Merge branch 'master' of https://github.com/rapid7/metasploit-framework into jtrout

Gemfile.lock

@@ -21,7 +21,7 @@ PATH
       metasploit-concern
       metasploit-credential
       metasploit-model
-      metasploit-payloads (= 1.3.62)
+      metasploit-payloads (= 1.3.65)
       metasploit_data_models
       metasploit_payloads-mettle (= 0.5.7)
       mqtt
@@ -177,7 +177,7 @@ GEM
       activemodel (~> 4.2.6)
       activesupport (~> 4.2.6)
       railties (~> 4.2.6)
-    metasploit-payloads (1.3.62)
+    metasploit-payloads (1.3.65)
     metasploit_data_models (3.0.8)
       activerecord (~> 4.2.6)
       activesupport (~> 4.2.6)

data/wordlists/ipmi_users.txt

@@ -4,3 +4,4 @@ root
 Administrator
 USERID
 guest
+Admin

db/modules_metadata_base.json

@@ -7081,7 +7081,7 @@
 
     ],
     "targets": null,
-    "mod_time": "2019-02-03 10:24:05 +0000",
+    "mod_time": "2019-03-21 20:54:32 +0000",
     "path": "/modules/auxiliary/analyze/apply_pot.rb",
     "is_install_path": true,
     "ref_name": "analyze/apply_pot",
@@ -7115,7 +7115,7 @@
 
     ],
     "targets": null,
-    "mod_time": "2019-01-30 16:24:05 +0000",
+    "mod_time": "2019-03-21 20:54:32 +0000",
     "path": "/modules/auxiliary/analyze/jtr_aix.rb",
     "is_install_path": true,
     "ref_name": "analyze/jtr_aix",
@@ -7149,7 +7149,7 @@
 
     ],
     "targets": null,
-    "mod_time": "2019-01-30 16:24:05 +0000",
+    "mod_time": "2019-03-21 20:54:32 +0000",
     "path": "/modules/auxiliary/analyze/jtr_linux.rb",
     "is_install_path": true,
     "ref_name": "analyze/jtr_linux",
@@ -7183,7 +7183,7 @@
 
     ],
     "targets": null,
-    "mod_time": "2019-01-30 16:24:05 +0000",
+    "mod_time": "2019-03-21 20:54:32 +0000",
     "path": "/modules/auxiliary/analyze/jtr_mssql_fast.rb",
     "is_install_path": true,
     "ref_name": "analyze/jtr_mssql_fast",
@@ -7217,7 +7217,7 @@
 
     ],
     "targets": null,
-    "mod_time": "2019-01-30 16:24:05 +0000",
+    "mod_time": "2019-03-21 20:54:32 +0000",
     "path": "/modules/auxiliary/analyze/jtr_mysql_fast.rb",
     "is_install_path": true,
     "ref_name": "analyze/jtr_mysql_fast",
@@ -7251,7 +7251,7 @@
 
     ],
     "targets": null,
-    "mod_time": "2019-02-03 14:31:58 +0000",
+    "mod_time": "2019-03-21 20:54:32 +0000",
     "path": "/modules/auxiliary/analyze/jtr_oracle_fast.rb",
     "is_install_path": true,
     "ref_name": "analyze/jtr_oracle_fast",
@@ -7284,7 +7284,7 @@
 
     ],
     "targets": null,
-    "mod_time": "2019-01-30 16:24:05 +0000",
+    "mod_time": "2019-03-21 20:54:32 +0000",
     "path": "/modules/auxiliary/analyze/jtr_postgres_fast.rb",
     "is_install_path": true,
     "ref_name": "analyze/jtr_postgres_fast",
@@ -7317,7 +7317,7 @@
 
     ],
     "targets": null,
-    "mod_time": "2019-01-30 16:24:05 +0000",
+    "mod_time": "2019-03-21 20:54:32 +0000",
     "path": "/modules/auxiliary/analyze/jtr_windows_fast.rb",
     "is_install_path": true,
     "ref_name": "analyze/jtr_windows_fast",

documentation/modules/auxiliary/analyze/apply_pot.md

@@ -29,6 +29,11 @@
    records cracked password hashes.  Kali linux's default location is `/root/.john/john.pot`.
    Default is `~/.msf4/john.pot`.
 
+   **DeleteTempFiles**
+
+   This option will prevent deletion of the wordlist and file containing hashes.  This may be useful for
+   running the hashes through john if it wasn't cracked, or for debugging. Default is `false`.
+
 ## Scenarios
 
 In this scenario, we fill a bunch of different hash types into the creds db.  You'll need a

documentation/modules/auxiliary/analyze/jtr_aix.md

@@ -28,6 +28,11 @@
    The path to an optional custom wordlist.  This file is added to the new wordlist which may include the other
    `USE` items like `USE_CREDS`, and have `MUTATE` or `KORELOGIC` applied to it.
 
+   **DeleteTempFiles**
+
+   This option will prevent deletion of the wordlist and file containing hashes.  This may be useful for
+   running the hashes through john if it wasn't cracked, or for debugging. Default is `false`.
+
    **ITERATION_TIMEOUT**
 
    The max-run-time for each iteration of cracking

documentation/modules/auxiliary/analyze/jtr_linux.md

@@ -36,6 +36,11 @@
 
    Include `blowfish` and `SHA`(256/512) passwords.
 
+   **DeleteTempFiles**
+
+   This option will prevent deletion of the wordlist and file containing hashes.  This may be useful for
+   running the hashes through john if it wasn't cracked, or for debugging. Default is `false`.
+
    **CUSTOM_WORDLIST**
 
    The path to an optional custom wordlist.  This file is added to the new wordlist which may include the other

documentation/modules/auxiliary/analyze/jtr_mssql_fast.md

@@ -30,6 +30,11 @@
    The path to an optional custom wordlist.  This file is added to the new wordlist which may include the other
    `USE` items like `USE_CREDS`, and have `MUTATE` or `KORELOGIC` applied to it.
 
+   **DeleteTempFiles**
+
+   This option will prevent deletion of the wordlist and file containing hashes.  This may be useful for
+   running the hashes through john if it wasn't cracked, or for debugging. Default is `false`.
+
    **ITERATION_TIMEOUT**
 
    The max-run-time for each iteration of cracking

documentation/modules/auxiliary/analyze/jtr_mysql_fast.md

@@ -29,6 +29,11 @@
    The path to an optional custom wordlist.  This file is added to the new wordlist which may include the other
    `USE` items like `USE_CREDS`, and have `MUTATE` or `KORELOGIC` applied to it.
 
+   **DeleteTempFiles**
+
+   This option will prevent deletion of the wordlist and file containing hashes.  This may be useful for
+   running the hashes through john if it wasn't cracked, or for debugging. Default is `false`.
+
    **ITERATION_TIMEOUT**
 
    The max-run-time for each iteration of cracking

documentation/modules/auxiliary/analyze/jtr_oracle_fast.md

@@ -37,6 +37,11 @@
    The path to an optional custom wordlist.  This file is added to the new wordlist which may include the other
    `USE` items like `USE_CREDS`, and have `MUTATE` or `KORELOGIC` applied to it.
 
+   **DeleteTempFiles**
+
+   This option will prevent deletion of the wordlist and file containing hashes.  This may be useful for
+   running the hashes through john if it wasn't cracked, or for debugging. Default is `false`.
+
    **ITERATION_TIMEOUT**
 
    The max-run-time for each iteration of cracking

documentation/modules/auxiliary/analyze/jtr_postgres_fast.md

@@ -32,6 +32,11 @@
    The path to an optional custom wordlist.  This file is added to the new wordlist which may include the other
    `USE` items like `USE_CREDS`, and have `MUTATE` or `KORELOGIC` applied to it.
 
+   **DeleteTempFiles**
+
+   This option will prevent deletion of the wordlist and file containing hashes.  This may be useful for
+   running the hashes through john if it wasn't cracked, or for debugging. Default is `false`.
+
    **ITERATION_TIMEOUT**
 
    The max-run-time for each iteration of cracking

documentation/modules/auxiliary/analyze/jtr_windows_fast.md

@@ -29,6 +29,11 @@
    The path to an optional custom wordlist.  This file is added to the new wordlist which may include the other
    `USE` items like `USE_CREDS`, and have `MUTATE` or `KORELOGIC` applied to it.
 
+   **DeleteTempFiles**
+
+   This option will prevent deletion of the wordlist and file containing hashes.  This may be useful for
+   running the hashes through john if it wasn't cracked, or for debugging. Default is `false`.
+
    **ITERATION_TIMEOUT**
 
    The max-run-time for each iteration of cracking

lib/msf/core/auxiliary/jtr.rb

@@ -41,6 +41,11 @@ module Auxiliary::JohnTheRipper
       ], Msf::Auxiliary::JohnTheRipper
     )
 
+    register_advanced_options(
+      [
+        OptBool.new('DeleteTempFiles',    [false, 'Delete temporary wordlist and hash files', true])
+      ], Msf::Auxiliary::JohnTheRipper
+    )
   end
 
   # @param pwd [String] Password recovered from cracking an LM hash

lib/msf/ui/console/command_dispatcher/core.rb

@@ -697,6 +697,7 @@ class Core
     print_line
     print_line "Loads a plugin from the supplied path."
     print_line "For a list of built-in plugins, do: load -l"
+    print_line "For a list of loaded plugins, do: load -s"
     print_line "The optional var=val options are custom parameters that can be passed to plugins."
     print_line
   end
@@ -767,6 +768,8 @@ class Core
       list_plugins
     when '-h', nil, ''
       cmd_load_help
+    when '-s'
+      framework.plugins.each{ |p| print_line p.name }
     else
       load_plugin(args)
     end
@@ -800,8 +803,8 @@ class Core
     else
       tabs += tab_complete_filenames(str,words)
     end
-    return tabs.map{|e| e.sub(/.rb/, '')}
 
+    return tabs.map{|e| e.sub(/\.rb/, '')} - framework.plugins.map(&:name)
   end
 
   def cmd_route_help

metasploit-framework.gemspec

@@ -70,7 +70,7 @@ Gem::Specification.new do |spec|
   # are needed when there's no database
   spec.add_runtime_dependency 'metasploit-model'
   # Needed for Meterpreter
-  spec.add_runtime_dependency 'metasploit-payloads', '1.3.62'
+  spec.add_runtime_dependency 'metasploit-payloads', '1.3.65'
   # Needed for the next-generation POSIX Meterpreter
   spec.add_runtime_dependency 'metasploit_payloads-mettle', '0.5.7'
   # Needed by msfgui and other rpc components

modules/auxiliary/analyze/apply_pot.rb

@@ -157,8 +157,10 @@ class MetasploitModule < Msf::Auxiliary
         end
       end
     end
-    cleanup_files.each do |f|
-      File.delete(f)
+    if datastore['DeleteTempFiles']
+      cleanup_files.each do |f|
+        File.delete(f)
+      end
     end
   end
 end

modules/auxiliary/analyze/jtr_aix.rb

@@ -87,8 +87,10 @@ class MetasploitModule < Msf::Auxiliary
         create_cracked_credential( username: username, password: password, core_id: core_id)
       end
     end
-    cleanup_files.each do |f|
-      File.delete(f)
+    if datastore['DeleteTempFiles']
+      cleanup_files.each do |f|
+        File.delete(f)
+      end
     end
   end
 

modules/auxiliary/analyze/jtr_linux.rb

@@ -88,8 +88,10 @@ class MetasploitModule < Msf::Auxiliary
         create_cracked_credential( username: username, password: password, core_id: core_id)
       end
     end
-    cleanup_files.each do |f|
-      File.delete(f)
+    if datastore['DeleteTempFiles']
+      cleanup_files.each do |f|
+        File.delete(f)
+      end
     end
   end
 

modules/auxiliary/analyze/jtr_mssql_fast.rb

@@ -87,8 +87,10 @@ class MetasploitModule < Msf::Auxiliary
         create_cracked_credential( username: username, password: password, core_id: core_id)
       end
     end
-    cleanup_files.each do |f|
-      File.delete(f)
+    if datastore['DeleteTempFiles']
+      cleanup_files.each do |f|
+        File.delete(f)
+      end
     end
   end
 

modules/auxiliary/analyze/jtr_mysql_fast.rb

@@ -85,8 +85,10 @@ class MetasploitModule < Msf::Auxiliary
         create_cracked_credential( username: username, password: password, core_id: core_id)
       end
     end
-    cleanup_files.each do |f|
-      File.delete(f)
+    if datastore['DeleteTempFiles']
+      cleanup_files.each do |f|
+        File.delete(f)
+      end
     end
   end
 

modules/auxiliary/analyze/jtr_oracle_fast.rb

@@ -86,8 +86,10 @@ class MetasploitModule < Msf::Auxiliary
         create_cracked_credential( username: username, password: password, core_id: core_id)
       end
     end
-    cleanup_files.each do |f|
-      File.delete(f)
+    if datastore['DeleteTempFiles']
+      cleanup_files.each do |f|
+        File.delete(f)
+      end
     end
   end
 

modules/auxiliary/analyze/jtr_postgres_fast.rb

@@ -124,8 +124,10 @@ class MetasploitModule < Msf::Auxiliary
         end
       end
     end
-    cleanup_files.each do |f|
-      File.delete(f)
+    if datastore['DeleteTempFiles']
+      cleanup_files.each do |f|
+        File.delete(f)
+      end
     end
   end
 

modules/auxiliary/analyze/jtr_windows_fast.rb

@@ -127,8 +127,10 @@ class MetasploitModule < Msf::Auxiliary
         create_cracked_credential( username: username, password: password, core_id: core_id)
       end
     end
-    cleanup_files.each do |f|
-      File.delete(f)
+    if datastore['DeleteTempFiles']
+      cleanup_files.each do |f|
+        File.delete(f)
+      end
     end
   end