93450b87dd
use common retry options for UDP
2018-02-15 14:36:21 -06:00
6fe8691528
Fix #9090 , honoring retry counts for x86/64 payloads
...
Fix #9090
2018-02-15 13:52:34 -06:00
0f656d6b5b
Land #9563 : improve memory usage on meterpreter file upload
2018-02-15 12:07:19 -06:00
7e03bf838b
Fix src_size view
2018-02-15 17:44:41 +05:00
a0c473f29e
Upload memory usage optimization
...
Optimize xor_bytes memory usage, use small buffer for upload,
add verbosity
2018-02-15 17:05:22 +05:00
177e1321ae
Aux command dispatcher in exploit ctx with action
...
The Auxiliary command dispatcher checks modules for passive actions
expecting them to have included Msf::Module::HasActions mixin. The
mixin is included in post and aux modules already, but not in
exploits. When the aux dispatcher handles an exploit module, it
may get upset along the lines of:
```
[-] Error while running command exploit: undefined method 'passive'
for #<Msf::Modules::M...3::MetasploitModule:0x0000000d83de0428>
Did you mean? passive?
Call stack:
/opt/metasploit4/msf4/lib/msf/ui/console/command_dispatcher/
auxiliary.rb:106:in `cmd_run'
```
Avoid this mess by having the conditional which checks the methods
included by that mixin depend on the module having included the
mixin in the first place.
Testing:
In local fork (hence the lineno) it seems to fix the problem.
The problem condition and fix should be independently tested
upstream.
2018-02-15 04:20:09 -05:00
9a293cd30e
Fix #8120 , Fix undef method 'gsub' in bavision_cam_login
...
Fix #8120
2018-02-14 11:03:03 -06:00
3811665b69
Land #7699 , Add UDP handlers and payloads (redux)
2018-02-13 14:50:09 -06:00
f5768e7ced
gate session reported when using bind udp
...
While this method here is somewhat noisy on the network it eliminates
a poor user experience when the handler is started but the payload is
not yet running on the target.
When a target is sent a udp packet and it is not rejected push down
an initial "echo syn" command that will respond with output. This
allows framework to be aware that the payload is what is running on
the server port instead of assuming a non-existent target is a valid
session.
2018-02-13 14:44:57 -06:00
8ae8a0d94b
added bind_named_pipe payload
2018-02-11 18:56:50 -07:00
b9faa9e92b
Fix a typo
2018-02-09 20:28:55 -06:00
81e0d56261
Always write the file as long as the option is set
2018-02-09 20:28:12 -06:00
958513bd86
Fix #9522 , Add output file support to the vulns command
...
This adds a new feature for the vulns command for msfconsole. It
allows the user to be able to save the vulnerability as a CSV
file.
Fix #9522
2018-02-09 19:45:46 -06:00
c612dbfdbf
Also fix GitHub related pull request links
2018-02-09 15:16:10 -05:00
b2d617bde7
Fix a bug in the markdown docs references
2018-02-09 13:41:39 -05:00
c642d420c2
Land #9489 , Add scanner for the Bleichenbacker oracle (AKA: ROBOT)
2018-02-08 12:55:02 -06:00
b1d0529161
prefer 'shell' channels over 'exec' channels for ssh
...
If a command is not specified to CommandStream, request a "shell"
session rather than running exec. This allows targets that do not have a
true "shell" which supports exec to instead return a raw shell session.
2018-02-08 02:21:16 -06:00
b88eff7e97
Switch the docs search order
2018-02-07 16:43:15 -05:00
214c137b4a
Don't use parenthesis around pgets
2018-02-07 15:53:11 -05:00
0ad7d10e05
Use a continuation flag to disable tab completion
2018-02-06 14:44:55 -05:00
6d7579d907
Support breaking commands into multiple lines
2018-02-06 14:29:11 -05:00
8b56bbc541
Update mkdir as well for path expansion
2018-02-05 16:16:53 -05:00
c70bcb5869
Use a constant for the regex and update rmdir too
2018-02-05 16:06:16 -05:00
f441306036
Expand paths for meterpreter's cp, mv, and rm cmds
2018-02-05 15:22:05 -05:00
2a79319dad
Support local knowledge base documents
2018-02-05 11:13:05 -05:00
d5ae2bb55b
Fix pivot handler to not consume all packets
...
Packet handlers should only return true if they consume a packet.
Otherwise, they should return false so something else can consume it.
This fixes port forwards by allowing the socket handler to see packets
that were otherwise being discarded in the pivot handler.
2018-02-02 18:01:05 -06:00
0a3fe0c608
fix html escaping for UTF-8 module metadata
2018-02-02 16:35:50 -06:00
02e81d166d
Add Enum-type options for external modules
2018-02-02 14:40:04 -06:00
ab36b5dd5d
Add support for single-IP external scanners
2018-02-02 14:01:16 -06:00
c9473f8cbc
Land #9473 , new MS17-010 aux and exploit modules
2018-02-01 23:56:29 -06:00
afef1948bf
catch exception for patched Vista
2018-02-01 21:39:25 -07:00
469209a2b3
prefer x64 dynamite
2018-01-31 17:19:09 -07:00
6d7b48382e
fix print arch key
2018-01-31 17:17:53 -07:00
ec26f01360
fix x64 typo
2018-01-31 17:12:07 -07:00
da23432745
Update cleanup method to check CWD
2018-01-31 16:19:43 -06:00
e60aeca2db
Pass in session to CWD check
...
Oops, used to this being accessible universally. Not the case here.
2018-01-31 16:19:43 -06:00
199a7cc134
Check for subdirectories and relative paths
2018-01-31 16:19:43 -06:00
09d931e392
Split assignment across two lines for clarity
...
https://github.com/bbatsov/ruby-style-guide#use-if-case-returns
2018-01-31 16:19:43 -06:00
15ff70fbda
Add warning to FileDropper for deleting CWD
2018-01-31 16:19:43 -06:00
d5d3769517
more robust Windows XP SP0/SP1 fix
2018-01-30 18:11:07 -07:00
a9fa1b6a4d
catch TypeError for matched pairs Frag leak
2018-01-30 10:32:59 -07:00
bbeccdd024
more trace and more flexible tolerance for SP0/SP1
2018-01-29 19:57:43 -07:00
9ea64db26f
Fix proxy authentication
2018-01-30 11:55:04 +09:00
7007bc1444
hopefully fixed XP SP0/SP1 issues
2018-01-29 19:11:30 -07:00
cfb7aa6de7
NULL pointer checks on read/write primitives
2018-01-29 18:10:01 -07:00
b5a88e3c8b
remove VERBOSE req for prints in DBGTRACE
2018-01-29 15:01:37 -07:00
9b7c19db08
fix exception
2018-01-29 07:57:08 -07:00
a15befe94b
squelch ::Rex::Proto::SMB::Exceptions::NoReply
2018-01-29 07:48:00 -07:00
6d35d241de
fix pack error for xp
2018-01-29 07:45:07 -07:00
1a74c60339
fix output
2018-01-29 02:21:01 -07:00
0c23c5fcad
notes
2018-01-29 01:37:03 -07:00
24a79ae7b3
clean up DBGTRACE
2018-01-29 01:18:49 -07:00
a321a70349
clean up token for earlier versions of windows
2018-01-29 01:09:31 -07:00
4bc3b31550
properly scope cleanup
2018-01-29 00:49:38 -07:00
bfef87a445
fixed up indentations
2018-01-29 00:19:42 -07:00
42dbab763b
increased leak attempts
2018-01-28 23:27:19 -07:00
7b19951317
fix the danger zone
2018-01-28 22:32:00 -07:00
9df4075d96
win10 needs full path to IPC$, should fix in Rex too
2018-01-28 21:15:13 -07:00
7cc00c0e10
fixed padding/offsets for win 10
2018-01-28 21:10:51 -07:00
237c3f7b2c
crash 10.14393... should fail to leak transaction
2018-01-28 18:52:43 -07:00
2723b328aa
misc tidying, added more randomness
2018-01-28 18:20:18 -07:00
6c2d5b1fc2
semi-completed exploit files
2018-01-28 18:13:25 -07:00
c8ff2adf06
added support for smb client
2018-01-27 20:49:17 -07:00
309deb9ee7
Land #9446 , Post API fix for setuid_nmap
2018-01-25 16:00:40 -06:00
7f1803590e
Fixed on_db_*_state db events
...
Missed arguments for on_db_host_state and on_db_service_state methods.
Call these methods only when host/service state changed and pass the
old state as argument `ostate` (not sure about what `ostate` meens..)
2018-01-25 21:47:38 +01:00
fd4d5756bf
Land #9335 , Added socket bind port option for reverse tcp payload.
...
Merge branch 'land-9335' into upstream-master
2018-01-24 11:50:10 -06:00
6caba521d3
Land #9424 , Add SharknAT&To external scanner
2018-01-24 12:40:29 -05:00
d08510596f
Keep reading external messages on stderr eof
2018-01-23 10:46:06 -06:00
df633247bb
expose linux/osx process rename functionality
2018-01-23 09:56:12 -06:00
18b8fc2e0e
Add Msf::Post::File#setuid?
2018-01-23 02:05:26 -06:00
ef1d4ddb03
Add UDP handlers and payloads (redux)
...
This is a repackaging effort for the work i originally pushed in
6035. This segment of the PR provides UDP session handlers for
bind and reverse sessions, a Windows Metasm stager (really the
TCP stager with a small change), and a pair of socat payloads for
testing simple UDP shells. Netcat or any scripting language with
a sockets library is sufficient to use these sessions as they are
stateless and simple.
Testing of this PR requires rex/core #1 and rex/socket #2
The SSL testing which was being done on 6035 is backed out, left
for a later time when we can do DTLS properly.
2018-01-23 02:00:55 -05:00
03d1523d43
Land #6611 , add native DNS to Rex, MSF mixin, sample modules
2018-01-22 23:54:32 -06:00
afaf832034
remove verbose error from library, bubble consistent exceptions to the module instead
2018-01-22 23:52:20 -06:00
aae77fc1a4
Land #9349 , GoAhead LD_PRELOAD CGI Module
2018-01-22 23:10:36 -06:00
670055da4b
Prevent leaked sockets in edge cases
2018-01-22 22:14:16 -06:00
c76fa2c58f
Vendor async_timeout
2018-01-22 22:12:28 -06:00
964810146a
Python library style fixes
2018-01-22 22:10:32 -06:00
9a35c324c0
Land #9352 , Pull out HTTP-specific code from PacketDispatcher
2018-01-22 16:52:24 -06:00
10fde42adc
Land #9431 , Fix owa_login to handle inserting credentials for a hostname
2018-01-22 16:46:39 -06:00
27a007fb57
Land #9432 , cmd_edit improvements (again!)
...
We seem to enjoy refactoring this method.
2018-01-22 12:38:08 -06:00
a255586750
Refactor to use guard clauses
2018-01-22 12:38:02 -06:00
e927c97652
Land #9434 , Fix timing issue with rspec
2018-01-22 09:42:07 -06:00
95e9707349
Call db event handlers
...
Implemented plugins handlers defined in
lib/msf/core/database_event.rb:
- on_db_client
- on_db_host
- on_db_service
- on_db_vuln
- on_db_host_state
- on_db_ref
- on_db_service_state
2018-01-21 19:35:55 +01:00
7ad296d511
bump payloads, fix cmd_exec meterpreter logic
2018-01-21 07:56:24 -06:00
ba75d19d34
Fix failing spec.
2018-01-19 15:52:25 -06:00
2a6b3671bf
Add connection addr+port info to http response object.
...
Update owa_login to use this instead of doing lookups on its own.
2018-01-19 13:37:33 -06:00
87f8b68099
Ensure config directory always exist, seems to be timing issue in rspec
2018-01-18 14:56:07 -06:00
df71defdea
fix library-specific error messages to not appear with modules
2018-01-18 05:55:51 -06:00
b4bb1b5ed1
fix whitespace patchups for current python meterpreter
2018-01-18 00:28:04 -06:00
86c927edb7
fix msfvenom referencing a nil typed_module_set
2018-01-18 00:16:42 -06:00
7fe237abe1
Land #9220 , Module cache improvements
2018-01-17 22:34:51 -06:00
06459e2dee
cowardly continue using ~/.msf4 until we have an actual reason to switch
2018-01-17 22:01:56 -06:00
facecb40d7
change default prompt for users who use '-q'
2018-01-17 22:01:34 -06:00
cbd1a2a505
update default startup with version info
2018-01-17 21:59:53 -06:00
08f622b0ce
update version
2018-01-17 17:24:15 -06:00
0f0b116751
Rename scanner bits to avoid confusion
2018-01-17 14:46:31 -06:00
37bf68869f
Add scanner for the open proxy from 'SharknAT&To'
2018-01-16 21:05:19 -06:00
a5be16f74e
Add batch scanner external module type
2018-01-16 21:05:19 -06:00
fb41eea8cc
Add vuln reporting to external module API
2018-01-16 21:05:19 -06:00
9527c6ffcf
Ensure all messages are read from external modules
2018-01-16 21:05:19 -06:00
Brent Cook
Wei Chen
a1exdandy
RageLtMan
Jeffrey Martin
UserExistsError
Spencer McIntyre
Jacob Robles
Adam Cammack
William Vu
zerosum0x0
ssyy201506
zerosum0x0
Sliim
bwatters-r7
Matthew Kienow
Pearce Barry
christopher lee