William Vu
3c7b061e05
Use single quotes
...
But I like double quotes. :(
2015-03-10 14:03:13 -05:00
William Vu
72e7691300
Change print_status to print_error
...
And drop db_disconnect note to another line.
2015-03-10 13:31:35 -05:00
HD Moore
966848127a
Refactor x86 Windows reverse_http and reverse_https stagers
2015-03-10 12:48:30 -05:00
William Vu
e81f2e366c
Refactor db_{status,connect} a bit
...
Also allow for db_connect help.
2015-03-10 12:35:58 -05:00
nstarke
ee8318d5c4
Adding db_disconnect qualifying statement
2015-03-10 11:58:04 +00:00
Brent Cook
97f09b6ab0
Land #4894 : hmoore-r7 cache payload sizes on start
...
Avoid the hit of regenerating all of the static-size payloads when
loading the framework. This will facilitate conversion of payloads to
use metasm later.
2015-03-09 23:06:55 -05:00
nstarke
187a0445f3
Issue #4868 - Adding warning message to db_connect when already connected
2015-03-10 00:02:34 +00:00
HD Moore
78456fb2e0
Correct a typo (stringified symbol loses the :)
2015-03-09 15:42:23 -05:00
HD Moore
038591497f
YARD docs for the Msf::Util::PayloadCachedSize class
2015-03-09 15:39:19 -05:00
James Lee
838746b021
Add user_data_is_match? method
2015-03-09 15:35:53 -05:00
HD Moore
99e2b05597
Move the cache update logic into a utility class
2015-03-09 15:29:58 -05:00
HD Moore
8c635243d3
Fix whitespace in the regex, implements Msf::Payload.dynamic_size?
2015-03-09 13:15:06 -05:00
Brent Cook
603179176a
Land #4876 , @hmoore-r7 give encoders and payloads space available
2015-03-09 11:50:46 -05:00
Samuel Huckins
08df0bfaca
Land #4858 , RPC client true/truthy fix
...
* Misc ruby cleanup and fixing the issue that caused MSP-12235, rolling back the
full rollback of PR 4823
2015-03-09 11:35:57 -05:00
James Lee
b37a975108
Use metasploit_data_models staging branch
2015-03-09 01:28:27 -05:00
HD Moore
c3479ba747
Update msfvenom & PayloadGenerator to pass in available_space
2015-03-09 01:14:56 -05:00
James Lee
d771f54e35
Axe unused var
2015-03-09 00:21:10 -05:00
James Lee
6baff47e98
Refactor inference into its own method
2015-03-09 00:19:57 -05:00
sinn3r
a91a29d4e5
Add a comment explaining about the error key
2015-03-08 23:51:43 -05:00
HD Moore
d46635ff8b
Restore a comment lost in the code churn
2015-03-07 21:25:35 -06:00
HD Moore
853bf1b569
Accidental carry over from stale master
2015-03-07 20:48:22 -06:00
HD Moore
2e49791bef
This implements payload size caching, speeding up framework loads
2015-03-07 20:44:19 -06:00
William Vu
5316e0f0ce
Land #4887 , msfconsole -n store_loot fix
2015-03-07 17:14:21 -06:00
sinn3r
f3494d9019
Correct grammar in BES
2015-03-07 16:04:06 -06:00
James Lee
8adc4646f8
Add :user_data to Msf::Module
2015-03-06 14:23:06 -06:00
joev
ca3b2220b5
Check to ensure Mdm is loaded to fix store_loot.
2015-03-05 23:27:13 -06:00
Brent Cook
a13cd2bcb7
Land #4880 : @wchen-r7 check if module has session before comparison
2015-03-05 20:48:42 -06:00
jvazquez-r7
9f3f8bb727
Merging #3323 work
2015-03-05 15:44:15 -06:00
Samuel Huckins
7cb3e236fb
Adding back prepended colons
...
Don't seem to be needed but don't want to introduce that change.
2015-03-05 14:06:50 -06:00
Samuel Huckins
02d30b3d44
Changes workspace cmd ordering to updated_at asc
2015-03-05 14:05:24 -06:00
Samuel Huckins
84df403d11
Land #4852 , vuln note import/export addition
2015-03-05 13:54:22 -06:00
sinn3r
31191bef39
Fix #4865 , undef method 'ancestors' in lib/msf/core/payload_set.rb
...
Fix #4865
2015-03-05 12:49:51 -06:00
jvazquez-r7
5ede40a39d
Change the variable name
2015-03-05 12:21:33 -06:00
jvazquez-r7
e0a22a6794
Add support for folder
2015-03-05 12:19:33 -06:00
HD Moore
7a354f322c
Comment typo (missing i).
2015-03-04 20:11:41 -06:00
HD Moore
95f67dba7a
Tell payloads and encoders how much space they have to work with
2015-03-04 19:25:04 -06:00
HD Moore
1001061a96
Initialize @capture_count
2015-03-04 18:52:18 -06:00
jvazquez-r7
36375fab28
Fix downcase path handling
2015-03-04 12:58:41 -06:00
jvazquez-r7
4de1fdd020
Make SHARE prints verbose
2015-03-04 10:57:18 -06:00
jvazquez-r7
1c064f6b46
Land #3074 , @0x41414141 SMB Share mixin
2015-03-04 10:16:04 -06:00
jvazquez-r7
64fd818364
Land #4411 , @bcook-r7's support for direct, atomic registry key access in meterpreter
2015-03-04 10:01:33 -06:00
David Barksdale
fb74136723
Add MIPS arches to this stupid case statement
2015-03-03 15:25:08 -06:00
jvazquez-r7
a57aefb721
Add specs for QUERY information level
2015-03-03 15:24:13 -06:00
jvazquez-r7
c213ed3f5f
Add specs for FIND information level
2015-03-03 14:13:36 -06:00
jvazquez-r7
4237cd2c88
Add specs for QueryPathInformation
2015-03-03 13:19:06 -06:00
jvazquez-r7
63a3ab16fe
Add specs for SMB_COM_SESSION_SETUP_ANDX commands
2015-03-03 10:31:43 -06:00
jvazquez-r7
4fc08d7243
Add specs for Msf::Exploit::Remote::SMB::Server::Share::Command::ReadAndX
2015-03-02 17:32:03 -06:00
jvazquez-r7
b0bc69b832
Add @todo comment
2015-03-02 14:25:56 -06:00
jvazquez-r7
d57e220f00
Delete unnecessary case on smb_cmd_trans_query_path_info_basic
2015-03-02 14:19:20 -06:00
jvazquez-r7
2004aea7b7
Add helpers for path handling on TRANS2 requests
2015-03-02 14:15:25 -06:00
jvazquez-r7
8acde11aaf
Use file_contents instead of exe_contents
2015-03-02 12:56:48 -06:00
jvazquez-r7
34bd6a4365
Add documentation for the Share mixin
2015-03-02 12:42:32 -06:00
jvazquez-r7
9a8e17508f
Add documentation for QUERY information levels
2015-03-02 12:00:34 -06:00
jvazquez-r7
750022806b
Add documentation for FIND information levels
2015-03-02 11:46:20 -06:00
jvazquez-r7
0d8632dae9
Add documentation for TRANSACTION2 subcommands
2015-03-02 11:19:34 -06:00
jvazquez-r7
6a5dae4549
Add documentation for SMB_COM_TRANSACTION2 handling
2015-03-02 11:12:57 -06:00
jvazquez-r7
3923589286
Add documentation for SMB_COM_SESSION_SETUP_ANDX handling
2015-03-02 11:06:41 -06:00
jvazquez-r7
e8dd9c1971
Add documentation for SMB_COM_READ_ANDX
2015-03-02 10:59:07 -06:00
jvazquez-r7
1ad3f91c50
Add documentation for SMB_COM_NT_CREATE_ANDX handling
2015-03-02 10:52:30 -06:00
jvazquez-r7
19061121b3
Add documentation for SMB_COM_NEGOTIATE handling
2015-03-02 10:45:43 -06:00
jvazquez-r7
3e8bbb6c9e
Add documentation for SMB_COM_CLOSE handling
2015-03-02 10:36:13 -06:00
jvazquez-r7
227cf4500d
define constants for tree connect access rights
2015-02-28 18:38:45 -06:00
jvazquez-r7
eb3aedf4a7
Define constants for WordCount in responses
2015-02-28 18:15:14 -06:00
sinn3r
5f8c14c958
Fix check for TrueClass, plus other small changes
2015-02-28 14:11:15 -06:00
sinn3r
6f4259f2de
Revert #4859 , temporary solution for unbreaking client
...
This reverts commit 7ab86be72a
, reversing
changes made to 49ae173057
.
2015-02-28 14:07:26 -06:00
jvazquez-r7
eb7ac02d1a
Normalize handlers names
2015-02-28 12:14:58 -06:00
jvazquez-r7
1d602d38c9
Refactor SessionSetupAndx handler
2015-02-28 12:10:48 -06:00
William Vu
b27c9b9efc
Land #4838 , reverse_http{,s} listening service fix
2015-02-27 21:02:58 -06:00
sinn3r
ac81318e7a
Revert #4823 , changes for ruby style guide
...
This reverts commit 885469ca52
, reversing
changes made to fd73445d9b
.
Please see: #4823 for why.
2015-02-27 17:28:00 -06:00
jvazquez-r7
e5e13108ed
Refactor close handling
2015-02-26 23:50:10 -06:00
jvazquez-r7
5418cdad11
Refactor negotiate handling
2015-02-26 23:49:07 -06:00
jvazquez-r7
5ed1f8d44f
Make opts optional
2015-02-26 23:39:17 -06:00
jvazquez-r7
882f0bdc0e
Refactor read_andx request handling
2015-02-26 23:35:12 -06:00
jvazquez-r7
5b770f9f7a
Refactor nt_create_andx requests
2015-02-26 23:31:09 -06:00
jvazquez-r7
70033576fe
Refactor query information level
2015-02-26 23:22:57 -06:00
jvazquez-r7
d544da22b5
Always send answer
2015-02-26 16:47:05 -06:00
jvazquez-r7
45be95747f
Refactor Find Information Levels
2015-02-26 16:46:34 -06:00
jvazquez-r7
89a033c194
Delete unnecessary paddings due to miscalculations
2015-02-26 15:54:00 -06:00
David Maloney
095431c323
fix note search conditions
...
note search conditions needed to know about
vuln_id or else vuln notes would get overwritten
MSP-12183
2015-02-26 15:48:04 -06:00
rastating
3669fb678d
Fix parameter default value
2015-02-26 21:15:33 +00:00
William Vu
260c603ffb
Fix msfconsole -L
...
s/rb-readline/rb-readline-r7/
Should have been in #4816 (#4128 ).
2015-02-26 15:14:38 -06:00
jvazquez-r7
387c966550
Fix unnecessary paddings
2015-02-26 15:00:53 -06:00
David Maloney
a72d49678a
only match by CVE refs
...
the other refs can be non-specific and refer
to multiple distinct vulns, resulting in
incorrect refs being attached to a vuln leading to
a snowball effect with more and more vulns being
misidentified.
MSP-12183
2015-02-26 14:57:16 -06:00
jvazquez-r7
500e4707ab
Use smb_error
2015-02-26 14:35:52 -06:00
jvazquez-r7
c73ffea1b9
Do minor cleanup
2015-02-26 12:50:45 -06:00
David Maloney
8351920d1e
don't match based on URL refs
...
multiple vulns may be listed for
the same URL making matches based on
these refs entirely unreliable
MSP-12183
2015-02-26 11:40:15 -06:00
jvazquez-r7
b1e6de2eeb
Add todo
2015-02-26 11:39:17 -06:00
jvazquez-r7
26bfebf1bb
Add dummy wildcard handling
2015-02-26 11:39:05 -06:00
jvazquez-r7
d0ab9206b9
Do minor cleanup
2015-02-26 10:58:36 -06:00
jvazquez-r7
970f0c94b2
Create CREATE_ANDX constants
2015-02-26 10:44:07 -06:00
Matthew Hall
ab1bb0e50d
bugfixes to https://github.com/jvazquez-r7/metasploit-framework/tree/review_3074_clean_server
...
to provide consistent support for various exploits and OS SMB Commands.
Reintroduces smb_cmd_trans_query_path_info_network for use with the Struts2 JSP injection vulnerability.
Reintroduces smb_cmd_trans_query_file_info_basic for common use with rundll32.
Corrects some issues with filename formatting and pattern matching for file requests (can still be improved).
2015-02-26 16:10:34 +00:00
jvazquez-r7
993c75ec77
Update Offset counts with constants
2015-02-25 16:25:16 -06:00
jvazquez-r7
ee18cf592b
Calculate ParamCount and DataCount
2015-02-25 16:00:26 -06:00
jvazquez-r7
df50aa0f06
Use constants for DataCount and DataCountTotal
2015-02-25 14:11:38 -06:00
jvazquez-r7
f35e03b21b
Use constants
2015-02-25 13:44:56 -06:00
jvazquez-r7
f21959a8a2
Add constants for session setup actions
2015-02-25 13:31:57 -06:00
jvazquez-r7
e967cfbfb3
Create Access rights constants
2015-02-25 13:22:16 -06:00
jvazquez-r7
1caffbea2d
Add constants for Negotiation Capabilities
2015-02-25 12:50:33 -06:00
jvazquez-r7
50d50d5353
Define constants for SMB Flags
2015-02-25 12:28:25 -06:00
jvazquez-r7
e5d9bb0a47
Update from master
2015-02-25 11:37:13 -06:00
jvazquez-r7
ec9be4531b
Add SMB_CREATE_ANDX_RES_PKT template
2015-02-25 11:33:08 -06:00
jvazquez-r7
50f8731980
Parse SMB_CMD_CREATE requests
2015-02-25 11:09:14 -06:00
William Vu
0ad3473ebb
Implement case-insensitive datastore.delete
2015-02-24 20:47:00 -06:00
jvazquez-r7
d10385cfed
Add template for SMB_TREE_CONN_ANDX_RES_PKT
2015-02-24 19:27:25 -06:00
jvazquez-r7
1f1d95bb37
Delete one more extra comment
2015-02-24 18:27:39 -06:00
jvazquez-r7
aeb7f05158
Delete extra comment
2015-02-24 18:27:21 -06:00
jvazquez-r7
bb36899699
Do templates names consistent
2015-02-24 18:26:46 -06:00
jvazquez-r7
744e338ddc
Do cleanup
2015-02-24 18:15:55 -06:00
jvazquez-r7
ec53e27249
Do better handling of TRAN2_QUERY_FILE_INFORMATION requests
2015-02-24 17:20:41 -06:00
jvazquez-r7
d29e9fc20b
Parse TRAN2_FIND_FIRST2 commands
2015-02-24 17:02:49 -06:00
rastating
06cb30a20a
Remove duplicated code
2015-02-24 22:43:59 +00:00
jvazquez-r7
231a2f3110
Fix handlers
2015-02-24 16:03:13 -06:00
David Maloney
e4a58a2ec5
import notes attached to vulns
...
add the ability to import notes that
are attached to vulns instead of hosts
MSP-12183
2015-02-24 13:36:57 -06:00
David Maloney
389bcbd343
refactor note import into sep method
...
we will now be importing notes from multiple
place within the XML document. the importing
of notes has been refactored into a seperate
method to be easily reused in this fashion
MSP-12183
2015-02-24 12:18:32 -06:00
David Maloney
2389185376
export notes associated to a vuln
...
in addition to ntoes asscoiated directly
to a host, the XML export will now
export notes that are tied to a vuln
MSP-12183
2015-02-24 12:17:44 -06:00
Brent Cook
c5d36ec24d
remove unused handler methods
...
already defined in the base class
2015-02-24 11:23:08 -06:00
jvazquez-r7
ca7aabe9bc
handle SMB_QUERY_FILE_NETWORK_OPEN_INFO
2015-02-24 11:13:18 -06:00
Brent Cook
3bed2d5136
fix for properly stopping the reverse_http/https handler
...
The issue seems to be at the root of #4669 is that reverse_http
registers an HTTP service but never releases its reference to it. If
we stop it directly, there may be a session already connected to it that
we kill, so we can't do that. Instead, track if we got a connection or
not, and conditionally release our reference based on whether the
connection succeeded.
This should fix #4669
2015-02-24 11:06:50 -06:00
William Vu
5f0aeda0be
Land #4835 , new hex format for msfvenom
2015-02-24 10:56:47 -06:00
jvazquez-r7
31d1ba7100
Simplify debug to inspect smb_cmd_trans_query_file_info_network
2015-02-24 10:54:45 -06:00
Christian Mehlmauer
1d2fc989bd
remove newline
2015-02-24 17:35:53 +01:00
William Vu
c3c9b233dd
Land #4834 , a few more duplicate hash key fixes
2015-02-24 10:32:55 -06:00
Christian Mehlmauer
906c4a9024
use + instead of <<
2015-02-24 17:18:41 +01:00
sinn3r
12a99ecee5
Land #4796 , Handle incompatible payload architecture in BES
2015-02-24 10:02:25 -06:00
Christian Mehlmauer
5880702552
added new hex format
2015-02-24 16:05:02 +01:00
William Vu
7b32b8b58c
Land #4810 , support for job renaming in msfconsole
2015-02-24 08:51:06 -06:00
Brent Cook
ab4a416958
comment out duplicate keys that can only be used for reference
...
ruby is ignoring all but the second instances, and 2.2 still throws a
warning
2015-02-24 08:50:02 -06:00
William Vu
285c138f80
Add tab completion for rename_job
2015-02-24 04:25:36 -06:00
William Vu
500b6229be
Clean up whitespace
2015-02-24 04:13:59 -06:00
sinn3r
e9b6a023de
Fix a typo
2015-02-23 21:45:02 -06:00
jvazquez-r7
d0d124eb19
Mimic original handling
2015-02-23 20:42:49 -06:00
jvazquez-r7
32046f9c47
smb_cmd_trans_query_path_info_standard
2015-02-23 19:57:16 -06:00
jvazquez-r7
ea483f14a1
Try to fix logic for query information levels
2015-02-23 17:17:33 -06:00
jvazquez-r7
3fca26a5de
Add support for SMB_COM_TRANSACTION2 data blocks and params
2015-02-23 16:37:39 -06:00
jvazquez-r7
623d319ca7
Fix offsets
2015-02-23 14:43:06 -06:00
jvazquez-r7
2653ff9d58
Try to simplify request query and find request handling
2015-02-23 14:06:23 -06:00
jvazquez-r7
36711e801c
Fix comment
2015-02-23 13:09:23 -06:00
jvazquez-r7
99483f88f1
Fix, hopefully, dispatching
2015-02-23 13:08:45 -06:00
jvazquez-r7
87176b9b37
Redo TRANS2_QUERY_PATH_INFORMATION dispatching
2015-02-23 12:52:50 -06:00
jvazquez-r7
a06d07d6da
Clean smb_cmd_trans2_query_file_information dispatching
2015-02-23 12:03:08 -06:00
sinn3r
c39d6e152e
Land #4819 , Normalize HTTP LoginScanner modules
2015-02-23 11:43:42 -06:00
jvazquez-r7
abe5ea42cb
Clean smb_cmd_trans
2015-02-23 11:34:19 -06:00
jvazquez-r7
3d7381b62a
Handle TRANS2 commands
2015-02-23 11:33:49 -06:00
jvazquez-r7
fe00cadd18
Delete require
2015-02-23 11:15:55 -06:00
jvazquez-r7
1dba961698
delete SubCommand namespace
2015-02-23 11:15:14 -06:00
jvazquez-r7
7d9f661d78
Fix includes
2015-02-23 11:14:45 -06:00
jvazquez-r7
439507d359
Move trans2 files
2015-02-23 11:13:08 -06:00
HD Moore
bdd5276524
This fixes a number of issues with the Capture mixin
...
* The use of www.metasploit.com in a datastore option results in a DNS lookup (infoleak). Switch to 8.8.8.8 (TTL=1)
* The hackey code around #each_packet is no longer necessary in newer Ruby versions
* The arp()/probe_gateway() calls to inject_reply() had broken logic leading to early exit and missed replies
* The arp() function now tries up to three times to get a reply (helpful with lossy L2)
* GC.start is extraneous and should be removed
* Increased timeouts
2015-02-22 21:53:47 -06:00
HD Moore
615d71de6e
Remove extraneous calls to GC.start()
2015-02-22 21:51:33 -06:00
Joshua Smith
251c284458
modernizes some of the rpc code
2015-02-22 15:37:55 -06:00
rastating
37a55cce74
Abstracted version comparison code
2015-02-22 16:20:46 +00:00
rastating
3d38d46729
Add extra version checking methods
...
Added the ability to check style.css for theme versions as version
tagging in style.css is a requirement of WordPress theme development.
Also updated existing readme checking to allow for a nil fixed_version
parameter in scenarios where all versions are vulnerable in an EOL
product.
2015-02-22 16:20:46 +00:00
HD Moore
888c718f40
Fix two typos
2015-02-22 02:45:50 -06:00
HD Moore
8e8a366889
Pass Http::Client parameters into LoginScanner::Http (see #4803 )
2015-02-22 02:26:15 -06:00
Christian Mehlmauer
c820431879
Land #4770 , Wordpress Ultimate CSV Importer user extract module
2015-02-22 08:52:45 +01:00
William Vu
2b9ab901cb
Land #4811 , creds -d documentation
2015-02-21 20:59:52 -06:00
William Vu
b39e2bea8e
Land #4806 , EXE::Custom case-sensitivity fix
2015-02-21 20:49:53 -06:00
William Vu
f900d9cf26
Handle whitespace as per blank?
...
!~ /\S/ as per the original implementation of blank? also works.
2015-02-21 20:36:16 -06:00
rastating
708340ec5a
Tidy up various bits of code
2015-02-21 12:53:33 +00:00
jvazquez-r7
80aef690a0
Do first commands refactoring
2015-02-21 01:48:47 -06:00
jvazquez-r7
52b41ab4f8
Do first Share refactoring
2015-02-21 01:00:46 -06:00
sinn3r
b8cb93d712
Fix #3790 , document the creds -d feature
...
Fix #3790
2015-02-20 21:38:26 -06:00
sinn3r
b5f8ae85cf
Fix #3827 , Add support to rename a job
...
Fix #3827
2015-02-20 21:13:45 -06:00
rastating
7e1e0f8196
Add plugin upload functionality
2015-02-21 01:20:20 +00:00
jvazquez-r7
df903120e3
Reorganize trans2_find_first2 requests
2015-02-20 18:28:49 -06:00
jvazquez-r7
52a0e6dd1c
Mark a couple of handlers for later review
2015-02-20 16:28:04 -06:00
Meatballs
dc4898765f
Fix EXE::Custom
2015-02-20 16:59:18 +00:00
jvazquez-r7
a91d19e0e7
Add template for SMB_QUERY_FILE_STANDARD_INFO
2015-02-20 10:58:15 -06:00
jvazquez-r7
21978a1bfe
Add template for SMB_QUERY_FILE_BASIC_INFO
2015-02-20 10:40:45 -06:00
jvazquez-r7
cf63e09188
Add templates for SMB_FIND_FILE_FULL_DIRECTORY_INFO_HDR and SMB_FIND_FILE_NAMES_INFO_HDR
2015-02-20 09:17:51 -06:00
jvazquez-r7
f2405a5dc0
Create SMB_FIND_FILE_BOTH_DIRECTORY_INFO_HDR_LENGTH constant
2015-02-20 00:35:26 -06:00
jvazquez-r7
571dffa317
Create template for SMB_FIND_FILE_BOTH_DIRECTORY_INFO
2015-02-20 00:22:33 -06:00
jvazquez-r7
94ad64546c
Create TRANS2_PARAMETERS template
2015-02-19 23:16:52 -06:00
jvazquez-r7
b24b94ddd3
Do first cleanup of find_first2 handlers
2015-02-19 19:08:56 -06:00
jvazquez-r7
74c43f5527
Delete more unused local variables
2015-02-19 14:39:55 -06:00
jvazquez-r7
1d5a977280
Delete a lot of verbose prints
2015-02-19 14:37:16 -06:00
jvazquez-r7
0940ceae75
Delete unused local variables
2015-02-19 14:26:46 -06:00
jvazquez-r7
c38c3519d8
Delete more unused code
2015-02-19 14:24:18 -06:00
jvazquez-r7
7487f9611b
Do some extra prints
2015-02-19 14:11:27 -06:00
jvazquez-r7
d9b9de8e89
Delete unused code
2015-02-19 13:16:24 -06:00
jvazquez-r7
5510000bf1
Use constant for FLAGS2
2015-02-19 13:02:50 -06:00
jvazquez-r7
392137292e
Old delete register prototype comment
2015-02-19 13:00:12 -06:00
jvazquez-r7
39ceb5b90f
Update smb_error on Exploit::Remote::SMB::Server
2015-02-19 12:10:28 -06:00
Brent Cook
4781ac4b39
the http service needs to keep running to handle meterpreter loading
...
revert a8f44ca68f
2015-02-19 09:38:48 -06:00
jvazquez-r7
b85324435e
Don't waste instance variables
2015-02-18 16:42:52 -06:00
jvazquez-r7
91d9d93fec
Handle instance variables correctly
2015-02-18 16:35:20 -06:00
jvazquez-r7
438b38dfe4
Use Rex::Text
2015-02-18 16:20:47 -06:00
jvazquez-r7
a815858644
Fix setup
2015-02-18 16:19:05 -06:00
jvazquez-r7
06dfa6b5be
Fix initialize
2015-02-18 13:56:06 -06:00
jvazquez-r7
62c08094fd
Delete the old FileServer mixin
2015-02-18 13:54:24 -06:00
jvazquez-r7
9068397fff
Delete code commented by myself
2015-02-18 13:47:05 -06:00
jvazquez-r7
a446df95b2
Make Msf::Exploit::Remote::SMB::Server::Share a mixin
2015-02-18 13:45:48 -06:00
jvazquez-r7
415c671416
Move Rex code, we'll redesign as mixin
2015-02-18 13:44:02 -06:00
jvazquez-r7
ff4aa1f9da
Require FileServer mixin
2015-02-18 11:43:13 -06:00
jvazquez-r7
f960a77754
Solve merging conflicts
2015-02-18 11:36:47 -06:00
Matt Buck
a9931cd410
Land #4725 , convert Rails 3 AR calls in RPC_Db
...
Converts Rails 3 style ActiveRecord calls in RPC_Db to their Rails 4
counterparts.
Fixes #4725 , also see MSP-12017
2015-02-18 09:59:40 -06:00
William Vu
bda96f46e6
Land #4780 , stop HTTP service with HTTP handler
2015-02-18 03:34:03 -06:00
sinn3r
8ce1db5081
Fix #4783 , raise exception if the payload arch is incompatible
...
Fix #4783
2015-02-17 21:47:17 -06:00
rastating
e0d87a8886
Update to use store_loot for CSV export
2015-02-17 19:21:31 +00:00
Brent Cook
bed40a83ee
fix #4337 : gracefully handle resolve_sid failure when enumerating user profiles
...
Rather than throwing a backtrace with an unresolvable SID, try to get as
much profile data as possible if resolve_sid fails.
```
[*] Determining session platform and type...
[-] Unexpected windows error 1332
[*] Checking for Firefox directory in:
C:\Users\Administrator\AppData\Roaming\Mozilla\
[-] Firefox not found
[*] Post module execution completed
```
2015-02-17 13:03:12 -06:00
Brent Cook
a8f44ca68f
stop the http service when the reverse http handler stops
2015-02-17 12:38:20 -06:00
Matthew Hall
547d4d1950
Merge with master
2015-02-17 17:23:19 +00:00
Matthew Hall
9e2a483977
Add example usage to Msf::Exploit::Remote::SMBFileServer documentation
2015-02-17 17:23:18 +00:00
Matthew Hall
cec817902f
Add yardoc documentation for Msf::Exploit::Remote::SMBFileServer
2015-02-17 17:23:18 +00:00
Matthew Hall
5cf8833697
Tidy lib/msf/core/exploit/smb.rb following feedback from jlee-r7.
...
* Doc comments wrap at 78 chars to follow yardoc convention
* Remove unused :server and SERVER vals
* Use Utils class directly
* Stop server within an ensure
* Change SRVHOST to an OptAddress
2015-02-17 17:23:18 +00:00
Matthew Hall
8beed5652d
Implement SMBFileServer mixin.
...
In order to accomplish remote file injection (e.g. DLL) this module
emulates an SMB service process to allow clients to load a file from a
network share.
This commit implements the SMBFileServer exploit module utilising the
::Rex::Proto::SMB::Server module to export the "start_smb_server"
function.
Utilising the module (example):
include Msf::Exploit::Remote::SMBFileServer
exe = generate_payload_dll
@exe_file = rand_text_alpha(7) + ".dll"
@share = rand_text_alpha(5)
my_host = (datastore['SRVHOST'] == '0.0.0.0') ?
Rex::Socket.source_address : datastore['SRVHOST']
@unc = "\\#{my_host}\#{@share}\#{@exe_file}"
start_smb_server(@unc, exe, @exe_file)
// Inject DLL
handle
A separate commit will provide a sample implementation of utilising this
module within a generic webserver DLL injection exploit:
./exploits/windows/http/generic_http_dllinject.rb
2015-02-17 17:23:18 +00:00
sinn3r
6eaa3c264c
Land #4763 , LSBackgroundOnly for safari_user_assisted_download_launch
2015-02-17 10:41:59 -06:00
Brent Cook
e08206d192
Land #4768 , jvazquez-r7 reorganizes the SMB mixins
2015-02-17 10:36:19 -06:00
sinn3r
0597d2defb
Land #4560 , Massive Java RMI update
2015-02-17 10:07:07 -06:00
Brent Cook
b4cf2f5d8c
use correct response filter TLV_TYPE_VALUE_NAME
2015-02-17 08:46:25 -06:00
Brent Cook
503f58375b
add direct registry access methods
...
Rather than operating on a passed-in HKEY, these open and close the registry
key directly for each operation.
This pattern better reflects the actual API usage within msf, and removes extra
round-trips to open and close the registry key, reducing traffic and increasing
performance. I did not add direct versions of every registry operation.
There was no benefit for more rarely-used operations, other than requiring more
churn in the meterpreters.
The primary beneficiary of this is post exploitation modules that do registry
or service enumeration. See #3693 for test cases.
2015-02-17 06:11:20 -06:00
rastating
a22f5c1287
Add extra readme check for case sensitive servers
2015-02-14 23:43:04 +00:00
jvazquez-r7
2c842ee6d7
Fix namespaces on Server
2015-02-13 17:34:55 -06:00
jvazquez-r7
9b7bbc220b
Fix namespaces on Client
2015-02-13 17:33:41 -06:00
jvazquez-r7
46c6ac9ca1
Redefine namespaces and requires
2015-02-13 17:09:06 -06:00
jvazquez-r7
df1daff673
Move clients
2015-02-13 17:07:03 -06:00
jvazquez-r7
067aadf3a4
Fix namespaces
2015-02-13 17:05:46 -06:00
jvazquez-r7
f1ab7ed343
Mode smb.rb
2015-02-13 17:04:55 -06:00
jvazquez-r7
7367402bf1
Add requires
2015-02-13 17:03:48 -06:00
jvazquez-r7
ccabf30531
Move smb_server.rb
2015-02-13 16:58:19 -06:00
Samuel Huckins
ce688f4247
Land #4765 , Rails4 compatible finder conversion
...
* find_or_initialize_by_DYNAMIC
2015-02-13 15:56:09 -06:00
Christian Catalan
dc6a365a13
Fix finder query in Msf::DBManager::Vuln
...
MSP-12152
* This is part of updating finder queries to be Rails 4 compatibile
* In #find_vuln_by_details, pass in conditons hash crit rather than symbol :crit
2015-02-13 13:21:25 -06:00
Sonny Gonzalez
dc1eab377c
Rails 4 finder conversion: convert find_or_initialize_by_x_and_y
...
MSP-12153
* convert to where(conditions).first_or_initialize
2015-02-13 12:39:44 -06:00
joev
49c9c02b53
Hide the dropped osx app.
2015-02-12 23:08:46 -06:00
William Vu
39c0065560
Land #4758 , SMTPDeliver DATA header fix
2015-02-12 15:07:31 -06:00
Matt Buck
f0bf881cc3
Land #4720 , update Rails 3-style .find(:first)
...
Eliminate the Rails 3-style .find(:first) calls, and replace with
Rails 4-compatible .first().
Fixes #4720 , also see MSP-12012
2015-02-12 14:30:13 -06:00
David Maloney
72878e0c14
fixes bug with smtp header order
...
SMTP servers that support pipelining will not accept any
commands other than MAILFROM and RCPTTO before the DATA
command. We were sending Date and Subject before Data
which would cause some mailservers to suddenly drop
the connection refusing to send the mail.
MSP-12133
2015-02-12 14:13:39 -06:00
Sonny Gonzalez
7c57b9fb57
Fix Master - Pro build
...
MSP-12138
* revert to previous Rails 3 syntax.
2015-02-11 12:02:34 -06:00
jvazquez-r7
29c68ef1ec
End fixing namespaces
2015-02-10 11:55:14 -06:00
jvazquez-r7
6e635211b3
Modify include
2015-02-10 10:59:56 -06:00
jvazquez-r7
dba67bd1ee
Do more code reorganization
2015-02-10 10:58:57 -06:00
jvazquez-r7
aa9e686965
Reorganize Java related mixin code
2015-02-10 10:52:44 -06:00
jvazquez-r7
1f4fdb5d18
Update from master
2015-02-10 10:47:17 -06:00
Tod Beardsley
0a42ac947a
Land #4737 , fix Socket Context usages
2015-02-09 17:34:03 -06:00
Matt Buck
9a445e2027
Land #4707 , updates to finder syntax
...
Updates some Rails 3 style ActiveRecord calls to use the Rails 4 Arel
syntax, in preparation for our move to Rails 4.
Fixes #4707 , also see MSP-12018
2015-02-09 16:01:38 -06:00
Spencer McIntyre
2a3855c5af
Skip the psh prepend sleep time error when it is 0
2015-02-09 14:20:04 -05:00
HD Moore
985641dbc4
Add missing Context, fixes #4723
2015-02-07 11:27:57 -06:00
Matt Buck
531743eff1
Land #4697 , updates to finder syntax
...
Updates some Rails 3 style ActiveRecord calls to use the Rails 4 Arel
syntax, in preparation for our move to Rails 4.
Fixes #4697 , also see MSP-12016
2015-02-06 15:41:11 -06:00
Sonny Gonzalez
0fc4e09466
Rails 4 finder conversions
...
MSP-12017
* covert all(options), mapping options hashes to the
appropirate Rails 4 methods
2015-02-06 13:51:48 -06:00
Sonny Gonzalez
1051f0fb82
Rails 4 finder conversion
...
MSP-12012
* convert find(:first, options) by mapping options
to methods
2015-02-06 10:15:50 -06:00
Sonny Gonzalez
9a53859a77
Rails 4 finder conversion
...
MSP-12012
* covert find(:first) to first
2015-02-06 10:13:14 -06:00
Spencer McIntyre
4e0a62cb3a
Land #4664 , MS14-070 Server 2003 tcpip.sys priv esc
2015-02-05 18:49:15 -05:00
Spencer McIntyre
5a39ba32f6
Make the ret instruction for token stealing optional
2015-02-05 14:00:38 -05:00
sinn3r
434bca0b27
Land #4613 , auxiliary/server/capture/smb credential creation
2015-02-04 22:45:36 -06:00
sinn3r
df22ed2132
Land #4702 , Fix bug in Firefox XPCOM payload on Linux
2015-02-03 21:36:01 -06:00
jvazquez-r7
c0e1440572
Land #4685 , @FireFart's module for Wordpress Platform Theme RCE
2015-02-03 17:35:59 -06:00
Christian Catalan
3deac54d3f
Convert find_or_initialize_by_X to Rails 4 compatible.
...
MSP-12018
2015-02-03 16:09:49 -06:00
joev
ee1af83cc8
Go ahead and trim whitespace on all commands coming in.
2015-02-02 16:56:22 -06:00
Christian Catalan
797b5d0d55
Convert #find_or_create_by_x to #where().first_or_create
...
MSP-12016
2015-02-02 12:22:26 -06:00
Trevor Rosen
dda87667c9
Land #4688 , fix for pcap magic number on 2.x
2015-02-02 11:00:13 -06:00
William Vu
7f0af0211d
Land #4682 , exploit/http/server.rb breakup
2015-02-01 01:44:43 -06:00
Christian Catalan
7d1090baca
Convert #find(:all) to #where or #all
2015-02-01 00:31:58 -06:00
Brandon Turner
ad374c2e4f
Use ASCII-8BIT for comparing pcap magic number
...
In Ruby 2, source files are read as UTF-8 by default. When comparing
PCAP headers, we should use ASCII-8BIT or else the comparison will not
work. This should be backwards compatible with Ruby 1.9.
MSP-12092
2015-01-31 23:57:49 -06:00
Christian Catalan
8740fd9015
Convert #find_all_by_X to #where
2015-01-31 21:07:50 -06:00
Christian Mehlmauer
2c956c0a0f
add wordpress platform theme rce
2015-01-31 22:02:44 +01:00
Brent Cook
cf891efc14
Land #4674 , @wvu-r7 teaches msfconsole to read stdin as -
2015-01-30 18:25:09 -06:00
William Vu
fdf88b9563
Land #4639 , incorrect use of #class fixes
...
case uses === internally. :)
2015-01-30 16:57:59 -06:00
Brent Cook
253d8e60dd
Land #4388 , Meatballs1's golden ticket post module
2015-01-30 16:26:04 -06:00
James Lee
1fbed1dcfc
Autoload instead of require
2015-01-30 15:42:16 -06:00
James Lee
062529ce3b
Move HttpServer::HTML into its own file
2015-01-30 15:24:15 -06:00
James Lee
3572ce9a37
Break PHPInclude into its own file
2015-01-30 15:16:54 -06:00
William Vu
3954c0e3aa
Land #4654 , test module fixes
2015-01-30 15:00:54 -06:00
jvazquez-r7
03169f231b
Handle one redirection on wordpress_and_online?
2015-01-30 10:26:23 -06:00
jvazquez-r7
c098de27ee
Do safer body check
2015-01-30 10:22:43 -06:00
jvazquez-r7
bc65d2f526
Make filename compatible with namespace
2015-01-30 10:22:07 -06:00
Christian Mehlmauer
7504358db3
code style and typos
2015-01-30 15:57:32 +01:00
Christian Mehlmauer
a0eaf2f626
add wordpress ghost scanner module
2015-01-30 15:29:51 +01:00
Meatballs
39004d265b
Increase default buffer sizes to reduce railgun calls
2015-01-30 11:20:03 +00:00
Meatballs
6b97618fb2
Improve resolve_sid API calls
2015-01-30 11:20:03 +00:00
Meatballs
044e3bd608
Golden Ticketz Post module
2015-01-30 11:20:02 +00:00
William Vu
8f54e4d611
Implement "-" for msfconsole -r from stdin
...
More predictable than /dev/stdin, which is usually a symlink to
/proc/self/fd/0 or /dev/fd/0, but the feature is not guaranteed to be
present.
This isn't *terribly* useful, but it can be. -x is recommended, but it
doesn't allow for ERB directives. This is mostly for hax.
2015-01-29 19:26:56 -06:00
William Vu
6ecb36df52
Land #4653 , get/set/unset description improvement
2015-01-29 13:28:06 -06:00
sinn3r
cc7be4a9c1
Land #4643 - Fix blank username bug in creds -u
...
Fix #4634
2015-01-28 15:31:54 -06:00
sinn3r
f0742a38e2
The get command too
2015-01-28 12:59:51 -06:00
sinn3r
457598eb02
print_error about unknown request.uri
2015-01-27 20:21:18 -06:00
sinn3r
acf02647fb
Add a check for Custom404
2015-01-27 20:18:10 -06:00
sinn3r
66703bfe5a
Allow custom 404 as an option for BrowserExploitServer
...
When something fails, the target is given a hardcoded 404 message
generated by the framework. But the user (attacker) now can configure
this. When the Custom404 option is set, the mixin will actually
redirect (302) to that URL.
There are several scenarios that can trigger a 404 by BES (custom or
default):
* When the browser doesn't allow javascript
* When the browser directly visits the exploit URL, which is forbidden.
If this actually happens, it probably means the attacker gave the
wrong URL.
* The attacker doesn't allow the browser auto-recovery to retry the
URL.
* If some browser requirements aren't met.
* The browser attempts to go to access a resource not set up by the
mixin.
2015-01-27 18:53:02 -06:00
Meatballs
c2d15f2b31
Add yarddoc note about handles
2015-01-27 21:05:00 +00:00
Meatballs
c7534446aa
Add yarddocs to runas mixin
2015-01-27 20:35:55 +00:00
James Lee
895284cd12
Fix logic around empty usernames or passwords
...
See #4634 and #4642
2015-01-27 14:16:26 -06:00
sinn3r
d29a74cd8f
Fix #4641 - Explain the set/unset command a little bit better
...
Sometimes we forget the set command is context specific. For example,
if run from a module's context, it will set the value in the module's
datastore.
Fix #4641
2015-01-27 13:35:05 -06:00
Brent Cook
f2edf21b9d
fix MSF::Post::File::rename_file with meterpreter
...
Modify rename_file to fit the pattern of the other file methods.
Otherwise, calling this yields a backtrace in the logs and it fails.
Steps to verify:
rc script:
```
loadpath test/modules
use exploit/multi/handler
set lhost 172.28.128.1
set lport 8081
set payload windows/meterpreter/reverse_http
run -j
sleep 5
resource test/scripts/test-sessions.rc
Before:
```
[-] FAILED: should move files
[-] Exception: TypeError : true is not a symbol
log file:
[01/27/2015 13:17:23] [d(0)] core: Call stack:
/home/bcook/projects/metasploit-framework/lib/msf/core/post/file.rb:357:in
`rename_file'
/home/bcook/projects/metasploit-framework/test/modules/post/test/file.rb:115:in
`block in test_file'
/home/bcook/projects/metasploit-framework/test/lib/module_test.rb:26:in
`call'
/home/bcook/projects/metasploit-framework/test/lib/module_test.rb:26:in
`it'
...
```
After, passing sessions instead:
```
post/test/file
SESSION => 1
Setup: changing working directory to %TEMP%
[*] Running against session 1
[*] Session type is meterpreter and platform is x86/win32
[+] should test for file existence
[+] should test for directory existence
[+] should create text files
[+] should read the text we just wrote
[+] should append text files
[+] should delete text files
[+] should move files
[+] should write binary data
[+] should read the binary data we just wrote
[+] should delete binary files
[+] should append binary data
[*] Passed: 11; Failed: 0
```
2015-01-27 13:19:33 -06:00
Meatballs
02da5b5c1b
Remove unnecessary get_env call
2015-01-27 17:27:56 +00:00
Meatballs
b367b01998
Remove unneccessary logonuser
2015-01-27 17:07:49 +00:00
Meatballs
215a590940
Refactor and fixes for post module
2015-01-27 16:14:59 +00:00
James Lee
a2c7ebc2b1
Simplify logic
2015-01-27 09:05:11 -06:00
James Lee
eac7b11a87
Merge remote-tracking branch 'upstream/master' into bug/4634/blank-username
...
Conflicts:
lib/msf/ui/console/command_dispatcher/db.rb
spec/lib/msf/ui/console/command_dispatcher/db_spec.rb
2015-01-27 08:40:07 -06:00
Meatballs
12542eb938
Working
2015-01-27 14:10:35 +00:00
Meatballs
ea25869312
Refactor to common module
2015-01-27 10:47:02 +00:00
sinn3r
ee922d141c
Fix #4646 - get_module_resource should check nil before using get_resource
...
Fix #4646 . The get_module_resource needs to check nil first before
using the get_resource method (from HttpServer)
2015-01-27 00:21:43 -06:00
James Lee
f2e0bd364a
Always include Service and Host
...
See #4643
2015-01-26 20:22:11 -06:00
James Lee
8dd56bb759
Do all the filtering in SQL instead of Ruby
...
This also has the advantage of reducing the number of queries from at
least 3 for every Core we find to more like a total of 3.
2015-01-26 20:21:55 -06:00
Tod Beardsley
2294ea0e93
Squash commit for blank creds search and test
...
This should fix up #4642 with respect to #4504 .
Squashed commit of the following:
commit 124d53ccb00cd200bede092e893dda7e033d3e17
Merge: cb2bef8
ccad159
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Mon Jan 26 16:23:03 2015 -0600
Merge branch 'feature/creds-blank-finders' into temp
commit ccad159222eaa949d76e22b588d1ac7709fb2f27
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Mon Jan 26 15:58:02 2015 -0600
Clean out whitespace, make vars more meaningful
commit 266b45dff26e2778e43d8e4750d212b5aee5a009
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Mon Jan 26 15:54:32 2015 -0600
Add some specs for regular users and blank users
commit 2e51503f76e9a2f6921c57e86a2f98527f80c874
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Mon Jan 26 15:04:03 2015 -0600
Users should be able to find blank user/pass
2015-01-26 16:26:30 -06:00
Jon Hart
cb2bef878b
Land #4504 , @disenchant's get/getg improvement
2015-01-26 12:49:34 -08:00
Christian Mehlmauer
bb07ec8666
fix incorrect usage of .class
2015-01-26 15:46:58 +01:00
sinn3r
c62beacd31
Revert #4473 - Log backtraces by default
2015-01-24 02:44:29 -06:00
Brent Cook
52ca6b54b1
remove entire 'default' attribute acccessor override method
...
This reverts us to the state before
725a17c70b
, making OptRegexp simply
inherit from OptBase again.
2015-01-23 14:18:05 -06:00
sinn3r
f3a2d6663f
Fix #4616 and Fix #3798 - Correctly use OptRegexp
...
This patch fixes a problem with OptRegexp. The OptRegexp class is
always forcing the value to be converted to a string first, which
causes the EXCLUDE option in browser_autopwn to kick in and match
every found autopwn module, so it ignores all of them and you load
nothing (#4616 ).
It is important to understand that nil actually represents an option
not being set, which is a completely different behavior than having
an empty value (technically "" is still a value, and if there's a
value, it means the option is set). We need to watcher for these
scenarios.
I am restoring the #default method to avoid forcing a to_s, which should
fix the browser autopwn loading problem. And then I changed scraper.rb's
default value for datastore option PATTERN to a string, because still
fixes #3798 . The way I see it, #3798 is actually a module-specific issue.
Fix #4616
Fix #3798
2015-01-23 02:38:26 -06:00
jvazquez-r7
c507e73a02
Comment to clarify serialVersionUID fields
2015-01-22 18:40:52 -06:00
jvazquez-r7
e377ed3f83
Document the 'null' UnicastRef ObjId on the discovery package
2015-01-22 18:39:12 -06:00