Commit Graph

11350 Commits (018b5151504d9ed59b9d3e8734f0481de35aea4e)

Author SHA1 Message Date
James Lee ec7a07e0bb
Move DLL prefix calculation to its own method 2015-08-24 14:05:24 -05:00
James Lee 3c90ae1ebd
Use mov instead of lea for 64-bit absolute addrs 2015-08-24 13:51:54 -05:00
Fernando Arias ed1065b297
Create MatchResult with status Failure on session failure
MSP-13104
2015-08-24 12:56:32 -05:00
jvazquez-r7 6962fcf2fd
Check the query result before accessing the header 2015-08-24 09:22:42 -05:00
jvicente b37efd29b0 Modified module busybox_pingnet.rb to avoid sending an ash script but executing each ping command separately. Added some fixes. Modified spec file for busybox.rb. 2015-08-23 12:17:17 +02:00
wchen-r7 b99f5bc672
Land #5874, Consistency and API conformance changes to LES 2015-08-22 21:57:24 -05:00
jvazquez-r7 83ca4e984f
Land #5772, @wchen-r7's fixes #5753, support Origin for the creds command 2015-08-21 16:07:45 -05:00
wchen-r7 717b1bdd6a Fix bugs: Empty -O, empty origins 2015-08-21 15:46:18 -05:00
HD Moore d264802ce0 Consistency and API conformance changes to LES 2015-08-21 12:38:58 -05:00
Jon Hart 0bb9324c8d
Pass HTTP::version_random_valid and HTTP::version_random_invalid
Fixes #5871
2015-08-20 10:05:42 -07:00
Jon Hart 407d701fd9
Remove unnecessary version_random_case option 2015-08-20 10:05:16 -07:00
Jon Hart 2e4944b8ec
Remove unnecessary version_random_case option 2015-08-20 10:05:04 -07:00
Roberto Soares 870e9f448e Added PacketStorm (PKT) in References Display 2015-08-20 00:36:27 -03:00
James Lee 21c349494f
Fix default buffer_register for x64 2015-08-19 19:01:35 -05:00
James Lee d71467f9e7
Allow x64 registers for buffer_register 2015-08-19 17:06:29 -05:00
James Lee bf39f53066
Add proper CreateThread stub for x64 2015-08-19 16:16:58 -05:00
Dev Mohanty 68a802b980 Merge pull request #5834 from gmikeska-r7/bug/MSP-13064/SVV-validations-not-created
Bug/msp 13064/svv validations not created
2015-08-19 12:47:59 -05:00
Brent Cook 99ab64727d
Land #5859, add comparison cases for IP/IPv6 addresses in rex tables 2015-08-19 11:52:33 -05:00
Brent Cook f1ec92aba0
Land #5749, http large file download fixes 2015-08-18 15:57:31 -05:00
Brent Cook 015d045730 read max_size bytes at a time 2015-08-18 15:56:57 -05:00
jvicente 56db3f2f87 Added YARD comments for busybox mixin. 2015-08-18 21:15:02 +02:00
OJ 5b173319f2 Fix up level rendering 2015-08-19 00:22:26 +10:00
OJ 884760f11d Update the output format for the Wifi collection 2015-08-18 17:27:48 +10:00
Brent Cook 5b35134f98
Land #5820, DispatcherShell: Ensure exceptions don't interfere with busy state 2015-08-17 17:53:55 -05:00
Brent Cook 98f6c7f01f
Land #5857, use correct deserialization for hosts data 2015-08-17 17:33:07 -05:00
jvazquez-r7 02e3e9af16
Allow to compare ipv4 vs ipv6 hosts 2015-08-17 14:52:26 -05:00
William Vu 0bb01c8b6b Fix nil bug with an empty database.yml
Use an empty hash instead of false.
2015-08-17 14:45:11 -05:00
jvazquez-r7 0aa958dac0
Allow unserialization on hosts v5 2015-08-17 13:47:52 -05:00
jvicente a9ad7b7c6f Modifications to use cmd_exec instead of session.shell_write.
Refactoring of common functions to a new Post mixin /lib/msf/core/post/linux/busybox.rb.
2015-08-17 18:24:22 +02:00
OJ 241593117b First pass of the android interval collection 2015-08-18 00:53:25 +10:00
Brent Cook bf631869a7
Land #5835, allow overriding stage2 lhost and lport values 2015-08-16 11:22:13 -05:00
Brent Cook 92958bdf8b prefer && to 'and' for consistent order-of-operations 2015-08-16 11:21:22 -05:00
Brent Cook ad149a1aec
Land #5819, update stage_payload call arguments 2015-08-16 11:17:28 -05:00
Brent Cook 5dd015150c
Land #5748, refactor google geolocate, add wlan_geolocate and send_sms to android meterpreter 2015-08-16 10:58:17 -05:00
Brent Cook 422bba87d3 style fixes, moved google_geolocate to google/geolocate 2015-08-15 19:49:32 -05:00
Brent Cook 875ac289e0 wait up to time_out seconds for output from the command 2015-08-15 19:44:48 -05:00
Brent Cook 3615bd094d limit the # of bssids sent to google, log more error details 2015-08-14 17:58:33 -05:00
Brent Cook f4031d87fc light ruby style cleanups 2015-08-14 17:26:05 -05:00
Brent Cook 3aab9aa74c move BSSID checker to tools, fixup rubocop warnings, add OS X example 2015-08-14 17:13:11 -05:00
Brent Cook 470779aae7 some doc fixes 2015-08-14 16:36:41 -05:00
Brent Cook 3d92e9d71c
Land #5802, add support for background colors in prompts 2015-08-14 15:02:51 -05:00
jvazquez-r7 f25a5da46f
Do Minor fixes 2015-08-14 12:37:49 -05:00
Stuart Morgan 3aa1f93196 Fixed string->uint 2015-08-14 17:45:47 +01:00
Brent Cook 6b1e911041 Instantiate payload modules so parameter validation occurs
Calling .new on payload modules does not perform parameter validation, leading
to a number cached sizes based on invalid parameters. Most notably,
normalization does not occur either, which makes all OptBool params default to
true.
2015-08-14 11:35:39 -05:00
Stuart Morgan 02a58d459b Merge remote-tracking branch 'upstream/master' into pageant_extension 2015-08-14 17:05:38 +01:00
Jon Hart c257f8945b
Don't use now-removed files 2015-08-13 11:51:39 -07:00
Jon Hart 9c77669ebf
Remove unnecessary files 2015-08-13 11:41:05 -07:00
Jon Hart 92d0e212d9
Update Auxiliary::UDPScanner to collect all responses by default 2015-08-13 11:30:20 -07:00
Jon Hart 61e23ad23e
Switch back to ::Net::DNS::Packet.new 2015-08-13 11:29:56 -07:00
Jon Hart 4b41e8e42c
Fix Net::DNS::RR merge conflicts. really 2015-08-13 08:55:09 -07:00
Jon Hart 3a7cea51b4
Merge master and fix Net::DNS::RR merge conflicts 2015-08-13 08:53:25 -07:00
HD Moore 6e75db090f Fix comment 2015-08-12 21:11:48 -05:00
HD Moore e9203060b0 Allow the hostname and port to be overridden, necessary for complex NAT setups 2015-08-12 16:20:14 -05:00
Greg Mikeska 790356bac8
add infer_vuln_from_session to other valid case
MSP-13065
2015-08-12 15:45:37 -05:00
Greg Mikeska 01b3ae2dd8 Revert "added infer_vuln_from_session to other valid case"
This reverts commit 53e747ce2e.
2015-08-12 15:43:16 -05:00
Greg Mikeska 53e747ce2e
added infer_vuln_from_session to other valid case
MSP-13064
2015-08-12 15:35:03 -05:00
Mo Sadek 802e35ff67 YARD Documentation for EXE.rb 2015-08-11 11:48:35 -05:00
Alex Watt 6e684d46f2 Ensure exceptions don't interfere with `busy` 2015-08-10 12:11:37 -04:00
OJ e141d1451c Fix calls to stage_payload 2015-08-10 09:33:38 +10:00
Brent Cook 0b6a52e162
bump metasploit-framework gemspec version to match pro 2015-08-04 14:25:44 -05:00
Meatballs ef33f36bda
Remove untrusted il 2015-08-01 23:20:00 +01:00
Meatballs 2d9bc64457
Fix WMIC Post Library for SYSTEM
SYSTEM doesn't have a proper clipboard?
2015-08-01 23:11:09 +01:00
Meatballs 5bcb63476d
Add high integrity level check 2015-08-01 23:10:51 +01:00
Roberto Soares de47f4752b Added feature to add color background (Prompt) 2015-08-01 18:54:01 -03:00
Meatballs deb6f5638e
Update WinSCP Gather
* Refactor parsing to common library to support command line tool
* Look in APPDATA not just ProgramFiles
* Iterate over user APPDATA
2015-08-01 20:44:14 +01:00
William Vu fcb7981199 Add BIND TKEY DoS 2015-08-01 06:01:35 -05:00
Brent Cook b40c36688c check send retry count and abort in excess 2015-07-31 16:17:34 -05:00
Brent Cook 6e146794a2 fix indents and style 2015-07-31 14:48:02 -05:00
wchen-r7 629afd86fc
Land #5788, local exploit suggestor
Good luck getting Mr. Robot, Elliot.
2015-07-31 11:43:53 -05:00
jvazquez-r7 a112ccd023
Lnad #5660, @wchen-r7's warbird check
* Fixes #4380
2015-07-31 10:25:43 -05:00
wchen-r7 08338b73b2 Add get_target_arch and get_target_os
We cannot use session.platform to fingerprint the target's platform
and arch, because it's not really meant to be used that way.
2015-07-30 18:26:41 -05:00
William Vu 61b2ca6675
Land #5781, Msf::Format::Webarchive rename 2015-07-29 13:38:42 -05:00
William Vu e6a932eadb
Land #5778, final cmdstager generic payload fix 2015-07-29 11:48:01 -05:00
William Vu 5ff46a5dbd Fix indentation 2015-07-29 11:45:49 -05:00
HD Moore bf96b34108 Tweak module->class 2015-07-28 04:13:35 -07:00
HD Moore 7681d73e01 Relocate Webarchive into the Exploit namespace, fixes #5717 2015-07-28 04:11:17 -07:00
Brent Cook e53419a911 use password_prompt? not @password_prompt 2015-07-27 19:21:59 -05:00
wchen-r7 768de00214 Automatically pass arch & platform from cmdstager
This allows the cmdstager mixin to automatically pass the arch
and platform information without changing the modules. This should
address the following tickets:

Fix #5727
Fix #5718
Fix #5761
2015-07-27 14:17:21 -05:00
Brent Cook 226516ef20 restore PPID to the meterpreter process list table
This restores pre-66bd881ac5a6de636c2eea7528946bc2d3abd52c behavior, but merges
the current search and output fixups currently in the tree.
2015-07-25 18:10:10 -05:00
Brent Cook eb70ecb448
Land #5752, synchronize calls to payload.stop_handler 2015-07-24 17:49:54 -05:00
Brent Cook 347f48b0ec
Land #5762, adjust PHP stager to work in and outside of eval() 2015-07-24 17:43:26 -05:00
Brent Cook c30127cfe8
Land #5729, add user-agent list, MeterpreterUserAgent derives from this
Later PRs will convert modules to use this. A random user agent might be nice
for meterpreter actually.
2015-07-24 17:39:30 -05:00
jvazquez-r7 18636e3b9b
Land #5739, @wchen-r7 fixes #5738 updating L/URI HOST/PORT options 2015-07-24 15:45:31 -05:00
jvazquez-r7 ec7bf606c6
Land #5735, @rcvalle's for CVE-2015-1793 OpenSSL mitm 2015-07-24 14:38:27 -05:00
wchen-r7 75d59be87d Resolve #5753, Support Origin for the creds command
Resolve #5753. Add an Origin column and allow the user to search
by origin.
2015-07-24 14:04:23 -05:00
jvazquez-r7 45b4334006
Use Rex::Socket::SslTcpServer
* Also add rex sockets managing
2015-07-24 11:16:09 -05:00
William Vu 1f95491b45 Drop bang method and tweak formatting 2015-07-24 10:35:47 -05:00
Jack64 981d98443f fix local mods
Fixed some local modifications that were unintentionally pushed.
2015-07-23 17:04:12 +01:00
Jack64 31dcae6828 bug fixes 2015-07-23 16:58:55 +01:00
wchen-r7 6720a57659 Fix #5761, pass the correct arch and platform for exe generation
Fix #5761
2015-07-23 01:34:44 -05:00
OJ 0929d7695a Fix PHP stagers 2015-07-23 14:50:04 +10:00
Brent Cook 264bc0f921
Land #5726, support multiple glob patterns with search 2015-07-22 17:58:33 -05:00
William Vu a52bf4526d Use uniq on the globs array
This avoids search repetition.
2015-07-22 14:25:49 -05:00
William Vu fe67be0ece
Land #5734, notes -o 2015-07-22 13:52:40 -05:00
OJ 121fe1adda
Land #5654 : Python Meterpreter Transport 2015-07-22 10:39:06 +10:00
James Lee 85e806dc99
Add simple class for getting geo data from Google 2015-07-20 19:28:19 -05:00
jvazquez-r7 a59fa059dc
Fix #5675 Synchronize access to stop_handler 2015-07-20 16:09:13 -05:00
jvazquez-r7 035c0a8a38
Fix #5078 by improving actual_timeout calculation 2015-07-20 11:27:48 -05:00
jvazquez-r7 1a9664fcba
Delete default option 2015-07-20 09:54:51 -05:00
Jack64 0771d5ec39 minor fixes 2015-07-20 01:22:45 +01:00
Jack64 97f4ec72f9 minor fixes 2015-07-20 01:20:36 +01:00
Jack64 ad86a72918 send_sms + wlan_geolocate 2015-07-20 01:16:58 +01:00
xistence 844b47e8ce Additional changes 2015-07-18 14:10:46 +07:00
wchen-r7 da445a52aa Update URIHOST and URIPORT 2015-07-16 14:27:46 -05:00
wchen-r7 1fdbcc71c1 Support URIHOST and URIPORT for exploit URI generation 2015-07-16 14:10:49 -05:00
xistence 7f05403ae0 Added certutil cmdstager 2015-07-16 13:20:05 +07:00
wchen-r7 73fd4bd853 Allow the notes command to save notes as a file
The -o option can save notes as a file.
2015-07-16 00:28:15 -05:00
wchen-r7 18ca617c23
Land #5649, Fix undefined sysinfo method error in meterpreter.rb 2015-07-15 23:27:02 -05:00
William Vu f6cdbb65dd
Land #5706, Kiwi creds_* -o write to file 2015-07-15 15:43:29 +00:00
jvazquez-r7 886ca47dfb
Land #5650, @wchen-r7's browser autopwn 2 2015-07-15 10:21:44 -05:00
OJ b6e25506d0 Add a common user agent list, use the shortest for Meterpreter 2015-07-15 13:03:47 +10:00
wchen-r7 4f8f640189 Rename autopwnv2 to just autopwn2 2015-07-14 17:38:51 -05:00
jvazquez-r7 709676e6cc
Make exploits quiet 2015-07-14 17:00:44 -05:00
wchen-r7 219d0032fa Do print_good to make this important stand up more 2015-07-14 15:36:35 -05:00
William Vu 6685fc479b Add multi-glob filesystem search to Meterpreter 2015-07-14 20:23:23 +00:00
wchen-r7 1992a5648d Make up our damn mind 2015-07-14 15:09:23 -05:00
wchen-r7 d64f4be691 Check if URIPORT is 0 2015-07-14 14:45:10 -05:00
wchen-r7 5e63b5f93e Can't use cli 2015-07-14 14:37:45 -05:00
wchen-r7 cf714fe4aa Change port logic too 2015-07-14 14:19:00 -05:00
wchen-r7 61d49f29e8 Check nil for SRVHOST option 2015-07-14 14:16:49 -05:00
wchen-r7 8efb4df8af Change the HOST IP logic again 2015-07-14 14:15:32 -05:00
wchen-r7 9980e8f285 Change SRVHOST vs URIHOST vs Rex again 2015-07-14 14:06:33 -05:00
wchen-r7 f76fe07872 Fix SRVHOST 2015-07-14 13:49:28 -05:00
William Vu 9be030bbff Fix nil in executable generation 2015-07-14 18:47:33 +00:00
wchen-r7 9dddb13d0b Slow down on killing exploits
Jobs aren't thread safe, so we kind of have to take it easy.
2015-07-14 13:10:57 -05:00
wchen-r7 2264efac15 Reduce output 2015-07-14 12:22:38 -05:00
HD Moore 100d3c8d46 A number of small fixes for BAPv2
* Use module.register_parent() to pass WORKSPACE and other fields
* Prevent partial resource matching in URIs
* Make disclosure_date sorting resilient
2015-07-14 11:40:28 -05:00
Samuel Huckins 60444c208b
Land #5658, MSF version includes git hash now 2015-07-14 09:21:25 -05:00
wchen-r7 0582e7e3ca Return nil instead of "null"
A scenario is when FF disables Flash, BES returns "null", and when
modules try to use Gem::Version, the "null" is considered a malformed
data and it won't be able to continue.
2015-07-14 01:25:41 -05:00
wchen-r7 8384be6466 Fix rand_text_alpha and bump max exploit count to 21 2015-07-14 01:02:01 -05:00
wchen-r7 d6565a9aee Merge branch 'bes_flash' into bapv2_flash_test 2015-07-14 00:34:54 -05:00
jvazquez-r7 8fb6bedd94
Delete as3 detecotr 2015-07-13 18:23:39 -05:00
jvazquez-r7 8928c5529c
Fix Javascript code 2015-07-13 17:43:04 -05:00
jvazquez-r7 244d9bae64
Add max timeout 2015-07-13 16:52:25 -05:00
jvazquez-r7 9116460cb0
Add prototype with AS3 2015-07-13 16:33:55 -05:00
Brent Cook 07d05828d0
Land #5688, remove msfcli 2015-07-13 15:27:38 -05:00
William Vu 93f154b395
Land #5695, SMTPDeliver STARTTLS unspecific SSL 2015-07-13 18:54:41 +00:00
William Vu 0a5119a4ac
Land #5702, vprint_* optional parameter 2015-07-13 18:47:22 +00:00
William Vu 53bcee011b
Land #5709, s/Filed/Failed/ typo fixes 2015-07-13 18:37:46 +00:00
wchen-r7 884b779b36
Land #5593, CVE-2015-1155 Safari file:// Redirection Sandbox Escape 2015-07-13 11:28:39 -05:00
Mo Sadek 4cd6e0c72b Added "Failed" to line 121 of kdc_request.rb 2015-07-13 11:27:32 -05:00
Mo Sadek 6a5645d747 Changed "Filed" to "Failed" in multiple files 2015-07-13 11:21:20 -05:00
rwhitcroft 0a581be9f9 put -u back for removing transports 2015-07-13 12:10:32 -04:00
OJ 4fc258ec0c Remove duplicate entries, allow for output to file
This commit does a few tidies of code, as well as adds the ability to
write all the kiwi output to disk as well as to the console. We can't
yet add this stuff to the credential DB because it's tied to machine,
where the creds that come out of kiwi are often tied to domains.

This also removes duplicate creds from the output list, and gets rid of
the auth id stuff from the output too (not sure why it was useful
before).
2015-07-13 14:17:31 +10:00
wchen-r7 e638d85f30
Merge branch 'upstream-master' into bapv2 2015-07-12 02:01:09 -05:00
wchen-r7 8d40d30d47 Comemnt 2015-07-11 23:24:01 -05:00
wchen-r7 88357857a0 These datastore options don't need to set anymore 2015-07-11 23:22:05 -05:00
rwhitcroft eaa0d0a44e first msg was better 2015-07-11 22:50:38 -04:00
rwhitcroft 508c9f55df specify transports by index 2015-07-11 22:22:50 -04:00
g0tmi1k a4dc409c12 Add empty default vprint value 2015-07-11 19:38:27 +01:00
Brent Cook 8349a274ea use and include git hash of Framework as part of the version
Because we do not always update the version number, multiple releases have
shown version string, which is not useful for helping debug issues, or for
knowing what features are enabled.

This adds the git hash or reads from a file a copy of the git hash (useful for
doing packaged builds without git) so that it is clear the origin of a
particular metasploit-framework version.
2015-07-10 18:03:37 -05:00
wchen-r7 89aa00cfc4 Check job workspace 2015-07-10 13:09:42 -05:00
wchen-r7 086de2c030 Pass more options 2015-07-10 12:39:43 -05:00
wchen-r7 513dcf3574 We don't need these methods anymore 2015-07-10 12:12:53 -05:00
Brent Cook 493971245a switch nsock locally to TLS - don't assume self.sock is set 2015-07-10 12:10:53 -05:00
Brent Cook 3495d317b5 Do not lock SMTP STARTTLS to only use SSLv3
SSLv3 has been deprecated for some time, and is being actively disabled more
and more (http://disablessl3.com, https://tools.ietf.org/html/rfc7568).

To maintain forward compatibility, do not specify a maximum version
and insteady use the default from the local OpenSSL library instead. Fallbacks
to older versions will happen on handshake as needed.
2015-07-10 11:17:31 -05:00
OJ 51f59b3c8c Re-add URI generation to reverse_http 2015-07-10 16:21:55 +10:00
wchen-r7 f59c99e2ff Remove msfcli, please use msfconsole -x instead
msfcli is no longer supported, please use msfconsole.

Announcement on SecurityStreet:
Weekly Metasploit Wrapup
Posted by Tod Beardsley in Metasploit on Jan 23, 2015 11:57:05 AM
2015-07-09 12:50:02 -05:00
wchen-r7 21e44f235e Example of doing Flash detection with Flash 2015-07-08 13:18:57 -05:00
Brent Cook 0b59e63084 keep advanced options on the fat side of the conditional 2015-07-07 22:44:34 -05:00
Brent Cook 23abc288c8 Resolved conflicts with master 2015-07-07 22:34:30 -05:00
wchen-r7 fdb715c9dd
Merge branch 'upstream-master' into bapv2 2015-07-07 13:45:39 -05:00
wchen-r7 dc0ce88279 We're note actually using Mubex, it might be causing a crash too
A problem we are seeing is that sometimes when BAP terminates
(ie: jobs -K), we hit a deadlock while jobs are trying to cleanup,
and sometimes that might cause msfconsole to crash and terminate.
We suspect this Mubex is a contributing factor but it has been hard
to prove because it's very hard to reproduce the crash.
2015-07-07 00:32:20 -05:00
wchen-r7 4a70e23f9a Add ExploitReloadTimeout datastore option
Some exploits require more time, and if we try the next exploit too
soon, it may crash the browser.
2015-07-06 19:20:15 -05:00
HD Moore 0a4c6fb92f Merge branch 'master' of github.com:rapid7/metasploit-framework 2015-07-06 14:24:52 -05:00
HD Moore c68064ba36
Lands #5671, re-integrates SMB fdleak/timeout settings 2015-07-06 14:23:59 -05:00
Mo Sadek 366d42a0d8
Land #5609, Fuzzer.rb and file_info.rb YARD doc update 2015-07-06 14:12:55 -05:00
Mo Sadek 25bdf7a50a
Land #5427, check payload compatability for set payload fix 2015-07-06 12:56:21 -05:00
jvazquez-r7 3595a23673 Restore #3738 2015-07-06 11:22:22 -05:00
Samuel Huckins 174c90ccde
Updating version to match current
* This will be changed to the most recent git hash for next round,
at least making accurate for now.
2015-07-06 10:28:34 -05:00
Spencer McIntyre 2a89e248d7 Pymet fix send uuid logic for Python 3.x 2015-07-06 11:20:34 -04:00
HD Moore 3150549634 Experimental output show/hide for BAPv2 2015-07-05 19:07:10 -05:00
HD Moore d2063c92e1 Refactor datastore names to match standards 2015-07-05 18:21:45 -05:00
joev 60a896f58b Adjust extension timeout. 2015-07-05 16:48:25 -05:00
joev b577f79845 Fix some bugs in the safari file navigation module. 2015-07-05 16:46:18 -05:00
OJ aaaf6807ed Minor indentation/space fixes 2015-07-05 09:18:27 +10:00
HD Moore 3c7298ba80 Fix additional copy-pasta cases of #5662 2015-07-04 12:38:04 -05:00
HD Moore fb2da00bfd Fix #5662 by not generating a small uri by default 2015-07-04 09:27:18 -07:00
Spencer McIntyre 29d45e3b18 Pymet patch in timeout info on generate_stage 2015-07-03 14:12:29 -04:00
wchen-r7 2b0f6e723d Explain the byte sequence 2015-07-03 11:12:59 -05:00
wchen-r7 5c582b76ca Resolves #4380, check for warbird template
Resolves #4380. Adds a check for warbird (license verification)
windows template. For reference please see:
http://thisissecurity.net/2014/10/15/warbird-operation/
2015-07-03 02:38:52 -05:00
Joshua Smith 5be94c12b6
Land #5602, adds irb -e to core 2015-07-02 16:21:20 -05:00
Joshua Smith 434cffa258 clean up so idiomatic ruby details 2015-07-02 16:16:57 -05:00
HD Moore 7858d63036 Typo 2015-07-02 15:34:44 -05:00
HD Moore 43d47ad83e Port BAPv2 to Auxiliary 2015-07-02 15:29:24 -05:00
HD Moore 6e31b9ef53 Initialize and rename the BES mutex 2015-07-02 15:11:03 -05:00
HD Moore c5c7de0091 Rework browser profiles, get back to functional mode 2015-07-02 14:58:43 -05:00
HD Moore c0969d4497 Fix module.uuid references 2015-07-02 13:45:38 -05:00
HD Moore 0e7f610836 Finish browser profile rework in BES 2015-07-02 12:58:21 -05:00
HD Moore b9a8308138 Replace BAP profiles with a framework-instance hash 2015-07-02 12:53:24 -05:00
HD Moore 87e6325737 Revert BAPv2 changes to framework/libraries/handlers 2015-07-02 12:10:21 -05:00
Spencer McIntyre 0af397217c Merge pymet transport feature into fresh branch 2015-07-02 08:43:13 -04:00
wchen-r7 2957924c78
Merge branch 'upstream-master' into bapv2 2015-07-02 01:46:31 -05:00
root c4875a8821 Change sysinfo to sys.config.sysinfo 2015-07-02 11:38:37 +05:00
wchen-r7 a17b27efce Update descriptions 2015-07-01 21:47:51 -05:00
wchen-r7 caddf545c4 Make getsystem more verbose
Resolves #4401
2015-07-01 20:49:14 -05:00
wchen-r7 8051a99f4a
Merge branch 'upstream-master' into bapv2 2015-07-01 18:45:42 -05:00
OJ a5ad56754f Use full namespace for PACKET_TYPE_RESPONSE 2015-07-02 08:03:39 +10:00
HD Moore e7271e3c04 Call the Meterpreter methods directly vs pollute the namespace 2015-07-01 16:04:54 -05:00
William Vu 399b3d2810
Land #5629, moar cmd_exec refactoring 2015-07-01 00:36:19 -05:00
Brent Cook e99d63687f
Land #5608, android and java meterpreter transport and sleep support
This also includes stageless Windows meterpreter fixes for process migration.
2015-07-01 00:23:36 -05:00
OJ a2721323be Handle failure better for first recv 2015-07-01 14:02:40 +10:00
OJ 9c2cd34e92 Fix payload required space, remove WOW64 code from x64 2015-07-01 13:39:05 +10:00
OJ a44c31052b reverse_tcp x64 stager reliability fixes
Also includes a slight tweak to x86
2015-07-01 12:43:41 +10:00
OJ cf8bbbfa3d reverse_tcp 32 bit stager resiliency 2015-07-01 11:03:08 +10:00
Tod Beardsley 37ac5f0ee3 Use environment variables for Program Files
Done, thanks @Meatballs1 !
2015-06-30 17:28:21 -05:00
wchen-r7 7aeb9e555b Change ranking and support CAMPAIGN_ID 2015-06-29 12:13:46 -05:00
jvazquez-r7 02cd2a9cd9
Fix #3951 Update Windows::Registry to use cmd_exec 2015-06-29 12:07:37 -05:00
William Vu 1bfa84b37b
Land #5628, sessions -d removal 2015-06-29 11:45:27 -05:00
jvazquez-r7 834c0e594a
Update multi modules 2015-06-29 11:36:28 -05:00
Mo Sadek dde853b0a0 Fixed "linee" to "line" 2015-06-29 11:27:50 -05:00
Mo Sadek e5836fbdac Removed session -d from core.rb
Ticket #4423
2015-06-29 10:57:50 -05:00
wchen-r7 7742d85f2f I guess that's fine 2015-06-27 20:58:19 -05:00
wchen-r7 6136269ace No can't do this 2015-06-27 13:53:29 -05:00
wchen-r7 5c039ccfd7 Even faster 2015-06-27 13:51:21 -05:00
wchen-r7 9bd920b169
Merge branch 'upstream-master' into bapv2 2015-06-27 12:19:55 -05:00
wchen-r7 88e58cbdc5 Better performance 2015-06-27 12:19:07 -05:00
OJ 007da4af41 Force :init_connect for stageless 2015-06-27 18:21:15 +10:00
Brent Cook 10a6945737
Land #5617, record the success on which we stopped (fixes #5616) 2015-06-26 18:27:49 -05:00
jvazquez-r7 52b49503a0
Land #5498, @hmoore-r7's patch for a number of Net::DNS/enum_dns issues 2015-06-26 18:25:03 -05:00
wchen-r7 b4656f43a4 Fix #5616, Save username before stop_on_success breaks the task
Fix #5616
2015-06-26 18:04:18 -05:00
jvazquez-r7 a10fa02b00
Land #5606, @wchen-r7's glassfish fixes 2015-06-26 14:12:50 -05:00
Spencer McIntyre 79185e91c6 Refactor the pymet to use transport objects 2015-06-26 14:56:31 -04:00
wchen-r7 da779b1101 Fix login for 9.1 2015-06-26 13:52:44 -05:00
wchen-r7 b46e1be22f
Land #5371, Add file checking to the on_new_session cleanup 2015-06-26 13:33:57 -05:00
wchen-r7 0c608e2a4c Change doc for boolean args 2015-06-26 12:01:53 -05:00
wchen-r7 1d9caeffc0 Update documentation for fuzzer.rb and file_info.rb
See #5599
2015-06-26 11:22:30 -05:00
Spencer McIntyre 7aae9b210e Add pymet support for core_enumextcmd 2015-06-26 11:32:51 -04:00
OJ f6ae1f4223
Merge branch 'upstream/master' into android-java-transport-refactor 2015-06-26 14:12:56 +10:00
OJ a773979992 Java config wiring, tweak to include block counts
This commit adjusts the way that the config block is set for java and
android because behind the scenes the stageless connect-backs need to
know what to discard. as a result of connecting back to staged listeners
we need to be able to discard a number of bytes/blocks before we can
continue process (at least in the case of TCP).
2015-06-26 13:59:09 +10:00
Tod Beardsley 15f9fc5d8f
Land #5599, YARD for fuzzer.rb 2015-06-25 14:37:55 -05:00
Mo Sadek 31c35715fc YARD Documentation for file_info.rb 2015-06-25 11:08:35 -05:00
OJ 98156ec944 Add user agent to the transport config
Why this was missing I will never know :)
2015-06-25 14:51:06 +10:00
OJ 5a24dc8e64 Enable the transport command for java 2015-06-25 14:08:41 +10:00
Spencer McIntyre f9642da387 Support expressions for meterpreter's irb too 2015-06-24 21:02:18 -04:00
Spencer McIntyre f6f21724a3 Support expressions for the irb command 2015-06-24 20:52:17 -04:00
wchen-r7 8e4fa80728 This looks good so far 2015-06-24 19:30:02 -05:00
Brent Cook 5c65c58fdf
Land #5598:handle nil or short machine_ids gracefully 2015-06-24 19:11:08 -05:00
OJ d9b6e46685 Merge branch 'upstream/master' into android-java-transport-refactor 2015-06-25 09:50:42 +10:00
HD Moore 24a6e4c110 Comment update 2015-06-24 16:33:07 -05:00
HD Moore 2807fb4f93 Bump the default timeout to 30 seconds based on feedback 2015-06-24 16:15:01 -05:00
HD Moore 4d58e49cdc
Land #5600, update session info after migrate 2015-06-24 15:16:58 -05:00
Meatballs 151fa2f676
Update user info on migrate 2015-06-24 20:50:29 +01:00
HD Moore aa9ea13934 Fix up the core_machine_id call to handle weirdness better 2015-06-24 11:44:54 -07:00
Mo Sadek e0c52730a0 YARD Documentation for Fuzzer.rb 2015-06-24 13:38:11 -05:00
Samuel Huckins ea4d13586c Merge pull request #5587 from trevrosen/bug/MSP-12834/crawler-choke-on-save
MSP-12834 #land
2015-06-24 09:43:51 -05:00
OJ a8c20496be Remove unused code from the java http stager 2015-06-24 22:37:40 +10:00
joev c305348a3b Fix the mixin to work in the exploit again. 2015-06-24 02:19:09 -05:00
joev 8b6fba4988 Tweak and fix some things in Safari file URL module. 2015-06-24 02:08:06 -05:00
OJ e796e56c6c Modify the staging process 2015-06-24 13:22:33 +10:00