8e1e505730
Fix output of MSV creds dumping in Kiwi
...
The data being pulled out of the MSV credential dump was not being
rendered propertly because it was assumed that all accounts would
provide the same set of hashes/details for each entry found. However,
this was not the case. Some have NTLM & SHA1, others have LM & NTLM,
some have DPAPI when others don't.
This code generates tables based on the values found, and renders those
values in the appropriate columns, and if the values don't exist for
a given account, the column is left blank.
Fixes #8620
2017-06-27 15:43:40 +10:00
49e34d70c3
Remove uses of multi-char args for meterpreter commands
2017-06-27 13:06:10 +10:00
ea83cb0bb6
Make the railgun def class names platform specific
2017-06-26 19:53:19 -04:00
25e323fc4b
Support AES renegotiation after session migration
2017-06-26 20:50:12 +10:00
9f2be21eb7
Ignore missing method error when doing aes negotiation
...
This means that meterpreter instances that don't support will continue
to work.
2017-06-26 15:22:56 +10:00
bdcea7bd22
Fix http AES packet dispatching
2017-06-25 19:51:25 +10:00
494d389aa2
Merge upstream/master into packet encryption
2017-06-25 19:06:31 +10:00
67b1a19aa1
Finalised MSF-side of AES key negotiation over RSA
2017-06-25 10:24:00 +10:00
bf85386acf
add help switch
2017-06-24 17:45:53 -05:00
6a8d54a93c
Land #8545 , `ps` table output fixes
2017-06-24 14:43:51 -05:00
1762fe56c9
Land #8589 , Fix 64-bit support for the winpmem extension
2017-06-23 19:27:31 -05:00
9eeb3dc143
use typical command option and TLV scheme instead of dumb stuff for keyscan_start
2017-06-23 13:11:12 -05:00
a3607c6802
Update to Mimikatz 2.1.1 20170608 to include changntlm
2017-06-23 13:40:01 +10:00
283f36f79a
Compare headers w/process keys instead of themselves
...
Also clarifies a bunch of old bad variable names
2017-06-22 21:43:11 -05:00
2617ae7609
Land #8513 , check extapi commands for dependencies
2017-06-22 20:21:26 -05:00
fda2e8c73d
Land #8523 , Add support for session GUIDs
2017-06-22 20:10:10 -05:00
0eaffde4b3
fix rex arguments parser to handle adjacent flags, update accordingly
2017-06-22 09:54:03 -05:00
eb4c4c911b
Land #8587 , Add android wakelock command to turn the screen on
2017-06-21 14:48:20 -05:00
717f9aad12
Add more OSX Railgun defs and better CDECL support
2017-06-21 08:59:42 -04:00
a9e03c1efd
Initial working version of AES encryption of TLVs
2017-06-21 21:01:59 +10:00
d81d0ea4ba
print a friendlier status msg
2017-06-21 03:09:42 -05:00
b9904572f9
update winpmem dump handler for 64-bit support
2017-06-21 03:02:50 -05:00
2129959d2d
Begin rework of packet handling
...
This moves some of the packet-specific stuff to the packet class itself
2017-06-20 19:18:37 +10:00
f7c133cdf7
Add OSX support to railgun
2017-06-19 11:11:55 -04:00
cec87a3e4f
Start of support for AES packet encryption
2017-06-19 22:27:51 +10:00
a48f0fcec6
Remove references to Meterpreter CRYPTO TLVs
...
This feature wasn't supported, and so the TLVs are no longer needed.
2017-06-19 16:53:33 +10:00
32fbad7fca
Style changes for cmd_ps cleanup
2017-06-14 01:28:21 -04:00
762427b447
Clean up cmd_ps table output for Mettle
...
Mettle can run in all sorts of environments where some colums of a
process table will be nil. The existing implementation compacts
rows going into the table while providing filtering for the colum
contents only by checking the output of the first row in the proc
table.
Check column filters against all rows to ensure proper table init.
Check columns going into table for match against header.
Do not compact nil values in the table rows - some things, like
kthreads/workers dont have a path while other PIDs will.
2017-06-12 01:20:59 -04:00
c4288fb35a
Update branch to include chances from upstream/master
2017-06-09 17:18:57 +10:00
6131e4bd82
Fix download lambda function to take correct param count
...
This is an emergency fix as a result of something being broken in
master. This is also being pushed straight to master because github is
down and the PR process isn't possible. This commit was reviewed by
@wvu-r7 prior to being pushed.
2017-06-07 09:37:24 +10:00
37b9cd07a2
Add support for the session GUID in the UI
...
The Session GUID will identify active sessions, and is the beginning of
work that will allow for tracking of sessions that have come back alive
after failing or switching transports.
2017-06-06 17:15:57 +10:00
871c30c0b3
refactor stdapi and lanattacks to use filter_commands
2017-06-06 14:05:07 +08:00
e9c9c852ab
check_commands -> filter_commands
2017-06-06 13:56:38 +08:00
7625d36c1c
fix #8199 , check extapi for dependencies
2017-06-05 14:56:59 +08:00
cc0ff8f3db
Enable adaptive download with variable block sizes
...
The aim of this commit is to allow users of Meterpreter in high-latency
environments have better control over the behaviour of the download
function. This code contains two new options that manage the block size
of the downloads and the ability to set "adaptive" which means that the
block size will adjust on the fly of things continue to fail.
2017-06-02 17:16:58 +10:00
11b3fd9067
Land #8468 , Update system info after running getsystem
2017-05-26 23:37:00 -05:00
53cbbbacd8
getsystem update session info
2017-05-26 17:28:11 -06:00
a9e6df6f15
fix shell command on osx meterpreter
2017-05-26 15:55:14 +08:00
86aad6b7c3
Fix proxy_type references to handle nil case
2017-05-22 21:47:37 +10:00
a6f416e8df
Land #8290 , Hwbridge Automotive Fix and Extension Enhancements
2017-05-19 13:46:54 -05:00
d0b13544dd
Agreed-upon feedback updates.
2017-05-17 10:57:39 -05:00
123462bdca
Land #8293 , add initial multi-platform railgun support
2017-05-11 22:32:23 -05:00
e026a8c663
Fix typo (s/Remote/Reverse/) in portfwd -L
...
Found by ThePortWhisperer on IRC.
2017-04-29 00:10:13 -05:00
3347af24ba
Add some basic libc definitions for railgun
2017-04-25 15:12:39 -04:00
9c60c3ee46
Support platform specific railgun constants
2017-04-25 14:36:15 -04:00
6f763a616d
Land #8225 , Expose the shared wifi profile dumping feature in Mimikatz
2017-04-25 11:23:34 -05:00
aeed81de29
Code cleanup from Rubocop output
...
Signed-off-by: Craig Smith <agent.craig@gmail.com>
2017-04-24 20:42:03 -07:00
c2296dcd1b
Addes 'isotpsend' command to interactive commands to send ISO-TP related queries
...
Signed-off-by: Craig Smith <agent.craig@gmail.com>
2017-04-24 20:42:03 -07:00
36026ba8b4
Fixed active buses not being recorded. The 'connect' command now works for other extensions as well as modules. Added TesterPresent background packet transmissions to hold debugging sessions open.
...
Signed-off-by: Craig Smith <agent.craig@gmail.com>
2017-04-24 20:42:03 -07:00
2012ebf38f
Fixed bug with a duplicate ID in hash for errors
...
Signed-off-by: Craig Smith <agent.craig@gmail.com>
2017-04-24 20:42:03 -07:00
406051a3ff
Added more session management to hwbridge. Commands 'sessions' and 'background' added.
...
Signed-off-by: Craig Smith <agent.craig@gmail.com>
2017-04-24 20:42:03 -07:00
5537348e28
Addes Statistics support from the API. When typing status in a hardware bridge it will also print packet statistics.
...
Signed-off-by: Craig Smith <agent.craig@gmail.com>
2017-04-24 20:42:03 -07:00
daf8833174
Refactor a bunch of windows_name references
2017-04-24 19:54:00 -04:00
3cc089bcef
Support loading platform specific railgun defs
2017-04-24 19:46:56 -04:00
d3a759d631
Make changes for initial linux railgun support
2017-04-24 17:11:27 -04:00
67047cf770
Revert "Fixes MS-1716, keep sessions in progress alive."
...
This reverts commit e5d0370a94
2017-04-16 15:52:22 -05:00
7950087804
Merge branch 'upstream-master' into land-8237-
2017-04-14 21:53:26 -05:00
cbebc5dc39
really remove errant keyscan_extract() call
2017-04-14 15:21:11 -05:00
303a767ccc
bring ukl branch up to date with upstream
2017-04-12 21:59:13 -05:00
271da4b4a5
Add new shared wifi profile dumping from kiwi
2017-04-11 22:01:52 +10:00
6983b0f857
Update the kiwi extension to show correct version number
2017-04-11 20:23:56 +10:00
a65936452f
Add android wakelock command to turn the screen on
2017-03-28 16:24:11 +08:00
31c03840bb
Style fixes for HWBridge RF and a couple small bug fixes
...
I should have tweaked these earlier, my bad.
2017-03-26 13:45:19 -05:00
4e6cf58b22
Land #8143 , Fix variable typos in rfrecv related methods.
2017-03-24 15:38:52 -05:00
c58e9acadd
Fix variable typos in rfrecv related methods.
2017-03-22 15:44:22 +02:00
ef53e6a593
fix execute and kill cmd usage/help
2017-03-22 16:29:47 +08:00
686f30e118
Land #8117 , p{grep,kill} for Meterpreter <3
2017-03-21 16:37:34 -05:00
7477e44d30
Use urlsafe Base64 en/decode calls.
2017-03-20 17:37:16 -05:00
c4279a837a
Minor formatting/spelling/verbiage changes.
2017-03-20 17:37:12 -05:00
2fde287424
Initial patch for rftransceiver (RfCat / YardstickOne)
2017-03-20 17:36:16 -05:00
321988c282
Replace errant '.' with ','
2017-03-20 16:36:13 -05:00
2acd941b16
Merge branch 'master' into dtc_fix
2017-03-20 14:10:01 -05:00
0be6b8c905
Fixes #8022
...
Adds detection for ELM327 chips reporting CAN ERROR when vehicle is off.
Addes some enhanced UDS Error codes.
Cleaned up reporting from getvinfo if the vehicle is off or not connected.
2017-03-20 13:49:39 -05:00
06ebb22a8f
Land #8065 , Zigbee Hardware Bridge Extension
2017-03-20 10:44:15 -05:00
f9ecefe465
Land #8031 , nil fixes for HWBridge
2017-03-19 22:37:28 -05:00
dd6e75986d
add -l and -f flag simulation for pgrep, XXX rex handles flag opts poorly
2017-03-16 23:48:39 -05:00
70bbacf7ed
kill processes in reverse, allow children before parents more likely
2017-03-16 23:48:04 -05:00
095a110e65
Code and doc tweaks (minor).
...
Only one behavior change in the scan loop of zstumbler.rb to, when doing a scan across all the channels, keep it from retrying channel 11 again one last time just before it exits.
2017-03-16 21:43:36 -05:00
85f7d73d4d
add pgrep as well
2017-03-16 04:14:45 -05:00
c9a85f58c0
add pkill command, rework to share filtering logic with ps
2017-03-16 03:57:49 -05:00
befc5e05e5
Fix more kernel32 railgun definitions using DWORD
2017-03-14 18:42:52 -04:00
d759c603b2
Fix more kernel32 railgun definitions using DWORD
...
Some railgun definitions for the kernel32 module define DWORD for the
functions return type when it should be HANDLE. This causes errors on
64-bit systems when the return value is truncated.
2017-03-14 16:58:22 -04:00
f60dae0917
Lots of syntax fixups from rubocop
2017-03-08 09:21:33 -08:00
97ad8be7ff
Added some Zigbee Documentation
2017-03-06 22:42:15 -08:00
60cd04bc7b
Added module for zstumbler
2017-03-06 16:10:14 -08:00
2d51801b01
Use native_arch for railfun multi and test it
2017-03-01 13:07:04 -05:00
d4e5cb7993
Fixes #8022
...
Adds detection for ELM327 chips reporting CAN ERROR when vehicle is off.
Addes some enhanced UDS Error codes.
Cleaned up reporting from getvinfo if the vehicle is off or not connected.
2017-02-27 21:09:57 -08:00
dcb42a3e69
Initial zigbee support using killerbee. Core session setup portion
2017-02-27 17:29:54 -08:00
0ebd51d224
Use native_arch for railgun sizes
2017-02-26 14:42:55 -05:00
3b2e5e0785
Add a new core_native_arch method for meterpreter
2017-02-26 14:22:24 -05:00
076848e904
Land #7993 , Keep sessions in progress alive
2017-02-24 16:57:47 -06:00
e5d0370a94
Fixes MS-1716, keep sessions in progress alive.
2017-02-24 12:56:05 -06:00
4f839299f1
Land #7978 , Add a test module for railgun API calls
2017-02-21 17:15:49 -06:00
2a20d24c29
Land #7966 , Fix 'rm' to handle multiple files
2017-02-21 13:32:19 -06:00
7d1fadb84f
Add a test module for railgun api calls
2017-02-18 17:37:49 -05:00
566bafe65d
Land #7962 , Uploading files without specifying the destination closes a Meterpreter session.
2017-02-17 17:04:22 -06:00
5207cb6c3a
Land #7914 , send the correct exception on channel open failure
2017-02-17 17:00:30 -06:00
807a27e73d
clarify error handling when a channel cannot be opened
2017-02-17 16:59:09 -06:00
5bd38af8d6
fix rm to handle multiple files
2017-02-15 19:22:39 -05:00
24a4211bb9
fix upload when dest not specified
2017-02-14 22:08:49 -05:00
b741c8b2f7
fix typo in failure path, pointed out by rw-
2017-02-13 21:16:48 -06:00
74e029f3b1
Land #7932 , Fix CVE-2017-5229
2017-02-07 19:22:36 -06:00
522c6dce8e
Land #7931 , Fix CVE-2017-5231 and respect user's dest
2017-02-07 19:22:17 -06:00
68a5d300fe
minor style issues
2017-02-07 18:35:35 -06:00
b370dd0654
Fix CVE-2017-5229 - extapi Clipboard.parse_dump() Directory Traversal
2017-02-07 18:24:06 -06:00
56cf6b129d
Fix CVE-2017-5228
2017-02-07 23:44:23 +10:00
cb74d3b05b
Fix CVE-2017-5231 and respect user's dest
2017-02-07 23:41:59 +10:00
9db2cdb33a
Fix close session
...
Fix close session if remote file is permission deined
2017-02-05 02:00:05 +03:00
23c2787d57
Land #7795 , Hardware Bridge API.
...
Initial bridge API that supports the HW rest protocol.
2017-02-02 08:47:59 -06:00
16de745437
Minor code cleanups/corrections.
2017-02-01 16:12:45 -06:00
2ff4e6f57e
Fixed defaults for elm327 realy.
...
Array2Hex in the automotive extension how supports passing an array or integers or string hexes
Added some extra error handling for UDS calls to non-supported pids
2017-01-25 11:30:29 -08:00
a3cf400566
Re-set the TLV names for migration stuff
2017-01-24 07:36:56 +10:00
2c8cd80a2b
revert change to TLV_TYPE_MIGRATE_LEN in #7856
2017-01-23 09:23:32 -06:00
677d070179
make tlv enum of migrate length consistent
2017-01-23 09:19:53 -06:00
198d6e00ff
Fixed bug in array2hex that did not convert hex values to integers before formatting
2017-01-22 17:50:33 -08:00
f61314d2d6
Land #7856 , Fix incorrect translations in TLV inspection code
2017-01-22 11:08:05 -06:00
f69b4a330e
handle Ruby 2.4 Fixnum/Bignum -> Integer deprecations
2017-01-22 10:20:03 -06:00
441222c2b5
Merge remote-tracking branch 'upstream/master' into land-7787-
2017-01-22 09:44:11 -06:00
e0094897a1
Add CSV and vCard support to dump_contacts
2017-01-20 19:18:50 -06:00
7e50ce09c0
Fix TLV inspect issue
2017-01-21 09:17:20 +10:00
5b2e76b981
Land #7794 , Fix #7793 , incorrect command name in android meterpreter extension
2017-01-11 12:38:36 -06:00
5f07bca775
Hardware Bridge API. Initial bridge API that supports the HW rest protocol specified here:
...
http://opengarages.org/hwbridge Supports an automotive extension with UDS calls for mdoule
development.
2017-01-06 19:51:41 -08:00
6dee63d727
Incorrect command name
2017-01-06 23:58:18 +00:00
eec5e88e1c
android_wakelock
2017-01-05 19:17:28 +07:00
5a4abeb110
make Rex UDPSocket.send work just like the real thing
2017-01-02 09:38:26 -06:00
d5bc6a089f
recvfrom_nonblock need flag = 0, not nil
2017-01-02 08:55:12 -06:00
bb684bb3b1
tcp channel fixes
2016-12-30 14:59:10 -06:00
99da91e278
Adjust golden ticket creation to force params when SYSTEM
2016-12-23 20:29:00 +10:00
894ed4957f
Add help where appropriate
2016-12-23 10:51:33 +10:00
93a280dfc1
Merge upstream/master ready for PR
2016-12-23 10:20:53 +10:00
34e3a17fda
Remove unused Kiwi TLVs
2016-12-23 09:57:57 +10:00
5702bd6745
Land #7674 , Move migration stub generation code into msf
2016-12-22 17:53:00 -06:00
4c150a10c2
Update to use new base64 flags for kiwi
2016-12-23 09:40:11 +10:00
c97e6ae1e8
Handle stupid merge from OJ's upstream
2016-12-23 09:00:27 +10:00
e6e2388256
SSP creds and golden tickets
2016-12-23 08:34:16 +10:00
0bca485858
Continue work on enabling kiwi functionality
2016-12-20 18:25:48 +10:00
ee4caba646
Remove `terminal` and tweak `sessions`
...
Hopefully everyone is now happy!
2016-12-20 07:50:07 +10:00
74040c4ee6
Rename the `sess` command to `terminal`
...
Lots of people have been frustrated by the `sess` command as it mucks
with the autocomplete for `sessions`. This is a fair concern, especially
given that `sess` was intended to be a non-annoying shortcut.
This commit changes the `sess` command so that it is instead called
`terminal`. I couldn't think of a better option that didn't already
clash with another name or meaning. At least `terminal` is something
that doesn't clash, doesn't muck with any existin autocomplete rules,
and is in some way another name for the existing sessions.
Feedback appreciated!
2016-12-19 17:05:04 +10:00
609c8da772
Re-add wifi support, start work on kerberos stuff
2016-12-10 11:20:16 +10:00
9a7c0eb7b6
Fix cloe file
2016-12-08 21:28:39 +03:00
d0696a09ad
Move migration stub generation into MSF
...
This code adds support for transport-specific migration stubs to be
generated in MSF rather than having them hard-coded in Meterpreter.
2016-12-08 16:01:13 +10:00
50b0c9ef5e
Add tspkg support and fix parsing a little
2016-12-07 15:06:08 +10:00
7d316cb3e6
Begin work on parsing mimikatz output and handling more cmds
2016-12-07 15:06:08 +10:00
8f4621f424
Initial work to support the new kiwi extension
2016-12-07 15:05:02 +10:00
b4a2a6ed60
Merge remote-tracking branch 'upstream/master' into land-7625-
2016-12-06 06:23:32 -06:00
8f3fab4b1b
fix sleep and transport on android
2016-11-30 21:59:01 +08:00
468bf4696f
stdapi_fs_file_copy
2016-11-29 13:56:27 +08:00
16b5f40dae
Revert "Rework XOR code to make more sense"
...
This reverts commit 699a8e91d2
2016-11-20 19:09:45 -06:00
f313389be4
Merge remote-tracking branch 'upstream/master' into land-7507-uuid-arch
2016-11-20 19:08:56 -06:00
5490fda0ae
Merge remote-tracking branch 'upstream/master' into land-7261
2016-11-14 16:49:28 -06:00
OJ
Spencer McIntyre
William Webb
James Lee
Brent Cook
RageLtMan
Tim
TheNaterz
Pearce Barry
William Vu
Craig Smith
Brent Cook
Leon Jacobs
bwatters-r7
Rich Whitcroft
Justin Steven
Artem
Jeffrey Martin
Ubuntu