.new(
'Header' => header,
'Columns' => result[:columns],
'Indent' => 0
)
result[:rows].each do |e|
table << e
end
print_line
print_line(table.to_s)
end
end
#
# Name for this dispatcher
#

7
lib/rex/socket/ssl_tcp.rb
View File

@ -65,7 +65,7 @@ begin
when 'SSL2', :SSLv2
version = :SSLv2
# 'TLS' will be the new name for autonegotation with newer versions of OpenSSL
when 'SSL23', :SSLv23, 'TLS'
when 'SSL23', :SSLv23, 'TLS', 'Auto'
version = :SSLv23
when 'SSL3', :SSLv3
version = :SSLv3
@ -124,6 +124,11 @@ begin
# Tie the context to a socket
self.sslsock = OpenSSL::SSL::SSLSocket.new(self, self.sslctx)
# If peerhost looks like a hostname, set the undocumented 'hostname'
# attribute on sslsock, which enables the Server Name Indication (SNI)
# extension
self.sslsock.hostname = self.peerhost if !Rex::Socket.dotted_ip?(self.peerhost)
# Force a negotiation timeout
begin
Timeout.timeout(params.timeout) do

2
metasploit-framework.gemspec
View File

@ -70,7 +70,7 @@ Gem::Specification.new do |spec|
# are needed when there's no database
spec.add_runtime_dependency 'metasploit-model', '1.1.0'
# Needed for Meterpreter
spec.add_runtime_dependency 'metasploit-payloads', '1.1.2'
spec.add_runtime_dependency 'metasploit-payloads', '1.1.3'
# Needed by msfgui and other rpc components
spec.add_runtime_dependency 'msgpack'
# get list of network interfaces, like eth* from OS.

2
modules/auxiliary/admin/2wire/xslt_password_reset.rb
View File

@ -5,7 +5,7 @@
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient

2
modules/auxiliary/admin/android/google_play_store_uxss_xframe_rce.rb
View File

@ -5,7 +5,7 @@
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpServer::HTML
include Msf::Auxiliary::Report

2
modules/auxiliary/admin/appletv/appletv_display_image.rb
View File

@ -5,7 +5,7 @@
require 'msf/core'
class Metasploit4 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient

2
modules/auxiliary/admin/appletv/appletv_display_video.rb
View File

@ -6,7 +6,7 @@
require 'msf/core'
require 'uri'
class Metasploit4 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient

2
modules/auxiliary/admin/atg/atg_client.rb
View File

@ -6,7 +6,7 @@
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Auxiliary::Report
include Msf::Exploit::Remote::Tcp
include Msf::Auxiliary::Scanner

2
modules/auxiliary/admin/backupexec/dump.rb
View File

@ -7,7 +7,7 @@
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::NDMP

2
modules/auxiliary/admin/backupexec/registry.rb
View File

@ -7,7 +7,7 @@
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::DCERPC
include ::Rex::Platforms::Windows

2
modules/auxiliary/admin/chromecast/chromecast_reset.rb
View File

@ -5,7 +5,7 @@
require 'msf/core'
class Metasploit4 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient

2
modules/auxiliary/admin/chromecast/chromecast_youtube.rb
View File

@ -5,7 +5,7 @@
require 'msf/core'
class Metasploit4 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient

2
modules/auxiliary/admin/cisco/cisco_secure_acs_bypass.rb
View File

@ -5,7 +5,7 @@
require 'msf/core'
class Metasploit4 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::Report

2
modules/auxiliary/admin/cisco/vpn_3000_ftp_bypass.rb
View File

@ -7,7 +7,7 @@
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::Tcp

2
modules/auxiliary/admin/db2/db2rcmd.rb
View File

@ -5,7 +5,7 @@
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::SMB::Client

2
modules/auxiliary/admin/edirectory/edirectory_dhost_cookie.rb
View File

@ -7,7 +7,7 @@
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::Tcp

2
modules/auxiliary/admin/edirectory/edirectory_edirutil.rb
View File

@ -5,7 +5,7 @@
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::Tcp
include Msf::Exploit::Remote::HttpClient

2
modules/auxiliary/admin/emc/alphastor_devicemanager_exec.rb
View File

@ -6,7 +6,7 @@
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::Tcp

2
modules/auxiliary/admin/emc/alphastor_librarymanager_exec.rb
View File

@ -6,7 +6,7 @@
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::Tcp

2
modules/auxiliary/admin/firetv/firetv_youtube.rb
View File

@ -5,7 +5,7 @@
require 'msf/core'
class Metasploit4 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient

2
modules/auxiliary/admin/hp/hp_data_protector_cmd.rb
View File

@ -5,7 +5,7 @@
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::Tcp

2
modules/auxiliary/admin/hp/hp_imc_som_create_account.rb
View File

@ -5,7 +5,7 @@
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Auxiliary::Report
include Msf::Exploit::Remote::HttpClient

2
modules/auxiliary/admin/http/arris_motorola_surfboard_backdoor_xss.rb
View File

@ -5,7 +5,7 @@
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpServer::HTML
include Msf::Auxiliary::Report

2
modules/auxiliary/admin/http/axigen_file_access.rb
View File

@ -5,7 +5,7 @@
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient

2
modules/auxiliary/admin/http/cfme_manageiq_evm_pass_reset.rb
View File

@ -8,7 +8,7 @@ require 'bcrypt'
require 'digest'
require 'openssl'
class Metasploit4 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient

2
modules/auxiliary/admin/http/contentkeeper_fileaccess.rb
View File

@ -5,7 +5,7 @@
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::Scanner

2
modules/auxiliary/admin/http/dlink_dir_300_600_exec_noauth.rb
View File

@ -5,7 +5,7 @@
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient

2
modules/auxiliary/admin/http/dlink_dir_645_password_extractor.rb
View File

@ -5,7 +5,7 @@
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::Report

2
modules/auxiliary/admin/http/dlink_dsl320b_password_extractor.rb
View File

@ -5,7 +5,7 @@
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::Report

2
modules/auxiliary/admin/http/foreman_openstack_satellite_priv_esc.rb
View File

@ -5,7 +5,7 @@
require 'msf/core'
class Metasploit4 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient

2
modules/auxiliary/admin/http/hp_web_jetadmin_exec.rb
View File

@ -7,7 +7,7 @@
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient

2
modules/auxiliary/admin/http/iis_auth_bypass.rb
View File

@ -5,7 +5,7 @@
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient

2
modules/auxiliary/admin/http/intersil_pass_reset.rb
View File

@ -5,7 +5,7 @@
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient

2
modules/auxiliary/admin/http/iomega_storcenterpro_sessionid.rb
View File

@ -6,7 +6,7 @@
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient

2
modules/auxiliary/admin/http/jboss_bshdeployer.rb
View File

@ -5,7 +5,7 @@
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HTTP::JBoss

2
modules/auxiliary/admin/http/jboss_deploymentfilerepository.rb
View File

@ -5,7 +5,7 @@
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HTTP::JBoss

2
modules/auxiliary/admin/http/jboss_seam_exec.rb
View File

@ -5,7 +5,7 @@
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient

2
modules/auxiliary/admin/http/kaseya_master_admin.rb
View File

@ -5,7 +5,7 @@
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::Report

2
modules/auxiliary/admin/http/katello_satellite_priv_esc.rb
View File

@ -5,7 +5,7 @@
require 'msf/core'
class Metasploit4 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient

2
modules/auxiliary/admin/http/limesurvey_file_download.rb
View File

@ -8,7 +8,7 @@ require 'msf/core'
# for extracting files
require 'zip'
class Metasploit3 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Auxiliary::Report
include Msf::Exploit::Remote::HttpClient

2
modules/auxiliary/admin/http/linksys_e1500_e2500_exec.rb
View File

@ -5,7 +5,7 @@
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient

2
modules/auxiliary/admin/http/linksys_tmunblock_admin_reset_bof.rb
View File

@ -5,7 +5,7 @@
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient

2
modules/auxiliary/admin/http/linksys_wrt54gl_exec.rb
View File

@ -5,7 +5,7 @@
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient

2
modules/auxiliary/admin/http/manage_engine_dc_create_admin.rb
View File

@ -5,7 +5,7 @@
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::Report

2
modules/auxiliary/admin/http/manageengine_dir_listing.rb
View File

@ -5,7 +5,7 @@
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Auxiliary::Report
include Msf::Exploit::Remote::HttpClient

2
modules/auxiliary/admin/http/manageengine_file_download.rb
View File

@ -5,7 +5,7 @@
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Auxiliary::Report
include Msf::Exploit::Remote::HttpClient

2
modules/auxiliary/admin/http/manageengine_pmp_privesc.rb
View File

@ -5,7 +5,7 @@
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::Report

2
modules/auxiliary/admin/http/mutiny_frontend_read_delete.rb
View File

@ -5,7 +5,7 @@
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient

2
modules/auxiliary/admin/http/netflow_file_download.rb
View File

@ -5,7 +5,7 @@
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Auxiliary::Report
include Msf::Exploit::Remote::HttpClient

2
modules/auxiliary/admin/http/netgear_auth_download.rb
View File

@ -5,7 +5,7 @@
require 'msf/core'
class Metasploit4 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Auxiliary::Report
include Msf::Exploit::Remote::HttpClient

2
modules/auxiliary/admin/http/netgear_soap_password_extractor.rb
View File

@ -5,7 +5,7 @@
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::Report

2
modules/auxiliary/admin/http/nexpose_xxe_file_read.rb
View File

@ -6,7 +6,7 @@
require 'msf/core'
require 'rapid7/nexpose'
class Metasploit4 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::Report

2
modules/auxiliary/admin/http/novell_file_reporter_filedelete.rb
View File

@ -5,7 +5,7 @@
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient

Some files were not shown because too many files have changed in this diff Show More