16eab48012 introduced changes to
cmd_db_nmap which pass a new arguments variable to Open3 with a
list of args excluding save.
This approach created a problem wherein the address of the target
had to be passed in first and arguments could get mangled.
Reintroduce an array format, exploding when passing to Open3.
Ensure output file options are appended to the arguments being
passed to Open3, instead of the args variable.
Error example:
db_nmap -F 192.168.0.1
[*] Nmap: 'nmap: unrecognized option '- 192.168.0.1 ''
This commit contains a few minor tweaks
for style and format. Some whitespace removed,
an erroneous 'return' removed, and using single
quotes for consistency. Updated as per request.
These functions address certain problems
listed in GitHub issue #4353, but do not
address all issues in that ticket. Most
notably, this commit adds basic tab
completion for db_nmap.
More predictable than /dev/stdin, which is usually a symlink to
/proc/self/fd/0 or /dev/fd/0, but the feature is not guaranteed to be
present.
This isn't *terribly* useful, but it can be. -x is recommended, but it
doesn't allow for ERB directives. This is mostly for hax.
Sometimes we forget the set command is context specific. For example,
if run from a module's context, it will set the value in the module's
datastore.
Fix#4641
This should fix up #4642 with respect to #4504.
Squashed commit of the following:
commit 124d53ccb00cd200bede092e893dda7e033d3e17
Merge: cb2bef8 ccad159
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Mon Jan 26 16:23:03 2015 -0600
Merge branch 'feature/creds-blank-finders' into temp
commit ccad159222eaa949d76e22b588d1ac7709fb2f27
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Mon Jan 26 15:58:02 2015 -0600
Clean out whitespace, make vars more meaningful
commit 266b45dff26e2778e43d8e4750d212b5aee5a009
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Mon Jan 26 15:54:32 2015 -0600
Add some specs for regular users and blank users
commit 2e51503f76e9a2f6921c57e86a2f98527f80c874
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Mon Jan 26 15:04:03 2015 -0600
Users should be able to find blank user/pass
This is a weak attempt to solve a race condition between modules loading
and cmd_use being fired. Upon startup, saved configurations, running
resource scripts, and running commands will sometimes jump ahead of the
module loading procedure.
I have not discovered where the race actually is and how to cause the
race to happen. However, the timing seems to be fairly close to a second;
by waiting three seconds after trying use again, we seem to be in the
clear, at least according to testing.
Fixes#4549, but better solutions are welcome!
Since Ruby 2.1, the respond_to? method is more strict because it does
not check protected methods. So when you use send(), clearly you're
ignoring this type of access control. The patch is meant to preserve
this behavior to avoid potential breakage.
Resolve#4507
response_timeout is a method specific to a meterpreter session, not
shell. So if the user is using a shell type payload, he will never
see a backtrace before interacting with the sessions.
MSP-11671
Add command line option --defer-module-loads to msfconsole. It will
stop `Msf::Ui::Console::Driver` from calling
`framework.modules.init_module_paths` AND
`framework.modules.refresh_cache_from_database`. This flag is only
meant to speed up msfconsole boot when modules do not need to accessed,
such as during cucumber testing of command help or command line options.
MSP-11672
Pass `'DeferModuleLoads' => false` to `Msf::Simple::Framework.create` so
that `framework.modules.init_module_paths` is only called once (directly
in `Msf::Ui::Console::Driver#initialize`) instead of twice (in
`Msf::Simple::Framework.create` and `Msf::Ui::Console::Driver#initialize).
Minor tweaks after the PR from @kernelsmith
Remaining items:
1. Handle empty session IDs correctly, for example 'sessions -d' or 'sessions -k'
2. Find a method of explaining the range options in the help text
3. Retest all changed code areas
4. Edit PR Summary to reflect changes to the scope
- Added check for un-detach-able sessions
- Added back the check for session.interactive? when detaching sessions
- Collapse build_jobs_array and build_sessions_array to build_range_array
- Added check for empty or invalid parameters to detach and kill [session | job]
- Reworked session id sanity check around line 1660
- RuboCop/Style guide change: Array.new -> []
- Misc RuboCop/Style guide spacing changes
MSP-11126
Fully-qualify `Msf::MODULE_TYPES`, `Msf::MODULE_ANY`,
Msf::MODULE_ENCODER`, `Msf::MODULE_EXPLOIT`, `Msf::MODULE_NOP`,
`Msf::MODULE_AUX`, `Msf::MODULE_PAYLOAD`, `Msf::MODULE_POST` so that
their usage isn't dependent on nested lexical scoping.
MSP-11152
Constant was unqualified in some of the reorganized Msf::DBManager code
because that code was take advantage of the old nested lexical scope
that included `Msf`.
Sometimes msfconsole takes a little while to start.
This adds a fairly common ASCII spinner to the startup sequence.
I haven't spec'ed it, and the code organization isn't great, so consider
this PR more of a cry for help than something immediately landable.
That said, it works for me.
MSP-11153
Test the following paths in order and only return them if the path
exists:
1. MSF_DATABASE_CONFIG environment variable
2. ~/.msf4/database.yml
3. <project>/config/database.yml
On August 15, shuckins-r7 merged the Metasploit 4.10.0 branch
(staging/electro-release) into master. Rather than merging with
history, he squashed all history into two commits (see
149c3ecc63 and
82760bf5b3).
We want to preserve history (for things like git blame, git log, etc.).
So on August 22, we reverted the commits above (see
19ba7772f3).
This merge commit merges the staging/electro-release branch
(62b81d6814) into master
(48f0743d1b). It ensures that any changes
committed to master since the original squashed merge are retained.
As a side effect, you may see this merge commit in history/blame for the
time period between August 15 and August 22.
This fixes a huge number of hard-to-detect runtime bugs
that occur when a default utf-8 string from one of these
libraries is passed into a method expecting ascii-8bit
MSP-10955
`Msf::Ui::Console::Driver#initialize` doesn't call
`framework.db.connect` if it can't find the the `database.yml`, but when
using `msfpro`, the connection is already established, so the console
doesn't need to know where the database file is and should just run the
migrations so that `framework.db.migrate` can be set and
`framework.db.active` will return `true`.
MSP-10998
It's compacting of the version parts into a single float doesn't work
with APIMinor over 10, so replace with Gem::Version, which compares
parts correctly.
* Fix a bug in LoginScanner::SSHKey (which was copy-pasted from SSH)
where the ssh_socket accessor was not being set because of a
shadowing local var
* Fix a bug in the db command dispatcher where an extra column was
added to the table, causing an unhandled exception when running the
creds command
* Add a big, ugly, untested class for imitating
Metasploit::Framework::CredentialCollection for ssh keys. This class
continues the current behavoir of silently ignoring files that are a)
encrypted or b) not private keys.
* Remove unnecessary proof gathering in the module (it's already
handled by the LoginScanner class)
This attempts to change the output of the command as little as possible,
but removes the ability to add and delete for now. At some point, we'll
need to add that back in.
MSP-9653
Calling `ActiveRecord::Base.establish_connection`, followed by
`ActiveRecord::Base.connected?` returns false unless some other code
requires a connection to be checked out first. The correct way to check
if the spec passed to `ActiveRecord::Base.establish_connection` is to
checkout a connection and then ask if it is active.
`Msf::DBManager#connection_established?` does the checkout, active check
and checkin, and should be used in place of
`ActiveRecord::Base.connected?` and
`ActiveRecord::Base.connection_pool.connected?`.
`Msf::DBManager#active` should still be used as it also checks for
adapter/driver usability and that migrations have run.
The date format has been moved into a constant variable.
Certain modules do not have a disclosure_date. For example,
‘checkvm’. This necessitated checking disclosure_date for nil
before attempting a format conversion. Also, there was an additional
location in core.rb that needed the formatting / nil check added. Specs
were also updated appropriately.
MSP-9606
Catch LoadError in config/application.rb when trying to require
'active_record/railtie` so that end-users can run without any of the
database gems installed. NOTE: you can't run in the development or
test environment without the database because factory_girl needs
ActiveRecord.
SeeRM #8795
The disclosure date field in the results from the search command
where returning with a timestamp that was almost always 00:00:00 UTC. I added a bit of date time formatting to only
include the year (4 digit), month (2 digit), and day (2 digit)
in the following format: Y-m-d. This date time formatting
applies to both searches conducted through the database instance
as well as searches performed without a database (slow search).
Also:
* Import John the Ripper's plaintext from cracked NTLM hashes in the
same way
* Don't choke on : in passwords when reading JtR's output
* Fix some whitespace
* Show a count of inactive creds if there are any instead of acting like
they don't exist
Useful for quick editing a module during development / bug fixing. I
don't really see a security issue with running a command defined in the
user's VISUAL or EDITOR environment variables; if the user can run
msfconsole to begin with, there are better ways to get into trouble.
When running a command that takes host ranges as arguments (e.g.,
`hosts`, `services`), the arguments get parsed by
Rex::Socket::RangeWalker. If RangeWalker was unable to parse, it would
return nil, which in this context means "all hosts." If the user is
searching, they get all hosts instead of the ones they were interested
in -- this is annoying, but not too big a deal. Unfortunately, the same
logic applied when *deleting* hosts, with `hosts -d ...`, causing all
hosts to be deleted when giving it an invalid range.
Passing MaxChar allows setting the maximum number of characters
printed within a specific column during the row_to_s method.
This does not affect CSV output nor truncate the actual data.
Meant for tidying up long console ouput.
Example: cleaned up cmd_creds to show proof and not maul tables
with unix session data.
Changing spool setting caused problems with prompt and color. This
fix makes the following changes:
- Saves the color setting and re-applies it to the new output console
- Sets the prompt in the same way that cmd_use does