infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
35,575 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

7342 Commits (0182f394b484477f67adb7df57254efa9b81e380)

Author SHA1 Message Date
Brent Cook 98f6c7f01f
Land #5857, use correct deserialization for hosts data 2015-08-17 17:33:07 -05:00
William Vu 0bb01c8b6b Fix nil bug with an empty database.yml 
Use an empty hash instead of false.
 2015-08-17 14:45:11 -05:00
jvazquez-r7 0aa958dac0
Allow unserialization on hosts v5 2015-08-17 13:47:52 -05:00
jvicente a9ad7b7c6f Modifications to use cmd_exec instead of session.shell_write. 
Refactoring of common functions to a new Post mixin /lib/msf/core/post/linux/busybox.rb.
 2015-08-17 18:24:22 +02:00
Brent Cook bf631869a7
Land #5835, allow overriding stage2 lhost and lport values 2015-08-16 11:22:13 -05:00
Brent Cook 92958bdf8b prefer && to 'and' for consistent order-of-operations 2015-08-16 11:21:22 -05:00
Brent Cook ad149a1aec
Land #5819, update stage_payload call arguments 2015-08-16 11:17:28 -05:00
Brent Cook 5dd015150c
Land #5748, refactor google geolocate, add wlan_geolocate and send_sms to android meterpreter 2015-08-16 10:58:17 -05:00
Brent Cook 875ac289e0 wait up to time_out seconds for output from the command 2015-08-15 19:44:48 -05:00
Brent Cook 470779aae7 some doc fixes 2015-08-14 16:36:41 -05:00
jvazquez-r7 f25a5da46f
Do Minor fixes 2015-08-14 12:37:49 -05:00
Brent Cook 6b1e911041 Instantiate payload modules so parameter validation occurs 
Calling .new on payload modules does not perform parameter validation, leading
to a number cached sizes based on invalid parameters. Most notably,
normalization does not occur either, which makes all OptBool params default to
true.
 2015-08-14 11:35:39 -05:00
Jon Hart c257f8945b
Don't use now-removed files 2015-08-13 11:51:39 -07:00
Jon Hart 92d0e212d9
Update Auxiliary::UDPScanner to collect all responses by default 2015-08-13 11:30:20 -07:00
Jon Hart 61e23ad23e
Switch back to ::Net::DNS::Packet.new 2015-08-13 11:29:56 -07:00
Jon Hart 3a7cea51b4
Merge master and fix Net::DNS::RR merge conflicts 2015-08-13 08:53:25 -07:00
HD Moore 6e75db090f Fix comment 2015-08-12 21:11:48 -05:00
HD Moore e9203060b0 Allow the hostname and port to be overridden, necessary for complex NAT setups 2015-08-12 16:20:14 -05:00
Greg Mikeska 790356bac8
add infer_vuln_from_session to other valid case 
MSP-13065
 2015-08-12 15:45:37 -05:00
Greg Mikeska 01b3ae2dd8 Revert "added infer_vuln_from_session to other valid case" 
This reverts commit 53e747ce2e.
 2015-08-12 15:43:16 -05:00
Greg Mikeska 53e747ce2e
added infer_vuln_from_session to other valid case 
MSP-13064
 2015-08-12 15:35:03 -05:00
Mo Sadek 802e35ff67 YARD Documentation for EXE.rb 2015-08-11 11:48:35 -05:00
OJ e141d1451c Fix calls to stage_payload 2015-08-10 09:33:38 +10:00
Meatballs ef33f36bda
Remove untrusted il 2015-08-01 23:20:00 +01:00
Meatballs 2d9bc64457
Fix WMIC Post Library for SYSTEM 
SYSTEM doesn't have a proper clipboard?
 2015-08-01 23:11:09 +01:00
Meatballs 5bcb63476d
Add high integrity level check 2015-08-01 23:10:51 +01:00
William Vu fcb7981199 Add BIND TKEY DoS 2015-08-01 06:01:35 -05:00
wchen-r7 629afd86fc
Land #5788, local exploit suggestor 
Good luck getting Mr. Robot, Elliot.
 2015-07-31 11:43:53 -05:00
jvazquez-r7 a112ccd023
Lnad #5660, @wchen-r7's warbird check 
* Fixes #4380
 2015-07-31 10:25:43 -05:00
wchen-r7 08338b73b2 Add get_target_arch and get_target_os 
We cannot use session.platform to fingerprint the target's platform
and arch, because it's not really meant to be used that way.
 2015-07-30 18:26:41 -05:00
William Vu 61b2ca6675
Land #5781, Msf::Format::Webarchive rename 2015-07-29 13:38:42 -05:00
William Vu 5ff46a5dbd Fix indentation 2015-07-29 11:45:49 -05:00
HD Moore bf96b34108 Tweak module->class 2015-07-28 04:13:35 -07:00
HD Moore 7681d73e01 Relocate Webarchive into the Exploit namespace, fixes #5717 2015-07-28 04:11:17 -07:00
wchen-r7 768de00214 Automatically pass arch & platform from cmdstager 
This allows the cmdstager mixin to automatically pass the arch
and platform information without changing the modules. This should
address the following tickets:

Fix #5727
Fix #5718
Fix #5761
 2015-07-27 14:17:21 -05:00
Brent Cook eb70ecb448
Land #5752, synchronize calls to payload.stop_handler 2015-07-24 17:49:54 -05:00
Brent Cook 347f48b0ec
Land #5762, adjust PHP stager to work in and outside of eval() 2015-07-24 17:43:26 -05:00
Brent Cook c30127cfe8
Land #5729, add user-agent list, MeterpreterUserAgent derives from this 
Later PRs will convert modules to use this. A random user agent might be nice
for meterpreter actually.
 2015-07-24 17:39:30 -05:00
jvazquez-r7 18636e3b9b
Land #5739, @wchen-r7 fixes #5738 updating L/URI HOST/PORT options 2015-07-24 15:45:31 -05:00
wchen-r7 75d59be87d Resolve #5753, Support Origin for the creds command 
Resolve #5753. Add an Origin column and allow the user to search
by origin.
 2015-07-24 14:04:23 -05:00
William Vu 1f95491b45 Drop bang method and tweak formatting 2015-07-24 10:35:47 -05:00
wchen-r7 6720a57659 Fix #5761, pass the correct arch and platform for exe generation 
Fix #5761
 2015-07-23 01:34:44 -05:00
OJ 0929d7695a Fix PHP stagers 2015-07-23 14:50:04 +10:00
William Vu fe67be0ece
Land #5734, notes -o 2015-07-22 13:52:40 -05:00
OJ 121fe1adda
Land #5654 : Python Meterpreter Transport 2015-07-22 10:39:06 +10:00
jvazquez-r7 a59fa059dc
Fix #5675 Synchronize access to stop_handler 2015-07-20 16:09:13 -05:00
jvazquez-r7 035c0a8a38
Fix #5078 by improving actual_timeout calculation 2015-07-20 11:27:48 -05:00
jvazquez-r7 1a9664fcba
Delete default option 2015-07-20 09:54:51 -05:00
wchen-r7 da445a52aa Update URIHOST and URIPORT 2015-07-16 14:27:46 -05:00
wchen-r7 1fdbcc71c1 Support URIHOST and URIPORT for exploit URI generation 2015-07-16 14:10:49 -05:00
xistence 7f05403ae0 Added certutil cmdstager 2015-07-16 13:20:05 +07:00
wchen-r7 73fd4bd853 Allow the notes command to save notes as a file 
The -o option can save notes as a file.
 2015-07-16 00:28:15 -05:00
wchen-r7 18ca617c23
Land #5649, Fix undefined sysinfo method error in meterpreter.rb 2015-07-15 23:27:02 -05:00
jvazquez-r7 886ca47dfb
Land #5650, @wchen-r7's browser autopwn 2 2015-07-15 10:21:44 -05:00
OJ b6e25506d0 Add a common user agent list, use the shortest for Meterpreter 2015-07-15 13:03:47 +10:00
wchen-r7 4f8f640189 Rename autopwnv2 to just autopwn2 2015-07-14 17:38:51 -05:00
jvazquez-r7 709676e6cc
Make exploits quiet 2015-07-14 17:00:44 -05:00
wchen-r7 219d0032fa Do print_good to make this important stand up more 2015-07-14 15:36:35 -05:00
wchen-r7 1992a5648d Make up our damn mind 2015-07-14 15:09:23 -05:00
wchen-r7 d64f4be691 Check if URIPORT is 0 2015-07-14 14:45:10 -05:00
wchen-r7 5e63b5f93e Can't use cli 2015-07-14 14:37:45 -05:00
wchen-r7 cf714fe4aa Change port logic too 2015-07-14 14:19:00 -05:00
wchen-r7 61d49f29e8 Check nil for SRVHOST option 2015-07-14 14:16:49 -05:00
wchen-r7 8efb4df8af Change the HOST IP logic again 2015-07-14 14:15:32 -05:00
wchen-r7 9980e8f285 Change SRVHOST vs URIHOST vs Rex again 2015-07-14 14:06:33 -05:00
wchen-r7 f76fe07872 Fix SRVHOST 2015-07-14 13:49:28 -05:00
William Vu 9be030bbff Fix nil in executable generation 2015-07-14 18:47:33 +00:00
wchen-r7 9dddb13d0b Slow down on killing exploits 
Jobs aren't thread safe, so we kind of have to take it easy.
 2015-07-14 13:10:57 -05:00
wchen-r7 2264efac15 Reduce output 2015-07-14 12:22:38 -05:00
HD Moore 100d3c8d46 A number of small fixes for BAPv2 
* Use module.register_parent() to pass WORKSPACE and other fields
* Prevent partial resource matching in URIs
* Make disclosure_date sorting resilient
 2015-07-14 11:40:28 -05:00
Samuel Huckins 60444c208b
Land #5658, MSF version includes git hash now 2015-07-14 09:21:25 -05:00
wchen-r7 0582e7e3ca Return nil instead of "null" 
A scenario is when FF disables Flash, BES returns "null", and when
modules try to use Gem::Version, the "null" is considered a malformed
data and it won't be able to continue.
 2015-07-14 01:25:41 -05:00
wchen-r7 8384be6466 Fix rand_text_alpha and bump max exploit count to 21 2015-07-14 01:02:01 -05:00
wchen-r7 d6565a9aee Merge branch 'bes_flash' into bapv2_flash_test 2015-07-14 00:34:54 -05:00
jvazquez-r7 8fb6bedd94
Delete as3 detecotr 2015-07-13 18:23:39 -05:00
jvazquez-r7 8928c5529c
Fix Javascript code 2015-07-13 17:43:04 -05:00
jvazquez-r7 244d9bae64
Add max timeout 2015-07-13 16:52:25 -05:00
jvazquez-r7 9116460cb0
Add prototype with AS3 2015-07-13 16:33:55 -05:00
Brent Cook 07d05828d0
Land #5688, remove msfcli 2015-07-13 15:27:38 -05:00
William Vu 93f154b395
Land #5695, SMTPDeliver STARTTLS unspecific SSL 2015-07-13 18:54:41 +00:00
William Vu 0a5119a4ac
Land #5702, vprint_* optional parameter 2015-07-13 18:47:22 +00:00
wchen-r7 884b779b36
Land #5593, CVE-2015-1155 Safari file:// Redirection Sandbox Escape 2015-07-13 11:28:39 -05:00
wchen-r7 e638d85f30
Merge branch 'upstream-master' into bapv2 2015-07-12 02:01:09 -05:00
wchen-r7 8d40d30d47 Comemnt 2015-07-11 23:24:01 -05:00
wchen-r7 88357857a0 These datastore options don't need to set anymore 2015-07-11 23:22:05 -05:00
g0tmi1k a4dc409c12 Add empty default vprint value 2015-07-11 19:38:27 +01:00
Brent Cook 8349a274ea use and include git hash of Framework as part of the version 
Because we do not always update the version number, multiple releases have
shown version string, which is not useful for helping debug issues, or for
knowing what features are enabled.

This adds the git hash or reads from a file a copy of the git hash (useful for
doing packaged builds without git) so that it is clear the origin of a
particular metasploit-framework version.
 2015-07-10 18:03:37 -05:00
wchen-r7 89aa00cfc4 Check job workspace 2015-07-10 13:09:42 -05:00
wchen-r7 086de2c030 Pass more options 2015-07-10 12:39:43 -05:00
wchen-r7 513dcf3574 We don't need these methods anymore 2015-07-10 12:12:53 -05:00
Brent Cook 493971245a switch nsock locally to TLS - don't assume self.sock is set 2015-07-10 12:10:53 -05:00
Brent Cook 3495d317b5 Do not lock SMTP STARTTLS to only use SSLv3 
SSLv3 has been deprecated for some time, and is being actively disabled more
and more (http://disablessl3.com, https://tools.ietf.org/html/rfc7568).

To maintain forward compatibility, do not specify a maximum version
and insteady use the default from the local OpenSSL library instead. Fallbacks
to older versions will happen on handshake as needed.
 2015-07-10 11:17:31 -05:00
OJ 51f59b3c8c Re-add URI generation to reverse_http 2015-07-10 16:21:55 +10:00
wchen-r7 f59c99e2ff Remove msfcli, please use msfconsole -x instead 
msfcli is no longer supported, please use msfconsole.

Announcement on SecurityStreet:
Weekly Metasploit Wrapup
Posted by Tod Beardsley in Metasploit on Jan 23, 2015 11:57:05 AM
 2015-07-09 12:50:02 -05:00
wchen-r7 21e44f235e Example of doing Flash detection with Flash 2015-07-08 13:18:57 -05:00
Brent Cook 0b59e63084 keep advanced options on the fat side of the conditional 2015-07-07 22:44:34 -05:00
Brent Cook 23abc288c8 Resolved conflicts with master 2015-07-07 22:34:30 -05:00
wchen-r7 fdb715c9dd
Merge branch 'upstream-master' into bapv2 2015-07-07 13:45:39 -05:00
wchen-r7 dc0ce88279 We're note actually using Mubex, it might be causing a crash too 
A problem we are seeing is that sometimes when BAP terminates
(ie: jobs -K), we hit a deadlock while jobs are trying to cleanup,
and sometimes that might cause msfconsole to crash and terminate.
We suspect this Mubex is a contributing factor but it has been hard
to prove because it's very hard to reproduce the crash.
 2015-07-07 00:32:20 -05:00
wchen-r7 4a70e23f9a Add ExploitReloadTimeout datastore option 
Some exploits require more time, and if we try the next exploit too
soon, it may crash the browser.
 2015-07-06 19:20:15 -05:00
HD Moore 0a4c6fb92f Merge branch 'master' of github.com:rapid7/metasploit-framework 2015-07-06 14:24:52 -05:00
HD Moore c68064ba36
Lands #5671, re-integrates SMB fdleak/timeout settings 2015-07-06 14:23:59 -05:00
Mo Sadek 366d42a0d8
Land #5609, Fuzzer.rb and file_info.rb YARD doc update 2015-07-06 14:12:55 -05:00
Mo Sadek 25bdf7a50a
Land #5427, check payload compatability for set payload fix 2015-07-06 12:56:21 -05:00
jvazquez-r7 3595a23673 Restore #3738 2015-07-06 11:22:22 -05:00
Spencer McIntyre 2a89e248d7 Pymet fix send uuid logic for Python 3.x 2015-07-06 11:20:34 -04:00
HD Moore 3150549634 Experimental output show/hide for BAPv2 2015-07-05 19:07:10 -05:00
HD Moore d2063c92e1 Refactor datastore names to match standards 2015-07-05 18:21:45 -05:00
joev 60a896f58b Adjust extension timeout. 2015-07-05 16:48:25 -05:00
joev b577f79845 Fix some bugs in the safari file navigation module. 2015-07-05 16:46:18 -05:00
OJ aaaf6807ed Minor indentation/space fixes 2015-07-05 09:18:27 +10:00
HD Moore 3c7298ba80 Fix additional copy-pasta cases of #5662 2015-07-04 12:38:04 -05:00
HD Moore fb2da00bfd Fix #5662 by not generating a small uri by default 2015-07-04 09:27:18 -07:00
Spencer McIntyre 29d45e3b18 Pymet patch in timeout info on generate_stage 2015-07-03 14:12:29 -04:00
wchen-r7 2b0f6e723d Explain the byte sequence 2015-07-03 11:12:59 -05:00
wchen-r7 5c582b76ca Resolves #4380, check for warbird template 
Resolves #4380. Adds a check for warbird (license verification)
windows template. For reference please see:
http://thisissecurity.net/2014/10/15/warbird-operation/
 2015-07-03 02:38:52 -05:00
Joshua Smith 5be94c12b6
Land #5602, adds irb -e to core 2015-07-02 16:21:20 -05:00
Joshua Smith 434cffa258 clean up so idiomatic ruby details 2015-07-02 16:16:57 -05:00
HD Moore 7858d63036 Typo 2015-07-02 15:34:44 -05:00
HD Moore 43d47ad83e Port BAPv2 to Auxiliary 2015-07-02 15:29:24 -05:00
HD Moore 6e31b9ef53 Initialize and rename the BES mutex 2015-07-02 15:11:03 -05:00
HD Moore c5c7de0091 Rework browser profiles, get back to functional mode 2015-07-02 14:58:43 -05:00
HD Moore c0969d4497 Fix module.uuid references 2015-07-02 13:45:38 -05:00
HD Moore 0e7f610836 Finish browser profile rework in BES 2015-07-02 12:58:21 -05:00
HD Moore b9a8308138 Replace BAP profiles with a framework-instance hash 2015-07-02 12:53:24 -05:00
HD Moore 87e6325737 Revert BAPv2 changes to framework/libraries/handlers 2015-07-02 12:10:21 -05:00
Spencer McIntyre 0af397217c Merge pymet transport feature into fresh branch 2015-07-02 08:43:13 -04:00
root c4875a8821 Change sysinfo to sys.config.sysinfo 2015-07-02 11:38:37 +05:00
wchen-r7 8051a99f4a
Merge branch 'upstream-master' into bapv2 2015-07-01 18:45:42 -05:00
OJ a5ad56754f Use full namespace for PACKET_TYPE_RESPONSE 2015-07-02 08:03:39 +10:00
HD Moore e7271e3c04 Call the Meterpreter methods directly vs pollute the namespace 2015-07-01 16:04:54 -05:00
William Vu 399b3d2810
Land #5629, moar cmd_exec refactoring 2015-07-01 00:36:19 -05:00
Brent Cook e99d63687f
Land #5608, android and java meterpreter transport and sleep support 
This also includes stageless Windows meterpreter fixes for process migration.
 2015-07-01 00:23:36 -05:00
OJ a2721323be Handle failure better for first recv 2015-07-01 14:02:40 +10:00
OJ 9c2cd34e92 Fix payload required space, remove WOW64 code from x64 2015-07-01 13:39:05 +10:00
OJ a44c31052b reverse_tcp x64 stager reliability fixes 
Also includes a slight tweak to x86
 2015-07-01 12:43:41 +10:00
OJ cf8bbbfa3d reverse_tcp 32 bit stager resiliency 2015-07-01 11:03:08 +10:00
wchen-r7 7aeb9e555b Change ranking and support CAMPAIGN_ID 2015-06-29 12:13:46 -05:00
jvazquez-r7 02cd2a9cd9
Fix #3951 Update Windows::Registry to use cmd_exec 2015-06-29 12:07:37 -05:00
William Vu 1bfa84b37b
Land #5628, sessions -d removal 2015-06-29 11:45:27 -05:00
jvazquez-r7 834c0e594a
Update multi modules 2015-06-29 11:36:28 -05:00
Mo Sadek dde853b0a0 Fixed "linee" to "line" 2015-06-29 11:27:50 -05:00
Mo Sadek e5836fbdac Removed session -d from core.rb 
Ticket #4423
 2015-06-29 10:57:50 -05:00
wchen-r7 7742d85f2f I guess that's fine 2015-06-27 20:58:19 -05:00
wchen-r7 6136269ace No can't do this 2015-06-27 13:53:29 -05:00
wchen-r7 5c039ccfd7 Even faster 2015-06-27 13:51:21 -05:00
wchen-r7 9bd920b169
Merge branch 'upstream-master' into bapv2 2015-06-27 12:19:55 -05:00
wchen-r7 88e58cbdc5 Better performance 2015-06-27 12:19:07 -05:00
OJ 007da4af41 Force :init_connect for stageless 2015-06-27 18:21:15 +10:00
Spencer McIntyre 79185e91c6 Refactor the pymet to use transport objects 2015-06-26 14:56:31 -04:00