4059a5f0c7
Changed range array building to correctly parse ranges using - or ..
...
Fixes #11328
2019-01-29 14:13:10 +01:00
9fce991d8e
Land #11322 , report hostname and OS version for Cisco aux mixin
2019-01-29 05:28:34 -06:00
96786f435c
Land #11315 , fix incorrect API usage of session_setup_clear
2019-01-29 05:26:07 -06:00
61d677d9e0
Land #11327 , disable MSF5 development branch banner
2019-01-29 05:24:43 -06:00
1b9c7ef6ff
disable MSF5 development branch banner
2019-01-29 05:19:56 -06:00
92e846d09d
Chomp user input alone
...
[1] pry(main)> "\r\n".chomp("\n")
=> ""
[2] pry(main)>
Meh.
2019-01-28 17:46:03 -06:00
accdd791f7
Fix a args generation issue for external evasions
2019-01-28 16:10:44 -05:00
607bbe90e3
Add tab completion for evasion module options
2019-01-28 13:22:51 -05:00
28370b7f29
Add support for external evasion modules
2019-01-28 13:22:22 -05:00
32c090868c
adjustments for analyze
2019-01-28 10:11:40 -06:00
56de74b3d6
db cisco hostname and version
2019-01-27 20:33:19 -05:00
d078fcd87c
Land #11270 , fix miscellaneous loot issues
2019-01-25 19:15:14 -05:00
b98133cded
Dont assign unique file name when theres no file on disk
2019-01-25 16:36:17 -06:00
27a0cbfcab
Rename file on disk when updating path attribute
2019-01-25 13:34:14 -06:00
9930edf704
jtr modernizations
2019-01-25 14:07:24 -05:00
9e3a39bcf9
Dont try to process empty loot
2019-01-25 12:34:52 -06:00
91da35070d
updated smb-client to make it working again after being bugged for some time
2019-01-25 12:47:18 +01:00
c6f1c10737
Normalize newlines in CommandShell#run_single
...
Lines from normal interaction will include a trailing newline, while
lines from resource scripting will not.
2019-01-24 12:53:09 -06:00
9e06040efe
Bump version of framework to 5.0.3
2019-01-24 10:06:14 -08:00
f0aa002009
Land #10119 , Linux post-exploitation metashell
2019-01-24 11:24:12 -06:00
8b6807254b
Fix whoami
2019-01-24 10:57:53 -06:00
c09515da82
Update nuuo.rb
2019-01-24 07:52:56 +07:00
f04c2537f6
Land #11305 , Add default to wordlist.to_file()
2019-01-23 15:20:10 -06:00
a96660847f
Land #11303 , Add Post::Linux::Kernel.cpu_flags
2019-01-23 15:10:42 -06:00
459a7e490e
Land #11271 , Resource scripting for command shells
2019-01-23 15:04:05 -06:00
fa7c7fc956
keep wordlist.to_file() backwords compatible
2019-01-23 10:52:49 -06:00
9ecd22e63c
Add Msf::Post::Linux::Kernel.cpu_flags
2019-01-23 11:35:38 +00:00
b5dbacc42f
Update lib/msf/core/exploit/remote/nuuo.rb
...
Co-Authored-By: pedrib <pedrib@gmail.com>
2019-01-23 16:09:43 +07:00
08aa1c3ed0
Update lib/msf/core/exploit/remote/nuuo.rb
...
Co-Authored-By: pedrib <pedrib@gmail.com>
2019-01-23 15:32:15 +07:00
d8f9e41686
Update lib/msf/core/exploit/remote/nuuo.rb
...
Co-Authored-By: pedrib <pedrib@gmail.com>
2019-01-23 14:13:31 +07:00
3b98add519
Update nuuo.rb
2019-01-23 11:16:41 +07:00
9375ee2ffc
Change only the last methods to private
2019-01-23 11:00:42 +07:00
0b109ae1bd
Land #11275 , Fix a typo in command_dispatcher/core.rb
...
Fix typo of "architectures" in pivot command help
2019-01-22 11:58:26 -06:00
2a9b65e845
Land #11268 , set AndroidWakelock=true by default
2019-01-22 11:56:37 -06:00
1b674a6bb5
Land #11272 , Tempfile over Rex for info -d for better cleanup
2019-01-22 11:38:41 -06:00
442ce7317f
Commit missed Rex::Quickfile line
2019-01-22 10:40:09 -06:00
0562aa50b4
Update nuuo.rb
2019-01-22 12:45:18 +07:00
94f5b4081f
Fix file download / upload bug
2019-01-22 11:17:47 +07:00
459598b91b
Update mixins to include new nuuo file
2019-01-21 16:40:37 +07:00
72a55fe0fc
Add nuuo NUCS core lib
2019-01-21 16:39:16 +07:00
444555d3be
Land #11261 , Add maximum word length to JtR wordlist generation
2019-01-20 04:14:57 +00:00
f8af9a9e4d
Merge remote-tracking branch 'upstream/master' into pr/10119
2019-01-18 10:43:34 -06:00
c808cbe050
Bump version of framework to 5.0.2
2019-01-17 20:41:51 -08:00
80e70a145d
Fix typo of "architectures" in pivot command help
2019-01-17 20:16:43 -06:00
e488cf4a37
Prefer Tempfile over Rex::Quickfile for info -d
...
Rex::Quickfile undefines Tempfile's finalizer, preventing cleanup.
2019-01-17 13:58:03 -06:00
a5a8c88a6e
Implement resource scripting for command shells
2019-01-17 13:39:03 -06:00
4b87d54430
Add comment explaining why we prevent loot.data update
2019-01-16 15:29:27 -06:00
fd6527bac8
Prepend loot filenames with unique string
...
This should help prevent accidentally overwriting files with the same name
2019-01-16 15:20:41 -06:00
705c269d27
Handle empty data values for loot
2019-01-16 10:59:07 -06:00
d6462fed63
Dont allow users to update loot.data
2019-01-16 10:01:22 -06:00
06de16a36f
Merge remote-tracking branch 'upstream/master' into pr/10119
2019-01-15 18:33:48 -06:00
dc7d611780
Base64 encode the data field for each loot operation
2019-01-15 18:01:43 -06:00
70c4e719c9
Land #11190 , fix multi line text in android send_sms
2019-01-15 17:18:37 -06:00
27d6fffdad
Land #11125 , Import/generate `ysoserial` Java serialization objects
2019-01-15 17:09:56 -06:00
85555b81c4
Update code for Ruby coding style standards
2019-01-15 17:08:54 -06:00
5c308b1448
Remove nested loot object from host JSON
...
The code on the framework side that was utilizing this was removed
a while ago. It was never actually being used anywhere, and was causing
issues with getting host objects back when the loot contained
non-UTF-8 characters
2019-01-15 16:45:04 -06:00
3bf4726b15
Fix pid_uid
2019-01-15 14:34:29 -06:00
42c9553283
Dont do a separate lookup for loot.host, use the included JSON
...
This is just a temporary change. Eventually we should be doing separate
lookups for associated objects as that is the RESTful way of doing it.
Implementing this now to prevent extra load on the server until we can
put a better system in place of doing multiple lookups with a single call.
2019-01-15 12:47:37 -06:00
923a4ba098
Land #11263 , uppercase KoreLogic in JTR modules
2019-01-15 08:50:11 -06:00
93f66a1f22
uppercase
2019-01-15 08:04:11 -05:00
4d847e97fc
... over -1
2019-01-14 22:41:11 -05:00
509b4e979d
max_length -1
2019-01-14 22:28:46 -05:00
2c02dbc8a6
add max_length to wordlist generation
2019-01-14 22:20:33 -05:00
ddd9ab2041
Fixed an off-by-one error in the fingerprinting randomization
2019-01-14 17:42:59 -06:00
e168458861
Make calls to get the associated host when getting loot
2019-01-14 15:51:51 -06:00
2543d60465
Use 'to_s.strip' for Msf::Post::File.pwd output
2019-01-12 08:47:23 +00:00
e9a8d5708a
Land #11234 , @bcoles revisionism
2019-01-11 20:15:34 -06:00
a575c6d7c3
revisionism
2019-01-11 16:52:26 +00:00
462f779bda
Fix conflict.
2019-01-11 11:39:16 +08:00
96173c101a
Fix bug when the cidr of rhosts is 32.
2019-01-11 11:31:54 +08:00
689355e47f
Support multiple rhosts for auxiliary modules.
2019-01-11 11:31:28 +08:00
d18c6bd158
Land #11188 , Correct authentication logic in host and event servlets
2019-01-10 13:09:26 -06:00
16f152f6e3
Bump version of framework to 5.0.1
2019-01-10 09:41:50 -08:00
65f127a66f
Land #11222 , Display error when update operation has invalid fields
2019-01-10 11:33:22 -06:00
0435d7e1d6
Return the updated objects
2019-01-10 11:04:42 -06:00
5055e421f5
Add ! to cred update
2019-01-10 10:56:28 -06:00
0ad89528ea
Update pattern for creds
2019-01-10 10:55:36 -06:00
f125526e09
Land #11207 , implement db_import for web service
2019-01-10 10:28:29 -06:00
d686303cff
Land #11228 , Move msfdb_ws to tools/dev since it is deprecated by msfdb
2019-01-10 09:28:34 -06:00
4074913b60
Dont log every request when using HTTP data service
2019-01-10 00:30:54 -06:00
43f8a543e1
Land #11213 , enable starting JSONRPC server from msfrpcd
2019-01-09 23:37:47 -06:00
c3f71a1692
Update Rspec expected thread count
...
When REMOTE_DB is set there is a thread for the web service, in
addition to the External modules thread manager, so there is one or two
threads by the end of the test run in addition to the main VM thread.
2019-01-09 23:56:16 -05:00
24f5422db9
use analyze.host to reflect final location of util
2019-01-09 16:59:50 -06:00
f93497de8f
refactor to allow analyze via rpc
2019-01-09 16:48:54 -06:00
f636982b09
Land #11211 , change db_connect persistence logic
2019-01-09 15:11:08 -05:00
b6cfb5f697
Add Msf::Util::ServiceHelper class
2019-01-08 22:39:26 -05:00
a2548fe92d
Only lookup db connections by name
...
Matching on all attributes was causing issues when the connection
criteria would change for a db service at a host that already existed.
It would find the existing connection and load that outdated connection
and fail to connect.
The new functionality will save a new, valid connection with a randomly
generated name, unless the -n flag is specified to overwrite an existing
connection.
2019-01-08 15:21:14 -06:00
84a8c9b638
Minor method comment change
2019-01-08 14:02:40 -05:00
8c29319b25
Add session_events method
2019-01-08 14:02:40 -05:00
fa783256eb
Remove unnecessary argument default value
2019-01-08 14:02:39 -05:00
d677eb16a9
Enhance session_events query
2019-01-08 14:02:32 -05:00
d117e6a1d1
Land #11142 , use POST for API token generation
2019-01-08 11:59:30 -05:00
466b0004e1
Land #11163 , add API endpoint for retrieving Mdm::Events
2019-01-08 09:26:53 -06:00
69ee3a4a26
Land #11187 , Conform LoginServlet to API standards
2019-01-07 17:03:39 -06:00
f23142c19c
Land #11183 , add authentication to LoginServlet endpoints
2019-01-07 17:02:31 -06:00
cfa22bb4ec
Exclude key from VulnDetail update
2019-01-07 16:33:50 -06:00
771469f4cd
Update all Mdm::xx.update() instances
2019-01-07 16:24:13 -06:00
6641c606b2
Add support for db import from remote data service
2019-01-07 14:32:27 -06:00
02fda8625a
Address code review comments.
...
- Fix CSS on submit button
- Dont generate a new token when logging in to web form
- Also added text to account page to send the user to the login page when not logged in
2019-01-07 13:52:01 -06:00
0ca4dd829e
Fixed an off-by-one error in fingerprinting string randomization
2019-01-04 16:31:43 -06:00
101fbb7aa5
Address code review comments
2019-01-04 15:23:24 -06:00
83267d08e0
Update jquery version and use SRI
2019-01-04 15:23:24 -06:00
4bbf84b949
Update login test page to use POST for generate-token
2019-01-04 15:22:32 -06:00
60681e4385
Use POST for token generation
2019-01-04 15:22:32 -06:00
1b29e17827
Dont array wrap refs
2019-01-04 15:10:21 -06:00
b875d391fc
WIP: updating ref lookup based on code review comments
2019-01-04 15:10:20 -06:00
5f43ec0a79
Address code review comment
2019-01-04 15:10:20 -06:00
0281ddf78c
Remove vuln_refs from Vuln JSON schema
...
This object is just a pointer between Vulns and refs. We don't need to surface it
2019-01-04 15:10:20 -06:00
10cceb0e9b
Fix a couple of bugs introduced by symbolizing to_ar
2019-01-04 15:10:20 -06:00
e9931fa70e
Fix bug when updating Mdm::Vuln.refs
2019-01-04 15:10:19 -06:00
bcfe434d1e
Update to_ar to use symbolized keys
2019-01-04 15:10:19 -06:00
f4e84da495
add comment
2019-01-03 18:00:06 +08:00
cfec99b1a8
Land #11154 , tab completion for aux rerun/exploit
2019-01-02 18:44:04 -06:00
c0dd020ff5
fix linux meterpreter ls
2019-01-02 19:09:46 +08:00
79c58cd786
fix #11158 , fix multi line text in android send_sms
2019-01-02 03:51:59 +08:00
05d78e23ea
fix #11189 , fix meterpreter ls handling of large files
2019-01-02 03:34:13 +08:00
4fc65b39a1
Make position of warden call the same as others
...
Minor correction for consistent usage since a previous refactoring moved
the authenticate call into the begin block.
2018-12-31 16:38:26 -05:00
7b22527f8f
Make error message use same language as others
2018-12-31 16:37:08 -05:00
05d810ac23
Add support for GET with ID in the path
2018-12-31 15:46:00 -05:00
0e56c30ab2
Use data object wrapper for JSON response
2018-12-31 15:43:16 -05:00
12f4222b2e
Fix to ensure authentication
2018-12-28 16:29:33 -05:00
8361dab983
Minor method comment change
2018-12-27 21:57:31 -05:00
66505790f9
Land #11179 , Replace Sysrandom with Ruby default SecureRandom
2018-12-27 11:33:29 -06:00
34e99c3857
Modify GET error message to match other servlets
2018-12-26 22:45:33 -05:00
0d0356ccdd
Land #11126 , Update sessions through the DBManager
2018-12-26 13:15:43 -06:00
ebc7a3a315
Replace sysrandom with ruby default securerandom
2018-12-26 13:40:44 -05:00
f5210abb55
Add rspec
2018-12-26 11:18:44 -06:00
12a948dde5
Move down cmd_rerun to fix rspec issue.
2018-12-24 11:30:02 +08:00
b5bc65c3bd
Add GET handler to query events
2018-12-21 22:18:10 -05:00
a448b26f73
Remove unnecessary argument default value
2018-12-21 22:13:52 -05:00
5e971132f3
Enhance events method to fully query events
2018-12-21 22:07:43 -05:00
7e10b38421
Add events method
2018-12-21 21:37:42 -05:00
9736e8252c
Merge branch 'master' into land-11038-
2018-12-21 16:31:53 -06:00
b4ff3b544f
Add CMDSTAGER::SSL datastore option
...
It has come to my attention that since I added the HTTP(S) command
stagers, no one has used HTTPS. This is probably why.
The CmdStager options hash takes precedence over any datastore options.
2018-12-21 14:51:49 -06:00
5cff330a38
Land #11128 , Rex::Exploitation::CmdStagerFetch
2018-12-21 14:16:57 -06:00
3021a05553
Fix typo in report.rb
2018-12-21 17:51:46 +05:30
06de47ce68
Enhance the command auto-complete in aux.
2018-12-21 18:03:57 +08:00
f7eb3452be
Land #11083 , set user agent in Windows reverse_http(s) stagers
2018-12-19 11:38:12 -06:00
09f9b887b9
don't bother handholding the empty string
2018-12-19 10:52:51 -06:00
847e3232ab
Land #11102 , remove old metasm remnants
2018-12-18 08:53:53 -06:00
8d93812c0a
Add Rex::Exploitation::CmdStagerFetch
2018-12-15 03:30:00 +00:00
a2a38bb72f
ysoserial: Distracted halfway through a comment 🙃
2018-12-14 15:07:13 -06:00
74b4ba1c50
ysoserial: Change class name to camelcase to align with Ruby style guide
2018-12-14 14:44:58 -06:00
212454b1fb
ysoserial: Support larger payloads, Randomize fingerprintable string
2018-12-14 14:43:30 -06:00
fa74a1839a
Initial support for dynamic ysoserial Java serialization payloads
2018-12-14 12:51:08 -06:00
eec7a3dafc
Remove debug code
2018-12-14 13:33:16 -05:00
ad6b80bd08
Remove unused session_dto flag
2018-12-14 13:01:20 -05:00
a683cedcce
Enhance race condition workaround in report_host
2018-12-14 12:28:16 -05:00
c2af36f405
Use update_session rather than Mdm save method
...
The changes ensure that updates to an Mdm::Session are reflected on a
remote data service.
2018-12-14 12:22:49 -05:00
b6cdf7aa9d
Add update_session method
2018-12-14 12:04:55 -05:00
Nash van Gool
Brent Cook
William Vu
Spencer McIntyre
Jeffrey Martin
h00die
Matthew Kienow
James Barnett
Marian Gawron
Metasploit
Pedro Ribeiro
Adam Cammack
Brendan Coles
sinn3r
Jacob Robles
asoto-r7
Green-m
Erin Bleiweiss
Tim W
Garvit Dewan