MSP-11671
Add command line option --defer-module-loads to msfconsole. It will
stop `Msf::Ui::Console::Driver` from calling
`framework.modules.init_module_paths` AND
`framework.modules.refresh_cache_from_database`. This flag is only
meant to speed up msfconsole boot when modules do not need to accessed,
such as during cucumber testing of command help or command line options.
MSP-11672
Pass `'DeferModuleLoads' => false` to `Msf::Simple::Framework.create` so
that `framework.modules.init_module_paths` is only called once (directly
in `Msf::Ui::Console::Driver#initialize`) instead of twice (in
`Msf::Simple::Framework.create` and `Msf::Ui::Console::Driver#initialize).
MSP-11672
Calling init_module_paths takes 6 seconds on my machine even when there are no
files to that are changed just because it takes that long to walk the
directories and gather the mtime for each file. Therefore, calling it
more than once should be avoided. Also, there is no reason to call it
twice as to add paths later, `modules.add_module_paths` should be used.
This allows HandlerSSLCert to be used to pass a SSL certificate into the Meterpreter handler. The datastore has to be passed into handle_connection() for this to work, as SSL needs to be initialized on Session.new. This still doesn't pass the datastore into Meterpreter directly, but allows the Session::Meterpreter code to extract and pass down the :ssl_cert option if it was specified. This also fixes SSL certificate caching by expiring the cached cert from the class variables if the configuration has changed. A final change is to create a new SSL SessionID for each connection versus reusing the SSL context, which is incorrect and may lead to problems in the future (if not already).
This change emulates the auto-generated snakeoil certificate from Ubuntu 14.04. The main changes including moving to 2048-bit RSA, SHA256, a single name CN for subject/issuer, and the removal of most certificate extensions.
Note that this does not apply to reverse_tcp meterpreter clients yet, as
they do not allow certificates to be supplied. I abstracted out the SSL
certificate generation and parsing methods so that we can address this
next.
MSP-11147
Sometime travis-ci is showing leaked threads even when
'Msf::Framework#threads cleaner' is being used, so I'm adding the
`Thread#status` to the data printed about the Thread to see if the
sometimes leaked threads have an odd status. There's still a chance
that there will be a race-condition between when I call Thread.list and
I ask for each Thread's status that the VM could finish aborting a
Thread so that status I print isn't the same as the one that caused the
Thread to be returned in Thread.list.
The exploit works with the URLs fixed, installs the APK, but hangs at the Installing...
screen and never actually launches. We tried opening the APK in a setTimeout() intent
URI, but the previously launched intent seemed unresponsive. Andre had the bright
idea of re-opening the previously launched intent with invalid args, crashing it and
allow us to launch the payload.
Luke Imhoff
William Vu
sinn3r
HD Moore
Joe Vennix
jvazquez-r7
Jon Hart
Trevor Rosen
Tod Beardsley
floyd