Meatballs
dc38212741
Fix function parsing
2014-05-05 20:53:36 +01:00
Meatballs
0b886db406
Script specs and remove unknown method
2014-05-05 19:01:36 +01:00
Meatballs
0177e51148
Finish obfu specs and use rig
2014-05-05 18:47:25 +01:00
Meatballs
6ab85027a4
More spec
2014-05-05 17:47:30 +01:00
Meatballs
162b6a8ab9
Add output spec
2014-05-05 14:48:18 +01:00
Meatballs
399928cf69
Remove unnecessary requires
2014-05-05 13:37:17 +01:00
Rob Fuller
c3fb5bf614
fix a few clarical errors and typos
2014-04-29 22:42:26 -04:00
James Lee
4bd2dabfcd
Land #3121 , new kiwi extension, with compiled bins
...
See also rapid7/meterpreter#79
2014-04-29 17:53:37 -05:00
Meatballs
b860cecad6
Function spec (doesnt pass)
2014-04-28 14:09:39 +01:00
Meatballs
8031e50d35
Make Exploitation::Powershell testable
...
Example test
2014-04-26 13:27:25 +01:00
Meatballs
98d2b2293b
Unnecessary return
2014-04-26 13:05:47 +01:00
Meatballs
be10c8e4ac
Split Rex::Exploitation::Powershell::* into individual files
2014-04-26 12:59:43 +01:00
Meatballs
206184007f
Move methods and rename file so it is run by rspec
2014-04-25 15:16:15 +01:00
Meatballs
32fa8748a8
Fix up decompress
2014-04-23 05:20:54 +01:00
Meatballs
e774411b63
Revert Enum removal
...
.NET 4.5 has two constructors with 2 args so this becomes ambiguous
2014-04-23 02:06:14 +01:00
Meatballs
d2e8e07cfe
Fix old powershell generation
2014-04-23 01:58:02 +01:00
Meatballs
dd38a81dfc
Fix a @parma
2014-04-23 01:10:13 +01:00
Meatballs
647936e291
Add more yarddoc to Rex::Exploitation::Powershell
...
encode_code doesn't use eof
no need to unicode encode in gzip as this is handled by encode_code
2014-04-23 01:07:54 +01:00
Meatballs
86cfecdd95
Shave some chars off compression code
2014-04-22 14:52:30 +01:00
Meatballs
354311d191
No need to out-null if no windows is shown
2014-04-22 14:42:03 +01:00
Meatballs
cec12edd99
Use enum integer values
2014-04-22 14:40:32 +01:00
Meatballs
71b43d392b
Dont need to specify ASCII mode
2014-04-22 14:36:02 +01:00
James Lee
49bd86f077
Clean up yardocs and a few style issues
2014-04-21 03:12:23 -05:00
Meatballs
c936dc963c
Shorten compression
2014-04-19 18:55:45 +01:00
Meatballs
67f44072ca
Merge remote-tracking branch 'upstream/master' into pr2075
2014-04-19 18:45:55 +01:00
RageLtMan
9f05760c50
Merge with Meatballs' initial changes
...
Clean up arch detection code and dedup Msf/Rex
Reduce generated payload size
2014-04-18 00:28:48 -04:00
RageLtMan
5c3289bbc6
merge fix
2014-04-17 21:26:04 -04:00
Meatballs
38d8df4040
Merge remote-tracking branch 'upstream/master' into pr2075
...
Conflicts:
modules/exploits/windows/local/wmi.rb
2014-04-15 22:06:45 +01:00
Meatballs
02b11afddc
Merge remote-tracking branch 'upstream/master' into netapi_change_passwd
...
Conflicts:
lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_netapi32.rb
2014-04-15 21:23:45 +01:00
Meatballs
fc018eb32e
Initial commit
2014-04-15 21:05:06 +01:00
joev
e09f887c4c
Revert "Fixes large-string expansion in JSObfu."
...
This reverts commit 14fed8c610
.
2014-04-11 16:51:47 -05:00
joev
4cb04b6b9a
Revert "Use implicit return for assignment."
...
This reverts commit 49139cc07f
.
2014-04-11 16:51:40 -05:00
joev
21b2697b95
Revert "Use tiny var names by default."
...
This reverts commit 52432ef482
.
2014-04-11 16:51:34 -05:00
joev
d41b3467f8
Revert "Re-add the #random_string(len) method to pass specs."
...
This reverts commit bd8918e4e1
.
2014-04-11 16:51:21 -05:00
sinn3r
a6a6ad2217
Land #3227 - Remove bundled rkelly, to Gemfile
2014-04-10 12:31:59 -05:00
sinn3r
68a50e3663
Land #3224 - Fixes large-string expansion in JSObfu
2014-04-10 12:09:22 -05:00
Joe Vennix
bd8918e4e1
Re-add the #random_string(len) method to pass specs.
2014-04-09 17:44:48 -05:00
Joe Vennix
57aa1eec11
Kick rkelly out to a gem, add rkelly-remixed.
...
rkelly-remixed is a faster fork of rkelly that is more frequently updated
nowadays. With the new gem, jsobfu obfuscates os.js about twice as fast on
my dev environment.
2014-04-09 17:21:22 -05:00
Joe Vennix
52432ef482
Use tiny var names by default.
2014-04-09 16:54:02 -05:00
Joe Vennix
49139cc07f
Use implicit return for assignment.
2014-04-09 15:48:07 -05:00
Joe Vennix
14fed8c610
Fixes large-string expansion in JSObfu.
2014-04-09 15:45:48 -05:00
Meatballs
ae3ead6ef9
Land #2107 Post Enum Domain Users
2014-04-09 11:32:12 +01:00
jvazquez-r7
80b069f161
Add support for spoofed zip Central Dir names at Entry level
2014-04-07 09:21:26 -05:00
jvazquez-r7
46e6f937f1
Revert "Add central directory zip spoofing"
...
This reverts commit d0700e8ac4
.
2014-04-07 08:50:33 -05:00
jvazquez-r7
d0700e8ac4
Add central directory zip spoofing
2014-04-07 08:49:49 -05:00
jvazquez-r7
6d72860d58
Land #3004 , @m-1-k-3's linksys moon exploit
2014-04-04 14:04:48 -05:00
William Vu
9779913060
Land #3184 , Rex::Proto::Http::Client IOError fix
2014-04-03 15:58:50 -05:00
joev
42d59d269e
Check #closed? instead of rescuing.
2014-04-03 14:20:48 -05:00
joev
98628b814e
Prevent Rex::Proto::Http::Client from raising on close.
2014-04-03 11:36:18 -05:00
HD Moore
231138da1b
Fix a typo in the nexpose raw importer
2014-04-03 07:12:45 -07:00
OJ
670a0c8e0f
Merge branch 'upstream/master' into ext_server_kiwi
2014-04-02 19:36:42 +10:00
OJ
e61e532223
Add support for extraction of wifi profile creds
2014-04-02 17:16:40 +10:00
OJ
1d46e65897
Update to match meterpreter changes
...
This also includes the ability to specify id and groups for the
golden ticket feature.
2014-04-02 12:29:35 +10:00
HD Moore
7e227581a7
Rework OS fingerprinting to match Recog changes
...
This commit changes how os_name and os_flavor are handled
for client-side exploits, matching recent changes to the
server-side exploits and scanner fingerprints.
This commit also updates the client-side fingerprinting to
take into account Windows 8.1 and IE 9, 10, and 11.
2014-04-01 08:14:58 -07:00
Tod Beardsley
1b0fe74da5
Use Array#sample in email generators.
2014-04-01 14:11:23 -05:00
Tod Beardsley
8ab03f3aeb
Use Array#sample in randomize_space
2014-04-01 14:09:07 -05:00
Tod Beardsley
ec7bb6de54
Land #2969 , random name generator for phishing
2014-04-01 13:00:55 -05:00
William Vu
8bd5d10052
Use rand_hostname in rand_mail_address
2014-03-28 16:44:49 -05:00
jvazquez-r7
8f1e55de5a
Use ObfuscateJS
2014-03-28 11:08:38 -05:00
jvazquez-r7
da6a428bbf
Modify libs to support explib2
2014-03-28 10:44:52 -05:00
OJ
86ddd24d26
Update to use Rex::Text and change handling a bit
...
This change also outputs blank creds so that users know which
accounts have blank passwords
2014-03-28 16:12:51 +10:00
OJ
65e204e834
Modify the menu item descriptions
2014-03-28 11:03:38 +10:00
OJ
3a42cb8a46
Fix typo in kiwi help
2014-03-28 11:03:03 +10:00
Tod Beardsley
8e7f12e30e
Land #3085 , service_control support
...
This depends on rapid7/meterpreter#77 to function
2014-03-19 08:43:17 -05:00
Tod Beardsley
04b5d71fa5
Land #3061 , enhance clipboard dump
...
This depends on rapid7/meterpreter#75 to function
2014-03-19 08:42:36 -05:00
Tod Beardsley
35b94b04bf
Land #2889 , WMI support
...
This depends on rapid7/meterpreter#69 to actually be useful.
2014-03-19 08:42:03 -05:00
OJ
11f9bfadb1
Final bits of documentation and code tweaking
2014-03-19 18:40:53 +10:00
OJ
84728c9fc9
Code tidying and defaulting to empty strings for table format
2014-03-19 16:19:23 +10:00
OJ
959cedb9b1
Bit more code tidying
2014-03-19 16:19:05 +10:00
OJ
f80c7b7b51
Fix silly typo
2014-03-19 15:55:12 +10:00
OJ
0dcf992781
Add comments to the kiwi source
2014-03-19 15:45:53 +10:00
OJ
3635fff98e
Add support for kerberos ticket enumeration
...
Fix up a bunch of other issues and do some code tidies too.
2014-03-19 14:25:11 +10:00
OJ
91e198fd63
Add SAM key dump in LSA dumping output
2014-03-18 09:45:31 +10:00
OJ
dfb4b22015
Merge branch 'upstream/master' into ext_server_kiwi
2014-03-18 08:08:45 +10:00
William Vu
9eada528d7
Land #3097 , Rex::Text.uri_encode RFC 3986 fix
2014-03-14 15:38:24 -05:00
OJ
a9758413c0
Add lsa secret dumps plus other tweaks
2014-03-14 19:50:01 +10:00
Tod Beardsley
520d1e69c4
Rapid7 Comma Inc
...
After some more discussion with Rapid7's legal fellow.
2014-03-13 09:46:20 -05:00
Tod Beardsley
9d4ceaa3a0
Let's try to be consistent about Rapid7 Inc.
...
According to
http://www.sec.gov/Archives/edgar/data/1560327/000156032712000001/0001560327-12-000001.txt
Rapid7 is actually "Rapid7 Inc" not "Rapid7, LLC" any more.
This does not address the few copyright/license statements around
"Metasploit LLC," whatever that is.
2014-03-12 11:20:17 -05:00
sinn3r
b431bf3da9
Land #3052 - Fix nil error in BES
2014-03-11 12:51:03 -05:00
OJ
1d70411ea7
Support service_control and new status field in query
...
This code adds support for the new service_control feature in meterpreter
and also supports the status field that comes from the service_query function.
2014-03-11 14:50:19 +10:00
sinn3r
c76a1ab9f4
Land #3065 - Safari User-Assisted Download & Run Attack
2014-03-07 10:29:56 -06:00
Joe Vennix
9638bc7061
Allow a custom .app bundle.
...
* adds a method to Rex::Zip::Archive to allow recursive packing
2014-03-06 16:11:30 -06:00
William Vu
096d6ad951
Land #3055 , heapLib2 integration
2014-03-05 15:48:13 -06:00
Joe Vennix
5790547d34
Start undoing some work.
2014-03-04 17:01:53 -06:00
Tod Beardsley
6e88bbd827
No need for that kind of language
2014-03-04 14:34:50 -06:00
OJ
0bdce4836f
Modify clipboard dump to support new format from Meterpreter
2014-03-04 19:37:57 +10:00
Joe Vennix
3360f7004d
Update form_post vars, add Expires to cookie.
2014-03-03 23:29:02 -06:00
Joe Vennix
6c3b667152
Kill extra comma.
2014-03-03 16:48:02 -06:00
Joe Vennix
bfecf9525d
Add Rex::RandomIdentifierGenerator.
2014-03-03 16:43:49 -06:00
Joe Vennix
517a85d141
Remove unneeded quotes.
2014-03-03 15:42:46 -06:00
Joe Vennix
b3ab8f7ce1
Make random_var_name public, add specs for it.
2014-03-03 15:39:56 -06:00
Joe Vennix
ae9ce962c0
Add future reserved words.
...
Gotta stay ahead of the game.
2014-03-03 14:59:46 -06:00
Joe Vennix
dd86a9188c
Prevent jsobfu from generating duplicate/reserved tokens.
...
I got an error from a script that tried to 'set void = 1'.
2014-03-03 14:56:50 -06:00
sinn3r
ee1209b7fb
This should work
2014-03-03 11:53:51 -06:00
OJ
e0438f570b
Merge branch 'upstream/master' into ext_server_kiwi
2014-03-03 17:28:44 +10:00
Joe Vennix
b458b8ad63
Add specs for new methods.
2014-03-02 20:23:20 -06:00
Joe Vennix
46f27289ed
Reorganizes form_post into separate file.
2014-03-02 19:55:21 -06:00
Meatballs
8dee9b22c3
Reinstate to_byte_array
2014-03-02 22:07:47 +00:00
Meatballs
2acd0a1b1e
Reinstance encode_code
2014-03-02 21:03:31 +00:00
Meatballs
2885ebcb40
Merge remote-tracking branch 'upstream/master' into pr2075
2014-03-02 20:57:02 +00:00
Meatballs
c9a2135959
Merge in semperv
2014-03-02 19:07:13 +00:00
sinn3r
8cf5c3b97e
Add heaplib2
...
[SeeRM #8769 ] Add heapLib2 for browser exploitation
2014-03-02 11:47:18 -06:00
FireFart
8543da0fbd
Corrected uri_encode
2014-03-01 11:30:50 +01:00
jvazquez-r7
6c490af75e
Add randomization to Rex::Zip::Jar and java_signed_applet
2014-02-27 12:38:52 -06:00
Michael Messner
dbbd080fc1
a first try of the cmd stager, wget in a seperated module included
2014-02-23 20:59:17 +01:00
jvazquez-r7
4ca4d82d89
Land #2939 , @Meatballs1 exploit for Wikimedia RCE and a lot more...
2014-02-18 17:48:02 -06:00
Meatballs
6f988209ab
Merge remote-tracking branch 'upstream/master' into enum_domain_users_update
2014-02-18 20:02:39 +00:00
Tod Beardsley
8e0a4aaa58
Land #2983 , webcam_chat for Meterpreter
2014-02-18 13:43:42 -06:00
sinn3r
0519abb558
Fix the wrong conversion
2014-02-17 23:17:19 -06:00
jvazquez-r7
f07efc91a8
Land #2915 , @Meatballs1 improvements for LDAP post mixin
2014-02-17 19:14:59 -06:00
Meatballs
f5c401bee7
Yarddocs
2014-02-14 22:59:36 +00:00
Meatballs
b8b36ef528
Merge remote-tracking branch 'upstream/master' into pr2075
2014-02-14 22:52:55 +00:00
sinn3r
d606be5efb
That's funny I changed the wrong method
2014-02-13 16:41:18 -06:00
sinn3r
5d3eed8600
Add info about browser requirements in help
2014-02-13 16:37:05 -06:00
sinn3r
9c48335764
Change to google.com
2014-02-13 16:30:44 -06:00
sinn3r
a44f235a8d
Fix things based on Tod's feedback
2014-02-13 16:13:42 -06:00
RageLtMan
29bf296b61
import rex powershell
2014-02-12 16:45:57 -05:00
RageLtMan
b453362a52
Merge remote-tracking branch 'upstream/pr/2966' into integrate_with_meatballs
2014-02-12 16:43:30 -05:00
jvazquez-r7
ff267a64b1
Have into account the Content-Transfer-Encoding header
2014-02-12 12:40:11 -06:00
sinn3r
45d4b1e1fd
Land #2958 - Add options: Applicaiton-Name, Permissions for jar.rb
2014-02-12 11:14:25 -06:00
sinn3r
750ce3c4db
Make server configurable
2014-02-11 23:07:43 -06:00
OJ
beca4b8bc3
Fix issue with getenv failing
...
The call to `getenv` failed when `%` or `$` were used because of the
differences between Meterpreter handling and MSF handling.
Meterpreter effectively ignores (ie. strips out) the platform-specific
characters which are used for environment variables. In the `getenv`
call, MSF was invoking `getenvs` and getting a full hash of values, then
attempting to index into the hash using a string which may be "polluted"
with those platform-specific characters. This meant that there was a
discrepency between what was returned and what was used to index and
as a result, the value would come out as `nil`.
For example, calling `getenv('%FOO%')` would result in a hash with
`{'FOO'=>'bar'}`, so looking for '%FOO%' in this result would yield
nothing.
This commit changes this so that the name is ignored and the first
value is returned.
2014-02-12 13:51:30 +10:00
jvazquez-r7
51df2d8b51
Use the fixed API on the mediawiki exploit
2014-02-11 08:28:58 -06:00
sinn3r
2bb15d3a87
answerer's interface gets a makeover
2014-02-11 02:15:22 -06:00
jvazquez-r7
79d559a0c9
Fix MIME message to_s
2014-02-10 22:23:23 -06:00
sinn3r
fdd696fc31
Drop Opera support
...
It's sad nobody is actually using it. See article: "Across desktop and
mobile, Chrome is used more than Firefox, IE, and Opera combined" -
thenextweb.com
2014-02-10 18:03:42 -06:00
sinn3r
1414f6794c
Change the name of the video chat command
2014-02-10 17:44:47 -06:00
sinn3r
44282d8a83
Add an exception handling
2014-02-10 17:06:56 -06:00
sinn3r
1114913298
Automatically turn on webcam in Firefox
2014-02-10 17:05:08 -06:00
sinn3r
48fdb08164
Add flag --use-fake-ui-for-media-stream
...
Thanks Joev!!
2014-02-10 14:47:25 -06:00
Matteo Cantoni
427fece52c
Add random mail address function
2014-02-10 21:04:44 +01:00
jvazquez-r7
57320a59f1
Do small clean up for mediawiki_thumb pr
2014-02-10 08:57:09 -06:00
sinn3r
93ef3c784d
Update some JavaScript and other things
2014-02-08 22:23:19 -06:00
sinn3r
b279c45db5
Update open_webrtc_browser method
2014-02-08 20:47:02 -06:00
sinn3r
0d24f06109
Not adding remote support for Linux meterpreter, here's why
2014-02-08 20:30:53 -06:00
sinn3r
be8538f3bd
Tweak video attributes
2014-02-08 19:56:43 -06:00
sinn3r
8d55104712
Random channel
2014-02-08 19:36:33 -06:00
sinn3r
e25767ceab
More progress
2014-02-08 17:28:15 -06:00
sinn3r
3f9ad8a6d5
Fix bugs and stuff
2014-02-08 16:11:39 -06:00
Meatballs
c37cb5075c
Merge remote-tracking branch 'upstream/master' into pr2075
2014-02-08 22:11:31 +00:00
Meatballs
c76862b391
Reduce payload size
2014-02-08 22:11:17 +00:00
sinn3r
22cc665115
More error handling
2014-02-08 16:06:51 -06:00
sinn3r
07ad99ba3a
Remove unnecessary methods
2014-02-08 15:51:33 -06:00
sinn3r
a70c77c9eb
Handle some more exceptions
2014-02-08 15:51:11 -06:00
sinn3r
325214e37f
Fix bugs and stuff
2014-02-08 15:41:44 -06:00
Meatballs
b10df54dbb
Dont need to encode the compress payload
2014-02-08 21:34:51 +00:00
Meatballs
09c48358f4
Retab rex powershell
2014-02-08 20:43:04 +00:00
sinn3r
e8ec6d1062
Rename command name
2014-02-08 03:53:49 -06:00
sinn3r
ee1900c273
progress
2014-02-08 03:29:15 -06:00
sinn3r
b188943bd1
Progress
2014-02-08 02:57:49 -06:00
sinn3r
526bf9f6bc
This should work
2014-02-07 22:17:42 -06:00
Meatballs
103780c3da
Merge remote-tracking branch 'upstream/master' into mediawiki
2014-02-07 20:07:04 +00:00
sinn3r
36f3a82b5c
A wise man once said do not abuse the power of expand_path
2014-02-07 12:10:58 -06:00
sinn3r
bab9a5522b
You will go deaf with the default volume value. No thanks.
2014-02-07 11:35:57 -06:00
sinn3r
3c3bd11aca
Oh look, more progress
2014-02-07 11:25:20 -06:00
grimmlin
2d93b38e2a
Fixed java_signed_applet for Java 7u51
2014-02-07 16:29:50 +01:00
sinn3r
43be99f31b
Save some progress
2014-02-07 03:06:52 -06:00
sinn3r
f66fc15b9e
Add support for webrtc in meterpreter
2014-02-06 10:44:24 -06:00
Meatballs
76515092ce
Small mime changes
2014-02-03 23:28:26 +00:00
Meatballs
595e5fd8b1
Correct mime logic
2014-02-03 21:59:17 +00:00
Meatballs
83925da2f1
Refactor form_data code
2014-02-03 21:16:58 +00:00
Meatballs
8b33ef1874
Not html its form-data...
2014-02-02 13:57:29 +00:00
Meatballs
9f35407a0c
Add MIME to_html method
2014-02-01 00:37:01 +00:00
OJ
b60398b020
Merge branch 'upstream/master' into clipboard_monitor
...
Conflicts:
lib/rex/post/meterpreter/extensions/extapi/tlv.rb
2014-01-29 23:07:05 +10:00
OJ
ad1dce38d2
Final fixes before the monitor PR
2014-01-29 23:04:43 +10:00
OJ
2ef0e7e2a5
Small tidy of code
2014-01-29 17:07:06 +10:00
OJ
e27707cac3
More tweaking of the clipboard monitor with dump/purge
2014-01-29 14:51:03 +10:00
OJ
10ac7a22af
Land #2897 Sane address resolution [FixRM #7259 ]
2014-01-28 23:09:44 +10:00
Meatballs
6d9e395d40
Use LPVOID to avoid ptr trunc
2014-01-24 23:27:56 +00:00
Tod Beardsley
1ff063d7de
Test the object not the class duhhh
2014-01-24 11:46:48 -06:00
Tod Beardsley
37b11ce2e1
Use Class#kind_of? instead of ==
2014-01-24 11:31:04 -06:00
Meatballs
9fce617462
Fixup railgun utils
...
Implement DsGetDcNamea to return current domain using example
railgun utils techniques.
2014-01-24 16:22:05 +00:00
Tod Beardsley
4bac297f66
Land #1473 , add LDAP hotness
2014-01-23 18:11:39 -06:00
Joe Vennix
de06480f4f
Add a defined? check to fix older versions of OpenSSL.
...
Older versions of OpenSSL did not export the OP_NO_COMPRESSION constant,
so users running metasploit on systems with old copies of openssl
would throw a NameError since the constant did not exist.
2014-01-23 14:51:47 -06:00
Meatballs
9acd0f4b56
Merge remote-tracking branch 'upstream/master' into enum_ad_perf
2014-01-22 21:46:50 +00:00
Tod Beardsley
636c43dcdc
Land #2736 , basic ADSI support via meterp extapi
2014-01-22 15:24:01 -06:00
Tod Beardsley
90207628cc
Land #2666 , SSLCompression option
...
[SeeRM #823 ], where Stephen was asking for SSL compression for
Meterpreter -- this isn't that, but it's at least now possible for other
Metasploit functionality.
2014-01-22 10:42:13 -06:00
OJ
83358fbbf0
More work on the clipboard monitor
2014-01-22 22:56:13 +10:00
OJ
a7d4aa5d46
Merge branch 'upstream/master' into clipboard_monitor
...
Conflicts:
lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/clipboard.rb
2014-01-22 11:51:10 +10:00
James Lee
e9ccec4755
Refactor load_session_info
...
All of this code is in sore need of some specs but I think this change
makes it a bit easier to understand what it is supposed to be doing.
2014-01-21 18:55:54 -06:00
Tod Beardsley
0b6e03df75
More comment docs on SSLCompression
2014-01-21 16:48:26 -06:00
Meatballs
720f892e2f
Merge remote-tracking branch 'upstream/master' into enum_ad_perf
2014-01-21 21:00:51 +00:00
William Vu
dc4b4218b3
Make {COUNT,SIZE}_MAX more readable
...
Good suggestion, @jlee-r7.
2014-01-21 12:13:14 -06:00
William Vu
6a16cf96ba
Fix bug in fsupload
...
Badchar analysis: file may contain form feeds.
2014-01-21 11:36:24 -06:00
OJ
524bbceb1a
Merge branch 'upstream/master' into ext_server_kiwi
2014-01-17 11:53:07 +10:00
OJ
9212013c3e
Add error message support
...
This commit enables returning of error messages based on the HRESULT.
They still aren't nice, but they're better than nothing.
2014-01-17 11:42:07 +10:00
jvazquez-r7
ac9e634cbb
Land #2874 , @mandreko's sercomm exploit fixes
2014-01-16 16:35:32 -06:00
sinn3r
a1eba03d1f
Land #2725 - Rex::Proto::PJL plus modules
2014-01-16 15:57:38 -06:00
William Vu
9bf90b836b
Add environment variables support
2014-01-16 14:53:25 -06:00
William Vu
0915212249
Fix socket timeout bug
2014-01-16 11:58:37 -06:00
jvazquez-r7
0b9ff43217
Make slice_up_payload easier
2014-01-16 11:03:22 -06:00
jvazquez-r7
f41849c921
Clean CmdStagerEcho
2014-01-16 11:00:57 -06:00
OJ
8e1d3c9c2a
Final tweaks for WMI support
2014-01-16 22:02:28 +10:00
OJ
69abffaff6
First pass of WMI support
...
Close but more to do.
2014-01-16 13:47:46 +10:00
William Vu
311704fc0a
Perform final cleanup
2014-01-15 13:49:37 -06:00
OJ
870349acd0
Merge branch 'upstream/master' into basic_adsi_support
2014-01-15 19:57:07 +10:00
Matt Andreko
b7b1ddf1e8
Sercomm Exploit module fixes
...
Added targets for 8 specific targets that I've tested: Cisco WAP4410N,
Honeywell WAP-PL2 IP Camera, Netgear DG834, Netgear DG834G, Netgear
DG834PN, Netgear DGN1000, Netgear DSG835, Netgear WPNT834
Added functionality to the CmdStagerEcho mix-in to support encoding via
octal instead of hex based on the :enc_type option. This is because many
devices would not output hex encoded values properly.
Added options on a per-target basis for the PackFormat (endian pack()
values for communication), UploadPath (because /tmp wasn't always
writable), and PayloadEncode (previously mentioned octal encoding
option)
Note for some reason, some devices communicate over one endianness, but
then require a payload for the other endianess. I'm not sure what's
causing this, but if those specific combinations are not used, the
exploit fails. More research may be required for this.
2014-01-13 16:58:32 -05:00
sinn3r
cacd7ff9d4
Land #2827 - Add firefox js xpcom payloads for universal ff shells
2014-01-10 14:29:32 -06:00
OJ
0f722cbe6d
Add ext_server_kiwi, which is Mimikatz v2
...
This is a separate extension because the new version doesn't support
as many operating systems as the old version, but it does have more
new features which are really funky.
2014-01-10 16:51:01 +10:00
William Vu
b43a221959
Land #2855 , Rex::Socket refactor and specs
2014-01-09 16:20:50 -06:00
James Lee
ba252ec0c3
Use 'unless' instead of 'if not'
2014-01-09 16:01:58 -06:00
James Lee
7cb6836209
Replace unused var with purpose-revealing comment
2014-01-09 15:07:04 -06:00
James Lee
27133257a4
Better docs, more accurate var names
2014-01-09 15:05:19 -06:00
James Lee
20a5bf45f5
Fix beug with #next raising after the end
...
... instead of the old behavior or just returning nil again
2014-01-09 15:03:11 -06:00
William Vu
1893cbca0e
Land #2843 , RangeWalker resolution failure bug fix
2014-01-09 14:36:32 -06:00
James Lee
1519af33f5
Refactor `getaddress` in terms of `getaddresses`
2014-01-09 11:03:24 -06:00
jvazquez-r7
85203c2f2a
Land #2823 , @mandreko's exploit module for OSVDB 101653
2014-01-09 10:27:44 -06:00
James Lee
01f350964f
Add specs for some stuff in Rex::Socket
2014-01-09 10:19:19 -06:00
William Vu
27f079ad7c
Move {begin,end}_job from libs to modules
2014-01-09 01:03:01 -06:00
William Vu
025fc79683
Refactor commands for modularity
2014-01-09 01:03:01 -06:00
William Vu
3fca11e5ac
Replace magic numbers with constants
2014-01-09 01:03:01 -06:00
William Vu
2f2823e323
Remove newline from end_job to conform to spec
2014-01-09 01:03:01 -06:00
William Vu
d3bbe5b5d0
Add filesystem commands and new PoC modules
...
This commit also refactors some of the code.
2014-01-09 01:03:01 -06:00
William Vu
af66310e3a
Address @jlee-r7's comments
2014-01-09 01:03:01 -06:00
William Vu
bab32d15f3
Address @wchen-r7's comments
2014-01-09 01:03:00 -06:00
William Vu
1c889beada
Add Rex::Proto::PJL and PoC modules
2014-01-09 01:03:00 -06:00
Matt Andreko
d2458bcd2a
Code Review Feedback
...
Migrated the Sercomm module to use the CmdStager mixin to provide
uploading of the ELF binary.
Modified the CmdStagerEcho mixin to allow bypass of the "-en " since in
this case, the device messed up when it was used, and would actually
write the "-en " to the file, from some flaky busybox version of "echo".
2014-01-08 22:21:32 -05:00
James Lee
4bfe6b1b08
Remove pointless checks and add some docs
2014-01-08 14:37:40 -06:00
James Lee
4ba0020934
Simplify the logic deciding when we're finished
2014-01-08 14:22:44 -06:00
James Lee
22bdca92f4
Remove the ipv6 attr on Range
...
Makes more sense in the option hash.
2014-01-07 16:52:34 -06:00
James Lee
9c23910b69
Refactor Socket::Range
...
There was really no reason for it to inherit from Array. Also adds a few
more specs and gets coverage up to a more respectable percentage.
2014-01-07 16:31:55 -06:00
James Lee
2ed9772080
Fix unhandled exceptions when resolution fails
2014-01-07 12:00:04 -06:00
OJ
e3b90f3c4e
Fix issue with incorrect parameter parsing
...
Code was looking for -s instead of -a when dealing with domain
queries. This commit fixes that.
2014-01-05 20:06:47 +10:00
Tod Beardsley
bd2033c587
Land #2814 , streaming webcam STDAPI add
2014-01-03 12:09:25 -06:00
OJ
ef281bf31d
Adjust the getenv API
...
The getenv call in sys/config was renamed to getenvs and now uses
the splat operator so that arrays don't have to be passed in. A
new function called getenv was added which takes a single argument
and returns a single value back (for ease of use).
2014-01-03 08:05:45 +10:00
Joe Vennix
694cb11025
Add firefox platform, architecture, and payload.
...
* Enables chrome privilege exploits in firefox to run a javascript cmd
shell session without touching the disk.
* Adds a spec for the addon_generator.
2014-01-02 10:48:28 -06:00
sinn3r
e6823c39c2
Incorrect variable used
2014-01-02 00:50:32 -06:00
sinn3r
92a0ff1096
Add webcam livestream feature for meterpreter
...
[SeeRM #8729 ] - This meterpreter command allows the attacker to observe the target at real-time
by turning their webcam live. There is also a HTML-based player provided, which does not require
a plugin or anything, just open it with a browser. The HTML-based player also allows the attacker
to put livestream on the web (evil? yeah, kind of.)
2013-12-30 18:38:13 -06:00
Tod Beardsley
feaf6c23cf
Merge and Unconflict client.rb, new module splat
...
The only conflict was the regex option for no encoding, which was added
after @Meatballs1's original PR for rapid7/metasploit-framework#1421
Also fixes the module with the new license splat.
Conflicts:
lib/rex/proto/smb/client.rb
2013-12-30 16:53:13 -06:00
jvazquez-r7
8986659861
Land #2804 , @rcvalle's support for disasm on msfelfscan
2013-12-30 12:24:22 -06:00
Ramon de C Valle
c1f377fda6
Add disasm option to msfelfscan
2013-12-26 16:26:45 -02:00
Meatballs
3ef1c0ecd6
Merge remote-tracking branch 'upstream/master' into enum_ad_perf
2013-12-19 14:25:07 +00:00
Meatballs
244cf3b3f6
Merge remote-tracking branch 'upstream/pr/2736' into enum_ad_perf
2013-12-19 13:59:57 +00:00
Meatballs
b252e7873b
Merge remote-tracking branch 'upstream/master' into pr2075
2013-12-16 14:29:05 +00:00
Meatballs
ca1c887e68
Add missing ]
2013-12-15 01:12:50 +00:00
Meatballs
a930056d7f
Added service status checks to Post::Windows::Services
...
Added QueryServiceStatus to Railgun Advapi32 Definitions
Added Checks to module
Conflicts:
lib/msf/core/post/windows/services.rb
lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb
2013-12-15 01:12:45 +00:00
Spencer McIntyre
a08c420862
Add railgun definitions for local exploit relevant functions.
2013-12-12 10:26:08 -05:00
OJ
64b1e78e34
Fix page size and max results
2013-12-11 00:03:05 +10:00
OJ
8a1517fde8
Fix issues with missing params on computer enum
...
No more late night and rushed commits, its still and wastes people's time.
Thanks sinn3r for getting on this. Apologies for the poor quality of the PR.
2013-12-10 21:06:28 +10:00
OJ
2237419134
Merge branch 'upstream/master' into basic_adsi_support
2013-12-10 20:58:38 +10:00
Meatballs
45a0ac9e68
Land #2602 , Windows Extended API
...
Retrieve clipboard data
Retrieve window handles
Retrieve service information
2013-12-08 19:01:35 +00:00
Meatballs
e5a92a18a5
and expand path
2013-12-08 19:01:03 +00:00
Meatballs
3c67f1c6a9
Fix file download
2013-12-08 18:57:10 +00:00
OJ
a3c050c8b6
Added page size setting
2013-12-08 23:29:42 +10:00
OJ
8172596c0b
Fix rendering of result total
2013-12-08 20:58:03 +10:00
OJ
f13736d208
Add support for general domain queries
...
Specific queries are just wrappers over the top of the domain query
2013-12-08 20:41:30 +10:00
OJ
35b051174c
Add basic ADSI enum of users and computers
2013-12-07 00:22:54 +10:00
OJ
e90b7641ca
Allow self-destruct via "kill -s"
...
HTTP(s) payloads don't exit cleanly at the moment. This is an issue that's
being addressed through other work. However, there's a need to be able to
terminate the current HTTP(s) session forcably.
This commit add a -s option to kill, which (when specified) will kill
the current session.
2013-12-06 14:56:19 +10:00
OJ
4ca48308c1
Fix downloading of files
2013-12-06 13:40:20 +10:00
OJ
1d757c40db
Remove empty parens
2013-12-04 07:10:23 +10:00
OJ
8b77da4ef7
Fix non-rubyisms
2013-12-04 07:06:32 +10:00
OJ
18e1d9ce17
Revert "Start clipboard monitor functionality"
...
This reverts commit ecbdfd3502
.
I don't know how this got in there, as it's in another branch waiting for more work.
My bad.
2013-12-04 07:03:12 +10:00
sinn3r
4d3d02ae01
Land #2667 - Add num and dword output format
2013-12-02 13:52:17 -06:00
jvazquez-r7
0343aef7c8
Land #2695 , @wchen-r7's support to detect silverlight
2013-11-27 09:40:12 -06:00
sinn3r
5d10b44430
Add support for Silverlight
...
Add support for Silverlight exploitation. [SeeRM #8705 ]
2013-11-26 14:47:27 -06:00
OJ
1a65566005
Add the getenv command which pulls env vars from the victim
...
This command will allow the attacker to grab environment variables from the
target, if they exist. Calling this function allows for one or more values
to be passed in, which should match the name of the variable required. If
the variable is found, it is returned. If it is not found, the variable
is not returned (ie. it's not present in the resulting hash).
Note 1: POSIX environment vars are case-senstive, whereas Windows is not.
Note 2: POSIX doesn't seem to cough up user environment vars, it only returns
system vars. I'm not sure why this is, but it could be because of the way
we do linking on POSIX.
2013-11-26 10:05:50 +10:00
OJ
86b6d647bf
Merge branch 'upstream/master' into ext_server_extapi
2013-11-25 07:43:36 +10:00
Meatballs
20b76602a1
Merge remote-tracking branch 'upstream/master' into pr2075
...
Conflicts:
lib/msf/core/exploit/powershell.rb
2013-11-22 22:41:08 +00:00
OJ
4d1c3c1f01
Start clipboard monitor functionality
...
Added the basics of the clipboard monitor functionality with usage
messages and stuff like that. Lots more to do.
2013-11-22 13:31:40 +10:00
corelanc0d3r
742c52711a
added 2 new output types for msfencode: num and dword
2013-11-20 22:36:17 +01:00
Joe Vennix
e10f9cc518
More whitespace fixes.
2013-11-20 15:07:51 -06:00
Joe Vennix
739c7b4ca2
More dead code and tweaks.
2013-11-20 14:44:53 -06:00
Joe Vennix
3ff9da5643
Remove compression options from client sockets.
...
I couldn't verify that it was working, as it always sends 1 compression type of NULL.
2013-11-20 14:41:45 -06:00
OJ
ecbdfd3502
Start clipboard monitor functionality
...
Added the basics of the clipboard monitor functionality with usage
messages and stuff like that. Lots more to do.
2013-11-21 06:29:37 +10:00
Joe Vennix
b70b594a2a
Kill extraneous comma.
2013-11-20 13:47:47 -06:00
Joe Vennix
a7b01e3b72
Put initialize params back on one line, and move attr_accessors.
...
As per @hdm's feedback
2013-11-20 12:29:09 -06:00
Joe Vennix
e74e75fe6f
Revert changes to legacy rescues.
2013-11-20 12:20:34 -06:00
Joe Vennix
9f103f8621
Whitespace tweak.
2013-11-20 01:15:15 -06:00
Joe Vennix
f8b57d45cd
Reenable the client SSLCompression advanced option.
...
Add spec for some of the additions to Rex::Proto::Http::Client
2013-11-20 01:03:13 -06:00
Joe Vennix
d51b92b06f
Turns out & ~ does work.
...
Decided not to expose this as a datastore option for the Client,
but it can be used internally to toggle the compression.
2013-11-20 00:01:48 -06:00
Joe Vennix
a8c55f23a7
Remove &~ bit-clearing method in favor of defaults.
...
For some reason the OP_ALL & ~OP_NO_COMPRESSION method doesnt work,
but it is late and the default is false anyways.
2013-11-19 23:42:58 -06:00
Joe Vennix
109fc5a834
Add SSLCompression datastore option.
...
Also disables the compression by default. TLS-level compression is almost
never used by browsers, and openssl seems to be the only one that enables
it by default.
This also kills some ruby < 1.9.3 code.
2013-11-19 22:34:39 -06:00
jvazquez-r7
647c867c2d
Land #1681 , @sempervictus Rex::Text::Ui::Table [] method
2013-11-19 16:30:09 -06:00
jvazquez-r7
e1eddc84aa
Check for inexistent column names
2013-11-19 16:02:52 -06:00
jvazquez-r7
162d433014
Use snake_case for variables
2013-11-19 15:46:11 -06:00
jvazquez-r7
6a13a0eee6
fix indentation
2013-11-19 15:42:12 -06:00
jvazquez-r7
7435d74c59
Land #2093 , @sempervictus MaxChar for Rex::Ui::Text::Table cols
2013-11-19 13:34:45 -06:00
jvazquez-r7
4cf16cf360
Land #2633 , @OJ's port of Kitrap0d as local exploit
2013-11-14 09:27:10 -06:00
sinn3r
2fc43182be
Land #2622 - Fix up proxy/socks4a.rb
2013-11-12 18:22:32 -06:00
jvazquez-r7
ef6d9db48f
Land #2613 , @wchen-r7's BrowserExploitServer mixin
2013-11-12 17:33:12 -06:00
William Vu
8d4d7dae50
Restore comment header and remove carriage returns
2013-11-11 12:16:14 -06:00
sinn3r
d483f2ad79
Land #2618 - rm shebangs
2013-11-11 11:55:23 -06:00
Jonathan
36064ca886
remove EOL carriage return from socks4a.rb
2013-11-11 12:47:41 -05:00
OJ
6a25ba18be
Move kitrap0d exploit from getsystem to local exploit
...
This version modifies the existing meterpreter session and bumps the privs
up to SYSTEM. However it's not how local exploits are supposed to work.
More work will be done to make this create a new session with the elevated
privs instead.
2013-11-11 17:14:40 +10:00
Jonathan
26482f9ebd
reset head~2 and removed shebang from unattend.rb
2013-11-09 15:05:56 -05:00
Tod Beardsley
cc9ac7695d
Land #2592 , add getproxy
...
Needed for new functionality in #2612
2013-11-08 13:20:20 -06:00
Jonathan
575072585f
removed shebangs from files within rex
2013-11-07 18:51:59 -05:00
scriptjunkie
7615264b17
Merge branch 'lanattacks_fix' of git://github.com/OJ/metasploit-framework into OJ-lanattacks_fix
2013-11-07 10:35:00 -06:00
sinn3r
991240a87e
Support java version detection
2013-11-07 00:54:52 -06:00
OJ
1dacf7e57e
Last lot of shebangs removed
2013-11-07 07:35:51 +10:00
OJ
6422e1d6e8
Remove shebang, code tidy, as per @jlee-r7's gripes
2013-11-07 07:32:04 +10:00
OJ
7dcb071f11
Remote shebang and fix pxexeploit
2013-11-06 07:10:25 +10:00
sinn3r
5f2d8358c0
Be more browser specific with Javascript generation
2013-11-05 01:04:52 -06:00
OJ
d1e008387a
Stop auto preview, code clean
...
Removed the auto preview of captured images from the clipboard.
Removed parens from calls to print_line.
2013-11-05 07:15:31 +10:00
OJ
f62247e731
Fix comments, indenting and pxexploit module
...
Updated the comments and indentation so they're not blatantly wrong.
Adjusted the pxexploit module so that it doesn't break any more as
a result of the refactoring.
2013-11-05 06:35:50 +10:00
OJ
ff78082004
Refactor lanattacks ruby code, add command dispatcher
...
The lanattacks module didn't seem to have a command dispatcher, and
hence loading the module would always result in a failure. This
commit fixes this problem.
The commit contains a bit of a refactor of the lanattacks code to be
a little more modular. It also has a shiny new dispatcher which breaks
the DHCP and TFTP functionality up into separate areas.
2013-11-04 17:37:42 +10:00
joev
bccbed2757
Rename :use_xhr_shim to :inject_xhr_shim.
2013-11-02 16:52:04 -05:00
joev
90d8da6a21
Fix some bugs in my edits, add a spec.
2013-11-02 16:46:33 -05:00
joev
c7c1fcfa98
Pull shared XHR shim out, add option to static Js module method.
...
* Moves shim to data/js/network/xhr_shim.js
* Add some yardoc comments
2013-11-02 14:52:50 -05:00
OJ
d658fa46b4
Updated help, removed binaries
2013-11-02 23:10:16 +10:00