OJ
10ac7a22af
Land #2897 Sane address resolution [FixRM #7259 ]
2014-01-28 23:09:44 +10:00
sinn3r
6435ddd162
loop do this too
2014-01-26 16:35:44 -06:00
sinn3r
0ffacc3420
{ } block this
2014-01-26 16:33:21 -06:00
sinn3r
45bb336c51
Loop do it
2014-01-26 16:27:36 -06:00
sinn3r
eec01e79ff
No explicit "return"
2014-01-26 16:25:30 -06:00
sinn3r
48836b45cf
Last commit before PR
...
Code changes address these feature requests:
[SeeRM #8737 ]
[SeeRM #8752 ]
[SeeRM #8755 ]
2014-01-26 12:15:47 -06:00
sinn3r
a14dddd1ef
Show warning
2014-01-26 12:08:20 -06:00
sinn3r
f0ebd13447
Make sure all threads are killed after interrupt
...
If threads aren't killed, then when the user triggers interrupt,
the console will keep the threads (vuln checks) running, which
looks weird.
2014-01-26 02:49:16 -06:00
sinn3r
6ffb750633
Change Unsupported message
...
Auxiliary modules can use check, too. Not just exploits.
2014-01-26 01:14:11 -06:00
sinn3r
60f1688bb8
Fix option validation
2014-01-26 00:57:02 -06:00
sinn3r
2d12c0a368
NoMethod check and stuff
2014-01-25 20:25:01 -06:00
sinn3r
3bb17dad72
Check argument
2014-01-25 20:10:22 -06:00
Meatballs
33da3a414b
Remove unnecessary options
2014-01-25 13:52:52 +00:00
Meatballs
27a434205c
More flexible domain and DN
2014-01-25 13:17:00 +00:00
sinn3r
7dfd4ab22c
Change default thread count
2014-01-25 01:40:05 -06:00
sinn3r
2046209291
This one looks like is working
2014-01-25 01:27:48 -06:00
sinn3r
216fa4503a
Save progress
2014-01-24 23:32:29 -06:00
sinn3r
93fa58ed45
aux scanner support
2014-01-24 17:54:40 -06:00
Meatballs
08885bde19
Always forget debugging stuff
2014-01-24 23:45:12 +00:00
Meatballs
be1da0e8a8
Move print statement
2014-01-24 23:37:20 +00:00
Meatballs
cb53ca261f
Tidyup logic
...
ADSI doesn't care about distinguished names or domain and can take
either, but legacy API needs a domain for binding and a dn for
searching.
Send nil if we dont know the domain rather than a ptr to an empty
string.
2014-01-24 23:28:08 +00:00
Tod Beardsley
856feb82e8
Land #2906 , check a given range
2014-01-24 16:01:57 -06:00
Meatballs
ae13d1f3e6
Grab the default domain to improve ldap
2014-01-24 16:36:37 +00:00
Meatballs
23ba52641b
Revert ldap
2014-01-24 16:25:48 +00:00
Meatballs
9fce617462
Fixup railgun utils
...
Implement DsGetDcNamea to return current domain using example
railgun utils techniques.
2014-01-24 16:22:05 +00:00
sinn3r
3c8d82e363
Ensure the rhost datastore option is restored
2014-01-23 21:12:59 -06:00
Tod Beardsley
4bac297f66
Land #1473 , add LDAP hotness
2014-01-23 18:11:39 -06:00
Meatballs
4b21672b60
Remove hardcoded string
2014-01-23 23:55:09 +00:00
Meatballs
790e4d7559
Move options to mixin
2014-01-23 23:47:46 +00:00
Meatballs
398e8463b1
Add more informative errors
2014-01-23 23:19:00 +00:00
Tod Beardsley
b5f61024c5
Land #2907 , fixes qual asset importer
...
Addresses MSP-9311
2014-01-23 13:32:22 -06:00
sinn3r
b07e87b1d6
Fix nil rhost
2014-01-23 10:33:05 -06:00
jvazquez-r7
256f2b12eb
Land #2894 , @wchen-r7's CheckCode documentation update
2014-01-23 07:31:24 -06:00
sinn3r
c48595f239
Add support to scan a range of IPs for the check command
...
[SeeRM #8737 ] This allows the check command to scan multiple hosts.
2014-01-23 00:37:32 -06:00
lsanchez-r7
58cf7193f9
fixing NameError undefined local variable in an import
2014-01-22 16:54:31 -06:00
Meatballs
9acd0f4b56
Merge remote-tracking branch 'upstream/master' into enum_ad_perf
2014-01-22 21:46:50 +00:00
Tod Beardsley
90207628cc
Land #2666 , SSLCompression option
...
[SeeRM #823 ], where Stephen was asking for SSL compression for
Meterpreter -- this isn't that, but it's at least now possible for other
Metasploit functionality.
2014-01-22 10:42:13 -06:00
Meatballs
80452767c8
Comments
2014-01-22 10:24:24 +00:00
Meatballs
156e3c046e
Dont lookup twice
2014-01-22 10:14:56 +00:00
Meatballs
6d6d1e1033
No need to fiddle with naming context
2014-01-22 10:06:36 +00:00
James Lee
e9ccec4755
Refactor load_session_info
...
All of this code is in sore need of some specs but I think this change
makes it a bit easier to understand what it is supposed to be doing.
2014-01-21 18:55:54 -06:00
Tod Beardsley
0b6e03df75
More comment docs on SSLCompression
2014-01-21 16:48:26 -06:00
Tod Beardsley
b8219e3e91
Warn the user about SSLCompression
2014-01-21 16:41:45 -06:00
Meatballs
720f892e2f
Merge remote-tracking branch 'upstream/master' into enum_ad_perf
2014-01-21 21:00:51 +00:00
Raphael Mudge
ac151794f3
Make Meterpreter Session Address Resolution Sane
...
If MSF can not match the visible IP address of a Meterpreter session
to an interface--it will attempt to find an IP address associated
with a default route and use it as the session's address.
This commit fixes the logic associated with this process. The old
logic only considers one IP address per Interface, even though an
Interface may have multiple addresses/masks associated with it.
This flaw led to situations where MSF would favor an IPv6 link-local
address over the IPv4 address associated with the default route,
solely because the IPv4 address was not the first value in the
addresses array.
[FixRM #7259 ]
2014-01-21 00:32:50 -05:00
sinn3r
ea47da5682
Add wiki link "How to write a check() method" to documentation
2014-01-20 20:10:50 -06:00
sinn3r
e48b8ae14c
Use a better term
2014-01-19 16:01:38 -06:00
sinn3r
afd0e71457
Use the term "exploit" is a little more correctly
...
So Metasploit uses the term "exploit" to describe something, a module
or an action, that results popping a shell. A check normally doesn't
pop a shell, so avoid that language.
2014-01-17 13:50:23 -06:00
sinn3r
363c53e14e
Clearify when to use a specific CheckCode
...
An example of the biggest confusion module developers face is not
actually knowing the difference between Detected vs Appears vs
Vulnerable. For example: a module might flag something as a
vulnerable by simply doing a banner check, but this is often
unreliable because either 1) that banner can be fooled, or 2)
the patch does not actually update the banner. More reasons may
apply. Just because the banner LOOKS vulnearble doesn't mean it is.
2014-01-17 13:35:17 -06:00
HD Moore
68ccdc8386
Fix a stack trace when module_payloads.rb is run
...
This fixes a missing check for self.target being nil in the compatible_payloads method
2014-01-13 15:36:33 -08:00
William Vu
4ccf1a4720
Land #2873 , Msf::Handler::ReverseHttp::UriChecksum
2014-01-13 15:38:56 -06:00
David Maloney
41807d7e4e
move rev_http uri checksum code
...
need access to the uri checksum
routines outside of the handler.
moved them to their own mixin
and then mixed into the handler.
added specs also
2014-01-13 15:18:16 -06:00
Tod Beardsley
e6e6d7aae4
Land #2868 , fix Firefox mixin requires
2014-01-13 14:23:51 -06:00
Joe Vennix
3db143c452
Remove explicit requires for FF payload.
...
Adds ff payload require to msf/core/payload.rb
2014-01-13 13:07:55 -06:00
jvazquez-r7
95a5d12345
Merge #2835 , #2836 , #2837 , #2838 , #2839 , #2840 , #2841 , #2842 into one branch
2014-01-13 10:57:09 -06:00
sinn3r
cacd7ff9d4
Land #2827 - Add firefox js xpcom payloads for universal ff shells
2014-01-10 14:29:32 -06:00
Tod Beardsley
02018077ea
dangit odd number of ]s
2014-01-09 15:15:47 -06:00
Tod Beardsley
25337888b0
Move back the expires date.
2014-01-09 14:51:23 -06:00
Tod Beardsley
fe3fed1dba
Add a link to http://bit.ly/msfsurvey in banner
2014-01-09 14:37:41 -06:00
Tod Beardsley
e4460278d2
Fix the closing brackets on the banner.
2014-01-09 14:37:25 -06:00
Joe Vennix
7af8fe9cd1
Catch exceptions in an XSS script and return the error.
2014-01-07 16:23:24 -06:00
Joe Vennix
fb1a038024
Update async API to actually be async in all cases.
...
This avoids zalgo. Also optionally checks the return value
of the compiled Function in XSS to allow you to use send()
or an explicit return, which is maybe more natural for
synchronous xss payloads.
2014-01-07 16:17:34 -06:00
Niel Nielsen
73e359ede1
Update reverse_tcp.rb
...
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
2014-01-07 22:06:11 +01:00
Niel Nielsen
e3a3b560e2
Update bind_tcp.rb
...
Change to OpenSSL::Digest from deprecated OpenSSL::Digest::Digest
2014-01-07 22:02:52 +01:00
Meatballs
3bf728da61
Dont store in DB by default
2014-01-07 12:20:44 +00:00
Joe Vennix
9d3b86ecf4
Add explicit require for JSON, so msfpayload runs.
2014-01-05 14:58:18 -06:00
Joe Vennix
d00acccd4f
Remove Java target, since it no longer works.
2014-01-04 21:22:47 -06:00
OJ
8898486820
Change display message to show actual bind address
...
When running a http/https listener the address:port that was being
shown in the output was that which was passed to the victim as part
of the stager and not the actual listener address:port.
This commit fixes this so that the display is correct.
2014-01-05 11:28:51 +10:00
Joe Vennix
f2f68a61aa
Use shell primitives instead of resorting to
...
echo hacks.
2014-01-04 19:00:36 -06:00
Raphael Mudge
6034c26fa7
Honor LPORT as callback port for HTTP/S handler
...
This commit completes our quest to (optionally) decouple the stage's
callback parameters from the interface/port our handler binds to.
LPORT is now patched into the stage over ReverseListenerBindPort.
2014-01-04 18:52:19 -05:00
Raphael Mudge
3c9d684759
Cleanup - Remove bind_address from reverse_http.rb
...
This commit removes the now unused bind_address function from
reverse_http.rb. This function returns an array of hosts the handler
should attempt to bind to (e.g., [LHOST value, any])
Other handlers (e.g., reverse_tcp.rb) loop through these values until
they're able to start a server with that bind address.
The HTTP server doesn't work this way. It's setup to try one address
and that's it. It makes sense to have the HTTP server always bind to
0.0.0.0 by default as future modules run by the user may register
resources with the same HTTP server.
2014-01-04 16:02:32 -05:00
Raphael Mudge
6f55579acd
HTTP Handler Bind to 0.0.0.0 or ReverseListenerBindAddress
...
This commit returns the HTTP/S handler to its former semantic glory.
By default the HTTP/S handler will bind to :: or 0.0.0.0. If the
user specifies a ReverseListenerBindAddress then, instead, the
server will bind to that address.
The previous commit to change the URL to always reference LHOST
should go with this too. LHOST is always my intent of where the
stage should call home too. ReverseListenerBindAddress would make
sense as my intent as to where I want to bind to. The two options
shouldn't take on each other's meanings.
2014-01-04 15:50:06 -05:00
Raphael Mudge
f93210ca74
Always Use LHOST for Full URL in HTTP/S Stage
...
Redmine #8726 documents a change where the reverse HTTP/S
tries to bind LHOST and if it can not it does a hard stop
If it's expected that users will use ReverseListenerBind-
-Address then this commit addresses #8726 by patching the
HTTP/S stage with the host provided by the user in LHOST.
Currently ReverseListenerBindAddress (if used) is patched
into the stage. This makes for a broken HTTP/S session if
the user sets this option to 0.0.0.0.
With this commit--users can provide any LHOST they like
and set ReverseListenerBindAddress to 0.0.0.0 and things
will work.
This commit does not attempt to bring the HTTP/S handler
back to the old behavior of falling back to 0.0.0.0 when
it can't bind LHOST. I'd welcome the old behavior but I
leave it to you to decide what makes sense. :)
2014-01-04 15:16:22 -05:00
Joe Vennix
b9c46cde47
Refactor runCmd, allow js exec.
...
* Updates exec payload to not touch disk
* Adds XSS module that uses hiddenWindow (to avoid X-Frame-Options)
2014-01-04 08:46:57 -06:00
Joe Vennix
60991b08eb
Whitespace tweak.
2014-01-03 18:40:31 -06:00
Joe Vennix
a5ebdce262
Add exec payload. Cleans up a lot of code.
...
Adds some yardocs and whatnot.
2014-01-03 18:23:48 -06:00
Joe Vennix
8fd517f9ef
Fixes shell escaping errors with nested quotes in windows.
2014-01-03 16:14:28 -06:00
Joe Vennix
13464d0aae
Minor cleanup of firefox.rb.
2014-01-03 01:34:57 -06:00
Joe Vennix
7961b3eecd
Rework windows shell to use wscript.
2014-01-03 01:29:34 -06:00
Meatballs
5606958320
Resolve require order
2014-01-02 23:46:18 +00:00
jvazquez-r7
f5f18965b9
Move the require to the payloads as ruby and nodejs payloads do
2014-01-02 16:05:03 -06:00
jvazquez-r7
764d0822f6
Use the current msf's naming convention
2014-01-02 15:57:09 -06:00
Joe Vennix
06fb2139b0
Digging around to get shell_command_token to work.
2014-01-02 14:05:06 -06:00
Samuel Huckins
dc80f30e03
Merge remote-tracking branch 'metasploit-framework/master' into masked-cred-format-update
2014-01-02 11:49:04 -06:00
Joe Vennix
8d3130b19e
Reorder targets.
2014-01-02 10:48:28 -06:00
Joe Vennix
9b39ea55ee
Fix comment.{
2014-01-02 10:48:28 -06:00
Joe Vennix
1f9ac12dda
DRYs up firefox payloads.
2014-01-02 10:48:28 -06:00
Joe Vennix
694cb11025
Add firefox platform, architecture, and payload.
...
* Enables chrome privilege exploits in firefox to run a javascript cmd
shell session without touching the disk.
* Adds a spec for the addon_generator.
2014-01-02 10:48:28 -06:00
William Vu
2554ad9b79
Land #2800 , lib/msf/base YARD comments
2014-01-01 21:51:54 -06:00
Timothy Swartz
3ad8b0d530
Removed space from readable_text.rb
2013-12-31 16:38:40 -08:00
Timothy Swartz
a1e42e5c16
config.rb typo correction
2013-12-31 16:02:18 -08:00
jvazquez-r7
a979aedd9e
Avoid initial spaces on the JSP
...
So the jsp isn't affected by changes on the framework indentation standards
2013-12-31 08:38:38 -06:00
jvazquez-r7
0725b9c69c
Refactor JSP payloads
2013-12-31 08:27:37 -06:00
Samuel Huckins
985af3adfe
Update to masked credential format
...
* To support change in Pro export format. Previous format looked
like an XML element, for no reason, failed validation.
2013-12-30 10:59:15 -06:00
jvazquez-r7
b8569a1698
Land #2794 , @Meatballs1's fix for to_exe_jsp on J7u21, [FixRM #8717 ]
2013-12-30 09:28:27 -06:00
jvazquez-r7
39844e90c3
Don't user merge! because can modify self.compat
2013-12-27 16:37:34 -06:00
Timothy Swartz
e51fab01fc
Doc tag changes based on feedback.
2013-12-26 10:14:41 -08:00
Timothy Swartz
a20e888551
Added YARD tags/comments to readable_text.rb
...
Also fixed a few other tags.
2013-12-25 02:24:26 -08:00
Timothy Swartz
6c871a7e43
Added YARD comments to persistent_storage.rb
...
Also, fixed logging.rb link to Msf::Session
Added --no-private to .yardopts. This will hide anything marked with
@private from the generated documentation.
Previous additions in the msf/base directory and not msf/core.
2013-12-24 19:45:11 -08:00
Timothy Swartz
b07dfc4f44
Added YARD tags to msf/core/logging.rb
2013-12-24 19:42:24 -08:00
Timothy Swartz
ff4e94cd91
Added YARD comments to msf/core/config.rb
2013-12-24 19:42:24 -08:00
sinn3r
9c484dd0a3
Land #2786 - HP SiteScope issueSiebelCmd Remote Code Execution
2013-12-23 02:34:01 -06:00
Meatballs
f112e78de9
Fixes .war file creation
2013-12-22 20:58:21 +00:00
jvazquez-r7
ed838d73a6
Allow targets to specify Compat[ible] payloads
2013-12-19 17:48:15 -06:00
Joe Vennix
ca23b32161
Add support for Procs in browserexploit requirements.
2013-12-19 12:49:05 -06:00
Meatballs
62ef810e7c
Use Extapi if available
2013-12-19 18:18:47 +00:00
Meatballs
737154c2fe
Update to use extapi
2013-12-19 16:46:09 +00:00
Meatballs
3ef1c0ecd6
Merge remote-tracking branch 'upstream/master' into enum_ad_perf
2013-12-19 14:25:07 +00:00
Meatballs
6e43edff4c
Merge in extapi post mixin
2013-12-19 14:25:02 +00:00
Meatballs
244cf3b3f6
Merge remote-tracking branch 'upstream/pr/2736' into enum_ad_perf
2013-12-19 13:59:57 +00:00
Joe Vennix
cb390bee7d
Move comment.
2013-12-18 20:37:33 -06:00
Joe Vennix
f411313505
Tidy whitespace.
2013-12-18 20:31:31 -06:00
Joe Vennix
9ff82b5422
Move datastore options to mixin.
2013-12-18 14:52:41 -06:00
Joe Vennix
64273fe41d
Move addon datastore options into mixin.
2013-12-18 14:42:01 -06:00
Joe Vennix
1235615f5f
Add firefox 15 chrome privilege exploit.
...
* Moves the logic for generating a firefox addon into its own mixin
* Updates the firefox_xpi_bootstrapped_addon module to use the mixin
* Module only works if you move your mouse 1px in any direction.
2013-12-18 14:30:35 -06:00
Meatballs
3e54379b0e
Merge remote-tracking branch 'upstream/master' into wmic_post
...
Conflicts:
lib/msf/core/post/windows.rb
2013-12-18 13:40:54 +00:00
Meatballs
687cbe5f60
Shadowcopy should use common wmic command
...
Small fix to ensure output is retrieved (args -> nil)
Modify shadowcopy to use wmic_query
2013-12-18 13:34:50 +00:00
William Vu
252909a609
Land #2448 , @OJ's ReverseListenerBindPort :)
2013-12-17 11:24:09 -06:00
Meatballs
6ee1a9c6e1
Fix duplicate error
2013-12-17 00:11:37 +00:00
Meatballs
06b399ee30
Remove ERROR_
...
To access as Error::NO_ACCESS
2013-12-16 19:52:11 +00:00
Meatballs
08a44fdfb7
Filename match module
2013-12-16 19:48:17 +00:00
Meatballs
57f2027e51
Move to module
2013-12-16 19:45:52 +00:00
Meatballs
c9084bd2d5
Remove errant fullstops
2013-12-16 18:53:37 +00:00
Meatballs
75c87faaf8
Add Windows Error Codes to Windows Post Mixin
2013-12-16 18:50:18 +00:00
Meatballs
0c5ac0176f
Undo psh net change
2013-12-16 13:43:40 +00:00
Meatballs
dd5b66f827
Undo psh net change
2013-12-16 13:42:37 +00:00
Meatballs
14c0096115
Update template
...
Use Copy instead of memset
Remove | Out-Null
2013-12-16 13:38:14 +00:00
Meatballs
8dfcc8aa77
WaitForThread
2013-12-16 12:44:58 +00:00
Meatballs
637be1bdfa
Should use RIG
2013-12-16 09:19:17 +00:00
Meatballs
0a29176855
Update psh_web_delivery for reflection
2013-12-16 09:08:01 +00:00
Meatballs
7cc99d76ad
Merge remote-tracking branch 'upstream/master' into powershell_auto_arch
...
Conflicts:
lib/msf/util/exe.rb
2013-12-16 09:07:08 +00:00
Meatballs
819ba30a33
msftidy
...
Conflicts:
lib/msf/core/post/windows/services.rb
2013-12-15 01:12:46 +00:00
Meatballs
a930056d7f
Added service status checks to Post::Windows::Services
...
Added QueryServiceStatus to Railgun Advapi32 Definitions
Added Checks to module
Conflicts:
lib/msf/core/post/windows/services.rb
lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb
2013-12-15 01:12:45 +00:00
Meatballs
284a45a6c5
Convert UTF16 to ASCII
2013-12-14 22:58:16 +00:00
Meatballs
e46b5c9d55
Revert to file io if no EXTAPI
2013-12-14 22:46:22 +00:00
Meatballs
ca5ee7e156
Load extapi before wmic
2013-12-14 22:45:56 +00:00
Meatballs
28f8ac322f
Enable inject
2013-12-14 21:30:52 +00:00
Meatballs
7347cb170c
Revert "Enable DLL injection in msfvenom"
...
This reverts commit 64e6531bbc
.
2013-12-14 21:26:13 +00:00
Meatballs
b532987b8f
Re-add file out to wmic_command
2013-12-14 20:58:33 +00:00
Meatballs
8d5f298d3d
Clear clipboard first
2013-12-14 20:26:46 +00:00
Meatballs
7902f061ca
Final tidyup
2013-12-14 20:18:14 +00:00
Meatballs
04496a539c
Fix up local wmi exploit.
2013-12-14 20:05:51 +00:00
Meatballs
4224c016f4
Use WaitForSingleObject instead of loop
2013-12-14 18:42:31 +00:00
Meatballs
12afdd2cbb
Get and parse result from clipboard
2013-12-14 18:30:43 +00:00
Meatballs
3ad1e57f8d
Merge remote-tracking branch 'upstream/master' into wmic_post
2013-12-14 16:25:31 +00:00
jvazquez-r7
83e448f4ae
Restore vprint_error message
2013-12-12 09:06:29 -06:00
jvazquez-r7
5c1ca97e21
Create a new process to host the final payload
2013-12-12 08:26:44 -06:00
William Vu
ff9cb481fb
Land #2464 , fixes for llmnr_response and friends
...
Fixed conflict in lib/msf/core/exploit/http/server.rb.
2013-12-10 13:41:45 -06:00
Meatballs
bc0c080947
Indentation
2013-12-08 18:18:44 +00:00
Meatballs
64e6531bbc
Enable DLL injection in msfvenom
2013-12-08 18:16:23 +00:00
scriptjunkie
f4636c46a6
Removing unused endjunk, sections_end, cert_entry
2013-12-07 20:55:51 -06:00
scriptjunkie
77e9996501
Mitigate metasm relocation error by disabling ASLR
...
Deal with import error by actually using the GetProcAddress code.
2013-12-07 20:54:13 -06:00
scriptjunkie
8d33138489
Support silent shellcode injection into DLLs
...
Only run code on DLL_PROCESS_ATTACH, preventing infinite loop otherwise:
Added code would create thread -> calls DLL entry point -> calling added code...
2013-12-07 19:44:17 -06:00
Meatballs
3aebe968bb
Land #2721 Reflective DLL Mixin
...
Adds support to load a dll and identify the ReflectiveLoader offset.
Adds support to inject dll into process and execute it.
Updates kitrap0d, ppr_flatten_rec, reflective_dll_inject modules and
payload modules to use above features.
2013-12-06 12:26:51 +00:00
OJ
155836ddf9
Adjusted style as per egypt's points
2013-12-06 10:08:38 +10:00
OJ
ccbf305de1
Remove exception stuff from the payloads
2013-12-06 09:26:46 +10:00
OJ
5a0a2217dc
Add exception if DLL isn't RDI enabled
2013-12-06 09:18:08 +10:00
OJ
2cb991cace
Shuffle RDI stuff into more appropriate structure
...
Now broken into two modules, one for loading RDI DLLs off disk and
finding the loader function offset, and another for doing the process
specific stuff of loading into the target.
2013-12-06 08:25:24 +10:00
OJ
fb84d7e7fe
Update to yardoc conventions
2013-12-06 07:54:25 +10:00
Meatballs
1e60ff91ea
Move ExitThread patching to Msf::Util::EXE
2013-12-05 17:16:14 +00:00
sinn3r
c7bb80c1d7
Add wvu as an author to author.rb
2013-12-05 00:33:07 -06:00
OJ
b936831125
Renamed the mixin module
2013-12-05 08:13:54 +10:00
OJ
7b24f815ee
Missed a single module in rename
2013-12-04 22:54:07 +10:00
OJ
7e8db8662e
Update name of the mixin
...
Changed `RdiMixin` to `ReflectiveDLLInjection`.
2013-12-04 22:18:29 +10:00
OJ
f79af4c30e
Add RDI mixin module
...
MSF was starting to see more modules using RDI to load binaries into
remote processes, so it made sense to create a mixin which contained
the functionality that was being used in various locations.
This commit contains the new mixin, and adjustments to all the existing
exploits and modules which use RDI.
2013-12-04 16:09:41 +10:00
sinn3r
4d3d02ae01
Land #2667 - Add num and dword output format
2013-12-02 13:52:17 -06:00
corelanc0d3r
474a03475f
sorted out the sorts without .sort
2013-12-02 11:57:52 +01:00
yehualiu
8254c0bae2
this site is down
2013-12-01 14:26:03 +08:00
William Vu
77b036ce5d
Land #2703 , uninit const fix for MSSQL_SQLI
2013-11-27 13:50:48 -06:00
jvazquez-r7
a5aca618e2
fix fail_with usage on Exploit::Remote::MSSQL_SQLI
2013-11-27 11:33:19 -06:00
jvazquez-r7
a32c9e5efc
Fix fail_with on Exploit::Remote::HttpClient
2013-11-27 11:19:46 -06:00
sinn3r
5d10b44430
Add support for Silverlight
...
Add support for Silverlight exploitation. [SeeRM #8705 ]
2013-11-26 14:47:27 -06:00
Meatballs
b015dd4f1c
Land #2532 Enum LSA Secrets
...
With refactoring of common methods from smart_hashdump, hashdump,
cachedump to Windows::Post::Privs
2013-11-24 18:09:33 +00:00
Meatballs
a3c7dccfc0
Add disconnect option to psexec
...
Allow the module to prevent the mixin from ending the SMB session.
2013-11-24 16:37:25 +00:00
Meatballs
dd9bb459bf
PSEXEC Refactor
...
Move peer into mixin
PSEXEC should use the psexec mixin
2013-11-24 16:24:05 +00:00
Meatballs
c03c33f6f6
Initial commit
2013-11-24 14:58:18 +00:00
Meatballs
e7dfda00db
Documentation
2013-11-23 22:03:43 +00:00
Meatballs
becc521406
Constants, yey
2013-11-23 21:46:11 +00:00
Meatballs
699d13eef1
Share the wealth
...
Move LDAP methods to a Post mixin.
2013-11-23 21:42:09 +00:00
William Vu
8e23119e17
Land #2678 , DB_ALL_CREDS should default to false
2013-11-22 23:42:00 -06:00
Tod Beardsley
8fc0a8199e
DB_ALL_CREDS should be disabled by default
...
[SeeRM #8699 ]
2013-11-22 22:16:40 -06:00
corelanc0d3r
66edfe968d
Sorting output
2013-11-21 00:57:08 +01:00
Tod Beardsley
e88da09894
Land #2660 , DLL/service creation for x64
2013-11-20 17:25:16 -06:00
corelanc0d3r
0ea0dc168c
set _comment method to js for num and dword
2013-11-20 23:10:55 +01:00
corelanc0d3r
742c52711a
added 2 new output types for msfencode: num and dword
2013-11-20 22:36:17 +01:00
Joe Vennix
739c7b4ca2
More dead code and tweaks.
2013-11-20 14:44:53 -06:00
Joe Vennix
3ff9da5643
Remove compression options from client sockets.
...
I couldn't verify that it was working, as it always sends 1 compression type of NULL.
2013-11-20 14:41:45 -06:00
Meatballs
3ed84d1e0b
Remove puts
2013-11-20 20:29:54 +00:00
Meatballs
7253cc73d5
:payload_instance
2013-11-20 20:28:00 +00:00
Meatballs
f27194a8ce
Always default to payload options
2013-11-20 20:14:59 +00:00
Meatballs
135dad1f4e
Fix dll/service creation
2013-11-20 20:10:47 +00:00
jvazquez-r7
110e78a1ad
Land #2507 , @todb-r7's fix to allow DCERPC misin to use RPORT
2013-11-20 10:21:32 -06:00
Joe Vennix
f8b57d45cd
Reenable the client SSLCompression advanced option.
...
Add spec for some of the additions to Rex::Proto::Http::Client
2013-11-20 01:03:13 -06:00
Joe Vennix
109fc5a834
Add SSLCompression datastore option.
...
Also disables the compression by default. TLS-level compression is almost
never used by browsers, and openssl seems to be the only one that enables
it by default.
This also kills some ruby < 1.9.3 code.
2013-11-19 22:34:39 -06:00
Meatballs
a327321558
Re-do 'exe-small' for scripting payloads.
...
Fall back to default x64 exe for ARCH_X86_64
2013-11-19 21:19:12 +00:00
jvazquez-r7
7435d74c59
Land #2093 , @sempervictus MaxChar for Rex::Ui::Text::Table cols
2013-11-19 13:34:45 -06:00
Tod Beardsley
ac1fb2d1da
Just use a straight RPORT, don't sneak 593.
...
Incidentally, the endmap scanner doesn't appear to work at all for
http-rpc-epmap, so no harm done anyway (tested against Windows 2008
server).
It looks like a bigger change than it realy is, thanks to the indentaton
changes by removing the itertor. Diff this without whitespace changes to
get a better idea of what's actually different.
2013-11-19 13:29:02 -06:00
jvazquez-r7
34dccaaa1f
Clean use of -c on creds command
2013-11-19 13:26:14 -06:00
jvazquez-r7
f690667294
Land #2617 , @FireFart's mixin and login bruteforcer for TYPO3
2013-11-18 13:37:16 -06:00
jvazquez-r7
7dd70d4c19
Switch to vprint_debug some mixin messages
2013-11-18 13:33:45 -06:00