da8cb48639
Add FTP protocol client implementation
2017-07-25 00:56:34 +05:30
ab37ccb173
Add FTP protocol support
2017-07-25 00:56:19 +05:30
cdfb6782a8
Land #8639 , Add mic audio streaming to Linux/OSX native meterpreter
2017-07-24 07:01:00 -07:00
6300758c46
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
6a686a277b
Land #8742 , HWBRIDGE RFTRANSCEIVER ADD LOWBALL SUPPORT
2017-07-21 11:46:21 -05:00
3043218a7f
Indention and missing comma fixup.
2017-07-21 11:43:49 -05:00
22e8f1cb48
HWBRIDGE RFTRANSCEIVER ADD LOWBALL SUPPORT
2017-07-20 05:09:00 -04:00
f5e76092d6
Merge branch 'master' into land-8439-
2017-07-18 08:25:18 -05:00
5c17f363be
Default opts to an empty hash instead of nil
...
Fixes #8709
2017-07-13 15:40:08 -05:00
99bb091488
Land #8690 , Fix #8636 , [] for NilClass in session.fs.file.download_file
2017-07-12 13:43:12 -05:00
aa0fca9dd1
Land #8631 , Add railgun support to Python Meterpreter for the OSX
...
platform
2017-07-11 16:05:16 -05:00
d5d9e88851
Fix #8636 , [] for NilClass in session.fs.file.download_file
...
This fixes a [] for NilClass bug in the download_file API.
The opts argument is not checked for nil before the code looks for
the block_size key.
Fix #8636
2017-07-07 19:00:33 -05:00
baead02efc
Addressing PR feedback.
...
Removing the audio_stream_pool.rb class file for now, we can recreate for MS-2749 if we really need one.
2017-07-04 09:28:38 -05:00
ef1145c6b7
Use common code to delete non-applicable cmds.
2017-07-03 09:11:04 -05:00
4f054d25fc
Fix packet spec problems
2017-07-03 18:12:38 +10:00
999d90687e
Make encryption flags 32 bit
...
This changes the encryption flags on the meterpreter session so that
it's 32 bits (and hence changes the packet header). This also supports
the idea that sessions may use encryption that isn't AES256, so the
flags field will ultimately indicate that. A type flag has been added so
that MSF knows the type that should be done on the wire.
At some point soon we'll add something that makes sure that the packet
encryption type always matches the encryption type expected in MSF, this
will hopefully avoid the risk of having packets injected into the stream
by external entities.
2017-07-03 16:52:58 +10:00
e21ae88b55
Update wave file header with actual length.
...
Fixes MS-2759.
2017-06-30 22:48:42 -05:00
ada954aab9
Land #8624 , fix mis-ordered kiwi output
2017-06-30 14:23:24 -05:00
d2098137a9
Grab last bit of audio from target when done.
...
Also remove module that needs work (we can create later).
2017-06-30 10:56:49 -05:00
48e7e8397e
Make listen focus on prerecorded items.
2017-06-29 16:52:17 -05:00
e8468a5c99
Cleanup.
2017-06-29 16:52:17 -05:00
5c5044a80f
Stream audio data via channel (MS-2725).
2017-06-29 16:52:16 -05:00
dd7726b894
Change to Audio Mic
2017-06-29 16:52:16 -05:00
1bfa9366e6
Bring back to working
2017-06-29 16:52:15 -05:00
bd9c15713d
Bring polling back in
2017-06-29 16:52:15 -05:00
3d51301b98
Seperation of concerns
2017-06-29 16:52:15 -05:00
c7b71a2b32
Seperate concerns of console/mic
2017-06-29 16:52:14 -05:00
9ca74d69f1
add sleep
2017-06-29 16:52:14 -05:00
d2cccae2a1
Use webrtc browser
2017-06-29 16:52:13 -05:00
56b3b0e00d
Add more parameterization
2017-06-29 16:52:13 -05:00
d9e1d21c56
Spacing
2017-06-29 16:52:13 -05:00
d62f0cfd98
Add the mic stop command
2017-06-29 16:52:12 -05:00
40ce03b85f
Parameterize playback configurations
2017-06-29 16:52:12 -05:00
6f8f85df61
Open player for listening to audio
2017-06-29 16:52:12 -05:00
60e009de8f
Use large datasize
2017-06-29 16:52:11 -05:00
16a13723d0
Remove debug
2017-06-29 16:52:11 -05:00
fa4ebadf0f
Make mic audio device stream work with mettle
2017-06-29 16:52:10 -05:00
0a0e6c8576
Use audio stream pool
2017-06-29 16:52:10 -05:00
197d377424
Fix commands to mic
2017-06-29 16:52:10 -05:00
ebf967db3e
Add audio-channel
2017-06-29 16:52:09 -05:00
959f9fe2d2
Updated lib/rex/proto/http/client_request.rb to ensure that the host header is formatted
2017-06-29 12:05:02 -07:00
52211ab6ae
Continue refactoring removal of "DLL" references
2017-06-27 18:00:01 -04:00
0da9f4d64a
Refactor railgun "DLL" references to library
2017-06-27 17:34:06 -04:00
e08bd84038
Merge branch 'upstream-master' into land-8603-
2017-06-27 04:03:31 -05:00
8e1e505730
Fix output of MSV creds dumping in Kiwi
...
The data being pulled out of the MSV credential dump was not being
rendered propertly because it was assumed that all accounts would
provide the same set of hashes/details for each entry found. However,
this was not the case. Some have NTLM & SHA1, others have LM & NTLM,
some have DPAPI when others don't.
This code generates tables based on the values found, and renders those
values in the appropriate columns, and if the values don't exist for
a given account, the column is left blank.
Fixes #8620
2017-06-27 15:43:40 +10:00
49e34d70c3
Remove uses of multi-char args for meterpreter commands
2017-06-27 13:06:10 +10:00
ea83cb0bb6
Make the railgun def class names platform specific
2017-06-26 19:53:19 -04:00
25e323fc4b
Support AES renegotiation after session migration
2017-06-26 20:50:12 +10:00
9f2be21eb7
Ignore missing method error when doing aes negotiation
...
This means that meterpreter instances that don't support will continue
to work.
2017-06-26 15:22:56 +10:00
bdcea7bd22
Fix http AES packet dispatching
2017-06-25 19:51:25 +10:00
494d389aa2
Merge upstream/master into packet encryption
2017-06-25 19:06:31 +10:00
67b1a19aa1
Finalised MSF-side of AES key negotiation over RSA
2017-06-25 10:24:00 +10:00
bf85386acf
add help switch
2017-06-24 17:45:53 -05:00
6a8d54a93c
Land #8545 , `ps` table output fixes
2017-06-24 14:43:51 -05:00
1762fe56c9
Land #8589 , Fix 64-bit support for the winpmem extension
2017-06-23 19:27:31 -05:00
c3090a4f9c
Land #8601 , make session logging more useful, don't lose characters
2017-06-23 17:36:01 -05:00
9eeb3dc143
use typical command option and TLV scheme instead of dumb stuff for keyscan_start
2017-06-23 13:11:12 -05:00
24379f907e
Fixed timestamped logger cutting off last character ( fixes #8597 )
2017-06-23 13:19:16 +02:00
a3607c6802
Update to Mimikatz 2.1.1 20170608 to include changntlm
2017-06-23 13:40:01 +10:00
283f36f79a
Compare headers w/process keys instead of themselves
...
Also clarifies a bunch of old bad variable names
2017-06-22 21:43:11 -05:00
2617ae7609
Land #8513 , check extapi commands for dependencies
2017-06-22 20:21:26 -05:00
fda2e8c73d
Land #8523 , Add support for session GUIDs
2017-06-22 20:10:10 -05:00
0eaffde4b3
fix rex arguments parser to handle adjacent flags, update accordingly
2017-06-22 09:54:03 -05:00
47a659f554
Land #8185 , Convert ntp modules to bindata
2017-06-22 09:37:58 -05:00
eb4c4c911b
Land #8587 , Add android wakelock command to turn the screen on
2017-06-21 14:48:20 -05:00
717f9aad12
Add more OSX Railgun defs and better CDECL support
2017-06-21 08:59:42 -04:00
a9e03c1efd
Initial working version of AES encryption of TLVs
2017-06-21 21:01:59 +10:00
d81d0ea4ba
print a friendlier status msg
2017-06-21 03:09:42 -05:00
b9904572f9
update winpmem dump handler for 64-bit support
2017-06-21 03:02:50 -05:00
2129959d2d
Begin rework of packet handling
...
This moves some of the packet-specific stuff to the packet class itself
2017-06-20 19:18:37 +10:00
f7c133cdf7
Add OSX support to railgun
2017-06-19 11:11:55 -04:00
cec87a3e4f
Start of support for AES packet encryption
2017-06-19 22:27:51 +10:00
a48f0fcec6
Remove references to Meterpreter CRYPTO TLVs
...
This feature wasn't supported, and so the TLVs are no longer needed.
2017-06-19 16:53:33 +10:00
32fbad7fca
Style changes for cmd_ps cleanup
2017-06-14 01:28:21 -04:00
762427b447
Clean up cmd_ps table output for Mettle
...
Mettle can run in all sorts of environments where some colums of a
process table will be nil. The existing implementation compacts
rows going into the table while providing filtering for the colum
contents only by checking the output of the first row in the proc
table.
Check column filters against all rows to ensure proper table init.
Check columns going into table for match against header.
Do not compact nil values in the table rows - some things, like
kthreads/workers dont have a path while other PIDs will.
2017-06-12 01:20:59 -04:00
c4288fb35a
Update branch to include chances from upstream/master
2017-06-09 17:18:57 +10:00
6131e4bd82
Fix download lambda function to take correct param count
...
This is an emergency fix as a result of something being broken in
master. This is also being pushed straight to master because github is
down and the PR process isn't possible. This commit was reviewed by
@wvu-r7 prior to being pushed.
2017-06-07 09:37:24 +10:00
37b9cd07a2
Add support for the session GUID in the UI
...
The Session GUID will identify active sessions, and is the beginning of
work that will allow for tracking of sessions that have come back alive
after failing or switching transports.
2017-06-06 17:15:57 +10:00
871c30c0b3
refactor stdapi and lanattacks to use filter_commands
2017-06-06 14:05:07 +08:00
e9c9c852ab
check_commands -> filter_commands
2017-06-06 13:56:38 +08:00
7625d36c1c
fix #8199 , check extapi for dependencies
2017-06-05 14:56:59 +08:00
cc0ff8f3db
Enable adaptive download with variable block sizes
...
The aim of this commit is to allow users of Meterpreter in high-latency
environments have better control over the behaviour of the download
function. This code contains two new options that manage the block size
of the downloads and the ability to set "adaptive" which means that the
block size will adjust on the fly of things continue to fail.
2017-06-02 17:16:58 +10:00
a01a2ead1a
Land #8467 , Samba CVE-2017-7494 Improvements
2017-05-30 00:15:03 -05:00
11b3fd9067
Land #8468 , Update system info after running getsystem
2017-05-26 23:37:00 -05:00
53cbbbacd8
getsystem update session info
2017-05-26 17:28:11 -06:00
e8b5cc3397
Avoid a stacktrace by verifying that the share is known
2017-05-26 17:01:44 -05:00
a9e6df6f15
fix shell command on osx meterpreter
2017-05-26 15:55:14 +08:00
86aad6b7c3
Fix proxy_type references to handle nil case
2017-05-22 21:47:37 +10:00
a6f416e8df
Land #8290 , Hwbridge Automotive Fix and Extension Enhancements
2017-05-19 13:46:54 -05:00
d0b13544dd
Agreed-upon feedback updates.
2017-05-17 10:57:39 -05:00
e3f4cc0dfd
Land #8345 , WordPress PHPMailer Exim injection
...
CVE-2016-10033
2017-05-16 15:07:21 -05:00
123462bdca
Land #8293 , add initial multi-platform railgun support
2017-05-11 22:32:23 -05:00
ee55516e06
Allow lowercase HTTP in command strings
2017-05-10 15:17:20 -05:00
3a45c2f321
Allow complete override of Host header
2017-05-10 15:17:20 -05:00
e026a8c663
Fix typo (s/Remote/Reverse/) in portfwd -L
...
Found by ThePortWhisperer on IRC.
2017-04-29 00:10:13 -05:00
7a6a124272
Land #8279 , POSIX Meterpreter replaced by Mettle
2017-04-26 18:32:17 -05:00
43ac2c339e
Land #8291 , Acunetix XML import improvements
2017-04-26 17:38:52 -05:00
353191992f
move mettle payloads to meterpreter, add reverse_http/s stageless
2017-04-26 17:06:34 -05:00
c4f1130619
Acunetix XML import improvements.
...
This patch updates the MSF db_import functionality w.r.t. importing Acunetix XML files to do the following:
- import web vulnerabilities identified by Acunetix
- import all services for each scanned host
- does not pull in the specifc program/version name of each service, as that's pretty loosely formatted in the Acunetix XML
2017-04-26 12:16:20 -05:00
3347af24ba
Add some basic libc definitions for railgun
2017-04-25 15:12:39 -04:00
9c60c3ee46
Support platform specific railgun constants
2017-04-25 14:36:15 -04:00
6f763a616d
Land #8225 , Expose the shared wifi profile dumping feature in Mimikatz
2017-04-25 11:23:34 -05:00
aeed81de29
Code cleanup from Rubocop output
...
Signed-off-by: Craig Smith <agent.craig@gmail.com>
2017-04-24 20:42:03 -07:00
c2296dcd1b
Addes 'isotpsend' command to interactive commands to send ISO-TP related queries
...
Signed-off-by: Craig Smith <agent.craig@gmail.com>
2017-04-24 20:42:03 -07:00
36026ba8b4
Fixed active buses not being recorded. The 'connect' command now works for other extensions as well as modules. Added TesterPresent background packet transmissions to hold debugging sessions open.
...
Signed-off-by: Craig Smith <agent.craig@gmail.com>
2017-04-24 20:42:03 -07:00
2012ebf38f
Fixed bug with a duplicate ID in hash for errors
...
Signed-off-by: Craig Smith <agent.craig@gmail.com>
2017-04-24 20:42:03 -07:00
406051a3ff
Added more session management to hwbridge. Commands 'sessions' and 'background' added.
...
Signed-off-by: Craig Smith <agent.craig@gmail.com>
2017-04-24 20:42:03 -07:00
5537348e28
Addes Statistics support from the API. When typing status in a hardware bridge it will also print packet statistics.
...
Signed-off-by: Craig Smith <agent.craig@gmail.com>
2017-04-24 20:42:03 -07:00
daf8833174
Refactor a bunch of windows_name references
2017-04-24 19:54:00 -04:00
3cc089bcef
Support loading platform specific railgun defs
2017-04-24 19:46:56 -04:00
d3a759d631
Make changes for initial linux railgun support
2017-04-24 17:11:27 -04:00
7b936b0012
Land #8184 , convert IPMI protocol and modules to bindata
2017-04-17 07:40:15 -05:00
67047cf770
Revert "Fixes MS-1716, keep sessions in progress alive."
...
This reverts commit e5d0370a94
2017-04-16 15:52:22 -05:00
7950087804
Merge branch 'upstream-master' into land-8237-
2017-04-14 21:53:26 -05:00
cbebc5dc39
really remove errant keyscan_extract() call
2017-04-14 15:21:11 -05:00
303a767ccc
bring ukl branch up to date with upstream
2017-04-12 21:59:13 -05:00
271da4b4a5
Add new shared wifi profile dumping from kiwi
2017-04-11 22:01:52 +10:00
6983b0f857
Update the kiwi extension to show correct version number
2017-04-11 20:23:56 +10:00
3c260ea452
fix #7921 , HttpTrace and chunked encoding
2017-04-05 22:58:11 +02:00
5f88971ca9
convert NTP modules to bindata
2017-04-04 02:57:38 -05:00
46c7e822c8
convert IPMI protocol and modules to bindata
2017-04-04 02:44:17 -05:00
94a0b4b06c
Stop special-casing masscan
2017-04-04 00:33:13 -05:00
7de2aa1a63
Update Nmap parser to handle masscan
...
masscan is missing <status>, meaning hosts aren't treated as alive.
Thanks to @jhart-r7 and @jlmurray for working on this previously.
2017-04-03 02:26:14 -05:00
a65936452f
Add android wakelock command to turn the screen on
2017-03-28 16:24:11 +08:00
31c03840bb
Style fixes for HWBridge RF and a couple small bug fixes
...
I should have tweaked these earlier, my bad.
2017-03-26 13:45:19 -05:00
4e6cf58b22
Land #8143 , Fix variable typos in rfrecv related methods.
2017-03-24 15:38:52 -05:00
92c0748447
Land #8102 , Add a plugin to notify new sessions via SMS
2017-03-24 11:17:59 -05:00
c58e9acadd
Fix variable typos in rfrecv related methods.
2017-03-22 15:44:22 +02:00
ef53e6a593
fix execute and kill cmd usage/help
2017-03-22 16:29:47 +08:00
686f30e118
Land #8117 , p{grep,kill} for Meterpreter <3
2017-03-21 16:37:34 -05:00
7477e44d30
Use urlsafe Base64 en/decode calls.
2017-03-20 17:37:16 -05:00
c4279a837a
Minor formatting/spelling/verbiage changes.
2017-03-20 17:37:12 -05:00
2fde287424
Initial patch for rftransceiver (RfCat / YardstickOne)
2017-03-20 17:36:16 -05:00
321988c282
Replace errant '.' with ','
2017-03-20 16:36:13 -05:00
2acd941b16
Merge branch 'master' into dtc_fix
2017-03-20 14:10:01 -05:00
0be6b8c905
Fixes #8022
...
Adds detection for ELM327 chips reporting CAN ERROR when vehicle is off.
Addes some enhanced UDS Error codes.
Cleaned up reporting from getvinfo if the vehicle is off or not connected.
2017-03-20 13:49:39 -05:00
06ebb22a8f
Land #8065 , Zigbee Hardware Bridge Extension
2017-03-20 10:44:15 -05:00
f9ecefe465
Land #8031 , nil fixes for HWBridge
2017-03-19 22:37:28 -05:00
dd6e75986d
add -l and -f flag simulation for pgrep, XXX rex handles flag opts poorly
2017-03-16 23:48:39 -05:00
70bbacf7ed
kill processes in reverse, allow children before parents more likely
2017-03-16 23:48:04 -05:00
095a110e65
Code and doc tweaks (minor).
...
Only one behavior change in the scan loop of zstumbler.rb to, when doing a scan across all the channels, keep it from retrying channel 11 again one last time just before it exits.
2017-03-16 21:43:36 -05:00
ab75794cd4
Land #8071 , Add API to send an MMS message to mobile devices
2017-03-16 11:57:34 -05:00
85f7d73d4d
add pgrep as well
2017-03-16 04:14:45 -05:00
c9a85f58c0
add pkill command, rework to share filtering logic with ps
2017-03-16 03:57:49 -05:00
a1be63e449
fix warnings in rex argument parser
2017-03-16 03:57:49 -05:00
91a4657c36
Bumped the metasploit-payloads version and cache sizes with PR#8043
2017-03-15 19:02:21 -05:00
befc5e05e5
Fix more kernel32 railgun definitions using DWORD
2017-03-14 18:42:52 -04:00
d759c603b2
Fix more kernel32 railgun definitions using DWORD
...
Some railgun definitions for the kernel32 module define DWORD for the
functions return type when it should be HANDLE. This causes errors on
64-bit systems when the return value is truncated.
2017-03-14 16:58:22 -04:00
bb4d6e17c8
Resolve #8026 , Add a plugin to notify new sessions via SMS
...
This plugin will notify you of a new session via SMS.
It also changes the SMS text format to MIME.
Resolve #8026
2017-03-13 16:13:59 -05:00
702d1c2b7e
Fix bug for subject
2017-03-08 11:43:36 -06:00
Tabish Imran
Brent Cook
Pearce Barry
Corey Harding
James Lee
bwatters-r7
William Webb
wchen-r7
OJ
dmohanty-r7
Anderson
Spencer McIntyre
Dirkjan Mollema
RageLtMan
Tim
TheNaterz
HD Moore
William Vu
Brent Cook
Craig Smith
Christian Mehlmauer
Leon Jacobs