deb5a7b015
Bump version of framework to 4.16.16
2017-11-03 10:03:38 -07:00
a14102083c
Bump version of framework to 4.16.15
2017-11-02 10:01:12 -07:00
c2a979dd3c
Land #9134 , fix buggy handling of partial ingress packet data
2017-11-01 20:06:23 -05:00
5de190f092
Land #9145 , ERB/<ruby> for Meterpreter resource
2017-11-01 13:48:51 -05:00
a347dee372
Land #9150 , fix broken and simplify unusual RuntimeError exceptions
2017-11-01 06:03:36 -05:00
90766ceceb
remove more unusual raise RuntimeError patterns
2017-11-01 05:59:12 -05:00
c36184697c
Merge pull request #9150 from bcook-r7/runtimeerror
...
Fix several broken raise RuntimeError calls in error paths
2017-10-31 14:47:42 -05:00
95b6cda06e
Land #9146 , add e500v2 and reduce size of x86_64
2017-10-31 09:54:07 -05:00
c4dcd79e41
Land #9144 , fix misspelling in exploit/windows/local/wmi_persistence
2017-10-31 05:01:13 -05:00
aa0ac57238
use implicit RuntimeError
2017-10-31 04:53:14 -05:00
9389052f61
fix more broken RuntimeError calls
2017-10-31 04:45:19 -05:00
f42b980cf0
fix misspelled RuntimeError
2017-10-30 15:42:11 -05:00
56eb828cc5
add e500v2 payloads
2017-10-30 14:04:10 -05:00
940573ad49
Support ruby directives in Meterpreter rc scripts
2017-10-29 15:57:33 -04:00
3b8ef02c29
sid vs side
2017-10-29 08:36:05 -04:00
9349e1eda5
Fix find_script_path to check only files
2017-10-27 12:28:58 -05:00
73c9807c55
Add module support for sessions -s
2017-10-27 12:28:53 -05:00
140955f220
Bump version of framework to 4.16.14
2017-10-27 10:03:00 -07:00
d188982760
handle masked EOF from Rex sockets (TODO: kill that behavior)
2017-10-27 02:29:25 -07:00
85b59c87ca
fix buggy handling of partial ingress packet data
...
If we have more data, and the packet parser needs more data, connect the two
together rather than bailing. This fixes reverse_tcp_ssl along with probably a
lot of other higher-latency corner cases.
2017-10-27 02:15:08 -07:00
4274b76473
Land #9119 , Fix #8436 , allow session upgrading on meterpreter sessions
2017-10-25 10:26:27 -05:00
386e14828a
Land #8728 , Psexec via PSH related fixes
2017-10-24 15:55:18 -05:00
1b01232624
Land #9070 , Fix bug copying MACE attributes between files
2017-10-23 22:15:42 -05:00
402e926151
Land #9081 , Fix ftp.rb to get files larger than 16384
2017-10-23 22:11:36 -05:00
c6bc55a175
Land #9082 , Fix ftp.rb so it closes all data sockets
2017-10-23 22:10:38 -05:00
ca4feb5136
fix session upgrading
2017-10-23 01:26:45 +08:00
884b68fa60
Bump version of framework to 4.16.13
2017-10-20 10:02:23 -07:00
c795cef69f
Land #9099 , disconnect option for send_request_cgi
2017-10-20 10:50:56 -05:00
8e5deac3f4
Fix nil bug in setting PromptChar without Prompt
2017-10-20 00:38:01 -05:00
a3912e4913
Provide disconnect option to send_request_cgi
...
The HTTP client mixin provides a #send_request_cgi method which
forcibly disconnects the client after receiving a response. This
terminates certain types of resulting sessions which depend on the
connection from the client to maintain a subprocess housing the
shell invocation.
Provide a disconnect boolean option to #send_request_cgi which
is checked in the disconnect(c) call after receiving the response.
Testing:
Locally tested on in-house exploit module written for disclosure
report.
TODO:
Discuss possibility of implementing fully asynchronous methods
like #send_request_cgi_async which won't bother getting a response
for cases such as the module mentioned above which is a command
injection via unfiltered POST var.
2017-10-19 21:22:31 -04:00
60a7a80ff0
Land #9095 , default PromptTimeFormat (%T)
2017-10-17 16:50:47 -05:00
af42f517b8
Default PromptTimeFormat to %T
2017-10-17 16:39:44 -05:00
d5cdd2567a
add missing method
2017-10-16 16:01:53 -04:00
b04f5bdf90
Land #9077 , Enhancing the functionality on the nodejs shell_reverse_tcp payload.
2017-10-16 10:49:17 -05:00
6df8c40bb1
adjust whitespace 'no tabs' more reabable
2017-10-13 17:01:47 -05:00
6b89f62b08
Land #9080 , ensure autoruns on shell sessions
...
Land #9080
2017-10-13 15:35:31 -05:00
5ce4c32213
Use session object instead of self
...
The session object has :process_autoruns, not self
2017-10-13 15:33:27 -05:00
b2de5aba07
Fix #9075 , super setup fix for local exploits
2017-10-13 12:45:14 -05:00
1b306caf39
Fixed ftp.rb to get files larger than 16384
...
Existing ftp.rb did get_once, which limits file
DL to 16384 (def_block_size). Change to get and
added one more timeout variable see:
http://www.rubydoc.info/gems/librex/Rex%2FIO%2FStream:def_block_size
and
http://www.rubydoc.info/gems/librex/Rex%2FIO%2FStream:get_once
and
http://www.rubydoc.info/gems/librex/Rex%2FIO%2FStream:get
2017-10-13 12:41:11 -05:00
88585a5cfd
Bump version of framework to 4.16.12
2017-10-13 10:03:48 -07:00
e5e9c7ccd6
Fixed ftp.rb so it closes all data sockets
...
ftp.rb was doing a shutdown without a close on data
(not command) sockets. This can cause CLOSE_WAIT
for extended periods in certain circumstances-ending
only when msf itself is closed.
2017-10-13 10:09:43 -05:00
e209256d62
ensure we do autoruns for all session types
2017-10-12 23:11:58 -05:00
bf2fb7051a
Fix session compatibility check for post modules
2017-10-12 11:57:11 -05:00
a0abffb6c4
Adding functionality of StagerRetryWait and StagerRetryCount
2017-10-12 22:25:00 +05:30
f556a5f805
Add compatible session types to post module info
2017-10-12 11:41:02 -05:00
374c139d33
Increasing the functionality of the nodejs shell_reverse_tcp payload
2017-10-12 19:05:59 +05:30
294230c455
Land #8509 , add Winsxs bypass for UAC
2017-10-11 16:24:52 -05:00
84fe0847bf
Land #9074 , Add prints and error checking to HTTP CmdStagers
2017-10-11 14:27:52 -05:00
27876a91d3
Add prints and better checking to HTTP CmdStagers
...
Admittedly, this code is more convoluted than it needs to be.
2017-10-11 14:01:56 -05:00
b76c1f3647
remove invalid 'client' object reference in nodejs
...
fix #9063 by removing invalid object reference introduced in PR #8825
2017-10-11 11:09:28 -05:00
Metasploit
bwatters-r7
William Vu
Brent Cook
lvarela-r7
Spencer McIntyre
h00die
Jeffrey Martin
Brent Cook
Tim
RageLtMan
James Lee
Evgeny Naumov
Wei Chen
bigendiansmalls
itsmeroy2012
William Webb