17c8f7c4c7
support iterating across RHOSTS for exploits
2018-03-12 15:46:03 -05:00
4ab36bc713
factor out exploit runner from command parsing
2018-03-12 15:46:02 -05:00
b456cd2c8c
use RHOSTS in many places where we used RHOST
2018-03-12 15:46:02 -05:00
d6871f5733
Land #9614 , Juniper post enum module
2018-03-06 10:29:56 -06:00
708f1da0ed
fix SSL certificate provider
2018-03-05 17:01:37 +01:00
0d07d44b14
ReLand #9565 , Reverse TCP x64 RC4 via max3raza's rc4_x64 asm
...
This reverts commit 7964868fcd
2018-03-02 16:09:52 -06:00
7964868fcd
Revert "Land #9565 , Reverse TCP x64 RC4 via max3raza's rc4_x64 asm"
...
This reverts commit fcc579377f95cd149378
2018-03-02 08:29:48 -06:00
fcc579377f
Land #9565 , Reverse TCP x64 RC4 via max3raza's rc4_x64 asm
2018-03-02 07:34:45 -06:00
f446f726ad
Land #9596 , fixes #9592 , broken NTP DRDoS modules
2018-03-01 17:12:00 -08:00
883654f0ea
Land #9653 , fix Y2k38 issue (until Jan 1, 2038)
2018-03-01 09:13:41 -06:00
4fec2e758d
make fix more precise, based on https://github.com/rapid7/metasploit-framework/pull/2343
2018-03-01 08:59:55 -06:00
27bd2a4a9f
workaround Y2k38 issues in java certificate generation
2018-03-01 08:41:28 -06:00
2d5f089ee6
Land #9646 , fix stale module cache issue
2018-02-28 15:17:00 -05:00
425f949bf8
Land #9638 , treat 'password must change' as a successful login
2018-02-28 11:28:38 -06:00
0949e0a501
Don't munch exception
2018-02-28 11:28:07 -06:00
cea61e7aa4
Fix bug with remove_from_cache
2018-02-28 11:21:34 -06:00
1686b82a40
Adhere to style guide by using unless
2018-02-28 11:11:26 -06:00
8b4c7b886f
Updated to use delete_if
2018-02-28 11:00:40 -06:00
964be3b5f0
Fix problem with stale module cache
2018-02-28 08:41:14 -06:00
9597e5294d
treat MUST_CHANGE + PASSWORD_EXPIRED as valid
2018-02-27 15:21:21 -06:00
f09c5eafc7
Appease hound
2018-02-27 04:12:58 -06:00
46299dff00
The DRDOS mixin operates on strings, so make the bindata'd NTP classes cooperate
2018-02-27 04:12:57 -06:00
d7853aaf60
Revert "update NTP drdos lib to use correct method on bindata objects"
...
This reverts commit 166070e9c37a4130f976f806116881c70a8401c6.
2018-02-27 04:12:57 -06:00
bcf5918fb6
update NTP drdos lib to use correct method on bindata objects
2018-02-27 04:12:57 -06:00
66e3ac4c76
treat 'password must change' as a successful login
2018-02-26 17:57:31 -06:00
0e4fc48df4
Fix #9602 , a little defensive programming
...
Check for a nil message and unnecessary auth failures while looping.
2018-02-26 16:52:25 -06:00
c7bbc6eca4
juniper post enum module
2018-02-22 21:08:21 -05:00
738d6ab33a
Land #9604 , Fix logged errors when running without Python 3.6 / gmpy2
2018-02-22 08:11:30 -06:00
3f88e59516
handle Python 3.5/3.6 differences so we always have a UTF-8 string
2018-02-21 21:54:27 -06:00
3880f6a65e
Finally fix "Unknown admin user ''" after 2yrs
...
The failed password auth was necessary after all. I misread the PoC. :'(
Apparently the password auth sets the username, while the backdoored
keyboard-interactive auth sets the password.
2018-02-21 20:44:35 -06:00
78822fd799
Land #9524 , prefer 'shell' channels over 'exec' channels for ssh CommandStream
2018-02-21 06:59:09 -06:00
99965c142b
remove duplicate check
2018-02-20 04:42:49 -06:00
bb3a11dd20
use ctrl-d to cancel input instead
2018-02-20 04:40:00 -06:00
f5f7b4d25a
handle sessions still open
2018-02-20 03:31:20 -06:00
e995ccfc33
make this a little easier to read
2018-02-20 03:27:55 -06:00
e26fb49c99
if we have no more input from the console, quit
2018-02-20 03:27:38 -06:00
3d8451e616
Land #8997 , add local 'ls' support to Meterpreter sessions
2018-02-19 23:21:59 -06:00
b9c1a64d20
Land #9505 , Support local knowledge base documents
2018-02-19 21:39:55 -06:00
93689f0f0e
Land #9270 , Implement plugin API for hooking database events
2018-02-19 21:36:26 -06:00
4e9d900a17
Land #9507 , Expand paths for meterpreter's cp, mv, and rm commands
2018-02-19 21:26:03 -06:00
3d67d2ed12
Land #9443 , Add warning to FileDropper for deleting CWD
2018-02-19 21:22:39 -06:00
b3f26ea55f
bind_named_pipe fixes
2018-02-18 10:31:57 -07:00
80779f73ef
Implement Michael Schierl's suggestions
2018-02-16 23:03:05 -05:00
bd2af0143a
properly handle when there is no stat callback specified on upload
2018-02-16 16:14:09 -06:00
289277c613
Land #9516 , Support Bash-Style Continuation Lines
2018-02-16 10:53:58 -06:00
354eb4092a
Reverse TCP x64 RC4 via max3raza's rc4_x64 asm
...
To round out the work done by mihi for x86 stages back in the day,
this PR provides x64 Windows stage encryption in RC4 via assembly
written/modified by max3raza during adjacent work on DNS tunneled
transport.
Stage encryption differs from encoding in that there is no decoder
stub or key materiel carried with the stage which can be used by
defensive systems to decode and identify the contents. Persistence
payloads, oob-delivered stage0, and other contexts benefit heavily
from this as their subsequent stage is difficult to detect/identify,
and the chance of accidental execution of the wrong payload/stage
is drastically reduced if separate keys are in play for individual
targets - acquiring the wrong stage will result in decryption
failure and prevent further execution.
For historical context, all of the RC4 stagers implement in-place
decryption via stage0 for the contents of stage1 using the provided
passphrase converted to a key and embedded in stage0 as part of the
payload.
Testing:
In-house testing with Max - we got sessions, loaded extensions.
Notes:
All credit for the work goes to Max3raza - big ups for getting
this knocked out.
2018-02-16 05:15:05 -05:00
6734e532f5
Land #9562 , avoid an error with aux module command dispatcher
2018-02-15 17:46:58 -06:00
a197997aca
avoid chinese finger trap logic, put it all on one side
2018-02-15 17:45:09 -06:00
38b03fdfff
Merge branch 'upstream-master' into land-9539-
2018-02-15 16:22:13 -06:00
2d3aef9031
Land #9533 , Add output file support to the vulns command
2018-02-15 15:52:25 -06:00
Brent Cook
dcylabs
bwatters-r7
Jon Hart
Sonny Gonzalez
Matthew Kienow
Jeffrey Martin
christopher lee
William Vu
h00die
Jacob Robles
UserExistsError
RageLtMan